The Dark Side of Digital

 Four years ago, I wrote reflecting on my 50 years in IT, and the pursuit of value from the use of IT. I described the changes that had occurred over that time since I started my working life as a computer operator on an IBM 1401, which had a (not really published as such) processing speed close to 10 million times slower than today’s (2013) microprocessors, 8k of storage (later upgraded, with an additional unit, to 16k), no solid state/hard drive, displays or communication capability, and no operating system (that was me!). Weighing in at around 4 tons, it needed a fully air conditioned room, with a raised floor, approximately twice the size of my living room.

I described how my world in 2013 compared with that time. I had powerful technology in my small home office, wirelessly connected within my house, and to the world beyond through the internet. I had access to an ever-growing body of knowledge that could answer almost any question I had, and which enabled me to manage my banking, pay bills, check medical lab test results, organize travel, shop, read books, listen to music, watch videos, play games, organize, edit and enhance photographs and videos, and a myriad of other tasks.

I went on to describe how, beyond my individual world, at the enterprise level, the technology model is changing from computing – the technology in and of itself, to consumption – how individuals and organizations use technology in ways that can create value for them and, in the case of organizations, their stakeholders. I discussed the extent to which technology, and how it was being used, was continuing to change, at an ever-increasing rate, including:

  • increasing adoption of the Cloud;
  • Software (and just about anything else) as a Service; the explosion of “Big Data”, and, along with it, analytics and data visualization;
  • mobility, consumerization and BYOD which fundamentally changes how, where and when we interact with technology and access information;
  • the ”internet of things” (IOT) bringing with it unprecedented challenges in security, data privacy, safety, governance and trust; and
  • robotics and algorithmic computing which have considerable potential to change the nature of work.

I closed by talking about what hadn’t changed, and what needed to change. Putting my value lens on, I lamented that, then, 15 years since The Information Paradox, in which I described the challenge of getting value from so called “IT projects”, was first published, the track record remained dismal, and realizing the value promised by IT remained elusive. I attributed this situation to several factors, the primary ones being:

  • a continued, often blind focus on the technology itself, rather than the change – increasingly significant and complex change – that technology both shapes and enables;
  • the unwillingness of business leaders to get engaged in, and take ownership of this change – electing to abdicate their accountability to the IT function; and
  • failure to inclusively and continually involve the stakeholders affected by the change, without whose understanding and “buy in” failure is pretty much a foregone

 

What a difference four years makes

OK – that’s (probably more than) enough of a recap – I’m now going to fast forward some 4 years (a lifetime in the digital world) to today, 2017. While the challenge of creating and sustaining value from our use of technology described above is still real, our failure to address it, along with an almost total failure of leadership – technical, business and government leadership, have brought us into an increasingly dark place – one that I think few of us saw coming, certainly not unfolding as it is. I call this place “the Dark Side of Digital”. I alluded to it in 2013 in discussing IOT, robotics and algorithmic computing, when I said that they brought with them “unprecedented challenges in security, data privacy, safety, governance and trust…(and) have considerable potential to change the nature of work” – I would now revise and add to the latter saying “…have considerable potential to fundamentally impact the future of work and, indeed, the future of society”.

The elements of this dark side fall into three main categories:

  1. Cybersecurity: This is the most traditional category – one that, albeit not so- named, has been with us since the advent of computers, when cards, tapes or
    other media could be lost/stolen. However, as our connectedness continues to increase, so does our susceptibility to cybersecurity attacks, with a growing number of such threats arising out of machine-to-machine learning and the Internet of Things. There are nearly 7 billion connected devices being used this year, but this is expected to jump to a whopping 20 billion over the next four years. Most cybercriminals are now operating with increasing levels of skill and professionalism. As a result, the adverse effects of cyber-breaches, -hacks, or –attacks, including the use of ransomware and phishing continue to escalate resulting in increased physical loss and theft of media, eroding competitive advantage and shareholder value, and severely damaging reputations. More severe attacks have the capacity to disrupt regular business operations and governmental functions severely. Such incidents may result in the temporary outage of critical services and the compromise of sensitive data. In the case of nation-state supported actors, their attacks have the potential to cause complete paralysis and/or destruction of critical systems and infrastructure. Such attacks have the capacity to result in significant destruction of property and/or loss of life. Under such circumstances, regular business operations and/or government functions cease and data confidentiality, integrity, and availability are completely compromised for extended
  1. The Future of Work: The fear that technology will eliminate jobs has been with us pretty much since the advent of the first commercial computers, but, until the last few years, the argument that new jobs will appear to replace the old has largely held true. Now however, the revolutionary pace and breadth of technological change is such that we are experiencing a situation in which, as recently described by the Governor of the Bank of England, Mark Carney.

“Alongside great benefits, every technological revolution mercilessly destroys jobs & livelihoods well before new ones emerge.”

Early AI and IOT systems are already augmenting human work and changing management structures across labor sectors. We are already seeing, and can expect to continue to see uneven distribution of the of AI impact across sectors, job types, wage levels, skills and education. It’s very hard to predict which jobs will be most affected by AI-driven automation.

While, traditionally, low-skill jobs have been at the greatest risk of replacement from automation, as Stephen Hawking says, the “rise of artificial intelligence is likely to extend job destruction deep into the middle classes, with only the most caring, creative or supervisory roles remaining.” He goes on to say that “we are at the most dangerous moment in the development of humanity”.

  1. The Future of Society: On the societal front, a paradigm shift is underway in how we work and communicate, as well as how we express, inform and
    entertain ourselves. Equally, governments and institutions are being reshaped, as are systems of education, healthcare and transportation, among many others.

AI and automated decision making systems are often deployed as a background process, unknown and unseen by those they impact. Even when they are seen, they may provide assessments and guide decisions without being fully understood or evaluated. Visible or not, as AI systems proliferate through social domains, there are few established means to validate AI systems’ fairness, and to contest and rectify wrong or harmful decisions or impacts. Professional codes of ethics, where they exist, don’t currently reflect the social and economic complexities of deploying AI systems within critical social domains like healthcare, law enforcement, criminal justice, and labor. Similarly, technical curricula at major universities, while recently emphasizing ethics, rarely integrate these principles into their core training at a practical level[1]. As Mike Ananny and Taylor Owen said in a recent Globe and Mail article[2], there is “a troubling disconnect between the rapid development of AI technologies and the static nature of our governance institutions. It is difficult to imagine how governments will regulate the social implications of an AI that adapts in real time, based on flows of data that technologists don’t foresee or understand. It is equally challenging for governments to design safeguards that anticipate human-machine action, and that can trace consequences across multiple systems, data-sets, and institutions.” This disconnect is further adding to the erosion of trust in our institutions that we have been seeing over several decades.

Adding to the threats to society is the proliferation of internet and social media. In a world where we can all be publishers, we see shades of Orwell’s 1984 in a post-truth word of alternate facts, and fake news. Rather than becoming a more open and collaborative society, we see society fracturing into siloed echo- chambers of alternate-reality, built on confirmation bias, and fed by self-serving populist leaders, posing dangerously simplistic solutions – sometimes in tweets of 140 characters or less – to poorly understood and increasingly complex issues.

 

So, what do we need to do?

The complexity of these challenges, and their interconnectedness across sectors make it a critical responsibility of all stakeholders of global society – governments, business, academia, and civil society – to work together to better understand the emerging trends.

If business leaders expect to harness the latest technology advances to the benefit of their customers, business and society at large, there are two primary challenges they need to address now.

  1. As companies amass vast amounts of personal data used to develop products and services, they must own the responsibility for the ethical use and security of that information. Ethical and security guidelines for how data is collected, controlled and ultimately used are of paramount concern to customers, and rightfully so. To gain the trust of customers, companies must be transparent and prove they employ strong ethical guidelines and security standards.
  1. It is incumbent on organizations to act responsibly toward their employees and make it possible for them to succeed in the rapidly changing work environment. That means clearly defining the company vision and strategies, enabling shifting roles through specialized training, and redefining processes to empower people to innovate and implement new ways of doing business to successfully navigate this new and ever-changing

As a society, if we are to avoid sleepwalking into a dystopian future, as described in 2013 by internet pioneer Nico Mele as one “inconsistent with the hard-won democratic values on which our modern society is based… a chaotic, uncontrollable, and potentially even catastrophic future”, we must recognize that technology is not destiny – institutions and policies are critical. Policy plays a large role in shaping the direction and effects of technological change. “Given appropriate attention and the right policy and institutional responses, advanced automation can be compatible with productivity, high levels of employment, and more broadly shared prosperity.”

The challenge is eloquently described by WEF founder and executive chairman, Dr. Klaus Schwab.

“Shaping the fourth industrial revolution to ensure that it is empowering and human- centred, rather than divisive and dehumanizing, is not a task for any single stakeholder or sector or for any one region, industry or culture. The fundamental and global nature of this revolution means it will affect and be influenced by all countries, economies, sectors and people. It is, therefore, critical that we invest attention and energy in multi- stakeholder cooperation across academic, social, political, national and industry boundaries. These interactions and collaborations are needed to create positive, common and hope- filled narratives, enabling individuals and groups from all parts of the world to participate in, and benefit from, the ongoing transformations.”

 

A call to action!

We need, as Dr. Schwab goes on to say, to “…take dramatic technological change as an invitation to reflect about who we are and how we see the world. The more we think about how to harness the technology revolution, the more we will examine ourselves and the underlying social models that these technologies embody and enable, and the more we will have an opportunity to shape the revolution in a manner that improves the state of the world.”[3]

We cannot wait for “them” to do this – as individuals, we can and must all play a leadership role as advocates in our organizations and communities to increase the awareness and understanding of the changes ahead, and to shape those changes such that, as Dr. Schwab says, they are empowering and human-centred, rather than divisive and dehumanizing.

[1] Source: The AI Now Report, The Social and Economic Implications of Artificial Intelligence Technologies in the Near-Term, A summary of the AI Now public symposium, hosted by the White House and New York University’s Information Law Institute, July 7th, 20

[2] Ethics and governance are getting lost in the AI frenzy, The Globe and Mail, March 20, 2017

[3] Source: The Fourth Industrial Revolution: Risks and Benefits, Wall Street Journal, Feb 24, 2017

Bridging the Gap between Value Selling and Value Realization

All enterprises exist to deliver value to their stakeholders. Over the last few decades, the way that we use technology – and who uses it, has changed dramatically. Yet one thing that has not changed is the on-going questioning of the value received from our investments involving technology. As we move into an increasingly digital universe, with technology becoming embedded in everything we do, there has never been a more critical time to address this question

As I have discussed in previous posts – “Partnering for value”, and “The IT Value standoff”, technology per se is just a cost – it is how the business uses technology, and manages the change that technology both shapes and enables, that determines whether the technology contributes to business value.

What has been lost in all this is the understanding of, and accountability for managing the increasing breadth and depth of business change that technology both shapes and enables, and which is required if value is to be created and sustained! We need to change the conversation – to change it from one largely about the cost of delivery of technology to one focused on creating and sustaining value from business change.

Business value will only be realized from our increasingly significant and complex investments in IT-enabled change when complementary changes are made in the business – including changes to the governance, business and operating models, business processes and practices, people’s work, and the skills and competencies required to successfully get the work done, reward and incentive systems, organizational structures, physical facilities etc. And, the most difficult, changes to organizational culture, and group and individual behaviour.

The value journey starts with the sales cycle, and it is here where the seeds of success or failure are first sown. Did you know that:

  • Over 95% of B2B buyers demand proof that the vendor will deliver value, demanding financial justification / ROI quantification prior to purchase approval (IDC)
  • Yet, only 7% of buyers say the vendors’  content and sales reps are value-focused (The Economist).

But, buyers’ concerns don’t end when the sale is made:

  • Recent research from IBM (IBM Strategy & Change, Survey of Fortune 1000 CIO’s) reported that organizations said that 40% of total IT spending brought no return to their organization
  • The Standish Group has reported on the success of “IT projects” annually since 1994, with success factors being: on time, on budge; and delivering the expected features. The 2015 report redefined success as being: on time; on budget; and with a satisfactory result, where satisfactory includes:on-target (% requirements);  satisfied (very high to very low); value (very high to very low); and alignment with strategic corporate goal (precise to distant). They then summarized the outcomes of projects over the last five years using the new definition of success factors, as shown in the table below.

Standish2015

The number of successful projects is relatively unchanged over the 5 years at a dismal 27 – 29%. In fact, in every year since the  report was first published in 1994, the percentage has been close to that range. It is little wonder, given these numbers, that we are seeing an increased concern around value.

As enterprises move into the digital age, if we continue to do things the way we have been, the challenge will only increase:

  • McKinsey, in a recent report (The digital tipping point. McKinsey Global survey results 2014) reported that most organizations have only a basic grasp on the value that digital can create, need to understand better how to match priorities and investments with the areas of highest value, and must work to ensure that their structures and business processes are set up to take full advantage of the opportunities that digital efforts offer.

This is both a challenge and an opportunity for sales professionals. Building  awareness, understanding, and commitment to make the necessary changes should be a joint responsibility of vendors (as well as consultants) and their enterprise clients. This has been the “elephant in the room” for the last 2 – 3 decades, and we will come nowhere near to realizing full business value of these enterprise investments in IT-enabled change is we don’t surface and deal with it.

I have recently been working with a group of sales professionals and consultants in setting up the Value Selling and Realization Council (VSR Council). The proposed charter of the Council is to:

Maximize value from investments in IT-enabled change by establishing, promoting and adopting value management methods, standards, practices, tools, and training that enable B2B solution providers and enterprise corporate executives to collaborate in developing and executing a “roadmap to value” approach, in order to optimize the business outcomes from such investments.

This is an ambitious agenda – one which, if it is to be successful, and not fall into the old “don’t confuse sell with install” mindset, has to address the “elephant in the room” by adding the missing piece between selling value – getting the client to understand the potential value of the proposed investment, and realizing value – the client actually realizing or even exceeding the expected value. This missing piece is enabling value – building the awareness, understanding, and commitment to make the complementary business  changes that are required for value to be realized.

The figure below provides a model of Value Management, and illustrates that a value mindset and supporting structures, processes, roles, responsibilities, and metrics must be established as part of enterprise governance, and that value enablement is a very significant piece of the Value life-cycle – the bridge between selling value and actually realizing it.

Slide3Unfortunately, it is the piece that has been largely ignored, or paid lip service to up till now. This is where the VSR Council has the opportunity to make a real difference, by building a pro-active community of value-focused individuals, including sales professionals, industry analysts, value consultants, and client enterprise professionals and leaders.

The Council is only a few months old, but already boasts a long list of senior level managers from companies such as IDC, SAP, Oracle, Workday, Adobe, Microsoft, Alexander Group, Unisys, Sirius Decisions, Finlistics, Alinean, DecisionLink, IBM, Accenture, JDA, NetApp, EY, KPMG, VMware, Effisoft, etc. Take a few minutes and watch a short video from a few of the founding members (I’m the oldest looking one!).

I attended a first meeting of the Council in Dallas in October. I have to say that I went with some skepticism, not knowing how many people might show up, what their experience might be, how open as competitors they would be with each other, or what their views of value management were – particularly value enablement and realization. By the end of the day, my skepticism had disappeared. We were expecting 15 attendees, and 22 showed up, there was a breadth and depth of understanding of the value space, and a very open discussion, displaying both a broad understanding of the challenges of value management, and a passion to work collaboratively to address them.

As a non-profit, the VSR Council depends upon the time contributions of its members. If  you are  interested in furthering the work of the Council, and “connecting the dots” to value, individual Community membership is free – just click here to register to become a member and join the community. To connect with the community, you can also join the VSR Linkedin Group here. Also, please consider becoming an active member by volunteering yourself or someone working with you on one of the working committees. Help the Council build something great and connect those dots!

A great way to kickstart your involvement in the community is by attending the upcoming VSR Summit, a networking and educational event scheduled for February 29th thru March 1st, 2016 at the Marriott Courtyard DFW North in Grapevine, Texas.  There is a cost to attend and capacity is limited so, if you or anyone else you may know are interested, you should register soon.

We are today at a “tipping point” where, if we are to come anywhere near realizing the full potential of a digital world, we need to connect the dots from ideas to the realization of value. We will not do this with traditional siloed and fragmented disciplines and approaches. The VSR council provides the opportunity to create a professional value management community, connecting those dots, and providing leadership in enabling organizations to create and sustain value from technology-enabled change. I hope that I have the opportunity in the months and years to come to meet and work with many of you in this community to achieve this goal.

Digital Leadership – Much More Than IT Leadership

There has been much discussion of late on who should be responsible for “digitization”. The role of the CIO is being continually questioned, particularly as it relates to the CMO, and. a new position, the CDO, is appearing. And, of course, let’s not forget the CTO. A recent post by Michael Krigsman describing Intel’s IT leadership and transformation pyramid got me thinking yet again about this. The pyramid, shown below, is a brilliantly simple depiction of how digital leadership must evolve (in my words) from an operational “factory” to a business partner to a transformational leader.

 

intel-it-transformation-pyramid

As Michael Krigsman says, “The pyramid reflects the complex reality of IT / business relationships and the need for IT to deliver at multiple levels simultaneously.” This reminded me of discussions I had in New York last month at the Innovation Value Institute (IVI) Spring Summit around their IT Capability Maturity Framework (IT-CMF). The discussion centred around the digital economy, and the fact that organizations are taking an increasingly business-centric view of IT, with the focus shifting from the delivery of the “T” to the use of the “I”. That technology itself, how technology is delivered, how it is used, and by whom are changing at an ever-increasing rate. And that this is blurring the roles and responsibilities of IT and the Business functions, and giving rise to a fundamental rethinking of how IT, and it’s delivery and use is governed and managed, and the capabilities that are required to ensure and assure that the use of technology contributes to creating and sustaining business value.

In an earlier post, The Digital Economy and the IT Value Standoff, I reiterated my long-leld view that the business change that IT both shapes and enables must be owned by business leaders, and they must accept accountability, and be held accountable for creating and sustaining business value from that change. This cannot be abdicated to the IT function. Yet today, in all too many cases, we have a stand-off where the business doesn’t want to take ownership, and the IT function doesn’t know how, or doesn’t want to give up control.

The key question that arose from the Summit discussion was “Why can’t we get our business leadership engaged in this discussion?” Certainly not a new question – how to do so was essentially the underlying theme of The Information Paradox when it was first published back in 1998. The answer to the question, going back to the leadership pyramid, is that the IT organization has to achieve operational excellence before it can start to change the conversation from bottom-up delivery of technology to top-down value from business change. This requires a maturity level of around 2.5, where 5 is the highest maturity – most organizations are still not yet at this level, most being somewhere between 1 and 2.

So, what does this mean for the CIO? Much has been written about CIOs themselves having to transform to fulfil the 3 leadership roles of the pyramid – running the factory, partnering with the business for value, and strategic transformational leadership. There is no doubt that all these roles are required – but is it reasonable, or necessary to expect that they will be found in one individual. Certainly, there are CIOs who have stepped up to the plate, but many more that haven’t, and possibly cannot.  Professor Joe Peppard at the  European School of Technology and Management in Berlin has put many hundreds of participants through an IT leadership program. He describes in a recent article how, using Myers Briggs typing, he has found that 70% of CIOs fall into one particular type: ISTJs (Introversion, Sensing, Thinking, Judging). Further, along the dimension of where they get their energy, 85% have a preference for introversion. In terms of moving up the pyramid, the very things that may contribute to success in their technology role, can be what leads to downfall in a business leadership position. Even where an individual does have the ability to handle all 3 levels, the day-to-day operational demands all too often leave little time for the other 2 levels. Demands that, while they will definitely change with the advent of the cloud and “everything as a service”, will not go away.

The real issue here is not so much, as Michael Krigsman says, “the need for IT to deliver at multiple levels simultaneously”, but understanding the range of digital leadership capabilities and responsibilities required in the digital economy, and where they should reside. The answer is not as simple as renaming the CIO position, getting a new CIO, or appointing a few new CXOs. It requires recognizing that digitization cuts across organizational silos, and across all levels of organizations.. It will take digital literacy and collaboration across the C-suite to ensure that their organization has, as EY’s David Nichols said in a recent CIO Insight interview, “an integrated and holistic plan to really leverage digital”. It will also require recognizing that the digital economy both enables and requires a different view of leadership. As Sally Helgesen said in a recent post, “‘Leadership’ isn’t Just for Leaders Anymore”, leadership no longer, or should no longer equate with positional power and has, or should become broadly distributed.

If organizations are to succeed in the digital economy, they cannot constrain themselves to the knowledge of a few individuals – to put it a more brutal way, they cannot be constrained by the habits or ego(s) of their leader(s)! Organisations must tap into the collective knowledge of all their people. We need effective governance that reaches out to and involves key stakeholders – retaining appropriate accountability, based on the law of subsidiarity – an organizing principle that matters ought to be handled by the smallest, lowest or least centralized competent authority. This means locating accountability and decision-making at the most appropriate level, while supporting decisions with broader and more knowledgeable input.

As a former colleague of mine, Don Tapscott,  has said for decades “Leadership can come from anywhere”. For organizations to survive and thrive in the digital economy, this is not an option!

Set up to Fail: Managing Digital Transformation as an IT Project

This post is an extended version of one developed jointly with Professor Joe Peppard of the European School of Management and Technology in Berlin which appeared previously as an HBR blog on May 15th, 2014.
failureSir Christopher Kelly, a former British senior civil servant, recently produced a damning report that reviewed the events which led to the £1.5 billion capital shortfall announced by the UK’s Co-operative Bank in June 2013. Running to 158 pages, it describes what happened, identifies the root causes and draws out lessons.

One section highlights the problems encountered as the bank attempted to replace its core banking systems, a programme that was cancelled in 2013 at a cost of almost £300 million. The report underlined a series of significant leadership and management failings that were to blame for the spiraling IT costs which contributed to the bank’s capital shortfall. This shortfall resulted in the Co-op Group ceding control of the bank to bondholders, including a number of U.S. hedge funds.

The investment objectives of the IT-transformation programme were laudable; leapfrogging the competition and gaining an advantage, through improved customer relationship management and quicker delivery of new products. Indeed, the age and complexity of the legacy systems meant that the bank’s technology platform was unstable, expensive to maintain, complex to change, and ill-equipped to support its current and future business requirements. There were particularly severe problems with the functionality of the online business-banking platform. These weaknesses resulted in high running costs, upgrading to comply with new regulatory requirements eating up considerable resource, and significant operational risk. It appeared to be an attractive investment.

However, Sir Christopher wrote: “The weight of evidence supports a conclusion that the programme was not set up to succeed. It was beset by destabilizing changes to leadership, a lack of appropriate capability, poor co-ordination, over complexity, underdeveloped plans in continual flux, and poor budgeting. It is not easy to believe that the programme was in a position to deliver successfully.” The bottom line – the benefits of the investment may have been attractive, but they were not achievable!

Not set up to succeed is a key phrase. More worryingly, the factors identified in the report as contributing to the failure are ones that we all too frequently encounter when we review challenged or failed projects. All of the reasons identified are well known and serve to highlight a low level of digital literacy across c-suites, and the failure of corporate governance and leadership to make informed IT investment decisions.

The report noted: “If the programme was ever to have had a chance of succeeding it would have had to have been robustly managed by people with the right capabilities and experience using the best possible project management discipline.” It went on to emphasize “It would also have had to be subject to searching challenge and scrutiny at Board, Executive and programme management levels. The Bank did not provide any of these things to the extent necessary to ensure success.”

Non-executive directors were also in Sir Christopher’s cross-hairs. He wrote: “It is unreasonable to expect non-executive Board members to audit information provided to them in detail. But it is their responsibility to question it [our emphasis]. It is difficult to avoid the conclusion that both Board and Executive failed to interrogate the programme sufficiently closely and paid inadequate attention to its obvious difficulties until it was too late.” Moreover, he found that former members of the Board’s Banking Transformation Programme Sub-Committee who, he noted, “should have been better placed than other directors to understand the programme, described being surprised that it failed.” His damning critique: “They should not have been.”

In our work, we find that not only are boards ill-equipped to deal with digitization but neither are many executive management teams. Most seem happy to abdicate anything to do with IT to their chief information officer (CIO). This is merely setting up the investment to fail.

Research that we have conducted reveals that leadership teams play a pivotal role in determining whether or not their organizations exploit the innovative opportunities provided by IT. Realizing value from IT or, more accurately, the change that IT both shapes and enables, requires the CEO’s attention and oversight. CEOs set the tone for IT, and their active participation determines whether their organization optimizes the return from spending on IT. Most leadership teams don’t seem to understand this, or quite know what they should do. The fiasco at the Co-op starkly illustrates this.

We have developed a simple yet powerful framework that leadership teams can use to navigate the digital landscape and avoid the kinds of problems that the Co-operative Bank suffered. It helps to ensure that they:

  • make informed decisions, balancing the attractiveness of an investment with their organization’s capability to achieve the desired business outcomes; and
  • continue to effectively monitor and assure the achievement of those outcomes.

The framework is based on four business-focused questions that are at the core of effective governance of IT that every member of a leadership team should have in his or her head. We call these questions, which were originally introduced in The Information Paradox,  the four “ares” .

Are #1 – Are we doing the right things?

This is the strategic question. The first accountability of the CEO is to clearly and regularly communicate what constitutes value for the enterprise and the strategic objectives to which all investments must contribute, against which their performance will be measured. The second, is ensuring, through the initial investment selection process and regular portfolio reviews, that resources are allocated to investments that are both aligned with, and have the greatest potential to contribute to the strategic objectives.

In the case of the bank, while the strategic rationale for the investment was not in question, as the report noted, the bank “was over-estimating its capability to deliver such a complex programme.” Evaluating such risks is a key consideration is assessing any IT investment, especially one that is part of a major transformation. Two key questions are: “Do we understand the extent of change required for this investment to succeed? And is this achievable?” An investment of such complexity and risk had not been successfully undertaken by any UK full-service bank, or, with limited exceptions, any major banks in Europe or North America.

Moreover, the initiative also seems to have been championed by the CIO and when he left the organization in 2008 nobody on the leadership team took up the mantle, and the drive to make the investment a success seemed to have been lost. Although we are going beyond the evidence in the report, we do not think that it is unreasonable to suggest that the investment was considered as a technology programme and not a business change initiative.

Are #2 – Are we doing them the right way?

This is the architecture question. Because this question is usually thought of as relating to technical architecture, it is generally considered by CEOs as a technical issue and the domain of the CIO. Nothing could be further from the truth. What we are advocating here is a broader view of architecture – enterprise architecture – which has both organizational and technology components. The CEO is accountable for ensuring that there is an appropriate enterprise architecture in place.

Key questions here are: “Is our investment in line with our enterprise architecture?” and “Are we leveraging synergies between our investments?” The Kelly report didn’t consider this question, so we cannot comment specifically as to whether adequate consideration was given to the extent of process standardization and the degree of integration across all businesses. However, the observations in the report suggest that, if such consideration had been given, it may have raised a number of flags. As a full service retail bank, that also serves small and medium-sized enterprises, the Co-op provides a variety of products and services (e.g. deposit taking, lending, credit cards and payments) to customers via internet, mobile and branch channels, getting the overall operating model design right is paramount.

Are #3 – Are we getting them done well?

This is the delivery question. Although this is the area where there is a significant body of knowledge, it is the one where the failure of governance continues to result in significant and very visible failures. We continually find that most major transformation initiatives end up being managed as IT projects with responsibility abdicated to the CIO. Key questions here are: “Do we have effective and disciplined delivery and change management processes?” and “Do we have competent and available technical and business resources to deliver the required capabilities, and the organizational changes required to leverage them?”

This is clearly where the investment floundered. As the report states, “the Bank neither had the requisite levels of discipline before the programme began, nor built it during the programme.” Communication and coordination between different parts of the business involved in the programme was weak. Dysfunctional and unconstructive working relationships across these areas did not help matters. There was also a lack of clarity as to responsibilities for deliverables, with interviewees for the report describing “managers managing managers, managing managers.” A Board Sub Committee was supposed to provide closer oversight of the transformation programme, but, as Sir Christopher reported, the figures were neither analyzed in sufficient detail nor with sufficient consistency to give it insight into key drivers of cost escalations. The message consistently given to the board was that it was making satisfactory progress. Programme managers succumbed to communicate matters in a favorable light whenever possible. This obviously has a deeper organizational cultural implication.

Are #4 – Are we getting the benefits?

This is the value question. Surprisingly, this is the question that receives the least attention in most enterprises: few measure or assess whether expected benefits have been delivered. As in the case of the strategic question, this question cannot be delegated to the CIO although, all too often, is. In ensuring that expected benefits are realized and sustained, the CEO is accountable for maximizing value from the portfolio of business change investments. Key questions here are: “Do we have a clear and shared understanding of the expected benefits from the investment?” and “Do we have clear and accepted accountability for realizing the benefits, supported by relevant metrics?” The Kelly Report notes that there was a failure to develop a detailed business case and a complete lack of consistency about the expected benefits across the programme.

 

Addressing the four “ares” is not just something to be done on a one-time basis to secure funding for any proposed investment. Nor can they be addressed in a sequential, or “waterfall,” way. They must all be considered, both individually and collectively, on an on-going basis to ensure that value is realized from investments in IT- enabled change. Boards should ask these questions, and expect that CEOs and/or other executives will be able to answer them – not just at the time of the initial investment decision, and on an on-going basis. CEOs may balk at this, but they need to recognize that in today’s digital economy IT is increasingly embedded in all aspects of their business, and creating and sustaining value from the change that IT both shapes and enables, falls within their realm of accountabilities. The consequences of failing to do so are starkly illustrated by the Co-operative Bank’s crisis.

You can find more about the four “ares” here.

After all is said and done, there is more said than done!

As I have travelled around the world over the last thirty years or more, speaking to and talking with thousands of people on the topic of realizing benefits, and creating and sustaining business value from our increasingly significant and complex investments in IT-enabled change, I invariably get these three responses:

  1. You’ve given me a lot to think about;
  2. My boss should have been here; and
  3. Why aren’t we doing this?

In response to the third point, although it also encompasses the second, I decided a number of years ago to write a paper titled “Moving beyond Words to Action”, and submit it for inclusion as a chapter in a book around Enterprise Governance of IT which was being put together by a couple of colleagues of mine. In many ways, the paper was somewhat of a rant – a constructive rant, based on more years than I care to count of trying to get organizations to “get it” when it comes to the challenge of realizing the full potential of creating and sustaining value from the use of IT. I circulated the paper among a number of peers, all of whom provided constructive feedback and positive support, then submitted it to my colleagues. The good news was that they liked the paper, and thought it was much needed. The bad news was that, being academics, they were looking for more academic research for the book, and, as this was an opinion piece, they didn’t see it as a fit (although I was actually asked to write the Foreword for the book!). I was very busy at that time, so basically parked the paper and carried on with my “real” work.

However, I found myself continually going back to the paper, and, over the years since, have reworked and included much of its content in various smaller articles, and posts, and the paper in its entirety has also been used by at least one business school.

I am now, with another colleague, considering embarking on writing another book. Although the book will encompass more than that in the paper, much of the thinking behind the paper will be included. Coming off a week in New York, where I yet again heard the “Why aren’t we doing this?” question many times, I feel that this is a good time to just throw the paper out there in the hope that some readers will find it of value, and also that I will get some more feedback as we start moving ahead with the book.

The paper, the subtitle of which is the title of this post, can be found here Working Chapterv2.0 – it ends with a “call to action”, which I have included below:

Finally, if we are indeed to move beyond words, we must place an emphasis on action—on engagement and involvement at every level of the enterprise. One of the key findings presented in The-Knowing Gap is that knowledge is much more likely to be acquired from ‘learning by doing’ than from ‘learning by reading’ or ‘learning by listening’. This strongly suggests that an iterative step journey toward value management will yield, for each individual, a discrete set of opportunities for learning that, taken together across an organisation of people, form the stepping stones toward cultural transformation and the achievement of real and sustainable change. As Sun Tzu says in The Art of War, “Every journey starts with the first step.” I urge you to move beyond words and take that first step – I can’t promise that the journey will be easy, but without it, value from IT investments will remain elusive.

In reading it, do remember that it was written around seven years ago, long before the terms “digital economy”, “cloud”, “big data”, “BYOD”, etc. were in general use. Also, at the end, I discuss ISACA’s Val IT™ Framework, the development of which I led. While the framework has now been absorbed into ISACA’s new COBIT 5™, it is still available, and relevant – probably even more so – to addressing the challenge of realizing benefits from investments in IT-enabled change.

I hope that you get some value from reading the paper, and look forward to receiving your thoughts.

The Digital Economy and the IT Value Standoff

The emerging  digital economy, and the promise and challenges that it brings, including the need to shift focus beyond reducing cost to creating value, are adding fuel to the seemingly never-ending discussion about the role of the IT function, and the CIO.  There is questioning of the very need for and/or name of the position, and the function they lead. Discussions around the need for a CDO, the so-called battle between the CMO and the CIO for the “IT budget”, and other similar topics proliferate ad nauseam. Unfortunately, most, although not all of these discussions appear to be about the technology itself, along with associated budgets power and egos, within a traditional siloed organizational context. This akin to shuffling the deck chairs on the Titanic, or putting lipstick on a pig – it’s way past time for that!  As technology becomes embedded in and across everything we do, and we are increasingly becoming embedded in everything technology does, we have to acknowledge that the way we have managed technology in the past will be a huge impediment to delivering on the promise of the Digital Economy. Indeed, it has proven woefully inadequate to deliver on the promise of technology for decades.

Recent illustrations of this include failed, or significantly challenged healthcare projects in the U.S., Australia, and the U.K.as well as disastrous payroll implementations in Queensland, New Zealand and California (you would really think that we should be able to get payroll right). And this situation is certainly not unique to the public sector, although these tend to be more visible. In the private sector, a large number of organizations continue to experience similar problems, particularly around large, complicated ERP, CRM and Supply Chain systems.

All too often, these situations are described as “IT project” failures. In most cases, while there may have been some technology issues, this is rubbish. As I and others have said many times before, the ubiquitous use of the term “IT project” is a symptom of the root cause of the problem. Labelling and managing investments in IT-enabled business change, as IT projects, and abdicating accountability to the CIO is a root cause of the failure of so many to generate the expected payoff. Business value does not come from technology alone – in fact, technology in and of itself is simply a cost. Business value comes from the business change that technology increasingly shapes and enables. Change of which technology is only one part – and increasingly often only a small part. Technology only contributes to business value when complementary changes are made to the business – including increasingly complex changes to the organizational culture, the business model, and the the operating model, as well as to  relationships with customers and suppliers, business processes and work practices, staff skills and competencies, reward systems, organizational structures, physical facilities etc.

From my many previous rants about our failure to unlock the real value of IT-enabled change, regular visitors to this blog will know that I am particularly hard on non-IT business leaders, starting with Boards and CEOs, for not stepping up to the plate. When it comes to IT, the rest of the business, from the executive leadership down, has expected the IT function to deliver what they ask for, assuming little or no responsibility themselves, until it came time to assign blame when the technology didn’t do what they had hoped for. The business change that IT both shapes and enables must be owned by business leaders, and they must accept accountability, and be held accountable for creating and sustaining business value from that change. This cannot be abdicated to the IT function.

However, having spent quite a lot of time over the last few months speaking with CIOs and other IT managers, it has been brought home to me that some, possibly many of them are just as much at fault. There appear to be a number of different scenarios, including CIOs who:

  1. “Get it” and are already seen as a valued member of the executive team, providing leadership in the emerging digital economy;
  2. “Get it”, but have been unable, and, in some cases,  given up trying to get the rest of the executive team to step up to the plate;
  3.  Sort of “get it”, but don’t know how to have the conversation with the executive team;
  4. May “get it”, but are quite happy to remain  passive “order-takers”; or
  5. Don’t “get it”, still believing that IT is the answer to the world’s problems, and don’t want to “give up control”.

The result, in all too many cases, is a stand-off where the business doesn’t want to take ownership, and the IT function doesn’t know how, or doesn’t want to give up control. As Jonathan Feldman said in a recent InformationWeek post, “..enterprise IT, like government IT, believes in the big lie of total control. The thought process goes: If something lives in our datacenter and it’s supplied by our current suppliers, all will be well…my observation is that the datacenter unions at enterprises want “the cloud” to look exactly like what they have today, factored for infrastructure staff’s convenience, not the rest of the supply chain’s.” Until this standoff is resolved, the “train wrecks” will continue, and we will continue to fail to come anywhere near realizing the full economic, social and individual value that can be delivered from IT-enabled change.

At the root of all this is what I described in an earlier post as The real alignment challenge – a serious mis-alignment between enterprises whose leaders have an ecosystem mindset, and adopt mechanistic solutions to change what are becoming increasingly complex organisms. But it’s also more than this – in a recent strategy+business recent post, Susan Cramm talked about “the inability of large organizations to reshape their values, distribution of power, skills, processes, and jobs”. The sad fact is that, as organizations get bigger, an increasing amount of attention is spent looking inward, playing the “organizational game”, with inadequate attention paid to the organizations raison d’être, their customers, or their employees. As Tom Waterman said, “eventually, time, size and success results in something that doesn’t quite work.” Increasingly today, it results in something that is, or will soon be quite broken.

Most of the focus of the conversation about the digital economy today is on improving the customer experience, as indeed it should be – although we have been saying the same for decades with, at best, mixed success. We will come nowhere close to  achieving that success unless we put equal focus on our people, and rethinking how we govern, manage and organize for the digital economy such that we maximize the return on our information and our people.

This will require that leaders truly lead – moving beyond tactical leadership, aka managing, to strategic and transformational leadership. That we move from a cult of individual leadership – “the leader”, to a culture of pervasive leadership – enabling and truly empowering leadership throughout the organization- putting meaning to that much-abused term “empowerment”. That we break the competitive, hierarchical, siloed view and move to a more collaborative, organic  enterprise-wide view. The technology exists to support this today – what is lacking is the leadership mindset, will and capability make the change. As Ron Ashkenas said in a 2013 HBR blog – “The content of change management is reasonably correct, but the managerial capacity to implement it has been woefully underdeveloped”.

I am not saying that this will be easy easy to do – it isn’t, very little involving organization, people and power is. And somehow, throwing in technology seems to elevate complexity to a new dimension. And we certainly don’t make it any easier with the ever-growing proliferation of books, frameworks, methods, techniques and tools around the topic. Many of which have evolved out of the IT world, and are, as a result, while intellectually correct, often over-engineered and bewilderingly complex to executives and business managers who need to “get this”.

So, let’s get back to the basics – governance is about what decisions need to be made, who gets to make them, how they are made and the supporting management processes, structures, information and tools to ensure that it is effectively implemented, complied with, and is achieving the desired levels of performance. It’s not about process for process sake, analysis paralysis, endless meetings, or stifling bureaucracy – it’s about making better decisions by finding the right balance between intellectual rigour and individual judgement. In a previous post, Back to the Basics – the Four “Ares” I introduced the four questions that should be the foundation for that decision-making:

  1. Are we doing the right things?
  2. Are we doing them the right way?
  3. Are we getting them done well?
  4. Are we getting the benefits?

A common reaction to the four “ares” is that they are common sense. Indeed they are, but, unfortunately, they are far from common practice! if business leadership to move beyond words in addressing the challenge of creating and sustaining value from investments in enterprise computing, social media, mobility, big data and analytics, the cloud etc. emphasis must be placed on action—on engagement and involvement at every level of the enterprise,  with clearly defined structure, roles and accountabilities for all stakeholders related to creating and sustaining value. The four “ares” are a good place to start!

 

2012 – A Perfect Storm in IT!

One consequence of a 3 month hiatus, forced initially by surgery and concluded more voluntarily with much needed relaxation in Hawaii, is that I have had time to actually read and digest much of the material that, all too often, I only have time to quickly scan – and then rarely get back to. Amongst all this material was a considerable amount of prognostication on 2012 trends. In many ways, little of this was new, but collectively, it does amount to a “perfect storm” that challenges the way we as individuals, societies, and enterprises – small and large, public and private, look at, use and manage technology, including both the demand and supply side and, probably most importantly, where they intersect. In this post, I will briefly discuss the elements of this “perfect storm”, add the one element that I find to be conspicuously missing from the dialogue, and discuss the implications of both.

  1. The “cloud” – the dream of the “information utility” has been around for decades, and now, with the “cloud”, while there are still significant governance, security and privacy issues to work through (some real, some “noise”),  this is now closer to being a reality.
  2. The data explosion, “big data” – I read recently that 90% of the data in the world today was created in the last 2 years – this exponential growth of data is creating both enormous challenges, and great opportunities – on the technology side, developments include the rise of Hadoop, and recent announcements of Dynamo DB from Amazon, and Big Data Appliance from  Oracle, as well as the growing need for new data visualization and “data scientist” skills.
  3. Analytics, particularly real-time analytics – some of the technologies mentioned above, and indeed those below, are fundamentally changing the analytics landscape. Huge amounts of data – structured or unstructured, can now be analyzed quickly, and data can increasingly be captured and analyzed in real time. The challenge here is to resist the temptation  to succumb to analysis paralysis – to know what information is both relevant and  important, what questions to ask, and to think ahead to what actions might need be taken as a result of based on the answers to these questions.
  4. Mobility – services can now be accessed, data captured, information found, and transactions performed from almost anywhere – other work locations, coffee shops, restaurants and bars, at home, in other countries, in taxis, trains or buses, on airplanes or even on a cruise ship – limitations of distance and time have been virtually eliminated. The challenge here, apart from the security and privacy issues that are common to most of these points,  is to be able to find the “off” button in an increasingly, always on, 24/7 world. On an individual basis we need to maintain a work-life balance, and from a business perspective, “burn out” seriously erodes the effectiveness and value of  their most critical resource – people.
  5. Consumerization, including BYOD and “app”s – while it could be argued that these 3 could each merit their own category, I have chosen to “lump” them together as, collectively, they represent a further significant shift from the traditional “technology push” world, with the IT function in a control mode as the gatekeeper, to the “user tool pull” world with IT, potentially – if they get it right, in a facilitation role as a service broker.
  6. Social Media – this is, to some extent, simply one “flavour” of the previous 2 elements, but a very significant one, with potentially huge implications. While much of the attention to date has been on controlling social media, enterprises are increasingly using it as a communication channel, and beyond that, to tap into it to find out what their customers, and employees are thinking. Here, one challenge/opportunity that I see how we can use social media to improve performance  by tapping into the collective knowledge within organizations – “crowd sourcing” input into decision-making and, as a result, making better-informed decisions, and having employees feel more connected with, and empowered by their organizations.

In all the discussion around the elements of this “perfect storm”, much if not most of the focus had been on the IT function needing to respond more quickly to deliver and/or support capabilities in these areas. There has been much less discussion of how the use of these technologies will be used to lead to positive outcomes – creating and/or sustaining  individual, societal and enterprise value – or of the changes that will be needed in the behaviour of individuals, societies and enterprises if that value is to be realized. If we as individuals and societies are not to become “the tools of our tools”, and enterprises are not to continue the increasingly expensive and value-destructive litany of IT failures, we need to shift our focus from the technology to how we manage and use the capabilities that the technologies provide to increase the value of our lives, our societies and our enterprises.

I don’t make these comments as a later day “luddite”,  rather my focus on value is driven by many decades of frustration at our being nowhere near to realizing the individual, societal and business value that intelligent and appropriate use of technology can create. We will not close that gap until we – as individuals, or leaders in society or business, take “ownership” of how we  use technology, based on the outcomes that are important to us, and the value that we seek to create and sustain! In the enterprise world, this has fundamental implications for the roles and accountabilities of business executives and line of business managers, and for the role of the IT function, as discussed in 2 earlier posts, The Future of IT, and Value from IT – There is a Better Way!

In closing, in the context of individual and societal value, 2 areas that I have long had an interest in, and that I will be watching closely this year are healthcare and education. While we shouldn’t expect seismic shifts in either to happen quickly – it’s just not the nature of the beasts, the ground is starting to move. In healthcare, much of this is driven by the funding crunch, with increase focus on eHealth, based largely on “meaningful use” of EHRs, as well as an increasing number of apps such as Phillips Vital Signs Camera for the iPad. In education, with some exceptions, it is still somewhat more of a grass roots movement, although Apple’s recent iBooks 2 and iTunesU announcements, and organizations such as Curriki may well be  changing this. What I believe we will see here, over time, is an evolution beyond eHealth and eLearning to iHealth, and iLearning, with individuals taking increasing “ownership” of their own health and education.

 

 

A Value-Driven Framework for Change

In an earlier post, The Future of IT, I mentioned the Strategic Governance Framework, introduced in the Afterword of the revised edition of The Information Paradox, and that over the next few months, I would be introducing this framework (which I now refer to as the Strategic Enterprise Governance Framework). Well, it has taken much longer than I had intended, but in this post, one that I must admit is somewhat drier than my usual posts, I introduce the Framework, and briefly describe each of the ten major elements that it comprises. In subsequent posts, I will describe the individual elements, and the relationships between them in greater detail.

Although more than a decade has passed since the The Information Paradox was first published,  the nature of enterprise value—and how to achieve it—continues to be a subject of much discussion. It is clear that the failure to realize business value from investments in IT-enabled change described in the book is a symptom of a wider malaise—one that presents managers with significant new challenges. The fact is, the track record for implementing any major change successfully continues to be  terrible. Although arguably more visible with IT, the same applies to any large-scale investment or change.

One of the root causes for this poor track record is the woeful inadequacy of current governance approaches to manage what is, in most cases, “an uncertain journey to an uncertain destination.” All too often, current practice results in a lack of understanding of the desired outcomes, and the full scope of effort required to realize the outcomes, not knowing what to measure, not surfacing and tracking assumptions, and not sensing and responding to changing circumstances in a timely or well-considered manner.

In the Afterword,  I described how our thinking and practices had evolved beyond the Benefits Realization Approach introduced in the first edition, to a broader strategic governance framework – a framework for overall enterprise governance. Since that time, I have further extended the framework, as illustrated below, from the original seven elements to ten.

The first, and overarching element of the framework is Strategic Governance  – governance being  traditionally defined as the system by which enterprises are directed and controlled and as a set of relationships between a company’s management, its board, its shareholders and its other stakeholders which.  Strategic Governance establishes how direction and control is accomplished within and across the other 9 elements of the framework which I refer to here as “management domains”. This direction and control will have both compliance and performance aspects, both of which must be considered. From a performance standpoint (and to some extent compliance in the case of risk) I add the dimensions of cost, benefit and risk across the Strategic Governance framework to show that these factors have to be taken into consideration when decisions are being taken in or across the management domains.

The nine “management domains” are:

  • Strategy Management – Defining the business…mission, vision, values, principles, desired outcomes and strategic drivers to provide direction and focus for understanding, configuring and managing assets to deliver the greatest value.
  • Asset management – Managing the acquisition, use and disposal of assets to make the most of their service delivery potential and manage the related risks and costs over their entire life (source: Vicnet, State of Victoria, Australia).
  • Architecture Management – Understanding, communicating and managing the fundamental underlying design of the components of the business system, the relationships between them and the manner in which they support the enterprise’s objectives.
  • Programme Management – Managing the delivery of change around business outcomes through a structured grouping of activities (projects) designed to produce clearly identified business results or other end benefits.
  • Portfolio Management –  Managing the evaluation, selection, monitoring and on-going adjustment of a grouping of investment programmes and resulting assets to achieve defined business results while meeting clear risk/reward standards.
  • Project Management –  Managing a group of activities concerned with delivering a defined capability required to achieve business outcomes based upon an agreed schedule and budget.
  • Operations Management – Managing the production of goods and/or services efficiently  – in terms of converting inputs (in the forms of materials, labor, and energy) into outputs (in the form of goods and/or services) using as little resources as needed, and effectively – in terms of meeting customer requirements.
  • Management of Change – A holistic and proactive approach to managing the transition from a current state to a desired state.
  • Performance Management – The definition, collection, analysis and distribution of information relevant to the management of investment programmes and assets so as to maximize their contribution to business outcomes.

While the framework may at first look intimidating, it should not be seen as such. Many, if not all functions within these domains are already being done to a greater or lesser extent in enterprises today, often in many different ways, with little communication between them. It is the management of the critical relationships between these “management domains” which, if managed well, can provide tremendous strategic advantage to enterprises, but which, if not managed well, can have serious, if not catastrophic consequences. If enterprises are to maximize the value from their investments in IT-enabled change, or any form of change, these relationships need to be understood, and managed within a dynamic, “sense and respond” governance framework.

In subsequent posts, I will describe each of these domains, and the critical relationships between them, in greater detail. In the meantime, I encourage you to think about the state of governance in your organization, or in organizations that you are working with, and consider:

  • Are all the management domains included?
  • How completely and effectively are they covered?
  • Are they dealt with holistically, or within silos?
  • How well are the relationships between the management domains, or between the silos covered?
  • How effective is the governance of these domains and relationships in sensing and responding to changes in today’s complex and rapidly changing environment?

The Siren Call of Certainty

In Greek mythology, the sirens were three bird-women who lured nearby sailors with their enchanting music and voices to shipwreck on the rocky coast of their island. The term siren call, from which this derives, is described in the Free Dictionary, as “the enticing appeal of something alluring but potentially dangerous”. In today’s increasingly complex and interconnected world, it is the siren call of certainty that is luring many organizations into failures akin to shipwrecks, particularly, although not limited to their increasingly significant investments in IT-enabled change. More accurately, it is their failing to recognize, accept and manage uncertainty, that leads to these wrecks.

Yet again here, what we have is a failure of governance, and of management – a failure that starts with how strategic decisions are made. In a recent McKinsey paper, How CFOs can keep strategic decisions on track, the authors make the point that “When executives contemplate strategic decisions, they often succumb to the same cognitive biases we all have as human beings, such as overconfidence, the confirmation bias, or excessive risk avoidance.” My discussion here covers the first two (excessive risk avoidance essentially being the opposite of these, and equally dangerous). Executives are often so certain about  (overconfident in) what they want to do that others are unwilling to question their certainty or, if they do, they are dismissed as “naysayers” (and quickly learn not to question again) or the executive only chooses to hear those parts of what they say that confirm their certainty (confirmation bias). I must admit that I have probably been guilty of this myself, in language if, hopefully, not intent, when I have told my teams, “I don’t want to hear why we can’t do this, I want to hear how we can do it.” What I really should have added explicitly was “…and then tell me under what conditions it might not work”.

To resist the lure of the siren call, we require an approach to strategic decision-making  that is open to challenge – one in which multiple lenses are brought to bear on the decision, where uncertainties, and points of view contradictory to those of the person making the final decision, be that the CEO or whoever, are discussed, and where individual biases weigh less in the final decision than facts.

I am not suggesting here that uncertainties should prevent investments being approved, if they did we would never do anything. I am saying that they should not be buried or ignored – they must be surfaced, recognized, mitigated where possible, and then monitored and managed throughout the life-cycle of the investment. This means acknowledging that both the expected outcomes of an investment, and the way those outcomes are realized will likely change during the investment life-cycle. It means managing a changing journey to a changing destination. Unfortunately, once again the siren call of certainty also gets in the way of this.

When investments are approved they are usually executed and managed as projects, all too often seen as technology projects (I use the term broadly here). In a 2010 California Management Review article, “Lost Roots: How Project Management Came to Emphasize Control Over Flexibility and Novelty”, authors Sylvain Lenfle and Christoph Loch, discuss the history of Project Management, and suggest that the current approach to Project Management promises, albeit rarely delivers, greater cost and schedule control, but assumes that uncertainty can be limited at the outset.”

The origins of “modern” project management (PM) can be traced to the Manhattan Project, and the techniques developed during the ballistic missile projects. The article states that “the Manhattan and the first ballistic missile projects…did not even remotely correspond to the ‘standard practice’ associated with PM today…they applied a combination of trial-and-error and parallel trials in order to [deal with uncertainty and unforeseen circumstances] and achieve outcomes considered impossible at the outset”. This approach started to change in the early ’60s when the focus gradually changed from ‘performance at all costs’ to one of optimizing the cost/performance ratio. Nothing inherently wrong with that, but along came Robert McNamara who reorganized the planning process in the Department of Defense (DoD) to consolidate two previously separate processes – planning and budgeting. This integration was supported by the Program Planning and Budgeting System (PBS), which emphasized up-front analysis, planning and control of projects. Again, nothing inherently wrong with that, but the system resulted in an emphasis on the complete definition of the system before its development in order to limit uncertainty, and a strict insistence on a phased “waterfall” approach. The assumptions underlying this approach are i) as decisions taken by top management are not up for discussion, the PM focus is on delivery, and ii) rigorous up-front analysis can eliminate and control uncertainty – these underlying assumptions are still very much part of Project Management “culture” today.

Again, I am not saying here that there is no need for sound analysis up-front – quite the contrary, I believe that we need to do much more comprehensive and rigorous up-front analysis. What I am saying is that, no matter how good the up-front analysis is, things will change as you move forward, and there will be unexpected, and sometime unpredictable surprises. We cannot move blindly ahead to the pre-defined solution, not being open to any questioning of the outcome (destination) or approach (journey), and focusing solely on controlling cost and schedule. The history of large projects is littered with wrecks because, yes, there was inadequate diligence up-front, but equally, or even more so, because we failed to understand and manage uncertainty – forging relentlessly on until at some stage, the project was cancelled, or, more often, success was re-defined and victory declared.

The article suggests that “Project Management has confined itself in an ‘order taker niche’ of carrying out tasks given from above…cutting itself off from strategy making…and innovation”. Many organizations, particularly those embracing agile development approaches, do apply a combination of trial-and-error and parallel trials in order to deal with uncertainty and unforeseen circumstances, and to achieve outcomes either considered impossible at the outset, or different from those initially expected. But, as the authors say, “these actions happen outside the discipline of project management…they apply [these approaches] despite their professional PM training.”

The tragedy here, with both strategic decision making, and execution is that we know how to do much better, and resources exist to help us do so. Strategic decision making can be significantly improved by employing Benefits Mapping techniques to ensure clarity of the desired outcomes, define the full scope of effort to achieve those outcomes, surface assumption, risks and uncertainties around their achievement, and provide a road-map for execution, supporting decision making with an effective business case process, and by applying the discipline of Portfolio Management to both proposed and approved investments. The successful execution of investments in the portfolio can be increased by moving beyond the traditional Project Management approach by taking a Program Management view, incorporating all the delivery projects that are both necessary and sufficient to achieve the desired outcomes in comprehensive programs of change. Many of the elements of such an approach were initially discussed in The Information Paradox, and subsequently codified in the Val IT™ 2.0 Framework.

We know the problem, we have the tools to deal with it – what is still missing is the appetite and commitment to do so.

The Future of IT

After another couple of month’s silence precipitated by some minor surgery, the holiday season and, quite frankly, too much “same old – same old” news, a couple of articles have caused me to, once again, put my fingers to the keyboard.

The first, a blog – unfortunately his last with CIO.com, by Thomas Wailgum, IT in 2020: Will it Even Exist?, and the second by Marilyn Weinstein, again in CIO.com, The Power of IT Drives Businesses Forward. While the two titles might appear contradictory, I felt they were both saying the same thing in somewhat different ways, and that what they were saying is important – although not new.

In describing a new report from Forrester Research, “IT’s Future in the Empowered Era: Sweeping Changes in the Business Landscape Will Topple the IT Status Quo”, Thomas suggests that the question that lingers throughout the report is whether corporate IT, as we know it today, will even exist in 2020.

In the report, analysts Alex Cullen and James Staten identify three forces bearing down on IT that will likely have long-lasting ramifications. The three forces include: Business-ready, self-service technology (including cloud and SaaS adoption); empowered, tech-savvy employees who don’t think they need corporate IT; and a “radically more complex business environment,” notes the report.

Cullen and Staten write “The IT status quo will collapse under these forces, and a new model–empowered BT [business technology]–will take its place. Today’s IT and business leaders should prepare by rethinking the role the IT department plays and how technology staff engage the business, shifting from controlling to teaching and guiding.”

Well, whether it be these three forces or others, I certainly agree that the status quo is unacceptable and this rethink needs to take place – it should have taken place a long time ago.

In her article, Marilyn echoes a comment I have been making for well over a decade in saying “One of the most overused terms I’ve heard in the past few years as CEO of an IT consulting and staffing firm has to be the word “alignment.” With IT embedded in just about everything that we do, it is ridiculous. and dangerous, to continue to talk about alignment. As Marilyn goes on to say, “IT drives efficiencies. IT enables business. IT powers business success. The goal is not merely to align, but to get in front of the business goals and spearhead growth… IT does drive and enable business. It’s time for IT leadership to drive that point home. ” Again, the long overdue need for IT and business leaders to rethink the role the IT department plays and how technology staff engage the business.

The role of the IT leader, the CIO is indeed changing, or certainly should be. The CIO is accountable for delivering required technology services at an affordable cost with an acceptable level of risk. The business leadership is accountable for investing in, and managing and using technology such that it creates and sustains value for their organization – this cannot be abdicated to the IT function. But nor can it be done without the IT function – they have a key role to play here. The CIO, as the IT leader, is responsible for ensuring that their team works in partnership with other business leadership to help them:

  • optimize value from existing services;
  • understand the opportunities for business change enabled by current, new or emerging technologies;
  • understand the business changes they will have to make to realize value from these opportunities; and
  • select opportunities with highest potential value and execute such that value is maximized.

This requires moving beyond the current culture of delivery – based on a philosophy of “build it and they will come”, to a culture of value. This will further require moving beyond the current approach to IT governance – one that is again focused on delivery and the “factory” to a broader more strategic approach to enterprise governance – one that ensures that organizations have:

1. A shared understanding what constitutes value for the organisation;

2. Clearly defined roles, responsibilities and accountabilities, with an aligned reward system;

3. Processes and practices around value management, including portfolio, programme and project management, supported by complete and comprehensive business cases, with active benefits and change management; and

4. Relevant metrics, both “lead” and “lag”.

The Val IT Framework 2.0™ provides, in Section 6 – Functional Accountabilities and Responsibilities, a summary of the roles of IT and business leadership required to support this approach.

In the Afterword of the revised edition of The Information Paradox, I introduced a Strategic Governance Framework. Since that time, as well as working with ISACA in leading the development of The Val IT Framework, I have continued to refine that framework into what I now refer to as the Strategic Enterprise Governance Framework. Over the next few months, I will be introducing this framework, and describing each of the ten major elements that it comprises.

Moving to such a governance approach is a business imperative, one which is itself a major change programme that will take time to plan and implement, and also for the benefits to be achieved. We will not however come anywhere near realizing the full potential value of IT-enabled change until we do so. It is time to move beyond words and place an emphasis on action. This will require strong leadership, and engagement and involvement at every level of the organisation.