The Dark Side of Digital

 Four years ago, I wrote reflecting on my 50 years in IT, and the pursuit of value from the use of IT. I described the changes that had occurred over that time since I started my working life as a computer operator on an IBM 1401, which had a (not really published as such) processing speed close to 10 million times slower than today’s (2013) microprocessors, 8k of storage (later upgraded, with an additional unit, to 16k), no solid state/hard drive, displays or communication capability, and no operating system (that was me!). Weighing in at around 4 tons, it needed a fully air conditioned room, with a raised floor, approximately twice the size of my living room.

I described how my world in 2013 compared with that time. I had powerful technology in my small home office, wirelessly connected within my house, and to the world beyond through the internet. I had access to an ever-growing body of knowledge that could answer almost any question I had, and which enabled me to manage my banking, pay bills, check medical lab test results, organize travel, shop, read books, listen to music, watch videos, play games, organize, edit and enhance photographs and videos, and a myriad of other tasks.

I went on to describe how, beyond my individual world, at the enterprise level, the technology model is changing from computing – the technology in and of itself, to consumption – how individuals and organizations use technology in ways that can create value for them and, in the case of organizations, their stakeholders. I discussed the extent to which technology, and how it was being used, was continuing to change, at an ever-increasing rate, including:

  • increasing adoption of the Cloud;
  • Software (and just about anything else) as a Service; the explosion of “Big Data”, and, along with it, analytics and data visualization;
  • mobility, consumerization and BYOD which fundamentally changes how, where and when we interact with technology and access information;
  • the ”internet of things” (IOT) bringing with it unprecedented challenges in security, data privacy, safety, governance and trust; and
  • robotics and algorithmic computing which have considerable potential to change the nature of work.

I closed by talking about what hadn’t changed, and what needed to change. Putting my value lens on, I lamented that, then, 15 years since The Information Paradox, in which I described the challenge of getting value from so called “IT projects”, was first published, the track record remained dismal, and realizing the value promised by IT remained elusive. I attributed this situation to several factors, the primary ones being:

  • a continued, often blind focus on the technology itself, rather than the change – increasingly significant and complex change – that technology both shapes and enables;
  • the unwillingness of business leaders to get engaged in, and take ownership of this change – electing to abdicate their accountability to the IT function; and
  • failure to inclusively and continually involve the stakeholders affected by the change, without whose understanding and “buy in” failure is pretty much a foregone

 

What a difference four years makes

OK – that’s (probably more than) enough of a recap – I’m now going to fast forward some 4 years (a lifetime in the digital world) to today, 2017. While the challenge of creating and sustaining value from our use of technology described above is still real, our failure to address it, along with an almost total failure of leadership – technical, business and government leadership, have brought us into an increasingly dark place – one that I think few of us saw coming, certainly not unfolding as it is. I call this place “the Dark Side of Digital”. I alluded to it in 2013 in discussing IOT, robotics and algorithmic computing, when I said that they brought with them “unprecedented challenges in security, data privacy, safety, governance and trust…(and) have considerable potential to change the nature of work” – I would now revise and add to the latter saying “…have considerable potential to fundamentally impact the future of work and, indeed, the future of society”.

The elements of this dark side fall into three main categories:

  1. Cybersecurity: This is the most traditional category – one that, albeit not so- named, has been with us since the advent of computers, when cards, tapes or
    other media could be lost/stolen. However, as our connectedness continues to increase, so does our susceptibility to cybersecurity attacks, with a growing number of such threats arising out of machine-to-machine learning and the Internet of Things. There are nearly 7 billion connected devices being used this year, but this is expected to jump to a whopping 20 billion over the next four years. Most cybercriminals are now operating with increasing levels of skill and professionalism. As a result, the adverse effects of cyber-breaches, -hacks, or –attacks, including the use of ransomware and phishing continue to escalate resulting in increased physical loss and theft of media, eroding competitive advantage and shareholder value, and severely damaging reputations. More severe attacks have the capacity to disrupt regular business operations and governmental functions severely. Such incidents may result in the temporary outage of critical services and the compromise of sensitive data. In the case of nation-state supported actors, their attacks have the potential to cause complete paralysis and/or destruction of critical systems and infrastructure. Such attacks have the capacity to result in significant destruction of property and/or loss of life. Under such circumstances, regular business operations and/or government functions cease and data confidentiality, integrity, and availability are completely compromised for extended
  1. The Future of Work: The fear that technology will eliminate jobs has been with us pretty much since the advent of the first commercial computers, but, until the last few years, the argument that new jobs will appear to replace the old has largely held true. Now however, the revolutionary pace and breadth of technological change is such that we are experiencing a situation in which, as recently described by the Governor of the Bank of England, Mark Carney.

“Alongside great benefits, every technological revolution mercilessly destroys jobs & livelihoods well before new ones emerge.”

Early AI and IOT systems are already augmenting human work and changing management structures across labor sectors. We are already seeing, and can expect to continue to see uneven distribution of the of AI impact across sectors, job types, wage levels, skills and education. It’s very hard to predict which jobs will be most affected by AI-driven automation.

While, traditionally, low-skill jobs have been at the greatest risk of replacement from automation, as Stephen Hawking says, the “rise of artificial intelligence is likely to extend job destruction deep into the middle classes, with only the most caring, creative or supervisory roles remaining.” He goes on to say that “we are at the most dangerous moment in the development of humanity”.

  1. The Future of Society: On the societal front, a paradigm shift is underway in how we work and communicate, as well as how we express, inform and
    entertain ourselves. Equally, governments and institutions are being reshaped, as are systems of education, healthcare and transportation, among many others.

AI and automated decision making systems are often deployed as a background process, unknown and unseen by those they impact. Even when they are seen, they may provide assessments and guide decisions without being fully understood or evaluated. Visible or not, as AI systems proliferate through social domains, there are few established means to validate AI systems’ fairness, and to contest and rectify wrong or harmful decisions or impacts. Professional codes of ethics, where they exist, don’t currently reflect the social and economic complexities of deploying AI systems within critical social domains like healthcare, law enforcement, criminal justice, and labor. Similarly, technical curricula at major universities, while recently emphasizing ethics, rarely integrate these principles into their core training at a practical level[1]. As Mike Ananny and Taylor Owen said in a recent Globe and Mail article[2], there is “a troubling disconnect between the rapid development of AI technologies and the static nature of our governance institutions. It is difficult to imagine how governments will regulate the social implications of an AI that adapts in real time, based on flows of data that technologists don’t foresee or understand. It is equally challenging for governments to design safeguards that anticipate human-machine action, and that can trace consequences across multiple systems, data-sets, and institutions.” This disconnect is further adding to the erosion of trust in our institutions that we have been seeing over several decades.

Adding to the threats to society is the proliferation of internet and social media. In a world where we can all be publishers, we see shades of Orwell’s 1984 in a post-truth word of alternate facts, and fake news. Rather than becoming a more open and collaborative society, we see society fracturing into siloed echo- chambers of alternate-reality, built on confirmation bias, and fed by self-serving populist leaders, posing dangerously simplistic solutions – sometimes in tweets of 140 characters or less – to poorly understood and increasingly complex issues.

 

So, what do we need to do?

The complexity of these challenges, and their interconnectedness across sectors make it a critical responsibility of all stakeholders of global society – governments, business, academia, and civil society – to work together to better understand the emerging trends.

If business leaders expect to harness the latest technology advances to the benefit of their customers, business and society at large, there are two primary challenges they need to address now.

  1. As companies amass vast amounts of personal data used to develop products and services, they must own the responsibility for the ethical use and security of that information. Ethical and security guidelines for how data is collected, controlled and ultimately used are of paramount concern to customers, and rightfully so. To gain the trust of customers, companies must be transparent and prove they employ strong ethical guidelines and security standards.
  1. It is incumbent on organizations to act responsibly toward their employees and make it possible for them to succeed in the rapidly changing work environment. That means clearly defining the company vision and strategies, enabling shifting roles through specialized training, and redefining processes to empower people to innovate and implement new ways of doing business to successfully navigate this new and ever-changing

As a society, if we are to avoid sleepwalking into a dystopian future, as described in 2013 by internet pioneer Nico Mele as one “inconsistent with the hard-won democratic values on which our modern society is based… a chaotic, uncontrollable, and potentially even catastrophic future”, we must recognize that technology is not destiny – institutions and policies are critical. Policy plays a large role in shaping the direction and effects of technological change. “Given appropriate attention and the right policy and institutional responses, advanced automation can be compatible with productivity, high levels of employment, and more broadly shared prosperity.”

The challenge is eloquently described by WEF founder and executive chairman, Dr. Klaus Schwab.

“Shaping the fourth industrial revolution to ensure that it is empowering and human- centred, rather than divisive and dehumanizing, is not a task for any single stakeholder or sector or for any one region, industry or culture. The fundamental and global nature of this revolution means it will affect and be influenced by all countries, economies, sectors and people. It is, therefore, critical that we invest attention and energy in multi- stakeholder cooperation across academic, social, political, national and industry boundaries. These interactions and collaborations are needed to create positive, common and hope- filled narratives, enabling individuals and groups from all parts of the world to participate in, and benefit from, the ongoing transformations.”

 

A call to action!

We need, as Dr. Schwab goes on to say, to “…take dramatic technological change as an invitation to reflect about who we are and how we see the world. The more we think about how to harness the technology revolution, the more we will examine ourselves and the underlying social models that these technologies embody and enable, and the more we will have an opportunity to shape the revolution in a manner that improves the state of the world.”[3]

We cannot wait for “them” to do this – as individuals, we can and must all play a leadership role as advocates in our organizations and communities to increase the awareness and understanding of the changes ahead, and to shape those changes such that, as Dr. Schwab says, they are empowering and human-centred, rather than divisive and dehumanizing.

[1] Source: The AI Now Report, The Social and Economic Implications of Artificial Intelligence Technologies in the Near-Term, A summary of the AI Now public symposium, hosted by the White House and New York University’s Information Law Institute, July 7th, 20

[2] Ethics and governance are getting lost in the AI frenzy, The Globe and Mail, March 20, 2017

[3] Source: The Fourth Industrial Revolution: Risks and Benefits, Wall Street Journal, Feb 24, 2017

A New Age of Digital Exploration

The first question you may have here is what do I mean by “digital exploration”? Is exploration being disrupted by digital, or does digital require exploration? The answer is yes to both. Although the focus of this piece is on the latter, my thinking about it was triggered by the first. In 2013, my son, Jeremy, was named one of National Geographic’s “Emerging Explorers of The Year”. This was not for grinding trudges dragging dugout canoes through tropical areas, although that was to follow, but for his work in data visualization – translating unimaginable blurs of information into something we can see, understand, and feel—data made human through visualizations that blend research, art, software, science, and design.

img_2788aAs a result of this, and meeting another National Geographic explorer, Steve Boyes, Jeremy became one of the four leaders of the Okavango 2014 expedition (that’s him on the left) – the first ever live-data expedition  across Botswana’s amazing Okavango Delta. Like the expeditions of old, they were pushing into the unknown, in search of measurements but, unlike previous expeditions, they used a set of open-source tools to develop a system that puts every piece of data collected onto the web, in near real-time, for anyone in the world to use and share. This data included wildlife sightings, water quality measurements, and the four leaders’ exact GPS location, heart rate, and energy consumption.

As I reflected on this expedition, and how it was positively disrupting exploration, I went back to thinking about how our use of technology has evolved and continues to evolve. I started to question how I have been describing this evolution. I have described, as depicted in the image below, three stages of evolution: the automation stage, which I characterized as the appliance era; the information stage, characterized as the rewiring era; and the transformation stage, characterized as the rebuilding era.

Slide1

I have always felt uncomfortable with the term transformation – a much over-used and abused word. When the initial version of this image appeared in The Information Paradox, almost two decades ago, it was being used to describe the implementation of ERP, CRM, SCM etc. While these were certainly complicated endeavours, and often required significant organizational change (a requirement usually recognized too late and poorly managed), they were primarily about integrating information, and making it more accurate, accessible and timely. There were  proven practices available to do this, although, they were all too often not adopted, or adopted too late. They did not essentially change what organizations did – they just did it differently and, hopefully, better. It certainly involved major organizational change, but was hardly transformational.

Since that time, there has certainly been real transformation in a number of industries, including entertainment, media, communications, retail and consumer goods, financial services, automotive, as well as around the edges of others, but we are now seeing this happening, or at least the potential for it to happen, across all industries. Indeed, across all organizations, public or private, large or small. This is taking us into unknown territory – moving beyond a complicated world to a complex one. One in which :

  • Technology itself, how technology is delivered, how it used, and by whom are changing at an ever-increasing pace;
  • Everything and everyone will be connected, anywhere, any time;
  • Technology is increasingly embedded in everything we do, and in ourselves;
  • Everything is becoming “smart’ – phones, cars, houses, buildings, cities, etc.;
  • Robots, cognitive computing and machine learning play an increasing role;
  • We are becoming increasingly embedded in everything technology does;
  • Data is available about everything;
  • Analytics are available to anyone; and
  • Everything is available as a service.

This increasingly complex world is moving us to  the next stage of evolution in our use of IT – exploration, as illustrated in the images below.

Slide1This first figure adds the exploration stage to my original three. This is a somewhat different and more fluid stage, as what emerges from the exploration stage could become a combination of automation, information, and transformation type uses of IT. In the next image I take a degree of licence in  integrating the four stages with the concepts of David Snowden’s Cynefin Framework – an analytical, decision-making framework based on understanding the nature of the systems you are working with – simple/ordered, complicated, complex or chaotic, and selecting the appropriate approach and practices to manage them.

Slide2The first three of the Cynefin system types: simple/ordered; complicated; and complex are  mapped to the four stages. Automation, and some basic examples of the information stage map to simple/ordered. Some of the more integrated information and simple transformation map to complicated. Broader transformation and exploration map to complex. The mapping again draws on David Snowden’s work in positing that best practices are appropriate for the simple/ordered systems, proven practices can be selected based on analysis and/or expert opinion for complicated systems, and new/novel practices emerge during the exploratory era.

Slide3While, as proven and best practices emerge, the nature of systems may change, i.e. they may become a combination of simple/ordered, complicated and complex, this last figure shows that when we attempt to apply best practices to a complex system, the result is the fourth Cynefin system type – chaotic. In today’s complex digital world, while proven practices are emerging, most of what we are doing is still very much exploratory in nature.

 

 
As organizations move into the digital world, they will still have simple/ordered systems, although most of these may be XaaS in the Cloud, and complicated systems, some/all of which may also be in the Cloud, but an increasing amount of what they do will be in the complex space. In this space, it will not just be just practices around delivery of products that will be emerging, but also new models of how work is organized, managed, lead and governed. It is, or should be becoming clear that our traditional industrial-age, top-down hierarchical control-oriented approach to leadership and management is simply not cutting it, and certainly won’t do so in a digital world. The engagement level of employees with their organizations is abysmal – ranging between ~13-30% (and its not much better for managers). This is sometimes attributed to generational differences, particularly the rise of the “millennials”, and is certainly not helped by the rising disparity between C-Suite pay and that of the median worker. However, I don’t believe that the aspirations of millennials are any different than mine were when I started work over 50 years ago.

What has changed is the global and social context within which we live and work. We are more globally aware and socially connected, and have 24/7 access to pretty much unlimited knowledge, information and expertise. We are exposed every day to how other organizations are already embracing technologies, including social, mobile and analytics, enabling greater engagement and two-way communication with and between employees, and orchestrating self-managing teams who can work collaboratively in a much more agile and responsive way with limited but relevant and appropriate oversight. Organizations who are “democratizing” their approach to leadership and governance – letting their people use their brains again.

We know what the future of work could be, but don’t see that anywhere close to being universally realized. The challenge ahead is to break out of the straightjacket of more than a century of hierarchical, siloed industrial age mindsets at work which are controlling, mistake-averse and “know it all”. To evolve them into mindsets that are enabling, learning and willing to try new things and fail. To move to a more agile and inclusive approach to governance, leadership and management. A value-focused, data and analytics driven, agile, sense and respond approach that transcends functional and organisational boundaries, and engages employees, customers and other key stakeholders – locating accountability and decision-making at the most appropriate level (based on the principle of subsidiarity), while supporting decisions with broader and more knowledgeable input.

All this is will require a fundamental rethinking of how digital businesses are governed and managed, and the capabilities that are required to ensure and assure that the use of technology contributes to creating and sustaining business and societal value in the digital world Replacing current top-down, hierarchical and siloed processes with leadership across and beyond the C-suite with leadership capabilities recognized, nurtured, and empowered throughout organizations. It will all be part of a new era of digital exploration and transformation.

Does this mean that we have to throw out everything that has come before? No – but we do have to question everything? We do have to look at everything with the understanding of “what could be”, not “what has been”. We have to be careful here not to “throw the baby out with the bathwater” – this must all be done without losing sight of the fundamentals of governance as described in Back to the Basics – The Four “Ares” and A Value-Driven Framework for Change.

Digital Leadership – Much More Than IT Leadership

There has been much discussion of late on who should be responsible for “digitization”. The role of the CIO is being continually questioned, particularly as it relates to the CMO, and. a new position, the CDO, is appearing. And, of course, let’s not forget the CTO. A recent post by Michael Krigsman describing Intel’s IT leadership and transformation pyramid got me thinking yet again about this. The pyramid, shown below, is a brilliantly simple depiction of how digital leadership must evolve (in my words) from an operational “factory” to a business partner to a transformational leader.

 

intel-it-transformation-pyramid

As Michael Krigsman says, “The pyramid reflects the complex reality of IT / business relationships and the need for IT to deliver at multiple levels simultaneously.” This reminded me of discussions I had in New York last month at the Innovation Value Institute (IVI) Spring Summit around their IT Capability Maturity Framework (IT-CMF). The discussion centred around the digital economy, and the fact that organizations are taking an increasingly business-centric view of IT, with the focus shifting from the delivery of the “T” to the use of the “I”. That technology itself, how technology is delivered, how it is used, and by whom are changing at an ever-increasing rate. And that this is blurring the roles and responsibilities of IT and the Business functions, and giving rise to a fundamental rethinking of how IT, and it’s delivery and use is governed and managed, and the capabilities that are required to ensure and assure that the use of technology contributes to creating and sustaining business value.

In an earlier post, The Digital Economy and the IT Value Standoff, I reiterated my long-leld view that the business change that IT both shapes and enables must be owned by business leaders, and they must accept accountability, and be held accountable for creating and sustaining business value from that change. This cannot be abdicated to the IT function. Yet today, in all too many cases, we have a stand-off where the business doesn’t want to take ownership, and the IT function doesn’t know how, or doesn’t want to give up control.

The key question that arose from the Summit discussion was “Why can’t we get our business leadership engaged in this discussion?” Certainly not a new question – how to do so was essentially the underlying theme of The Information Paradox when it was first published back in 1998. The answer to the question, going back to the leadership pyramid, is that the IT organization has to achieve operational excellence before it can start to change the conversation from bottom-up delivery of technology to top-down value from business change. This requires a maturity level of around 2.5, where 5 is the highest maturity – most organizations are still not yet at this level, most being somewhere between 1 and 2.

So, what does this mean for the CIO? Much has been written about CIOs themselves having to transform to fulfil the 3 leadership roles of the pyramid – running the factory, partnering with the business for value, and strategic transformational leadership. There is no doubt that all these roles are required – but is it reasonable, or necessary to expect that they will be found in one individual. Certainly, there are CIOs who have stepped up to the plate, but many more that haven’t, and possibly cannot.  Professor Joe Peppard at the  European School of Technology and Management in Berlin has put many hundreds of participants through an IT leadership program. He describes in a recent article how, using Myers Briggs typing, he has found that 70% of CIOs fall into one particular type: ISTJs (Introversion, Sensing, Thinking, Judging). Further, along the dimension of where they get their energy, 85% have a preference for introversion. In terms of moving up the pyramid, the very things that may contribute to success in their technology role, can be what leads to downfall in a business leadership position. Even where an individual does have the ability to handle all 3 levels, the day-to-day operational demands all too often leave little time for the other 2 levels. Demands that, while they will definitely change with the advent of the cloud and “everything as a service”, will not go away.

The real issue here is not so much, as Michael Krigsman says, “the need for IT to deliver at multiple levels simultaneously”, but understanding the range of digital leadership capabilities and responsibilities required in the digital economy, and where they should reside. The answer is not as simple as renaming the CIO position, getting a new CIO, or appointing a few new CXOs. It requires recognizing that digitization cuts across organizational silos, and across all levels of organizations.. It will take digital literacy and collaboration across the C-suite to ensure that their organization has, as EY’s David Nichols said in a recent CIO Insight interview, “an integrated and holistic plan to really leverage digital”. It will also require recognizing that the digital economy both enables and requires a different view of leadership. As Sally Helgesen said in a recent post, “‘Leadership’ isn’t Just for Leaders Anymore”, leadership no longer, or should no longer equate with positional power and has, or should become broadly distributed.

If organizations are to succeed in the digital economy, they cannot constrain themselves to the knowledge of a few individuals – to put it a more brutal way, they cannot be constrained by the habits or ego(s) of their leader(s)! Organisations must tap into the collective knowledge of all their people. We need effective governance that reaches out to and involves key stakeholders – retaining appropriate accountability, based on the law of subsidiarity – an organizing principle that matters ought to be handled by the smallest, lowest or least centralized competent authority. This means locating accountability and decision-making at the most appropriate level, while supporting decisions with broader and more knowledgeable input.

As a former colleague of mine, Don Tapscott,  has said for decades “Leadership can come from anywhere”. For organizations to survive and thrive in the digital economy, this is not an option!

Set up to Fail: Managing Digital Transformation as an IT Project

This post is an extended version of one developed jointly with Professor Joe Peppard of the European School of Management and Technology in Berlin which appeared previously as an HBR blog on May 15th, 2014.
failureSir Christopher Kelly, a former British senior civil servant, recently produced a damning report that reviewed the events which led to the £1.5 billion capital shortfall announced by the UK’s Co-operative Bank in June 2013. Running to 158 pages, it describes what happened, identifies the root causes and draws out lessons.

One section highlights the problems encountered as the bank attempted to replace its core banking systems, a programme that was cancelled in 2013 at a cost of almost £300 million. The report underlined a series of significant leadership and management failings that were to blame for the spiraling IT costs which contributed to the bank’s capital shortfall. This shortfall resulted in the Co-op Group ceding control of the bank to bondholders, including a number of U.S. hedge funds.

The investment objectives of the IT-transformation programme were laudable; leapfrogging the competition and gaining an advantage, through improved customer relationship management and quicker delivery of new products. Indeed, the age and complexity of the legacy systems meant that the bank’s technology platform was unstable, expensive to maintain, complex to change, and ill-equipped to support its current and future business requirements. There were particularly severe problems with the functionality of the online business-banking platform. These weaknesses resulted in high running costs, upgrading to comply with new regulatory requirements eating up considerable resource, and significant operational risk. It appeared to be an attractive investment.

However, Sir Christopher wrote: “The weight of evidence supports a conclusion that the programme was not set up to succeed. It was beset by destabilizing changes to leadership, a lack of appropriate capability, poor co-ordination, over complexity, underdeveloped plans in continual flux, and poor budgeting. It is not easy to believe that the programme was in a position to deliver successfully.” The bottom line – the benefits of the investment may have been attractive, but they were not achievable!

Not set up to succeed is a key phrase. More worryingly, the factors identified in the report as contributing to the failure are ones that we all too frequently encounter when we review challenged or failed projects. All of the reasons identified are well known and serve to highlight a low level of digital literacy across c-suites, and the failure of corporate governance and leadership to make informed IT investment decisions.

The report noted: “If the programme was ever to have had a chance of succeeding it would have had to have been robustly managed by people with the right capabilities and experience using the best possible project management discipline.” It went on to emphasize “It would also have had to be subject to searching challenge and scrutiny at Board, Executive and programme management levels. The Bank did not provide any of these things to the extent necessary to ensure success.”

Non-executive directors were also in Sir Christopher’s cross-hairs. He wrote: “It is unreasonable to expect non-executive Board members to audit information provided to them in detail. But it is their responsibility to question it [our emphasis]. It is difficult to avoid the conclusion that both Board and Executive failed to interrogate the programme sufficiently closely and paid inadequate attention to its obvious difficulties until it was too late.” Moreover, he found that former members of the Board’s Banking Transformation Programme Sub-Committee who, he noted, “should have been better placed than other directors to understand the programme, described being surprised that it failed.” His damning critique: “They should not have been.”

In our work, we find that not only are boards ill-equipped to deal with digitization but neither are many executive management teams. Most seem happy to abdicate anything to do with IT to their chief information officer (CIO). This is merely setting up the investment to fail.

Research that we have conducted reveals that leadership teams play a pivotal role in determining whether or not their organizations exploit the innovative opportunities provided by IT. Realizing value from IT or, more accurately, the change that IT both shapes and enables, requires the CEO’s attention and oversight. CEOs set the tone for IT, and their active participation determines whether their organization optimizes the return from spending on IT. Most leadership teams don’t seem to understand this, or quite know what they should do. The fiasco at the Co-op starkly illustrates this.

We have developed a simple yet powerful framework that leadership teams can use to navigate the digital landscape and avoid the kinds of problems that the Co-operative Bank suffered. It helps to ensure that they:

  • make informed decisions, balancing the attractiveness of an investment with their organization’s capability to achieve the desired business outcomes; and
  • continue to effectively monitor and assure the achievement of those outcomes.

The framework is based on four business-focused questions that are at the core of effective governance of IT that every member of a leadership team should have in his or her head. We call these questions, which were originally introduced in The Information Paradox,  the four “ares” .

Are #1 – Are we doing the right things?

This is the strategic question. The first accountability of the CEO is to clearly and regularly communicate what constitutes value for the enterprise and the strategic objectives to which all investments must contribute, against which their performance will be measured. The second, is ensuring, through the initial investment selection process and regular portfolio reviews, that resources are allocated to investments that are both aligned with, and have the greatest potential to contribute to the strategic objectives.

In the case of the bank, while the strategic rationale for the investment was not in question, as the report noted, the bank “was over-estimating its capability to deliver such a complex programme.” Evaluating such risks is a key consideration is assessing any IT investment, especially one that is part of a major transformation. Two key questions are: “Do we understand the extent of change required for this investment to succeed? And is this achievable?” An investment of such complexity and risk had not been successfully undertaken by any UK full-service bank, or, with limited exceptions, any major banks in Europe or North America.

Moreover, the initiative also seems to have been championed by the CIO and when he left the organization in 2008 nobody on the leadership team took up the mantle, and the drive to make the investment a success seemed to have been lost. Although we are going beyond the evidence in the report, we do not think that it is unreasonable to suggest that the investment was considered as a technology programme and not a business change initiative.

Are #2 – Are we doing them the right way?

This is the architecture question. Because this question is usually thought of as relating to technical architecture, it is generally considered by CEOs as a technical issue and the domain of the CIO. Nothing could be further from the truth. What we are advocating here is a broader view of architecture – enterprise architecture – which has both organizational and technology components. The CEO is accountable for ensuring that there is an appropriate enterprise architecture in place.

Key questions here are: “Is our investment in line with our enterprise architecture?” and “Are we leveraging synergies between our investments?” The Kelly report didn’t consider this question, so we cannot comment specifically as to whether adequate consideration was given to the extent of process standardization and the degree of integration across all businesses. However, the observations in the report suggest that, if such consideration had been given, it may have raised a number of flags. As a full service retail bank, that also serves small and medium-sized enterprises, the Co-op provides a variety of products and services (e.g. deposit taking, lending, credit cards and payments) to customers via internet, mobile and branch channels, getting the overall operating model design right is paramount.

Are #3 – Are we getting them done well?

This is the delivery question. Although this is the area where there is a significant body of knowledge, it is the one where the failure of governance continues to result in significant and very visible failures. We continually find that most major transformation initiatives end up being managed as IT projects with responsibility abdicated to the CIO. Key questions here are: “Do we have effective and disciplined delivery and change management processes?” and “Do we have competent and available technical and business resources to deliver the required capabilities, and the organizational changes required to leverage them?”

This is clearly where the investment floundered. As the report states, “the Bank neither had the requisite levels of discipline before the programme began, nor built it during the programme.” Communication and coordination between different parts of the business involved in the programme was weak. Dysfunctional and unconstructive working relationships across these areas did not help matters. There was also a lack of clarity as to responsibilities for deliverables, with interviewees for the report describing “managers managing managers, managing managers.” A Board Sub Committee was supposed to provide closer oversight of the transformation programme, but, as Sir Christopher reported, the figures were neither analyzed in sufficient detail nor with sufficient consistency to give it insight into key drivers of cost escalations. The message consistently given to the board was that it was making satisfactory progress. Programme managers succumbed to communicate matters in a favorable light whenever possible. This obviously has a deeper organizational cultural implication.

Are #4 – Are we getting the benefits?

This is the value question. Surprisingly, this is the question that receives the least attention in most enterprises: few measure or assess whether expected benefits have been delivered. As in the case of the strategic question, this question cannot be delegated to the CIO although, all too often, is. In ensuring that expected benefits are realized and sustained, the CEO is accountable for maximizing value from the portfolio of business change investments. Key questions here are: “Do we have a clear and shared understanding of the expected benefits from the investment?” and “Do we have clear and accepted accountability for realizing the benefits, supported by relevant metrics?” The Kelly Report notes that there was a failure to develop a detailed business case and a complete lack of consistency about the expected benefits across the programme.

 

Addressing the four “ares” is not just something to be done on a one-time basis to secure funding for any proposed investment. Nor can they be addressed in a sequential, or “waterfall,” way. They must all be considered, both individually and collectively, on an on-going basis to ensure that value is realized from investments in IT- enabled change. Boards should ask these questions, and expect that CEOs and/or other executives will be able to answer them – not just at the time of the initial investment decision, and on an on-going basis. CEOs may balk at this, but they need to recognize that in today’s digital economy IT is increasingly embedded in all aspects of their business, and creating and sustaining value from the change that IT both shapes and enables, falls within their realm of accountabilities. The consequences of failing to do so are starkly illustrated by the Co-operative Bank’s crisis.

You can find more about the four “ares” here.

Transforming governance and leadership for the digital economy

The digital economy

DE
The digital economy is not primarily about technology, nor is it just about the economy. Yes, it is being shaped and enabled by increasingly significant and rapid technological change. And, yes, it will have significant economic impact. But it is much more than that. It is part of a broader digital revolution. One in which, as in the case of the industrial revolution, we will see seismic shifts not just in technology, but in the nature of our lives, our work, our enterprises – large and small, public and private, and our societies. A shift that will not just change the nature of products and services, and how they are developed and delivered, but also how we govern and manage our lives, work, enterprises and societies.

Technology is becoming embedded in everything we as individuals, enterprises and societies do, and, indeed, we are increasingly becoming embedded in everything technology does. If we are to deliver on the promise of the digital revolution, we have to acknowledge that the way we have governed and managed IT in the past has proven woefully inadequate, and that continuing on this path will be a huge impediment to delivering on that promise. Governance of IT has been a subject of much discussion over the last two decades. Unfortunately, most of the discussion has focused on the technology, the cost of technology, failed IT projects, and generally questioning the value that technology and the IT function deliver to the enterprise. Despite all this discussion, not much has materially or broadly changed over the last 50 years, including:
• An all too often blind focus on the technology itself, rather than the change – increasingly significant and complex change – that technology both shapes and enables;
• The unwillingness of business leaders to get engaged in, and take ownership of this change – preferring to abdicate their accountability to the IT function;
• Failure to inclusively involve the stakeholders affected by the change, without whose knowledge, understanding and “buy in” failure is pretty much a foregone conclusion;
• A lack of rigour at the front-end of an investment decision, including, what is almost universally a totally ineffective business case process;
• Not actively managing for value; and
• Not managing the journey beyond the initial investment decision.

We still have what is predominately a “culture of delivery” – “build it and they will come”, rather than a “culture of value” – one that focuses on creating and sustaining value from an organization’s investments and assets.

We have been having the wrong conversation – we need to change that conversation!

Governance of “IT”

GovernanceTreating IT governance as something separate from overall enterprise governance, labeling and managing investments in IT-enabled business change as IT projects, and abdicating accountability to the CIO are the root cause of the failure of so many to generate the expected payoff. Business value does not come from technology alone – technology in and of itself is simply a cost. Business value comes from the business change that technology both shapes and enables. Change of which technology is only one part – and increasingly only a small part. Technology only contributes to business value when complementary changes are made to the business – including increasingly complex changes to the organizational culture, the business model, and the operating model, as well as to relationships with customers and suppliers, business processes and work practices, staff skills and competencies, reward systems, organizational structures, physical facilities etc. Ultimately, it is people’s intelligent and innovative use of the information captured, organized, distributed, visualized and communicated by technology that creates and sustains value. This is not a technology issue – it is a business issue.

Much of the discussion around the digital economy today is on improving the customer experience – as indeed it should be, although we have been saying the same for decades with, at best, mixed success. We will come nowhere close to achieving this unless we put equal focus on our people, and rethinking how we govern, manage and organize for the digital economy such that we maximize the return on our information and our people.

Surviving and thriving in the digital economy is not an IT governance issue, it is an enterprise governance issue. Successfully navigating the digital economy requires that we change how we govern, lead and manage our enterprises – including, but certainly not limited to IT.

What needs to change?

ChangeIn work I have been doing with Professor Joe Peppard at the European School of Management and Technology in Berlin, we have identified 8 things that business leaders, starting with the CEO, need to do. These are:
1. Don’t see IT as something separate from your core business – technology today is embedded in, and an integral part of most, if not all parts of your business processes.
2. Don’t focus on the technology alone – focus on the value that can be created and sustained through the business change that technology both shapes and enables.
3. Do recognize that you are ultimately accountable for the overall value created by all business change investments – and ensuring that accountability for the realisation of business benefits anticipated from each investment is appropriately delegated to, and accepted by, other executives and managers.
4. Do demand rigorous analysis of every proposed business change investment, whether or not IT is involved. Ensure that you and your team know and can clearly define expected outcomes, that there is a clear understanding of how value is going to be achieved, that all relevant stakeholders have bought in to the required changes, and that they are capable of making or absorbing them and delivering on the expected outcomes.
5. Do recognize that the business case is the most powerful tool that you have at your disposal to manage business change investments – insist on complete and comprehensive business cases, including desired outcomes, benefits, costs and risks, and clear explanation of how each benefit will be achieved with unambiguously assigned accountabilities, supported by relevant metrics.
6. Do recognize that benefits don’t just happen and rarely happen according to plan – outcomes and plans will change – don’t think business case approval is the end of the story. Mandate that the business case be used as the key operational tool to “manage the journey”, updated to reflect relevant changes, and regularly reviewed.
7. Do know if and when it’s time to stop throwing good money after bad, or when there are better uses for the money and “pull the plug.”
8. If your CIO doesn’t “get” the above points, and hasn’t already been talking to you about them, get one who does and will!

Enterprise governance must evolve beyond a model rooted in a culture of delivery (of technical capabilities) to one based on a culture of value – creating and sustaining value from investments and assets. In the context of IT, this means recognizing that we are no longer dealing with “IT projects”, but with increasingly complex programmes of organizational change.

Leadership

LeadershipThe most important aspect of governance is leadership. Effective governance in the digital economy requires that leaders truly lead – moving beyond tactical leadership to strategic and transformational leadership. Understanding and taking ownership of the organizational, cultural and behavioural change that will be required to succeed in the digital economy – change that starts with the leaders themselves. We also need to get away from the cult of the leader to a culture of pervasive leadership. As Joel Kurtzman says in his book, Common Purpose, leaders need to move beyond the traditional “command and control” model to establishing a ”common purpose” and creating a “feeling of ‘we’ among the members of their group, team or organization”. This will require leaders who can “park”, or at least manage their egos, break down silos, and really engage with and empower all employees – fostering leadership across and at all levels in the organization. It will also require a dynamic, sense and respond approach to enterprise governance – one that is focused on value, while balancing rigour with agility. Only then will the full potential value of IT-enabled change in the digital economy be realized. The technology exists to support this today – what is lacking is the leadership mindset, will and capability make the change.

There is certainly not for a lack of proven value management practices. Since The Information Paradox was published, there has been an ever-growing proliferation of books, frameworks, methods, techniques and tools around the topic. The issue is the lack of serious and sustained adoption of them. The real challenge is one of overcoming the “knowing – doing gap”, as described by Jeffrey Pfeffer and Robert Sutton in their book of the same name. We know what to do, and the knowledge is available on how to do it. Yet, so far, there has simply been little or no appetite for, or commitment to the behavioural change required to get it done, and stick with it. This has to change!

As I said in my previous post, this will not be easy to do – very little involving organization, people and power is. However, the cost in money wasted and, more importantly, benefits and value lost, eroded or destroyed is appalling. It’s way past time to move beyond word to action. For enterprises to survive, let alone thrive in the digital economy, and for the potential individual, community and societal benefits of the digital economy to be realized, the status quo is not an option! To quote General Erik Shinseki, a former Chief of Staff of the US Army, “If you don’t like change, you’re going to like irrelevance even less!“

After all is said and done, there is more said than done!

As I have travelled around the world over the last thirty years or more, speaking to and talking with thousands of people on the topic of realizing benefits, and creating and sustaining business value from our increasingly significant and complex investments in IT-enabled change, I invariably get these three responses:

  1. You’ve given me a lot to think about;
  2. My boss should have been here; and
  3. Why aren’t we doing this?

In response to the third point, although it also encompasses the second, I decided a number of years ago to write a paper titled “Moving beyond Words to Action”, and submit it for inclusion as a chapter in a book around Enterprise Governance of IT which was being put together by a couple of colleagues of mine. In many ways, the paper was somewhat of a rant – a constructive rant, based on more years than I care to count of trying to get organizations to “get it” when it comes to the challenge of realizing the full potential of creating and sustaining value from the use of IT. I circulated the paper among a number of peers, all of whom provided constructive feedback and positive support, then submitted it to my colleagues. The good news was that they liked the paper, and thought it was much needed. The bad news was that, being academics, they were looking for more academic research for the book, and, as this was an opinion piece, they didn’t see it as a fit (although I was actually asked to write the Foreword for the book!). I was very busy at that time, so basically parked the paper and carried on with my “real” work.

However, I found myself continually going back to the paper, and, over the years since, have reworked and included much of its content in various smaller articles, and posts, and the paper in its entirety has also been used by at least one business school.

I am now, with another colleague, considering embarking on writing another book. Although the book will encompass more than that in the paper, much of the thinking behind the paper will be included. Coming off a week in New York, where I yet again heard the “Why aren’t we doing this?” question many times, I feel that this is a good time to just throw the paper out there in the hope that some readers will find it of value, and also that I will get some more feedback as we start moving ahead with the book.

The paper, the subtitle of which is the title of this post, can be found here Working Chapterv2.0 – it ends with a “call to action”, which I have included below:

Finally, if we are indeed to move beyond words, we must place an emphasis on action—on engagement and involvement at every level of the enterprise. One of the key findings presented in The-Knowing Gap is that knowledge is much more likely to be acquired from ‘learning by doing’ than from ‘learning by reading’ or ‘learning by listening’. This strongly suggests that an iterative step journey toward value management will yield, for each individual, a discrete set of opportunities for learning that, taken together across an organisation of people, form the stepping stones toward cultural transformation and the achievement of real and sustainable change. As Sun Tzu says in The Art of War, “Every journey starts with the first step.” I urge you to move beyond words and take that first step – I can’t promise that the journey will be easy, but without it, value from IT investments will remain elusive.

In reading it, do remember that it was written around seven years ago, long before the terms “digital economy”, “cloud”, “big data”, “BYOD”, etc. were in general use. Also, at the end, I discuss ISACA’s Val IT™ Framework, the development of which I led. While the framework has now been absorbed into ISACA’s new COBIT 5™, it is still available, and relevant – probably even more so – to addressing the challenge of realizing benefits from investments in IT-enabled change.

I hope that you get some value from reading the paper, and look forward to receiving your thoughts.

The Digital Economy and the IT Value Standoff

The emerging  digital economy, and the promise and challenges that it brings, including the need to shift focus beyond reducing cost to creating value, are adding fuel to the seemingly never-ending discussion about the role of the IT function, and the CIO.  There is questioning of the very need for and/or name of the position, and the function they lead. Discussions around the need for a CDO, the so-called battle between the CMO and the CIO for the “IT budget”, and other similar topics proliferate ad nauseam. Unfortunately, most, although not all of these discussions appear to be about the technology itself, along with associated budgets power and egos, within a traditional siloed organizational context. This akin to shuffling the deck chairs on the Titanic, or putting lipstick on a pig – it’s way past time for that!  As technology becomes embedded in and across everything we do, and we are increasingly becoming embedded in everything technology does, we have to acknowledge that the way we have managed technology in the past will be a huge impediment to delivering on the promise of the Digital Economy. Indeed, it has proven woefully inadequate to deliver on the promise of technology for decades.

Recent illustrations of this include failed, or significantly challenged healthcare projects in the U.S., Australia, and the U.K.as well as disastrous payroll implementations in Queensland, New Zealand and California (you would really think that we should be able to get payroll right). And this situation is certainly not unique to the public sector, although these tend to be more visible. In the private sector, a large number of organizations continue to experience similar problems, particularly around large, complicated ERP, CRM and Supply Chain systems.

All too often, these situations are described as “IT project” failures. In most cases, while there may have been some technology issues, this is rubbish. As I and others have said many times before, the ubiquitous use of the term “IT project” is a symptom of the root cause of the problem. Labelling and managing investments in IT-enabled business change, as IT projects, and abdicating accountability to the CIO is a root cause of the failure of so many to generate the expected payoff. Business value does not come from technology alone – in fact, technology in and of itself is simply a cost. Business value comes from the business change that technology increasingly shapes and enables. Change of which technology is only one part – and increasingly often only a small part. Technology only contributes to business value when complementary changes are made to the business – including increasingly complex changes to the organizational culture, the business model, and the the operating model, as well as to  relationships with customers and suppliers, business processes and work practices, staff skills and competencies, reward systems, organizational structures, physical facilities etc.

From my many previous rants about our failure to unlock the real value of IT-enabled change, regular visitors to this blog will know that I am particularly hard on non-IT business leaders, starting with Boards and CEOs, for not stepping up to the plate. When it comes to IT, the rest of the business, from the executive leadership down, has expected the IT function to deliver what they ask for, assuming little or no responsibility themselves, until it came time to assign blame when the technology didn’t do what they had hoped for. The business change that IT both shapes and enables must be owned by business leaders, and they must accept accountability, and be held accountable for creating and sustaining business value from that change. This cannot be abdicated to the IT function.

However, having spent quite a lot of time over the last few months speaking with CIOs and other IT managers, it has been brought home to me that some, possibly many of them are just as much at fault. There appear to be a number of different scenarios, including CIOs who:

  1. “Get it” and are already seen as a valued member of the executive team, providing leadership in the emerging digital economy;
  2. “Get it”, but have been unable, and, in some cases,  given up trying to get the rest of the executive team to step up to the plate;
  3.  Sort of “get it”, but don’t know how to have the conversation with the executive team;
  4. May “get it”, but are quite happy to remain  passive “order-takers”; or
  5. Don’t “get it”, still believing that IT is the answer to the world’s problems, and don’t want to “give up control”.

The result, in all too many cases, is a stand-off where the business doesn’t want to take ownership, and the IT function doesn’t know how, or doesn’t want to give up control. As Jonathan Feldman said in a recent InformationWeek post, “..enterprise IT, like government IT, believes in the big lie of total control. The thought process goes: If something lives in our datacenter and it’s supplied by our current suppliers, all will be well…my observation is that the datacenter unions at enterprises want “the cloud” to look exactly like what they have today, factored for infrastructure staff’s convenience, not the rest of the supply chain’s.” Until this standoff is resolved, the “train wrecks” will continue, and we will continue to fail to come anywhere near realizing the full economic, social and individual value that can be delivered from IT-enabled change.

At the root of all this is what I described in an earlier post as The real alignment challenge – a serious mis-alignment between enterprises whose leaders have an ecosystem mindset, and adopt mechanistic solutions to change what are becoming increasingly complex organisms. But it’s also more than this – in a recent strategy+business recent post, Susan Cramm talked about “the inability of large organizations to reshape their values, distribution of power, skills, processes, and jobs”. The sad fact is that, as organizations get bigger, an increasing amount of attention is spent looking inward, playing the “organizational game”, with inadequate attention paid to the organizations raison d’être, their customers, or their employees. As Tom Waterman said, “eventually, time, size and success results in something that doesn’t quite work.” Increasingly today, it results in something that is, or will soon be quite broken.

Most of the focus of the conversation about the digital economy today is on improving the customer experience, as indeed it should be – although we have been saying the same for decades with, at best, mixed success. We will come nowhere close to  achieving that success unless we put equal focus on our people, and rethinking how we govern, manage and organize for the digital economy such that we maximize the return on our information and our people.

This will require that leaders truly lead – moving beyond tactical leadership, aka managing, to strategic and transformational leadership. That we move from a cult of individual leadership – “the leader”, to a culture of pervasive leadership – enabling and truly empowering leadership throughout the organization- putting meaning to that much-abused term “empowerment”. That we break the competitive, hierarchical, siloed view and move to a more collaborative, organic  enterprise-wide view. The technology exists to support this today – what is lacking is the leadership mindset, will and capability make the change. As Ron Ashkenas said in a 2013 HBR blog – “The content of change management is reasonably correct, but the managerial capacity to implement it has been woefully underdeveloped”.

I am not saying that this will be easy easy to do – it isn’t, very little involving organization, people and power is. And somehow, throwing in technology seems to elevate complexity to a new dimension. And we certainly don’t make it any easier with the ever-growing proliferation of books, frameworks, methods, techniques and tools around the topic. Many of which have evolved out of the IT world, and are, as a result, while intellectually correct, often over-engineered and bewilderingly complex to executives and business managers who need to “get this”.

So, let’s get back to the basics – governance is about what decisions need to be made, who gets to make them, how they are made and the supporting management processes, structures, information and tools to ensure that it is effectively implemented, complied with, and is achieving the desired levels of performance. It’s not about process for process sake, analysis paralysis, endless meetings, or stifling bureaucracy – it’s about making better decisions by finding the right balance between intellectual rigour and individual judgement. In a previous post, Back to the Basics – the Four “Ares” I introduced the four questions that should be the foundation for that decision-making:

  1. Are we doing the right things?
  2. Are we doing them the right way?
  3. Are we getting them done well?
  4. Are we getting the benefits?

A common reaction to the four “ares” is that they are common sense. Indeed they are, but, unfortunately, they are far from common practice! if business leadership to move beyond words in addressing the challenge of creating and sustaining value from investments in enterprise computing, social media, mobility, big data and analytics, the cloud etc. emphasis must be placed on action—on engagement and involvement at every level of the enterprise,  with clearly defined structure, roles and accountabilities for all stakeholders related to creating and sustaining value. The four “ares” are a good place to start!

 

A Value-Driven Framework for Change

In an earlier post, The Future of IT, I mentioned the Strategic Governance Framework, introduced in the Afterword of the revised edition of The Information Paradox, and that over the next few months, I would be introducing this framework (which I now refer to as the Strategic Enterprise Governance Framework). Well, it has taken much longer than I had intended, but in this post, one that I must admit is somewhat drier than my usual posts, I introduce the Framework, and briefly describe each of the ten major elements that it comprises. In subsequent posts, I will describe the individual elements, and the relationships between them in greater detail.

Although more than a decade has passed since the The Information Paradox was first published,  the nature of enterprise value—and how to achieve it—continues to be a subject of much discussion. It is clear that the failure to realize business value from investments in IT-enabled change described in the book is a symptom of a wider malaise—one that presents managers with significant new challenges. The fact is, the track record for implementing any major change successfully continues to be  terrible. Although arguably more visible with IT, the same applies to any large-scale investment or change.

One of the root causes for this poor track record is the woeful inadequacy of current governance approaches to manage what is, in most cases, “an uncertain journey to an uncertain destination.” All too often, current practice results in a lack of understanding of the desired outcomes, and the full scope of effort required to realize the outcomes, not knowing what to measure, not surfacing and tracking assumptions, and not sensing and responding to changing circumstances in a timely or well-considered manner.

In the Afterword,  I described how our thinking and practices had evolved beyond the Benefits Realization Approach introduced in the first edition, to a broader strategic governance framework – a framework for overall enterprise governance. Since that time, I have further extended the framework, as illustrated below, from the original seven elements to ten.

The first, and overarching element of the framework is Strategic Governance  – governance being  traditionally defined as the system by which enterprises are directed and controlled and as a set of relationships between a company’s management, its board, its shareholders and its other stakeholders which.  Strategic Governance establishes how direction and control is accomplished within and across the other 9 elements of the framework which I refer to here as “management domains”. This direction and control will have both compliance and performance aspects, both of which must be considered. From a performance standpoint (and to some extent compliance in the case of risk) I add the dimensions of cost, benefit and risk across the Strategic Governance framework to show that these factors have to be taken into consideration when decisions are being taken in or across the management domains.

The nine “management domains” are:

  • Strategy Management – Defining the business…mission, vision, values, principles, desired outcomes and strategic drivers to provide direction and focus for understanding, configuring and managing assets to deliver the greatest value.
  • Asset management – Managing the acquisition, use and disposal of assets to make the most of their service delivery potential and manage the related risks and costs over their entire life (source: Vicnet, State of Victoria, Australia).
  • Architecture Management – Understanding, communicating and managing the fundamental underlying design of the components of the business system, the relationships between them and the manner in which they support the enterprise’s objectives.
  • Programme Management – Managing the delivery of change around business outcomes through a structured grouping of activities (projects) designed to produce clearly identified business results or other end benefits.
  • Portfolio Management –  Managing the evaluation, selection, monitoring and on-going adjustment of a grouping of investment programmes and resulting assets to achieve defined business results while meeting clear risk/reward standards.
  • Project Management –  Managing a group of activities concerned with delivering a defined capability required to achieve business outcomes based upon an agreed schedule and budget.
  • Operations Management – Managing the production of goods and/or services efficiently  – in terms of converting inputs (in the forms of materials, labor, and energy) into outputs (in the form of goods and/or services) using as little resources as needed, and effectively – in terms of meeting customer requirements.
  • Management of Change – A holistic and proactive approach to managing the transition from a current state to a desired state.
  • Performance Management – The definition, collection, analysis and distribution of information relevant to the management of investment programmes and assets so as to maximize their contribution to business outcomes.

While the framework may at first look intimidating, it should not be seen as such. Many, if not all functions within these domains are already being done to a greater or lesser extent in enterprises today, often in many different ways, with little communication between them. It is the management of the critical relationships between these “management domains” which, if managed well, can provide tremendous strategic advantage to enterprises, but which, if not managed well, can have serious, if not catastrophic consequences. If enterprises are to maximize the value from their investments in IT-enabled change, or any form of change, these relationships need to be understood, and managed within a dynamic, “sense and respond” governance framework.

In subsequent posts, I will describe each of these domains, and the critical relationships between them, in greater detail. In the meantime, I encourage you to think about the state of governance in your organization, or in organizations that you are working with, and consider:

  • Are all the management domains included?
  • How completely and effectively are they covered?
  • Are they dealt with holistically, or within silos?
  • How well are the relationships between the management domains, or between the silos covered?
  • How effective is the governance of these domains and relationships in sensing and responding to changes in today’s complex and rapidly changing environment?

Value from IT – There is a Better Way!

I have just returned from a hectic, but very successful couple of weeks in Australia. There I had the opportunity to meet with and talk to many people, including many CXOs, on the topic of “Delivering on the Promise of IT”. Overall, I was encouraged that there is more awareness of the need to do better when it comes to managing IT investments, but discouraged that there is still little awareness of how to do so, and even less appetite to take it on. As always, at the end of many sessions, a frequent reaction was “you have given us a lot to think about.” As I continue to say, we certainly need to think before we act, but thinking cannot be a substitute for action. A couple  of people echoed a comment that my friend Joe Peppard from the Cranfield  School of Management in the UK told me he had had from a senior executive of a European bank – “I didn’t know there was a better way.”

Well, there is a better way! As originally presented close to 15 years ago in The Information Paradox, proven Value Management practices exist, including, but certainly not limited to ISACA’s Val IT™ Framework, including:

  • Portfolio Management – enabling evaluation, prioritization, selection and on-going optimization of the value of IT-enabled investments and resulting assets;
  • Programme Management – enabling clear understanding and definition of the outcomes and scope of IT-enabled change programmes, and effective management of the programmes through to their desired outcomes;
  • Project Management – enabling reliable and cost-effective delivery of the capabilities necessary to achieve the outcomes, including business, process, people, technology, and organizational capabilities; and
  • Benefits Management – the active management of benefits throughout the full life-cycle of an investment decision.

This is illustrated in the figure below.

If enterprises are to successfully adopt and meaningfully use these practices, their leaders will have to change their behaviour. They will need to acknowledge that this is not an IT governance issue, it is an enterprise governance issue. Further, they will have to evolve from an enterprise governance model rooted in a culture of delivery (of technical capabilities) to one based on a culture of value – creating and sustaining value from investments and assets (for more on this, see a recent paper that I wrote with the Benefits Management SIG of the APM in the UK). In the IT context, this means recognizing that we are no longer dealing with “IT projects”, but with increasingly complex programmes of organizational change – change that is often both shaped and enabled by technology, but of which the technology is only a small part.

They should start by focusing on the business case. The business case sows the seeds of success or failure. Most today are woefully inadequate – based on “delusional optimism” and “strategic misrepresentation” (aka lying!), resulting in:

  • limited or no clarity around desired outcomes
  • limited or no understanding of the scope (“depth” and “breadth”) of change required to achieve the outcomes;
  • failure to balance “attractiveness” with “achievability” (including organizational change capacity, project and programme management capabilities); and
  • limited or no relevant metrics (both “lead” and “lag”).

In the context of IT, business cases must be owned by the business, and for any type of investment, used as a living, operational management tool to manage the full life cycle of an investment decision, and supported by the value management practices outlined above.

Again, in the context of IT, as Susan Cramm states in her book, 8 Things We Hate About IT, this will require  a significant  realignment of roles, responsibilities and accountabilities related to IT. There must be a partnership in which:

  • The IT function moves from providing infrastructure to being a broker of services (both internal and external – and increasingly external) while retaining responsibility and accountability related to fiduciary, economies of scale and enabling infrastructure;
  • Business units accept responsibility for defining the requirements for, meaningful use of, and value creation from these services; and
  • The IT function, as a trusted partner, helps the business:
    • Optimize value from existing services;
    • Understand the opportunities for creating and sustaining business value that are both shaped and  enabled by current, new or emerging technologies;
    • Understand the scope of business change required to realize value from those opportunities (including changes to the business model, business processes, people skills and competencies, reward systems, technology, organizational structure, physical facilities, etc.; and
    • Evaluate, prioritize, select and execute those opportunities with the highest potential value such that value is maximized.

The challenge here is not a lack of proven value management practices – it is the “knowing – doing gap”, as described by Jeffrey Pfeffer and Robert Sutton in their book of the same name. We know what to do, and (should know) how to do it. Yet, so far, here has simply been little or no appetite for, or commitment to the behavioural change required to get it done, and stick with it.

The cost in money wasted and, more importantly, benefits and value lost, eroded or destroyed is appalling. It’s way past time to move beyond word to action – the status quo is not an option!

There is a better way!

The Siren Call of Certainty

In Greek mythology, the sirens were three bird-women who lured nearby sailors with their enchanting music and voices to shipwreck on the rocky coast of their island. The term siren call, from which this derives, is described in the Free Dictionary, as “the enticing appeal of something alluring but potentially dangerous”. In today’s increasingly complex and interconnected world, it is the siren call of certainty that is luring many organizations into failures akin to shipwrecks, particularly, although not limited to their increasingly significant investments in IT-enabled change. More accurately, it is their failing to recognize, accept and manage uncertainty, that leads to these wrecks.

Yet again here, what we have is a failure of governance, and of management – a failure that starts with how strategic decisions are made. In a recent McKinsey paper, How CFOs can keep strategic decisions on track, the authors make the point that “When executives contemplate strategic decisions, they often succumb to the same cognitive biases we all have as human beings, such as overconfidence, the confirmation bias, or excessive risk avoidance.” My discussion here covers the first two (excessive risk avoidance essentially being the opposite of these, and equally dangerous). Executives are often so certain about  (overconfident in) what they want to do that others are unwilling to question their certainty or, if they do, they are dismissed as “naysayers” (and quickly learn not to question again) or the executive only chooses to hear those parts of what they say that confirm their certainty (confirmation bias). I must admit that I have probably been guilty of this myself, in language if, hopefully, not intent, when I have told my teams, “I don’t want to hear why we can’t do this, I want to hear how we can do it.” What I really should have added explicitly was “…and then tell me under what conditions it might not work”.

To resist the lure of the siren call, we require an approach to strategic decision-making  that is open to challenge – one in which multiple lenses are brought to bear on the decision, where uncertainties, and points of view contradictory to those of the person making the final decision, be that the CEO or whoever, are discussed, and where individual biases weigh less in the final decision than facts.

I am not suggesting here that uncertainties should prevent investments being approved, if they did we would never do anything. I am saying that they should not be buried or ignored – they must be surfaced, recognized, mitigated where possible, and then monitored and managed throughout the life-cycle of the investment. This means acknowledging that both the expected outcomes of an investment, and the way those outcomes are realized will likely change during the investment life-cycle. It means managing a changing journey to a changing destination. Unfortunately, once again the siren call of certainty also gets in the way of this.

When investments are approved they are usually executed and managed as projects, all too often seen as technology projects (I use the term broadly here). In a 2010 California Management Review article, “Lost Roots: How Project Management Came to Emphasize Control Over Flexibility and Novelty”, authors Sylvain Lenfle and Christoph Loch, discuss the history of Project Management, and suggest that the current approach to Project Management promises, albeit rarely delivers, greater cost and schedule control, but assumes that uncertainty can be limited at the outset.”

The origins of “modern” project management (PM) can be traced to the Manhattan Project, and the techniques developed during the ballistic missile projects. The article states that “the Manhattan and the first ballistic missile projects…did not even remotely correspond to the ‘standard practice’ associated with PM today…they applied a combination of trial-and-error and parallel trials in order to [deal with uncertainty and unforeseen circumstances] and achieve outcomes considered impossible at the outset”. This approach started to change in the early ’60s when the focus gradually changed from ‘performance at all costs’ to one of optimizing the cost/performance ratio. Nothing inherently wrong with that, but along came Robert McNamara who reorganized the planning process in the Department of Defense (DoD) to consolidate two previously separate processes – planning and budgeting. This integration was supported by the Program Planning and Budgeting System (PBS), which emphasized up-front analysis, planning and control of projects. Again, nothing inherently wrong with that, but the system resulted in an emphasis on the complete definition of the system before its development in order to limit uncertainty, and a strict insistence on a phased “waterfall” approach. The assumptions underlying this approach are i) as decisions taken by top management are not up for discussion, the PM focus is on delivery, and ii) rigorous up-front analysis can eliminate and control uncertainty – these underlying assumptions are still very much part of Project Management “culture” today.

Again, I am not saying here that there is no need for sound analysis up-front – quite the contrary, I believe that we need to do much more comprehensive and rigorous up-front analysis. What I am saying is that, no matter how good the up-front analysis is, things will change as you move forward, and there will be unexpected, and sometime unpredictable surprises. We cannot move blindly ahead to the pre-defined solution, not being open to any questioning of the outcome (destination) or approach (journey), and focusing solely on controlling cost and schedule. The history of large projects is littered with wrecks because, yes, there was inadequate diligence up-front, but equally, or even more so, because we failed to understand and manage uncertainty – forging relentlessly on until at some stage, the project was cancelled, or, more often, success was re-defined and victory declared.

The article suggests that “Project Management has confined itself in an ‘order taker niche’ of carrying out tasks given from above…cutting itself off from strategy making…and innovation”. Many organizations, particularly those embracing agile development approaches, do apply a combination of trial-and-error and parallel trials in order to deal with uncertainty and unforeseen circumstances, and to achieve outcomes either considered impossible at the outset, or different from those initially expected. But, as the authors say, “these actions happen outside the discipline of project management…they apply [these approaches] despite their professional PM training.”

The tragedy here, with both strategic decision making, and execution is that we know how to do much better, and resources exist to help us do so. Strategic decision making can be significantly improved by employing Benefits Mapping techniques to ensure clarity of the desired outcomes, define the full scope of effort to achieve those outcomes, surface assumption, risks and uncertainties around their achievement, and provide a road-map for execution, supporting decision making with an effective business case process, and by applying the discipline of Portfolio Management to both proposed and approved investments. The successful execution of investments in the portfolio can be increased by moving beyond the traditional Project Management approach by taking a Program Management view, incorporating all the delivery projects that are both necessary and sufficient to achieve the desired outcomes in comprehensive programs of change. Many of the elements of such an approach were initially discussed in The Information Paradox, and subsequently codified in the Val IT™ 2.0 Framework.

We know the problem, we have the tools to deal with it – what is still missing is the appetite and commitment to do so.