Is the CFO the new

CIO and how does

a CFO prepare?

Ken Matthews B.Eng, GAICD and founder of CIO Advisory

Copyright© 2014 By Ken Matthews. All Rights Reserved.

This book is sold subject to the condition that it shall not, by way of trade or otherwise, be lent, resold, hired out, or otherwise circulated without the publisher’s prior consent except for the inclusion of brief quotations for study or personal use.

This publication is designed to provide accurate and informative information only in regard to the subject matter covered. This publication does not purport to offer any professional advice of any legal or financial or accounting or psychological service and is sold with the understanding that the publisher and author are not engaged in rendering legal, accounting, financial, and psychological or any other professional service and is offered for information purposes only. The author disclaims any personal liability, loss, or risk incurred as a consequence of the use and application, either directly or indirectly, of any advice or information presented herein. If legal, accounting or any other professional advice or assistance is required, the services of a competent professional person should be sought. The reader is solely responsible for his/her own actions.

Published by Technical Author Services Pty Ltd

http://authorservices.org

Is the CFO the new CIO and how does a CFO prepare?

Part 1

Introduction

The relationship between these two executive groups has soured in recent years with many CFOs accusing CIOs of exceeding budget projections, not being aligned with the financial stresses of the company, delivering technology for technology sake, and displaying a general lack of interest in business improvement.

CIOs would say CFOs don’t offer political protection, focus too much on financial systems to the detriment of all other systems, lack vision as everything does not need a payback, and generally ignore CIOs until something goes wrong. The relationship and role of both parties are at an impasse.

Traditionally CIOs and CFOs have been peers although arguably CFOs have better managed boards and executives to the point where the CFO is commonly at the table and the CIO is no longer present. While this might be a generalisation, it remains a fact that CIOs need executive connections to perform their role, and without it, their likelihood of success and job security/satisfaction becomes reduced. This is despite the increasing importance of CIOs and IT services within a business.

There are many reasons for the CIO losing this access, but in summary, IT has historically failed to delight their customers, with most IT projects and perceived to have also failed to meet organisational objectives. IT has failed to deliver on expectations and, in many companies, is still relying on the “Control” or “No” mode.

Add to this the global changes in the way technology is now consumed, the elevated expectation of users who now have access to better technology at home, and the cloud, resulting in the CIO now having lower reporting lines, less autonomy and authority than ten or even five years ago. As a consequence, a new tier of CIOs, who have lower expectations and capabilities than their predecessors are now winning roles to the detriment of the business.

The gap between the level of the CFO and the CIO is therefore widening.

Who will manage this gap? With this growing lack of trust, the lack of access to boards and executives, and the importance of reliable information to CFO job security, the question becomes, is the CFO better suited to take a stronger lead in the area of technology than in the recent past? The answer from an executive standpoint is yes. Unfortunately, many CFOs have little general knowledge of technology and unless they perform the CIO role fulltime, this gap will continue to widen until further dysfunction occurs. To manage this risk, CFOs need to perform two actions namely;

• Improve general knowledge of technology: The CFO does not need to be a technologist but does need to own technology at the table, understand IT governance, business intelligence, the IT supplier community and have enough information to hold technologists accountable.
• Actively manage the widening gap: This must be filled over time by, technologically educated board members, by time-share CIOs (having access to CIOs who are used intermittently) or by CFOs with more formal technology education

The CFO/CIO relationship must be re-invented to meet the new model. Rather than being a new source of friction, this is an opportunity to re-set. While the CIO role may continue diminishing or change further, the CFO must now, more than ever, step in and drive the transformation to this new technological world.

The following is part 1 of preparing the CFO for their new role and this eBook will target a few skills, namely IT governance, the role of the CIO, the role of retained IT, the rebirth of a CIO, and what is the cloud, and how it relates to IT governance.

As society becomes more technologically proficient and younger generations embrace technologies that were unimagined only years ago, it is of some concern that the reputation of internal IT teams, IT compliance, IT service provision and IT general project success has shown to be deteriorating when in fact it should be improving. Recent studies have shown very poor success rates of between 20-25% of IT projects with around 80% of projects failing in some way to satisfy one or more of the goals originally conceived.

It has also been found that two companies can implement the same project with the same supplier and products and, while one can be very successful, the other will fail dismally.

These failures, while sometimes incorrectly publicly attributed to either the CIO, IT, the IT supplier or the IT product, are more likely to be a failure of IT governance, it’s formation, application and practice. The single most important project any company can implement to improve IT project and service success is to institute a rigid IT governance framework to ensure alignment with the goals, purposes and mission of the business. It should be noted, of course, that there is no ‘one size fits all’ IT governance framework for all companies.

There are many definitions of IT Governance, but our definition is;

• The levers and tools that a company has at its disposal to ensure reasoned decision making to ensure IT delivery, compliance and IT service/project success. Most importantly, the company, not IT alone, has an obligation to manage these levers effectively.

IT Governance dictates how decisions are made, who is involved in the decision making process, the role of the IT team, the role of the CIO, how reporting will occur, how audits are conducted and what success looks like. Traditionally and for all the wrong reasons IT has been left to make some or all of these decisions - regardless that IT is not now, and has never been, qualified to make these decisions.

It should be pointed out that historically IT and IT governance has a shorter history than other areas of business governance. This leads to the fact that despite the CIO and the IT teams best efforts to deliver, in the absence of any support from the wider business, failure can still be inherent in the IT governance used (failure can be predicted in the first three months of a project). Some contributing factors are:

• Boards that are time poor and already over committed, do not always appreciate the potential importance of IT, or the project’s success and therefore tend to have little interest in providing direction. Further, they typically have scars from earlier IT failures, and it is therefore understandable, given IT’s general failure to impress, that Boards will take this position. While boards will traditionally get external advice for legal, financial and HR matters, they rarely ask for external advice or even ask questions concerning IT matters.
• Executives who have accountability for the project’s success, failures and risks, are not actively or even partially involved with the project.

If a business lacks leadership and fails to provide business decisions, IT may attempt to fill those gaps of business leadership and facilitating business decisions in an attempt to do its job with disastrous results. IT can find itself constantly dragging uninterested boards and executives into discussions on topics that, although critical to the wider company strategy, are outside of IT’s responsibility.

It is a common response of boards and executives to attribute the failure of an IT project to the CIO, the IT team, the IT supplier or the chosen IT product. However, in reality, these factors generally do not equate to success or failure.

What will determine success is the establishment of an IT governance framework with the Board and the Executive actively engaged and asking the right questions: ‘do we have the right IT and business capability?’, ‘do we have the right CIO?’, ‘is now the right time to implement this project?’

TIP: IT Governance is an active responsibility of the board and the executive

It is important when considering IT project success to ignore the traditional way of working with IT and consider success from a different perspective. To do this we must consider IT success in two distinct areas, namely Phase 1 (Board and the Executives) and Phase 2 (IT). The analogy being that IT is your homebuilder and the business must be the active architect. You don’t leave your builder with the decisions of room colour or number of bedrooms.

Phase 1 focuses on the role of the Board, CEO, and the Executives including the CIO and in practise all these stakeholders must be active and aligned, to drive IT success. 

• The board should understand their IT risk profile (especially which risk decisions are theirs and which are normally not formally delegated).
• They should demand access to independent IT advisors.
• They should be fully appraised of and approve a projects governance plan before they consider approving the project.
• They should have some understanding of IT and some IT skills within the board. This would also include the costs, risks and time involved and the return on capital of the skills employed either internal or external. The audit committee are not in a position to consider generic consultants reviewing a project plan as any indication of probable project success, and they must understand the true cost of IT project failure (which is much higher than the cost of the project).
• The executives must own and understand all IT decisions, they must dedicate a significant amount of time to IT success, and they must own the risks of the project (as they are responsible to the board) and must chair the steering group with 100% interested and educated executives.

Tip: Every technology decision should be made by the business

As we know business decisions need to be made by the business, and a growing trend is the creation of a new role called the ‘business owner’. This role makes decisions about how the business will work (IT simply reflect these decisions in the systems they build). These roles are critical and must be filled with strong-minded staff that have a good understanding of the business and its objectives. As this role gets experience working with and learning about all areas of the business, it is possibly a role that could be filled by a internal resource who has been identified as high potential. Some authors call this new suite of roles Business IT, deliberately outside IT and responsible for how the company works and ensuring IT blindly delivers that. This loss of autonomy in IT has been driven by IT’s historical inability to impress.

The IT team (separate from the CIO who we consider to be in the executive area) is subservient to the company and all other roles in this hierarchy. The IT team should appreciate they are not core to the company and must see the business as their customer. Ironically although this team has to be subordinate in the decision making process, it is the only area that can advise the business as to what is possible and what is not in terms of application and practices.

The following checklist represents some of these thoughts, and good governance includes favourable answers to these questions.

Phase 1 checklist

1. Does the board have IT skills or access to independent IT advisors?
2. Will the board hold the CEO accountable for this projects success?
3. Has the board demanded a rigid governance plan, project transparency and regular reports?
4. Has the CEO established a steering group with interested, engaged and educated leaders?
5. Are all levels of the company involved, supportive and communicated with?
6. Are all projects owned and led by the business having success described in terms of measurable business outcomes, are all executive’s bonuses linked to these outcomes?
7. Do you have an experienced and well-connected CIO (with the business and the supplier community)?
8. Do we have the right partners and products based on our industry?
9. Does the business know their obligations? Do they drive process design, and do they know they are designing how their departments will operate (Business IT)?

Tip: If you fail this checklist, do not continue until you are able to satisfy the checklist criteria

Phase 2 focuses on the role of IT and its suppliers.

As earlier discussed, companies spend a disproportionate amount of time choosing the supplier and the package. Realistically most major IT suppliers can implement a well thought through and governed project.

TIP: If well managed, any major supplier can implement a well thought out technology strategy.

Additionally, for mature technologies, as long as the package being implemented is in the top one or two in their market segment then it will work. Companies should be more appropriately concerned about access to support, what their competitors are doing, return on capital, or whether this project is adding complexity to the business.

It is often true that many companies complain about IT suppliers and package providers over promising and under delivering and with good reason. Many companies also complain about their IT teams lacking focus, getting easily distracted, getting caught up in the politics of the business, not demonstrating the capabilities necessary, resigning before the company works out the project is in trouble etc.

TIP: Suppliers over promising, and IT not having the capabilities are predictable and therefore should not be a reason for failure.

It is important to do your due diligence while being realistic about what is possible, and commit most of your time on your IT governance framework. This checklist represents some of these thoughts, and good governance includes favourable answers to these questions.

Phase 2 checklist

1. Do the IT Managers have the right IT skills and experience?
2. Does the IT team have the capability or should we outsource our risk?
3. Has IT delivered a rigid governance plan and regular reporting?
4. Does IT integrate well with other areas of the business?
5. Are IT religiously aligned (that is, are they pushing a solution before the business has identified their needs or problems)?
6. What does the business think of IT? How does it perceive it and is there a willingness to work with the IT team?
7. Does the IT team work as one team?
8. Is the package you are using one of the top few in your market segment, efficient and cost effective?
9. Is your supplier experienced in these projects and do they have an independent path to the executive?
10. Is your business on side with the package choice and the supplier choice?
11. Is there a common and agreed understanding of roles, responsibilities and accountabilities

Tip: If you fail this checklist, do not continue until you are able to satisfy the checklist criteria

The old model of delivering IT has been failing for many years and now is time to rise above personalities and current complexities and do what will be difficult to achieve, change our IT delivery models to deliver 80% of IT successfully. IT Governance is your path to achieve this.

Remember, the biggest IT success factors are outside IT in the business. Boards and Executives must resolve to improve their skills and drive IT success. Don’t let IT lead business IT projects and ensure you have a good experienced CIO (not the guy who happens to be there).

Finally If it smells like a dead fish, it probably is, and that is the time to take action by bringing it up to date and doing a complete review of your IT Governance, application and practices.

The role of CIO has emerged from the old data processing days and has cycled through being a core role to business, to not being understood by business, being asked to “police” the business and is now hoping to be the business change agent. More importantly, while it is recognised that a small percentage of CIOs are able to transform your business, the bigger question is whether you trust your CIO to transform your business? The feedback we consistently receive is no.

• The technology CIO: The old CIO was a technologist and has long since been discarded. Any CIOs stuck in this role have been bypassed by the industry and are dinosaurs. This era was defined by trying to control the IT environment and in using acronyms to confuse our customers.
• The business CIO: We are currently in the cycle of the business CIO, a general management role that happens to have a technology portfolio. The modern CIO can be from any background, but will have exceptional leadership, and stakeholder skills. This era was defined by being aligned.
• The digital CIO: We are in the middle of the transition to the digital CIO, one who transforms or disrupts the business using technology, changes the Customer’s experience, and creates customer loyalty through technology. This role partially exists today but with a history of technology failure behind us, who will take up this critical role in a company? The CMO or the CIO? This era is defined as being disruptive.

An experienced, connected, and visionary CIO is a vital necessity to any business but sadly, many CIOs in the market are not performing as CIOs and therefore incapable of transforming a business. Our experience leads us to estimate that less than 15% of people with the title are true CIOs. Possibly due to the fact that while it is an easy sales tool to attract junior IT staff into your companies by calling them CIOs, the gap is widening between the new breed of junior CIOs and what a business actually needs in terms of IT strategy, management, experience and transformational/disruptive abilities.

Yes, a junior CIO may be able to deliver your operational needs, but are they capable of playing the high level roles of executives and general strategy, transforming and educating boards? It seems not, as there is a distinct market trend where organisations are now recruiting both a junior CIO to a price point or lower-ranking role along with engaging a real CIO to play a part time CIO role for less than 20 days a year.

Before you recruit a CIO, consider your needs. In most cases we see companies recruiting the best CIO who is available. If no forethought is made of the type of CIO you need, you are prone to fail. Some considerations:

• Do I need someone to keep the ‘lights on’ or do I want someone who will partner with the business for change?
• Will the business allow the success of this individual?
• Will I logically empower this CIO to do the role we think we need?
• Are we open to new ways of working?
• Do we need to be challenged and if so, is that my view or the boards/executives?
• Have we truly learned from the failure of the previous CIO?

TIP: In most organisations we survey, we find well meaning, educated but disconnected and unaligned CIOs. As the CFO you must replace the CIO with one that is right for your business and its aspirations

TIP: Don’t fall into the trap of recruiting to a price point for a CIO. Don’t recruit someone who just happens to be available, and if you know there is a strategy gap between the candidate and the true needs of the company, define the solution to this before the CIO starts (i.e. time share CIO)