The Role of the CIO in Effective IT

Strategic Planning Through Corporate Governance

by Ivory S. Banks

This paper critically examines the CIOs role in effective IT strategic planning within the confines of corporate governance. It will include a brief comparison of previous governance models versus 21st century governance models and how each have impacted and will impact the role of the CIO. It begs the question if there is a one size fits all model or framework that can be applied to an organization to achieve success in strategic planning and business alignment? In addition, the paper will examine why and how two game changing facets of IT that did not exist a decade ago, cloud computing and social media, will fit into the CIOs strategic plan.

Corporate governance, as defined by business C-suite executives, may be developed and executed differently than IT governance, as defined by technical C-suite executives and are seemingly separate efforts. However, best practices CIOs have echoed the notion that the two must be orchestrated as a concerted effort to foster and accomplish the overall strategic objective of a corporation. It is impossible to have strong corporate governance without strong IT governance (Moore, 2009). The technological evolution taking place is reshaping the way organizations align IT and business to the point that IT has become the business. It forces todays CIO to be more agile and forward thinking in his or her strategic planning. We are the survivors of a nearly post-financial apocalyptic era where corporations learned they were not too big to fail. The most profound takeaway from the fall of these corporations, relevant to this topic, is executive leadership is not a silo of people who sit atop the corporate ladder and make decisions which only affect shareholders. The best practices of the CIO also echo the essential common theme that proper IT strategic planning is aligned with the mission of the organization for profitability, sustainability through innovation, and growth. Paradigm shifts in IT have a prolific impact on the corporate structure and consequently the role of the CIO. New technologies such as cloud computing and social media are impacting multiple business functions across organizations like enterprise application management, infrastructure, marketing, and finance to name a few. How can a CIO strategize effectively utilizing his or her resources, knowledge, and the ever-changing trends of information technology? It also begs the question if there is a one size fits all model or framework to achieve success in strategic planning and business alignment? Ironically, any rigidity is strategic planning is actually the opposite of strategic. The CIO -- a technological acrobat Imagine a Cirque de Soleil performer who changes his costume to fit the theme of the show, be it O or Zanadu and each show is a chorographical masterpiece of intricate dances and fantastical acrobatic feats. All of the actors, be it main characters or a supporting cast rely on the precision and timed movement of their peers on stage. There is always a main character in these shows and a storyline that governs how the characters will move, while the musical score captivates and help build the anticipation of the audience. Now, imagine if the lead character in O came dressed as the lead character of Zanadu and the acrobats decided to perform the choreography of Zanadu during the O show. This disorganization would not only cause confusion to the audience, but it would be of catastrophic consequence to the acrobats. The CIO, much like a Cirque de Soleil performer has a role to play and is governed by several themes that drives his or her focus for IT strategic planning. Obviously, the storyline for technology changes rapidly and in order for a CIO to be effective, he or she must be agile and flexible to these changes which are affecting the technological and operational structure of corporations. The days of simply managing a menu of software applications, help desk operations and staff, and equipment maintenance issues are a thing of the past for todays CIO. He or she has to be a technological acrobat when it comes to crafting and implementing IT strategies that will ultimately govern the outcome of the organizations growth, profitability, sustainability, and lest one not forget innovation. The challenge also is to convince senior management to make complementary changes to its process, policies and organizational structure, or in other words, corporate governance (Nevens, 2004). Walking the tightrope

Throughout this study of the different perspectives on IT strategic planning and governance, two diametrically opposed views are common. One group of strategists supports the idea of liberal and decentralized governance of IT or the pancake structure (Schneckenberg, 2009). This idea of a pancake structure allows for a more autonomous employee decision making capability relying on the competence of the individual (Schneckenberg, 2009). Andriole (2012) tends to agree, arguing that organizations need to rethink governance and authority and embrace the growing trend of decentralization and the distribution of computing power. Another group of strategists prefer a stricter approach based on the premise of protecting corporate integrity and rightfully so for the time. In the past, governance of technology was a top-down approach that fostered a hierarchal drive for standardization and centralization and left little room for flexibility (Andriole, 2012). The 1990s technological infrastructure called for standardization and centralization (Andriole, 2012). To be effective, these antiquated methodologies for managing an infrastructure are not conducive to the technology trends of today and are perhaps, no longer best practice for C-level leadership to follow. However, organizations must be careful and to Andrioles (2009) credit, he cites the responsibility of the organization to govern in such a way to ensure the actions of individual employees do not compromise the integrity of the organizations infrastructure. The age of Web 2.0 gives free reign to collaborate and communicate via blogs, wikis, and social media without understanding the technology or the consequences (Schneckenberg, 2009). Imagine such behavior in a corporate infrastructure both internally and externally and one can understand a companys opposition to liberal governance. The former example also serves as evidence of the need for a CIO to be directly involved in the process of helping the organization to understand the technologies that are an advantage to the business. Similarly, Robert Stephens, vice president of Best Buy and founder of Geek Squad, agrees with the viewpoint of providing balance by cultivating a culture of freedom to innovate but within guidelines, also referred to as freedom with fences (Stephens, 2011). He cautions, the role of the CIO is to set the tone for a disciplined, safe and secure environment to be playfully innovative (Stephens, 2011). As the industry provisions and almost demands more flexibility, the conundrum is how does the CIO protect the infrastructure and cultivate an atmosphere of innovation, sustainability, and growth while ensuring ROI (return on investment) to the organizations shareholders? If the everchanging trends of technology are a circus, the CIO is an acrobat, and this paradox of a balance act is his or her tightrope. IT and business a syncing ship The CIO has several key objectives and that is to figure out this strategy, align it to the business, and then be willing to change it. He or she must be as dynamic in approach to planning and implementing as technology is to changing. Rigidity in applying and sticking to any particular business model is the opposite of strategic. It would be oxymoronic to apply a static framework to something so volatile as planning for technology. Can a CIO really plan for technology? In order for a CIO to be effective in strategic planning and proving to his or her business counterparts the validity of IT objectives, the tools used to develop these plans must be just as agile as the business itself. MacKay (2004) agrees that developing strategic direction matters and thus model frameworks should be developed and implemented on the basis of change. For example, MacKays (2004) four box strategy planning model applies different approaches to strategic planning based on predictable environments with stable goals, predictable environments with ambiguous goals, complex environments with stable goals, and complex

environments with unstable and conflicting goals. The flexibility of these models makes sense and the role of the CIO is to figure out which model makes sense for his or her organization. Luftman's (2007) alignment maturity model underscores the need for IT-business alignment to mature along with the growth of the organization. So taking into account Luftmans model, organizations lack maturity in at least one of these criteria of maturation; communications, value, governance, partnership, scope and architecture, and skills (Kempaiah & Luftman, 2007). Costello (2010) takes the Luftman Model a step further by identifying specific steps for the CIO to conjoin IT initiatives with the overall business strategy. Locate the area in the organization where ideas originate, evaluate the influence of the leaders in those areas, identify the approval flow of the ideas, and make the case for how the CIOs goals produce better outcomes for the business (Costello, 2010). He goes on to spell out the steps that identify the CIO as the one with the PR bullhorn for his or her strategic plan. This may be referred to as business maxims (Broadbent, 2004). Business maxims draw on the balance between synergy, autonomy, notwithstanding the strategic plan (Broadbent, 2004). The CIO works to set formal processes, develop skills, and align IT with key business objectives. In parallel, customers, products, process, and services are constantly evolving and therefore so must a companys business (Broadbent, 2004). Corporate maturation is a reality and supports the fact that developing strategy is not an end state but a continuous journey (Broadbent, ???). Here, let it be reiterated that the fundamental basis of successful strategy planning is a concerted effort between technology and business leadership. Significant time and effort needs to be spent developing short and longterm goals for information and technology (Broadbent, 2004). The CIOs job is to maintain a close relationship with business counterparts to gain a concrete understanding of business needs (Costello, 2010) and leverage opportunities for change to evolve the business while meeting those needs. The CIO should not only be allowed to sit at the C-suite table, he or she should be integral member of the board. When it comes to IT within an organization, the CIO to the CEO is much like a U.S. Army general is to the president during war time. He or she is in direct communication with whats going on with the employees internally and how external trends in technology impact their day-to-day operations. It is for this reason that it makes sense for CIOs to provide their perspectives directly to the CEO. CIOs, as members of boards, can bring a strategic view of technology as it relates to specific value-chain areas of high-level governance, finance, accounting, and corporate strategy (Woosley, 2010). It is in this role that the CIO is a visionary. In said vision, the CIO has to recognize when certain technology trends, though seemingly unconventional to the corporate infrastructure, cannot be ignored because of uncertainty. The impact of such trends as social media and cloud computing on corporate governance is inevitable despite skepticism among organizations. You can run but it wouldnt be strategic to hide History has shown time and again that resistance to change in technology ultimately results in the demise of an organization (Hugos, 2011). This examination of IT strategic planning would be remised if it did not speak to specific technologies which are reaching ubiquity in the public domain. A little over a decade ago, cloud computing and social media did not exist when the centralized way of governing corporate infrastructure were paramount. How we look at corporate infrastructure and IT governance is rapidly increasing the complexity of the CIOs role as we transcend into the era of technology democratization and social networking (Moore, 2009). A survey conducted by Ernst & Young found that 60 percent see social

networking and cloud computing as an increased risk to their organization (Granado and Tsantes, 2011). Security concerns have increased over the years with social media because it is exists both inside and outside of corporate firewalls (Andriole, 2012). CEOs, IT strategists, and industry experts are among some who believe social media and cloud computing threaten the fundamentals of governance and consequently corporate infrastructure. Security existed as a concern when e-commerce sites emerged in the late 1990s, early 2000s but imagine what avoiding the change in business would have done for businesses like Amazon, eBay, and the rest of the e-commerce industry. Perhaps they would not exist. The CIO has the daunting yet imperative job of convincing C-level business executives that avoiding integrating new technologies like social media and cloud computing into the strategic plan poses a greater threat to the growth and sustainability of the organization. The most fundamental strategic risk related to social media is not having a strategy (Jacka and Scott, 2011). As the CIO, he or she should use social media as a way to empower the organization to protect and solidify a positive reputation as an industry leader. A complete social media strategy should articulate exactly what is to be accomplished by using this medium, be directly aligned with business objectives, set a time commitment (long or short-term), identify its target audience and appropriate media channels (LinkedIn versus Facebook) and ensure this evolution is properly staffed and funded (Jacka and Scott, 2011). As if the CIO does not have enough on his or her plate, deploying a social media strategy may compound more work and become counterproductive to the organizations mission. Social networking would not be considered a value-chain priority. Therefore, this may be a reason to outsource this evolution as a part of the strategy to focus on core competencies within the organization. Cloud computing introduces another nuance to the role of the CIO in an organization but as a more prolific priority than social media. According to a recent global report about the future role of the CIO, 67 percent see cloud computing as a gateway to other roles in business (Chia, 2011). The study also found that 60 percent believe cloud computing has been an enabler for business strategy and innovation (Chia, 2011). It also presents new challenges as it comes with greater security risks and in turn greater opposition to adoption by C-level executives. However, there is a consensus that cloud computing offer practicality in unlimited computing resources, immediate availability without long-term commitment, and a pay-as-you structure that does not tie an organization to costly equipment investments (Hugos, 2011). Despite these advantages, however, there is still resistance to the adoption of cloud computing out of fear. Relying on the integrity of a public cloud environment to store a companys propriety data creates almost inconsolable apprehension about security risks. The role of the CIO is to present a strategic plan that both consoles and reassures that the benefits of adopting this new technology are greater than the risks it introduces. It would behoove the CIO to help his or her organization understand and engage the concept of cloud computing because, like social media, it enables businesses to stay connected to their clients and add value, especially in area of services (Swamy, 2010). It speaks directly to the CIOs job as a facilitator of business agility. Cloud computing provides such agility by removing some of the restrictive bureaucracy when it comes to creating new business (Hugos, 2011). For example, a company called, Animoto Corporation recently ascertain the services and benefits of Amazons powerful cloud infrastructure. Animoto is an online video slideshow maker which allows customers to create personal movies online (Bisong & Rahman, 2011). When Animoto made the decision to move

its service to the Internet, over the course of three-days, registration increased from 25, 000 to 250, 000 users which caused them to increase their Amazon cloud computers from 24 machines to nearly 5,000 (Bisong & Rahman, 2011). Such a swift turnaround and increase in business would not be possible in a traditional infrastructure. These are the types of examples CIOs have to use in making the case for new technologies into the strategic plan. Introducing the cloud into corporate infrastructure is not just about implementing a new solution because it is popular. Part of the strategy is to know what to implement and why in order to get the most business value. CIOs need to present a case for cloud computing that forces a more critical analysis of its benefits beyond that of costs. Frankly, one can make the case for a lot of business initiatives based on cost. Thus, the CIO should understand the priorities of the organization as it relates to the corporate strategic objectives and goals. The reality is the risks of cloud computing exists because they present a problem to the infrastructure if those risks suddenly become an organizational nightmare. Understandably, organizations are not comfortable with the fact that vendors are not forthcoming with transparency. It is for this reason people like John Pironti, president of an IT consultancy firm, advises his clients to limit their cloud endeavors to commoditized services which dont impact mission-critical systems (Kontzer, 2011). Unisys provides another example that illustrates how CIOs should choose their battles wisely. They should focus on placing the most desired applications in the cloud as opposed to migrating an entire infrastructure, again avoiding a perceived catastrophe of data compromise (Kontzer, 2011). The bottom line is new technologies like social media and cloud computing are ubiquitous and unavoidable. They are gaining momentum as the links of technology that tie business, IT, marketing, and innovation together in a way that prevent them from being mutually exclusive. A strategic plan loses its effectiveness both on the business and IT side if they are not included. The CIOs job is to determine exactly where they fit and for how long will they add business value and contribute to the growth. CONCLUSION If todays corporate climate is any indication, there exists a disconnection between Clevel business executives and C-level technology executives. Much of this misunderstanding of IT in business is based on antiquated rules of thought that it is only there to save money and if not, there is no use. Perhaps we can thank Nicolas Carrs scathing IT doesnt matter article in the Harvard Business Review for this misconception. The fact of the matter is a corporate strategic plan is empty without a comprehensively aligned strategic IT plan to complement it. The role of the CIO is to see to it that said strategic IT plan is as complex and simple, agile and rigid, and as static and dynamic as the business it supports. He or she is an information technology maven that understands how each component of business fits in to the grand scheme of the business and weaves a plan that interconnects them all. Essentially, a CIOs strategic IT plan provisions to leverage new technology trends, cultivate the internal talents of its employees to promote innovation and establish guidelines which coincide with corporate governance.

References Andriole, S.J. (2012). Managing technology in a 2.0. world. IT Professional, (14)1, 50-57. doi: 10.1109/MITP.2012.13 Bisong, A., & Rahman, S. M. (2011, January). An overview of the security concerns in enterprise cloud computing. International Journal of Network Security & Its Applications, 3(1), 30-44. DOI: 10.5121/ijnsa.2011.3103 Broadbent, M. (2004). Wheres the strategy? CIO Insight, 46, 35-36. Retrieved from: http://ezproxy.umuc.edu/login?url=http://search.ebscohost.com/login.aspx?direct=true&d b=bth&AN=15231209&site=eds-live&scope=site Chia, D. (2011, December 5). CIOs priority shifts to business services delivery optimization. The Business Times. Costello, T. (2010). CIO can drive change to a new strategic role. IT Professional, 12(1), 63-64. Retrieved from: http://ezproxy.umuc.edu/login?url=http://search.ebscohost.com/login.aspx?direct=true&d b=iih&AN=48480484&site=eds-live&scope=site Granado, J. & Tsantes, G. (2011). Social media at work. CIOInsight, 115, 16. Retrieved from: http://ezproxy.umuc.edu/login?url=http://search.ebscohost.com/login.aspx?direct=true&d b=bth&AN=58772130&site=eds-live&scope=site Hugos, M. (2011). Cloud computing and the new economics of business. In J. Stenzel (Ed.), CIO best practices: Enabling strategic value with information technology (pp. 99140). Hoboken, NJ: John Wiley & Sons. Jacka, J.M. & Scott, P.R. (2011). The whole worlds talking. Internal Auditor, 68(3), 52-56. Retrieved from: http://ezproxy.umuc.edu/login?url=http://search.ebscohost.com/login.aspx?direct=true&d b=f5h&AN=62830505&site=eds-live&scope=site Kempaiah, R. & Luftman, J. An update on business-IT alignment: A line has been drawn. MIS Quarterly Executive, 6(3), 165-176. Retrieved from: http://tychousa9.umuc.edu/ISAS650/1202/9040/class.nsf/0/ca2ce839839a77e085257974 006823b3/$FILE/Alignment%20readings.pdf Kontzer, T. (2011). GRC in the cloud. CIOInsight, 118, 18-21. Retrieved from:

http://ezproxy.umuc.edu/login?url=http://search.ebscohost.com/login.aspx?direct=true&d b=bth&AN=65156892&site=eds-live&scope=site MacKay, J. (2004). Does strategic planning still fit in the 2000s? Retrieved from Berkeley Consulting website: http://www.berkeleyconsulting.com/strategic/Does%20Strategic%20Planning%20Still%2 0Fit.pdf Moore, S. (2009). Corporate governance and the role of IT. Siliconindia, 12(6), 20-22. Retrieved:http://ezproxy.umuc.edu/login?url=http://search.ebscohost.com/login.aspx?dire ct=true&db=bth&AN=42122484&site=eds-live&scope=site Nevens, T. M. (2004). Whos right about IT priorities? McKinsey Quarterly, 24. Retrieved: http://ezproxy.umuc.edu/login?url=http://search.ebscohost.com/login.aspx?direct=true&d b=bth&AN=14071880&site=eds-live&scope=site Schneckenberg, D. (2009). Web 2.0 and the shift in corporate governance from control to democracy. Knowledge Management Research & Practice 7(3), 234-248. Retrieved: http://ezproxy.umuc.edu/login?url=http://search.ebscohost.com/login.aspx?direct=true&d b=edswss&AN=000282845600006&site=eds-live&scope=site Stephens, R. (2011). Freedom with fences: Robert Stephens discusses CIO leadership and IT innovation. In J. Stenzel (ed.), CIO best practices: Enabling strategic value with information technology (pp. 1-40). Hoboken, NJ: John Wiley & Sons. Swamy, V. (2010). Its the age of seamless and collaborative technology. Siliconindia, 13(4), 4243. Retrieved from: http://ezproxy.umuc.edu/login?url=http://search.ebscohost.com/login.aspx?direct=true&d b=edswss&AN=000282845600006&site=eds-live&scope=site