Duct tape and IT governance
The five years I spent as an IT executive ( after 10 years in IT audit and before 20 years running internal audit departments) had a lasting influence on my thinking about technology and its management.
I have seen a little good and a lot of bad management.
I have seen very few situations where IT led the organization to strategic excellence and operational quality.
I have seen many situations where IT served as a mechanic, liberally applying duct tape to keep the infrastructure operational. The only relationship they had with the seats at the executive table involved making sure they were well oiled. They didn’t even make sure they were a matched set that looked good together!
Consider these situations:
- As a member of the Finance leadership team, I called the senior IT director responsible for supporting the CFO and invited her to an offsite meeting. The purpose of the offsite was to lay out a vision for Finance, including how we would leverage the opportunities presented by new and emerging technology. The IT director said she would prefer that we meet without her, decide what we needed, and let her know. She would implement whatever we selected.
I had to explain to her that we needed her to understand what technology, both new and emerging, was available and what it would allow us to do. But, she again declined. “Just tell me what you want”.
Not only did we not have her at the strategy table, but she demonstrated no interest in leading the organization.
- I joined a company where the corporate IT function was engaged in selecting new corporate-wide ERP and supporting software. The latter would be selected not only for its individual functionality, but its ability to integrate with the ERP and other applications.
When the evaluation project was completed, the corporate CIO obtained the approval of the board. However, the company had set up each geographical region with its own CIO, reporting to the region leaders not the corporate CIO. One by one, they all rejected the corporate selection and opted for different solutions – one for each region.
As a result, duct tape was rolled out to bind the regional systems together to deliver fragile enterprise-wide reporting, both operational and financial.
Total cost far exceeded what a corporate solution would have entailed, and the individual ERPs were augmented by a variety of solutions (several for the same purpose) that had tenuous integration with the ERP and among each other.
- At a conference, during a presentation I was delivering on the need for timely risk and performance information, one attendee said that he liked my vision but it was impossible for his company. When I asked why, he explained that they had a variety of legacy systems cobbled together with string. There was no way they could replace them with new technology without great risk and an extended timeline. So much for agility!
Consider these questions for your organization:
- Does the CIO not only have a seat at the leadership table but occupy it? Is he part of the team that develops strategy and does the company look to leverage technology, with him as visionary, to deliver new services, products, and capabilities to the market?
- Do the CIO and his team have effective control over the technology deployed across the organization? Does he even know what is used to run the business, or are business executives heads as well as their apps ‘in the cloud’? Do they ignore any need to have a consistent technology infrastructure where the needs of the whole take priority to the needs of the individual?
- Does the technology deployed across the organization work together without duct tape? Is it clear that it will continue to do so in the future?
- When multiple solutions are selected, from different vendors and using different technologies (including different cloud platforms and vendors), how do you expect the information security practitioners to protect the organization?
- Does the business trust IT?
Is your CIO a leader or a mechanic?
Leave a Reply
Norman Marks on Governance, Risk Management, and Audit 
The other side of the coin is when the executive team considers IT just another cost center and thus deserving no more funds than necessary. Similar to equipment, only when maintenance expenses grow to large, does management agree to spend on upgrades, new systems etc., but only the smallest amt. necessary to get by.
In these cases, duct tape, bailing wire and chewing gum keep the corporate information plumbing functioning.
Generally the CIO, who probably is a director isn’t part of the executive team; may or may not have the ability to enforce standardization across the organization; has an organization primarily organized on maintenance and support; and probably doesn’t have (or lost) the capacity for an IT vision supporting the growth of the business.
Karl, isn’t that an indication of a major problem? What is its cause? A vision failure by the board and CEO of the ability for technology to enable success? Or the wrong CIO?
Norman, I am in agreement on your last post, but also agree with Karl’s point. There are organizations who view IT as a necessary evil versus a viable business partner. My previous position was exactly as Karl described, i had to claw for funds and resources.
These are a politicial organizational realities potential IT leader must consider before taking the reins at any organization.
IT is mostly viewed by management as a tool to report on and maintain operations. it is not thought of as a way of making the company more efficienct and thereby cost-saving. CIO’s usually get frustrated when management promises new ideas then goes back to the duct tape mode when the bottom line is affected.. The CIO can then either push too hard and get fired, or look for another supposedly more progressive company. Unfortunately, unless management has a good track record with progressive programs even when the bottom line might be affected, IT, Audit, and all other administrative departments fall prey to the “get the product out” mentatility.
If IT is seen as a mechanic, who should do what to get the organization back on track?