Archive
Missing the boat on IT and technology
When you look at surveys of CEOs, such as the ones by PwC in 2014, McKinsey in 2013 and IBM in 2012, they reflect what we should all know: that the innovative use of technology is one of, if not the primary, enabler of business innovation these days. Whether it’s connecting with the customer (as referenced by IBM), obtaining market insights (through analytics including Big Data analytics – see this discussion of a McKinsey report), or simply finding new ways to deliver products and services to customers, technology is a critical driver of business success.
As PwC says:
“CEOs told us they think three big trends will transform their businesses over the next five years. Four-fifths of them identified technological advances such as the digital economy, social media, mobile devices and big data. More than half also pointed to demographical fluctuations and shifts in economic power.”
“The smartest CEOs are concentrating on breakthrough, or game-changing, innovation. They’re explicitly incorporating it in their strategies. And they’re using technology not just to develop new products and services, but also to create new business models, including forging complete solutions by combining related products and services. In fact, they don’t think in terms of products and services so much as outcomes, because they recognise that products and services are simply a means to an end.”
“Breakthrough innovation can help a company rewrite the rules and leapfrog long-established competitors.”
Organizations that fail to leverage new technology are likely to be left behind by customers and competitors. In an ISACA report on Big Data, the point was made that failing to take a risk with new technology is very often a greater risk than any risks created by the new technology.
(Please see these earlier posts on IT Risk and Audit, Deloitte says mid-market companies are using new technology to great advantage, and Digital Transformation.)
Now we get a couple of reports and discussion documents that indicate that companies, executives, and consultants that aim to guide them are all missing the boat!
A new report from McKinsey, IT Under Pressure, says that dissatisfaction with IT’s effectiveness is growing. They start the report with:
“More and more executives are acknowledging the strategic value of IT to their businesses beyond merely cutting costs. But as they focus on and invest in the function’s ability to enable productivity, business efficiency, and product and service innovation, respondents are also homing in on the shortcomings many IT organizations suffer. Among the most substantial challenges are demonstrating effective leadership and finding, developing, and retaining IT talent.”
McKinsey points out that in their survey only 49% felt IT was effective when it came to helping the organization introduce new products and 37% said IT was effective in helping enter new markets.
Even IT executives said that they were failing when it came to driving the use of technology and innovation: just 3% were fully effective and only 10-17% very effective in related areas.
Fully 28% of IT executives and 13% of other executives came clean and said the best way to fix the problem was to fire current IT leadership!
I suggest reading the entire McKinsey piece and considering how it relates to your organization.
Deloitte’s prolific thought leadership team has weighed in with advice for the CFO, who often has IT within his organization. Evaluating IT: A CFO’s perspective starts with some good points:
“Ask finance chiefs about their frustrations with information technology (IT), and you are bound to get an earful. Excessive investments made. Multiple deadlines missed. Little return on investment (ROI) achieved. The list goes on.
“To complicate matters, many CFOs simply do not know if chief information officers (CIOs) are doing a good job. What exactly does a good IT organization look like anyway? How should IT be evaluated? And what are the trouble signs that the enterprise is not prepared for the future from a technology standpoint?”
But then they stray from the need to get IT to drive the effective use of new technology for both strategic and tactical advantage. Instead, they focus on “IT is typically the largest line item in selling, general, and administrative expense.”
This is the attitude, managing cost at the potential expense of the business, which gives CFOs a deservedly bad name!
I will let you read the rest of this paper, but when the first question it suggests for CFOs to use in assessing IT performance is “Have you tested your disaster plan”, I am more prepared to fire the CFO who asks that as his first question than I am to fire the poor CIO who reports to him.
My first question for the CIO is “How are you enabling the organization to innovate and succeed?”
PwC asks some good questions as well:
- What are you doing to become a pioneer of technological innovation?
- Do you have a strategy for the digital age? And the skills to deliver it?
- How are you using ‘digital’ as a means of helping customers achieve the outcomes they desire – rather than treating it as just another channel?
Risk and internal audit professionals should consider whether the risk of missing the technology boat is at an unacceptable level in their organization.
Board members should ask how the leaders of IT are working with the business to understand and use technology for success.
CFOs should worry less about the cost of IT and worry more about the long-term viability and success of the organization if they become barriers to strategic investment.
I welcome your comments.
ISACA releases white paper on Big Data
ISACA has just released a new paper on Big Data that I like and recommend. (Full disclosure: I reviewed and provided feedback on a draft and I am quoted in the press release).
What I like the most is the title: “It May Be Riskier to Ignore Big Data Than Implement It”. It captures my belief that the value that can be obtained by the intelligent and creative use of analytics against the massive data sets that are available to every organization far outweighs both the cost of the effort and any associated risk.
Most organizations recognize that there is value, although in practice that value is usually limited by their ability to define the critical business questions that can be answered by the use of the wonderful new tools available today against Big Data.
They are also limited by their belief that they are constrained by inadequacies in their corporate systems.
My view is that almost any organization, no matter what size or type it is, not only can but should be taking advantage of the immense possibilities. Not to do so indicates that they lack both imagination and resolve.
Internal auditors, information security practitioners, risk professionals, and executives should be blinded to the great values and possibilities by the risks of moving forward.
Here are a few excerpts from the paper:
“New analytics tools and methods are expanding the possibilities for how enterprises can derive value from existing data within their organizations and from freely available external information sources, such as software as a service (SaaS), social media and commercial data sources. While traditional business intelligence has generally targeted “structured data” that can be easily parsed and analyzed, advances in analytics methods now allow examination of more varied data types.”
“Information security, audit and governance professionals should take a holistic approach and understand the business case of big data analytics and the potential technical risk when evaluating the use and deployment of big data analytics in their organizations.”
“For information security, audit and governance professionals, lack of clarity about the business case may stifle organizational success and lead to role and responsibility confusion.”
“By looking at how these analytics techniques are transforming enterprises in real-world scenarios, the value becomes apparent as enterprises start to realize dramatic gains in the efficiency, efficacy and performance of mission-critical business processes.”
“Understanding this business case can help security, audit and governance practitioners in two ways: It helps them to understand the motivation and rationale driving their business partners who want to apply big data analytics techniques within their enterprises, and it helps balance the risk equation so that technical risk and business risk are addressed. Specifically, while some new areas of technical risk may arise as a result of more voluminous and concentrated data, the business consequences of not adopting big data analytics may outweigh the technology risk.”
My friends and former colleagues at SAP have chimed in with an emphasis on the increased value when more sophisticated tools, especially ‘predictive analytics”, are used to mine and produce information from Big Data.
The SAP paper on this topic, “Predicting the future of Predictive Analytics” makes the point well. Here are some wise thoughts from James Fisher, an SAP executive, that focus on the risk of using analytics and Big Data without making sure that the information you are using to run the business is reliable:
“The opportunity of big data is huge, and the biggest analytical opportunity I see within that is the use of predictive analytics. The data shows companies favor taking advantage of the opportunities in front of then rather than minimizing risk. Technology is playing a role here and making predictive capabilities even easier to use, embedding them in business processes, automating model creation. SAP is of course in a position to deliver all this. The added question however to ask (and this is really my view) is that this does introduce an inherent risk that people don’t know what they are looking at and blinding follow what the data says…. When you read a weather forecast you immediately sanity check what it says by looking out the window, is everyone doing the same with data?”
You can read more from James on his blog.
My question to you is this:
Are you so risk averse when it comes to the use of analytics and Big Data that you are a barrier to the success of the organization?
What they don’t know will probably hurt them
It is always interesting to read the various studies that report that directors don’t have an in-depth understanding of their organization’s business, its strategies, and the related risks. In fact, the studies generally report that the level of understanding is insufficient for them to provide effective oversight of management and governance of the organization.
I want to turn this on its head.
If you are the head of risk management, internal audit, information security, or a senior executive, answer this question:
Do you believe that your directors have a sufficient understanding of the reality that is the organization: its culture and politics; the effectiveness of its people, systems and processes; its strategies; and whether risks to the achievement of its objectives and delivery of value to its stakeholders are being managed within acceptable tolerances?
If not, do you have an obligation to help educate the directors? What are you doing about it and is that sufficient?
Now let’s ask another question?
Do you believe that your top executives (including the CEO and CFO) have a sufficient understanding of the reality that is the organization: its culture and politics; the effectiveness of its people, systems and processes; and whether risks to the achievement of its objectives and delivery of value to its stakeholders are being managed within acceptable tolerances?
If not, do you have an obligation to help educate them? What are you doing about it and is that sufficient?
If the directors and/or top executives don’t understand reality the way you do, if their head is in the sand or in a more pungent place, shouldn’t your priority be to help them get their head on straight, pointed in the right direction? If they don’t understand the current state of the organization, shouldn’t the process of informing and educating them be fixed before trying to communicate new areas of concern?
I welcome your views and commentary.
Digital Transformation
I thoroughly enjoyed listening to an MIT Sloan video, “What Digital Transformation Means for Business”. It features executives from Intel, Avis (the president of Zipcar), a researcher into the topic from MIT, and a Capgemini consultant.
It’s about 45 minutes long, so allow yourself some quiet time and have a pad and pencil (or tablet) handy so you can take notes.
I found it inspiring to hear these influential leaders talk about the need for organizations to embrace disruptive technology (they mentioned cloud computing, ultramobile, advanced big data analytics, and social media).
They also emphasized that the risk of NOT embracing the technology of tomorrow, even when they are in the process of implementing the technology of today, is too great. It is critical to continue to watch and consider how the technology that appears on the horizon may affect the ability of the organization to excel.
I loved the story told by the Intel CIO of how she assigns her staff to work within the business to learn it, and then takes them back into IT so they can work on enhancing that business.
You should also listen to how Intel uses gamification to have a better handle on earnings forecasts. It was a great example of how gamification can be used as a technique for understanding and assessing risk. I have written separately about how an organization assessed risks to the success of a major software implementation by creating a stock market game around it. Individuals on the project team from IT and user departments, the consultants they engaged, and others with a stake in its success bought and sold fictional stock in the project. The stock price varied based on demand: when there was optimism, people bought stock and the price rose; when there was pessimism, people sold and the price dropped. The risk assessment considered the stock price and tried to understand why it moved.
Intel and Avis, together with Capgemini, talked about how much time executives were spending on digital transformation. Clearly, these companies (and I join them) expect leaders from the CEO on down to be spending a good amount of time looking at and considering the technology of today and tomorrow and how it can transform their business.
What do you think?
You might also consider this discussion on the battle between IT and the business for control over technology resources.
I close with my greetings to all for a healthy, prosperous, and joyous holiday season and new year.
Norman Marks on Governance, Risk Management, and Audit 