CFOs and controllers are increasingly being called upon to oversee information technology (IT). And that’s posing a bit of a conundrum for some. Indeed, many of those professionals — the ones who have long been valued primarily for their financial proficiency — are being thrust outside their expertise, often finding themselves unsure of how to help IT go from a systems-and-networks role to one that adds significant value.
So how can one become surefooted in unfamiliar territory? Start by asking your chief information officer or IT service providers these eight questions. Not only might they give you a better understanding of the IT side of your organisation, but they can also help IT take a broader role — one of leadership, rather than compliance — in the business.
1 Does the IT department have a clear understanding of the organisation's business strategy and goals?
One fundamental issue in organisations is that IT strategy is primarily a technology strategy, often with loose ties to business strategy (see Figure 1). An organisation’s mission, vision and goals normally drive its business strategy.
Instead, the business strategy should drive the vision for how IT supports the organisation, which then drives IT’s goals and strategies (see Figure 2). When the IT strategy is not well-aligned with the business strategy, there are often two primary causes:
- The business strategy is not well-defined or communicated.
- IT leadership lacks the broader ability to think strategically.
Clearly communicating the business strategy is a challenge for many organisations, so it should not be a given that it’s automatically an IT deficiency.
Sometimes, IT strategy is outdated and needs to be realigned with the current business strategy. When doing this, remember that technology is an enabler and a tool, a means to an end. For example, launching a website isn’t normally the end goal. The organisation may want to provide information, sell a product or enable customer support. These are the business objectives, and a website is a tool that enables these objectives to be achieved. So the IT strategy should focus on identifying the right technologies and practices to help fulfil IT’s role in achieving the organisation’s mission.
However, if there is clarity of the business strategy with other department leaders but a lack of clarity amongst IT leaders, then it may be time to examine the ability of current IT leadership and determine whether training in strategic thinking, or a change in leadership, is needed.
2 What role does information technology play in helping us achieve our goals?
As part of the development of IT strategy, IT’s organizational role must be defined. Ask these questions:
- What is technology’s role in helping to achieve the organisation’s goals?
- How does IT contribute to reaching these goals?
Sometimes IT thinks it plays a larger role than it does. This usually results in frustration for the department, as it is trying to do more than expected — often with a correspondingly lower budget aligned to lower expectations. Conversely, IT may have underestimated its role, and executives may be expecting more. In this case, leaders may not have set clear expectations for IT leadership, and, while IT may think it is fulfilling its role, it is lacking in the eyes of the organisation.
For example, in one company the IT director ran a tight ship, keeping his budget low and the systems running smoothly and efficiently. Yet management was not happy with IT’s performance. Management thought IT should be coming up with innovative ways to use technology to automate more manual tasks and to expand the company’s marketing reach. The IT director thought he was fulfilling his role — managing the technology — when instead the CEO wanted IT to bring innovation and emerging technologies to the company.
The solution will depend on the organisation. Leadership should focus on the role IT is expected to fulfil (the “why”), rather than the technology (the “what and how”). IT is the technology expert and should be provided leeway to advise and guide the organisation down the right technological path. IT leadership should be able to describe in nontechnical terms its strategy for fulfilling its role — the IT strategy.
3 What is the plan to fulfil the information technology team's role?
Once IT expectations have been defined and the organisation’s IT strategy determined, the organisation can evaluate IT-related plans. Because technology is constantly evolving, the IT plan must be periodically reviewed.
At least once a year, ask:
- Are we realising the potential of our current technology investment? Many organisations are not using available functionality in software they own. Neither are they implementing already purchased modules or providing training on existing functionality, which can provide value without large additional cost.
- Where is change needed? This can be lagging change (on-time upgrades or patches) or proactive change (upgrading for new functionality).
- Which new technology enablers can add value? A proactive organisation will monitor emerging technologies and how others in its industry use them. Depending on its desired position, an organisation may schedule initiatives (see the box, “Run-Optimise-Innovate Analysis”, below) in response to new technology.
Twice a year, organisations should ask:
Are the planned initiatives showing progress in delivering the targeted value, or do they need to be reevaluated? New initiatives often are evaluated only upon proposal and upon completion. Their value should be monitored during the project and reassessed if needed.
After completing the IT plan and project portfolio, perform the Run-Optimise-Innovate analysis to verify that the spending plan aligns with the IT investment strategy.
4 Is our information technology investment mapped to business outcomes?
The IT strategy should drive investments in technology and align that spending with desired business outcomes. This raises the question: Should IT be run as a cost centre or as a business?
With the cost-centre model, IT is more utility, and the focus is on controlling cost. This is often more appropriate for organisations where IT is not a strategic differentiator and is not directly involved in the execution of the organisation’s mission. When IT is run as a business, its focus is to provide a return on investment or other strategic value.
“Revenue” can be measured through charge-back or other cost-allocation methods, and the “price” of the service provided by IT can be compared to that of other IT providers to determine cost efficiency and relative cost savings provided by IT. Additionally, when IT supports initiatives that help grow revenue or reduce costs in other departments, it can be credited with part of the value of these initiatives. Focus not only on financial performance but also on value propositions such as risk management, business continuity and achievement of strategic objectives and business outcomes (eg, increased customer satisfaction).
Mapping to business outcomes
Four common business outcomes associated with IT initiatives:
- Improved execution and profitability. This is the most common outcome associated with IT because IT can help automate processes and create efficiencies to reduce cost.
- Increased employee satisfaction. IT often helps employees to have better work/life balance, increases in-company communication and helps to make a process less cumbersome. All of these can help improve morale and reduce turnover.
- Reduced enterprise risk. Whether enabling better workflow management, supporting project management, improving business continuity or increasing the organisation’s security posture, IT initiatives can help reduce risk.
- Increased customer satisfaction. When IT is used to produce a higher-quality product or to ensure quality service, it can lead to higher customer satisfaction, which increases the potential for referrals.
5 Are we managing the risks related to information technology?
Risk assessments are often missing in IT-related discussions. The increasing reliance upon technology for day-to-day operations requires that the assessment of IT-related risk be included in all business plans. IT-related risks should not be discussed solely as technology risks, but rather as business risks: loss of sales, disruption of supply chain, impact to reputation, etc. These can form part of an overall enterprise risk management assessment.
Too often, IT is focused only on minimising risk when instead (as with other risks) IT-related risks should be assessed and mitigated to a level acceptable to the organisation. For example, the acceptable level of risk for a non-mission-critical system, such as the file or print server, may be higher than that of a mission-critical system, such as the e-commerce server.
To aid IT in its understanding of associated business risks, executives and management should help IT understand critical business operations and the implications of a technology-related failure or disruption. Conversely, IT should help executives and management understand the potential for IT-related risks and the options for mitigating those risks.
Information technology plan elements
- Cost. How much and from what budget?
- Benefit. What is the expected value of the project? The financial and non-financial benefits?
- Risk. What are the risks associated with the project? Are assessed or affected risks in accord with the organisation’s risk tolerance?
- Resources. Will the project use internal or external staffing? What are the resource requirements when the project transitions into operations?
- Term and timing. Is the project a short- or long-term solution? What is the project timeline? Is there a deadline to ensure value realisation?
6 Are we realising the potential of our current applications?
Companies often have technology that they didn’t know was available. That’s one reason it is important to look internally to see whether the organisation has maximised value from current applications. An example is an operations supervisor who wanted to do more data analysis and said she wanted to buy business intelligence software she saw advertised. As it turned out, the analysis she wanted could be done using PowerPivot, a simple (and free) Excel add-on.
Often users don’t know the full capabilities of available applications, and sometimes even IT does not know. With the faster rate of change and availability of upgrades for today’s software, sometimes hidden value can be found by simply attending the current demo for a vendor’s software or skimming through the support section of its website. This is especially true with cloud applications because vendors roll out upgrades regularly and upgrade users automatically.
If current applications can’t supply the needed functionality, then external solutions should be considered, although these usually require bigger budgets and more training and may be higher risk. However, when the technology required is not one that IT is familiar with, external expertise could help reduce risk.
When looking at an internal or external solution, ensure that all stakeholders — IT and end users — are involved. IT can provide insight into how the solution would affect the infrastructure or need for data integration with other systems. End users can provide context for needed functionality and business-process support.
7 Are we managing the service level provided to the organisation?
The concept of IT service levels is often discussed when IT is outsourced. It should be an integral part of the discussions between executives, management and IT for all organisations. Even in-house IT is a service provider, and well-defined expectations and objectives should be used to measure performance.
Consider the question: How do you know if IT is performing well or poorly? Without well-defined expectations and service-level objectives (eg, all help desk calls are responded to within one business day), IT itself does not know how it is performing against organisational expectations. Also, different executives and departments may have different expectations of IT.
IT service levels are also tied into the management of IT-related risks from the previous section. A lower risk tolerance for a system generally comes with a higher service-level expectation for that system.
Management also often expects zero downtime, not understanding what it may take to achieve it. IT can manage those expectations by showing management the technology options that may mitigate the risk of downtime and the associated costs of each.
8 Have we properly balanced internal vs. outsourced IT (including cloud computing)?
There are many reasons for and against outsourcing or moving to the cloud. The decision to outsource should be evaluated through several perspectives, including financial, operational, process, risk and strategy. Any of these aspects may provide a driving reason to outsource, or a show-stopper reason not to outsource. For example, the cost savings from moving to a cloud application may be so great that it’s a no-brainer to use the cloud application instead of buying additional servers to house the application. On the other hand, a system related to a business strategy to enter into a new market may be so critical that keeping it in-house outweighs the cost savings of the cloud.
Commodity IT services (email, backups and system patching) are good candidates for outsourcing. Non-core IT functions, those that don’t provide a competitive differentiator, should also be considered for outsourcing. Moving these standard services to an external service also allows IT to focus on internal service and projects.
Another way to look at outsourcing or cloud options is to move anything that is “back of the house” (eg, the data centre or server and network operations) to an IT service provider. Personal touch points such as the help desk, staff training and other user- or customer-centric services should be kept in-house.
Consider the following when evaluating alternatives:
- What is IT’s role and how do its specific functions support fulfilment of that role?
- What is the best use of in-house IT resources?
- What is the proper balance to best achieve the organisation’s business objectives and mission?
As you go through this exercise, remember that IT is biased in this analysis. IT has a tendency to think, “We can do this. Why would we outsource it?” The key question to answer is: How are our IT resources best used, and what tasks are best outsourced?
These questions are designed to facilitate communication between IT and the rest of the organisation. Note that none of the questions is about technology itself, thus the answers and discussions should not be, either.
Donny C. Shimamoto (firstname.lastname@example.org) is the founder and managing director of Intraprise TechKnowlogies LLC, a Hawaii-based CPA firm focused on organisational development and advisory services for the middle market. He helps organisations by bridging accounting and IT to strengthen organisational governance and risk management, improve business processes through IT and increase the effectiveness of decision-making through business intelligence.
Another way to analyse an organisation’s IT investment is to perform a Run-Optimise-Innovate analysis on an organisation’s IT spending. Adapted from international IT research firm Gartner’s Run-Grow-Transform analysis, Run-Optimise-Innovate is defined as follows:
- Run. IT spending that “keeps the lights on”. These are ongoing costs and required maintenance projects that keep the IT infrastructure and related components operating as needed to support the day-to-day operation of the organisation. This spending is normally treated more like a cost with the objective of managing and reducing spending in this area. However, in times of budget cuts, organisations must be wary of cutting too much Run spending as this may introduce the operational risk of the “lights going out”.
- Optimise. Optimise spending is about an organisation getting the most value from its current resources or bringing in additional resources to supplement the way it currently works. Initiatives that seek to improve organisational efficiencies or effectiveness are Optimise initiatives. This spending is normally project-focused and can range from simple application enhancements or a new module implementation, to full-scale new system implementations. It could also be simple process improvement or workflow management initiatives that help reduce the risk of a process failure or provide insight to the flow of work through a process and through the organisation. Optimise initiatives may also look at the flow, availability and quality of information in the organisation and seek to improve any of these aspects. Once an Optimise initiative is completed, its associated resources and ongoing support normally shift and are considered part of the Run spending.
- Innovate. Initiatives that enable new organizational capabilities, allow the organisation to deliver new products or services, or fundamentally change the way the organisation operates are all considered Innovate spending. Often also thought of as “research & development”, “pilot projects” or “proof of concepts”, these initiatives don’t necessarily have to be focused on “bleeding edge” technologies, but rather on determining how best to utilise a particular technology or technique to provide value to the organisation. Innovate initiatives generally transition into Optimise initiatives if their business case is validated.
As with any investment portfolio, an organisation’s investment in Run, Optimise and Innovate initiatives must be balanced and aligned with the organisation’s risk tolerance and the role expected of IT. If an organisation considers itself to be more conservative, we would expect to see a higher ratio of Run to Optimise and Innovate spending. More progressive organisations will have more Optimise spending, and “leading edge” organisations will have more Innovate spending.