- Email: [email protected]
Maximizing return on technology investments (2)
Maximizing return on technology investments (2) Mario Micallef
he main concern of IT executives is the alignment of the IT function with their business operations - Computer Science Corp. (CSC), El Segundo, California (Software Magazine, February 1994). Top management commitment is important for successful alignment, which is heavily reliant on:
ml l
l
ness as a strategic weapon. Business and information strategy alignment is fundamental to the achievement of effective management of IT. Four areas are seen as major inputs to the alignment of business and information strategies, in the following order (Broadbent & Samson 1990):
Strong relationship between business planning and IT planning; and the role of the Chief Information Officer (CIO).
Strong relationship between business planning and ITplanning The stronger the link between an organization’s alignment of business and IT strategies, the higher the likelihood that IT investment returns will be maximized. Because of IT’s pervasive nature, the investment decision process must consider new SWOTs (Strengths, Weaknesses, Opportunities and Threats) introduced by IT, and specifically efficiency and effective-
Strategy Formation Processes; Organizational Infrastructure; Information Services Strategy; and Technology Strategy. The distinction between information and technology and information strategy as opposed to IT strategy is vital. “There is a great deal of confusion surrounding the use of terms such
Computer
.
Audit Update l March 1996 :Q 1996, Elsevier Science Ltd. u
as ‘information’, ‘information technology’, and ‘information systems’. ‘Information technology’ is usually focused on ‘technology’ at the expense of ‘information”’ (Collin Nick 1995). The alignment process must determine what information is needed, how it is captured and stored, and the way it flows throughout the organization. It is important to consider nonelectronic information, including internal and external telephone communications, and information on competitors (e.g. the media). The following prerequisites were identified by Broadbent & Samson (1990) for business and information strategy alignment:
Organizational structures which match the organization’s strategic orientations; Organizational decision processes which match quirements of strategic tions;
making the reorienta-
Consideration of information strategies by executive and business management; Organizational arrangements for information services which match the organizational infrastructure of the firm; Resource commitment towards meeting management commitment needs; Interaction between IT management;
business
and
Programs to develop or renew the information and information technology understandings of business managers; and Programs to develop skills and business managers. Clarity and consistency strategic orientation;
of a firm’s
Agreement amongst executive management with regard to the strategic orientation of the firm; Experience planning; Business strategic
in firm wide
strategic
unit participation planning process;
Strategic planning processes have a longer time frame; Planning which focuses and strategic issues;
in the which
on critical
High participation in strategic planning throughout the organization; Strategic planning framework which outlines responsibilities and accountabilities; Agreement amongst executives the organization’s SWOTs
H 0
Computer Audit Update l March 0 1996, Elsevier Science Ltd.
1996
of
the business focus of IT
The above highlights the sign& cance of factoring IT requirements in business strategic development. IT requirements need to be realistically costed, prioritized and checked for consistency and compatibility across the organization. This will provide the basis to develop IT architectures throughout the organization, which is critical for sharing of data and processes. While business units should be given the autonomy to develop systems to support their requirements, as far as possible these should be developed in line with the organization’s standards (both hardware and software).
The role of the CIO Top management commitment for business and IT strategy alignment means that they must be committed
to pay top dollar to secure the best CIO that their money can buy. According to a CSC research the CIO was recognized as the key to successful alignment. The following are perceived as imperative for an effective CIO - Software Magazine, February 1994: The CIO must have “credibility, leadership and integrity....otherwise you’re wasting time” - Bill Friel, EVP, Prudential Securities, Roseland, N.J;
ment’s expectations and perceptions of IT are aligned with those of the CIO. It is impossible to expect top management commitment if the CIO believes that IT is a critical component to business strategies and executive management perceive IT as a cost to do business. *
Managing User Expectations As technology is becoming more
pervasive, end users know or think they know more about technology than ever before. Because technology is employed more and more by end users, the role of the central IT unit is changing. Software vendors are having more access to end users and senior executive management, promising them glitzy solutions as a panacea for all their problems. The CEO is led to believe that they can click on an icon and voila all the problems are gone. This is not to say that software package solutions should not be evaluated, but the IT department and internal audit should be involved. The hype and expectations generated by software vendors’ road shows need to be tempered. Often when you strip away the glitzy outside covers, these solutions fall short of user expectations. Dealing with these expectations can be the toughest part of a CIO’s job demanding a fair
The CIO must be both business oriented and conversant with technology; The CIO must have access to senior management and business plans i.e. part of the ‘inner circle’; The CIO must be involved in business planning. “You can’t play in the game if you’re not involved in the business planning process. If you’re not involved, the firm needs a change in IT leadership” - Bill Friel; The CIO must talk the language of line business management and not the technocrat - e.g. the business issue may be pricing for competition, and not a LAN/WANsolution; The CIO must have a vision of where he/she plans to position IT within the organization to support business strategies and communicate this with senior management; and The CIO must be in touch with IT developments in the industry and “find out what’s going on in the business community” (Jack Thompson, retired CIO of McCormick & Co., Sparks, Md.), and bring new ideas to their organization.
amount of his/her time and resources to educate senior management. Internal audit should also be used in these educational exercises.
In addition, CIOs have to manage the following challenges in their pursuit of alignment: l
Aligning the Views of the CIO and Executive Management -
Business and IT strategy alignment is only feasible if executive manage-
l
The Shift to Service and Customer Oriented Culture - Like the rest of the marketplace the CIO has to
Computer
Audit Update l March 1996 0 1996, Elsevier Science Ltd.
present a customer oriented focus, where the organization’s users are the customers. The CIO’s customer relationship managers should develop the marketing nous and service focus applied by outside vendors. The CIO may have to go out and recruit them if the expectation gap is too wide. The CIO should have a better understanding of user expectations and requirements, but unless the user community believes that it can deliver better solutions than outsiders, the IT department would lose out to outsourcing.
which options are best suited in the circumstances, and apply them. Among the leading problems of CIOs are the demands of reengineering to bring MIS and business processes into alignment. A key concern of many CIOs is the conversion of legacy systems to client server architecture - Computing Canada, May 1994.
Business Process Reengineering and IT Business Process Reengineering (BPR) is so powerful that unless it is factored into business process redesign prior to designing system solutions, only marginal returns will be delivered. Because of its radical nature and focus on wholesale changes, BPR needs commitment at the highest level within organizations.
Training of Business Users and IT Staff Understanding the organization’s operations is vital for alignment. For example, at Pepsico, IT staff learn about Kentucky Fried Chicken restaurants, ride a Pepsi Cola truck, and work in a Pizza Hut restaurant to learn more about the various business ventures of Pepsico. However, a survey conducted by CSC demonstrated that the number of firms with a formal IT orientation program are few and far between.
BPR is increasingly being recognized as a significant driver to achieve measurable and sustainable performance gains. It was first introduced in management literature during the early 1990s (Hammer 1990; Davenport & Short 1990; Butler Cox Foundation 1991). While BPR draws on techniques like Activity Value Analysis or Core Process Redesign, these disciplines were focused on incremental change. BPR focuses on radical change, largely nonincremental, delivering rapid payback for time and money invested.
The CIO has a number of options to leverage business and IT alignment opportunities, including strategic planning, operational planning, business process reengineering, IT Steering Committees and internal audit. These issues are covered in the remaining sections of this serialization. While it is critical for organizations to establish guidelines for aligning IT with business strategies, every company’s culture is different. In addition, as an organization’s business direction and needs change, the CIO has to determine
BPR is also significantly different from Total Quality Management (TQM). They are different in motivation, objective, technique, result and business circumstances where they are applied (Gulden & Reck 1992). TQM programs relying on steady incremental gains, take years to complete, while a successful BPR program can deliver results within 12 to 18 months.
l
Computer Audit Update 0 1996, Elsevier Science
l
March Ltd.
1996
Another BPR characteristic is its strong correlation with enabling technologies. Technology advancements
have delivered a wide range of new platforms which are more flexible and affordable. BPR provides an avenue of regaining control over apparently unmanageable business processes (Teng, Kettinger, Guha 1992). Focusing on critical business objectives, BPR analyses workflows, eliminates nonessential processes, and then resorts to the power of IT to streamline operations. ‘The radical retooling of business process begins when information technology meets the big idea” DeJarnett (1992). Hammer (1990) declared that redesign targets should “‘Forget 10% and 20% be bold process improvement. Go for doubling productivity with only half your resources. ”
reengineering push, Ford Motor Company are still struggling to maintain profitability (Hammer & Champy 1993). Reasons given for these failures include (Butler C 1993): Failure to follow through on “frrst flush” successes by implementing continuous improvement programs as a standard operating procedure. Failure to align change programs with overall business objectives. Failure to gain support of senior management. Sabotage, intended or otherwise. BPR is not a casual and easy undertaking and will only succeed in firms which exhibit vision, willpower and a comprehensive approach to change (Butler C 1993). A generic BPR model follows five basic steps, as follows: Establish Change Imperative Identifying which processes are candidates for reengineering and gain top management’s commitment, which is critical to a full scale reengineering project.
Realization of significant BPR achievements are well documented, (e.g. Ford Motor Company, Progressive Insurance, Baxter Health Care and AT&T) with up to 80% productivity gains and staff cuts (Krass 1991). Citibank/Citicorp targeted its credit and loans processes for redesign to improve customer service and minimize processing time. Results after just two years were significant - 760% increase in profit centre earnings; annual savings of US$ll million in processing loan applications; more customers (Thompson 1992). However, the risk associated with BPR is relatively high and it should not be approached as a “quick fur” solution. BPR “can involve changes to job organizational structure design, (and culture) and management systems. It is disruptive and affects everything people have grown used to” (Hammer 1990). As many as 70% of BPR efforts fail and in spite of their
Develop Business Vision and Process Objectives - Development of a vision and conceptual design for each of the identified processes. Redesign Processes - Understanding of existing processes; identification of critical and/or bottleneck processes; identification of IT levers. Build Solution - This will involve building all of the people, technology and infrastructure components necessary to realize the redesign. Implement Solution of benefits.
Realization
An effective IT steering committee IT Steering Committees are increasingly assuming a more proactive central coordination role in the
Computer
Audit Update l March 1996 8 1996, Elsevier Science Ltd.
prioritisation and sponsorship of major IT projects. However, “direct Board representation for IT, although increasing, remains comparatively rare” (Kimber Jeremy 1994). Considerable controversy exists in the audit community with regard to the structure and roles of the IT Steering Committee and its relationship to Internal Audit. Some will argue that they are not empowered by their Audit Charter to review or comment on business and IT strategies. In a highly competitive environment, the corporate philosophy may elect to establish strategic direction at executive level behind closed doors. Others will contend that Internal Audit could lose or compromise its independence from close involvement. This serialization following topics:
will cover the
Why have an IT Steering Committee? IT Steering Committees and the IT Auditor. Prerequisites to an effective Steering Committee.
IT
Although the topics raised in this serialization relate to IT projects, the issues are also very relevant to non IT projects.
Increased IT effectiveness and quality; Better IT function decision making;
planning and
Encourage interdepartmental munication; Ensures proper ment;
control
com-
environ-
Compliance with regulatory guidelines; and Personnel development.
Segregation of duties and balance of power Prioritization and sponsorship of major IT projects needs to be centrally coordinated. IT decisions have to reflect the interests of an organization as a whole. Individual negotiations have to be eliminated. Back doors must be closed so that powerful and politically correct executives cannot push their own agenda, which is not consistent with corporate needs. The CIO and the IT department (even if centralized) should not have carte blanche over information technology decisions because underlying issues are complex and technical. As seen earlier, the user community needs to become educated about information technology to the extent that they can intelligently contribute to the decision making process relative to the IT their user departments use. IT Steering Committees provide the framework for a fairer and more democratic decision making process. All opposing views are represented and considered.
Why have an IT steering committee? The benefits of a well structured and positioned IT Steering Committee are as follows: l
q A
Segregation of duties and balance of power;
Computer Audit Update l March 0 1996, Elsevier Science Ltd.
1996
Increased IT effectiveness and quality Properly structured and implemented IT Steering Committees are an integral part of Business and IT strategy alignment, BPR, Total Quality Management
(TQM), continuous improvement processes and world best practices. Improved IT leads to improved decision making and customer service,which is the key to strategically position organizations in highly competitive and dynamic markets of the 1990s. Overall independent scrutiny can lead to cost reductions and operational efficiencies. IT Steering committees are also consistent with the TQM principle of participative decision making. User departments become more involved, to an appropriate level, in IT. This involvement will give user departments a feeling of ownership of the IT systems. Users are more likely to get user friendly systems that meet user department needs.
Better ITfinction planning and decision making More cohesive IT strategies should result from the use of IT Steering Committees. When properly structured and implemented, IT Steering Committees should pave the way to eliminate incompatible systems throughout the organization that cannot talk to each other. Less resources should be wasted on inappropriate technologies. The collective wisdom of committee members should also temper the temptation to use unproven technologies. Quantitative risk rating analysis of the proposed IT project should be undertaken to assess the associated probability of failure. On the other hand, the IT Steering Committee is an appropriate forum to recognize and discuss the impact of emerging technologies and concepts. In a highly competitive and dynamic market, the window of opportunity available to organizations is increasingly becoming shorter. The committee will add value by ensuring that the organization is in control of the delicate balance between being the leader and follower in IT development.
The IT Steering Committee has to be aware of emerging needs. For example, increased down time trends could indicate the need for additional budgeting for preventative maintenance or that more reliable technology may be needed. The organization can also reduce waste from projects that are started but never implemented.
Encourage interdepartmental communication IT Steering Committees should encourage interdepartmental communication, essential to foster cooperation. trust and mutual support across user departments throughout the organization. The benefits include: Leverage opportunities - i.e. consolidation of projects for improved efficiencies; Learning from past experiences i.e. mistakes and bad practices are not repeated; and Consolidation of commonly used data and processes - i.e. avoid fragmentation and duplication of data and processes.
Ensures proper environment
control
By approving corporate IT policies, the IT Steering Committee helps ensure a proper control environment. The committee’s involvement with the systems
Computer
Audit Update l March 1996 10 1996, Elsevier Science Ltd.
development methodology helps ensure its consistent application and cooperation from all participants in development projects. The committee should also consider Internal Audit report findings to ensure that control issues receive appropriate priorities. Unless audit issues are included in the priority setting process, they often will not be addressed. There is always an abundant list of urgent income generating business requirements which will be given priority over audit issues, potentially with significant bottom line impact.
Compliance with regulatory guidelines
the organization. Otherwise, through fear of incompetence, proacto
tive involvement is avoided, laissezfaire attitudes will result and the internal auditor focus will default to an after the fact second guessing. 0 Mario MicaIlef, 1996
IT Steering Committees also ensure compliance with regulatory guidelines - e.g. Companies Code, Banking Act, Reserve Bank, Federal and State Statutory requirements, interbank agreements, industry standards and codes of conduct.
)
Personnel
Aschauer D.A., “Is Public Expenditure Productive?“, Journal of Monetary Economics, 1989. Baatz E.B., Altered Stats, CIO, October 1994.
References development
IT Steering Committee participants learn valuable lessons in how to make decisions that affect the organization as a whole. Involvement in IT Steering Committees helps Internal Audit to gain better understanding of big picture decision making throughout the organization. This presence helps Internal Audit to plan and if necessary seek additional budgets to upgrade and train resources accordingly. Leverage opportunities of joint training, or perhaps piggy-back on training scheduled for the IT department, should also be exploited. Development of Internal Audit personnel is critical both for job enrichment of the individual members and from a departmental perspective, to maintain the value added contribution
Computer Audit Update l March 0 1996, Elsevier Science Ltd.
1996
Baroudi J.J. and Orlikowski W.J., “A Short Form Measure of User Information Satisfaction: A Psychometric Evaluation and Notes on Use”, Journal of MZS, 1988. Bender D., “Financial Impact of Information Processing”, Journal of MLF, Vol 3, No. 2, 1986. Broadbent Marianne & Samson Danny, Zmproving the Alignment of Business and Znformation Strategies, The Graduate School of Management, University of Melbourne, November 1990. Broadbent Marianne % Weill Peter, Developing Business and Information Strategy Alignment: A Study in the Banking Industry, The Graduate School of Management, University of Melbourne, September 1991. Butler Carey, The Role of Information Tecbnolo&y in Business Process Redisign: Observations from the Literature, The Graduate School of Management, University of Melbourne, December 1993. Butler Cox Foundation, “The Role of Information Technology in Transforming the Business”, BCF Research Report No. 79, London, 1991. Capuder L.F.Sr., How IS Steering Committees contribute to a Proper Control Environment, Auerbach Publications, 1994.
Collin Nick, “Getting Value For Money From IT Investments by Rethinking the Management of Information and Technology”, Computer Audit Updute, February 1995. Computer Science Corp., El Segundo, C~f@ofornia Softwure Magazine, February 1994. Computing Canada, May 1994. Cron W. and Sobol M., “The Relationship between Computerization and Performance: A Strategy for Maximizing Benefits of Computerization”, Information AndManagement, Vo16, 1983. Davenport Thomas & Short James, “The New Industrial Engineering: Information Technology and Business Process Redisign”. Sloan Munrlgement Review 1990. DeJarnett L.R., “What is Hot, What the Hot is Not!“, Informatio?L Strategy, 1992.
Systems”, Accounting Organizations and Society. 1983. McKay D.T. & Brockway D.W., Building IT Infrastructure for the 1990~~ Nolan Norton & Company, 1989. Osterman P., “The impact of Computers on the Environment of Clerks and Managers”. Industrial and Labour Relations Review, 1986. PIMS Program, Management Productit@ and Information Technoloa, The Strategic Planning Institute. Cambridge, Mass, 1984. Porter and Millar, “How Information Gives You Competitive Advantage”, Harvard Business Review, July August 1985. Raymond L., “Organization Characteristics and MIS Success in the Context of Small Business”, ‘lU Quarter@, March 1985.
Diamond Sid, “Giving Business an IT Alignment”, Software ;Magazine, February 1994. Ginzberk M.A., “Key Recurrent Issues in the Implementation Process”, i%USQuarterly. I98 1.
Roach Stephen S., “Technology and the Service Sector: The Hidden Competitive Challenge”, Technology Forecasting and Social Change. December 1988.
Gulden Gary & Reck Robert, “Combining Quality and Reengineering Efforts for Process Excellence”, 1992. Hammer Michael, “Keengineering Work: Don’t Automate, Obliterate”, Harzlczrd Business Ret,iezv 1990. Hammer Michael & Champy James, Reengineering the Corporution: A Manifesto for Business Revolution, New York, Harper Business Press, 1993. Ives & Learmonth, “The Information System as a Competitive Weapon”, Communications of the ACM, December 1984. Ives B. & Olsen M.H., “User Involvement in MIS Success: A Review of Research”, Management Science, 1984.
Roach Stephen S., “Pitfalls on the ‘New’ Assembly Line: Can Services Learn from Manufdcturing?“, Economic Perspectives, Morgan Stanley and Co., New York, December 1989. Shrisvastava P., & Grant J.H., “Empiricall) Derived Models of Strategic Decision-m,aking Process”, Strutegic Management Journal. 1985.
Ives B., Olson M.H. & Baroudi J.J., “Measuring IJser Information Satisfaction: A Method and Critique”, Communications of the ACM, 1983. Kerr Monta, “Tough Times for CIOs”, Computing Canada, hlq’ 1994. “If You Think Information is Kimber Jeremy, Expensive Try Ignorance”. The Treasurer, December 1994. Krass Peter, “Building a Better Mousetrap: Whal Role do MIS Executives Play in Business ReengiWeek, No. 313, neering Projects?“, Information March 1991. Kwon T.H. & Zmud R.W., “Unifying the Fragmented Models of Information Systems Implemen@stems tation”. Critical Issues in Information Research, Wiley, 1987. Lamont Warren Gorham, Hour IS Steering Committees Contribute to a Proper Control Environment, Auerbach Publishers Inc., 1994. The I&y to Lucas H.C. Jr., Implementation: Successful Informatio12 Systems, Columbia I’niversity Press: New York, 1981. Markus M.L., Power, Politics and MIS Implementation, Communications @the ACM, 1983. Markus M.L., Implementation Politics: Top Management Support and User Involvement, 1981. Markus M.L. & Pfieffer J., “Power and the Design and Implementation of Accounting and Control
Strassmann Paul, The Business Value ff Con?puters, New Canaan, CT: The Information Economics Press, 1990. Teng J.T.C., Kettinger WJ, Guha S., “Business Process Redesign and Information Architecture: Establishing the iMissing Links”, Proceedings of the Thirteenth International Conference on Information Systems, Dallas, Texas, December 1992. Thompson D., ReorganizingMIS: The Ezlolution of Business Computing in the 1990s. Carmel. IA: SAMS Publishing, 1992. Turner J., Organizational Performance, Size and The iJse of Data Processing Resources, Nem, York University, Centre for Research in Information Systems, Working Paper #is, 1985. Turner J. and Lucas H.C. Jr., “Developing Strategic Information Systems”, Handbook q/ Business Strutegy, Chapter 21. Warren. Gorham and Lamont. Boston 1985. Venkatraman N., “IT-Induced Business Reconfiguration Infrasrtuctures: The Corporation of the 199Os”, Information Technology and Orga>tizcrtional Transformation, Oxford ITnirrrsity Press. 1991. Weill Peter, The Role and Value of Information Technology Infrastructure: Some Empirical 06 servations, The Graduate School of Management, IJniversity of Melbourne, July 1992. Weill Peter, “The Relationship Between Investment in Information Technology and Firm Performance”: A Study of the Vulve Munufactzrring Sector, The Graduate School of Management. University of Melbourne, July 1992. Weill Peter & Olson Margrethe, Managing Investing in Information Technology: .Mini Case Examples and Implications, The Graduate School of Management, Univrrsiry of Melbourne, March 1989.
Computer
Audit f;
Update
l
1996, Elsevier
March
Science
1996
Ltd.
he main concern of IT executives is the alignment of the IT function with their business operations - Computer Science Corp. (CSC), El Segundo, California (Software Magazine, February 1994). Top management commitment is important for successful alignment, which is heavily reliant on:
ml l
l
ness as a strategic weapon. Business and information strategy alignment is fundamental to the achievement of effective management of IT. Four areas are seen as major inputs to the alignment of business and information strategies, in the following order (Broadbent & Samson 1990):
Strong relationship between business planning and IT planning; and the role of the Chief Information Officer (CIO).
Strong relationship between business planning and ITplanning The stronger the link between an organization’s alignment of business and IT strategies, the higher the likelihood that IT investment returns will be maximized. Because of IT’s pervasive nature, the investment decision process must consider new SWOTs (Strengths, Weaknesses, Opportunities and Threats) introduced by IT, and specifically efficiency and effective-
Strategy Formation Processes; Organizational Infrastructure; Information Services Strategy; and Technology Strategy. The distinction between information and technology and information strategy as opposed to IT strategy is vital. “There is a great deal of confusion surrounding the use of terms such
Computer
.
Audit Update l March 1996 :Q 1996, Elsevier Science Ltd. u
as ‘information’, ‘information technology’, and ‘information systems’. ‘Information technology’ is usually focused on ‘technology’ at the expense of ‘information”’ (Collin Nick 1995). The alignment process must determine what information is needed, how it is captured and stored, and the way it flows throughout the organization. It is important to consider nonelectronic information, including internal and external telephone communications, and information on competitors (e.g. the media). The following prerequisites were identified by Broadbent & Samson (1990) for business and information strategy alignment:
Organizational structures which match the organization’s strategic orientations; Organizational decision processes which match quirements of strategic tions;
making the reorienta-
Consideration of information strategies by executive and business management; Organizational arrangements for information services which match the organizational infrastructure of the firm; Resource commitment towards meeting management commitment needs; Interaction between IT management;
business
and
Programs to develop or renew the information and information technology understandings of business managers; and Programs to develop skills and business managers. Clarity and consistency strategic orientation;
of a firm’s
Agreement amongst executive management with regard to the strategic orientation of the firm; Experience planning; Business strategic
in firm wide
strategic
unit participation planning process;
Strategic planning processes have a longer time frame; Planning which focuses and strategic issues;
in the which
on critical
High participation in strategic planning throughout the organization; Strategic planning framework which outlines responsibilities and accountabilities; Agreement amongst executives the organization’s SWOTs
H 0
Computer Audit Update l March 0 1996, Elsevier Science Ltd.
1996
of
the business focus of IT
The above highlights the sign& cance of factoring IT requirements in business strategic development. IT requirements need to be realistically costed, prioritized and checked for consistency and compatibility across the organization. This will provide the basis to develop IT architectures throughout the organization, which is critical for sharing of data and processes. While business units should be given the autonomy to develop systems to support their requirements, as far as possible these should be developed in line with the organization’s standards (both hardware and software).
The role of the CIO Top management commitment for business and IT strategy alignment means that they must be committed
to pay top dollar to secure the best CIO that their money can buy. According to a CSC research the CIO was recognized as the key to successful alignment. The following are perceived as imperative for an effective CIO - Software Magazine, February 1994: The CIO must have “credibility, leadership and integrity....otherwise you’re wasting time” - Bill Friel, EVP, Prudential Securities, Roseland, N.J;
ment’s expectations and perceptions of IT are aligned with those of the CIO. It is impossible to expect top management commitment if the CIO believes that IT is a critical component to business strategies and executive management perceive IT as a cost to do business. *
Managing User Expectations As technology is becoming more
pervasive, end users know or think they know more about technology than ever before. Because technology is employed more and more by end users, the role of the central IT unit is changing. Software vendors are having more access to end users and senior executive management, promising them glitzy solutions as a panacea for all their problems. The CEO is led to believe that they can click on an icon and voila all the problems are gone. This is not to say that software package solutions should not be evaluated, but the IT department and internal audit should be involved. The hype and expectations generated by software vendors’ road shows need to be tempered. Often when you strip away the glitzy outside covers, these solutions fall short of user expectations. Dealing with these expectations can be the toughest part of a CIO’s job demanding a fair
The CIO must be both business oriented and conversant with technology; The CIO must have access to senior management and business plans i.e. part of the ‘inner circle’; The CIO must be involved in business planning. “You can’t play in the game if you’re not involved in the business planning process. If you’re not involved, the firm needs a change in IT leadership” - Bill Friel; The CIO must talk the language of line business management and not the technocrat - e.g. the business issue may be pricing for competition, and not a LAN/WANsolution; The CIO must have a vision of where he/she plans to position IT within the organization to support business strategies and communicate this with senior management; and The CIO must be in touch with IT developments in the industry and “find out what’s going on in the business community” (Jack Thompson, retired CIO of McCormick & Co., Sparks, Md.), and bring new ideas to their organization.
amount of his/her time and resources to educate senior management. Internal audit should also be used in these educational exercises.
In addition, CIOs have to manage the following challenges in their pursuit of alignment: l
Aligning the Views of the CIO and Executive Management -
Business and IT strategy alignment is only feasible if executive manage-
l
The Shift to Service and Customer Oriented Culture - Like the rest of the marketplace the CIO has to
Computer
Audit Update l March 1996 0 1996, Elsevier Science Ltd.
present a customer oriented focus, where the organization’s users are the customers. The CIO’s customer relationship managers should develop the marketing nous and service focus applied by outside vendors. The CIO may have to go out and recruit them if the expectation gap is too wide. The CIO should have a better understanding of user expectations and requirements, but unless the user community believes that it can deliver better solutions than outsiders, the IT department would lose out to outsourcing.
which options are best suited in the circumstances, and apply them. Among the leading problems of CIOs are the demands of reengineering to bring MIS and business processes into alignment. A key concern of many CIOs is the conversion of legacy systems to client server architecture - Computing Canada, May 1994.
Business Process Reengineering and IT Business Process Reengineering (BPR) is so powerful that unless it is factored into business process redesign prior to designing system solutions, only marginal returns will be delivered. Because of its radical nature and focus on wholesale changes, BPR needs commitment at the highest level within organizations.
Training of Business Users and IT Staff Understanding the organization’s operations is vital for alignment. For example, at Pepsico, IT staff learn about Kentucky Fried Chicken restaurants, ride a Pepsi Cola truck, and work in a Pizza Hut restaurant to learn more about the various business ventures of Pepsico. However, a survey conducted by CSC demonstrated that the number of firms with a formal IT orientation program are few and far between.
BPR is increasingly being recognized as a significant driver to achieve measurable and sustainable performance gains. It was first introduced in management literature during the early 1990s (Hammer 1990; Davenport & Short 1990; Butler Cox Foundation 1991). While BPR draws on techniques like Activity Value Analysis or Core Process Redesign, these disciplines were focused on incremental change. BPR focuses on radical change, largely nonincremental, delivering rapid payback for time and money invested.
The CIO has a number of options to leverage business and IT alignment opportunities, including strategic planning, operational planning, business process reengineering, IT Steering Committees and internal audit. These issues are covered in the remaining sections of this serialization. While it is critical for organizations to establish guidelines for aligning IT with business strategies, every company’s culture is different. In addition, as an organization’s business direction and needs change, the CIO has to determine
BPR is also significantly different from Total Quality Management (TQM). They are different in motivation, objective, technique, result and business circumstances where they are applied (Gulden & Reck 1992). TQM programs relying on steady incremental gains, take years to complete, while a successful BPR program can deliver results within 12 to 18 months.
l
Computer Audit Update 0 1996, Elsevier Science
l
March Ltd.
1996
Another BPR characteristic is its strong correlation with enabling technologies. Technology advancements
have delivered a wide range of new platforms which are more flexible and affordable. BPR provides an avenue of regaining control over apparently unmanageable business processes (Teng, Kettinger, Guha 1992). Focusing on critical business objectives, BPR analyses workflows, eliminates nonessential processes, and then resorts to the power of IT to streamline operations. ‘The radical retooling of business process begins when information technology meets the big idea” DeJarnett (1992). Hammer (1990) declared that redesign targets should “‘Forget 10% and 20% be bold process improvement. Go for doubling productivity with only half your resources. ”
reengineering push, Ford Motor Company are still struggling to maintain profitability (Hammer & Champy 1993). Reasons given for these failures include (Butler C 1993): Failure to follow through on “frrst flush” successes by implementing continuous improvement programs as a standard operating procedure. Failure to align change programs with overall business objectives. Failure to gain support of senior management. Sabotage, intended or otherwise. BPR is not a casual and easy undertaking and will only succeed in firms which exhibit vision, willpower and a comprehensive approach to change (Butler C 1993). A generic BPR model follows five basic steps, as follows: Establish Change Imperative Identifying which processes are candidates for reengineering and gain top management’s commitment, which is critical to a full scale reengineering project.
Realization of significant BPR achievements are well documented, (e.g. Ford Motor Company, Progressive Insurance, Baxter Health Care and AT&T) with up to 80% productivity gains and staff cuts (Krass 1991). Citibank/Citicorp targeted its credit and loans processes for redesign to improve customer service and minimize processing time. Results after just two years were significant - 760% increase in profit centre earnings; annual savings of US$ll million in processing loan applications; more customers (Thompson 1992). However, the risk associated with BPR is relatively high and it should not be approached as a “quick fur” solution. BPR “can involve changes to job organizational structure design, (and culture) and management systems. It is disruptive and affects everything people have grown used to” (Hammer 1990). As many as 70% of BPR efforts fail and in spite of their
Develop Business Vision and Process Objectives - Development of a vision and conceptual design for each of the identified processes. Redesign Processes - Understanding of existing processes; identification of critical and/or bottleneck processes; identification of IT levers. Build Solution - This will involve building all of the people, technology and infrastructure components necessary to realize the redesign. Implement Solution of benefits.
Realization
An effective IT steering committee IT Steering Committees are increasingly assuming a more proactive central coordination role in the
Computer
Audit Update l March 1996 8 1996, Elsevier Science Ltd.
prioritisation and sponsorship of major IT projects. However, “direct Board representation for IT, although increasing, remains comparatively rare” (Kimber Jeremy 1994). Considerable controversy exists in the audit community with regard to the structure and roles of the IT Steering Committee and its relationship to Internal Audit. Some will argue that they are not empowered by their Audit Charter to review or comment on business and IT strategies. In a highly competitive environment, the corporate philosophy may elect to establish strategic direction at executive level behind closed doors. Others will contend that Internal Audit could lose or compromise its independence from close involvement. This serialization following topics:
will cover the
Why have an IT Steering Committee? IT Steering Committees and the IT Auditor. Prerequisites to an effective Steering Committee.
IT
Although the topics raised in this serialization relate to IT projects, the issues are also very relevant to non IT projects.
Increased IT effectiveness and quality; Better IT function decision making;
planning and
Encourage interdepartmental munication; Ensures proper ment;
control
com-
environ-
Compliance with regulatory guidelines; and Personnel development.
Segregation of duties and balance of power Prioritization and sponsorship of major IT projects needs to be centrally coordinated. IT decisions have to reflect the interests of an organization as a whole. Individual negotiations have to be eliminated. Back doors must be closed so that powerful and politically correct executives cannot push their own agenda, which is not consistent with corporate needs. The CIO and the IT department (even if centralized) should not have carte blanche over information technology decisions because underlying issues are complex and technical. As seen earlier, the user community needs to become educated about information technology to the extent that they can intelligently contribute to the decision making process relative to the IT their user departments use. IT Steering Committees provide the framework for a fairer and more democratic decision making process. All opposing views are represented and considered.
Why have an IT steering committee? The benefits of a well structured and positioned IT Steering Committee are as follows: l
q A
Segregation of duties and balance of power;
Computer Audit Update l March 0 1996, Elsevier Science Ltd.
1996
Increased IT effectiveness and quality Properly structured and implemented IT Steering Committees are an integral part of Business and IT strategy alignment, BPR, Total Quality Management
(TQM), continuous improvement processes and world best practices. Improved IT leads to improved decision making and customer service,which is the key to strategically position organizations in highly competitive and dynamic markets of the 1990s. Overall independent scrutiny can lead to cost reductions and operational efficiencies. IT Steering committees are also consistent with the TQM principle of participative decision making. User departments become more involved, to an appropriate level, in IT. This involvement will give user departments a feeling of ownership of the IT systems. Users are more likely to get user friendly systems that meet user department needs.
Better ITfinction planning and decision making More cohesive IT strategies should result from the use of IT Steering Committees. When properly structured and implemented, IT Steering Committees should pave the way to eliminate incompatible systems throughout the organization that cannot talk to each other. Less resources should be wasted on inappropriate technologies. The collective wisdom of committee members should also temper the temptation to use unproven technologies. Quantitative risk rating analysis of the proposed IT project should be undertaken to assess the associated probability of failure. On the other hand, the IT Steering Committee is an appropriate forum to recognize and discuss the impact of emerging technologies and concepts. In a highly competitive and dynamic market, the window of opportunity available to organizations is increasingly becoming shorter. The committee will add value by ensuring that the organization is in control of the delicate balance between being the leader and follower in IT development.
The IT Steering Committee has to be aware of emerging needs. For example, increased down time trends could indicate the need for additional budgeting for preventative maintenance or that more reliable technology may be needed. The organization can also reduce waste from projects that are started but never implemented.
Encourage interdepartmental communication IT Steering Committees should encourage interdepartmental communication, essential to foster cooperation. trust and mutual support across user departments throughout the organization. The benefits include: Leverage opportunities - i.e. consolidation of projects for improved efficiencies; Learning from past experiences i.e. mistakes and bad practices are not repeated; and Consolidation of commonly used data and processes - i.e. avoid fragmentation and duplication of data and processes.
Ensures proper environment
control
By approving corporate IT policies, the IT Steering Committee helps ensure a proper control environment. The committee’s involvement with the systems
Computer
Audit Update l March 1996 10 1996, Elsevier Science Ltd.
development methodology helps ensure its consistent application and cooperation from all participants in development projects. The committee should also consider Internal Audit report findings to ensure that control issues receive appropriate priorities. Unless audit issues are included in the priority setting process, they often will not be addressed. There is always an abundant list of urgent income generating business requirements which will be given priority over audit issues, potentially with significant bottom line impact.
Compliance with regulatory guidelines
the organization. Otherwise, through fear of incompetence, proacto
tive involvement is avoided, laissezfaire attitudes will result and the internal auditor focus will default to an after the fact second guessing. 0 Mario MicaIlef, 1996
IT Steering Committees also ensure compliance with regulatory guidelines - e.g. Companies Code, Banking Act, Reserve Bank, Federal and State Statutory requirements, interbank agreements, industry standards and codes of conduct.
)
Personnel
Aschauer D.A., “Is Public Expenditure Productive?“, Journal of Monetary Economics, 1989. Baatz E.B., Altered Stats, CIO, October 1994.
References development
IT Steering Committee participants learn valuable lessons in how to make decisions that affect the organization as a whole. Involvement in IT Steering Committees helps Internal Audit to gain better understanding of big picture decision making throughout the organization. This presence helps Internal Audit to plan and if necessary seek additional budgets to upgrade and train resources accordingly. Leverage opportunities of joint training, or perhaps piggy-back on training scheduled for the IT department, should also be exploited. Development of Internal Audit personnel is critical both for job enrichment of the individual members and from a departmental perspective, to maintain the value added contribution
Computer Audit Update l March 0 1996, Elsevier Science Ltd.
1996
Baroudi J.J. and Orlikowski W.J., “A Short Form Measure of User Information Satisfaction: A Psychometric Evaluation and Notes on Use”, Journal of MZS, 1988. Bender D., “Financial Impact of Information Processing”, Journal of MLF, Vol 3, No. 2, 1986. Broadbent Marianne & Samson Danny, Zmproving the Alignment of Business and Znformation Strategies, The Graduate School of Management, University of Melbourne, November 1990. Broadbent Marianne % Weill Peter, Developing Business and Information Strategy Alignment: A Study in the Banking Industry, The Graduate School of Management, University of Melbourne, September 1991. Butler Carey, The Role of Information Tecbnolo&y in Business Process Redisign: Observations from the Literature, The Graduate School of Management, University of Melbourne, December 1993. Butler Cox Foundation, “The Role of Information Technology in Transforming the Business”, BCF Research Report No. 79, London, 1991. Capuder L.F.Sr., How IS Steering Committees contribute to a Proper Control Environment, Auerbach Publications, 1994.
Collin Nick, “Getting Value For Money From IT Investments by Rethinking the Management of Information and Technology”, Computer Audit Updute, February 1995. Computer Science Corp., El Segundo, C~f@ofornia Softwure Magazine, February 1994. Computing Canada, May 1994. Cron W. and Sobol M., “The Relationship between Computerization and Performance: A Strategy for Maximizing Benefits of Computerization”, Information AndManagement, Vo16, 1983. Davenport Thomas & Short James, “The New Industrial Engineering: Information Technology and Business Process Redisign”. Sloan Munrlgement Review 1990. DeJarnett L.R., “What is Hot, What the Hot is Not!“, Informatio?L Strategy, 1992.
Systems”, Accounting Organizations and Society. 1983. McKay D.T. & Brockway D.W., Building IT Infrastructure for the 1990~~ Nolan Norton & Company, 1989. Osterman P., “The impact of Computers on the Environment of Clerks and Managers”. Industrial and Labour Relations Review, 1986. PIMS Program, Management Productit@ and Information Technoloa, The Strategic Planning Institute. Cambridge, Mass, 1984. Porter and Millar, “How Information Gives You Competitive Advantage”, Harvard Business Review, July August 1985. Raymond L., “Organization Characteristics and MIS Success in the Context of Small Business”, ‘lU Quarter@, March 1985.
Diamond Sid, “Giving Business an IT Alignment”, Software ;Magazine, February 1994. Ginzberk M.A., “Key Recurrent Issues in the Implementation Process”, i%USQuarterly. I98 1.
Roach Stephen S., “Technology and the Service Sector: The Hidden Competitive Challenge”, Technology Forecasting and Social Change. December 1988.
Gulden Gary & Reck Robert, “Combining Quality and Reengineering Efforts for Process Excellence”, 1992. Hammer Michael, “Keengineering Work: Don’t Automate, Obliterate”, Harzlczrd Business Ret,iezv 1990. Hammer Michael & Champy James, Reengineering the Corporution: A Manifesto for Business Revolution, New York, Harper Business Press, 1993. Ives & Learmonth, “The Information System as a Competitive Weapon”, Communications of the ACM, December 1984. Ives B. & Olsen M.H., “User Involvement in MIS Success: A Review of Research”, Management Science, 1984.
Roach Stephen S., “Pitfalls on the ‘New’ Assembly Line: Can Services Learn from Manufdcturing?“, Economic Perspectives, Morgan Stanley and Co., New York, December 1989. Shrisvastava P., & Grant J.H., “Empiricall) Derived Models of Strategic Decision-m,aking Process”, Strutegic Management Journal. 1985.
Ives B., Olson M.H. & Baroudi J.J., “Measuring IJser Information Satisfaction: A Method and Critique”, Communications of the ACM, 1983. Kerr Monta, “Tough Times for CIOs”, Computing Canada, hlq’ 1994. “If You Think Information is Kimber Jeremy, Expensive Try Ignorance”. The Treasurer, December 1994. Krass Peter, “Building a Better Mousetrap: Whal Role do MIS Executives Play in Business ReengiWeek, No. 313, neering Projects?“, Information March 1991. Kwon T.H. & Zmud R.W., “Unifying the Fragmented Models of Information Systems Implemen@stems tation”. Critical Issues in Information Research, Wiley, 1987. Lamont Warren Gorham, Hour IS Steering Committees Contribute to a Proper Control Environment, Auerbach Publishers Inc., 1994. The I&y to Lucas H.C. Jr., Implementation: Successful Informatio12 Systems, Columbia I’niversity Press: New York, 1981. Markus M.L., Power, Politics and MIS Implementation, Communications @the ACM, 1983. Markus M.L., Implementation Politics: Top Management Support and User Involvement, 1981. Markus M.L. & Pfieffer J., “Power and the Design and Implementation of Accounting and Control
Strassmann Paul, The Business Value ff Con?puters, New Canaan, CT: The Information Economics Press, 1990. Teng J.T.C., Kettinger WJ, Guha S., “Business Process Redesign and Information Architecture: Establishing the iMissing Links”, Proceedings of the Thirteenth International Conference on Information Systems, Dallas, Texas, December 1992. Thompson D., ReorganizingMIS: The Ezlolution of Business Computing in the 1990s. Carmel. IA: SAMS Publishing, 1992. Turner J., Organizational Performance, Size and The iJse of Data Processing Resources, Nem, York University, Centre for Research in Information Systems, Working Paper #is, 1985. Turner J. and Lucas H.C. Jr., “Developing Strategic Information Systems”, Handbook q/ Business Strutegy, Chapter 21. Warren. Gorham and Lamont. Boston 1985. Venkatraman N., “IT-Induced Business Reconfiguration Infrasrtuctures: The Corporation of the 199Os”, Information Technology and Orga>tizcrtional Transformation, Oxford ITnirrrsity Press. 1991. Weill Peter, The Role and Value of Information Technology Infrastructure: Some Empirical 06 servations, The Graduate School of Management, IJniversity of Melbourne, July 1992. Weill Peter, “The Relationship Between Investment in Information Technology and Firm Performance”: A Study of the Vulve Munufactzrring Sector, The Graduate School of Management. University of Melbourne, July 1992. Weill Peter & Olson Margrethe, Managing Investing in Information Technology: .Mini Case Examples and Implications, The Graduate School of Management, Univrrsiry of Melbourne, March 1989.
Computer
Audit f;
Update
l
1996, Elsevier
March
Science
1996
Ltd.