14 May Advanced CIO: Technology execs must trumpet their success
Waukesha, Wis. – If chief information officers are to enjoy successful tenures within their respective organizations, they might have to be more willing to blow their own horns.
That was one of several messages delivered to CIOs during the 4th annual Wisconsin IT Symposium hosted by the Milwaukee IT Leadership Forum and efm, Inc. The symposium, which was held at the Milwaukee West Marriott, attracted technology executives from throughout the region.
Silent victories could spell defeat
Noting that avoided downtime often escapes the notice of end users and upper management, Tom Phillip, vice president of information technology for Concordia University Wisconsin, told his fellow IT executives that nobody will know about IT and security successes unless they tell their stories.
Phillip illustrated his point by describing a rough patch he once encountered during the holiday season. The university was in the middle of a network changeover when its Web site was hacked, and it got hit with a denial-of-services attack. “Someone had captured our home page, and so we also got our Web server hacked,” he explained. “And at the same time, we were going from an ATM (Asynchronous Transfer Mode) to an Internet backbone conversion.”
If there was a silver lining to Concordia’s demonstration of Murphy’s Law, it was that Phillip had no problem getting the capital resources he needed to patch network holes.
Three weeks ago, the university experienced another network outage that went unnoticed, and Phillip believes it is important to tell the story of that outage and the savings made possible by a revamped system that enabled business continuation.
To communicate successes, Phillip produces management reports with data and anecdotal information, he uses e-mail, and he makes time to speak to various campus groups. “You have got to keep on telling the story,” he said. “Whether you are a vendor or a vice president, you’re always selling.”
He said several strategies make it easier to deliver that sales pitch, including long-term budget plans based on life cycle replacement schedules, planning large projects over multiple years to avoid large, one-year budget impacts, and taking advantage of opportunities to purchase new technology that either automatically updates itself, or adds functionality. The latter, he said, might allow CIOs to retire multiple legacy devices, eliminate stand-alone products, and reduce maintenance costs.
Chad Eckes, CIO of the Cancer Treatment Centers of America, spoke on structuring successful vendor partnerships. He presented case studies in which IT projects failed due to the lack of communication or trust with vendors, and he recommended facilitating information flow with a Vendor Partner Committee. “Vendor partners are part of the team, and they need to be treated as part of the team,” he said
To lay the groundwork, Eckes works with his internal IT group to identify key functional areas with the potential for vendor relationships. The group then identifies its best integration partners before bringing in vendors to make their presentations, and the group may require new vendors to demonstrate their value in a pilot project. Under no circumstances will Eckes enter into a vendor relationship without first negotiating a master contract that spells out performance expectations, and he always demands access to a vice president with decision-making authority.
Eckes, who already has an Executive IT Committee that meets quarterly and an IT Operations Committee that meets monthly, said each vendor partner that handles a core function should have a representative on the committee. Then, quoting the late Peter Drucker, he noted, “Every strategic plan ultimately degenerates into hard work.”
Third-party relationships, particularly outsourcing partners, were the focus of a presentation by James Ritchey, interim CIO of DeVry, Inc. As businesses increase their use of partners to deliver key business functions, he said they must understand that the major business risk does not rest with the third party or the IT department, but with the business, itself. The same concerns that pertain to internal use – data management and access, vendor training, and audit capability – also must be extended to partners.
Ritchey cited an example of stolen source code uncovered in an FBI sting operation in India, a beneficiary of outsourcing that does not recognize trade theft. The source code was recovered from a developer who had been fired by his Bombay software outsourcing employer, and an Indian court must now decide if charges can be brought.
Ritchey’s recommendations include executive level involvement in all outsourcing agreements, a pre-agreement risk assessment, and the identification of clear measurements and remedies. Although the major risk lies with the business, Ritchey said IT is expected to manage risk and follow through on the third-party’s internal controls. “If there is an information loss, they are going to come back to IT and ask, `why you didn’t make that happen,'” he said.
Even with the buzz that can accompany new technology investments, employees have a tendency to revert back to the systems they are accustomed to, especially if they have relied on them for a long time. David Melbye, CIO for the Milwaukee Metropolitan Sewerage District, had that experience when he led the district through a major IT overhaul. Some of the 23 applications from its old DEC Alpha platform had been used since the late 1980s, and Melbye said users were “geniuses in finding ways to work around” the new program.
Melbye now wishes he had devoted more time to the initial change management issues, including acceptance testing. “They had a deep emotional investment in the old systems,” he said. “I underestimated, as the project sponsor, the time and resources necessary to do that.”