Who rules over the CIO in your company —– the CEO or the CFO? It’s an important issue as we head into the new year, and it is an issue that Gartner has picked out for special mention. Fewer CIOs, it appears, are reporting directly to their chief executives. The sad fact is that governance of information technology in New Zealand has never been adequately defined. That is largely because of the relatively small size of organisations and, consequently, where the line should be drawn between governance and management.
Lotteries Commission CIO Dennis O’Neil came up with perhaps the best definition of those given by several CIOs interviewed.
“Governance is the role the board carries out that ensures management has an agreed strategic plan and the capability to deliver, and a feedback mechanism to monitor it,” he says. “However, the reality of the line between governance and management is what is agreed between the chairman of the board and the chief executive.”
IT strategy and profit strategy should be aligned, he says. “IT used to follow the business, but as it integrates and is being driven by business people, in high-tech organisations IT can lead to commercial opportunities such as new products, channels, customers and pricing.”
IT, he says, should report to those items in the operating plan, which is a one-year version of the strategic plan. “Hopefully, someone on the board has some IT knowledge and can become a champion for IT.”
It is common in New Zealand for the CIO to report to the chief financial officer, rather than the chief executive. That is sometimes an issue with CIOs, who feel that their views are not always adequately heard.
O’Neil feels the proper location for CIO reporting is dependent on the nature of the business. “If IT is a strategic resource, the CIO should report to the CEO. If it is non-strategic, the CIO should report to whatever function IT services: if that is financial, to the CFO.”
In Lotteries’ case IT is strategic, and O’Neil reports to the CEO. Not a penny goes through the business that doesn’t go through technology. He has just 12 operational staff, a small budget —– “One of the smallest I’ve ever had in terms of percentage of revenue.” —– and 99% of development is outsourced.
Chapman Tripp is one of the big three law firms in New Zealand. CIO Brian Bernon says he has no strong view on what governance is because in each organisation the ownership of the knowledge and assets can change. “For example, in a large corporate environment the buck stops with the chief executive. But in partnerships such as law firms and chartered accountants, governance of information and of the whole firm is shared between the partners. The CIO becomes the key person in providing critical advice where the stakeholders might not have a high level of knowledge and might not see IT as core to their business. It’s a bit of a balancing act between keeping the shareholders aware, rather than standing on a pedestal.”
Bernon says, as a general observation, that in some organisations CIOs are concerned that their voice is not being heard. “Then they begin to question whether their role is being heard, which is quite often not the case.”
He has been in his current role for 16 months. Previously, he was three years at Azimuth, including 16 months as acting CIO for Seranova (which bought Azimuth), based in New Jersey.
At Chapman Tripp, he reports to the chief executive, who reports to the managing partner. The managing partner is nominated for a three-year term by the 57 partners in the business. They also nominate the board, to which the managing partner reports. “I have interaction with all the partners for any IT change,” Bernon says. “We buy generic software. The key systems are those that support the lawyers in their work.
Project proposals, with full budget, business risks, opportunities and business benefits go before the chief executive, the managing partner and the board. “While the budget may be approved, it’s really for planning purposes and the project is very much tied to the revenue stream. IT is really a partnership role.”
Immigration has a governance group comprising the general manager, a senior executive from EDS (the department’s information technology partner) the chief operating officer, the chief financial officer, the e-services market manager and any manager who has undertaken work with an IT component and who needs to get clearance.
“EDS is not a party to the decision making but we involve them,” says IT director Rob Bolton. “Our IT is business-driven —– an integral part of how we do business. It’s not a matter of me thinking up things. I have to think, ‘How do we support the business strategy?’”
Bolton says having a general manager who embraces IT is key. It is a policy requirement for unit managers to consider the implications of IT. That will usually involve Bolton helping the project sponsor to understand the IT component of a strategy. The manager is responsible for making a case for the IT budget, which includes costs across the business. The management of that comes back to Bolton’s team.
Immigration recently established an enterprise architecture road -map and is upgrading to Windows XP and Active Directory as part of a broader migration programme. Return on investment is important.
“We undertake investment analysis and we understand the balance sheet impact, which is done across the business strategy, including IT,” Bolton says. “Our blueprint is very clear and achievable.”
A lot of what Immigration is doing is driven by the need for interoperability with other government departments. Thus, it is moving to more web-enabled, browser-based services.
For “significant” projects, an external quality assurance report is delivered to central government agencies (Treasury and the State Services Commission), which oversee the government’s IT monitoring plan. “The external person QAs back to the general manager and the project sponsor,” Bolton says. “Copies of those reports go to the central agencies.”
Immigration’s major project is the Advanced Passenger Processing System, driven by the need for heightened border security. It also involves Customs and Internal Affairs. “We are looking to Customs to lead the way in terms of identification at the border,” Bolton says. “What’s key is that we have an integrated approach across passport issuing, working at an integrated end-to-end process for biometrics.”
Natural Gas Corporation has undergone —– and still is —– massive restructuring over the past year. During the 2001 water shortage, it lost $300 million on its electricity business and subsequently sold its retail customers to Meridian, in the South Island, and to Genesis, in the North Island.
It is currently out to tender to sell its generation assets in Taranaki and at Cobb (near Takaka), and has sold its 50% Southdown generation holding to its former joint partner, Mighty River Power.
NGC has changed from a generator and retailer to an asset manager and owner of infrastructure. “It’s a very structured process,” says CIO Brett Bennett. “If there’s no ROI, things don’t fly.”
Bennett’s model is packaged solutions. “We try to steer the business to vanilla standard applications. When the business units want something, they talk to us and we do the analysis and prepare a capex report. Depending on the budget, the sign-off may be done by the general manager of the business unit, the CEO or the board.
IS proposes strategies to the leadership team, which comprises the CEO, the CFO and the general managers of the business units. Bennett reports directly to the CFO.
The two major business units are asset management (gas pipes and other infrastructure); and metering units and liquid petroleum gas supply. Over all of these is the corporate group (finance, legal, HR). The IS group numbers 14, including two in New Plymouth and one in Christchurch. Datacom is NGC’s outsourcing partner.
NGC runs Sun Solaris servers for its two major applications, the Gemtrack billing system common to most utilities, J D Edwards on Oracle, and has a number of Digital Alpha boxes and Intel servers. It is currently installing Lotus Notes for document management.
It is, says Bennett, a steady-as-she-goes approach.
Turners & Growers, which is merging with ENZA, has an executive management committee comprising the CEO, unit management as required, and CIO Keith Jesson, who attends most meetings. “It’s pretty much a federal approach,” Jesson says. “We are totally business-driven. Requirements are defined and we see if technology can improve the process.”
Over the past two years, Turners & Growers has focused on redeveloping its core business processes under a new business model. It has handled the business requirements in-house and outsourced software development to Datacom.
“Budgets are a consultative process,” Jesson says. “It’s pretty much a waterfall approach, with each aspect of projects handled in stages. “Getting a clear strategy and a clear business strategy are critical.”
He says being able to deliver production-class software is still a challenge because of the complexity of the business. “It’s about supply chain management. We’re dealing with perishable stock.”
Jesson reports to the CFO, and has regular meetings with the CEO. “I possibly don’t think it’s the right place to report to, but our CFO does have an IT background.” He says it’s a very old-fashioned way of structuring the business. “The roots of IT are in accounting, but IT is much broader than that these days.
That said . . . “It’s not healthy for IT to make decisions about business processes. It needs commitment by the business unit leaders. “We’re a fairly conservative organisation with the adoption of new technology. Operational excellence is very important.”
The US-based IT Governance Institute, sponsored by the 26,000-member Information Systems Audit and Control Association, offers the following definition on its web site: “IT governance is the responsibility of the board of directors and executive management. It is an integral part of enterprise governance and consists of the leadership and organisational structures and processes that ensure that the organisation’s IT sustains and extends the organisation’s strategies and objectives.”
It says that the governance process begins with setting objectives for the enterprise’s IT, providing the initial direction. From then on, a continuous loop is established of performance that is measured and compared to objectives, resulting in redirection of activities where necessary and change of objectives where appropriate.
“While objectives are primarily the responsibility of the board, and performance measures that of management, it is evident they should be developed in concert so that the objectives are achievable and the measures represent the objectives correctly.”
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.