For those of you following this discussion series (thanks mum!) you should be starting to view strategy as much more than something that gets done once a year. It would not be understating my view that understanding the concept of integrated strategy (see previous articles) will be the difference between you as a leading technologist, or you as a business leader. A few weeks ago I had tea and biscuits (nice they were too) with Garth Biggs and I sought his opinion on strategy and in particular, turning technologists into business leaders. If you were an antagonistic fly on the wall you would have been disappointed as Garth and I had very similar views. In particular, we agreed that strategy in today’s business world is not just an outcome — it is a process.
When I asked Garth for a slice of his reality on how to turn technologists into CEOs he said one of the keys, is to understand the critical processes within your business. He explained one of the many advantages we have within IT is that we are the nerve centre of most business information, and we are therefore best placed to add value to poor performing business processes.
Good business leaders know how each of their business processes drive or deliver value. Many IT managers fail to truly grasp the opportunity not only to understand the information required to drive value but to map the critical business processes from which increased business knowledge will flow. Once you understand a process, then you can add real business value by improving it. Note: this line of thought moves business away from managers with functional job roles to managers empowered to make a difference. Radical, I know.
A major advantage in doing this exercise is that each of the functional areas that you map will want a copy of your finished work, and given a large part of adding value is based on relationship, do not be surprise if you are asked to contribute further, thus adding business value. Please note this exercise is neither clever nor difficult, it is just poorly done (or indeed non-existent) within most businesses, thus presenting IT with an easy value-add opportunity.
Several weeks ago I had lunch with Deen Hall (former Computerland northern operations manager) and we discussed why senior management teams have trouble extracting real value from IT, and the impact this has on the integration of business and IT strategy. Extracting value from your IT strategy will be the focus of next month’s article.
What is Value?
Value has two components within business: external value, eg customer value, and internal value. Value is based on an exchange, whether it is money for goods/services purchased or respect for a job well done.
External value is driven by five key determinants:
• Product quality
• Service quality
Internal Value is driven by two key determinants:
• Quality of outcomes — driven by knowledge and capability
• Relationship — driven by attitude, communication skills, and follow-through.
The weakest link
SECURITY Humans are the weak link in any corporation’s carefully crafted security perimeter. That’s the prevailing theme of Kevin Mitnick’s new book, The Art of Deception: Controlling the Human Element of Security (Wiley, October 2002), in which he shares stories of “social-engineering” hacks that involve everything from fake phone calls to dumpster-diving to illustrate how a dedicated and wily hacker can use human fragility and carelessness to crack a network.
Although CIOs may quickly tire of tales highlighting the boundless bravado of hackers, the book does offer some good advice on hardening your employees against such exploits. Mitnick recommends that companies encourage employees to adhere to the following security guidelines:
• Do not give out any personal or internal company information to anyone, unless their voice is unquestionably recognised and he or she has a need to know. Never disclose your password or any information about your password.
• Do not download, open or respond to emails and files from any unknown source. When in doubt (whether verifying a request for information or opening a file), ask for guidance from the security group.
• Do not judge a book by its cover. Just because a caller knows the corporate structure and lingo, sounds authoritative or looks the part, doesn’t mean he or she is for real. It’s acceptable and expected to challenge authority when there’s a security risk at stake.
• Do not transfer files to people you don’t know, even if the destination appears to be within company boundaries. — CIO US
David Linstrom is managing director of Practical Strategy Consulting. Linstrom is author of At Last! ... a HOW TO guide for Strategy, available from www.practicalstrategy.net. He can be reached at email@example.com
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.