CIO

Working in the Vortex

CIOs have morphed into technical specialists with strategic and visionary skills, and are turning their attention to the challenge of developing more robust risk-management strategies and policies.

Most days the modern chief information officer faces climate change issues: changes to the business climate and environment driven by fluctuating economies, tighter regulation and compliance, ever more complex business structures, human resource issues - the list goes on. It is a vortex environment that requires a wide palette of skills. To keep pace with the growth, speed and complexity of operating in such a vortex , CIOs have morphed into technical specialists with strategic and visionary skills, and are turning their attention to the challenge of developing more robust risk-management strategies and policies. In the "bad old days", technical specialists were not considered part of the strategic management team but merely part of the back office of the business. The focus was on creating technology solutions as requested by the company. Typically, this used to involve getting a specification brief, then retreating to the basement to spend the next eight to 20 months working to produce something that met those specifications.

Failure to continue to align the project to evolving business requirements and processes could, unfortunately, lead to the collapse of large-scale projects. This would result in perfectly built operating systems that the business no longer required, because it had evolved in another direction since the team disappeared into the basement, specifications in hand.

Today the picture is somewhat different. Every company's strategic plan incorporates technology, and every technology or IT plan includes strategy. There is nothing that the CIO does, or touches, that is not linked in some way to the technology that underpins the business process of the organisation.

To adapt to this change, the traditional role of the CIO has been transformed. CIOs are no longer considered technical implementers but change implementers. This transition has also helped to break down some of the old-fashioned approaches to technology, leading to the following developments:

  • A change of attitude within the organisation where increasingly the aim is to build a process once, but use it multiple times.

  • A cultural transformation throughout the organisation. Everyone is part of the IT strategy, which is the strategy of the business.

  • A smoothing out of the business process through the organisation. By implementing a technology project strategically and well, you can end up improving operational processes and policies.

However, the move of CIOs from the back room to the boardroom has not been without its challenges.

As the business landscape becomes increasingly complex, one of the skill sets that is not well recognised among the responsibilities of the modern-day CIO is the need to manage closely all compliance and regulatory issues.

It is no longer enough for a CIO to be just a technical guru. Knowledge-related risk management and compliance skill sets are equally important to fulfil the role of a CIO properly, and this will be more apparent as we move into the next decade.

So what are the legal issues and challenges the modern CIO in a corporate environment has to be aware of and resolve? How do you answer the following risk factor questions?

  • How am I dealing with the three Ps - privacy, piracy and protection? Do I store, manage or send personal information? Do I know what is on my system? Is it all licensed? Am I protected? Have I tested recently for robustness against a malware or denial-of-service attack? Am I safe at month or financial year end?

  • How green is the team? Emissions and power consumption are part of technology -how does this fit in with the corporate green marketing and sustainability obligations and objectives?

  • How good is my governance? Can we keep a secret? Premature leaking of a strategic project can have adverse share price and other consequences. Can I ensure the confidentiality of employees, contractors and suppliers?

Here are some strategies to help minimise exposure to risks:

Board-level advice: CIOs should be able to operate comfortably at board level, providing strategic and common sense advice as to what would put the company at risk. It would be rare for the cost of a project to bring a company to its knees, but an inability to maintain continuity of the business as a result of a technology breakdown or outcome failure is all too familiar.

Contingency plan: The ability to implement a clearly defined contingency plan is paramount. Having a Plan B is strategic thinking at its most basic level. An organisation just cannot be in a situation where a technology failure affects its ability to conduct daily operations. If the supply-chain technology for a major retailer failed, how would it cope if it had to revert to pencil and paper for, say, a fortnight?

Active role on the board's audit and risk committees: CIOs also need to adapt to a role that assists the board's audit and risk committees. Collectively, these committees assess impacts and potential risks for organisations. CIO input at this level is critical.

These changing roles and responsibilities have meant a remix of the traditional CIO skill set. CIOs must possess the same broad business skills and acumen found in the corporate leadership team. A comprehensive understanding of the environment in which they operate, an appreciation of how other facets of the business can help strengthen the bottom line and how technology can provide important market differentiation are all important skill requisites.

CIOs are in a unique position to shape and inspire their organisation, but to do this effectively they must be effective communicators and influencers. As part of the management team, they are responsible for the cultural stability of the organisation - in other words, in ensuring that there is open and proper communication between all members of staff. To further illustrate this point, a CIO is likely to have responsibility for the policy of staff access to and use of the internet. There are many instances in which an organisation has been put at risk where such a policy was not properly implemented or followed, and substantial claims were made against the company.

Key characteristics of a modern CIO

A modern CIO must possess a somewhat contradictory skill set - they cannot be just detail people who are very process driven, but must also be:

Visionaries: They must be able to see over the horizon, to where they can place the organisation so that it can deal adequately with the opportunities and challenges of tomorrow.

Open and communicative: They must be able to work with others across a wide spectrum, from the board table to the factory floor. The CIO must have a thorough understanding of people's roles and responsibilities at every level, and of how technology can assist them in their daily tasks to be more efficient and reduce risk.

Adaptable: They should be able to operate in the rapidly changing economic and regulatory environment that requires the flexibility to embrace, understand and deal with that change. CIOs need to be able to think fast and move just as quickly.

Accountable: They must move from being doers to enablers. The transition from the basement to the boardroom has meant that CIOs have become accountable for a wider range of tasks and today have a higher level of responsibility.

Oliver Barrett is the head of the Technology Group at Minter Ellison Lawyers.

Fairfax Business Media