Tuesday, 16 July 2013

6 IT Trends & 15 New Habits for CIOs & Their Teams

The CIO/ITD In Crisis.

Harvard Business Review blogger, Jim Stikeleather, posted recently  The CIO in Crisis: What You Told Us - a few particular points caught my attention:

"The best executives I have met have had a great understanding of how to use technology to gain competitive advantage and improve operations. They also worked with the CIO to help them to understand the business. They worked together to identify the technologies that could improve the company's competitive advantage versus technologies that were needed to support the business. Once this was done, the executive leadership and CIO focused on implementing technologies that improve the company's competitive advantage".

"All the parts of the organization have to come together and build a common language to discuss their markets and their enterprise. They need to have a common appreciation of each other's purpose. The CIO must step up and mentor the C-suite on the potentials, possibilities, threats and opportunities of information technology..".

"If IT and the CIO come to the party talking like engineers, only offer convergent lines of thought (analytical, rational, quantitative, sequential, constraint driven, objective and detailed focus) and don't offer a more holistic, shaded divergent thinking point of view (creative, intuitive, qualitative, subjective, possibility driven, holistic with conceptual abstractions), then they have missed the point".

"The CEOs were actively aware, concerned, looking at alternatives such as chief digital officers, or creating "not-so-shadow" IT organizations under the CMO".

"For existing CIOs, ask yourself a few questions. Are you generating customer value? Are you (or do you have the potential to be) the best in the world at what you are doing? Are you required to do what you are doing? Using the answers to those questions, what do you need to stop doing, start doing or do differently?..". [see 15 ways to change the ITD's habits table later in this post].

In a similar vein, according to a recent CIO event run by Forrester Research: "The IT department of 2020 could disappear as a separate entity and become embedded in departments throughout the entire organization".

This article posits that the need for change is now undeniable, and that CIOs are looking for practical steps for creating new habits in their teams. These new habits, developed now, will help prove the continuing need for a central Enterprise IT Department.

History & Trends.

The demise of the IT Department is not a new  prediction, it was first suggested in 2004 by Nicolas Carr in his book 'Does IT Matter?' and again in 2007 when Chris Anderson published his ‘Black Wire – White Wire’ article. This post talked about how corporate IT was being over-taken by consumer-IT. Later, in January 2008,  Nicholas Carr famously pronounced “The IT department is dead” referring to the up-take of utility computing since his 2004 prediction. 

Since then, others made further observations about emerging IT trends that appear to strengthen those predictions. Today, around six hard trends are well established. They sit within an umbrella trend we described as ‘Externalization’ back in 2007. Later, in 'Flash Foresight' Daniel Burrus explains how he identified many of the established technology trends and why they are 'Hard' trends rather than passing fads. More recently,  in his book 'Agile Architecture Revolution', Jason Bloomberg talks about understanding the enterprise as a Complex System - a System-of-Systems. His book is architectural guide to help IT Departments respond to the Externalization trend and, at the same time, it highlights the need for a change in mindset within the IT community.

In parallel, John R. Rymer of Forrester Research coined the phrase 'Business Technology' (BT) to describe the ever-increasing reliance on information technology by businesses of all types to handle and optimize their business processes  and the need for a more integrated & holistic approach to the use of business-embedded information technology.  Here's what Wikipedia says about BT

"The increasing use of the term business technology in IT forums and publications is due to an emerging school of thought that the potential of information technology, its industries and experts, has now moved beyond the meaning of the term. Specifically information is seen by some as a descriptor not broad enough to cover the contribution that technology can make to the success of a business or organization".

Focus on Externalization and BT.

Acceptance of the Externalization trend, and a deep appreciation of 'Business Technology' theme, provide the canvas, on which, we can sketch-out the ways in which the IT Department must change to survive. Probably most importantly, the CIO needs to find the time to think strategically: from 'Whac-A-Mole-IT-Management'  to strategic, Business-Technology leadership. Thinking strategically means the CIO needs to develop a deep appreciation of  the various ‘markets’ his/her team serve, as both a supplier, and a broker of services, to those markets. Such markets exists within and outside the enterprise and are made up of customers, suppliers, intermediaries and other stakeholders. All with differing values and requiring different sensitivities to protect and enhance trust relationships.

How to prepare for the inevitable change.

At my current company, we use the 'BT' label help position our five-year vision & strategy. It helps frame the discussion about the many areas of change required: cultural, technological, procedural, organizational & regulatory. BT is not, however, a new name-tag for the IT department - it represents the new thinking required across the whole business. It might seem ironic, given the predictions, that it was our CIO who initiated the discussion - I suspect, however, this will often be the case: the CIO is frequently the only C-level executive who has a holistic understanding of both the breadth and depth of the business.

Back in May this year, I posted about the work we were doing to establish a BT Vision. This has since been developing gradually and is gaining acceptance across the IT senior leadership team, but more importantly, with C-Level executives.

Recently, I was invited to share, with a large multinational conglomerate, some of the more tangible changes we're implementing  Our vision & journey towards 'BT', and our response to the the 'Externalization' trend set the context for the discussion. Here's the list of 'contrasting behaviors' I shared: 

15 ways to change the IT Department's habits

Old Habits
 New Habits
1.The department of ‘No’
2.Products focus
3.Internal SLAs
4.IT Strategy
5.Cyber security tooling
6.CAPEX-first mentality
7.Solution-focused technology architecture
8.Product standardized IT portfolio management
9.Governance of large IT projects
10.IT Cost Centre management
11.Internal procedures & methods
12.'Family’ of IT vendors
13.Gadget-focused innovation
14.Periodic, internally-focused, measurement
15.Technology focus
1.The department of qualified ‘Yes’
2.Services focus
3.Services internal/external ecosystem –SLA-chains
4.Integrated BT strategy
5.Cyber security culture
6.Balanced, outcome-focused, investment
7.Adaptive, value-focused,  Enterprise Architecture
8.Principle-led architecture & standards-based integration
9.Company-wide, joined-up,  BT-governance
10.BT services broker, innovation-lead and advisory
11.Internal & external engagement
12.Consumer-driven, ecosystem of suppliers
13.Customer-story-based innovation
14.Constant, external & internal, feedback-loops
15.Focus on information value & risk

We've made good progress on many of the 15 points, but I'd say the most compelling for the business are: 1) The department of qualified 'Yes',  4) Integrated BT strategy, 5) Cyber security culture, and 13) Customer-story-based-innovation. I'm pleased to see these seem resonate with the observations made in the HBR article mentioned above.

Will the IT department will be dead by 2020?

Will the need for a central IT department go away by 2020? No, not in our case at least, but it does need to rapidly adapt and evolve and  we believe those  that don't will become side-lined. We are seeing, however, other businesses taking a different view: there does seem to a dangerous, frustration-with-the-ITD, pattern emerging where IT departments are being split-up into LOB sub-teams, without considering the need for, holistic, enterprise-wide thinking.

Maybe the IT Department label won't exist by 2020, but many organizations will require a team that focus on the value of the digitally enabled world that balances agility, resilience, security and cost across the whole enterprise. For these companies, dispersed and unbridled IT (use of consumer-led technologies and commoditized services) would lead to unprecedented levels business risk: operational, financial, commercial, reputational and regulatory. [post addendum: FUD alert! See my response to Nick Gall's comment].

My hunch is that, once the hype has died down, the Externalization trend will actually strengthen the need for strategic, less operationally-focused, 'Office of the CIO' within organizations. I'm sure, however, such an entity will be unlike today's 'Operationally-focused' IT shop, by 2020.


Since posting, I was asked where VPEC-T fits in the context of the move towards BT. VPEC-T is a tool for the sense-making of complex systems-of-systems. It deals with the complexities of plurality (e.g.multiple value systems and multiple types of event). Moreover, it is used for sharing stories about such systems which helps: reach common understanding, ensure completeness and make trust explicit. These considerations will be increasingly important in the diverse and emergent world of BT. It's most applicable to 'New Habits' 5,7 & 12-15.

Here's an example of the preparation for a VPEC-T workshop based on a real session I ran earlier this year - it might help explain plurality need.


  1. I like all your ideas for more effective application of information technology by business leaders. But I don't see why they "help prove the continuing need for a central Enterprise IT Department." All these ideas can be applied equally well in scenarios where information technology has been DE-centralized and diffused throughout the business.

    Many (most?) people of sceptical of "centralized" planning of anything, including IT. I think this puts a heavy burden of proof on those seeking to justify a "centralized IT department".

    I don't think that simply invoking unproven FUD regarding increased business risk meets this burden. "[D]ispersed and unbridled IT (use of consumer-led technologies and commoditized services) would lead to <> levels business risk: operational, financial, commercial, reputational and regulatory." Unprecedented levels of risk? Really? I need to see more proof.

    1. Nick,
      Thanks for your feedback and you make a goof point about scepticism of anything “centralized”. I also accept that I need to explain why I believe that “Unprecedented levels of risk” will occur if the IT function is entirely dispersed.

      I should probably explain that I currently work for a Utility that providers electrical power to >85% of the population of Hong Kong. We are among the top 3 companies worldwide in the uninterrupted provision of power to our citizens and have been for many years. This level of service has become the norm and is taken for granted by both our residential and business customers. This has resulted in a city that is built upon that expectation in everyone’s daily lives: from their dependency on elevators in their high-rise apartments to their journey to work on the Mass Transit Railway and the need for air-conditioning in during the hot summer months. My company is acutely aware that any significant (circa 3 days) interruption to the supply would become life-threatening. In order to maintain our levels of service, we rely heavily on various types of information/digital technology. Traditionally, like many other Utilities, we have separated-out the Operational Technology form the Information Technology, but the lines are becoming more blurred with the advent of Smart Grid and, at the same time, the increase in Cyber Threat (based on empirical evidence and expert opinion) and greater use of consumer-driven devices and consumer selected apps. These have caused us to take a much more holistic, enterprise-wide, perspective and have fuelled the need for a more “centralized” approach to planning, governance and incident response. Our executive team realise our business is dependent on embedded-IT and are sensitive to the consequences of IT interruptions and failures. Whilst Lines-of-Business fund and manage IT projects, they depend on the CIO and his team to deal with the enterprise-wide risks: security governance, cyber-incident-response, data privacy & protection, fail-over, end-2-end integration and common platforms. While many of these services might be, in part, sourced externally, the CIO and his team are expected to lead and manage those relationships and perhaps more importantly, the CIO is the ‘A’ for such matters internally. Why? Because if no one central group is accountable, the C-level see tangible risk in many areas: operational, financial, commercial, reputational and regulatory. I won’t expand further here, but I’m sure you can appreciate that these risks are similar with any significant failure of the technology used albeit the gas turbines, nuclear reactors or embedded-IT (think Stuxnet).

      My perspective is, no doubt, skewed by the safety and reliability culture of my current employer, and, I can see that it may seem like FUD as you pointed out, but I do believe other organizations will face similar challenges over the next few years. Like I say in the post, I wholeheartedly believe the ITD needs to change or become ignored - and possibly done-away-with. I do, however, believe that ‘dispersing’ the ITD without recognizing the need for critical, enterprise-wide, services would be a mistake. Of course, such services might come from a revamped ITD or from and entirely new department – this post comes from a PoV that says the existing CIO should lead that transition, but I’m sure many won’t!

    2. Nigel,

      Thanks for your well thought out and richly described response. It helps me make my point in several ways.

      First you mention the evolution of the electric grid to the Smart Grid. Smart Grid means many things to many people, but at its core, I think you'll agree that it means DECENTRALIZING power generation, transmission, and delivery! So even in the electric utility industry, we're seeing IT enable a move AWAY from centralization, NOT towards it.

      The reason everything at your utility has to be so reliable 24x7 is that power generation is almost completely centralized. Imagine a day when every building has the ability to generate and store energy, not just consume it. Then the reliability requirements of any one part are reduced. Households and businesses them view electric utility providers as just additional sources of power, NOT the source of power. Just like information technology, electric generation technology is diffusing, NOT centralizing!

      Second, even within the current architecture of the electric utility industry, you acknowledge that only some aspects of information technology (eg OT - Operational Technology) need be highly reliable. The rest can be safely decentralized. For example, there's no need for the marketing organization of National Grid to apply the same IT approach as the power plant IT approach. The NGrid marketing department can safely migrate to Google Docs in the cloud for most of its work. :)

      Thirdly, you've picked an industry that will arguably be one of the last to experience the IT decentralization trend many of us are seeing. In this same category are missile defense systems, critical patient care systems, heavy manufacturing systems, etc. But even in these industries, a one size fits all, centralized IT organization (ITO) for everything, is not the right approach.

      As I mentioned above, even in these industries, only some systems will need the full rigor required for highly reliable operation. Gartner uses a pace layering model to divide systems into different categories of innovation vs execution (read reliability), each with different rates of "diffusion".

      I guess where you and I disagree that you seem to believe that "other organizations will face similar challenges [to those of electric utilities] over the next few years". I think other industries start to look less and less like electric utilities, not more and more. Why? Because in most industries, the provisioning of highly reliable IT infrastructure will no longer be at the organizational level, it will be outsourced to the IT cloud industry.

      Netflix is a perfect harbinger of this trend. Even though it must provide reliable video streaming service to its customers, it doesn't build it's own data centers, it uses 100% Amazon Web Services (AWS). Currently, it builds its own reliable software architecture on top of AWS, but one can look over the horizon and see that in a decade or so, Netflix will delegate even the PaaS layer to Amazon, reducing even further the degree of "IT expertise" it needs in house.

      So perhaps you and I can agree on the following: the provisioning of reliable IT infrastructure will be on a centralization trend to utilities such as Google, Amazon, Microsoft, etc. The application of software systems by business will be on a decentralization trend to those parts of the business that can directly apply it, because they no longer need to master or hire the IT "plumbing" skills currently required to do so.

      In such a world, a handful of executives (who probably don't have the title CIO) run the world's IT infrastructure (for AWS, Google, etc) and all the other executives become effectively "consumers" of such services. A rough analogy to this model is the consumer electronics industry: vast centralization into a handful of mega contract manufacturers (eg Foxconn) and vast decentralization of consumer product innovation companies (eg Apple) who design products but don't make them.

    3. Nick,
      I suspect we agree on more than you might imagine. I have used the term “Externalization” (first coined in our book ‘Lost In Translation in 2007) to describe the decentralizing trend as is evidenced in Smart Grid. So I agree with most of your last comment, up to the paragraph starting “Thirdly…”, which I don’t disagree with, but wish to make clear that I certainly *don’t* suggest or recommend “a one size fits all, centralized IT organization (ITO) for everything”.

      You’re correct on where you and I disagree, or at least we may be arguing about entirely different things. The “similar challenges” I refer to are to do with internal *accountability*, *not* that most, if not all, of the IT-plumbing will be outsourced (Externalized). I’ve been a fan of trying to get rid of the highly commoditized IT stuff for some long time!

      I have no argument with:
      “the provisioning of reliable IT infrastructure will be on a centralization trend to utilities such as Google, Amazon, Microsoft, etc. The application of software systems by business will be on a decentralization trend to those parts of the business that can directly apply it, because they no longer need to master or hire the IT "plumbing" skills currently required to do so”.

      But I would add a ‘however’ to this:
      “In such a world, a handful of executives (who probably don't have the title CIO) run the world's IT infrastructure (for AWS, Google, etc) and all the other executives become effectively "consumers" of such services”… However, even if this world becomes a reality, the consuming organizations will still need to take responsibility for running their services “eco-system” and, for the intellectual property embedded within the information they own, or are custodians of. Such responsibility will require many of the skills that are within mature IT Departments today, such as: Cyber Security, Enterprise Architecture, IT Services Procurement and Business Analysis. Some of those skills might be diffused across the business (e.g. Business Analysis), however, others will be best placed in a central team – for the same reasons a central Legal, Public Affairs or Finance team make sense.
      I don’t know what such a team will be called – a bit tongue-in-cheek, I suggested: “Business Technology Risk Management” to an audience of CIOs last week. I do agree that whatever this new department/group is it won’t look much like the ITD we know today, for all the reasons you gave, and what I call “Externalization”. I suspect it will be much smaller than current ITDs, maybe 10% of current headcount, but I do believe it’ll need to be headed by a “CIO-like” animal that puts the “I” of IT first (as opposed to a CTO/IT Manager) and has an *Enterprise-wide* view. I believe the need for this group will be as important as the other back office corporate functions. It may, or may not, be born out of the existing ITD, the message to my audience was that this was, in part, their choice and to stand a chance of picking-up that role, they needed to think about the “15 Changes in Habit” and start to prove that they could adapt to the new world order. The size and shape of such a team would vary across organisations (no one-size-fits-all!) and, I suspect, some firms will elect to outsource this capability, if they see it as low risk or non-strategic. I don’t believe my current company will and, I’m positing there will be others that (outside of Utilities) that won’t. But one of the reasons for my post was to test this hypothesis and to generate a discussion. It seems I’ve been successful in that regard, at least with you! Thanks.

      On Pace Layering: I’ve seen a bit about this but would be interested to know more – I’ll get my Gartner account manager on it. I posted about similar a few weeks back see:

      "Searching for Agility & Industrial Strength" (in two parts) in the side-bar under May 2013.

  2. Nigel,

    I can absolutely see the role of CIO and the IT Organization (ITO) s/he leads devolving into a role akin to the centralized legal/security role you describe: some responsibilities "will be best placed in a central team – for the same reasons a central Legal, Public Affairs or Finance team make sense."

    But if the CIO/ITO role becomes more like centralized Legal, then it will hardly fit your description of "New Habits": "the department of qualified 'yes'. Speaking as an former intellectual property litigator, I can assure you that corporate Legal is and will always be "the department of NO."

    So I'm hopeful that you and I agree that the role of centralized CIO/ITO devolves into one of minimizing risk (along with centralized legal, finance, and security), rather than innovating for reward, which devolves into the diverse business units.

    Somebody has to be the worry-wort when it comes to IT, and I cant't think of a better candidate than today's CIO/ITO. Here's what I'm talking about:

    J.P. Morgan CEO Jamie Dimon is a fan of tools like Facebook and Twitter at his bank, but the compliance folks are freaking out.

    Dimon explained how he was looking at Facebook and Twitter with his team of lawyers and noted how both social networking tools could come in handy for customer support and other bank chores.

    “I told my lawyers that if they invented the phone today we wouldn’t use it for 20 years,” quipped Dimon. “Bosses have to take that chance (on new technologies).”

    1. I love the JPM anecdote!

      I agree we don't want a the Office-of-the-CIO to become *like* Legal in the behavioural sense, just that there will be a need for a CoE, or some such, that is tasked with the Enterprise-wide ‘worrying’, as you put it, and is helps the business try-out new technologies with an emergent, safe-fail, mentality.

    2. Glad you like the anecdote. It gets to the heart of my issue with the dream of a new type of CIO. CIOs have been bred to avoid risk--just like attorneys. I think it is virtually impossible to change their DNA.

      Instead a new type of reward-seeking technology leader will emerge and the title and role "CIO" will remain his foil. I see this everywhere: CTO, Chief Digital Officer, Chief Innovation Officer. All these new titles are for technology-savvy business executives that innovate with IT in ways that make CIOs (and Legal) cringe.

    3. This has been a fascinating discussion, thanks.

      This seems a case of corporate IT (AKA CIO) moving towards a 'stewardship' role (wikiepedia: 'the responsible planning and management of resources'), applying the knowledge, skills and battle scars earned through the years of 'delivery' and 'operation' ?

      If so - it makes me wonder what what happens in the next generation or two where a company's IT folk no longer have the first-hand knowledge, experience and wisdom to draw upon. These disciplines will remain important and naturally 'centralised' in nature (cross-cutting concerns).

      Does it make sense to even talk about an IT department in this world? Agree with you - probably not. Interesting to contrast this with the increasingly critical, complex and completely integrated role of technology in 'business' and society as a whole.

      Nick as you mentioned above, it points to a shift of power towards vendors that is increasingly hard to reverse - despite the rhetoric of cloud being 'empowering' and 'liberating'.

      Maybe that's the key trend in IT over the past 30 years! First it was the machines. Then it was the applications. Then it was the people. Now it is the data centre.

  3. Nigel/Nick

    I don't think you can derive the best organizational structure (what I call Responsibility View) from the capability model alone (Capability View). I believe the Cybernetic View provides an essential stepping stone in this debate: what are the command loops and learning loops that we wish to establish?

    Nick's suggestion of a creative tension between CIO and some other role starts to open up the Cybernetic view, because it postulates some kind of counterbalance between two modes of control.

    I have done some preliminary analysis of an oil company (currently on back burner) in terms of how creative tensions of various kinds can be represented cybernetically. Early days, but I am expecting VPEC-T to be useful here.

    Meanwhile, let us consider how did CIOs get to be so risk-averse? Partly because many of them have a background in project/programme management, and are trained to draw safe boundaries around their projects and programmes. And partly because companies get rid of their CIOs too quickly. (What is the average tenure of a large-company CIO these days?) A cybernetic view would explore and address the systemic reasons for their being risk-averse rather than simply accepting this as an unalterable fact.

    1. Hi Richard,
      Very interested to explore the Cybernetic View and seeing how VPEC-T might play-in. Value systems would seem like a good place to start, but I can already see how each dimension might develop. Are you up for a bit of remote collaboration?

  4. Trying again.
    In a networked society/economy we have to move beyond the centralised/decentralised model.
    my own view is that we should design on a subsidiarity base.
    What that means to me is instead of the centre designing what the freedoms of the local should be you design from the local and look for opportunities to protect the health of the whole by sharing/co-designing shared facilities.
    the "centre" should do very well the least number of things required to maintain integrity and health of the whole. That way, if we find 2/3/n levels of centralisation then that is what is required by local flexibility with systemic effectiveness.

    1. Chris, you've described how DHL used to operate in the ’80s-'90s I suspect very different now though.

  5. Agree, it is high time to dump the redundant IT-centric model of the 80s and 90s. However, our Brave New World will still be constrained by the practicalities of keeping the lights on and managing the graceful degradation, retirement and demise of the IT-centric legacy. This means that, for the foreseeable future, the Old Habits will have to co-exist with the New Habits. The new paradigm will probably only happen in a parallel/ successor organisation, while the old regime is carefully managed out. Some enterprises will be able to accelerate this process, while others will inevitably lag, or stall.

    1. Thanks for the comment Colin. I agree with your point of transition, however, at my current firm, we're finding that we're accelerating faster to the New Habits than we'd first imagined when we started the journey last year. In our case, I think we have a real chance to 'reinvent the office of the CIO' and therefore transforming the old IT organisation to the new without the need for a parallel/successor. Time will be the judge. From the feedback in this discussion, it does seem however, many IT shops won't be ready/able to move fast enough, or lack the trust relationship with the business, for this type of reinvention. On reflection, we've only been able to do this because we have a great track-record of service delivery and IT-led innovation (all credit to the IT Leadership Team over the past 5 or so years). In addition, our CIO has a deep understanding of the business and is in a position to talk with authority on financial, customer-centric, regulatory and operational topics, in addition to his passion for making best use of IT-led innovations to deliver business-relevant outcomes. We don't always get it right - some experiments fail, but a prudent Safe-Fail mentality means his team are empowered to experiment and are enthusiastic about continuous improvement to the services we deliver the business. This mentality has helped us win external awards in recognition of those services - most recently we won the 'Best Security Strategy' IT Excellence Awards (Asia). I believe this success is founded on the IT department's track-record and, more importantly for the future, will continue with the 15 New Habits we're actively embracing. I guess my question is: are we unusual or are we, by happenstance, in this position? I can't believe we're so different from many others. I'm keen to hear of other success stories and to share lessons learnt.


  6. Here's part of an email response I received from an ex-colleague who is senior consultant in the FS sector:

    "In recent big banks I've worked in I've seen two models (and one is perhaps a warning about what happens if you don't get the other right). In one investment bank, there was a powerfully business centric CIO (ex ops rather than IT background) who sponsored the creation of an empowered central architecture function as well as an office of the CIO - they both worked with the business to help the business articulate needs and priorities in a way that technology could digest, and also proactively took to the board cost-reduction opportunities and 'business enablement' opportunities driven by research into new technologies and internal landscape analysis v a business architecture framework. IT thereby retained the lead voice in IT strategy.

    The other two banks had lost IT credibility thru delivery failures and high cost; despite attempting to establish central arch functions and talking about business architecture, what was clearly happening was the business wresting back control at a LOB and function level of top level needs and focus strategy, with IT coming to be seen as simply an execution and maintenance function (in fact in one of them, the execution was also largely outsourced too). So I see a message to CIOs emerging as: take control and show value in the strategy space or face a role of running the wires and boxes...".