The Role of the CEO

In many organizations, IT governance has been left in the hands of the IT department with little or no input from those in charge of the business strategy, particularly the CEO. The attitude seems to be: “It’s IT money, and IT knows best what to do with it.”

In the past, this might have worked for some companies and it may still be workable in certain mature industries that experience little change, or where the main function of IT is to reduce costs—the railroad industry, for example.

But what if you’re in the middle of a merger, experiencing rapid growth, or changing product lines? What if the regulatory environment changes? IT has to stay “in synch” with the new business priorities.

When IT departments are left alone to make their investment decisions, the result is that IT projects are not always aligned with the current business strategy.

Sometimes this is because IT is not getting adequate input and direction from the business side of the organization. But sometimes the reason is IT leadership is overly cautious; having shouldered the blame when previous projects failed to deliver. In response, they avoid new projects that carry a relatively high risk.

Enter the CEO

There are five areas of IT governance in which the CEO’s involvement is vital:

  • Communicating the business strategy to IT
  • Defining the risk profile
  • Weighing organizational needs against a limited IT budget
  • Assigning accountability for successes and failures, and
  • Helping to decide when to cancel failing or underperforming projects.

    Communicating Strategy

    The CEO has a responsibility to make sure that IT’s role in the business strategy is clearly understood, and that every IT project or initiative is directly linked to a business objective.

    Simply developing a business strategy is of little use unless it is communicated and translated into specific operational initiatives within the organization. The best person to lead that communication is the lead architect of the business strategy: the CEO.

    This does not mean that IT should stop working to understand the business and revert to being a reactive department responding to directives from above. Rather, by better understanding the strategy of the organization, IT should be in a better position to proactively identify initiatives that solve business problems.

    Defining Risk

    How much risk is your organization willing to tolerate? Should you devote 50 percent of your investments to high-risk projects, or should you limit it to 10 percent? The CEO has a key role in answering these questions.

    Here’s an example: Your company has a legacy back office system that has been in use for 20 years. You know there are more modern systems available that provide better capabilities. Your industry is also changing, you’re coming up against new competitors that compete against you based on customer service.

    The CEO’s strategy aims to meet this challenge by transforming the organization to improve customer service. Hence, a high risk investment in a new system to improve customer service might be acceptable. A different strategy, say competing on cost, might result in a different risk profile with only safe investments like minor tinkering to the existing system being appropriate.

    Organizations need to develop a risk profile that considers how willing they are to take risks. The CEO can take the lead in defining the organization’s risk profile.

    Needs vs. Budget

    In a large organization with thousands of employees, every group inevitably has its own priorities regarding project investments. Without the participation of someone at the top, such contests can easily be decided by who speaks the loudest. Or, just as badly, which investments are the least risky.

    The CEO’s role is to help balance the needs of the various divisions by overseeing the efficient allocation of scarce capital.

    Assigning Accountability

    Is IT’s contribution to the success of business strategy recognized across the organization? Does IT become the scapegoat if a project fails to deliver?

    As we’ve seen, a company’s success can depend on embracing risk and reaching for the potential higher returns, but if the IT organization has been burned for past project failures, its tendency will be to stick with the “safe” projects for fear of failing again.

    The CEO can be instrumental in ensuring that all parts of the organization are made appropriately accountable. When there is success, IT’s help in achieving that success is acknowledged. If there is failure, it is not IT’s failure alone.

    Pulling the Plug

    Effective IT governance requires that all ongoing projects be regularly evaluated (preferably every quarter) in terms of whether or not they are worth the continuing investment of time and money.

    Those that are not delivering and those that could be replaced by projects with a greater potential payoff, should be canceled and their funds diverted to the higher-return projects.

    Projects take on a life of their own, however, and once they get going, their momentum is hard to stop. Changing course requires a firm hand. Here again, the CEO can play a key role by helping to make the hard decisions.

    In sum, having accountability from the top down helps ensure that the capital and human resources of the organization will be working on the right projects at the right time.

    Ted Stephens is an associate principal at Intellilink Solutions a boutique consulting firm specializing in knowledge worker automation. His areas of expertise include IT governance, project management, and IT portfolio management. He can be reached at [email protected].