CIOs Must Adopt an Offensive Strategy to Execute the New IT Mandate

CIOs should adopt an offensive strategy to confront the demands of a new IT mandate, according to Linda Pawczuk, Principal, and Joseph Joy, Senior Manager, Deloitte Consulting.

During the past decade, many insurance CIOs developed and executed an IT mandate that typically included the following core strategies: Simplify the technology environment to reduce business complexity by consolidating applications, data, command centers and call centers; displace the company's IT professionals to reduce escalating IT labor costs by leveraging offshore or alternative technology service providers; and develop shared services (i.e., infrastructure, call centers, business applications) to create efficiency by eliminating redundant operations across business functions.

In recent years CIOs, many IT professionals and their business partners have worked tirelessly and spent significant capital to enable this IT mandate. Today, however, CIOs are faced with a new IT mandate driven by the harsh challenges of our global economy.

CIOs are faced with implementing new IT strategies, which in some cases defy the principles of this historical mandate. For example, many IT organizations are working to simultaneously segregate corporate systems and services, carve out business units, untangle applications and infrastructure, and provide transition support services to acquiring companies, as well as run production 24x7 with fewer IT professionals -- all at a record pace. For most CIOs the new IT mandate is not optional, and many IT leaders face mounting pressure to deliver on these new business imperatives with limited capital and fewer IT professionals.

These CIOs must solve a few foundational issues given the conditions of the new IT mandate, whether it is focused on a deal to carve out business units at breakneck speed or dial down IT services by reducing infrastructure capacity or eliminating application services. The question CIOs face is: How can IT shift from defense to offense in executing the new IT mandate, while reducing unnecessary business and/or financial risk?

Streamline or eliminate obstructive governance processes and remove artificial boundaries to enable a culture of quick decision making and accountability.

To rapidly achieve the new IT mandate, the rules must change. Historically many organizations have worked in silos, lacked formal governance and, in some organizations, accepted a profound segregation between the business units and IT. Today's CIO must create a culture of open and frequent communication among business partners, applications teams, IT operations staff and alternative sourcing firms. Don't let leaders, partners or IT professionals hide behind cultural silos or let less interactive communications, such as e-mail, stand in the way of results.

Separation, integration and dialing-down of services are about speed of execution while maintaining service quality.

Today's CIO must create a fact base to communicate IT resource capacity and utilization. When business units get the deal done, a significant percentage of the overall work from the deal rests within IT. The CIO must acknowledge any resource constraints and seek the help of partners to prioritize work to help ensure proper resources are devoted to high-value deals and projects. The IT staff must not become a bottleneck to enable change.

Don't lose sight of existing operational controls and compliance procedures required to support core products and services retained for the long-term success of the company.

Given the number of production change-control requests served up in today's production environments from structural changes to the core business, IT must govern and protect its core operational practices. IT must not be influenced by reckless deal-making demands to circumvent existing operational and production control processes to "get something done fast." There is a cost for recklessness. Rather, IT should educate leaders and, only as truly needed, institutionalize emergency change-control procedures to get the work through the systems. Change control, risk management and security procedures must not be compromised, period.