When Martha Heller asked CIOs how their job has changed in the last five years, she heard innovation, front office, customers, business partnerships. But when she followed up that question and asked how CIOs have changed their operating models to accommodate this new role, she heard more than one "uh."
The confusion convinced Heller, a CIO recruiter and president of Heller Search, to write Be the Business: CIOs in the New Era of IT. In it, she argues that IT cannot simply belong to IT anymore; instead, CIOs must distribute the IT function -- that's leadership, budget, development -- across the enterprise to better serve their customers.
The guide also walks the talk, sharing anecdotes from enterprise CIOs who have upended the IT operating model.
Your last book, The CIO Paradox, looked at how CIOs were being asked to reinvent their role without sacrificing any of their traditional responsibilities and without more budget. What's changed?
Martha Heller: When I wrote the first book, the assumption was that IT still owned the IT budget, IT was responsible for IT development, and, while we didn't like the us-and-them divide that existed in IT, it was sort of just a part of the story.
How do CIOs break down the wall that separates IT from the enterprise?
Heller: That's a mindset shift, it's an organizational design shift, it's governance, and it's getting a whole group of vertically-oriented executives -- my P&L, my function, my region -- to look up and out at the future as a whole. That's something the CIO needs to drive, but he or she cannot drive it if they're trying to run IT from way over in the IT organization.
So where do CIOs get started?
Heller: I can't say there's one starting point, but I can mention a range of things that CIOs are doing to create this new, much more integrated operating model. Here's one, and I almost think of this as a metaphor for the whole thing: shadow IT.
Shadow IT is when I'm the head of sales and I realize the need for my little business -- my little offshoot business that's just one business unit in this large company -- to have Salesforce. So I'm going to put in my own instance of Salesforce. Or somebody else says, "All I need is a little application that can do this one little thing that's unique to my business. I'm going to hire a [developer]. I'm not going to let IT know about it. It will come out of my budget. And I'm just going to get this thing going."
All of that puts strain on the infrastructure. It means we're spending money on IT in a way that isn't strategic, scalable or smart. It means that any one of those little applications could introduce security issues into the enterprise. None of it is leveraging the CIO's role or functional organization. So, what CIOs have done for years is said, "No shadow IT on my watch."
That's an industrial-era model where we built big barriers around our organization. Today, one way that CIOs could get started is by building a development platform that invites everybody in the company to be a developer. But use our tools, adhere to our security protocols, make sure what you're spending on any of this goes into a larger budget. It's reconceptualizing shadow IT as end-user innovation.
What are the stumbling blocks with this sort of democratization of development?
Heller: The mindset of their people: We own IT in IT, and you can't own it; you can't manage it. If we democratize development, what about cost? What about security? What happens when somebody develops a piece of technology, and we don't know about it? More and more people start to use it -- it becomes a mission-critical thing -- but it doesn't have security, it doesn't have support, and all of a sudden it crashes. That's when we get called in. Now we're accountable for fixing this thing we didn't have anything to do with creating. That makes us afraid. We don't like that.
How else have you seen CIOs transition their IT operating model?
Heller: The way IT has traditionally supported ERP is there's somebody from database, there's somebody from development, there's a business analyst, there's somebody from infrastructure. But they are all on different teams and in different departments.
The way CIOs are starting to reconceptualize the operating model is let's have a team that considers itself a product management team and ERP is the product. Are we selling ERP like a product out to the market? No. But we're certainly delivering internally. That product, ERP, is going to have a product manager. That product manager is going to have a cross-functional team. On that team is going to be someone from database, somebody from app dev, and somebody from finance, HR and supply chain -- all of the areas ERP is serving.
Let's remove the us-and-them divide. There's going to be a cross-functional team responsible for ERP. And, by the way, this is a major shift: Maybe that team doesn't even report into IT. If ERP is serving the HR organization, why not? It makes more sense to have the technology managed by a cross-functional team, many of whom are in the business and using ERP.
Are you talking about decentralizing IT or is this a different concept?
Heller: It's a different concept. Centralized or decentralized is a binary -- it's going to be either this or that. And those are opposites of one another. This is a dialectic -- you've got one thing and then you've got the opposite of that; out of that comes something new. It defies opposition. There's not centralized IT; there's not decentralized IT. In a way, there is no IT.
Let me give you another concept. Eash Sundaram, the CIO at JetBlue, has one of my favorite quotes in the book, which is something like, "IT must become the toolkit that does not belong to IT alone; it belongs to everybody." It is up to the CIO to give everybody access to the IT toolkit.
If an ERP system is an IT toolkit, and it is, why is it the folks who use it the most, who get the most value from it -- HR, finance -- why don't they have any accountability for it? That's another example of really reconceptualizing IT from being a function to being a capability that everyone in the company has access to.
Now, those are pretty [big] words, and getting that down in terms of organizational design, role, definition, compensation plan, governance structures -- there's a lot of work to be done.
But there's no choice. IT cannot belong to IT alone. IT must be the business and, equally important, IT must let the business be IT. Think permeability.
In the news:
WhatsApp, privacy and the CIO