CIO survival guides

CIOs, IT directors and other senior technology managers could all too easily feel victimised. They are in charge of a business function that is still in its infancy, yet it is being asked to be a support pillar for the rest of the business, or sometimes to be the means of innovation and differentiation. With a rapidly changing technology base and immature processes, IT regularly fails to live up to expectations and sometimes it exposes the business to all kinds of risk. However, that risk can be minimised. In recent years, CIOs, business school academics and veteran consultants have produced a small library of ‘survival guides’. They focus on various topics, covering the reasons for project failure, IT governance and ROI, and what they all have in common is the aim of passing on lessons learned and accelerating the profession’s maturity. Information Age‘s technology and business book reviewers have identified six that should be on the shelves of senior IT executives everywhere.

Beating IT Risks
Buy this book



It is perhaps an indictment of the profession that IT is now characterised by others in management as less of an opportunity for business innovation and more as a source of business risk. The frequency with which the business is left ‘exposed’ by systems that fail or by projects that never deliver their original promise has dented enough careers to have instilled a sense of caution, if not suspicion, of IT.

If the sector is to address those issues, it needs to start applying some pretty thorough risk analysis to what it does. Rather than express an unshakable faith in technology and the skills that apply it, IT management needs to identify where they are most likely to under-deliver, to calculate the level of exposure and to ensure a suitable degree of focus is placed on eliminating, or at least minimising, the associated risk. Beating IT Risks by business school professor Ernie Jordan and PA Consulting’s Luke Silcock is a guide to “weighing up the risks and opportunities in IT, and techniques to enable you to find the risks you want to take, and thrive on them.”

It neither advocates timidity nor both-feet-first management: just the pressing need in IT for more sound judgement and realism. As the authors observe, some organisations regard the act of contemplating risk as negative thinking, and paint thoughtful managers as over-cautious and even lacking in leadership. Jordan and Silcock have strong views on that: “The ‘dumbed-down’ thinking that ignores risks or only considers the most superficial ones has no place in a world where IT is, for many organisations, an essential utility that underpins every business activity.” In analysing the problem, they find that most enterprises and their managers lack a decent way of dealing with IT risk. Too often, the risks are not even openly considered; and there are few tools to keep risks in view. Moreover, there are inadequate organisational processes to respond to risk.

In a well-structured and articulated argument, they identity seven classes of IT risk and how the associated risk of each can be appreciated and dealt with: projects (and their frequent failure to deliver); service continuity (or a lack of it); information assets (in need of protection and preservation); service providers and vendors (who go bust or lie about the capabilities of their products); applications (that are often flaky); infrastructure (that is built on weak foundations); and ’emerging’ technology (the leading edge that often turns into bleeding edge). Each of these is studied in depth, with a constant flow of recommendations and pointers designed to “cure the IT risk headache”.

The impression is that the authors have witnessed their fair share of horror stories, and while they may be shaking their heads in disbelief at some of the poor governance of IT process, they are not doing so without consideration. They readily acknowledge the tough constraints and pressures IT is under, while pointing out some better ways of responding. Scattered through the discussion are examples of situations where IT risk was identified and well managed, and other examples where it was, for all kinds of reasons, overlooked – often with dramatically negative consequences. As that underscores, IT is a risky business. But there can be few management texts that have put this in such clear context or that provide a structure for de-risking IT and the careers of those who practise it.

IT Governance
Buy this book



IT Governance: How Top Performers Manage IT Decision Rights for Superior Results starts with the bad news: 70% of all IT projects fail. But IT experts Peter Weill and Jeanne Ross argue that the real reason IT fails to deliver value is that companies have no formal system in place for guiding and monitoring IT decisions.

Their research shows that firms with explicit IT governance systems have twice the profit of firms with poor governance, given the same strategic objectives. Just as corporate governance systems aim to ensure quality decisions about any corporate assets, the authors argue that companies need IT governance systems to ensure that IT investments are made wisely and effectively.

This is not just opinion. The authors draw on a study of 250 enterprises worldwide to establish the best ways to design and implement a decision-making structure that will ensure that all stakeholders in an IT project contribute towards the strategic and financial goals of the company. The claim is this book will help firms transform IT from an expense to a profitable investment; there are enough examples to at least partially justify that claim.

IT Manager’s Survival Guide
Buy this book



The IT Manager’s Survival Guide by Rob Aalders and Peter Hind is one of the strongest representatives of its genre. It offers a pragmatic framework of well-versed, if all-too-often undervalued, theories, and supports them with real-life anecdotes, tips for successful management and checklists. The fundamental idea is that IT cannot be run as a separate (and often alien) department from the business: IT managers should focus on management rather than technology, and have the skills to organise and run an infrastructure and its employees. The effective IT department they control should act as a supply, logistics and commercial unit.

Topics covered include broad business issues – recruitment, corporate governance and managing change – as well as those which have special relevance to the IT department, such as establishing service level agreements, integrating legacy systems, help desk management and the formulation of business continuity and disaster recovery plans.

Another strength is the third-party contributions. Essays are written by IT managers, analysts and management consultants on subjects such as ‘What is wrong with IT management?’ and synopses are provided of the works of well-respected management theorists such as IT economist Paul Strassmann and Elton Mayo, who focuses on how to get increased productivity from employees.

Information Systems
Buy this book



The premise of Information Systems: Achieving Success by Avoiding Failure by academics Joyce Fortune and Geoff Peters is that the widespread failure of IT projects is due to organisations refusing to learn from their own or others’ mistakes. Since most do not record post-mortems on failed projects they do not have any library of best practices to draw on. Instead they opt to invest in often inadequate disaster recovery plans.

They claim there are certain characteristics of failure that are shared between very different situations – from IS failures to natural disasters – and enthuse about the benefits of pooling this information. One example is a Cabinet Office report published in 2000, which drew on projects across government and made recommendations to halt the run of high profile IT system failures.

What the authors recommend is using a Systems Failure Approach (SFA) as a yardstick by which to judge both existing and planned information systems, and they suggest practical methods needed to achieve success. The SFA uses qualitative modelling and comparisons to provide realistic recommendations and the authors test it against various incidents both with hindsight, and as a method of preventing failure in new systems.

CIO Survival Guide
Buy this book

Dell’s former CTO Karl Schubert, who subtitles his book, The Roles and Responsibilities of the Chief Information Officer, advises on how to build relationships with business executives and partners. To do so, he draws on the work of several leading management gurus, including Harvard Business School’s Clayton Christensen and Xerox’s former chief scientist, John Seely Brown.

Arguably the title does the book’s quality little justice: it implies a reactive approach with the CIO simply managing to scrape by. On the contrary, early on it includes a checklist determining the ‘Ten Questions the CIO must ask the CEO’ and from then on does not cease to provide tips on how to create an IT organisation closely aligned to the business’ goals, which if followed through should ensure not just survival but success. Schubert focuses on building relationships and man-management, formulating strategy, decision-making and prioritising resources.

One chapter – ‘Connecting IT to Value Creation’ – deals with the landscape that still too few CIOs and their IT organisations managed to navigate successfully, emphasising the need for CIOs to use business language to sell their vision to the board.

CIO Wisdom
Buy this book



In CIO Wisdom, 20 senior Silicon Valley IT executives share their experiences with Symantec’s senior director of IT, Dean Lane, in an effort to address some of the broad challenges facing the modern-day CIO including budgeting, planning, sourcing and architecture.

The articles cover issues impacting every facet of the CIO’s role, and Dean’s colleague at Symantec, CIO Mark Egan, outlines a 90-day tactical plan for taking charge of IT and then developing a long-term strategy. Its strength lies in the fact the advice is given out by people who have practised what they preach. It offers both guidance on personal development – for example, on how to cope with the stresses of being a CIO, or how to cope as a woman in what is still very much a man’s world – as well as professional issues.

While some of the articles set out recommendations on aspects such as leadership that will probably be just as true in five or ten years, others have a more immediate value. ‘What really works right now’ and a chapter on the hot topic of outsourcing may not have the longevity of other articles, but they are undeniably constructive today.

Avatar photo

Ben Rossi

Ben was Vitesse Media's editorial director, leading content creation and editorial strategy across all Vitesse products, including its market-leading B2B and consumer magazines, websites, research and...

Related Topics