Managing IT Functions | Section III - Other IT Governance Mechanisms

Table of contents:

Petter Gottschalk
Norwegian School of Management, Norway

Abstract

This chapter discusses imperatives for IT functions, organization of IT functions, roles of IT functions, roles of chief information officers (CIOs) and key issues in IT management. CIOs in Norway find the role of entrepreneur most important and the role of liaison least important. Improving links between information systems strategy and business strategy is the highest ranking key issue in managing IT functions in Norway.

Introduction

The formal organizational unit or function responsible for technology services is often called the information technology department. The IT department is responsible for maintaining the hardware, software, data storage and networks.

The IT department consists of information technology professionals such as computer programmers, systems analysts, information architects, and project leaders. An IT manager, called the chief information officer (CIO), is heading the information technology department in many companies. The CIO is a senior management position to oversee the use of information technology in the firm. Often, the CIO is the most important person in IS/IT strategy work.

In larger organizations, we may find that the IT function consists of several IT departments in various business segments or at various business locations. While each department may have an IT manager, the CIO will coordinate all IT departments at the corporate strategic level.

Imperatives for IT Functions

For IT functions to be successful, Rockart et al. (1996) have listed eight imperatives:

Achieve Two-Way Strategic Alignment. The first imperative is to align IT strategy with the organization's business strategy. With more than 50 percent of capital equipment investment in the United States now being devoted to information technology, IT has clearly become a major resource for management in carrying out its strategic initiatives.
Develop Effective Relationships with Line Management. The key people using information technology in any organization are its functional, product, and geographical line managers. They provide the strategic and tactical direction and the commitment to implementation that converts visions of new systems into improved organizational processes. Thus IT personnel at all levels must develop strong, on-going partnerships with line managers.
Deliver and Implement New Systems. Although the primary function of the IT department has been the development and operation of systems, today's approach to system development is radically different from the past. The task has changed from developing mainframe-based transaction-processing systems that support a single function to delivering desktop systems that address the integrated data needs of knowledge workers.
Build and Manage Infrastructure. IT is currently charged with creating an "IT infrastructure" of telecommunications, computers, software, and data that is integrated and interconnected so that all types of information can be expeditiously — and effortlessly, from the users' viewpoint — routed through the network and redesigned processes.
Reskill the IT Organization. For almost two decades, the basic approach to systems development did not change. COBOL was the major language, and the mainframe was the major platform on which systems were developed. Today, by far the largest number of systems are being built for client/server use. Developers in this environment must regularly learn new programming languages, operating systems, and communications protocols.
Manage Vendor Partnerships. Outsourcing some IT responsibilities to computing services firms can compensate for skill shortages in IT units and relieve management of the need to oversee tasks that are not competitive strengths or core competencies. IT management must be informed buyers and prime negotiators.
Build High Performance. In the future, IT units, like all other functions in the firm, must strive to meet increasingly demanding performance goals and improve their economic and operational track record.
Redesign and Manage the Federal IT Organization. For the past three decades, T organizations have struggled with the "centralization-decentralization" issue. The exact locus of all or part of IT decision-making power is critical, and getting the right distribution of managerial responsibilities is thus the eighth imperative.

Organization of IT Functions

IT functions can be organized in different ways in organizations. Robson (1997, p. 309) makes distinctions between centralized, decentralized and devolved as follows.

Centralized: One single-access function: IT department provides one single service, with single-access provision. A centrally located IT department provision may be a continuation of always having been centralized or may be a regrouping in response to pressures for cost savings. The centralized approach to locating IT function is effective at gaining, or regaining, control over IT. The technology and systems infrastructure can be efficiently and effectively provided and there should be few problems of data format and security or software compatibility. With one agency in control there should be no confusion over responsibilities and it will have the power to impose standards that ensure that all related parts of the business are able to interface successfully. Despite frequently being used to reduce costs, the bureaucracy and inflexibility often associated with centralized IT function can cause costs to escalate uncontrollably. The early proponents of centralization stated that computing power was proportional to the square of the cost of the processor and indicated that there is economies of scale inherent in centralized IT department.

Radical changes in cost/performance ratios have challenged these proponents' views and so there may be other, more effective, routes to a cost-effective IT infrastructure. Centralized location can lead to confusing the issues of coordination (for instance in building the infrastructure) with those of control and ownership. A centrally located IT function may also be correlated with IT making a low contribution to the business since it may be preoccupied with the complexities of its own internal concerns and so be out of touch with business priorities and so not able to respond to them.

Decentralized: Lots of single-access functions: IT function being a number of smaller single-site, single-access centers, a collection of IT departments. The proliferation of multiple IT departments brings IT geographically closer to the user community but perhaps no nearer in culture or understanding. Decentralization has some powerful advantages. Since it can be much closer to the grass roots of the business, IT has a better chance of motivating and involving users and, by distributing the involvement, the logic is that users will act in a responsible way because they are responsible (and in control, and accountable).

Decentralization focuses less on IS costs and more on user effectiveness. Local IT staff is part of the business. More business-relevant systems should be created since, with fewer, more generalist, IT staff who have less chance of being distracted, business needs are the systems drivers rather than technical interest. In addition, simpler systems may result and 'small is beautiful' and 'simple engineering is good engineering'. Whilst these points give some benefits over the centralized location of IT function, there are drawbacks; primarily what is achieved is many groups all having the same problems so that the main disadvantage is one of duplication-driven higher costs plus staff isolation in the mini-IT sections.

Since IT departments deliver their services in much the same way there is little difficulty in changing from centralized to decentralized provision. The cyclical swing between prioritizing control of centralized location and the flexibility of this decentralized location happens perhaps every five to eight years. The ease with which the change can be made makes it clear that nothing is very radically different between them. The decentralization of IS resources may be one side of this continually flipping coin or be a stage in a progression towards devolved locations. Currently there are strong pressures to lower IT resource costs; there is a growing IS literacy within the entire user community, and there is phenomenal growth in end-user computing.

All of this suggests that decentralization cannot effectively provide the balanced complement to the high degree of standardization associated with centralized IS. Highly centralized IS tends to discourage creativity since IT function's fear of chaos if standards are relaxed is a major inhibitor to the high risk, high payoff application. It would seem that the necessary complement to centralized IT must be devolved IT that will transfer authority and responsibility to where IT and the business interface, so that business-relevant innovations can emerge and be delivered from the combination.

Devolved: Geographically and managerially dispersed: IT function is a web of lateral linkages plus a significant degree of end-user control over processing and applications systems development and environment. The distinction between decentralized IT function and devolved IT function is of the degree of dispersion of control and authority. This is perhaps the structural name for the collected set of activities that include departmental computing and all forms of user self-managed computing. The advantages and disadvantages of a devolved IT location flow from this dispersal of control. Devolution adds to the technical dispersion inherent in distributed computing but replaces the central IS control with organization-wide cooperation and coordination in order to gain integration. There is still a need for automated support of activities in a devolved environment. Rather than striving for the 'lights out' operation of centralized data centers, the thrust of automation should be a systems safety.

Devolved IT function leads to a dangerous potential confusion over who will be responsible for the, perhaps unglamorous, housekeeping aspects of IS; devolution must be about who is accountable for the system in all respects. Since the devolved location leads to a risk that the business of system protection falls as no one's responsibility the answer is to automate protection as far as possible. The other area to automate as much as possible is the management of the network backbone itself. Software updates, capacity loading adjustments, etc. can be added to basic system and data hygiene housekeeping.

The costs incurred in such housekeeping may be lower since the devolution means users have a direct, vested interest in cost effectiveness. Devolution would seem to be an option favored by organizations that have a good claim to understanding the appropriate role of IS to a competitive business.

Decentralization and distributed computing tend to create islands of technology whereas devolution puts the resources where they are needed by the business, and the main driver for devolution has been the need to get the IT function closer to the business and its customers. The central IT department disappears and is replaced by a utility service that provides the organization-level needs such as network facilities, corporate planning systems, and support for the process of establishing standards and principles for IT procedures. Some central coordination and planning will remain.

Robson (1997, p. 326) finds that devolution has been highly correlated with IS significantly contributing to the business and has been supported by five thrusts:

Downsizing trends in processing power: Powerful desktop computers make local access to any nature of system a technical reality.
Growth of standards: Particularly in the area of networking, these allow 'plug and go' capabilities that therefore demand far fewer IT specialist skills.
Greater IT awareness: Amongst all managers there is greater interest in using and managing IT to the business' advantage.
The need to match organizational unit autonomy: Including supporting business decoupling to enable divestment programs.
The drive to manage costs: In enlightened organizations this is not only to cut them (often only with the result of weakening the organization and IS), but also to make them appropriate (that is, lower than the long-term gains). Devolution places costs where gains can be judged against business productivity.

Organization is concerned with the location of the IT department as well as the internal organization of the IT department. Location is where the department is sited. Alternatives for location include centralized, decentralized, dispersed, and outsourced. The centralized alternative is illustrated in Figure 1.

click to expand
Figure 1: Location of the IT Function in the Organization

The internal organization of the IT function will vary, but a typical example is illustrated in Figure 2. To assist the CIO in managing IS/IT strategy work, there is often a strategic planner. The information architect works on information models to manage data resources. The operations manager is concerned with hardware, networks and operating systems, while the development manager is concerned with application systems. Help desk helps users help themselves with end user software and hardware.

click to expand
Figure 2: Internal Organization of the IT Function

As Knowledge Management becomes more important, we see organizational change. In Figure 3, a possible organization in a law firm is illustrated. Law firm partners typically own their law firm, and some partners are elected to the board. One partner serves as managing partner, managing the production of legal services. A chief executive officer (CEO) is in charge of all support functions in the firm. Both a chief knowledge officer (CKO) and a chief information officer (CIO) may report to the CEO. Responsibilities of the CKO include knowledge architecture, strategic planning, training and library. Responsibilities of the CIO include information architecture, systems development and operations, and help desk. A close cooperation between the CKO and CIO is needed to secure success of Knowledge Management initiatives in the firm.

click to expand
Figure 3: A Law Firm Organization Chart

Roles of IT Functions

The IT function in a company may be defined as the collection of all dedicated IT responsibilities and applied IT competence within the company, involved in tasks like deploying IT, supporting the use of it, operating and maintaining, etc. or even doing tasks concerning exploitation of IT as a business critical component. In this book we have seen that the role of the IT function may vary; it could be merely technically oriented and nonstrategic, it could be a resource to support the business strategy, it could enable new business opportunities, and it could as well play a critical role to the survival of the company in the long run.

Criteria for evaluating the IT function in a company are strongly dependent on its role, and may vary from operations efficiency and cost minimalization, through ability to contribute to the achievement of business goals and some specified results to come from IT initiatives defined in the business strategy, to some long-term effects to the organization.

The primary task of the IT function at Stage 1 can be office automation, systems operation and user support. It is often required that the services are delivered according to predefined criteria, preferably defined in an SLA (Service Level Agreement). Here the IT function is evaluated for operations efficiency, cost efficiency or customer satisfaction. IT functions on this stage normally have a customer-supplier relation to the users of their services. At Stage 2 the primary task may be to utilize the technology in the best possible way to achieve the goals the business management has defined. At Stage 3 the enabling of new business goals by using IT may be the focus, while at Stage 4 the IT function is committed to exploit IT as one basic input factor to enabling the creation of value in the company.

This is illustrated in the two first columns of Figure 4. The matrix in addition indicates some typical deliveries or efforts of the IT function at the various stages, as well as organizational issues.

click to expand
Figure 4: The Role of IT Functions in Relation to Business (Source— Noralf Husby, IT-ledelse AS, Norway)

An empirical study in Norway showed that of 41 IS/IT plans, 15 documented that the firms were at Stage 1, with an IT function focused on technical matters. Thirteen firms had an IT function on Stage 2, while 14 firms gave the IT function influence on the business strategy and hence may be classified as being on Stage 3. Only two firms recognized their IT function as critical for the business ability to survive in the long run (Stage 4).

This model can be utilized in processes of organizational change or business improvement, to help identify the IT function's opinion of its own role today and where it wishes to be heading. The result can be valuable to defining the future needs of competence at the various stages and where this should be placed in the organization. Relations to external vendors and partners should also be examined as part of such a process.

A specific company may have IT functions on several stages. The model could be viewed as stairs where Stage 1 is the base step; to be able to have an IT function on, let's say, Stage 3 requires that the Stages 1 and 2 are well functioning. Concerning Stage 1, the tasks could be outsourced, but the stage still is part of the IT function because the responsibility of the impact on the organization prevails internally. An internal IT function has to control the external supplier.

The requirements to the IT function depend on the nature of the business. It is not a goal for every company to have IT functions on Stage 4. Stage 1 may prove sufficient to a firm with mainly manual processes. A dot.com, a web-based bank or a telecom service provider may require a Stage 4 type of IT function. This also applies to a lawyer firm in case online legal services are to be offered to customers on a self-service basis.

During recent years it has been a trend to make products of all that the IT function offers, believing that only by trading measurable items could the quality be optimized. Correctly, this applies to Stages 1 and 2, but it would rather be an obstacle to good quality of IT functions on Stages 3 or 4. Sharing of business responsibility is a main driver for quality at these two stages, although "business consciousness" and business understanding is important at Stages 1 and 2 as well.

The Chief Information Officer

The CIO can be defined as the highest-ranking IT executive who typically exhibits managerial roles requiring effective communication with top management, a broad corporate perspective in managing information resources, influence on organizational strategy, and responsibility for the planning of IT to cope with a firm's competitive environment. This definition is in line with research, which applied the following criteria when selecting CIOs for empirical observation: (1) highest-ranking information technology executive, (2) reports no more than two levels from the CEO, i.e., either reports to the CEO or reports to one of the CEO's direct reports, (3) areas of responsibility include information systems, computer operations, telecommunications and networks, office automation, end-user computing, help desks, computer software and applications, and (4) responsibility for strategic IS/IT planning.

The CIO position emerged in the 1970s as a result of increased importance placed on IT. In the early 1980s, the CIO was often portrayed as the corporate savior who was to align the worlds of business and technology. CIOs were described as the new breed of information managers who were businessmen first, managers second, and technologists third (Grover et al., 1993). It was even postulated that in the 1990s, as information became a firm's critical resource, the CIO would become the logical choice for the chief executive officer (CEO) position.

As a manager of people, the CIO faces the usual human resource roles of recruiting, staff training, and retention, and the financial roles of budget determination, forecasting and authorization. As the provider of technological services to user departments, there remains a significant amount of work in publicity, promotion, and internal relations with user management. As a manager of an often virtual information organization, the CIO has to coordinate sources of information services spread throughout and beyond the boundaries of the firm. The CIO is thus concerned with a wider group of issues than are most managers.

While information systems executives share several similarities with the general manager, notable differences are apparent. The CIO is not only concerned with a wider group of issues than most managers, but also, as the chief information systems strategist, has a set of responsibilities that must constantly evolve with the corporate information needs and with information technology itself. It has been suggested that the IT director's ability to add value is the biggest single factor in determining whether the organization views information technology as an asset or a liability.

According to Earl and Feeny (1994, p. 11), chief information officers have the difficult job of running a function that uses a lot of resources but that offers little measurable evidence of its value:

"Chief information officers have the difficult job of running a function that uses a lot of resources but that offers little measurable evidence of its value. To make the information systems department an asset to their companies — and to keep their jobs – CIOs should think of their work as adding value in certain key areas."

Creation of the CIO role was driven in part by two organizational needs. First, accountability is increased when a single executive is responsible for the organization's processing needs. Second, creation of the CIO position facilitates the closing of the gap between organizational and IT strategies, which has long been cited as a primary business concern.

Alignment of business and IT objectives is not only a matter of achieving competitive advantage, but is essential for the firm's very survival. Though the importance of IT in creating competitive advantage has been widely noted, achieving these gains has proven elusive. Sustained competitive advantage requires not only the development of a single system, but the ability to consistently deploy IT faster, cheaper, and more strategically than one's competitors. IT departments play a critical role in realizing the potential of IT. The performance of IT functions, in turn, often centers on the quality of leadership, i.e., the CIO.

As early as 1984, some surveys suggested that one-third of US corporations had a CIO function, if not in title. While exact percentages differ, ranging from 40% to 70%, Grover et al. (1993) found that the number of senior-level information systems executive positions created over the past ten years had grown tremendously. The earliest scientifically conducted research on the CIO position examined 43 of 50 top-ranked Fortune 500 service organizations in the US, and noted that 23 (58%) of these organizations had the CIO position. In 1990, the 200 largest Fortune 500 industrial and service organizations were examined, and it was found that 77% of the industrials had a CIO position as compared with 64% of the service organizations. It is very likely that these numbers have increased in recent years.

Few studies have examined the reasons behind the creation of the CIO position in firms. Creation of the position effectively increases accountability by making a single executive responsible for corporate information processing needs. In a sample of Fortune 500 firms, i.e., appearing on the list for four consecutive years, 287 firms with CIOs were compared in 1995 to firms without CIOs on a number of variables hypothesized to predict creation of the position. It was observed that a number of characteristics of the corporate board, including the number of outside directors and equity ownership of the directors, predicted the existence of the CIO position. A firm's information intensity was also found to be positively related to the creation of the CIO position. Furthermore, the CIO position was more likely to exist when the CEO appreciated the strategic value and importance of IT.

The CIO title itself has become a source of confusion. The term CIO has been somewhat loosely defined and is often used interchangeably with various titles such as IT director, vice president of IS, director of information resources, director of information services, and director of MIS, to describe a senior executive responsible for establishing policy and controlling information resources. Sometimes, the CIO label denotes a function rather than a title. Studies relating to the CIO have focused on the evolution of the position and the similarities between the CIO and other senior-level executives.

The CIO label itself has been met with resistance, and some firms have replaced the title with alternative labels such as knowledge manager, chief knowledge officer (CKO) or chief technology officer (CTO). It has been found that the CKO has to discover and develop the CEO's implicit vision of how Knowledge Management would make a difference, and how IT can support this difference.

There are significant differences between the tasks of a CTO, CIO and CKO. While the CTO is focused on technology, the CIO focuses on information, and the CKO focuses on knowledge. When companies replace a CIO with a CKO, it should not only be a change of title. Rather, it should be a change of focus.

Applegate et al. (1996) indicate that the CIO is becoming a member of the top management team and participates in organizational strategy development. Similarly, it has been stated that CIOs see themselves as corporate officers and general business managers. This suggests that CIOs must be politically savvy and that their high profile places them in contention for top line management jobs. The results of these studies indicate that today's CIO is more a managerially oriented executive than a technical manager. Some provide a profile of the ideal CIO as an open communicator with a business perspective, capable of leading and motivating staff, and as an innovative corporate team player. Karimi et al. (2001) found that successful CIOs characterized themselves in the following way:

I see myself to be a corporate officer.
In my organization I am seen by others as a corporate officer.
I am a general business manager, not an IT specialist.
I am a candidate for top line management positions.
I have a high profile image in the organization.
I have political as well as rational perspectives of my firm.
I spend most of my time outside the IT department focusing on the strategic and organizational aspects of IT.

Business strategist is likely to be among the most significant roles that CIOs will fulfill in the digital era, according to Sambamurthy et al. (2000). As a business strategist, the CIO must understand and visualize the economic, competitive, and industry forces impacting the business and the factors that sustain competitive advantage. Further, the CIO must be capable of plotting strategy with executive peers, including the chief executive officer (CEO), chief operating officer (COO), and other senior business executives (Sambamurthy, 2001, p. 285):

"Business strategist is likely to be among the most significant roles that CIOs will fulfill in the digital era. As a business strategist, the CIO must understand and visualize the economic, competitive, and industry forces impacting the business and the factors that sustain competitive advantage. Further, the CIO must be capable of plotting strategy with executive peers, including the chief executive officer (CEO), chief operating officer (COO), and other senior business executives. Not only are CIOs drawn into the mainstream of business strategy, but also their compensation is being linked with the effectiveness of competitive Internet actions in many firms. With an understanding of current and emergent information technologies and an ability to foresee breakthrough strategic opportunities as well as disruptive threats, CIOs must play a lead role in educating their business peers about how IT can raise the competitive agility of the firm. Obviously, to be effective business strategists, the CIOs must be members of an executive leadership team and part of the dominant coalition that manages the firm."

With an understanding of current and emergent information technologies and an ability to foresee breakthrough strategic opportunities as well as disruptive threats, CIOs must play a lead role in educating their business peers about how IT can raise the competitive agility of the firm. To be effective business strategists, the CIOs must be members of an executive leadership team and part of the dominant coalition that manages the firm.

Robson (1997) has suggested that CIOs have to be hybrid managers to be successful. Hybrid managers require business literacy and technical competency plus a third dimension. This third item is the organizational astuteness that allows a manager to make business-appropriate IS use and management decisions that enhance or set business directions as well as follow them. It is fairly well recognized that hybrid managers are problematic, perhaps requiring inbuilt talent and personal qualities, but can be encouraged or discouraged. For this reason undergraduate study can generally produce only hybrid users whilst postgraduate and post-experience study can support the development of hybrid managers.

Hybrid users are the people involved in user-controlled computing; they combine a degree of technical competence with business literacy required to fulfill their primary role (Robson, 1997, p. 367):

"This management description is not just another term to describe the users engaged in the user-controlled computing. A clear distinction exists between hybrid users and hybrid managers and this distinction is one of emphasis and purposes. Hybrid users are the people involved in user-controlled computing, they combine a degree of technical competence (perhaps defined by notions such as the end-user continuum) with, of course, the business literacy required to fulfil their primary role. Hybrid managers, as opposed to managers who are hybrid users, require this business literacy and technical competency plus a third dimension. This third item is the organisational astuteness that allows a manager to make business-appropriate IS use and management decisions that enhance or set business directions as well as follow them. It is fairly well recognised that hybrid users can be trained whereas the more sophisticated development of hybrid managers is problematic, perhaps requiring inbuilt talent and personal qualities, but can be encouraged or discouraged. For this reason undergraduate study can generally produce only hybrid users whilst postgraduate and post-experience study can support the development of hybrid managers.

The notion of hybrid management is an essentially British one and a significant amount of work on the concept of hybrid management has been done. Earl provided the initial working definition of hybrid managers that has been subsequently adopted by other works. Hybrid managers are a high risk, high cost, people infrastructure that enables the organisational integration of IS and business. This integration ensures both business-consistent IS and IS-exploitative business and so hybrid managers straddle two, previously disparate, disciplines. No amount of communication, or translation bridges, between the two separate disciplines can achieve the same degree of integration. Whilst there is no theoretical reason why hybrid managers cannot be drawn from any discipline, experience seems to show that it proves easier to add IS 'technical' knowledge to a base of business awareness than to inculcate IS technicians with a broader, organisational vision. The primary benefits of hybrid managers are that they create 'islands' of true business/IS understanding; these islands then provide the catalyst that leads to an organisational hybridisation. Even from the earliest stages of hybridisation programmes, organisational gains in flexibility and effectiveness are reported.

Since developing hybrid managers (or any form of management development) is a costly and uncertain exercise it can be a problem notion in recessionary times. The long-term benefits, rather than short-term gains, of such a development programme can look easy to 'trim' out of recession-hit budgets. And yet, paradoxically, it is precisely this type of people infrastructure that supports the cross-boundary, radical re-works typically associated with business process redesign to enable significant future cost savings. The business redesign focus of the 1990s demands the hybrid manager who is, not narrowly specialist, but capable of seeing the broad picture and the opportunities present in this total view. Hybrid managers will be critical to the survival of the IS function into the next decade. The continuing devolution of many IS areas requires a hybrid manager to manage the 'new' IS and indeed even the act of assessing the relative merits of different paths to devolution, and judging what not to devolve requires the skills as defined to be of a hybrid manager."

The notion of hybrid management is an essentially British one and a significant amount of work on the concept of hybrid management has been done. Earl provided the initial working definition of hybrid managers that has been subsequently adopted by other works. Hybrid managers are a high risk, high cost, people infrastructure that enables the organizational integration of IS and business. This integration ensures both business-consistent IS and IS-exploitative business, and so hybrid managers straddle two, previously disparate, disciplines. No amount of communication, or translation bridges, between the two separate disciplines can achieve the same degree of integration.

Whilst there is no theoretical reason why hybrid managers cannot be drawn from any discipline, experience seems to show that it proves easier to add IS technical knowledge to a base of business awareness than to inculcate IS technicians with a broader, organizational vision. The primary benefits of hybrid managers are that they create islands of true business/IS understanding; these islands then provide the catalyst that leads to an organizational integration. Even from the earliest stages of integration programs, organizational gains in flexibility and effectiveness are reported.

Since developing hybrid managers (or any form of management development) is a costly and uncertain exercise it can be a problem notion in economic depression times. The long-term benefits, rather than short-term gains, of such a development program can look easy to trim out of recession-hit budgets. And yet, it is precisely this type of people infrastructure that supports the cross-boundary, radical re-works typically associated with business process redesign to enable significant future cost savings. The business redesign focus of the future demands the hybrid manager who is, not narrowly specialist, but capable of seeing the broad picture and the opportunities present in this total view.

According to Robson (1997, p. 368), hybrid managers will be critical to the survival of the IT function in the future. The continuing devolution of many IS areas requires a hybrid manager to manage the new IS and indeed even the act of assessing the relative merits of different paths to devolution, and judging what not to devolve requires the skills as defined to be of a hybrid manager.

This is certainly true if the company is to succeed in Knowledge Management. Knowledge Management requires not only business literacy and technical competency; it requires first and foremost an ability to combine the two. Sometimes information technology is (part of) the solution to Knowledge Management challenges, sometimes it not. Only business literacy combined with technical competency can enable a CIO to make an optimal judgment.

Although it was originally expected that the CIO would have high levels of influence within the firm, as the definition of job responsibilities would suggest, recent surveys indicate that this may not be the case. CIOs may not actually possess strategic influence with top management, and they may lack operational and tactical influence with users. Some specific problems include higher-than-average corporate dismissal rates compared with other top executives, diminished power with belt tightening and budget cuts, high expectations of new strategic systems that CIOs may not be able to deliver, lack of secure power bases due to the fact that CIOs are viewed as outsiders by top management, and the fact that few CIOs take part in strategic planning, and many do not report to the CEO.

Over time, the number of CIOs reporting to CEOs seems to increase. In 1992, only 27% of surveyed CIOs in the US reported to CEOs, while this number had increased to 43% five years later, as listed in Figure 5. In Norway, the numbers in Figure 5 seem to indicate a stable level above forty percent or maybe an insignificant decline in the fraction of CIOs reporting to the CEO. An interesting development is indirect reports moving from CFOs to other top executives.

Chief Information Officer (CIO) reporting to:	USA 1992	USA 1997	Norway 1997	Norway 1999	Norway 2000
Chief Executive Officer (CEO)	27%	43%	48%	44%	41%
Chief Financial Officer (CFO)	44%	32%	21%	23%	16%
Other top executive in the company	29%	25%	31%	33%	43%

Figure 5: CIO Reporting in the US and Norway Over Time

The CIO's pivotal responsibility of aligning business and technology direction presents a number of problems. Moreover, rapid changes in business and information environments have resulted in corresponding changes at the IT function helm. This role has become increasingly complex, causing many firms to look outside the organization for the right qualifications. Characteristics such as professional background, educational background, and current length of tenure have been examined in previous research. CIO problems seem to indicate that, when compared with other senior executives, CIOs do not have the authority or ability to achieve the kind of changes that were promised when the position was initially proposed. A second and possibly related explanation is that CIOs are experiencing managerial role conflicts that prevent them from meeting those expectations as originally envisioned in the CIO position.

One approach to understanding the CIO position is to study managerial roles. Mintzberg (1994) notes a number of different and sometimes conflicting views of the manager's role. He finds that it is a curiosity of the management literature that its best-known writers all seem to emphasize one particular part of the manager's job to the exclusion of the others. Together, perhaps, they cover all the parts, but even that does not describe the whole job of managing.

Based on an observational study of chief executives, Mintzberg (1994) concluded that a manager's work could be described in terms of 10 job roles. As managers take on these roles, they perform management functions. These ten roles consist of three interpersonal roles (figurehead, leader and liaison), three informational roles (monitor, disseminator, and spokesman), and four decisional roles (entrepreneur, disturbance handler, resource allocator, and negotiator):

Figurehead performs some duties of a ceremonial nature. Examples are greeting visitors, responding to journalists' questions, and visiting customers and allies.
Personnel leader is responsible for motivation of subordinates and for staffing and training. Examples are most activities involving subordinates, such as settling disagreements between subordinates.
Liaison establishes a web of external relationships. Examples are attending conferences and giving presentations.
Monitor seeks and receives information to understand and learn from the environment. Examples are reading journals and listening to external experts.
Disseminator transmits information to other organizational members. Examples include forwarding reports and memos, making phone calls to present information, and holding informational meetings.
Spokesman involves the communication of information and ideas. Examples are speaking to the board of directors and top management, and talking to users.
Entrepreneur acts as initiator and designer of much of the controlled change in the organization. Examples are user ideas converted to systems proposals and management objectives transformed to infrastructure actions.
Resource allocator is responsible for allocation of human, financial, material, and other resources. Examples are working on budgets, developing project proposals, and monitoring information technology projects.
Negotiator is responsible for representing the organization in negotiations. Examples are negotiations with unions concerning wages and with vendors concerning procurements.

According to Mintzberg (1994), these ten roles are common in all managerial jobs regardless of the functional or hierarchical level. However, differences do exist in the importance and effort dedicated to each managerial role based on job content, different skill levels, and expertise. Mintzberg (1994) states that managers are in fact specialists, required to perform a particular set of specialized managerial roles that are dependent upon the functional area and hierarchical level in which they work.

Grover et al. (1993) used the Mintzberg framework to study CIO roles. They selected six of ten roles, which they found relevant for CIOs: personnel leader, liaison, monitor, spokesman, entrepreneur and resource allocator. The four other roles (figurehead, disseminator, disturbance handler, and negotiator) were not operationalized because Grover et al. (1993) found that the activities constituting these roles were correlated with the activities of the other six roles and because they found that the activities that comprised those four roles were consistently important only for certain functions and levels of management. The six selected roles were related to information technology management by rephrasing them:

As the personnel leader, the IS manager is responsible for supervising, hiring, training, and motivating a cadre of specialized personnel. Literature has emphasized the impact of this role on IS personnel. This role is mainly internal to the IS organization.
The spokesman role incorporates activities that require the IS manager to extend organizational contacts outside the department to other areas of the organization. Frequently, he or she must cross traditional departmental boundaries and become involved in affairs of production, distribution, marketing, and finance. This role is mainly external in relation to the intra-organizational environment.
As the monitor, the IS manager must scan the external environment to keep up with technical changes and competition. In acting as the firm's technical innovator, the IS manager uses many sources including vendor contacts, professional relationships, and a network of personal contacts. This role is mainly external in relation to the inter-organizational environment.
As the liaison, the IS manager must communicate with the external environment including exchanging information with IS suppliers, customers, buyers, market analysts, and the media. This role is mainly external in relation to the inter-organizational environment.
As the entrepreneur, the IS manager identifies business needs and develops solutions that change business situations. A major responsibility of the IS manager is to ensure that rapidly evolving technical opportunities are understood, planned, implemented, and strategically exploited in the organization.
As the resource allocator, the IS manager must decide how to allocate human, financial, and information resources. The litany of past discussion on charge-back systems (users have to pay for IT services) and the importance of "fairness" in IS resource allocation decisions speak to the importance of this role. This role is mainly internal to the IS organization.

In Figure 6, the selected six CIO roles are illustrated. The roles of personnel leader and resource allocator are both internal to IT functions. The entrepreneur absorbs ideas from the intra-organizational environment, while the spokesman influences the intraorganizational environment. The liaison informs the external environment, while the monitor absorbs ideas from the external environment.

click to expand
Figure 6: CIO Roles on Different Arenas

A survey was conducted in Norway to investigate CIO roles. CIOs were asked questions about the importance of the different roles. Survey results indicate some variation in the importance of roles. Responding CIOs found the role of entrepreneur most important and the role of liaison least important. This is indicated with numbers in Figure 6, where the scale went from 1 (not important) to 6 (very important).

In the US, Chatterjee et al. (2001) conducted an investigation to study if newly created CIO positions have any impact. The study's findings provide strong support for the proposition that announcements of newly created CIO positions do indeed provoke positive reactions from the marketplace, but primarily for firms competing in industries with high levels of IT-driven transformation. Within such industries, IT is being applied in innovative ways for competitive purposes. For firms to engage in such strategic behaviors, they must first develop and then effectively exploit an appropriate set of IT capabilities. Strong executive leadership, as reflected in the CIO role, is likely to play a crucial enabling role in the effective deployment of these IT capabilities, and hence be highly valued by a firm's shareholders. Just how valuable is a newly created CIO role? One way to consider the magnitude of the stock market reaction is to compute the impact on each firm's market valuation of common equity.

A conservative approach would calculate this effect through the median statistic (multiplying the median stock market reaction by the median market valuation of common equity); a less conservative approach would use the mean statistic (multiplying the mean stock market reaction by the mean market valuation of common equity). For the entire sample of firms, the net impact per firm of a newly created CIO position was in a range from $7.5 million (median approach) to $76 million (mean approach). If only the IT-driven transformation subgroup is considered, the net impact was in a range from $8 million (median approach) to $297 million (mean approach). Even with the trend in escalated executive salaries, the expected return from such an investment in IT capability appears quite reasonable (Chatterjee et al., 2001, p. 59):

"This study's findings provide strong support for the proposition that announcements of newly created CIO positions do indeed provoke positive reactions from the marketplace, but primarily for firms competing in industries with high levels of IT-driven transformation. Within such industries, IT is being applied in innovative ways for competitive purposes. For firms to engage in such strategic behaviors, they must first develop and then effectively exploit an appropriate set of IT capabilities. Strong executive leadership, as reflected in the CIO role, is likely to play a crucial enabling role in the effective deployment of these IT capabilities, and hence be highly valued by a firm's shareholders.

Just how valuable is a newly created CIO role? One way to consider the magnitude of the stock market reaction is to compute the impact on each firm's market valuation of common equity. A conservative approach would calculate this effect through the median statistic (multiplying the median stock market reaction by the median market valuation of common equity); a less conservative approach would use the mean stratistic (multiplying the mean stock market reaction by the mean market valuation of common equity). For our entire sample of firms, the net impact per firm of a newly created CIO position is in a range from $7.5 million (median approach) to $76 million (mean approach). If only the IT-driven transformation subgroup is considered, the net impact is in a range from $8 million (median approach) to $297 million (mean approach). Even with the trend in escalated executive salaries, the expected return from such an investment in IT capability appears quite reasonable!"

Computer Science Corporation (CSC, 1996) has suggested an alternative set of leadership roles to Mintzberg (1994). These six leadership roles are specifically tailored to information technology executives:

The chief architect designs future possibilities for the business. The primary work of the chief architect is to design and evolve the IT infrastructure so that it will expand the range of future possibilities for the business, not define specific business outcomes. The infrastructure should provide not just today's technical services, such as networking, databases and desktop operating systems, but an increasing range of business level services, such as workflow, portfolio management, scheduling, and specific business components or objects.
The change leader orchestrates resources to achieve optimal implementation of the future. The essential role of the change leader is to orchestrate all those resources that will be needed to execute the change program. This includes providing new IT tools, but it also involves putting in place teams of people who can redesign roles, jobs and workflow, who can change beliefs about the company and the work people do, and who understand human nature and can develop incentive systems to coax people into new and different ways of acting.
The product developer helps define the company's place in the emerging digital economy. For example, a product developer might recognize the potential for performing key business processes (perhaps order fulfillment, purchasing or delivering customer support) over electronic linkages such as the Internet. The product developer must "sell" the idea to a business partner, and together they can set up and evaluate business experiments, which are initially operated out of IS. Whether the new methods are adopted or not, the company will learn from the experiments and so move closer to commercial success in emerging digital markets.
The technology provocateur embeds IT into the business strategy. The technology provocateur works with senior business executives to bring IT and realities of the IT marketplace to bear on the formation of strategy for the business. The technology provocateur is a senior business executive who understands both the business and IT at a deep enough level to integrate the two perspectives in discussions about the future course of the business. Technology provocateurs have a wealth of experience in IS disciplines, so they understand at a fundamental level the capabilities of IT and how IT impacts the business.
The coach teaches people to acquire the skills they will need for the future. Coaches have two basic responsibilities: teaching people how to learn, so that they can become self-sufficient, and providing team leaders with staff able to do the IT-related work of the business. A mechanism that assists both is the center of excellence - a small group of people with a particular competence or skill, with a coach responsible for their growth and development. Coaches are solid practitioners of the competence that they will be coaching, but need not be the best at it in the company.
The chief operating strategist invents the future with senior management. The chief operating strategist is the top IS executive who is focused on the future agenda of the IS organization. The strategist has parallel responsibilities related to helping the business design the future, and then delivering it. The most important, and least understood, parts of the role have to do with the interpretation of new technologies and the IT marketplace, and the bringing of this understanding into the development of the digital business strategy for the organization.

These roles were applied in a survey in Norway. CIOs were asked to rate the importance of each leadership role. The roles were rated on a scale from 1 (not important) to 6 (very important). The role of change leader received the highest score of 4.6, while the role of product developer received the lowest score of 3.3.

The Harvard Business Review invited leading scholars to answer the question: Are CIOs obsolete? They all responded with a "no" answer. Rockart found that all good CIOs today are business executives first, and technologists second (Maruca, 2000, p. 57). Earl paid attention to recruiting new CIOs. His scenario suggests an acid test for selecting the new CIO. Does he or she have the potential to become CEO? If we could develop and appoint such executives, not only will we have CIOs fit for today's challenges, we may be lining up our future CEOs (Maruca, 2000, p. 60).

Key Issues in IT Management

IT functions face many challenges in today's rapidly changing environment. One approach to understanding these challenges is to survey CIOs to elicit what they consider are key issues. The purpose of such studies is to determine the IT management issues expected to be most important over the next three to five years and thus most deserving of time and resource investments.

A survey was conducted among CIOs in Norway, and their average ranking of key issues in IT management is listed in Figure 7.

Rank	Key Issue in IT Management	Score	M/IT	P/C	E/I
1	Improving links between information systems strategy and business strategy	3.28	M	P	E
2	Planning information technology projects for competitive advantage	2.00	M	P	E
3	Improving interorganizational information systems planning	1.05	T	P	E
4	Developing and implementing an information architecture	1.02	T	P	I
5	Controlling a responsive information technology infrastructure	1.02	T	C	I
6	Recruiting and developing IS human resources	0.90	M	P	I
7	Assuring software quality	0.86	T	C	I
8	Ensuring quality with information systems	0.36	T	P	I
9	Reducing IT projects completion time	0.34	M	C	I
10	Making effective use of data and information systems resource	0.31	M	C	E
11	Measuring benefits from information technology applications	0.16	M	C	I
12	Managing Internet applications	-0.02	M	P	E
13	Managing application architecture planning	-0.10	M	P	I
14	Improving control, security and recovery capabilities	-0.21	T	C	E
15	Improving computer operations planning	-0.21	T	P	I
16	Implementing and managing knowledge work systems	-0.34	T	C	E
17	Improving information technology infrastructure planning	-0.47	M	P	I
18	Planning information technology for electronic commerce	-0.78	T	P	E
19	Improving software engineering practices	-1.00	T	C	I
20	Implementing information technology for electronic commerce	-1.10	T	C	E
21	Improving availability of national and international networks	-1.41	M	C	E
22	Managing the technical foundation of information systems	-1.67	M	C	I
23	Managing and controlling end-user computing	-1.78	M	C	E
24	Scanning emerging technologies	-2.21	T	P	E

Figure 7: Key Issues Ranking in Norway

Improving links between information systems strategy and business strategy was ranked as most important key issue in IT management in Norway. We have seen how these links can be improved using the Y model and measuring strategic integration.

Implementing and managing knowledge work systems was ranked only sixteenth. That may seem surprising. However, in a separate investigation in knowledge-intensive firms such as law firms, this key issue was ranked sixth.

In Figure 7, scores are listed in a separate column. The scale went from great importance (+4) to little importance (-4). Improving links between information systems strategy and business strategy had an average score of 3.28.

In Figure 7, key issues are classified according to the following dimensions:

Management (M) versus technology (T).
Planning (P) versus control (C).
External (E) versus internal (I).

Improving links between information systems strategy and business strategy is classified as M, P, and E. Improving links is a management task, the task is conducted through planning, and the issue covers more than the IT function. External means external to the IT function, while internal means an issue that is mainly solved within the IT function. Brancheau et al. (1996, p. 233) stressed the importance of alignment:

"The importance of aligning long-range IS plans with strategic business plans has always been high. Rapidly changing business environments, increased involvement of end users, and accelerated technology change make this difficult. Shorter planning cycles require a great deal of flexibility in any plan."

Implementing and managing knowledge work systems is classified as T, C, and E. It is a technology issue, it is to be carried out, and it is to be implemented in the organization.

At the top of the list we find two issues that are M, P, and E. This implies that CIOs in Norway currently struggle with management issues that involve planning and that cannot be solved within the IT function.

Key issues in IT management surveys have been conducted for some years in many nations and regions. Most surveys have used the so-called Delphi method, while the results in Figure 7 are based on the so-called Q Method as presented in the appendix. Key issues studies are of interest to many stakeholders (Niederman et al., 1991, p. 476):

"Vendors can use this information to develop and market products and services. Professional societies can use this information to plan conferences and seminars as well as disseminate knowledge through their publications. Consultants can use this information to help accelerate the transfer of technology and management skills among their clients. Educators can use this information to develop programs and place their graduates. Finally, researchers can use this information to guide their inquiry and improve understanding of critical managerial issues. Thus, the entire IS community needs to be aware of the issues that are judged to be of critical concern by its leading practitioners."

Figure 7 gives a static picture of key issues as it ranks key issues at a specific point in time. Over time, key issues change. Some key issues become more important and some issues become less important. Reduced importance can occur when the issue is becoming solved or when an issue is less relevant than before. The Year 2000 issue is an example, where this issue was extremely important in 1999, but lost its importance after the beginning of the new millennium.

In the US, key issues studies have been conducted several times, enabling comparison of key issues in a time perspective. In 1986, 'improving strategic IS planning' was ranked first. In 1989, this issue had dropped to third rank, and in 1994, this issue had dropped to tenth rank. An interpretation of this result is that strategic IS/IT planning became quite successful in the early 1990s. However, the formulation of the issue is limited to strategic IS planning; it does not cover links between information systems planning and business strategy.

In the same time frame, information architecture rose from eighth rank in 1986 to first rank in 1989 in the US, and then dropped again to fourth rank. In 1994 the issue of infrastructure was at the first rank, climbing from sixth rank in 1989. In 1986, the issue of infrastructure was nonexistent on the key issues list. Brancheau et al. (1996, p. 229) discussed the importance of infrastructure based on the top ranking in 1994:

"Building a technology infrastructure that supports existing applications while remaining responsive to change is a key to long-term enterprise productivity. This task is made difficult by the continuing rapid changes in infrastructure technology and the increasing breadth and depth of applications needing support. More than any other, this issue captures an important contemporary thrust of enterprise IS management: providing the processor power, network connectivity, and application framework required to support core business activities and unknown future ventures."

Key issues studies can be done at the national and regional level. Key issues studies can also be done within a firm. By surveying people in the firm, it is possible to get a picture of ranking that is shared by employees and management. When using the dimensions of M/T, P/C, and E/I, such surveys can provide management with guidance on management or technology focus, planning or control focus, and external or internal focus to solve firm challenges in information technology management.

Ranking of key issues can also be useful as a communication tool for top management and IT management. Often, top management can have a different agenda and different opinions about IT in the organization than IT management. One way of making different opinions visible is to let both top management and IT management produce ranking lists. A comparison of the two lists can spark communication and enable clarification, so that top and IT management have the same priorities in the future.

Summary

CIOs find the managerial role of entrepreneur most important. As the entrepreneur, the CIO identifies business needs and develops solutions that change business situations. A major responsibility of the CIO is to ensure that rapidly evolving technical opportunities are understood, planned, implemented, and strategically exploited in the organization.

Among IS leadership roles, the role of change leader was found most important. The change leader orchestrates resources to achieve optimal implementation of the future. The essential role of the change leader is to orchestrate all those resources that will be needed to execute the change program. This includes providing new IT tools, but it also involves putting in place teams of people who can redesign roles, jobs and workflow, who can change beliefs about the company and the work people do, and who understand human nature and can develop incentive systems to coax people into new and different ways of acting.

In professional service firms, such as law firms, we will find new organizational structures to enable Knowledge Management initiatives. A law firm may have a CEO with two important persons working in KM: the CKO and the CIO. While the CKO is responsible for knowledge architecture and organizational development, the CIO is responsible for information architecture and systems development.

References

Applegate, L. M.,McFarlan, F. W., & McKenney, J. L. (1996). Corporate information systems management, Fourth Edition. Irwin.

Brancheau, J. C.,Janz, B. D., & Wetherbe, J. C. (1996). Key issues in information systems management: 1994–95 SIM Delphi results. MIS Quarterly, 20(2), 225–242.

Chatterjee, D.,Richardson, V. J., & Zmud, R. W. (2001) Examining the shareholder wealth effects of announcements of newly created CIO positions. MIS Quarterly, 25(1), 43–70.

CSC. (1996). New IS leaders, CSC Index Research. Computer Science Corporation, UK: London.

Earl, M. J., & Feeny, D. F. (1994). Is your CIO adding value? Sloan Management Review, 35(3), 11–20.

Grover, V.,Jeong, S. R.,Kettinger, W. J., & Lee, C. C. (1993). The Chief Information Officer: A study of managerial roles. Journal of Management Information Systems, 10(2), 107–130.

Karimi, J.,Somers, T. M., & Gupta, Y. P. (2001). Impact of Information Technology management practices on customer service. Journal of Management Information Systems, 17(4), 125–148.

Maruca, R. F. (2000). Are CIOs obsolete? Harvard Business Review, (March/April),, 55–63.

Mintzberg, H. (1994). Rounding out the manager's job. Sloan Management Review, 36(1), 11–26.

Niederman, F.,Brancheau, J. C., & Wetherbe, J. C. (1991). Information systems management issues for the 1990s. MIS Quarterly, 17(4), 475–500.

Robson, W. (1997). Strategic management & information systems, Second Edition. UK: Prentice Hall.

Rockart, J. F.,Earl, M. J., & Ross, J. W. (1996). Eight imperatives for the new IT organization. Sloan Management Review, 38(1), 43–55.

Sambamurthy, V.,Straub, D. W., & Watson, R. T. (2001) Managing IT in the digital era. In G. W. Dickson & G. DeSanctis (Eds.), Information Technology and the Future Enterprise: New Models for Managers (pp. 282–305). Prentice Hall.

Section I - IT Governance Frameworks

Section II - Performance Management as IT Governance Mechanism

Section III - Other IT Governance Mechanisms

Section IV - IT Governance in Action