Who Needs a CIO?

Thrive. Grow. Achieve.

Who needs a CIO ?

And what would they do for me anyway ?

Paul Williams

April 28 22, 2016

AGENDA

WHO NEEDS A CIO?

• What do you do anyway ?

–Connect the dots between Business and

Technology.

–Processes for IT best practice

–Capacity and Capability

–Identify opportunities and threats from

technology

–Bridge between Executives and IT

• What am I missing ?

–SAAS, PAAS and the new world order

• How Raffa Can Assist You

Can your business

survive without

technology ?

Do you know what

your IT team is

doing ? or can do ?

Are you compliant

with the law ? With

best practice ?

How can you

manage change?

What’s the right

priority ?

Who can assess

vendors

independently ?

Is there a different

way to do this ?

Who Needs a CIO? Page 2

MIS MANAGER VS CIO

When is a CIO the

right choice

May not need a CIO

all the time, but role is

critical :

•During major change

•When IT is no longer

meeting the enterprise

needs

•New Initiatives / New

Business

Who needs a CIO Page 3

CIO Manager / Supervisor

Primary focus is Business opportunities and drivers Primary focus is maintenance / IT Operations

External and Enterprise focus – How IT is

leveraged

Business area inward focused on IT

Proactive, Opportunity seeking to improve Responsive to demands, reactive

Strategy and execution focused – What to perform Process and Procedure focused – How to perform

Critical during times of change or in larger

environments

Works in a smaller or stable environment

Generates and drives strategic plans Requires Strategic leadership from outside, may

generate tactical plans

ITS NOT AS SIMPLE AS IT SEEMS SOMETIMES YOU NEED EXPERT KNOWLEDGE

Does your business

have a web address

or business email ?

Your web address

Backup and Disaster

Recovery

Do you have legal

exposure for

sensitive data

What does the group

do all day

Outsourced and

Hosted services are

not secure

Who Needs a CIO page 4

Do you own the web

address

No its Rented – the ‘DNS’ record links that

name with specific “Addresses”

Is your data secure? Do you have it

backed up?

Are copies off site (fire) ? Have you ever tried to restore data ?

How long could you be down without irreparable Harm

Do you know your

legal obligations

about data

Employees ?

Customers ?

Donors ?

PII, HIPPA,PCIDSS – who has access and how

Not just digital data. Voicemail, paper records.

Birthday including year ? Address and phone ?

Do you know what they are doing ?

Do you know what they can do ?

Expectation gaps:

Never want to say

‘No’. Set up to fail

Keeping the lights on (Housekeeping)

Maintenance (Obsolescence)

Growth (Volume / Size, Projects, Features)

Capacity and Capability

What are you

getting for your

spend ?

Software is not

really a good asset

Maintenance and housekeeping

High Risk

High Cost

Low added value

WHAT’S YOUR TECH INVENTORY ?

End user computers (and software)

Back Office Computers, Storage, Data (and software)

Security: Passwords and more

Network: All the connected devices

How important is

technology to your

enterprise ?

Critical ?

Essential ?

Peripheral ?

Will it stay the

same?

What are your

technology

lifecycles ?

• Hardware ?

• Software ?

• End of Life ?

• End of Use ?

Who Needs a CIO Page 5

Expensive.

Don’t last

long (3-5

years)

Hate power

spikes, heat,

water ~ 5 year

life

Keys to the

kingdom

The

Domain,

LAN or

WAN

WHAT’S YOUR SKILLS INVENTORY ?

How many people / what

people

Generalists • Helpdesk : Internal or External

• Supporting Functions:

Supervision, Project Management,

Business Analyst

Specialists

–Administrators

–Engineers

–Developers

What resources do

I have ?

What are their

competencies

Certifications ?

What do I need ?

Is there a gap ?

What’s most

valuable to my

business ?

Where are my

biggest risks ?

Who Needs a CIO ? Page 6

•Future specialists

•Can be a commodity

•Low investment

•Generic Skills

•Specific Skills

•Privileged Access

•Out of hours support ?

•Key System architects

•Hard to replace

•‘On demand’ ?

•Should not have ‘1’

•Need governance

CAPACITY AND CAPABILITY

•How does my Inventory translate into Capability

• What you HAVE today is a constraint – created by past decisions

• Resources are focused around status quo and stability (reliability,

repeatability, Routine, Maintenance)

–Not the best environment for change – but do you need to change ?

–If the Inventory doesn’t match the Enterprise you can change the

inventory !

What you have

and what you

need may not be

aligned

IT tends to over

estimate capacity

and capability to

deliver change

Result is delivery

below

expectations

Processes and

people are harder

to change than

systems

Page 7 Who needs a CIO?

WHAT DOES A CIO (OR IT) DO ANYWAY ?

–What Processes you have in place

• WHAT does IT do, HOW is it done

–Are you getting what you need ?

– Are you really getting good value ?

• Main Elements: People, Services, Software,

Hardware

• What Information you are processing and

storing

–Compliance – HIPPA, PCIDSS, PII

–Accuracy / Quality and standards

–Completeness / Controls

–Security

Technology uses its own (arcane and full of acronyms) language.

In a smaller enterprise the CIO role is not a full time job. Changing technology is changing the role too.

The world is changing and your enterprise needs to keep up. It’s a survivability issue.

Tech is everywhere. There are complex rules that can hurt you

Page 8 Who needs a CIO?

• Looks at what you HAVE / ARE DOING / CAN DO with technology in your

Enterprise, Compared to what you SHOULD HAVE / SHOULD be doing – and

acts to close the gaps.

WHAT CAN YOU DO FOR ME ?

Where does IT fit in the enterprise

What does IT contribute

Where can best value be achieved Where are the key opportunities for improvement

Help manage IT better • Reporting • Scorecards • Planning • Execution • Governance • Projects • Key Performance Indicators • Communication

Yes, but how can I

do these things ?

We have no

dedicated CIO

and / or I still don’t

get these answers

Change is not

natively easy.

Without

Governance,

reporting,

compliance, its

hard to achieve

accountability for

delivering value (In

IT or indeed

elsewhere)


Help in bridging the cultural and language barrier

Simple tools to manage Technology resources and projects

SIMPLE TOOLS AND PROCESSES

ROUTINE MANAGEMENT

Cyclical tool to

manage a

department

Formal

communication

between execution

and management

Over time see

trends and

patterns

Suggested Weekly

or bi weekly

Can have meeting

notes on reverse

or second page

Presentation Title / Page 10

Broad Focus Areas

■ What’s Important in the function at the

moment

■ Where are we spending time money

and effort

New Information

■ What’s New this cycle

■ What did we achieve in the last cycle

■ What did we find out

Targets for this cycle / week

■ What are we going to get done

■ Who is doing it

■ What’s the status of ongoing efforts

Open items / Roadblocks

■ Open Decisions

■ Things I am waiting for others (who)

on

■ Carried forward open issues

THE 4-BLOCK REPORT : DATE / PRESENTED BY


ROUTINE KPI’S / METRICS

Usually Monthly

Aligns with

Enterprise

Financial

Reporting

Meaningful

indication of

performance


MONTHLY IT METRICS DATE / PRESENTED BY

Item Content

Budget Operating budget with narrative. Performance to

Plan / Last year

Reliability Uptime %, failure rates, downtime stats. Trended

over time (Network Phones, Backups, Servers)

Helpdesk Tickets handled, average time to close,

Outstanding unresolved by importance (critical)

Capacity Utilization: Storage, Compute, Network

Inventory Bought, Broken, Repaired, Retired, Lost/Stolen

(phones and aircards if owned as well)

Staff Gaps, new, exits, promo’s, Training, Skills

Services SAAS provider performance by provider

Change

Management

Planned and Deployed changes. Outcome

summary


CAPITAL / PROJECT REPORTING

Project reporting

is about how well

change is being

executed

Do you know

what projects IT

are executing on

?

What are your

expectations on

scope and

delivery ?

How are you gate

keeping and

prioritizing

projects ?


USUALLY MONTHLY EXCEL 1 LINE PER PROJECT.

Item Content

Name Name and code for project (if coded)

Description Business name / meaningful to all

Purpose Why do this project (type, benefit, priority, risk)

Budget Project Lifetime (original) budget to actual.

Performance to plan. Estimate to complete,

contingency balance

Scope

management

Changes to scope – Approved, waiting, declined

Dates Approved, planned start, Planned end, Projected

end

Status Green (on plan / target), Yellow (at Risk), Red (off

target –Time, Budget, scope, outcome)


PROJECT REPORTING

Individual project

reporting is about

progress and

execution of a

specific objective

Often Weekly.

But can change

on activity level

on project


CYCLES WITH ACTIVITY. USUALLY 1 SHEET

Item Content

Name Name, description, objectives

Team Who, roles, responsibilities

Budget Budget details, vendors

Changes to

scope / dates

Changes to scope – Approved, waiting,

declined

Milestones Key dates within project

Status Green (on plan / target), Yellow (at Risk), Red

(off target –Time, Budget, scope, outcome)

Current activity Good / Bad, delivered / Missed, Roadblocks /

Issues, Next Planned Activity, Projected

outcomes, Milestone reporting

All sheets = ‘Book of Knowledge’ a standard PMO tool


COMPLEX PROJECT REPORTING

Where a project

is high risk, or a

large project, with

cross functional

teams or

enterprise wide

impact

E.g. changing

ERP systems

Copies from MS

project

Use Excel data

Bars for complete

%


PROJECT STEERING / STAKEHOLDER MEETINGS

Item Content

Objective /

Milestone

Project Component being reported

E.g. Cleaned up Vendor Master file, Chart of

accounts sign off

Dates Planned start, Due, projected

Completion Percentage Complete

Actions Responsibilities and actions due / performed


IT STRATEGY / DELIVERABLES

Annual or longer

view of multiple

changes or

projects

Simple

presentation of

complex issues

Present IT and

projects to a

board


Time scale /

Item

Q1

16

Q2

16

Q3

16

Q4

16

Q1

17

Q2

17

Exchange Upgrade

ERP Migration

New Location opens

Office 2013 deployment

IP Video Deployment

Intranet / SharePoint

Simple depiction of major initiatives that can be easily

shared and digested.

High level summary – Low level details can be built as

required

THE WORLD TURNS – NEW TERMS

THE ‘CLOUD’ –A different way of providing services and managing technology –Enabled by “virtualization”

VIRTUALIZATION –Compute capability can be separated from computer hardware –Less hardware, more efficient. Shared data and resources.

CLOUD APPLICATIONS –Programs designed to be delivered via the internet (E.g. Turbotax online)

SOFTWARE AS A SERVICE (SAAS) –Rental agreement rather than purchase –Usually priced on usage over time or volume

PLATFORM AS A SERVICE (PAAS) –The ability to buy or rent computing capacity, rather than acquire or build it. –Someone else is responsible for ‘Plumbing’

BIG DATA –A (new) technology to handle analysis of very high data volumes very fast –As near as possible to real time results (Amazon, Google suggestions) –Marketing term for a specific product / business problem

New Technologies

New ways of

delivering service

New Risks

New Opportunities

New Language to

describe the

capabilities

16 Who needs a CIO Page

WHAT IS THE ‘CLOUD’

The ‘Cloud’ a Simple definition

–Computers / Programs (What computers do for us) are managed and provided as a ‘Service’ rather than components. This service is generally made accessible to users via internet connections

History: –Mainframes

• Big, Expensive, Did one thing, Inflexible, Local

–Client / Server • Smaller unit cost, Networked, Distributed, Generally focus on 1 function

–Virtualization - Separation of ‘Logical’ and ‘Physical’ • Shared Hardware, Dynamic load and capacity.

–Inside your network= “Private cloud” –Provided externally = “Public Cloud”

• What is the computer (Mainframe, Server etc)

• Less important than

• What it can do • How it is Accessed

Ill defined term’

Multiple uses with

different meanings

Most significant is

‘Public Cloud’ and

‘Private Cloud’

All computers as

commodities


WHAT DOES IT MEAN FOR IT

–Virtualization • Mainstream technology

• Efficient (cost, support, reliability, resilience)

–Outsource/Cloud is often better than on premise • All inclusive models (24/7, Risk Mitigation)

• Remove single point failures / dependencies

• Security is as good or better than in house

• Scalable at short notice

• Changes what IT does

Is IT Infrastructure good ‘Value’ for you ?

Is it a Core Competence ?

What’s your Risk ?

What should your energy be directed towards ?

Should we be

virtualized or in the

Cloud ?

Absolutely to both –

Hybrid model

depending on

enterprise

Self host generally if

very high data

volumes (scanning

many his resolution

images for example)

or high level of

integrations with

localized systems


WHAT DOES IT MEAN FOR IT

Possible Strategies

/ viewpoints

Are we BIG enough

to have enough

skills to support

specific

technologies in

house ?

Using SAAS we

can avoid having to

hire skill set

specialists

Should IT functions

be a primary

competence of our

business ?

Can also consider

full outsource

models


Product SAAS Status Impact Results

Email Common High Reliability, resilience, Frees resource for

Enterprise mission

Payroll Common High Compliance, Security, Risk

SharePoint Rare (but growing) High Resilience, Accessibility

Website Common High Security, Reliability, Capacity

ERP / Accounting Becoming common High Reliability, Accessibility, Key skills

Helpdesk (system) Common Med Reliability, Accessibility - Stays up even if

you are down !

Telephony Becoming common Med Depends on installed base and

equipment

HR Systems Common High Security

CRM systems Common Med Reliability, accessibility

POS Common is small orgs High Risk, compliance. Can be more efficient

in house but higher risk

Network /

Connectivity

Growing High In house skill is expensive. Key man

dependencies. Critical infrastructure

CLOSING VIEWPOINT

Things change – Entropy vs Development •We make decisions with what information we can gather and digest

• Research • Experts • Evaluations

•As new choices (and mandates) become available

• Need to re-evaluate options • Context of past decisions and current status • Some ‘trigger points’ – Obsolescence, Contracts, Strategy, Staff turnover,

Compliance, Growth

•Not all new options are right – Change vs Stability • Lots of marketing hype. Don’t get sold on shiny toys • Biggest benefits are not always cost • Will it help achieve the goals of the enterprise - how

How do you stay informed ? •People like us. Field experts, Benchmarks, Peer review, Sector experience, Passion in our fields.

Where am I

compared to best

practice

Where am I

compared to my

peers

For my type and

size of enterprise

What keeps me

awake at night

Am I happy with

what IT is doing

for me now


EVERYDAY ISSUES / GLOBAL BEST

PRACTICE

Stop keeping credit card numbers (everywhere):

• End to end encryption for POS • Tokenization for Web

Don’t host your web site from your office

• Resource and access sharing is a bad idea. They will conflict.

Only collect personal data you NEED and keep it safe. Have a clean up process

• Most executives who lose sensitive data lose their jobs. Minimize the data and take care of it.

Check your backups work and are safe

• Perform test restores, Keep offsite copies (secure). Understand how you would recover from a failure.

SAAS and Cloud / Hosting is not a silver bullet

• New flexible solutions – New issues. Wont solve every problem but are a game changer

Some simple

thoughts to take

away


THANK YOU!

Paul Williams

Direct: 202.730.7237

E-mail: [email protected]

Seth Zarny

Direct: 301.279.6500

E-mail: [email protected]

Q

A

Who needs a CIO? Page 25

mailto:[email protected]

Date post:	15-Apr-2017
Category:	Technology
Upload:	raffa-learning-community
View:	125 times
Download:	0 times