How to be an effective CIO

Businesses turn to their CIOs with the expectation that they are experts in any given field of technology. Beyond this, they will expect their CIO to implement solutions that meet business requirements at a low cost and with prescient foresight.

It’s not just about today’s problems and requirements; they need to set the business on a sustainable road map into the future. While doing this, they must ensure the business is compliant with all relevant laws and is aligned with international best practice. All of this is often expected without sufficient resources or budget.

The life of a CIO − any takers? All jokes aside, how then, with a seemingly unreasonable weight of expectation, does a CIO approach these challenges and meet the business demand? On the other hand, how should business leaders support their CIOs appropriately?

There are a few skills that all CIOs should work on perfecting to be able to carry out their broad responsibilities effectively. These are:

Let’s start by boiling down the role into a single, simple statement: The primary function of a CIO is to support business goals and operations with appropriate systems and technology.

While this may well be an oversimplified definition, it points us towards the first key attribute for success: Understand the business. Often, the technical aspects of the role are overemphasised, which potentially leads to a misaligned, costly or tech-heavy approach at the expense of a business goal.

Equally, technocrats will argue that a business background without an appropriate technical understanding will lead to inappropriate solutions or ill-considered architecture and unnecessary risk.

A CIO’s success will depend on consistency in strategic direction and ongoing evaluation of priorities.

The key, therefore, is the acumen and awareness to balance the two: A good grasp of the business and business principles, coupled and balanced with a broad technical view and the ability to access technical expertise appropriately.

An effective CIO will not only support, but also help drive, the business objectives by leveraging appropriate technology.

While the definition of a CIO's primary function may be simple, anyone that has had to implement an IT governance framework based on the standards of COBIT, guided by the conditions contained in King IV with consideration of ISO and ITIL, and compliant with relevant legislation, will understand the breadth of responsibility and risk mitigation dependent on the CIO.

The CIO, therefore, must appreciate the scope of the role in the context of the organisation they represent. The priorities of small, low-tech businesses will be inherently different from large tech-dependent entities. It’s crucial to see the responsibility through the lens of their own context.

It is critical that the CIO understands the breadth of their responsibilities and is able to identify when to plunge into the depths of a specific area. Here, simple balanced scorecards, heat maps and IT assessment audits are important tools to help the CIO track and communicate the company's priorities.

It’s important to pick an appropriate framework or standard and evaluate the organisation's compliance. Track progress over time and use this as a mechanism for reporting back to business leaders.

Technology providers can help the CIO with broad IT landscape and cyber security assessments or detailed feature analyses to identify gaps and priorities.

CIOs are bombarded daily by technology players through the guise of thought leadership articles, veiled threats of impending crises, brazen product plugs or the carrot of a business breakfast.

There are always multiple options available to solve any one of the myriad of challenges facing a business and it is critical that the CIO builds a framework against which to evaluate these options.

A well-considered and clear IT governance framework and strategy should incorporate the following:

Documented IT principles that should provide guidance in these areas:

• Insource or outsource?
• Build or buy?
• Open source or proprietary?
• Adopted frameworks.
• Objectives and goals.

Risk framework

• Identify and prioritise risk.
• Weighing up risk mitigation against the cost of implementation.
• Will a simple control suffice or is an expensive complex solution required?

Technology/digital transformation roadmap

• Balancing future technical direction versus practical requirement today.

Cloud roadmap

• Cloud or on-premises implementation.

IT authority matrix

• Clearly set out responsibilities and decision-makers.

IT policies

Technology partners can assist with a comprehensive analysis to find suitable solutions and options for each specific problem a CIO is trying to solve − within the context of the frameworks and roadmaps the CIO has determined.

Once a CIO has identified priorities that must be addressed, the next question is whether there are skills in the organisation, whether there is capacity or the need to upskill internally, or whether they need to consult externally or outsource various functions.

It is unrealistic to expect the CIO to be the de-facto expert in every facet and so he or she needs to identify where additional expertise is required, either internally or externally.

There certainly is a great deal of information available in numerous online resources but there is great value in consulting with trusted IT vendors or partners that are experts in certain fields if those resources are not available within the business.

It is crucial for the CIO to develop the skill of identifying the right talent, whether internal or external. Many so-called experts have become masters at weaving emperor’s cloaks out of fancy acronyms but the successful CIO is able to see through posturing and focus on the substance of the offering − not the jargon.

Importantly, and obvious but it warrants repeating, any solution implemented must be relevant and appropriate to an organisation’s goals, budget and requirements.

There will be occasions when business leaders disagree with a path that is deemed appropriate by the CIO. There may be technical, risk mitigation, practical, ethical or compliance-related reasons that business leaders push back on, but these require the CIO to stand by their view and ensure the risks, benefits or issues are clearly communicated and debated.

The CIO must practise clear, concise and well-reasoned communication. A hesitant, unclear and inconclusive motivation will not equip the business leaders with the right information to make the right decision.

On the other hand, a CIO that is constantly pushing back and becoming unnecessarily obstructive to the business decision-makers will win no friends and hamper the company's growth and success.

It becomes a balancing act − learn to identify which battles to fight and present multiple options with related cost and effect implications to give the business leaders a choice in direction. Present motivations in the context of the chosen evaluation framework, against which maturity growth is consistently tracked.

Technology partners are well-placed to support CIOs with gap analyses, risk identification, return on investment calculations, comparative offerings, and more.

A CIO’s success will depend on consistency in strategic direction and ongoing evaluation of priorities. This is not unlike the success of a business as a whole. A CIO should continually monitor industry trends and evaluate them in the context of the strategy, goals and needs of the business.

The CIO should track the maturity and growth against whichever framework or standard they are implementing to map the progress that has been made. Use balanced scorecards, CIS (Center for Internet Security), ISO (International Standards Organisation), ITIL (IT Infrastructure Library), COBIT (Control Objectives of IT) or any appropriate framework to broadly benchmark the business and track growth.

A simple traffic light approach (red, amber and green) to indicate the level of assurance in each area you are tracking is an effective way of communicating with the business. Tracking progression is personally rewarding and will also give comfort to the business leaders and shareholders.