Who's to Blame

Closely related to managerial structure is the issue of managerial control. David Preston, assistant professor of Information Systems with Texas Christian University, is developing a paper - a spin-off from the dissertation work he completed last year - that is seeking to address the issue of accountability for IT failures.

Preston argues that while CIOs are intrinsically responsible - at least in part - for the success or failure of IS within the organization, their actual culpability is typically dependent upon how much control they are given within the organization. True, what happens with IT is the CIO's responsibility, he argues, but whether IS succeeds or fails depends on what role the CIO is allowed to play in the organization as dictated by the CEO and the top management team.

"The CIO defined as a top executive purportedly can influence success or failure," he says. "However, if the CIO is not a legitimate member of the top management team, or if they do not have a direct reporting relationship with the CEO, are they really a master of IS's destiny within the organization? This is critical to how much the CIO can control the success or failure of IT within the organization.

That said, Preston points out that CIOs, having been given a degree of power, are also held to account for that power and the impact they make on the organization.

"Are there other elements as well? Certainly," says Preston. "What I looked at in the case of IS success or failure is a shared understanding of the role of IS in the organization. Sometimes, if the CIO is not on the same page as the CEO and the top management team, IS has got to be ineffective."

Black Widow Projects

Many organizations have suffered "black widow projects" - projects that should never have been given the green light but that went ahead anyway because there was a feeling there were business reasons they should be pushed forward, says Jo Stewart Rattray director of information security for Vectra Corporation. However, CIOs in too many organizations have equally been somewhat misplaced because they do not really hold a seat on the executive board even though they are in a C-level role, she says.

Rattray believes having that seat is paramount to an organization getting the IT it needs.

"There needs to be that strategic buy-in at the governing level as well, which means IT and the governance of IT are part of the organization's core objectives and corporate governance profiles," she says.

"There was a classic example with a large international retailer where they had been moving down the path in which it appeared they were in good shape governance-wise, but it actually was not until a couple of the C-level people left that they realized they were actually in a very bad position. They had good IT input into the organization but the governors and their security position were indeed compromised. Had there been some more openness and that seat at the executive level for the CIO, it would have been averted. Strategy should be meeting operations in those situations," Rattray says.

"The other interesting thing I have often seen is the incredible project that goes on and on and on because of a political need to go on regardless of the money that it has cost. I have seen this in some of the very large not-for-profit organizations, because there is politics in every sense of the word going on, and because there is going to be a change in legislation. So they are trying to play both ends against the middle to make sure that they are in the right position at the end of the day."

Australian Craig Watters, the CEO of Management Simulations, who teaches at DePaul University Chicago and has been in Chicago for the past 22 years, says not all the CIOs of his client companies - very large organizations, typically in the top 100 - have or need a seat at the executive table. For instance the CIO of Caterpillar, the world's leading manufacturer of construction and mining equipment, does not. He says he is not convinced a failure to grant enough responsibility to the CIO is necessarily a factor where the IT organization is seen as failing to address business needs. In fact, he says he can cite "glorious examples of organizations where the problems with the organizations have emanated from the CIO's area of direct responsibility, but that that doesn't necessarily mean the CIO should cop the blame".

Watters says two clients of his demonstrate the extremes. At one, one of the largest companies in the world, there is a training centre backed by an IT system "par excellence" with Web access via high-speed broadband, while at the other, also in the Dow Jones top 30 and one of the largest car manufacturers in the world, they cannot even guarantee telephone line access.

"The problem is twofold," Watters says. "Firstly, the IT department is not necessarily seen in the full light of strategic deployment: That is, I do not believe there are enough conversations about practical steps that we all need to take in the information technology domain, to be consistent with a particular deployment strategically. If you have got a strategy over the next five years that says: 'We are going to achieve this level of success by concentrating ourselves on these axes', then one of the questions needs to be: 'What are the support tools that we put in place for that?' And too often you go looking for a big IT strategy piece in the strategic plan and you do not find it because there is not one."

Yes, there are times that can be "unquestionably" the CIO's fault, he says. But more often than not it is because much of the leadership in these organizations does not understand the need for that kind of high-level IT intervention as it was not required when they were doing those kinds of jobs 10 or 15 years ago.

"For one thing, in too many cases the dominant coalition in the organization does not have the skill set to really recognize the desirability of a true IT strategy. And I do not think we have got enough CIOs who have got the clout and the balls to actually push it through as hard as they should. I also think that what CIOs do not do well is to beat their own drum. If you are looking for good PR CIOs, well, good luck to you."

When Watters gave the 30 senior executives of one Dow Jones top 10 company their manuals for a new system on a memory stick, more than 20 had to ask how they could get those manuals onto their computer. "Now these are the people that are making the senior strategic decisions for the deployment of company resources and they cannot even run a laptop," Watters says. "And several of them were quite open about it. One guy in particular said to me: 'Oh no, I never touch the computer - my secretary does that'. Well how is that bloke going to understand that information technology tactics make a huge difference to the quality of the strategy deployed?"

Watters believes as more senior executives become "IT-conversant" such problems will partially ease. But he argues the best way to turn such situations around sooner is for the IT department to be able to claim some "raging success stories". It is very rare still for companies to be able to attribute any element of their success to an IT strategy that really differentiates them from the competition.

"We need tonnes more of those success stories," he says. "Just the growing [numbers] of IT-conversant people is going to make a huge difference; but on the other hand I think some of those IT-conversant people are going to start kicking the asses of IT departments that are very reactionary."