Risk Watch

Risk Watch

In a very Darwinian way, today's CIOs have been shaped by the challenges they have met and survived over the preceding decades. They are the product of a brutal selection process, the best of the best. And yet it is immediately clear that the challenges facing organisations in the current business environment have changed, and thus the challenges facing CIOs have changed. Consequently, the very skills that have been honed and, more powerfully, have been the basis of CIO success, may now be inappropriate. In brief, the risks have changed, and the CIO has not. The CIO will need to take his or her place in the coming millennium as a company leader rather than a specialist.

The new challenges have less to do with the operation of the IS organisation and more to do with the relationships between IS and the rest of the organisation. Consequently they have less to do with cost-effective systems development and more to do with vision, with transforming the company and with preparing the company to operate in the business environment in the coming decades. The changing nature of the risks that threaten any strategic systems effort has been the catalyst for pushing the CIO into the role of leader.

The Changing Risk Profile

Historically, a good systems manager was capable of managing the greatest of the risks that she faced, including Financial risk. The danger that the cost of the system would exceed any reasonable financial payoff. This was often due to lateness in delivery or cost overruns.

Technical risk. The intended system could be beyond the capability of the technology. Hardware was slow and limited in size; database management systems were unproven and unreliable.

Project risk. The hazards associated with failure to understand testing, systems integration, systems conversion or database installation. These were caused by lack of project management skills.

This certainly held true when hardware core memory measured in kilobytes and total DASD capacity measured in megs; with cycle speed euphemistically measured in SIPS (several instructions per second), capacity was limited. Today's laptops come equipped with faster processors and more RAM than MIT had in total when I graduated, and more disk capacity on a single Zip drive than on all the mainframes on campus -- and for only a couple of thousand dollars. Times and technology have changed. Risks have changed as well. Financial, technical and project risk have all declined in significance.

And yet the CIO's position entails no less risk, as even the most casual examination of CIO turnover will underscore. Today's strategic development efforts still fail, but for different reasons. That is, current strategic systems efforts are hampered by a very different risk profile. Here are two examples.

Functionality risk. Systems efforts fail because we don't know the requirements when we start designing. Indeed, sometimes we do not know systems requirements even when we complete our first round of implementation. What will online trading look like in two or three years? What will consumers want from online shopping, and how will product "market baskets" be sold to them? What form of strategic alliances among manufacturers, service and support personnel, retailers and logistics companies will emerge? The answers to these questions may not be known for years, but they will determine systems requirements. Companies without appropriate systems may fail.

Political risk. Systems efforts fail because our colleagues want them to fail. Insurance agents will resist online distribution if they fear it will end their jobs. Brokers in traditional companies may resist online trading if it will reduce their earnings. Airlines and travel agencies may resist systems that enable consumers to obtain tickets at the lowest possible price, which may reduce profits.

Why have functionality and political risks increased? Principally because the speed of change in the competitive environment has also increased. It is harder to accurately predict what technology will be needed, with enough lead time to develop, test and install it. Likewise, organisational changes have to be made before employees are ready to adopt them; downsizing or the redefinition of skill sets required to retain a position occur before employees are ready to retire or before they have time to develop the new skills.

Much of the IT strategy literature deals with functionality risk: by preparing a better strategic plan and by better understanding the future, it is hoped that we can ensure successful implementation. This rationalist view reflects the biases of most of us who went into computing. When you find the right answer, the program -- and the organisation --will respond. We focus here on political risk and leadership precisely because they have been less widely studied and internalised by the systems community.

Understanding Political Risk

Increasingly, implementations fail because organisations cannot successfully complete a strategic business transformation effort. Somewhere along the way, between analysis and installation, something goes awry with the people in our organisations. When faced with this problem, many managers blame colleagues' lack of understanding. This rationalist presumption can be summarised: if they are not following instructions, they do not understand the significance of the problem I am trying to solve.

The simple parable of the Christmas goose helps clarify that a lack of cooperation may not be due to lack of understanding. The goose is disappointing us; she is not eating, and she remains too thin. Would explaining her role in the Christmas celebration help us get her to eat? Would a better explanation of the importance of the family holiday help us fatten her up? We can be sure that if the goose understood our plans for Christmas she would not cooperate. Her lack of enthusiasm is not produced by a lack of understanding, and a better explanation will not produce better compliance!

Some failed transformation efforts are due to resistance, and this resistance is frequently caused by a rational desire of colleagues to do what is best for themselves rather than what is best for the company. This is called a principal-agent problem; the decision maker, as an agent of his employer, still does what is best for himself and not for the employer, the principal. Insurance agents will resist direct distribution, account executives will resist systems that allow investors to bypass them and, in general, employees will resist changes that devalue their existing skill sets.

Still, failure is sometimes caused by bounded rationality. Some colleagues really do not understand what is required or why, and they are unable to act appropriately.

Managing Political Risk

Diagnostic skill becomes a leadership quality, for a correct diagnosis of resistance will be critical to improving the behaviour and the performance of colleagues. If an employee's behaviour is driven by principal-agent problems, explaining the situation carefully -- like teaching the goose about Christmas -- will only make the problem worse. Alternatively, if the problem is caused by a failure to understand, increasing incentives will cause your colleagues to take the wrong actions more quickly and more urgently.

Bounded rationality -- failure of understanding -- can have many forms. Perhaps the two most prevalent are failure to perceive the need to change and failure to understand the nature of change required. The former often occurs because we become programmed by our history of success. Just as a laboratory pigeon in a Skinner box can be trained to peck at the cross on the right to receive a kernel of corn, a floor broker can be trained to trade on the floor of the New York Stock Exchange to receive his high salary and bonus. Moreover, just as the pigeon will continue to peck at the cross long after the experimenter has changed the program and stopped the reward for previous behaviour, the floor broker will disregard signals that his environment has changed and will continue with the program, trying to earn his living on the floor. The other common failure to understand often occurs simply because of the complexity of the change required, the degree to which it differs from current operations and the speed with which complexity and uncertainty must be resolved.

Bounded rationality is easier for most CIOs to resolve than principal-agent problems, since it is consistent with the rationalist presumption and all their formal training. Numerous exercises, from briefings to active demonstrations and from simulations to role-playing and scenario analysis, can improve colleagues' understanding.

In contrast, principal-agent problems are harder for most analytical, rational CIOs to address. They do not represent a failure to understand what is required but rather are a wilful refusal to go along. These problems are best resolved by understanding employees' incentives and understanding when they differ from those of the business, and then providing new incentives that are aligned with those of the company and thus encourage the desired behaviour. CIOs must have the insight and authority to effect these changes in order to act as leaders.

Alignment of incentives basically means making sure that employees and colleagues will not be damaged financially by doing what the business needs them to do. It will include changing workflow so that people have useful new jobs -- where possible -- and compensation for doing this work, comparable to their previous compensation. It will include attractive termination packages for employees who will be made redundant, especially if their cooperation is essential during the switch-over period. This is not paying for good behaviour, nor is it bribery. It is good business. And it is frequently less expensive to retain the people who might destroy the transition associated with any implementation effort than to pay the far higher costs of failure.

The CIO's job is not any easier, but it has changed in ways that reward new skills. The CIO for the new millennium will focus more on leadership. He or she will remember that leadership is about vision, about deciding where information access and availability will take the company and its business environment. He or she will also remember that leadership is not about power or forcing compliance but about understanding and incentives and encouraging willing followership.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about MITStrategic Systems

Show Comments