CIONET Magazine 7 by CIONET

Magazine. Vol. 07, January, 2010.

Dries Buytaert “Innovation driven by collaboration” 4

Andrew Abboud “The CIO must not ignore the social media” 6

Jan Peter de Valk “The CIO is a homo universalis” 7

Vincent Van Quickenborne “Belgium to become a centre for IT-enabled innovation” 5

Alfredo Sáenz “The CIO must ensure the integration of business and technology” 16 Editorial: Let’s be bold IT-enabled business innovation: Chief Innovation Officer Social Media: Nothing to do with the CIO? Networking is about learning to network Effects of downturn on the CIO role: Things have changed Innovation on top of the agenda: Times of crisis Column: Benefits are from Venus, costs are from Mars The changing role of risk management: Situated at board level More than the technology and processes: Enterprise Architecture for agility IT architecture looks like city architecture: Agility versus standardisation Annual Congress CIOnet Spain: More CIOs to become CEO in the future? Column: Merger, split

3 4 6 7 8 10 11 12 14 15 16 19

Cardinal Milestone

ABOUT CIONET MAGAZINE

CIOnet Magazine is a CIOnet initiative, published quarterly and sent directly to CIOnet members and as a supplement to Data News. Produced by: Roularta Custom Media Publishing Director: Hendrik Deckers (hendrik@cionet.com) Editorial coordinator: Kurt Focquaert (kurt.focquaert@roularta.be) Photographs by: Jan Locus Printed by: Roularta Printing Advertising: Erwin Van den Brande (erwin@cionet.com)

P REMIUM BUSINESS PARTNER BUSINESS PARTNERS

Looking backwards This last year has been challenging for most organisations. You will therefore find in this issue several contributions on the impact of the downturn and crisis on our companies, IT departments and CIOs. The first annual event of CIOnet Spain discussed the new role of the CIO and contemplated if more CIOs will become CEO in the future. Managing business risk and making organisations more agile by introducing enterprise architectures were also high on the CIO agenda this year. IT-enabled business innovation was the main theme for both the annual events in The Netherlands and in Belgium and Dries Buytaert, the creator and project lead of Drupal, a leading open source CMS system, received the first ever CIOnet Innovation Award. 2009 was also the year in which social media were on the IT leader’s mind. In fact the launching event of CIOnet UK covered exactly that topic. And although most CIOs are still reluctant to play a role in the social media strategy of their organisations, the members of CIOnet have firmly realised the importance of social networking and networking in general. Jan Peter de Valk, CIO of DHL Benelux, has accepted the chair of the CIOnet Netherlands Advisory Board and brings us a strong testimonial on the power of networking.

Looking forward Networking simply works well and CIOnet continues to grow. We passed the 1000 member milestone at the end of October 2009 and with the current registration rate we estimate to expand to a community with more than 2000 members in 2010. The new year – in which CIOnet will be celebrating it’s 5th anniversary – promises to be an exciting one for all of us. The programmes in the different countries will focus on topics such as IT Talent Management, Cloud Computing, What’s next in ERP, Cyber Security, CIO Leadership, Sustainability, Globalisation and Credibility of IT. In this seventh issue of CIOnet Magazine you will also find the results of two of the 8 surveys CIOnet initiated or supported in 2009. New research (developed in our Special Interest Groups or by our Networking Partners) will be launched and published in 2010 as well. Enjoy, HENDRIK DECKERS Managing Director - CIOnet hendrik@cionet.com

www.cionet.com

Editorial

Let’s be bold T

hese are tough times. Being a CIO is not easy. This is true. Elsewhere in this magazine we describe lessons IT leaders are learning from and through the downturn. But how many articles have we all read, how many events have we been to, that have majored on how hard it is to be a CIO? Maybe it is time to sing a new song. Of some things we can be sure. Things are difficult for our CxO peers, too. So what makes us special? Is it that many of us make things unnecessarily difficult for ourselves by not recognising the influence and power that we do have? One area, of several, where this happens is in our relations with the vendor community. Here, too often, as an IT leadership community, many of us give the impression that it is the vendors that are in charge. But we are those whose buying sustains the large vendors’ positions and influence. We are those whose choices and purchasing decisions enable new business initiatives, and facilitate cost reductions throughout the business. So why do we listen to those who suggest we are boxed in? It does not need to be like this. How often have we heard IT leaders say “wouldn’t it be good if we could do x, but …”? How often do we complain about the dominance and power of the big players, but then sign up for more? What if we recognised that the vendors are doing what we allow them to? What if we worked together to get the wider CIO community on to the front foot in our relations with the vendor community; taking and enabling the brave and innovative decisions that break the mould? What if we either act differently, or stop complaining? We think it is time for CIOs to step forward; time to act in line with our position at the top of the IT ‘food chains’ – people who can make things happen. Let’s be bold.

ROD ANGWIN (PICTURE)

Group CIO, Wolseley PLC Member of the CIOnet UK Advisory Board

NICK SMITH

Network Leader CIOnet UK

Event report

IT-enabled business innovation

Chief Innovation Officer Innovation continues to be an important challenge for the CIO. So much so that some would even say that in time the term CIO will stand for Chief Innovation Officer. At CIOnet’s Belgian annual event, various companies explained their vision and experiences regarding innovation.

ately, ‘innovation’ has become a particularly trendy word. “Nonetheless, innovation is actually slightly different depending on the person or the company”, said Harley Lovegrove, CEO of The Bayard Partnership, while introducing the speakers. “Ultimately you are considered a successful business once you have innovation enablement in place, throughout corporate structures and the methodologies you use.” The success of Drupal is an excellent example of this. Drupal is open source software for developing websites, around which an extensive community has grown. The innovative idea behind open source is that everyone is given the freedom to use, study and change the software code, and then let it loose again into the community. This has made Drupal a worldwide success in quite a short time – its impressive list of references in-

cludes the websites of the White House, NASA, AOL and Forbes, to name but a few. CIOnet Innovation Award The original idea for Drupal originates from Belgian, Dries Buytaert. “Drupal is not so much about the bits, but the people”, says Buytaert. This did not escape market analyst Gartner’s notice either. Gartner recently placed Drupal in the visionary quadrant in the social software market segment. “A striking choice,” believes Buytaert, “for in the end, it is about a community of people who do not know each other and hardly communicate with one another.” He therefore still prefers to compare the open source community with the concept of the Internet: there is always some little thing not quite right, somewhere at local level, but the greater whole works all the time. “The advan-

Innovation relies on culture and processes In the run-up to the annual event, CIOnet sounded out Belgian CIOs for their views on IT-enabled business innovation. The survey revealed, among other things, that corporate culture is one of the elements with the greatest impact on innovation. Geert Sinnaeve, IT manager at Thomas Cook, examined the findings from the survey. “In the first place, successful innovation relies on a successful change in corporate culture. Changes in business processes and in people processes take second place. Only then do successfully implemented IT projects follow.” In addition, the survey indicated that businesses often see IT as an inhibitor to innovation, even though the true challenges tend to lie in the culture and processes of the company. The survey also showed that the IT department itself is usually pleased with the role it plays in innovation. “Although CIOs ought to be leaders a bit more, rather than managers”, adds Geert Sinnaeve.

PICTURE

Geert Sinnaeve, IT manager at Thomas Cook.

Event report

tage is that open source automatically leads to collaboration between people, and that it is exactly where innovation comes from.” Buytaert claims that any innovation ultimately grows into a utility. “That also applies to open source software.” During the annual event, CIOnet took the opportunity to present Dries Buytaert with the first ever CIOnet Innovation Award. You can steer innovation the right way “IT innovation is not something that comes about by chance”, asserts Martin Curley, Global Director of IT Innovation at Intel. “It is something that you can truly steer, something you really can make a success of.” Consequently, this is turning IT innovation into a discipline in itself. The business value of IT is the tangible contribution that IT delivers towards realising such business objectives as growth, efficiency, productivity, business continuity, and so on. “It means that the CIO has to approach the challenges surrounding innovation in a holistic way.” Curley demonstrated that approach with his description of the framework that Intel employs in this area. IT must evolve away from reactive information technology and towards proactive innovation technology. “The ultimate goal is that we end up with IT innovation that is predictable, probable and profitable.” Etienne Van de Kerckhove explained how IRIS managed to survive purely through profound innovation. At the end of the eighties IRIS was developing products for character recognition. There was barely a market for it. Out of sheer necessity, the company innovated and grew into a customer-driven specialist in Enterprise Content Management. “The customer is the driver”, says CEO Etienne Van de Kerckhove. “As a business you have to have a feel for the market, and then invest just in time in the right product innovation. In fact, we have no team especially for that. Innovation is everyone’s job!” At Alcatel-Lucent innovation is organised more formally, through Bell

Labs, among others. “Basically, innovation is about the connection between people, between businesses, between sectors”, according to Danny Goderis, VP of Bell Labs Benelux. He thinks today’s economic climate offers a wonderful opportunity. “After a recession there is always a distinct peak in innovation. The fact is that people perform better when under pressure.” Goderis says we should not underestimate the human element in this, even in technological innovation. “Ultimately, as a business, you must be able to approach innovation with great flexibility, combining all manner of skills, both commercially and at the R&D level.”

< PICTURE

Dries Buytaert, Founder & Project Lead at Drupal, receiving the first CIOnet Innovation Award.

PICTURE

IT minister Vincent Van Quickenborne: “We need to take IT closer to people and businesses.”

Digital heart of Europe In order to stimulate IT innovation, there is a need in Belgium for more IT adoption. IT minister Vincent Van Quickenborne presented the assembled CIOs with his plans in this area. By 2015, the minister wants to transform Belgium into the digital heart of Europe, the centre for IT-enabled innovation. “That is why we need to take IT closer to people and businesses,” he confirms, “through programmes for increasing the penetration of broadband and mobile Internet, through support from things like electronic invoicing and teleworking, but also through more effective networking for businesses.” The minister also argues in favour of creating horizontal IT support for the entire national administration, beyond the segments in the present Federal Agencies.

Special feature

Social Media

Nothing to do with the CIO? “I wonder if a CIO’s reluctance to play a role in social media or social networking stems from the name.” That is the view of Nick O’Doherty of Bright Beehive, speaking at CIOnet UK’s first event in November.

ick continued: “We find that ‘Social Business’ is often a more useful term, as we’re all in business, but not necessarily in media. Nor are we all active networkers.”

PICTURE

Andrew Abboud, CIO at City University, London: “Social business moves us away from command and control models.”

Andrew Abboud, CIO at City University, London, expands: “One of the things I’ve explored is how social business interacts with the work we have been doing on collaboration internally. The tools overlap. I’ve found it useful for us to plot a journey, as Gartner suggests, from communication, through sharing and then networking, to aggregation.” Beyond systematic initiatives, Andrew has personally pursued a range of social media tools. He comments: “I’ve found that there are some tools

that I use for my work life, some for my home life, and some for both. But social networking blurs these boundaries – work colleagues find me on what I think are ‘personal networks’ and friends find me on professional ones. Sometimes this poses some interesting challenges.” So how should CIOs engage with social business? Nick O’Doherty says there are two approaches: “CIOs can adopt a more passive approach – this means first of all understanding the benefits and risks – both generally and specific to their own organisations. It also means knowing what competitors are doing with social media; what people in the CIO’s own organisation are doing; and which other functions are interested. IT leaders, even if passive, need to be trying it out too.” Proactive approach “A more proactive approach,” Nick continues, “means in addition that the CIO engages with interested functional and business leaders. If they need prompting, the CIO may naturally take the lead with social business. If they are already active, then the CIO and his peers need to agree whether IT will take a leadership role, or an enabling and supporting one. But ignoring it and hoping it will go away would be a big mistake.” Andrew Abboud explains: “the important thing is not whether IT is in charge – social business moves us away from command and control models anyway. Rather, it is that the business exploits the opportunities offered to it, and that facilitating this is an integral part of the IT strategy and operations.”

Column

Networking is about learning to network

For me, getting to know CIOnet has been an exciting experience. It was a totally new form of networking. I have found CIOnet to be a friendly and open community, in which everyone is informally encouraged to participate.

he uncomplicated meetings with those who share the workload, Peter Hinssen’s charisma and inspiration, working actively with Grab@ Pizza, the CIO simulation game, and all of the other initiatives. They are delightfully refreshing – each and every one. My background is in technical physics in Delft as well as international law in Leiden, later followed by medicine in Nijmegen and business science in Amsterdam. On top of that came PrinceII, Six Sigma, Lean, Compliance – just far too many to mention. Having set out in the academic hospital world (in digital imaging), via IBM and ING automation, ultimately I landed up in my present role as CIO Benelux at DHL. Well, then came the question of whether I would take on the role of chair for the Advisory Board. Since October, I have also been doing that with great pleasure. Networking is about learning to network, but I would also be glad to help bring about the network of CIO networking. A kind of InterCIOnet, but not academic babble and contemplation or an old-boy network with stuffy suits and dowdy dresses, but instead a gathering wherever and whenever it brings out the best in us. Virtually, digitally or just physically over a drink and a bite to eat, so long as it stays positive, honest and preferably cheerful. The message that I would like to pass on to other members is “See and be seen”. Join in, jump in, take the plunge. I think the main thing is that an active CIOnet can be tremendously enriching for all members and their environment, provided everyone takes part as actively as possible and also

genuinely tries out all that is being offered. I look out for those who in turn inspire me to pass the baton on to others, young or old, man or woman, within and beyond known networks and circles. No hindrances, every idea seen as an idea, with its implementation providing the evidence of what we can do with it. Share plenty and you get plenty back. I have seen that for myself. Far more is possible than we could ever imagine!

PICTURE

Jan Peter de Valk, DHL’s CIO Benelux, the author of this article, has been an active member of CIOnet since 2008 and since October 2009, the new chair of the Netherlands Advisory Board.

If we now consider the future role of the CIO, it is my view that positions such as the CIO, CEO, COO and CFO are becoming much more integrated as a result of taking turns in secondary roles. Just compare it to the homo universalis from the Renaissance. It is a question of putting aside established role patterns and spinning a single CIO web, in which everyone networks among like-minded people and stakeholders with common interests. Forget information – it’s all about integration and innovation! This is how CIOnet supports, inspires and motivates potential in a fantastic way. I believe that a future without CIOnet is unthinkable.

Special feature

Effects of downturn on the CIO role

Things have changed “The downturn could be a very positive thing for CIOs”, so says David Chan, Director of the Centre for Information Leadership at City University, London. He continues: “The downturn has focused organisations, making them realise ‘we can’t just keep going on the way we have been’, prompting them to be more radical.”

avid is one of five UK CIOnet members who offered their perspective on how the downturn has changed the CIO role, and what lessons we need to learn as we emerge from it. For some, the changes have been matters of degree, rather than sudden change. PICTURE

Richard Boynet, CIO of Electrocomponents: “We have to promote a shift in the IS function, so that we’re truly able to be a source of innovation throughout the business.”

“We’ve been living with recession strategies for about ten years now”, is the view of Mario Devargas, CIO of Bolton Council. “In Local Government, the year on year quest for greater value for money means that savings have had to be found every year. The difference now is in the scale of savings sought – and their potential impact.”

Nic Bellenberg, UK IT Director at Hachette Filipacchi similarly sees continuity into and out of the downturn: “Media has been a sector in change for some time now. The challenges that were there before the downturn are still there, but the downturn has heightened them.” “The ‘knee-jerk’ reaction to this,” says Chan, “has been for organisations to retreat into ‘safe’ behaviour – sticking with known approaches. But the problem is that these approaches let us cut 5%, not the 20% being demanded of us. We cannot just go on as if nothing has changed.” Smarter and harder So, what needs to change? First, CIOs need to recognise that they are in a ‘both / and world’. Bellenberg makes this point forcibly: “Yes, we have to work smarter but we have to work harder as well. I have to master the new, but I can’t stop managing the old. Coaching, inspiring, encouraging, motivating have all become more important parts of my role – but at the same time I have to turn the screw, raising the performance bar higher.” This is a time for new approaches to innovation too. Richard Boynett, CIO of Electrocomponents says: “Our partners in the business are now ready for innovation, and looking at us to collaborate with them. We have to promote a shift in the IS function, so that we’re truly able to be a source of innovation throughout the business. We are systematically involving our external sourcing partners in this initiative too. This relied on building trust over a period of time – with a high degree of mutual openness. Collaboration internally and externally is key.” Boynett joins with Devargas and Ian Alderton (Eu-

Special feature

ropean CIO at Wachovia Bank) in recognising that innovation is no longer about well-funded largescale projects. Alderton explains: “There is no longer a separate budget for innovation, but the CIO still has to forge ahead and provide leadership. We have to create a ‘patchwork quilt’ of innovation through smaller tactical projects that knit together into a coherent innovation roadmap.” Devargas adds: “Innovation does not even have to be about technology.” He fears that the UK’s risk-averse culture makes innovation difficult: “There’s no freedom to fail – and learning from failure is often a crucial ingredient in successful innovation.” Returning to the ‘both / and’ theme, Boynett highlights that “innovation does not replace operational performance. High SLAs are a ticket to the game. I can’t act as a credible strategic innovation partner with a line of business in which the PC docking stations keep failing.” We can look for innovation in the vendor community too, as CIOs will need to look for, partner with and leverage the opportunities offered by new entrants. Ian Alderton reminds us that “downturns create space for, and inevitably throw up new entrants. Some of these, historically, have become major players. As CIOs, we need to be alert, identifying early those that will become significant.” David Chan expects that “these new organisations will have different styles, reflecting the ‘digital native’ perspective of their founders – different as the dot.coms of ten years ago were different, but more so.” Futurologist The current environment’s unpredictability has consequences for the IT leader too. Ian Alderton is clear: “We can no longer plan with certainty, but we do have to explore a wide range of potential outcomes, and know how we would respond in each case. That means that CIOs have to take on the role of futurologist as well.” Richard Boynett

stresses: “This scenario approach to strategising must include business, not just IT scenarios.” David Chan draws attention to two concepts that can prove useful here: “Strategies need to recognise the span of foresight and agility – how far ahead can we see, and how quickly can we make a change. Both are shortening – so I wonder why organisations are entering into some of the ten years shared services agreements that I see.” Wrestling with these challenges means that CIOs have to raise their personal leadership game too. Nic Bellenberg surely speaks for most IT leaders when he says: “I’ve had to learn fast and perform in areas that have not been traditional strengths for me. Re-evaluating my own skills set and stretching myself have been both opportunity and necessity.” Chan develops this further: “The future will be less about us as CIOs changing what we do, and more about changing the way we’re being. What we do flows from how we are. This is about inspiration, moving away from command and control models to ways of working that are far more fluid and organic. We need to end the knee-jerk tendency to retreat into what feels safe, and instead be bravely different.”

< PICTURE

David Chan, director of the Centre for Information Leadership at City University, London: “We need to end the knee-jerk tendency to retreat into what feels safe, and instead be bravely different.”

PICTURE

Nic Bellenberg, Director at Hachette Filipacchi: I’ve had to learn fast and perform in areas that have not been traditional strenghts for me.”

The views expressed in this article are those of the individuals and not necessarily those of their organisations.

Special feature

Innovation on top of the agenda

Times of crisis

In these times of shrinking IT budgets and rationalisation, should you even be thinking about innovation? The CIOnet community of IT managers thinks you should.

PICTURE

Marco Gianotten, managing director at Giarte: “The IT department needs to have its own service provision in order. That is often still lacking here and there.”

T enabled business innovation was the theme of the Dutch CIOnet annual conference held in Utrecht on Tuesday 29 September. More than ever before, IT has to place innovation firmly on the agenda, precisely because executive boards only want to talk about saving costs. In his lecture, Egon Berghout, professor of Information Technology at the University of Groningen, cited a good example of how you can modernise a business process by using the Internet. “Now that Dutch Railways has introduced e-ticketing, when I travel by train I no longer have to go to the ticket machine at the station. As a rail traveller, I value that enormously. Dutch Railways has greatly improved its service provision, while the cost of insourcing this facility is marginal.” There is also a downside to those low costs. “There is always someone else in the world able to supply your product or service better and cheaper.” Berghout believes that you need to keep a continuous watch over the service provision process.

According to Marco Gianotten, managing director at research consultants Giarte, IT can, above all, contribute greatly to improving the productivity chain. “If, as IT manager, you only look at IT innovations that optimise the IT itself, you will only be able to save one per cent at the very most. If your goal is to optimise the chain using IT, then all at once, it opens up an altogether different perspective. Improving the integration of internal systems with those of partners immediately pushes up the productivity by eight per cent or more.” Ineffective service provision “When introducing such modernisations, there is an important prerequisite to take seriously”, asserts Gianotten. “The IT department needs to have its own service provision in order. That is often still lacking here and there. One of the main reasons why the IT manager is just as despised as the HR manager is the ludicrous service provision from IT.” IT departments think they are doing it right, yet users don’t experience it that way. The calls just keep on coming in day after day. How can you introduce any change here? “Quite simply,” maintains Gianotten, “by properly screening the complaints process for potential improvements and focusing on minimising errors and inefficiencies. Now if you manage to take your service provision to a higher level, people will be more inclined to take modernisation proposals seriously.”

The Kluwer magazine IT Executive is aimed at Dutch IT decision-takers and organises panel discussions between two members from the CIOnet network. If you are interested in taking part in this, please contact CIOnet Netherlands’ community manager Joyce Gronert (joyce.gronert@cionet.com).

Column

Benefits are from Venus, costs are from Mars

IS evaluation

CIOnet Nederland conducted an assessment of objectivity in IS economics evaluation, in collaboration with the Rijksuniversiteit Groningen. Here are some of the results.

iven the plethora of available information systems (IS) evaluation techniques, it seems unlikely that yet another technique will address the problems of unsuccessful projects and ineffective management. Rather, more insight into the foundations of evaluation techniques may yield greater benefits. One generally accepted but largely unexplored issue concerns objectivity and subjectivity in the assessment of costs and benefits. This research addresses three questions regarding these concepts and their objectivity: (1) how different are costs and benefits, (2) what is the gap between the assessments of costs and of benefits in IS evaluation, and, (3) how does this gap influence evaluation results? It is demonstrated that, over time, the objectivity of evaluation approaches has diminished as they increasingly assess benefits. As cost measurements remain more objective, assessments that seek to compare costs and benefits become more problematic; hence, benefits are from Venus, costs are from Mars and their orbits are diverging.

uations which are perceived to have a higher degree of objectivity will deliver better economic management of IS. In this phase, for 40 hospitals, benchmark data on IS costs, IS provision quality, and provided IS functionality will be reflected to the IS evaluation techniques used. This identification of objectivity as one of the possible causes for existing methods not being the expected success adds to the foundations upon which IS are evaluated. It is likely that narrowing the gap, and particularly the objective measurement of IT benefits, is a prerequisite for a more general acceptance of IT evaluation methods. In addition, gaining insights into the properties of evaluation techniques will enable future research on trade-offs between these properties. The research offers practitioners the possibility of increasing the quality of the assessments. This offers improved potential to address resources allocated to IS and increased credibility of the IS function.

PICTURE

Peter Schuurman, researcher at the Rijksuniversiteit Groningen, is the author of this article.

Two phase empirical model A two phase empirical model is deployed to research this phenomenon. In the first phase, the main hypothesis is tested that higher levels of perceived objectivity will lead to higher perceived levels of evaluation quality. Using structured interviews perceived objectivity, importance and performance are measured for elements part of cost and benefit taxonomies. In this phase, the focus is put on evaluation of IS economics assessed for IS justification and realisation purposes. In the second phase, the research concentrates on the economics of operational IS, i.e. IS in the exploitation phase of their life cycle. The central hypothesis is that organisations using IS eval-

Event report

The changing role of risk management

Situated at board level Using IT does not come without risks. Big risks. After all, an IT risk is a business risk, albeit one linked to the development, use and consequences of IT in the business.

n a study into risk management, Erik Guldentops set a panel of companies ten questions. Guldentops is executive professor at the University of Antwerp Management School and advisor to the board of the IT Governance Institute. He is widely known as the ‘father of CobiT’, the framework that drives IT process management. Guldentops conducted a study into the existence of a formal risk management function in the business world: who reports to whom, about what domains, via what formal routes, who is accountable, and so on. His study shows that compliance needs are a greater trigger for risk management than specific business needs. In the present economic circumstances, businesses are prepared to take more risks, while accepting that risk management is necessary to properly control such large risks. Additionally, as commercial risk increases, so does the need for financial risk management. Sixty per cent of the businesses questioned approve of a legal or contractual obligation surrounding risk management, with SOX and the industry frameworks for pharmaceuticals and telecoms being the most cited examples. “Ultimately, keeping your business going is more important than being SOX compliant”, says Erik Guldentops. “But, of course, it is necessary to have an insight into the risks in order to be able to take the right business decisions. It’s the crocodile you don’t see that will get you, as they would say in Australia.” The fact is that there are always two sides to risk. A manager who takes risks and gets into difficulties as a result, is quick to be branded ‘reckless’, ‘overconfident’ or simply ‘downright stupid’. A business that takes risks and gets away with it is immediately labelled visionary. Naturally, the question is, as a business, how do you deal with risks

in a suitable manner. “In the past, risk management in IT used to be mainly about technical and operational risks”, says Olivier Nagelmackers, Operational Risk Manager with Atos Worldline Belgium. “That is no longer the case. For example, we employ a matrix that enables us to link business activities with the right IT activities. That results in the exposure of business risk and IT risk.” It is an approach that forms the basis for a business to generate the appropriate risk intelligence. “For risk management, it is crucial for there to be business awareness”, adds Luc Delcon, Head of IT Compliance Management with Atos Worldline Belgium. “You should not just confine yourself to the technical part.” Moreover, by thinking not only of risk management, but also by paying attention to corporate governance and compliance, a business can make sure that its CIOs do not needlessly lose sleep at night. Quality wins through Risk management is also one of the pharmaceutical industry’s favourite topics. Vaccine producer GlaxoSmithKline Biologicals employs a team of six IT risk managers. “Growth is important”, says Geoffroy de Callataÿ, Senior Manager IT Risk & Compliance. “The company has doubled in size over the past four years. Obviously, risk comes into that. It is not always a simple exercise, because we need to coordinate rapid growth, timing and risk, without making any concessions in terms of the product quality we deliver.” Risk management is ingrained in the corporate culture, both topdown, in delineating the strategy, and bottom-up, in the practical response to that. A considerable part of risk management centres on managing IT risks. The IT department of GlaxoSmithKline Biologicals serves 12,000 users, spread across thir-

Event report

teen sites worldwide. “We have about eighty development projects a year”, explains Sjoerd Canninga, Senior Manager IT Risk & Compliance. “In each case we analyse the impact on the systems, we see whether the users need to be given training, and so on. Our whole way of developing and implementing relies on a risk-based approach.” The support for this is fully accommodated in SAP. This gives the company a consolidated view and monitoring in one central location. “It also makes it easier for us to show our stakeholders and the external auditors how we set about IT risk management”, clarifies Geoffroy de Callataÿ. There are now sufficient audits being conducted in the business, on average more than one a week. “Of course they are not all aimed at IT, yet given that IT forms an essential part of any business process, IT is naturally always involved in some way.” GlaxoSmithKline Biologicals records any abnormalities it finds in a risk register. Sjoerd Canninga: “That register contains a wealth of information about potential risks and about the way to tackle them: the risks that we reduce, the risks that we accept, and so on.” The first parameter for assessing a risk is the extent to which the risk could cause harm to the business, or even stop it. In the case of GlaxoSmithKline Biologicals there must not be any effect on the finished products and the risk must not go against the rules in the area of compliance. “Of course there are costs associated with risk management”, says Geoffroy de Callataÿ. “But then again, non-compliance can also turn out to be costly. In the pharmaceutical sec-

tor, it is quality that wins over cost. The patient still always comes first.” Risk management at board level The stories of Atos Worldline Belgium and GlaxoSmithKline Biologicals clearly show that risk management no longer belongs exclusively to the package of tasks of the IT security specialist. “These days risk management is situated at board level”, says IT Risk & Governance consultant, Dirk Steuperaert. This is also distinctly the point of departure for Risk IT, the IT Risk Management Framework of ISACA (Information Systems Audit & Control Association). This is an international organisation that provides information on the management, control and security of IT. ISACA positions Risk IT as a complement to CobiT. “The Risk IT framework asserts that risk is never absolute”, explains Steuperaert. “Risk is connected with business objectives. Risk management is consequently not something that you should see as an extra activity, but rather as a task that is interrelated with all of the company’s activities.” Risk IT is intended for mapping an organisation’s IT risks, thereby ensuring end-to-end guidance on their management. “Among other things, it is a matter of acquiring an insight into the way in which a company is capable of continuing to build on existing internal control systems and creating integration with the coordinating risk and compliance structures.” In that way the framework ensures that everyone is talking the same language throughout the company, thus contributing towards a company-wide risk culture.

< PICTURE

Olivier Nagelmackers, Operational Risk Manager with Atos Worldline Belgium: “Risk management in IT is not confined to the technical and operational risks.”

PICTURE

Sjoerd Canninga, Senior Manager IT Risk & Compliance with GlaxoSmithKline Biologicals: “Our whole method of IT development and implementation relies on a risk-based approach.”

Event report

More than the technology and processes

Enterprise Architecture for agility In the current economic climate, agility is, more than ever, a prerequisite for success. Having the right enterprise architecture forms the foundation for that agility.

PICTURE

Els Blaton, CIO at AXA Belgium: “Never take the link between enterprise architecture and agility for granted.”

onique Snoeck of KU Leuven University is researching the link between enterprise architecture and agility. “There is a large amount of scientific research on the organisation of an enterprise architecture,” she says, “but scarcely any on its feasibility and benefits. Perhaps there are simply not enough companies that are willing to testify to it.” In her research, Snoeck has found that it is usually external drivers that prompt companies to change, for instance, changes in legislation or the advent of a new technology. “Ultimately, however, it is internal changes that have the greater impact on the company.” The research now shows that strong enablers of agility form part of or are strengthened by the enterprise architecture. But are companies really aware that more agility does actually depend on enterprise architecture? “Not necessarily. A company’s size also largely determines the agility.” Furthermore, it is clear that enterprise architecture only has an impact starting from a certain volume of reusable components.

“There are two forces at play”, says Andy Mulholland, Global CTO at Capgemini. “On the one hand, the business expects more and more from IT, while on the other, IT has to make sure it is able to live up to those expectations.” Mulholland believes that there are a great deal more opportunities for companies these days, online among others. To a large extent, the challenge here lies in the external circumstances, precisely because they are so different from the past: take Web 2.0 and cloud computing, for example. “Often the emphasis is focused more on the people and not on the applications. It’s not so much about information technology, but rather about business technology”, claims Mulholland. End-to-end For AXA, agility provides the opportunity to be able to deal with a changing environment, both within the company itself and outside in the market. “Agility is something that you need to view end-to-end”, believes Els Blaton, CIO at AXA Belgium. “Agility extends more broadly than just the technology and the processes.” AXA is active in a rapidly evolving market that consequently demands flexible processes. The company is working hard on replacing all of its legacy applications: twenty-seven per cent of the functionality in the bank is more than twenty years old. “The upfront architectural design is very important in this”, according to Blaton. “You need to know what you consider to be core IT, and what you want to see as agile IT.” That determines the extent to which you can progress faster with subsequent projects. “But never take the link between enterprise architecture and agility for granted. In order to achieve agility, business and IT need to work together closely.”

Special feature

IT architecture looks like city architecture

Agility versus standardisation Within the framework of ‘agility versus standardisation’, CIOnet organised a conference last June that took a close look at the role of architecture. Wouter Schmitz, Head of Architecture at ABN AMRO talked about how he viewed this issue.

chmitz compares the architecture of a computer system to that of a city: “In comparison with 1750. the city centre of Amsterdam, for example, is still completely identifiable. Now just look at today’s mobility requirements. They have completely changed. Despite this fact, the ring of canals is just as it used to be. So you don’t change it just like that.” Schmitz draws a parallel with the ABN AMRO computer system. “If you decide to change the character of a system set, you have to adhere to that kind of time frame. Any structure you build is pretty much irreversible. We have always had a strategy of ‘customer intimacy’, so we have built a great deal of functionality around that. We have multi-channel service provision, which is complex and costly. If now, our strategy were to involve emulating the Postbank, a low-cost model, then our system set would simply not be able to support it.” Agility versus the IT system “For us, the business cycle is three to six months. That is roughly the time in which we want to be able to take a new product to market. However, the cycle of an IT project can easily be a year, the time it takes to complete a project. So what do you get? Quick and dirty solutions. However, the IT system cycle runs to over ten years and you can’t do anything about that. So that is what an architect is for, someone capable of translating the strategy into the right character of systems. You also need to include that character when thinking about the requirements. The architect should also be able to point out the long-term consequences of certain choices.”

more alliances. We too work with many partners. That results in a good chunk of the business process being outsourced. Some applications take too long to build internally. It is then sensible to look for solutions that are provided by external partners. That is agility. Reducing TCO Every time a project has been completed, we would like to ask the project leader to supply a breakdown of the budget spent across the systems. Ultimately, over time, that produces an overview showing which systems are the most costly. That then enables me, after three years for example, to examine why and on what we spent so much money. But I would not be able to draw up a business case then. Now, however, with the data that we want to collect, I can draw up a business case. That enables me to say ‘this system costs that much in changes each year and if I were to replace it with such and such it would cost so much’.”

PICTURE

Wouter Schmitz, Head of Architecture at ABN AMRO: “An architect is someone capable of translating the strategy into the right character of systems.”

Agility through collaboration “Since the nineties we’ve been seeing more and

Event report

First Annual CIOnet Congress in Spain

More CIOs to become CEO in the future? The role of the CIO is extremely complex. Many of the keynote speakers at CIOnet Spain’s first Annual Event developed this theme. Due to the importance of leadership and change management, one of the ‘headhunters’ present is convinced that CIOs have everything they need to take them to CEO level in the near future. PICTURE >

Federico Flórez, CIO at Ferrovial, emphasised the complexity of the role, the importance of communication skills, the necessity for a controlled operation, and the criticality of business orientation .

PICTURE

Alfredo Sáenz, CEO of Grupo Santander: “The CIO must ensure the integration of business and technology and work under significant pressure to achieve their goals.”

IOnet Spain, which launched in spring earlier this year, is up and running! The large turnout at its first annual event, last October, demonstrates the interest of IT professionals in this new network initiative. “We had a big turnout from our Spanish members. And we made it a success”, says Mona Biegstraaten, managing director of CIOnet Spain. “A success that also comes from our common commitment to let everyone know about our role, and to change ourselves to transform that role as a key enabler of innovation and competitive advantage for our businesses.” Biegstraaten thinks that the success of CIOnet in Spain represents a first step into the Spanish

speaking countries, with an open door to Latin America, “And this region will undoubtedly play an important role in the globalisation phenomenon of the 21st century.” In addition, the event represented an opportunity to review the influence of CIOs in large enterprises and the current state of the education offered in both Universities and Business Schools. Major headhunting companies expressed their views on what the market currently seeks. One of Spain’s top executives, Alfredo Sáenz, Santander’s Chief Executive Officer, presented the CEO’s view. Roberto Parra, President of CIOnet Spain, and Repsol’s CIO, welcomed the audience, thanked our business partners – IBM, T-Systems, Quint and PwC – and shared the CIOnet’s objectives in Spain. Balanced approach The first sessions addressed the CIO’s role within the company, and kicked off with Federico Flórez (Ferrovial’s CIO). He emphasised the complexity of the role, the importance of communication skills, the necessity for a controlled operation, and the criticality of business orientation. He also touched on the importance of having the right level of interaction with and influence on business’ executive management. Pedro Maestre, from Fraternidad Muprespa, enlarged on the key characteristics of an effective CIO: having a balanced approach between management and technology; the ability to motivate their staff and to delegate; and using management by objectives to achieve the best results.

Event report

PICTURE

Roberto Parra, President of CIOnet Spain and Repsol’s CIO, shared the CIOnet’s objectives during the First Annual CIOnet Congress in Spain.

In the next sessions, what universities bring to developing the CIO role was discussed. Carlos López Barrio (Universidad Politécnica de Madrid), Juan Antonio Fernández (Universidad Europea) and Pablo Molina (Georgetown University), shared their own views on the specific universities’ offerings and stressed the differences between American and European approaches. The part of the day was titled ‘Business Schools: the Way In’. Javier Busquets (ESADE), Rafael Zaballa (La Salle) and Alberto Mazagatos (Instituto de Empresa) exchanged opinions on what business schools currently offer to prepare for leaders to take on the role of CIO, and emphasised the importance of the CIO role, not only in delivering the business strategy but also in creating it. The next round table was led by three top ‘headhunters’, who discussed the market demands for the CIO role: Plácido Fajardo (Leaders Trust International), Ramón Bartolomé (Heidrick & Struggles) and Carlos Alemany (Korn/Ferry International). Mr Alemany highlighted the importance of

CIO’s 10 Commandments 1. 2. 3. 4. 5. 6. 7. 8. 9. 10.

See your business as your own department. Do not sacrifice the strategy because of the operations. Manage your department as if it were a business itself. Contribute to your company’s productivity. Anticipate your business needs. Determine the metrics that allow you to keep control of your department’s performance. See technology as a mean, not as a goal. Enforce standardisation and processes in your team. See that the best management competences, and not only technical knowledge, are present in your department. Drive your organisation towards an efficient service management model, providing your business with the right quality at the right cost.

By Mona Biegstraaten, Managing Director CIOnet Spain.

leadership and change management, and attracted attention by stating: “In the future we will see more CIOs becoming CEO of their companies.” Essential piece The closing keynote speech was given by Alfredo Sáenz, Grupo Santander’s CEO, who shared his own experience as the top executive of one of the most international Spanish companies. According to him, there is huge complexity in this role, given the numerous variables that can affect its responsibilities and performance. “The CIO must ensure the integration of business and technology,” Mr Sáenz feels, “and work under significant pressure to achieve their goals. He must take an active role in developing the company business plans, and in shaping the businesses themselves. The CIO can become, through this approach, an essential piece in any company committed to cost effectiveness, quality, and risk compliance and management.”

Column

Merger, Split

s IT thinks about the way mergers and splits have to be addressed, it needs to take care about human, functional and technological issues.Technology always finds a solution, so project success relies more on human aspects on the one hand and business demands on the other. A simple merger is a straightforward operation. The new management will be that of the acquirer, possibly keeping the best from the acquired. There are few exceptions to this rule. IT integration is not overly difficult and the business can pursue its forward development using the now dominant model of the acquiring organisation. A large-scale merger is more complex. Both teams must be integrated, leveraging all available skills as efficiently as possible. This requires real objectivity. Appointing the new head of IT is a sensitive issue, as the choice made will be seen as pointing to the adoption of the IT policies and strategies previously implemented by the person selected. The business aspect, however, is fundamental. The task is to integrate two system environments, taking the best aspects from each of the merged entities while continuing to develop new functionality. How can this be managed? The key people addressing this challenge are the head of IT and the line of business head, focused on corporate operations. A successful solution depends on two factors: mutual respect between the two key people and their positions in the organisation â&#x20AC;&#x201C; which should be at board level. Their task is to put in place mutually acceptable agreements while sustaining fully operational IT. IT will not pursue large-scale technological breakthroughs, and the business will introduce only those demands that are absolutely essential. If we, more unusually, need to separate what has just been integrated, the task is difficult. There is no longer a shared goal. Each party pursues its own interests. Although splitting a team is in some ways a mathematical process, maintaining peaceful relationships is difficult. The organisation must entrust this type of project to its most reliable people, and they should have had no involvement in the previous integration process. In both cases, what makes finding the right solution difficult is not problems relating to technology, but the ability of the heads of IT and business to manage together and constructively all the steps in a merger or split project.

JEAN-PIERRE CARDINAEL

Former CIO of Fortis and current Chairman of Contraste Europe Jean-Pierre Cardinael passes the baton to Jacques Godet, BNP Fortis. Theme: Demand, Delivery, Servicing: a process approach to industrialise IT.

Innovation only happens with the right ingredients At Deloitte, we strongly believe that the right ingredients are crucial for nurturing innovative entrepreneurship. Our specialists relentlessly strive for new but workable solutions supporting your goals and vision. Thatâ&#x20AC;&#x2122;s why we never stand still and are always looking to help our clients taking the next step ahead. Are you ready to step ahead? Visit www.deloitte.com

ÂŠ 2009 Deloitte Belgium