View
174
Download
1
Category
Preview:
Citation preview
Thrive. Grow. Achieve.
Who needs a CIO ? And what would they do for me anyway?
Paul Williams June 8, 2016
AGENDA
WHO NEEDS A CIO?
• What do you do anyway ?
–Connect the dots between Business and Technology.
–Processes for IT best practice –Capacity and Capability –Identify opportunities and threats from
technology –Bridge between Executives and IT
• What am I missing ?
–SAAS, PAAS and the new world order
• How Raffa Can Assist You
Can your business survive without technology ?
Do you know what your IT team is doing ? or can do ?
Are you compliant with the law ? With best practice ?
How can you manage change? What’s the right priority ?
Who can assess vendors independently ?
Is there a different way to do this ?
Who Needs a CIO? Page 2
MIS MANAGER VS CIO
When is a CIO the right choice
May not need a CIO all the time, but role is critical :
•During major change
•When IT is no longer meeting the enterprise needs
•New Initiatives / New Business
Who needs a CIO Page 3
CIO Manager / Supervisor Primary focus is Business opportunities and drivers Primary focus is maintenance / IT Operations
External and Enterprise focus – How IT is leveraged
Business area inward focused on IT
Proactive, Opportunity seeking to improve Responsive to demands, reactive
Strategy and execution focused – What to perform Process and Procedure focused – How to perform
Critical during times of change or in larger environments
Works in a smaller or stable environment
Generates and drives strategic plans Requires Strategic leadership from outside, may generate tactical plans
ITS NOT AS SIMPLE AS IT SEEMS SOMETIMES YOU NEED EXPERT KNOWLEDGE
Does your business have a web address or business email ?
Your web address Backup and Disaster Recovery Do you have legal exposure for sensitive data
What does the group do all day
Outsourced and Hosted services are not secure
Who Needs a CIO page 4
Do you own the web address
No its Rented – the ‘DNS’ record links that name with specific “Addresses”
Is your data secure? Do you have it backed up?
Are copies off site (fire) ? Have you ever tried to restore data ? How long could you be down without irreparable Harm
Do you know your legal obligations about data
Employees ? Customers ? Donors ?
PII, HIPPA,PCIDSS – who has access and how Not just digital data. Voicemail, paper records. Birthday including year ? Address and phone ? Do you know what
they are doing ?
Do you know what they can do ?
Expectation gaps: Never want to say ‘No’. Set up to fail
Keeping the lights on (Housekeeping) Maintenance (Obsolescence) Growth (Volume / Size, Projects, Features) Capacity and Capability
What are you getting for your spend ?
Software is not really a good asset
Maintenance and housekeeping High Risk High Cost Low added value
WHAT’S YOUR TECH INVENTORY ?
End user computers (and software)
Back Office Computers, Storage, Data (and software)
Security: Passwords and more
Network: All the connected devices
How important is technology to your enterprise ?
Critical ?
Essential ?
Peripheral ?
Will it stay the same?
What are your technology lifecycles ?
• Hardware ?
• Software ?
• End of Life ?
• End of Use ?
Who Needs a CIO Page 5
Expensive. Don’t last long (3-5 years)
Hate power spikes, heat, water ~ 5 year life
Keys to the kingdom
The Domain, LAN or WAN
WHAT’S YOUR SKILLS INVENTORY ?
How many people / what people
Generalists • Helpdesk : Internal or External
• Supporting Functions:
Supervision, Project Management, Business Analyst
Specialists –Administrators
–Engineers
–Developers
What resources do I have ?
What are their competencies
Certifications ?
What do I need ?
Is there a gap ?
What’s most valuable to my business ?
Where are my biggest risks ?
Who Needs a CIO ? Page 6
•Future specialists •Can be a commodity •Low investment •Generic Skills
•Specific Skills •Privileged Access •Out of hours support ?
•Key System architects •Hard to replace •‘On demand’ ?
•Should not have ‘1’ •Need governance
CAPACITY AND CAPABILITY
•How does my Inventory translate into Capability • What you HAVE today is a constraint – created by past decisions
• Resources are focused around status quo and stability (reliability, repeatability, Routine, Maintenance)
–Not the best environment for change – but do you need to change ?
–If the Inventory doesn’t match the Enterprise you can change the inventory !
What you have and what you need may not be aligned
IT tends to over estimate capacity and capability to deliver change
Result is delivery below expectations
Processes and people are harder to change than systems
Page 7 Who needs a CIO?
WHAT DOES A CIO (OR IT) DO ANYWAY ?
–What Processes you have in place • WHAT does IT do, HOW is it done
–Are you getting what you need ? – Are you really getting good value ?
• Main Elements: People, Services, Software,
Hardware
• What Information you are processing and storing –Compliance – HIPPA, PCIDSS, PII –Accuracy / Quality and standards –Completeness / Controls –Security
Technology uses its own (arcane and full of acronyms) language.
In a smaller enterprise the CIO role is not a full time job. Changing technology is changing the role too.
The world is changing and your enterprise needs to keep up. It’s a survivability issue.
Tech is everywhere. There are complex rules that can hurt you
Page 8 Who needs a CIO?
• Looks at what you HAVE / ARE DOING / CAN DO with technology in your Enterprise, Compared to what you SHOULD HAVE / SHOULD be doing – and acts to close the gaps.
WHAT CAN YOU DO FOR ME ?
Where does IT fit in the enterprise
What does IT contribute
Where can best value be achieved Where are the key opportunities for improvement
Help manage IT better
• Reporting • Scorecards • Planning • Execution • Governance • Projects • Key Performance Indicators • Communication
Yes, but how can I do these things ?
We have no dedicated CIO and / or I still don’t get these answers
Change is not natively easy. Without Governance, reporting, compliance, its hard to achieve accountability for delivering value (In IT or indeed elsewhere)
Who Needs a CIO Page 9
Help in bridging the cultural and language barrier Simple tools to manage Technology resources and projects
SIMPLE TOOLS AND PROCESSES ROUTINE MANAGEMENT
Cyclical tool to manage a department
Formal communication between execution and management
Over time see trends and patterns
Suggested Weekly or bi weekly
Can have meeting notes on reverse or second page
Presentation Title / Page 10
Broad Focus Areas
■What’s Important in the function at the moment
■Where are we spending time money and effort
New Information
■What’s New this cycle
■What did we achieve in the last cycle
■What did we find out
Targets for this cycle / week
■What are we going to get done
■Who is doing it
■What’s the status of ongoing efforts
Open items / Roadblocks
■Open Decisions
■ Things I am waiting for others (who) on
■Carried forward open issues
THE 4-BLOCK REPORT : DATE / PRESENTED BY
SIMPLE TOOLS AND PROCESSES ROUTINE KPI’S / METRICS
Usually Monthly
Aligns with Enterprise Financial Reporting
Meaningful indication of performance
Who needs a CIO Page 11
MONTHLY IT METRICS DATE / PRESENTED BY
Item Content Budget Operating budget with narrative. Performance to
Plan / Last year Reliability Uptime %, failure rates, downtime stats. Trended
over time (Network Phones, Backups, Servers) Helpdesk Tickets handled, average time to close,
Outstanding unresolved by importance (critical) Capacity Utilization: Storage, Compute, Network Inventory Bought, Broken, Repaired, Retired, Lost/Stolen
(phones and aircards if owned as well) Staff Gaps, new, exits, promo’s, Training, Skills Services SAAS provider performance by provider Change Management
Planned and Deployed changes. Outcome summary
SIMPLE TOOLS AND PROCESSES CAPITAL / PROJECT REPORTING
Project reporting is about how well change is being executed
Do you know what projects IT are executing on ?
What are your expectations on scope and delivery ?
How are you gate keeping and prioritizing projects ?
Who needs a CIO Page 12
USUALLY MONTHLY EXCEL 1 LINE PER PROJECT.
Item Content Name Name and code for project (if coded) Description Business name / meaningful to all Purpose Why do this project (type, benefit, priority, risk) Budget Project Lifetime (original) budget to actual.
Performance to plan. Estimate to complete, contingency balance
Scope management
Changes to scope – Approved, waiting, declined
Dates Approved, planned start, Planned end, Projected end
Status Green (on plan / target), Yellow (at Risk), Red (off target –Time, Budget, scope, outcome)
SIMPLE TOOLS AND PROCESSES PROJECT REPORTING
Individual project reporting is about progress and execution of a specific objective
Often Weekly. But can change on activity level on project
Who needs a CIO Page 13
CYCLES WITH ACTIVITY. USUALLY 1 SHEET
Item Content Name Name, description, objectives Team Who, roles, responsibilities Budget Budget details, vendors Changes to scope / dates
Changes to scope – Approved, waiting, declined
Milestones Key dates within project Status Green (on plan / target), Yellow (at Risk), Red
(off target –Time, Budget, scope, outcome) Current activity Good / Bad, delivered / Missed, Roadblocks /
Issues, Next Planned Activity, Projected outcomes, Milestone reporting
All sheets = ‘Book of Knowledge’ a standard PMO tool
SIMPLE TOOLS AND PROCESSES COMPLEX PROJECT REPORTING
Where a project is high risk, or a large project, with cross functional teams or enterprise wide impact
E.g. changing ERP systems
Copies from MS project
Use Excel data Bars for complete %
Who needs a CIO Page 14
PROJECT STEERING / STAKEHOLDER MEETINGS
Item Content Objective / Milestone
Project Component being reported E.g. Cleaned up Vendor Master file, Chart of accounts sign off
Dates Planned start, Due, projected Completion Percentage Complete Actions Responsibilities and actions due / performed
SIMPLE TOOLS AND PROCESSES IT STRATEGY / DELIVERABLES
Annual or longer view of multiple changes or projects
Simple presentation of complex issues
Present IT and projects to a board
Who needs a CIO Page 15
Time scale / Item
Q1 16
Q2 16
Q3 16
Q4 16
Q1 17
Q2 17
Exchange Upgrade ERP Migration New Location opens Office 2013 deployment IP Video Deployment Intranet / SharePoint
Simple depiction of major initiatives that can be easily shared and digested. High level summary – Low level details can be built as required
THE WORLD TURNS – NEW TERMS
THE ‘CLOUD’ –A different way of providing services and managing technology –Enabled by “virtualization”
VIRTUALIZATION
–Compute capability can be separated from computer hardware –Less hardware, more efficient. Shared data and resources.
CLOUD APPLICATIONS
–Programs designed to be delivered via the internet (E.g. Turbotax online)
SOFTWARE AS A SERVICE (SAAS) –Rental agreement rather than purchase –Usually priced on usage over time or volume
PLATFORM AS A SERVICE (PAAS)
–The ability to buy or rent computing capacity, rather than acquire or build it. –Someone else is responsible for ‘Plumbing’
BIG DATA
–A (new) technology to handle analysis of very high data volumes very fast –As near as possible to real time results (Amazon, Google suggestions) –Marketing term for a specific product / business problem
New Technologies
New ways of delivering service
New Risks
New Opportunities
New Language to describe the capabilities
16 Who needs a CIO Page
WHAT IS THE ‘CLOUD’
The ‘Cloud’ a Simple definition –Computers / Programs (What computers do for us) are managed and provided as a ‘Service’ rather than components. This service is generally made accessible to users via internet connections
History: –Mainframes
• Big, Expensive, Did one thing, Inflexible, Local
–Client / Server • Smaller unit cost, Networked, Distributed, Generally focus on 1 function
–Virtualization - Separation of ‘Logical’ and ‘Physical’ • Shared Hardware, Dynamic load and capacity.
–Inside your network= “Private cloud” –Provided externally = “Public Cloud”
• What is the computer (Mainframe, Server etc)
• Less important than • What it can do • How it is Accessed
Ill defined term’
Multiple uses with different meanings
Most significant is ‘Public Cloud’ and ‘Private Cloud’
All computers as commodities
17 Who needs a CIO Page
WHAT DOES IT MEAN FOR IT
–Virtualization • Mainstream technology • Efficient (cost, support, reliability, resilience)
–Outsource/Cloud is often better than on premise
• All inclusive models (24/7, Risk Mitigation) • Remove single point failures / dependencies • Security is as good or better than in house • Scalable at short notice • Changes what IT does
Is IT Infrastructure good ‘Value’ for you ? Is it a Core Competence ? What’s your Risk ? What should your energy be directed towards ?
Should we be virtualized or in the Cloud ?
Absolutely to both – Hybrid model depending on enterprise
Self host generally if very high data volumes (scanning many his resolution images for example) or high level of integrations with localized systems
18 Who needs a CIO Page
WHAT DOES IT MEAN FOR IT
Possible Strategies / viewpoints
Are we BIG enough to have enough skills to support specific technologies in house ?
Using SAAS we can avoid having to hire skill set specialists
Should IT functions be a primary competence of our business ?
Can also consider full outsource models
19 Who needs a CIO Page
Product SAAS Status Impact Results
Email Common High Reliability, resilience, Frees resource for Enterprise mission
Payroll Common High Compliance, Security, Risk
SharePoint Rare (but growing) High Resilience, Accessibility
Website Common High Security, Reliability, Capacity
ERP / Accounting Becoming common High Reliability, Accessibility, Key skills
Helpdesk (system) Common Med Reliability, Accessibility - Stays up even if you are down !
Telephony Becoming common Med Depends on installed base and equipment
HR Systems Common High Security
CRM systems Common Med Reliability, accessibility
POS Common is small orgs High Risk, compliance. Can be more efficient in house but higher risk
Network / Connectivity
Growing High In house skill is expensive. Key man dependencies. Critical infrastructure
CLOSING VIEWPOINT
Things change – Entropy vs Development •We make decisions with what information we can gather and digest
• Research • Experts • Evaluations
•As new choices (and mandates) become available
• Need to re-evaluate options • Context of past decisions and current status • Some ‘trigger points’ – Obsolescence, Contracts, Strategy, Staff turnover,
Compliance, Growth
•Not all new options are right – Change vs Stability • Lots of marketing hype. Don’t get sold on shiny toys • Biggest benefits are not always cost • Will it help achieve the goals of the enterprise - how
How do you stay informed ? •People like us. Field experts, Benchmarks, Peer review, Sector experience, Passion in our fields.
Where am I compared to best practice
Where am I compared to my peers
For my type and size of enterprise
What keeps me awake at night
Am I happy with what IT is doing for me now
Who Needs a CIO Page 20
EVERYDAY ISSUES / GLOBAL BEST PRACTICE
Stop keeping credit card numbers (everywhere):
• End to end encryption for POS • Tokenization for Web
Don’t host your web site from your office
• Resource and access sharing is a bad idea. They will conflict.
Only collect personal data you NEED and keep it safe. Have a clean up process
• Most executives who lose sensitive data lose their jobs. Minimize the data and take care of it.
Check your backups work and are safe
• Perform test restores, Keep offsite copies (secure). Understand how you would recover from a failure.
SAAS and Cloud / Hosting is not a silver bullet
• New flexible solutions – New issues. Wont solve every problem but are a game changer
Some simple thoughts to take away
Who Needs a CIO Page 21
THANK YOU!
Paul Williams Direct: 202.730.7237 E-mail: PGWilliams@raffa.com Seth Zarny Direct: 301.279.6500 E-mail: SZarney@raffa.com
Q
A
Who needs a CIO? Page 25
Recommended