The Role of the CIO in

Effective IT Strategic Planning Through Corporate

Governance

by

Ivory S. Banks

This paper critically examines the CIO’s role in effective IT strategic planning within the

confines of corporate governance. It will include a brief comparison of previous governance

models versus 21st century governance models and how each have impacted and will impact the

role of the CIO. It begs the question if there is a one size fits all model or framework that can be

applied to an organization to achieve success in strategic planning and business alignment? In

addition, the paper will examine why and how two game changing facets of IT that did not exist

a decade ago, cloud computing and social media, will fit into the CIO’s strategic plan.

Corporate governance, as defined by business C-suite executives, may be developed and

executed differently than IT governance, as defined by technical C-suite executives and are

seemingly separate efforts. However, best practices CIOs have echoed the notion that the two

must be orchestrated as a concerted effort to foster and accomplish the overall strategic objective

of a corporation. “It is impossible to have strong corporate governance without strong IT

governance” (Moore, 2009). The technological evolution taking place is reshaping the way

organizations align IT and business to the point that IT has become the business. It forces

today’s CIO to be more agile and forward thinking in his or her strategic planning.

We are the survivors of a nearly post-financial apocalyptic era where corporations

learned they were not too big to fail. The most profound takeaway from the fall of these

corporations, relevant to this topic, is executive leadership is not a silo of people who sit atop the

corporate ladder and make decisions which only affect shareholders. The best practices of the

CIO also echo the essential common theme that proper IT strategic planning is aligned with the

mission of the organization for profitability, sustainability through innovation, and growth.

Paradigm shifts in IT have a prolific impact on the corporate structure and consequently the role

of the CIO.

New technologies such as cloud computing and social media are impacting multiple

business functions across organizations like enterprise application management, infrastructure,

marketing, and finance to name a few. How can a CIO strategize effectively utilizing his or her

resources, knowledge, and the ever-changing trends of information technology? It also begs the

question if there is a one size fits all model or framework to achieve success in strategic planning

and business alignment? Ironically, any rigidity is strategic planning is actually the opposite of

strategic.

The CIO -- a technological acrobat

Imagine a Cirque de Soleil performer who changes his costume to fit the theme of the

show, be it “O” or “Zanadu” and each show is a chorographical masterpiece of intricate dances

and fantastical acrobatic feats. All of the actors, be it main characters or a supporting cast rely

on the precision and timed movement of their peers on stage. There is always a main character

in these shows and a storyline that governs how the characters will move, while the musical

score captivates and help build the anticipation of the audience. Now, imagine if the lead

character in “O” came dressed as the lead character of “Zanadu” and the acrobats decided to

perform the choreography of “Zanadu” during the “O” show. This disorganization would not

only cause confusion to the audience, but it would be of catastrophic consequence to the

acrobats.

The CIO, much like a Cirque de Soleil performer has a role to play and is governed by

several themes that drives his or her focus for IT strategic planning. Obviously, the storyline for

technology changes rapidly and in order for a CIO to be effective, he or she must be agile and

flexible to these changes which are affecting the technological and operational structure of

corporations. The days of simply managing a menu of software applications, help desk

operations and staff, and equipment maintenance issues are a thing of the past for today’s CIO.

He or she has to be a “technological acrobat” when it comes to crafting and implementing IT

strategies that will ultimately govern the outcome of the organization’s growth, profitability,

sustainability, and lest one not forget innovation. The challenge also is to convince senior

management to make complementary changes to its process, policies and organizational

structure, or in other words, corporate governance (Nevens, 2004).

Walking the tightrope

Throughout this study of the different perspectives on IT strategic planning and

governance, two diametrically opposed views are common. One group of strategists supports the

idea of liberal and decentralized governance of IT or the pancake structure (Schneckenberg,

2009). This idea of a pancake structure allows for a more autonomous employee decision

making capability relying on the competence of the individual (Schneckenberg, 2009). Andriole

(2012) tends to agree, arguing that organizations need to rethink governance and authority and

embrace the growing trend of decentralization and the distribution of computing power. Another

group of strategists prefer a stricter approach based on the premise of protecting corporate

integrity and rightfully so for the time. In the past, governance of technology was a top-down

approach that fostered a hierarchal drive for standardization and centralization and left little

room for flexibility (Andriole, 2012). The 1990’s technological infrastructure called for

standardization and centralization (Andriole, 2012). To be effective, these antiquated

methodologies for managing an infrastructure are not conducive to the technology trends of

today and are perhaps, no longer best practice for C-level leadership to follow.

However, organizations must be careful and to Andriole’s (2009) credit, he cites the

responsibility of the organization to govern in such a way to ensure the actions of individual

employees do not compromise the integrity of the organization’s infrastructure. The age of Web

2.0 gives free reign to collaborate and communicate via blogs, wikis, and social media without

understanding the technology or the consequences (Schneckenberg, 2009). Imagine such

behavior in a corporate infrastructure both internally and externally and one can understand a

company’s opposition to liberal governance. The former example also serves as evidence of the

need for a CIO to be directly involved in the process of helping the organization to understand

the technologies that are an advantage to the business. Similarly, Robert Stephens, vice president

of Best Buy and founder of Geek Squad, agrees with the viewpoint of providing balance by

cultivating a culture of freedom to innovate but within guidelines, also referred to as “freedom

with fences” (Stephens, 2011). He cautions, the role of the CIO is to set the tone for a

disciplined, safe and secure environment to be “playfully innovative” (Stephens, 2011). As the

industry provisions and almost demands more flexibility, the conundrum is how does the CIO

protect the infrastructure and cultivate an atmosphere of innovation, sustainability, and growth

while ensuring ROI (return on investment) to the organization’s shareholders? If the ever-

changing trends of technology are a circus, the CIO is an acrobat, and this paradox of a balance

act is his or her tightrope.

IT and business – a syncing ship

The CIO has several key objectives and that is to figure out this strategy, align it to the

business, and then be willing to change it. He or she must be as dynamic in approach to planning

and implementing as technology is to changing. Rigidity in applying and sticking to any

particular business model is the opposite of strategic. It would be oxymoronic to apply a static

framework to something so volatile as planning for technology. Can a CIO really plan for

technology? In order for a CIO to be effective in strategic planning and proving to his or her

business counterparts the validity of IT objectives, the tools used to develop these plans must be

just as agile as the business itself. MacKay (2004) agrees that developing strategic direction

matters and thus model frameworks should be developed and implemented on the basis of

change. For example, MacKay’s (2004) four box strategy planning model applies different

approaches to strategic planning based on predictable environments with stable goals, predictable

environments with ambiguous goals, complex environments with stable goals, and complex

environments with unstable and conflicting goals. The flexibility of these models makes sense

and the role of the CIO is to figure out which model makes sense for his or her organization.

Luftman's (2007) alignment maturity model underscores the need for IT-business

alignment to mature along with the growth of the organization. So taking into account

Luftman’s model, organizations lack maturity in at least one of these criteria of maturation;

communications, value, governance, partnership, scope and architecture, and skills (Kempaiah &

Luftman, 2007). Costello (2010) takes the Luftman Model a step further by identifying specific

steps for the CIO to conjoin IT initiatives with the overall business strategy. Locate the area in

the organization where ideas originate, evaluate the influence of the leaders in those areas,

identify the approval flow of the ideas, and make the case for how the CIO’s goals produce better

outcomes for the business (Costello, 2010). He goes on to spell out the steps that identify the

CIO as the one with the “PR bullhorn” for his or her strategic plan. This may be referred to as

business maxims (Broadbent, 2004). Business maxims draw on the balance between synergy,

autonomy, notwithstanding the strategic plan (Broadbent, 2004). The CIO works to set formal

processes, develop skills, and align IT with key business objectives. In parallel, customers,

products, process, and services are constantly evolving and therefore so must a company’s

business (Broadbent, 2004).

Corporate maturation is a reality and supports the fact that developing strategy is not an

end state but a continuous journey (Broadbent, ???). Here, let it be reiterated that the

fundamental basis of successful strategy planning is a concerted effort between technology and

business leadership. Significant time and effort needs to be spent developing short and long-

term goals for information and technology (Broadbent, 2004). The CIO’s job is to maintain a

close relationship with business counterparts to gain a concrete understanding of business needs

(Costello, 2010) and leverage opportunities for change to evolve the business while meeting

those needs. The CIO should not only be allowed to sit at the C-suite table, he or she should be

integral member of the board. When it comes to IT within an organization, the CIO to the CEO

is much like a U.S. Army general is to the president during war time. He or she is in direct

communication with what’s going on with the employees internally and how external trends in

technology impact their day-to-day operations. It is for this reason that it makes sense for CIOs

to provide their perspectives directly to the CEO. CIOs, as members of boards, can bring a

strategic view of technology as it relates to specific value-chain areas of high-level governance,

finance, accounting, and corporate strategy (Woosley, 2010).

It is in this role that the CIO is a visionary. In said vision, the CIO has to recognize when

certain technology trends, though seemingly unconventional to the corporate infrastructure,

cannot be ignored because of uncertainty. The impact of such trends as social media and cloud

computing on corporate governance is inevitable despite skepticism among organizations.

You can run but it wouldn’t be strategic to hide

History has shown time and again that resistance to change in technology ultimately

results in the demise of an organization (Hugos, 2011). This examination of IT strategic

planning would be remised if it did not speak to specific technologies which are reaching

ubiquity in the public domain. A little over a decade ago, cloud computing and social media did

not exist when the centralized way of governing corporate infrastructure were paramount. How

we look at corporate infrastructure and IT governance is rapidly increasing the complexity of the

CIO’s role as we transcend into the era of technology democratization and social networking

(Moore, 2009). A survey conducted by Ernst & Young found that 60 percent see social

networking and cloud computing as an increased risk to their organization (Granado and Tsantes,

2011).

Security concerns have increased over the years with social media because it is exists

both inside and outside of corporate firewalls (Andriole, 2012). CEOs, IT strategists, and

industry experts are among some who believe social media and cloud computing threaten the

fundamentals of governance and consequently corporate infrastructure. Security existed as a

concern when e-commerce sites emerged in the late 1990’s, early 2000’s but imagine what

avoiding the change in business would have done for businesses like Amazon, eBay, and the rest

of the e-commerce industry. Perhaps they would not exist. The CIO has the daunting yet

imperative job of convincing C-level business executives that avoiding integrating new

technologies like social media and cloud computing into the strategic plan poses a greater threat

to the growth and sustainability of the organization.

“The most fundamental strategic risk related to social media is not having a strategy”

(Jacka and Scott, 2011). As the CIO, he or she should use social media as a way to empower the

organization to protect and solidify a positive reputation as an industry leader. A complete social

media strategy should articulate exactly what is to be accomplished by using this medium, be

directly aligned with business objectives, set a time commitment (long or short-term), identify its

target audience and appropriate media channels (LinkedIn versus Facebook) and ensure this

evolution is properly staffed and funded (Jacka and Scott, 2011). As if the CIO does not have

enough on his or her plate, deploying a social media strategy may compound more work and

become counterproductive to the organization’s mission. Social networking would not be

considered a value-chain priority. Therefore, this may be a reason to outsource this evolution as a

part of the strategy to focus on core competencies within the organization.

Cloud computing introduces another nuance to the role of the CIO in an organization but

as a more prolific priority than social media. According to a recent global report about the future

role of the CIO, 67 percent see cloud computing as a gateway to other roles in business (Chia,

2011). The study also found that 60 percent believe cloud computing has been an enabler for

business strategy and innovation (Chia, 2011). It also presents new challenges as it comes with

greater security risks and in turn greater opposition to adoption by C-level executives. However,

there is a consensus that cloud computing offer practicality in unlimited computing resources,

immediate availability without long-term commitment, and a pay-as-you structure that does not

tie an organization to costly equipment investments (Hugos, 2011).

Despite these advantages, however, there is still resistance to the adoption of cloud

computing out of fear. Relying on the integrity of a public cloud environment to store a

company’s propriety data creates almost inconsolable apprehension about security risks. The

role of the CIO is to present a strategic plan that both consoles and reassures that the benefits of

adopting this new technology are greater than the risks it introduces. It would behoove the CIO

to help his or her organization understand and engage the concept of cloud computing because,

like social media, it enables businesses to stay connected to their clients and add value,

especially in area of services (Swamy, 2010). It speaks directly to the CIO’s job as a facilitator

of business agility.

Cloud computing provides such agility by removing some of the restrictive bureaucracy

when it comes to creating new business (Hugos, 2011). For example, a company called,

Animoto Corporation recently ascertain the services and benefits of Amazon’s powerful cloud

infrastructure. Animoto is an online video slideshow maker which allows customers to create

personal movies online (Bisong & Rahman, 2011). When Animoto made the decision to move

its service to the Internet, over the course of three-days, registration increased from 25, 000 to

250, 000 users which caused them to increase their Amazon cloud computers from 24 machines

to nearly 5,000 (Bisong & Rahman, 2011). Such a swift turnaround and increase in business

would not be possible in a traditional infrastructure. These are the types of examples CIOs have

to use in making the case for new technologies into the strategic plan.

Introducing the cloud into corporate infrastructure is not just about implementing a new

solution because it is popular. Part of the strategy is to know what to implement and why in

order to get the most business value. CIOs need to present a case for cloud computing that

forces a more critical analysis of its benefits beyond that of costs. Frankly, one can make the

case for a lot of business initiatives based on cost. Thus, the CIO should understand the

priorities of the organization as it relates to the corporate strategic objectives and goals. The

reality is the risks of cloud computing exists because they present a problem to the infrastructure

if those risks suddenly become an organizational nightmare. Understandably, organizations are

not comfortable with the fact that vendors are not forthcoming with transparency. It is for this

reason people like John Pironti, president of an IT consultancy firm, advises his clients to limit

their cloud endeavors to commoditized services which don’t impact mission-critical systems

(Kontzer, 2011). Unisys provides another example that illustrates how CIOs should choose their

battles wisely. They should focus on placing the most desired applications in the cloud as

opposed to migrating an entire infrastructure, again avoiding a perceived catastrophe of data

compromise (Kontzer, 2011).

The bottom line is new technologies like social media and cloud computing are

ubiquitous and unavoidable. They are gaining momentum as the links of technology that tie

business, IT, marketing, and innovation together in a way that prevent them from being mutually

exclusive. A strategic plan loses its effectiveness both on the business and IT side if they are not

included. The CIOs job is to determine exactly where they fit and for how long will they add

business value and contribute to the growth.

CONCLUSION

If today’s corporate climate is any indication, there exists a disconnection between C-

level business executives and C-level technology executives. Much of this misunderstanding of

IT in business is based on antiquated rules of thought that it is only there to save money and if

not, there is no use. Perhaps we can thank Nicolas Carr’s scathing “IT doesn’t matter” article in

the Harvard Business Review for this misconception.

The fact of the matter is a corporate strategic plan is empty without a comprehensively

aligned strategic IT plan to complement it. The role of the CIO is to see to it that said strategic

IT plan is as complex and simple, agile and rigid, and as static and dynamic as the business it

supports. He or she is an information technology maven that understands how each component

of business fits in to the grand scheme of the business and weaves a plan that interconnects them

all. Essentially, a CIO’s strategic IT plan provisions to leverage new technology trends, cultivate

the internal talents of its employees to promote innovation and establish guidelines which

coincide with corporate governance.

References

Andriole, S.J. (2012). Managing technology in a 2.0. world. IT Professional, (14)1, 50-57. doi:

10.1109/MITP.2012.13

Bisong, A., & Rahman, S. M. (2011, January). An overview of the security concerns in

enterprise cloud computing. International Journal of Network Security & Its

Applications, 3(1), 30-44. DOI: 10.5121/ijnsa.2011.3103

Broadbent, M. (2004). Where’s the strategy? CIO Insight, 46, 35-36. Retrieved from:

http://ezproxy.umuc.edu/login?url=http://search.ebscohost.com/login.aspx?direct=true&d

b=bth&AN=15231209&site=eds-live&scope=site

Chia, D. (2011, December 5). CIOs’ priority shifts to business services delivery optimization.

The Business Times.

Costello, T. (2010). CIO can drive change to a new strategic role. IT Professional, 12(1), 63-64.

Retrieved from:

http://ezproxy.umuc.edu/login?url=http://search.ebscohost.com/login.aspx?direct=true&d

b=iih&AN=48480484&site=eds-live&scope=site

Granado, J. & Tsantes, G. (2011). Social media at work. CIOInsight, 115, 16. Retrieved from:

http://ezproxy.umuc.edu/login?url=http://search.ebscohost.com/login.aspx?direct=true&d

b=bth&AN=58772130&site=eds-live&scope=site

Hugos, M. (2011). Cloud computing and the new economics of business. In J. Stenzel (Ed.), CIO

best practices: Enabling strategic value with information technology (pp. 99-

140). Hoboken, NJ: John Wiley & Sons.

Jacka, J.M. & Scott, P.R. (2011). The whole world’s talking. Internal Auditor, 68(3), 52-56.

Retrieved from:

http://ezproxy.umuc.edu/login?url=http://search.ebscohost.com/login.aspx?direct=true&d

b=f5h&AN=62830505&site=eds-live&scope=site

Kempaiah, R. & Luftman, J. An update on business-IT alignment: “A line” has been drawn. MIS

Quarterly Executive, 6(3), 165-176. Retrieved from:

http://tychousa9.umuc.edu/ISAS650/1202/9040/class.nsf/0/ca2ce839839a77e085257974

006823b3/$FILE/Alignment%20readings.pdf

Kontzer, T. (2011). GRC in the cloud. CIOInsight, 118, 18-21. Retrieved from:

http://ezproxy.umuc.edu/login?url=http://search.ebscohost.com/login.aspx?direct=true&d

b=bth&AN=65156892&site=eds-live&scope=site

MacKay, J. (2004). Does strategic planning still fit in the 2000s? Retrieved from Berkeley

Consulting website:

http://www.berkeleyconsulting.com/strategic/Does%20Strategic%20Planning%20Still%2

0Fit.pdf

Moore, S. (2009). Corporate governance and the role of IT. Siliconindia, 12(6), 20-22.

Retrieved:http://ezproxy.umuc.edu/login?url=http://search.ebscohost.com/login.aspx?dire

ct=true&db=bth&AN=42122484&site=eds-live&scope=site

Nevens, T. M. (2004). Who’s right about IT priorities? McKinsey Quarterly, 24. Retrieved:

http://ezproxy.umuc.edu/login?url=http://search.ebscohost.com/login.aspx?direct=true&d

b=bth&AN=14071880&site=eds-live&scope=site

Schneckenberg, D. (2009). Web 2.0 and the shift in corporate governance from control to

democracy. Knowledge Management Research & Practice 7(3), 234-248. Retrieved:

http://ezproxy.umuc.edu/login?url=http://search.ebscohost.com/login.aspx?direct=true&d

b=edswss&AN=000282845600006&site=eds-live&scope=site

Stephens, R. (2011). Freedom with fences: Robert Stephens discusses CIO leadership

and IT innovation. In J. Stenzel (ed.), CIO best practices: Enabling strategic value with

information technology (pp. 1-40). Hoboken, NJ: John Wiley & Sons.

Swamy, V. (2010). It’s the age of seamless and collaborative technology. Siliconindia, 13(4), 42-

43. Retrieved from:

http://ezproxy.umuc.edu/login?url=http://search.ebscohost.com/login.aspx?direct=true&d

b=edswss&AN=000282845600006&site=eds-live&scope=site