CIO360 Empowerment

Andrew Wasser

Executive Director of the CIO Institute

Dean of CMU’s School of Information Systems & Management

Ranked by U.S. News & World Report, Carnegie Mellon is: • 1st in Information and Technology

Management

• 2nd in Management Information Systems and Quantitative Analysis

• 3rd in Computer Engineering

20 Nobel Laureates

IT Plus ‘X’

X =‘s• Healthcare

• Security

• Traffic

• Entertainment

• Crime

• Privacy

Topics for Today: Positioning your CIO for Success

• Lead or follow?

• Why IT projects fail

• Iterative and incremental development

• Enterprise Architecture

• Shadow IT

• Principle-Agent theory

• Process or Innovate?

Public Vs. Private Sector CIO

Public sector IT lags three to five year behind private sector technology initiatives

First Movers

• First Movers could be moving fast towards a dead-end

• First Movers do not learn from other’s mistakes

• First Movers are the province of the private sector

Why do we take technology risks?

We listen to consultants and vendors in expensive suits (with cocktails).

! Why do we respect the opinions of outsiders more than we do our trusted employees?

! Why do we let consultants and vendors gain their experience at our expense?

You can still innovate

Innovate on Public Service, not Technology

• Open Data Websites:• Weather patterns

• Census demographic data

• Transparency in government activities

• Speed and quality of service

• Building a smart city

Failed Government IT Projects

x FBI Case File System

x IRS Modernization

x Kinetic Energy Interceptor

x Denver Airport

x Federal Aviation Administration modernization

x DoD and VA’s joint health records

x Mississippi tax system automation

x Navy-Marine Corp Intranet

x HealthCare.Gov

x Pentagon’s DEAMS accounting system

x Security Border initiative

Why projects fail:

1. Too big, too ambitious

2. Too technologically advanced

3. Too many stakeholders with too many competing interests

4. Poor leadership

5. The organization just isn’t ready or properly incentivized

FedRAMP Collaboration

COMMON SECURITY RISK MODEL for CLOUD:• Ensures government-wide cloud use has adequate

information security;• Eliminates duplication of effort and reduce risk

management costs; • Enables rapid and cost-effective procurement of

information systems/services for federal agencies.• Private (IBM, Amazon, Microsoft) and Public (federal

agencies) covered• Department of Defense, Homeland Security, and

GSA all on board

Give up on massive cross-departmental IT projects

• One-off partnerships and incremental agreements work better.• The City of Chicago and Allstate Insurance

partnered to predict restaurants that carry foodborne illnesses

• NIST and Census work together on a shared cloud-based research platform

• Cause & Effect: The more stakeholders, the higher the likelihood of a project failure

Small Wins towards Big gains

• Working in small (agile) chunks:• Each mini project adds value in and of itself

• Each serves as a base for the next building block

• People see progress and are motivated to support you

• Allows you the flexibility to change priorities and technologies

Little wins/Agile practices

• Requirements and solutions evolve through collaboration between cross-functional teams

• Fail quickly, learn, and move ahead

Agile Practices

Work on the most important things first

Not letting great stand in the way of good enough (the law of diminishing returns)

Decide as late as possible (just-in-time feature-decisions)

(Not Agile) Fixed Price Contracts

Why do we like them:

1. The comfort of knowing how much you are paying (low risk)

Why do we hate them:

2. We can’t change our minds

3. The incentive of the vendor is to do it in the cheapest way possible

4. You may get what you asked for but not what you want

Another major failure point

• Do you want to finish the last Director’s or CIO’s strategic IT project?

• How much waste are you willing to live with by abandoning projects?

Enterprise Architecture to the rescue

• EA provides a strategic, integrated approach to IT resource planning

EA sets Standards:

“We support Android devices”

“We use Jive as our collaboration tool”

EA as a Weapon for you and your CIO

1. EA gives you a Plan

2. EA gives you Standards

3. EA drives your IT spend

EA as a Plan:

Which projects are done 1st, 2nd, 3rd.

The End State with EA

• Stakeholders have better access to data

• IT Headcount reduced

• New systems delivered quicker

• Management / IT alignment

• Complexity & infrastructure costs controlled

• Data integrity & security improved

Shadow IT

• Unauthorized applications and services used without the permission of the CIO and the tech team• Driven by consumerized technology, mobility, cloud,

and frustration. GitHub Microsoft365 DropBox SourceForge Yammer, Jive….

A zillion apps A dozen clouds

Shadow IT: Friend or Enemy?

Friend• Fosters innovation• Gets the job done• Delivers agility & speed• Escapes technical debt

Enemy• Impedes cross-functional

collaboration• Increases Security &

Compliance Risks• Increases Privacy Risks• Chaos will ensue

We could ask Hillary Clinton

Shadow Innovation

• Allow and embrace small experiments

• Fast track new technologies

• Set boundaries and reinforce what will not be tolerated

Last Major IT Failure Point

• Organizational Readiness• Culture

• Unwillingness to change

• Competing interests

• Looking at it from a Principle-Agent perspective

Principal Agent Theory (WIFM)

The problem of motivating a party to act on behalf of another is known as ‘the principal-agent problem’.

• Badly designed incentives or features complicate the relationship between the principle and agent

• Gaming the system using the rules and procedures meant to protect a system to manipulate the system for a desired outcome

Adopting a new system or practice

• Using ‘What’s in it for me’ (WIFM) to align incentives

Incentives: Money Time-off Recognition Feedback Little Stuff

Is Process the enemy of Innovation?

• Process: You do things in an established manner, never deviating from the Standard Operating Procedure • Service Level Agreements, Process Modeling

• Avoiding errors, minimal thinking

• Innovation: You take risks, you challenge assumptions, you stay flexible, you recover rapidly

The Rare Responsible Person

• Self motivating

• Self aware

• Self disciplined

• Self improving

• Acts like a leader

• Doesn’t wait to be told what to do

• Never feels “that’s not my job”

• Picks up the trash lying on the floor

• Behaves like an owner

“Good” vs. “Bad” Processes

• “Good” processes help talented people get more done• Web site push every two weeks rather than random

• Spend within budget each quarter

• Regularly scheduled strategy meetings

• “Bad” processes try to prevent recoverable mistakes• Get pre‐approvals for $5k spending

• 3 people to sign off on banner ad

• Permission needed to hang a poster on a wall

• Multilevel approval process for projects

• Get 10 people to interview each candidate

Two Types of Necessary Rules

1. Prevent irrevocable disaster• Financials produced are wrong

• Hackers steal our customers’ credit card info

2. Moral, ethical, legal issues• Dishonesty, harassment are intolerable

CIO Empowerment

• Have a clear enterprise architecture

• Do not place the consultants and vendors over your internal staff

• Innovate on service, not on technology

• Small Wins, Small Wins, Small Wins

• Leverage but manage Shadow IT

• Use Principle-Agent Theory (WIFM) to motivate behavior and change culture

Andrew Wasserawasser@cmu.edu