For this week discussion – after reading chapter 16 in the course text, in your own words, discuss at least three 3 steps for facilitating effective collaboration. 

Note need: 350 words. PFA textbook thanks.

Global
editionGlo
b
a
l
ed
it
io
n
this is a special edition of an established
title widely used by colleges and universities
throughout the world. Pearson published this
exclusive edition for the benefit of students
outside the United States and Canada. if you
purchased this book within the United States
or Canada you should be aware that it has
been imported without the approval of the
Publisher or author.
Pearson Global Edition
Global
edition
For these Global editions, the editorial team at Pearson has
collaborated with educators across the world to address a
wide range of subjects and requirements, equipping students
with the best possible learning tools. this Global edition
preserves the cutting-edge approach and pedagogy of the
original, but also features alterations, customization, and
adaptation from the north american version.
it
Strategy:
Issues and Practices
M
cK
een
Sm
ith
it Strategy
Issues and Practices
tHiRd edition
James D. McKeen • Heather A. Smith
t
H
iR
d

e
d
it
io
n
McKeen_1292080264_mech.indd 1 28/11/14 12:56 PM

IT STraTegy:
ISSueS and PracTIceS
A01_MCKE0260_03_GE_FM.indd 1 26/11/14 9:32 PM

A01_MCKE0260_03_GE_FM.indd 2 26/11/14 9:32 PM

IT STraTegy:
ISSueS and PracTIceS
T h i r d E d i t i o n
G l o b a l E d i t i o n
James D. McKeen
Queen’s University
Heather A. Smith
Queen’s University
Boston Columbus Indianapolis New York San Francisco Hoboken
Amsterdam Cape Town Dubai London Madrid Milan Munich Paris Montréal Toronto
Delhi Mexico City São Paulo Sydney Hong Kong Seoul Singapore Taipei Tokyo
A01_MCKE0260_03_GE_FM.indd 3 26/11/14 9:32 PM

Editor in Chief: Stephanie Wall
Head of Learning Asset Acquisition, Global Edition: Laura Dent
Acquisitions Editor: Nicole Sam
Program Manager Team Lead: Ashley Santora
Program Manager: Denise Vaughn
Editorial Assistant: Kaylee Rotella
Assistant Acquisitions Editor, Global Edition: Debapriya Mukherjee
Associate Project Editor, Global Edition: Binita Roy
Executive Marketing Manager: Anne K. Fahlgren
Project Manager Team Lead: Judy Leale
Project Manager: Thomas Benfatti
Procurement Specialist: Diane Peirano
Senior Manufacturing Controller, Production, Global Edition: Trudy Kimber
Cover Image: © Toria/Shutterstock
Cover Designer: Lumina Datamantics
Full Service Project Management: Abinaya Rajendran at Integra Software Services, Pvt. Ltd.
Credits and acknowledgments borrowed from other sources and reproduced, with permission, in this
textbook appear on appropriate page within text.
Pearson Education Limited
Edinburgh Gate
Harlow
Essex CM20 2JE
England
and Associated Companies throughout the world
Visit us on the World Wide Web at:
www.pearsonglobaleditions.com
© Pearson Education Limited 2015
The rights of James D. McKeen and Heather A. Smith to be identified as the authors of this work have been
asserted by them in accordance with the Copyright, Designs and Patents Act 1988.
Authorized adaptation from the United States edition, entitled IT Strategy: Issues and Practices, 3rd edition, ISBN
978-0-13-354424-4, by James D. McKeen and Heather A. Smith, published by Pearson Education © 2015.
All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted
in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without either
the prior written permission of the publisher or a license permitting restricted copying in the United Kingdom
issued by the Copyright Licensing Agency Ltd, Saffron House, 6–10 Kirby Street, London EC1N 8TS.
All trademarks used herein are the property of their respective owners. The use of any trademark in this text
does not vest in the author or publisher any trademark ownership rights in such trademarks, nor does the
use of such trademarks imply any affiliation with or endorsement of this book by such owners.
ISBN 10: 1-292-08026-4
ISBN 13: 978-1-292-08026-0
British Library Cataloguing-in-Publication Data
A catalogue record for this book is available from the British Library
10 9 8 7 6 5 4 3 2 1
Typeset in 10/12 Palatino LT Std by Integra Software Services, Pvt. Ltd.
Printed and bound in Great Britain by Clays Ltd, Bungay, Suffolk.
A01_MCKE0260_03_GE_FM.indd 4 26/11/14 9:32 PM

ConTEnTS
Preface 13
About the Authors 21
Acknowledgments 22
Section I Delivering Value with IT 23
Chapter 1 The IT Value ProPoSITIon 24
Peeling the Onion: Understanding IT Value 25
What Is IT Value? 25
Where Is IT Value? 26
Who Delivers IT Value? 27
When Is IT Value Realized? 27
The Three Components of the IT Value Proposition 28
Identification of Potential Value 29
Effective Conversion 30
Realizing Value 31
Five Principles for Delivering Value 32
Principle 1. Have a Clearly Defined Portfolio Value Management
Process 33
Principle 2. Aim for Chunks of Value 33
Principle 3. Adopt a Holistic Orientation to Technology Value 33
Principle 4. Aim for Joint Ownership of Technology Initiatives 34
Principle 5. Experiment More Often 34
Conclusion 34  •  References 35
Chapter 2 DelIVerIng BuSIneSS Value Through
IT STraTegy 37
Business and IT Strategies: Past, Present, and Future 38
Four Critical Success Factors 40
The Many Dimensions of IT Strategy 42
Toward an IT Strategy-Development Process 44
Challenges for CIOs 45
Conclusion 47  •  References 47
Chapter 3 MakIng IT CounT 49
Business Measurement: An Overview 50
Key Business Metrics for IT 52
5
A01_MCKE0260_03_GE_FM.indd 5 26/11/14 9:32 PM

6 Contents
Designing Business Metrics for IT 53
Advice to Managers 57
Conclusion 58  •  References 58
Chapter 4 effeCTIVe BuSIneSS–IT relaTIonShIPS 60
The Nature of the Business–IT Relationship 61
The Foundation of a Strong Business–IT
Relationship 63
Building Block #1: Competence 64
Building Block #2: Credibility 65
Building Block #3: Interpersonal Interaction 66
Building Block #4: Trust 68
Conclusion 70  •  References 70
Appendix A The Five IT Value Profiles 72
Appendix B Guidelines for Building a Strong Business–IT
Relationship 73
Chapter 5 BuSIneSS–IT CoMMunICaTIon 74
Communication in the Business–IT Relationship 75
What Is “Good” Communication? 76
Obstacles to Effective Communication 78
“T-Level” Communication Skills for IT Staff 80
Improving Business–IT Communication 82
Conclusion 83  •  References 83
Appendix A IT Communication Competencies 85
Chapter 6 effeCTIVe IT leaDerShIP 86
The Changing Role of the IT Leader 87
What Makes a Good IT Leader? 89
How to Build Better IT Leaders 92
Investing in Leadership Development: Articulating the Value
Proposition 95
Conclusion 96  •  References 97
MInI CaSeS
Delivering Business Value with IT at Hefty Hardware 98
Investing in TUFS 102
IT Planning at ModMeters 104
A01_MCKE0260_03_GE_FM.indd 6 26/11/14 9:32 PM

Contents 7
Section II IT governance 109
Chapter 7 effeCTIVe IT ShareD SerVICeS 110
IT Shared Services: An Overview 111
IT Shared Services: Pros and Cons 114
IT Shared Services: Key Organizational Success Factors 115
Identifying Candidate Services 116
An Integrated Model of IT Shared Services 117
Recommmendations for Creating Effective IT
Shared Services 118
Conclusion 121  •  References 121
Chapter 8 SuCCeSSful IT SourCIng: MaTurITy MoDel,
SourCIng oPTIonS, anD DeCISIon CrITerIa 122
A Maturity Model for IT Functions 123
IT Sourcing Options: Theory Versus Practice 127
The “Real” Decision Criteria 131
Decision Criterion #1: Flexibility 131
Decision Criterion #2: Control 131
Decision Criterion #3: Knowledge Enhancement 132
Decision Criterion #4: Business Exigency 132
A Decision Framework for Sourcing IT Functions 133
Identify Your Core IT Functions 133
Create a “Function Sourcing” Profile 133
Evolve Full-Time IT Personnel 135
Encourage Exploration of the Whole Range
of Sourcing Options 136
Combine Sourcing Options Strategically 136
A Management Framework for Successful
Sourcing 137
Develop a Sourcing Strategy 137
Develop a Risk Mitigation Strategy 137
Develop a Governance Strategy 138
Understand the Cost Structures 138
Conclusion 139  •  References 139
Chapter 9 BuDgeTIng: PlannIng’S eVIl TwIn 140
Key Concepts in IT Budgeting 141
The Importance of Budgets 143
The IT Planning and Budget Process 145
A01_MCKE0260_03_GE_FM.indd 7 26/11/14 9:32 PM

8 Contents
Corporate Processes 145
IT Processes 147
Assess Actual IT Spending 148
IT Budgeting Practices That Deliver Value 149
Conclusion 150  •  References 151
Chapter 10 rISk ManageMenT In IT 152
A Holistic View of IT-Based Risk 153
Holistic Risk Management: A Portrait 156
Developing a Risk Management Framework 157
Improving Risk Management Capabilities 160
Conclusion 161  •  References 162
Appendix A A Selection of Risk Classification
Schemes 163
Chapter 11 InforMaTIon ManageMenT:
STageS anD ISSueS 164
Information Management: How Does IT Fit? 165
A Framework For IM 167
Stage One: Develop an IM Policy 167
Stage Two: Articulate the Operational
Components 167
Stage Three: Establish Information Stewardship 168
Stage Four: Build Information Standards 169
Issues In IM 170
Culture and Behavior 170
Information Risk Management 171
Information Value 172
Privacy 172
Knowledge Management 173
The Knowing–Doing Gap 173
Getting Started in IM 173
Conclusion 175  •  References 176
Appendix A Elements of IM Operations 177
MInI CaSeS
Building Shared Services at RR Communications 178
Enterprise Architecture at Nationstate Insurance 182
IT Investment at North American Financial 187
A01_MCKE0260_03_GE_FM.indd 8 26/11/14 9:32 PM

Contents 9
Section III IT-enabled Innovation 191
Chapter 12 TeChnology-DrIVen InnoVaTIon 192
The Need for Innovation: An Historical
Perspective 193
The Need for Innovation Now 193
Understanding Innovation 194
The Value of Innovation 196
Innovation Essentials: Motivation, Support,
and Direction 197
Challenges for IT leaders 199
Facilitating Innovation 201
Conclusion 202  •  References 203
Chapter 13 when BIg DaTa anD SoCIal CoMPuTIng MeeT 204
The Social Media/Big Data Opportunity 205
Delivering Business Value with Big Data 207
Innovating with Big Data 211
Pulling in Two Different Directions: The Challenge
for IT Managers 212
First Steps for IT Leaders 214
Conclusion 215  •  References 216
Chapter 14 effeCTIVe CuSToMer exPerIenCe 217
Customer Experience and Business value 218
Many Dimensions of Customer Experience 219
The Role of Technology in Customer Experience 221
Customer Experience Essentials for IT 222
First Steps to Improving Customer Experience 225
Conclusion 226  •  References 226
Chapter 15 BuSIneSS InTellIgenCe: an oVerVIew 228
Understanding Business Intelligence 229
The Need for Business Intelligence 230
The Challenge of Business Intelligence 231
The Role of IT in Business Intelligence 233
Improving Business Intelligence 235
Conclusion 238  •  References 238
A01_MCKE0260_03_GE_FM.indd 9 26/11/14 9:32 PM

10 Contents
Chapter 16 TeChnology-enaBleD CollaBoraTIon 240
Why Collaborate? 241
Characteristics of Collaboration 244
Components of Successful Collaboration 247
The Role of IT in Collaboration 249
First Steps for Facilitating Effective Collaboration 251
Conclusion 253  •  References 254
MInI CaSeS
Innovation at International Foods 256
Consumerization of Technology at IFG 261
CRM at Minitrex 265
Customer Service at Datatronics 268
Section IV IT Portfolio Development and Management 273
Chapter 17 ManagIng The aPPlICaTIon PorTfolIo 274
The Applications Quagmire 275
The Benefits of a Portfolio Perspective 276
Making APM Happen 278
Capability 1: Strategy and Governance 280
Capability 2: Inventory Management 284
Capability 3: Reporting and Rationalization 285
Key Lessons Learned 286
Conclusion 287  •  References 287
Appendix A Application Information 288
Chapter 18 IT DeManD ManageMenT: SuPPly ManageMenT
IS noT enough 292
Understanding IT Demand 293
The Economics of Demand Management 295
Three Tools for Demand management 295
Key Organizational Enablers for Effective Demand
Management 296
Strategic Initiative Management 297
Application Portfolio Management 298
Enterprise Architecture 298
Business–IT Partnership 299
Governance and Transparency 301
Conclusion 303  •  References 303
A01_MCKE0260_03_GE_FM.indd 10 26/11/14 9:32 PM

Contents 11
Chapter 19 TeChnology roaDMaP: BenefITS, eleMenTS, anD
PraCTICal STePS 305
What is a Technology Roadmap? 306
The Benefits of a Technology Roadmap 307
External Benefits (Effectiveness) 307
Internal Benefits (Efficiency) 308
Elements of the Technology Roadmap 308
Activity #1: Guiding Principles 309
Activity #2: Assess Current Technology 310
Activity #3: Analyze Gaps 311
Activity #4: Evaluate Technology
Landscape 312
Activity #5: Describe Future Technology 313
Activity #6: Outline Migration Strategy 314
Activity #7: Establish Governance 314
Practical Steps for Developing a Technology
Roadmap 316
Conclusion 317  •  References 317
Appendix A Principles to Guide a Migration
Strategy 318
Chapter 20 eMergIng DeVeloPMenT PraCTICeS 319
The Problem with System Development 320
Trends in System Development 321
Obstacles to Improving System Development
Productivity 324
Improving System Development Productivity: What we
know that Works 326
Next Steps to Improving System Development
Productivity 328
Conclusion 330  •  References 330
Chapter 21 InforMaTIon DelIVery: PaST, PreSenT, anD
fuTure 332
Information and IT: Why Now? 333
Delivering Value Through Information 334
Effective Information Delivery 338
New Information Skills 338
New Information Roles 339
New Information Practices 339
A01_MCKE0260_03_GE_FM.indd 11 26/11/14 9:32 PM

12 Contents
New Information Strategies 340
The Future of Information Delivery 341
Conclusion 343  •  References 344
MInI CaSeS
Project Management at MM 346
Working Smarter at Continental Furniture International 350
Managing Technology at Genex Fuels 355
Index 358
A01_MCKE0260_03_GE_FM.indd 12 26/11/14 9:32 PM

PrEFACE
Today, with information technology (IT) driving constant business transformation,
overwhelming organizations with information, enabling 24/7 global operations, and
undermining traditional business models, the challenge for business leaders is not
simply to manage IT, it is to use IT to deliver business value. Whereas until fairly recently,
decisions about IT could be safely delegated to technology specialists after a business
strategy had been developed, IT is now so closely integrated with business that, as one
CIO explained to us, “We can no longer deliver business solutions in our company
without using technology so IT and business strategy must constantly interact with
each other.”
What’s New in This Third Edition?
• Six new chapters focusing on current critical issues in IT management, including
IT shared services; big data and social computing; business intelligence; manag-
ing IT demand; improving the customer experience; and enhancing development
productivity.
• Two significantly revised chapters: on delivering IT functions through different
resourcing options; and innovating with IT.
• Two new mini cases based on real companies and real IT management situations:
Working Smarter at Continental Furniture and Enterprise Architecture at Nationstate
Insurance.
• A revised structure based on reader feedback with six chapters and two mini cases
from the second edition being moved to the Web site.
All too often, in our efforts to prepare future executives to deal effectively with
the issues of IT strategy and management, we lead them into a foreign country where
they encounter a different language, different culture, and different customs. Acronyms
(e.g., SOA, FTP/IP, SDLC, ITIL, ERP), buzzwords (e.g., asymmetric encryption, proxy
servers, agile, enterprise service bus), and the widely adopted practice of abstraction
(e.g., Is a software monitor a person, place, or thing?) present formidable “barriers to
entry” to the technologically uninitiated, but more important, they obscure the impor-
tance of teaching students how to make business decisions about a key organizational
resource. By taking a critical issues perspective, IT Strategy: Issues and Practices treats IT
as a tool to be leveraged to save and/or make money or transform an organization—not
as a study by itself.
As in the first two editions of this book, this third edition combines the experi-
ences and insights of many senior IT managers from leading-edge organizations with
thorough academic research to bring important issues in IT management to life and
demonstrate how IT strategy is put into action in contemporary businesses. This new
edition has been designed around an enhanced set of critical real-world issues in IT
management today, such as innovating with IT, working with big data and social media,
13
A01_MCKE0260_03_GE_FM.indd 13 26/11/14 9:32 PM

14 Preface
enhancing customer experience, and designing for business intelligence and introduces
students to the challenges of making IT decisions that will have significant impacts on
how businesses function and deliver value to stakeholders.
IT Strategy: Issues and Practices focuses on how IT is changing and will continue to
change organizations as we now know them. However, rather than learning concepts
“free of context,” students are introduced to the complex decisions facing real organi-
zations by means of a number of mini cases. These provide an opportunity to apply
the models/theories/frameworks presented and help students integrate and assimilate
this material. By the end of the book, students will have the confidence and ability to
tackle the tough issues regarding IT management and strategy and a clear understand-
ing of their importance in delivering business value.
Key Features of This Book
• A focus on IT management issues as opposed to technology issues
• Critical IT issues explored within their organizational contexts
• Readily applicable models and frameworks for implementing IT strategies
• Mini cases to animate issues and focus classroom discussions on real-world deci-
sions, enabling problem-based learning
• Proven strategies and best practices from leading-edge organizations
• Useful and practical advice and guidelines for delivering value with IT
• Extensive teaching notes for all mini cases
A Different ApproAch to teAching it StrAtegy
The real world of IT is one of issues—critical issues—such as the following:
• How do we know if we are getting value from our IT investment?
• How can we innovate with IT?
• What specific IT functions should we seek from external providers?
• How do we build an IT leadership team that is a trusted partner with the business?
• How do we enhance IT capabilities?
• What is IT’s role in creating an intelligent business?
• How can we best take advantage of new technologies, such as big data and social
media, in our business?
• How can we manage IT risk?
However, the majority of management information systems (MIS) textbooks are orga-
nized by system category (e.g., supply chain, customer relationship management, enterprise
resource planning), by system component (e.g., hardware, software, networks), by system
function (e.g., marketing, financial, human resources), by system type (e.g.,  transactional,
decisional, strategic), or by a combination of these. Unfortunately, such an organization
does not promote an understanding of IT management in practice.
IT Strategy: Issues and Practices tackles the real-world challenges of IT manage-
ment. First, it explores a set of the most important issues facing IT managers today, and
second, it provides a series of mini cases that present these critical IT issues within the
context of real organizations. By focusing the text as well as the mini cases on today’s
critical issues, the book naturally reinforces problem-based learning.
A01_MCKE0260_03_GE_FM.indd 14 26/11/14 9:32 PM

Preface 15
IT Strategy: Issues and Practices includes thirteen mini cases—each based on a real
company presented anonymously.1 Mini cases are not simply abbreviated versions of
standard, full-length business cases. They differ in two significant ways:
1. A horizontal perspective. Unlike standard cases that develop a single issue within
an organizational setting (i.e., a “vertical” slice of organizational life), mini cases
take a “horizontal” slice through a number of coexistent issues. Rather than looking
for a solution to a specific problem, as in a standard case, students analyzing a mini
case must first identify and prioritize the issues embedded within the case. This mim-
ics real life in organizations where the challenge lies in “knowing where to start” as
opposed to “solving a predefined problem.”
2. Highly relevant information. Mini cases are densely written. Unlike standard
cases, which intermix irrelevant information, in a mini case, each sentence exists for
a reason and reflects relevant information. As a result, students must analyze each
case very carefully so as not to miss critical aspects of the situation.
Teaching with mini cases is, thus, very different than teaching with standard cases.
With mini cases, students must determine what is really going on within the organiza-
tion. What first appears as a straightforward “technology” problem may in fact be a
political problem or one of five other “technology” problems. Detective work is, there-
fore, required. The problem identification and prioritization skills needed are essential
skills for future managers to learn for the simple reason that it is not possible for organi-
zations to tackle all of their problems concurrently. Mini cases help teach these skills to
students and can balance the problem-solving skills learned in other classes. Best of all,
detective work is fun and promotes lively classroom discussion.
To assist instructors, extensive teaching notes are available for all mini cases. Developed
by the authors and based on “tried and true” in-class experience, these notes include case
summaries, identify the key issues within each case, present ancillary information about the
company/industry represented in the case, and offer guidelines for organizing the class-
room discussion. Because of the structure of these mini cases and their embedded issues, it
is common for teaching notes to exceed the length of the actual mini case!
This book is most appropriate for MIS courses where the goal is to understand how
IT delivers organizational value. These courses are frequently labeled “IT Strategy” or
“IT Management” and are offered within undergraduate as well as MBA programs. For
undergraduate juniors and seniors in business and commerce programs, this is usually
the “capstone” MIS course. For MBA students, this course may be the compulsory core
course in MIS, or it may be an elective course.
Each chapter and mini case in this book has been thoroughly tested in a variety
of undergraduate, graduate, and executive programs at Queen’s School of Business.2
1 We are unable to identify these leading-edge companies by agreements established as part of our overall
research program (described later).
2 Queen’s School of Business is one of the world’s premier business schools, with a faculty team renowned
for its business experience and academic credentials. The School has earned international recognition for
its innovative approaches to team-based and experiential learning. In addition to its highly acclaimed MBA
programs, Queen’s School of Business is also home to Canada’s most prestigious undergraduate business
program and several outstanding graduate programs. As well, the School is one of the world’s largest and
most respected providers of executive education.
A01_MCKE0260_03_GE_FM.indd 15 26/11/14 9:32 PM

16 Preface
These materials have proven highly successful within all programs because we adapt
how the material is presented according to the level of the students. Whereas under-
graduate students “learn” about critical business issues from the book and mini cases
for the first time, graduate students are able to “relate” to these same critical issues
based on their previous business experience. As a result, graduate students are able to
introduce personal experiences into the discussion of these critical IT issues.
orgAnizAtion of thiS Book
One of the advantages of an issues-focused structure is that chapters can be approached
in any order because they do not build on one another. Chapter order is immaterial; that
is, one does not need to read the first three chapters to understand the fourth. This pro-
vides an instructor with maximum flexibility to organize a course as he or she sees fit.
Thus, within different courses/programs, the order of topics can be changed to focus on
different IT concepts.
Furthermore, because each mini case includes multiple issues, they, too, can be
used to serve different purposes. For example, the mini case “Building Shared Services
at RR Communications” can be used to focus on issues of governance, organizational
structure, and/or change management just as easily as shared services. The result is a
rich set of instructional materials that lends itself well to a variety of pedagogical appli-
cations, particularly problem-based learning, and that clearly illustrates the reality of IT
strategy in action.
The book is organized into four sections, each emphasizing a key component of
developing and delivering effective IT strategy:
• Section I: Delivering Value with IT is designed to examine the complex ways that
IT and business value are related. Over the past twenty years, researchers and prac-
titioners have come to understand that “business value” can mean many different
things when applied to IT. Chapter 1 (The IT Value Proposition) explores these con-
cepts in depth. Unlike the simplistic value propositions often used when imple-
menting IT in organizations, this chapter presents “value” as a multilayered busi-
ness construct that must be effectively managed at several levels if technology is
to achieve the benefits expected. Chapter 2 (Delivering Business Value through IT
Strategy) examines the dynamic interrelationship between business and IT strat-
egy and looks at the processes and critical success factors used by organizations to
ensure that both are well aligned. Chapter 3 (Making IT Count) discusses new ways
of measuring IT’s effectiveness that promote closer business–IT alignment and help
drive greater business value. Chapter 4 (Effective Business–IT Relationships) exam-
ines the nature of the business–IT relationship and the characteristics of an effec-
tive relationship that delivers real value to the enterprise. Chapter 5 (Business–IT
Communication) explores the business and interpersonal competencies that IT staff
will need in order to do their jobs effectively over the next five to seven years and
what companies should be doing to develop them. Finally, Chapter 6 (Effective IT
Leadership) tackles the increasing need for improved leadership skills in all IT staff
and examines the expectations of the business for strategic and innovative guid-
ance from IT.
A01_MCKE0260_03_GE_FM.indd 16 26/11/14 9:32 PM

Preface 17
In the mini cases associated with this section, the concepts of delivering
value with IT are explored in a number of different ways. We see business and
IT executives at Hefty Hardware grappling with conflicting priorities and per-
spectives and how best to work together to achieve the company’s strategy. In
“Investing in TUFS,” CIO Martin Drysdale watches as all of the work his IT depart-
ment has put into a major new system fails to deliver value. And the “IT Planning
at ModMeters” mini case follows CIO Brian Smith’s efforts to create a strategic
IT  plan that will align with business strategy, keep IT running, and not increase
IT’s budget.
• Section II: IT Governance explores key concepts in how the IT organization is
structured and managed to effectively deliver IT products and services to the orga-
nization. Chapter 7 (Effective IT Shared Services) discusses how IT shared services
should be selected, organized, managed, and governed to achieve improved organi-
zational performance. Chapter 8 (Successful IT Sourcing: Maturity Model, Sourcing
Options, and Decision Criteria) examines how organizations are choosing to source
and deliver different types of IT functions and presents a framework to guide sourc-
ing decisions. Chapter 9 (Budgeting: Planning’s Evil Twin) describes the “evil twin”
of IT strategy, discussing how budgeting mechanisms can significantly undermine
effective business strategies and suggesting practices for addressing this problem
while maintaining traditional fiscal accountability. Chapter 10 (Risk Management
in IT) describes how many IT organizations have been given the responsibility of
not only managing risk in their own activities (i.e., project development, operations,
and delivering business strategy) but also of managing IT-based risk in all company
activities (e.g., mobile computing, file sharing, and online access to information and
software) and the need for a holistic framework to understand and deal with risk
effectively. Chapter 11 (Information Management: Stages and Issues) describes how
new organizational needs for more useful and integrated information are driving
the development of business-oriented functions within IT that focus specifically on
information and knowledge, as opposed to applications and data.
The mini cases in this section examine the difficulties of managing com-
plex IT issues when they intersect substantially with important business issues.
In “Building Shared Services at RR Communications,” we see an IT organiza-
tion in transition from a traditional divisional structure and governance model
to a more centralized enterprise model, and the long-term challenges experi-
enced by CIO Vince Patton in changing both business and IT practices, includ-
ing information management and delivery, to support this new approach. In
“Enterprise Architecture at Nationstate Insurance,” CIO Jane Denton endeavors
to make IT more flexible and agile, while incorporating new and emerging tech-
nologies into its strategy. In “IT Investment at North American Financial,” we
show the opportunities and challenges involved in prioritizing and resourcing
enterprisewide IT projects and monitoring that anticipated benefits are being
achieved.
• Section III: IT-Enabled Innovation discusses some of the ways technology is
being used to transform organizations. Chapter 12 (Technology-Driven Innovation)
examines the nature and importance of innovation with IT and describes a typi-
cal innovation life cycle. Chapter 13 (When Big Data and Social Computing Meet)
discusses how IT leaders are incorporating big data and social media concepts
A01_MCKE0260_03_GE_FM.indd 17 26/11/14 9:32 PM

18 Preface
and technologies to successfully deliver business value in new ways. Chapter 14
(Effective Customer Experience) explores the IT function’s role in creating and
improving an organization’s customer experiences and the role of technology in
helping companies to understand and learn from their customers’ experiences.
Chapter 15 (Business Intelligence: An Overview) looks at the nature of business
intelligence and its relationship to data, information, and knowledge and how
IT can be used to build a more intelligent organization. Chapter 16 (Technology-
Enabled Collaboration) identifies the principal forms of collaboration used in orga-
nizations, the primary business drivers involved in them, how their business value
is measured, and the roles of IT and the business in enabling collaboration.
The mini cases in this section focus on the key challenges companies face in
innovating with IT. “Innovation at International Foods” contrasts the need for pro-
cess and control in corporate IT with the strong push to innovate with technology
and the difficulties that ensue from the clash of style and culture. “Consumerization
of Technology at IFG” looks at issues such as “bring your own device” (BYOD) to
the workplace. In “CRM at Minitrex,” we see some of the internal technological and
political conflicts that result from a strategic decision to become more customercen-
tric. Finally, “Customer Service at Datatronics” explores the importance of present-
ing unified, customer-facing IT to customers.
• Section IV: IT Portfolio Development and Management looks at how the IT func-
tion must transform itself to be able to deliver business value effectively in the
future. Chapter 17 (Managing the Application Portfolio) describes the ongoing
management process of categorizing, assessing, and rationalizing the IT applica-
tion portfolio. Chapter 18 (IT Demand Management: Supply Management is Not
Enough) looks at the often neglected issue of demand management (as opposed
to supply management), explores the root causes of the demand for IT services,
and identifies a number of tools and enablers to facilitate more effective demand
management. Chapter 19 (Technology Roadmap: Benefits, Elements, and Practical
Steps) examines the challenges IT managers face in implementing new infrastruc-
ture, technology standards, and types of technology in their real-world business and
technical environments, which is composed of a huge variety of hardware, software,
applications, and other technologies, some of which date back more than thirty
years. Chapter 20 (Emerging Development Practices) explores how system develop-
ment practices are changing and how managers can create an environment to pro-
mote improved development productivity. And Chapter 21 (Information Delivery:
Past, Present, and Future) examines the fresh challenges IT faces in managing the
exponential growth of data and digital assets; privacy and accountability concerns;
and new demands for access to information on an anywhere, anytime basis.
The mini cases associated with this section describe many of these themes
embedded within real organizational contexts. “Project Management at MM” mini
case shows how a top-priority, strategic project can take a wrong turn when proj-
ect management skills are ineffective. “Working Smarter at Continental Furniture”
mini case follows an initiative to improve the company’s analytics so it can reduce
its environmental impact. And in the mini case “Managing Technology at Genex
Fuels,” we see CIO Nick Devlin trying to implement enterprisewide technology for
competitive advantage in an organization that has been limping along with obscure
and outdated systems.
A01_MCKE0260_03_GE_FM.indd 18 26/11/14 9:32 PM

Preface 19
SupplementAry mAteriAlS
online instructor resource center
The following supplements are available online to adopting instructors:
• PowerPoint Lecture Notes
• Image Library (text art)
• Extensive Teaching Notes for all Mini cases
• Additional chapters including Developing IT Professionalism; IT Sourcing; Master
Data Management; Developing IT Capabilities; The Identity Management Challenge;
Social Computing; Managing Perceptions of IT; IT in the New World of Corporate
Governance Reforms; Enhancing Customer Experiences with Technology; Creating
Digital Dashboards; and Managing Electronic Communications.
• Additional mini cases, including IT Leadership at MaxTrade; Creating a Process-Driven
Organization at Ag-Credit; Information Management at Homestyle Hotels; Knowledge
Management at Acme Consulting; Desktop Provisioning at CanCredit; and Leveraging
IT Vendors at SleepSmart.
For detailed descriptions of all of the supplements just listed, please visit
www.pearsongloableditions.com/McKeen.
courseSmart etextbooks online
CourseSmart* is an exciting new choice for students looking to save money. As an alter-
native to purchasing the print textbook, students can purchase an electronic version of
the same content and save up to 50 percent off the suggested list price of the print text.
With a CourseSmart etextbook, students can search the text, make notes online, print
out reading assignments that incorporate lecture notes, and bookmark important pas-
sages for later review. www.coursesmart.co.uk.
* This product may not be available in all markets. For more details, please visit www.coursesmart.co.uk or
contact your local Pearson representative.
the geneSiS of thiS Book
Since 1990 we have been meeting quarterly with a group of senior IT managers from a
number of leading-edge organizations (e.g., Eli Lilly, BMO, Honda, HP, CIBC, IBM, Sears,
Bell Canada, MacDonalds, and Sun Life) to identify and discuss critical IT manage-
ment issues. This focus group represents a wide variety of industry sectors (e.g.,  retail,
manufacturing, pharmaceutical, banking, telecommunications, insurance, media, food
processing, government, and automotive). Originally, it was established to meet the com-
panies’ needs for well-balanced, thoughtful, yet practical information on emerging IT
management topics, about which little or no research was available. However, we soon
recognized the value of this premise for our own research in the rapidly evolving field
of IT management. As a result, it quickly became a full-scale research program in which
we were able to use the focus group as an “early warning system” to document new IT
management issues, develop case studies around them, and explore more collaborative
approaches to identifying trends, challenges, and effective practices in each topic area.3
3 This now includes best practice case studies, field research in organizations, multidisciplinary qualitative
and quantitative research projects, and participation in numerous CIO research consortia.
A01_MCKE0260_03_GE_FM.indd 19 26/11/14 9:32 PM

20 Preface
As we shared our materials with our business students, we realized that this issues-based
approach resonated strongly with them, and we began to incorporate more of our research
into the classroom. This book is the result of our many years’ work with senior IT manag-
ers, in organizations, and with students in the classroom.
Each issue in this book has been selected collaboratively by the focus group after
debate and discussion. As facilitators, our job has been to keep the group’s focus on IT
management issues, not technology per se. In preparation for each meeting, focus group
members researched the topic within their own organization, often involving a number
of members of their senior IT management team as well as subject matter experts in
the process. To guide them, we provided a series of questions about the issue, although
members are always free to explore it as they see fit. This approach provided both struc-
ture for the ensuing discussion and flexibility for those members whose organizations
are approaching the issue in a different fashion.
The focus group then met in a full-day session, where the members discussed all
aspects of the issue. Many also shared corporate documents with the group. We facilitated
the discussion, in particular pushing the group to achieve a common understanding of
the dimensions of the issue and seeking examples, best practices, and guidelines for deal-
ing with the challenges involved. Following each session, we wrote a report based on the
discussion, incorporating relevant academic and practitioner materials where these were
available. (Because some topics are “bleeding edge,” there is often little traditional IT
research available on them.)
Each report has three parts:
1. A description of the issue and the challenges it presents for both business and IT
managers
2. Models and concepts derived from the literature to position the issue within a con-
textual framework
3. Near-term strategies (i.e., those that can be implemented immediately) that have
proven successful within organizations for dealing with the specific issue
Each chapter in this book focuses on one of these critical IT issues. We have learned
over the years that the issues themselves vary little across industries and organizations,
even in enterprises with unique IT strategies. However, each organization tackles the
same issue somewhat differently. It is this diversity that provides the richness of insight
in these chapters. Our collaborative research approach is based on our belief that when
dealing with complex and leading-edge issues, “everyone has part of the solution.”
Every focus group, therefore, provides us an opportunity to explore a topic from a
variety of perspectives and to integrate different experiences (both successful and oth-
erwise) so that collectively, a thorough understanding of each issue can be developed
and strategies for how it can be managed most successfully can be identified.
A01_MCKE0260_03_GE_FM.indd 20 26/11/14 9:32 PM

AbouT THE AuTHorS
James D. McKeen is Professor Emeritus at the Queen’s School of Business. He has been
working in the IT field for many years as a practitioner, researcher, and consultant. In
2011, he was named the “IT Educator of the Year” by ComputerWorld Canada. Jim has
taught at universities in the United Kingdom, France, Germany, and the United States.
His research is widely published in a number of leading journals and he is the coau-
thor (with Heather Smith) of five books on IT management. Their most recent book—IT
Strategy: Issues and Practices (2nd ed.)—was the best-selling business book in Canada
(Globe and Mail, April 2012).
Heather A. Smith has been named the most-published researcher on IT management
issues in two successive studies (2006, 2009). A senior research associate with Queen’s
University School of Business, she is the author of five books, the most recent being IT
Strategy: Issues and Practices (Pearson Prentice Hall, 2012). She is also a senior research
associate with the American Society for Information Management’s Advanced Practices
Council. A former senior IT manager, she is codirector of the IT Management Forum and
the CIO Brief, which facilitate interorganizational learning among senior IT executives.
In addition, she consults and collaborates with organizations worldwide.
21
A01_MCKE0260_03_GE_FM.indd 21 26/11/14 9:32 PM

ACKnowLEDGMEnTS
The work contained in this book is based on numerous meetings with many senior IT
managers. We would like to acknowledge our indebtedness to the following individuals
who willingly shared their insights based on their experiences “earned the hard way”:
Michael Balenzano, Sergei Beliaev, Matthias Benfey, Nastaran Bisheban, Peter
Borden, Eduardo Cadena, Dale Castle, Marc Collins, Diane Cope, Dan Di Salvo,
Ken Dschankilic, Michael East, Nada Farah, Mark Gillard, Gary Goldsmith, Ian
Graham, Keiko Gutierrez, Maureen Hall, Bruce Harding, Theresa Harrington,
Tom Hopson, Heather Hutchison, Jim Irich, Zeeshan Khan, Joanne Lafreniere,
Konstantine Liris, Lisa MacKay, Mark O’Gorman, Amin Panjwani, Troy Pariag,
Brian Patton, Marius Podaru, Helen Restivo, Pat Sadler, A. F. Salam, Ashish
Saxena, Joanne Scher, Stewart Scott, Andy Secord, Marie Shafi, Helen Shih, Trudy
Sykes, Bruce Thompson, Raju Uppalapati, Len Van Greuning, Laurie Schatzberg,
Ted Vincent, and Bond Wetherbe.
We would also like to recognize the contribution of Queen’s School of Business
to this work. The school has facilitated and supported our vision of better integrat-
ing academic research and practice and has helped make our collaborative approach
to the study of IT management and strategy an effective model for interorganizational
learning.
James D. McKeen
Kingston, Ontario
Heather A. Smith
School of Business
June 2014
22
A01_MCKE0260_03_GE_FM.indd 22 26/11/14 9:32 PM

S e c t i o n i
Delivering Value with IT
Chapter 1 The IT Value Proposition
Chapter 2 Delivering Business Value through IT Strategy
Chapter 3 Making IT Count
Chapter 4 Effective Business–IT Relationships
Chapter 5 Business–IT Communication
Chapter 6 Effective IT Leadership
Mini Cases
■ Delivering Business Value with IT at Hefty Hardware
■ Investing in TUFS
■ IT Planning at ModMeters
M01_MCKE0260_03_GE_C01.indd 23 12/3/14 8:33 PM

24
C h a p t e r
1 the it Value Proposition1
1 This chapter is based on the authors’ previously published article, Smith, H. A., and J. D. McKeen.
“Developing and Delivering on the IT Value Proposition.” Communications of the Association for Information
Systems 11 (April 2003): 438–50. Reproduced by permission of the Association for Information Systems.
It’s déjà vu all over again. For at least twenty years, business leaders have been trying to figure out exactly how and where IT can be of value in their organizations. And IT managers have been trying to learn how to deliver this value. When IT was
used mainly as a productivity improvement tool in small areas of a business, this was
a relatively straightforward process. Value was measured by reduced head counts—
usually in clerical areas—and/or the ability to process more transactions per person.
However, as systems grew in scope and complexity, unfortunately so did the risks. Very
few companies escaped this period without making at least a few disastrous invest-
ments in systems that didn’t work or didn’t deliver the bottom-line benefits executives
thought they would. Naturally, fingers were pointed at IT.
With the advent of the strategic use of IT in business, it became even more difficult
to isolate and deliver on the IT value proposition. It was often hard to tell if an invest-
ment had paid off. Who could say how many competitors had been deterred or how
many customers had been attracted by a particular IT initiative? Many companies can
tell horror stories of how they have been left with a substantial investment in new forms
of technology with little to show for it. Although over the years there have been many
improvements in where and how IT investments are made and good controls have been
established to limit time and cost overruns, we are still not able to accurately articulate
and deliver on a value proposition for IT when it comes to anything other than simple
productivity improvements or cost savings.
Problems in delivering IT value can lie with how a value proposition is conceived
or in what is done to actually implement an idea—that is, selecting the right project and
doing the project right (Cooper et al. 2000; McKeen and Smith 2003; Peslak 2012). In
addition, although most firms attempt to calculate the expected payback of an IT invest-
ment before making it, few actually follow up to ensure that value has been achieved or
to question what needs to be done to make sure that value will be delivered.
M01_MCKE0260_03_GE_C01.indd 24 12/3/14 8:33 PM

Chapter 1 • The IT Value Proposition 25
This chapter first looks at the nature of IT value and “peels the onion” into its
different layers. Then it examines the three components of delivering IT value: value
identification, conversion, and value realization. Finally, it identifies five general
principles for ensuring IT value will be achieved.
Peeling the OniOn: Understanding it ValUe
Thirty years ago the IT value proposition was seen as a simple equation: Deliver the
right technology to the organization, and financial benefits will follow (Cronk and
Fitzgerald 1999; Marchand et al. 2000). In the early days of IT, when computers were
most often used as direct substitutes for people, this equation was understandable,
even if it rarely worked this simply. It was easy to compute a bottom-line benefit where
“technology” dollars replaced “salary” dollars.
Problems with this simplistic view quickly arose when technology came to be
used as a productivity support tool and as a strategic tool. Under these conditions,
managers had to decide if an IT investment was worth making if it saved people time,
helped them make better decisions, or improved service. Thus, other factors, such as
how well technology was used by people or how IT and business processes worked
together, became important considerations in how much value was realized from an IT
investment. These issues have long confounded our understanding of the IT value prop-
osition, leading to a plethora of opinions (many negative) about how and where technol-
ogy has actually contributed to business value. Stephen Roach (1989) made headlines
with his macroeconomic analysis showing that IT had had absolutely no impact on pro-
ductivity in the services sector. More recently, research shows that companies still have a
mixed record in linking IT to organizational performance, user satisfaction, productivity,
customer experience, and agility (Peslak 2012).
These perceptions, plus ever-increasing IT expenditures, have meant business
managers are taking a closer look at how and where IT delivers value to an organization
(Ginzberg 2001; Luftman and Zadeh 2011). As they do this, they are beginning to change
their understanding of the IT value proposition. Although, unfortunately, “silver bullet
thinking” (i.e., plug in technology and deliver bottom-line impact) still predomi-
nates, IT value is increasingly seen as a multilayered concept, far more complex than
it first appeared. This suggests that before an IT value proposition can be identified
and delivered, it is essential that managers first “peel the onion” and understand more
about the nature of IT value itself (see Figure 1.1).
What is it Value?
Value is defined as the worth or desirability of a thing (Cronk and Fitzgerald 1999). It is
a subjective assessment. Although many believe this is not so, the value of IT depends
very much on how a business and its individual managers choose to view it. Different
companies and even different executives will define it quite differently. Strategic posi-
tioning, increased productivity, improved decision making, cost savings, or improved
service are all ways value could be defined. Today most businesses define value broadly
and loosely, not simply as a financial concept (Chakravarty et al. 2013). Ideally, it is tied
to the organization’s business model because adding value with IT should enable a firm
to do its business better. In the focus group (see the Preface), one company sees value
M01_MCKE0260_03_GE_C01.indd 25 12/3/14 8:33 PM

26 Section I • Delivering Value with IT
resulting from all parts of the organization having the same processes; another defines
value by return on investment (ROI); still another measures it by a composite of key
performance indicators. In short, there is no single agreed-on measure of IT value. As a
result, misunderstandings about the definition of value either between IT and the busi-
ness or among business managers themselves can lead to feelings that value has not
been delivered. Therefore, a prerequisite of any IT value proposition is that everyone
involved in an IT initiative agree on what value they are trying to deliver and how they
will recognize it.
Where is it Value?
Value may also vary according to where one looks for it (Davern and Kauffman 2000;
Oliveira and Martins 2011). For example, value to an enterprise may not be perceived as
value in a work group or by an individual. In fact, delivering value at one level in an orga-
nization may actually conflict with optimizing value at another level. Decisions about
IT value are often made to optimize firm or business process value, even if they cause
difficulties for business units or individuals. As one manager explained, “At the senior
levels, our bottom-line drivers of value are cost savings, cash flow, customer satisfaction,
and revenue. These are not always visible at the lower levels of the organization.” Failure
to consider value implications at all levels can lead to a value proposition that is coun-
terproductive and may not deliver the value that is anticipated. Many executives take a
hard line with these value conflicts. However, it is far more desirable to aim for a value
What Value will be
Delivered?
Where will Value be
Delivered?
Who will
Deliver Value?
When will Value
be Delivered?
How will Value
be Delivered?
FigUre 1.1 IT Value Is a Many-Layered Concept
M01_MCKE0260_03_GE_C01.indd 26 12/3/14 8:33 PM

Chapter 1 • The IT Value Proposition 27
that is not a win–lose proposition but is a win–win at all levels. This can leverage overall
value many times over (Chan 2000; Grant and Royle 2011).
Who delivers it Value?
Increasingly, managers are realizing that it is the interaction of people, information, and
technology that delivers value, not IT alone.2 Studies have confirmed that strong IT
practices alone do not deliver superior performance. It is only the combination of these
IT practices with an organization’s skills at managing information and people’s behav-
iors and beliefs that leads to real value (Birdsall 2011; Ginzberg 2001; Marchand et al.
2000). In the past, IT has borne most of the responsibility for delivering IT value. Today,
however, business managers exhibit a growing willingness to share responsibility with
IT to ensure value is realized from the organization’s investments in technology. Most
companies now expect to have an executive sponsor for any IT initiative and some busi-
ness participation in the development team. However, many IT projects still do not
have the degree of support or commitment from the business that IT managers feel is
necessary to deliver fully on a value proposition (Peslak 2012).
When is it Value realized?
Value also has a time dimension. It has long been known that the benefits of technol-
ogy take time to be realized (Chan 2000; Segars and Chatterjee 2010). People must be
trained, organizations and processes must adapt to new ways of working, information
must be compiled, and customers must realize what new products and services are
being offered. Companies are often unprepared for the time it takes an investment to
pay off. Typically, full payback can take between three and five years and can have at
least two spikes as a business adapts to the deployment of technology. Figure 1.2 shows
this “W” effect, named for the way the chart looks, for a single IT project.
Initially, companies spend a considerable amount in deploying a new technology.
During this twelve-to-sixteen-month period, no benefits occur. Following implementa-
tion, some value is realized as companies achieve initial efficiencies. This period lasts
for about six months. However, as use increases, complexities also grow. Information
overload can occur and costs increase. At this stage, many can lose faith in the initia-
tive. This is a dangerous period. The final set of benefits can occur only by making the
business simpler and applying technology, information, and people more effectively. If
a business can manage to do this, it can achieve sustainable, long-term value from its IT
investment (Segars and Chatterjee 2010). If it can’t, value from technology can be offset
by increased complexity.
Time also changes perceptions of value. Many IT managers can tell stories of
how an initiative is vilified as having little or no value when first implemented, only
to have people say they couldn’t imagine running the business without it a few years
later. Similarly, most managers can identify projects where time has led to a clearer
2 These interactions in a structured form are known as processes. Processes are often the focus of much orga-
nizational effort in the belief that streamlining and reengineering them will deliver value. In fact, research
shows that without attention to information and people, very little value is delivered (Segars and Chatterjee
2010). In addition, attention to processes in organizations often ignores the informal processes that contribute
to value.
M01_MCKE0260_03_GE_C01.indd 27 12/3/14 8:33 PM

28 Section I • Delivering Value with IT
understanding of the potential value of a project. Unfortunately, in cases where antici-
pated value declines or disappears, projects don’t always get killed (Cooper et al. 2000).
Clarifying and agreeing on these different layers of IT value is the first step involved
in developing and delivering on the IT value proposition. All too often, this work is for-
gotten or given short shrift in the organization’s haste to answer this question: How will
IT value be delivered? (See next section.) As a result, misunderstandings arise and tech-
nology projects do not fulfill their expected promises. It will be next to impossible to do a
good job developing and delivering IT value unless and until the concepts involved in IT
value are clearly understood and agreed on by both business and IT managers.
the three COmPOnents OF the it ValUe PrOPOsitiOn
Developing and delivering an IT value proposition involves addressing three compo-
nents. First, potential opportunities for adding value must be identified. Second, these
opportunities must be converted into effective applications of technology. Finally, value
12–16 Months
EVA
Time
Get the House
in Order
Harvest Low-
Hanging Fruit
Make the
Business
Complex
Make Business
Simpler
16–22 Months 22–38 Months 3–5 Years
FigUre 1.2 The ‘W’ Effect in Delivering IT Value (Segars & Chatterjee, 2010)
Best Practices in Understanding IT Value
• Link IT value directly to your business model.
• Recognize value is subjective, and manage perceptions accordingly.
• Aim for a value “win–win” across processes, work units, and individuals.
• Seek business commitment to all IT projects.
• Manage value over time.
M01_MCKE0260_03_GE_C01.indd 28 12/3/14 8:33 PM

Chapter 1 • The IT Value Proposition 29
must be realized by the organization. Together, these components comprise the funda-
mentals of any value proposition (see Figure 1.3).
identification of Potential Value
Identifying opportunities for making IT investments has typically been a fairly
informal activity in most organizations. Very few companies have a well-organized
means of doing research into new technologies or strategizing about where these tech-
nologies can be used (McKeen and Smith 2010). More companies have mechanisms
for identifying opportunities within business units. Sometimes a senior IT manager
will be designated as a “relationship manager” for a particular unit with responsi-
bility for working with business management to identify opportunities where IT
could add value (Agarwal and Sambamurthy 2002; Peslak 2012). Many other com-
panies, however, still leave it up to business managers to identify where they want
to use IT. There is growing evidence that relegating the IT organization to a passive
role in developing systems according to business instructions is unlikely to lead to
high IT value. Research shows that involving IT in business planning can have a direct
and positive influence on the development of successful business strategies using IT
(Ginzberg 2001; Marchand et al. 2000). This suggests that organizations should estab-
lish joint business–IT mechanisms to identify and evaluate both business and technical
opportunities where IT can add value.
Once opportunities have been identified, companies must then make decisions
about where they want to focus their dollars to achieve optimal value. Selecting the
right projects for an organization always involves balancing three fundamental factors:
cash, timing, and risk (Luehrman 1997). In principle, every company wants to under-
take only high-return projects. In reality, project selection is based on many different
factors. For example, pet or political projects or those mandated by the government or
competitors are often part of a company’s IT portfolio (Carte et al. 2001). Disagreement
at senior levels about which projects to undertake can arise because of a lack of a coher-
ent and consistent mechanism for assessing project value. All organizations need some
formal mechanism for prioritizing projects. Without one, it is very likely that project
selection will become highly politicized and, hence, ineffective at delivering value.
There are a variety of means to do this, ranging from using strictly bottom-line metrics,
to comparing balanced scorecards, to adopting a formal value-assessment methodology.
However, although these methods help to weed out higher cost–lower return projects,
they do not constitute a foolproof means of selecting the right projects for an organiza-
tion. Using strict financial selection criteria, for example, can exclude potentially high-
value strategic projects that have less well-defined returns, longer payback periods,
and more risk (Cooper et al. 2000; DeSouza 2011). Similarly, it can be difficult getting
Identification Conversion Realization
IT
Value
FigUre 1.3 The Three Components of the IT Value Proposition
M01_MCKE0260_03_GE_C01.indd 29 12/3/14 8:33 PM

30 Section I • Delivering Value with IT
important infrastructure initiatives funded even though these may be fundamental to
improving organizational capabilities (Byrd 2001).
Therefore, organizations are increasingly taking a portfolio approach to project
selection. This approach allocates resources and funding to different types of projects,
enabling each type of opportunity to be evaluated according to different criteria (McKeen
and Smith 2003; Smith and McKeen 2010). One company has identified three different
classes of IT—infrastructure, common systems, and business unit applications—and
funds them in different proportions. In other companies, funding for strategic initia-
tives is allocated in stages so their potential value can be reassessed as more information
about them becomes known. Almost all companies have found it necessary to justify
infrastructure initiatives differently than more business-oriented projects. In fact, some
remove these types of projects from the selection process altogether and fund them with
a “tax” on all other development (McKeen and Smith 2003). Other companies allocate a
fixed percentage of their IT budgets to a technology renewal fund.
Organizations have come a long way in formalizing where and how they choose to
invest their IT dollars. Nevertheless, there is still considerable room for judgment based
on solid business and technical knowledge. It is, therefore, essential that all executives
involved have the ability to think strategically and systematically as well as financially
about project identification and selection.
effective Conversion
“Conversion” from idea/opportunity to reality has been what IT organizations have
been all about since their inception. A huge amount of effort has gone into this central
component of the IT value proposition. As a result, many IT organizations have become
very good at developing and delivering projects on time and on budget. Excellent
project management, effective execution, and reliable operations are a critical part of
IT value. However, they are not, in and of themselves, sufficient to convert a good idea
into value or to deliver value to an organization.
Today managers and researchers are both recognizing that more is involved in
effective conversion than good IT practices. Organizations can set themselves up for
failure by not providing adequate and qualified resources. Many companies start more
projects than they can effectively deliver with the resources they have available. Not
having enough time or resources to do the job means that people are spread too thin
and end up taking shortcuts that are potentially damaging to value (Cooper et al. 2000).
Resource limitations on the business side of a project team can be as damaging to con-
version as a lack of technical resources. “[Value is about] far more than just sophisticated
managerial visions. . . . Training and other efforts . . . to obtain value from IT investments
Best Practices in Identifying Potential Value
• Joint business–IT structures to recognize and evaluate opportunities
• A means of comparing value across projects
• A portfolio approach to project selection
• A funding mechanism for infrastructure
M01_MCKE0260_03_GE_C01.indd 30 12/3/14 8:33 PM

Chapter 1 • The IT Value Proposition 31
are often hamstrung by insufficient resources” (Chircu and Kauffman 2000). Inadequate
business resources can lead to poor communication and ineffective problem solving on
a project (Ginzberg 2001). Companies are beginning to recognize that the number and
quality of the staff assigned to an IT project can make a difference to its eventual out-
come. They are insisting that the organization’s best IT and businesspeople be assigned
to critical projects.
Other significant barriers to conversion that are becoming more apparent now
that IT has improved its own internal practices include the following:
• Organizational barriers. The effective implementation of IT frequently requires
the extensive redesign of current business processes (Chircu and Kauffman 2000).
However, organizations are often reluctant to make the difficult complementary
business changes and investments that are required (Carte et al. 2001). “When
new IT is implemented, everyone expects to see costs come down,” explained one
manager. “However, most projects involve both business and IT deliverables. We,
therefore, need to take a multifunctional approach to driving business value.” In
recognition of this fact, some companies are beginning to put formal change man-
agement programs in place to help businesses prepare for the changes involved
with IT projects and to adapt and simplify as they learn how to take advantage of
new technology.
• Knowledge barriers. Most often new technology and processes require employ-
ees to work differently, learn new skills, and have new understanding of how and
where information, people, and technologies fit together (Chircu and Kauffman
2000; Perez-Lopez and Alegre 2012). Although training has long been part of new
IT implementations, more recently businesses are recognizing that delivering value
from technology requires a broader and more coordinated learning effort (Smith
and McKeen 2002). Lasting value comes from people and technology working
together as a system rather than as discrete entities. Research confirms that high-
performing organizations not only have strong IT practices but also have people
who have good information management practices and who are able to effectively
use the information they receive (Beath et al. 2012; Marchand et al. 2000).
realizing Value
The final component of the IT value proposition has been the most frequently ignored.
This is the work involved in actually realizing value after technology has been imple-
mented. Value realization is a proactive and long-term process for any major initiative.
All too often, after an intense implementation period, a development team is disbanded
to work on other projects, and the business areas affected by new technology are left to
Best Practices in Conversion
• Availability of adequate and qualified IT and business resources
• Training in business goals and processes
• Multifunctional change management
• Emphasis on higher-level learning and knowledge management
M01_MCKE0260_03_GE_C01.indd 31 12/3/14 8:33 PM

32 Section I • Delivering Value with IT
sink or swim. As a result, a project’s benefits can be imperfectly realized. Technology
must be used extensively if it is to deliver value. Poorly designed technology can lead
to high levels of frustration, resistance to change, and low levels of use (Chircu and
Kauffman 2000; Sun et al., 2012).
Resistance to change can have its root cause in an assumption or an action that
doesn’t make sense in the everyday work people do. Sometimes this means challeng-
ing workers’ understanding of work expectations or information flows. At other times
it means doing better analysis of where and how a new process is causing bottlenecks,
overwork, or overload. As one manager put it, “If value is not being delivered, we
need to understand the root causes and do something about it.” His company takes
the unusual position that it is important to keep a team working on a project until the
expected benefits have been realized. This approach is ideal but can also be very costly
and, therefore, must be carefully managed. Some companies try to short-circuit the
value management process by simply taking anticipated cost savings out of a business
unit’s budget once technology has been implemented, thereby forcing it to do more
with less whether or not the technology has been as beneficial as anticipated. However,
most often organizations do little or no follow-up to determine whether or not benefits
have been achieved.
Measurement is a key component of value realization (Thorp 1999). After imple-
mentation, it is essential that all stakeholders systematically compare outcomes against
expected value and take appropriate actions to achieve benefits. In addition to monitor-
ing metrics, a thorough and ongoing assessment of value and information flows must
also be undertaken at all levels of analysis: individual, team, work unit, and enterprise.
Efforts must be taken to understand and improve aspects of process, information, and
technology that are acting as barriers to achieving value.
A significant problem with not paying attention to value recognition is that areas
of unexpected value or opportunity are also ignored. This is unfortunate because it is
only after technology has been installed that many businesspeople can see how it could
be leveraged in other parts of their work. Realizing value should, therefore, also include
provisions to evaluate new opportunities arising through serendipity.
FiVe PrinCiPles FOr deliVering ValUe
In addition to clearly understanding what value means in a particular organization and
ensuring that the three components of the IT value proposition are addressed by every
project, five principles have been identified that are central to developing and deliver-
ing value in every organization.
Best Practices in Realizing Value
• Plan a value-realization phase for all IT projects.
• Measure outcomes against expected results.
• Look for and eliminate root causes of problems.
• Assess value realization at all levels in the organization.
• Have provisions for acting on new opportunities to leverage value.
M01_MCKE0260_03_GE_C01.indd 32 12/3/14 8:33 PM

Chapter 1 • The IT Value Proposition 33
Principle 1. have a Clearly defined Portfolio
Value management Process
Every organization should have a common process for managing the overall value
being delivered to the organization from its IT portfolio. This would begin as a means of
identifying and prioritizing IT opportunities by potential value relative to each other. It
would also include mechanisms to optimize enterprise value (e.g., through tactical, stra-
tegic, and infrastructure projects) according to a rubric of how the organization wants
to allocate its resources.
A portfolio value management process should continue to track projects as they
are being developed. It should ensure not only that projects are meeting schedule and
budget milestones but also that other elements of conversion effectiveness are being
addressed (e.g., business process redesign, training, change management, informa-
tion management, and usability). A key barrier to achieving value can be an organiza-
tion’s unwillingness to revisit the decisions made about its portfolio (Carte et al. 2001).
Yet this is critically important for strategic and infrastructure initiatives in particular.
Companies may have to approve investments in these types of projects based on imper-
fect information in an uncertain environment. As they develop, improved information
can lead to better decision making about an investment. In some cases this might lead to
a decision to kill a project; in others, to speed it up or to reshape it as a value proposition
becomes clearer.
Finally, a portfolio value management process should include an ongoing means
of ensuring that value is realized from an investment. Management must monitor
expected outcomes at appropriate times following implementation and hold someone
in the organization accountable for delivering benefits (Smith and McKeen 2010).
Principle 2. aim for Chunks of Value
Much value can be frittered away by dissipating IT investments on too many projects
(Cho et al. 2013; Marchand et al. 2000). Focusing on a few key areas and designing a set
of complementary projects that will really make a difference is one way companies are
trying to address this concern. Many companies are undertaking larger and larger tech-
nology initiatives that will have a significant transformational and/or strategic impact
on the organization. However, unlike earlier efforts, which often took years to complete
and ended up having questionable value, these initiatives are aiming to deliver major
value through a series of small, focused projects that, linked together, will result in both
immediate short-term impact and long-term strategic value. For example, one company
has about three hundred to four hundred projects underway linked to one of a dozen
major initiatives.
Principle 3. adopt a holistic Orientation to technology Value
Because value comes from the effective interaction of people, information, and tech-
nology, it is critical that organizations aim to optimize their ability to manage and use
them together (Marchand et al. 2000). Adopting a systemic approach to value, where
technology is not viewed in isolation and interactions and impacts are anticipated and
planned, has been demonstrated to contribute to perceived business value (Ginzberg
2001). Managers should aim to incorporate technology as an integral part of an overall
M01_MCKE0260_03_GE_C01.indd 33 12/3/14 8:33 PM

34 Section I • Delivering Value with IT
program of business change rather than dealing with people and information manage-
ment as afterthoughts to technology (Beath et al. 2012). One company has done this by
taking a single business objective (e.g., “increase market penetration by 15 percent over
five years”) and designing a program around it that includes a number of bundled tech-
nology projects.
Principle 4. aim for Joint Ownership of technology initiatives
This principle covers a lot of territory. It includes the necessity for strong executive
sponsorship of all IT projects. “Without an executive sponsor for a project, we simply
won’t start it,” explained one manager. It also emphasizes that all people involved in
a project must feel they are responsible for the results. Said another manager, “These
days it is very hard to isolate the impact of technology, therefore there must be a ‘we’
mentality.” This perspective is reinforced by research that has found that the quality of
the IT–business relationship is central to the delivery of IT value. Mutual trust, visible
business support for IT and its staff, and IT staff who consider themselves to be part of
a business problem-solving team all make a significant difference in how much value
technology is perceived to deliver (Ginzberg 2001).
Principle 5. experiment more Often
The growing complexity of technology, the range of options available, and the
uncertainty of the business environment have each made it considerably more difficult
to determine where and how technology investments can most effectively be made.
Executives naturally object to the risks involved in investing heavily in possible business
scenarios or technical gambles that may or may not realize value. As a result, many
companies are looking for ways to firm up their understanding of the value proposition
for a particular opportunity without incurring too much risk. Undertaking pilot studies
is one way of doing this (DeSouza 2011). Such experiments can prove the value of an
idea, uncover new opportunities, and identify more about what will be needed to make
an idea successful. They provide senior managers with a greater number of options
in managing a project and an overall technology portfolio. They also enable poten-
tial value to be reassessed and investments in a particular project to be reevaluated
and rebalanced against other opportunities more frequently. In short, experimentation
enables technology investments to be made in chunks and makes “go/no go” decisions
at key milestones much easier to make.
This chapter has explored the concepts
and activities involved in developing and
delivering IT value to an organization. In
their efforts to use technology to deliver
business value, IT managers should keep
clearly in mind the maxim “Value is in the
eye of the beholder.” Because there is no
single agreed-on notion of business value, it
is important to make sure that both business
and IT managers are working to a common
goal. This could be traditional cost reduction,
process efficiencies, new business capabili-
ties, improved communication, or a host of
other objectives. Although each organization
Conclusion
M01_MCKE0260_03_GE_C01.indd 34 12/3/14 8:33 PM

Chapter 1 • The IT Value Proposition 35
References
or business unit approaches value differ-
ently, increasingly this goal includes much
more than the simple delivery of technology
to a business unit. Today technology is being
used as a catalyst to drive many different
types of organizational transformation and
strategy. Therefore, IT value can no longer
be viewed in isolation from other parts of
the business, namely people and informa-
tion. Thus, it is no longer adequate to focus
simply on the development and delivery of
IT projects in order to deliver value. Today
delivering IT value means managing the
entire process from conception to cash.
Agarwal, R., and V. Sambamurthy. “Organizing
the IT Function for Business Innovation
Leadership.” Society for Information
Management Advanced Practices Council
Report, Chicago, September 2002.
Beath, C., I. Becerra-Fernandez, J. Ross, and J.
Short. “Finding Value in the Information
Explosion.” MIT Sloan Management Review 53,
no. 4 (2012): 18–20.
Birdsall, W. “Human Capabilities and
Information and Communication Technology:
The Communicative Connection.” Ethics and
Information Technology 13, no. 2 (2011): 93–106.
Byrd, T. A. “Information Technology, Core
Com petencies, and Sustained Competitive
Advantage.” Information Resources Management
Journal 14, no. 2 (April–June 2001): 27–36.
Carte, T., D. Ghosh, and R. Zmud. “The Influence
of IT Budgeting Practices on the Return
Derived from IT Investments.” CMISS White
Paper, November 2001.
Chakravarty, A., R. Grewal, and V. Sambamurthy.
“Information Technology Competencies,
Organizational Agility, and Firm Performance:
Enabling and Facilitating Roles.” Information
Systems Research 24, no. 4 (2013): 976–97, 1162–63,
1166.
Chan, Y. “IT Value: The Great Divide Between
Qualitative and Quantitative and Individual
and Organizational Measures.” Journal of
Management Information Systems 16, no. 4
(Spring 2000): 225–61.
Cho, W., M. Shaw, and H. Kwan. “The Effect
of Synergy Enhancement on Information
Technology Portfolio Selection.” Information
Technology and Management 14, no. 2 (2013):
125–42.
Chircu, A., and R. J. Kauffman. “Limits to Value in
Electronic Commerce-Related IT Investments.”
Journal of Management Information Systems 17,
no. 2 (Fall 2000): 59–80.
Cooper, R., S. Edgett, and E. Kleinschmidt. “New
Problems, New Solutions: Making Portfolio
Management More Effective.” Research
Technology Management 43, no. 2 (March/April
2000): 18–33.
Cronk, M., and E. Fitzgerald. “Understanding ‘IS
Business Value’: Derivation of Dimensions.”
Logistics Information Management 12, no. 1–2
(1999): 40–49.
Davern, M., and R. Kauffman. “Discovering
Potential and Realizing Value from
Information Technology Investments.” Journal
of Management Information Systems 16, no. 4
(Spring 2000): 121–43.
DeSouza, K. Intrapreneurship: Managing Ideas
in Your Organization. Toronto: University of
Toronto Press, 2011.
Ginzberg, M. “Achieving Business Value Through
Information Technology: The Nature of High
Business Value IT Organizations.” Society for
Information Management Advanced Practices
Council Report, Chicago, November 2001.
Grant, G. L., and M. T. Royle. “Information
Technology and Its Role in Creating Sustainable
Competitive Advantage.” Journal of International
Management Studies 6, no. 1 (2011): 1–7.
Luehrman, T. A. “What’s It Worth? A General
Manager’s Guide to Valuation.” Harvard
Business Review (May–June 1997): 131–41.
Luftman, J., and H. S. Zadeh. “Key Information
Technology and Management Issues 2010–
2011: An International Study.” Journal of
Information Technology 26, no. 3 (2011): 193–204.
M01_MCKE0260_03_GE_C01.indd 35 12/3/14 8:33 PM

36 Section I • Delivering Value with IT
Marchand, D., W. Kettinger, and J. Rollins.
“Information Orientation: People, Technology
and the Bottom Line.” Sloan Management
Review (Summer 2000): 69–80.
McKeen, J. D., and H. A. Smith. Making IT
Happen. Chichester, England: John Wiley &
Sons, 2003.
McKeen, J. D., and H. A. Smith. “Application
Portfolio Management.” Communications for the
Association of Information Systems 26, Article 9
(March 2010), 157–70.
Oliveira, T., and M. F. Martins. “Literature Review
of Information Technology Adoption Models
at Firm Level.” Electronic Journal of Information
Systems Evaluation 14, no.1 (2011): 110–21.
Perez-Lopez, S., and J. Alegre. “Information
Technology Competency, Knowledge Processes
and Firm Performance.” Industrial Management
and Data Systems 112, no. 4 (2012): 644–62.
Peslak, A. R. “An Analysis of Critical Information
Technology Issues Facing Organizations.”
Industrial Management and Data Systems 112, no.
5 (2012): 808–27.
Roach, S. “The Case of the Missing Technology
Payback.” Presentation at the Tenth
International Conference on Information
Systems, Boston, December 1989.
Segars, A. H., and D. Chatterjee. “Diets That Don’t
Work: Where Enterprise Resource Planning
Goes Wrong.” Wall Street Journal, August 23,
2010. online.wsj.com/article/SB100014240527
48703514404574588060852535906.html.
Smith, H., and J. McKeen. “Instilling a Knowledge
Sharing Culture.” Presentation at the KM
Forum, Queen’s School of Business, Kingston,
Ontario, Canada, 2002.
Smith, H., and J. McKeen. “Investment Spend
Optimization at BMO Financial Group.” MISQ
Executive 9, no. 2 (June 2010): 65–81.
Sun, Y., Y. Fang, K. Lim, and D. Straub. “User
Satisfaction with Information Technology
Service Delivery: A Social Capital Perspective.”
Information Systems Research 23, no. 4 (2012):
1195–211.
Thorp, J. “Computing the Payoff from IT.” Journal of
Business Strategy 20, no. 3 (May/June 1999): 35–39.
M01_MCKE0260_03_GE_C01.indd 36 12/3/14 8:33 PM

37
C h a p t e r
2 Delivering Business Value through IT Strategy1
1 This chapter is based on the authors’ previously published article, Smith, H. A., J. D. McKeen, and S. Singh.
“Developing IT Strategy for Business Value.” Journal of Information Technology Management XVIII, no. 1 (June
2007): 49–58. Reproduced by permission of the Association of Management.
Suddenly, it seems, executives are “getting” the strategic potential of IT. Instead of being relegated to the back rooms of the enterprise, IT is now being invited to the boardrooms and is being expected to play a leading role in delivering top-
line value and business transformation (Korsten 2011; Luftman and Zadeh 2011; Peslak
2012). Thus, it can no longer be assumed that business strategy will naturally drive IT
strategy, as has traditionally been the case. Instead, different approaches to strategy
development are now possible and sometimes desirable. For example, the capabilities
of new technologies could shape the strategic direction of a firm (e.g., mobile, social
media, big data). IT could enable new competencies that would then make new busi-
ness strategies possible (e.g., location-based advertising). New options for governance
using IT could also change how a company works with other firms (think Wal-Mart
or Netflix). Today new technologies coevolve with new business strategies and new
behaviors and structures (see Figure 2.1). However, whichever way it is developed, if
IT is to deliver business value, IT strategy must always be closely linked with sound
business strategy.
Ideally, therefore, business and IT strategies should complement and support each
other relative to the business environment. Strategy development should be a two-way
process between the business and IT. Yet unfortunately, poor alignment between them
remains a perennial problem (Frohman 1982; Luftman and Zadeh 2011; McKeen and
Smith 1996; Rivard et al. 2004). Research has already identified many organizational
challenges to effective strategic alignment. For example, if their strategy-development
processes are not compatible (e.g., if they take place at different times or involve differ-
ent levels of the business), it is unlikely that the business and IT will be working toward
the same goals at the same time (Frohman 1982). Aligning with individual business
units can lead to initiatives that suboptimize the effectiveness of corporate strategies
(McKeen and Smith 1996). Strategy implementation must also be carefully aligned to
M02_MCKE0260_03_GE_C02.indd 37 12/3/14 8:34 PM

38 Section I • Delivering Value with IT
ensure the integration of business and IT efforts (Smith and McKeen 2010). Finally, com-
panies often try to address too many priorities, leading to an inadequate focus on key
strategic goals (Weiss and Thorogood 2011).
However, strategic alignment is only one problem facing IT managers when they
develop IT strategy. With IT becoming so much more central to the development and
delivery of business strategy, much more attention is now being paid to strategy devel-
opment than in the past. What businesses want to accomplish with their IT and how IT
shapes its own delivery strategy are increasingly vital to the success of an enterprise.
This chapter explores how organizations are working to improve IT strategy develop-
ment and its relationship with business strategy. It looks first at how our understanding
of business and IT strategies has changed over time and at the forces that will drive
even further changes in the future. Then it discusses some critical success factors for IT
strategy development about which there is general consensus. Next it looks at the dif-
ferent dimensions of the strategic use of IT that IT management must address. Finally,
it examines how some organizations are beginning to evolve a more formal IT strategy-
development process and some of the challenges they are facing in doing so.
Business and iT sTraTegies: PasT, PresenT, and FuTure
At the highest level, a strategy is an approach to doing business (Gebauer 1997).
Traditionally, a competitive business strategy has involved performing different activi-
ties from competitors or performing similar activities in different ways (Porter 1996).
Ideally, these activities were difficult or expensive for others to copy and, therefore,
resulted in a long-term competitive advantage (Gebauer 1997). They enabled firms to
charge a premium for their products and services.
Until recently, the job of an IT function was to understand the business’s strategy
and figure out a plan to support it. However, all too often IT’s strategic contribution
was inhibited by IT managers’ limited understanding of business strategy and by busi-
ness managers’ poor understanding of IT’s potential. Therefore, most formal IT plans
were focused on the more tactical and tangible line of business needs or opportunities
New
Capabilities
New Behaviors & S
tructu
re
s
N
e
w
T
e
ch
no
lo
gy
New Strate
gie
s
Figure 2.1 Business and IT Strategies Co-evolve to Create New Capabilities
M02_MCKE0260_03_GE_C02.indd 38 12/3/14 8:34 PM

Chapter 2 • Delivering Business Value through IT Strategy 39
for operational integration rather than on supporting enterprise strategy (Burgelman
and Doz 2001). And projects were selected largely on their abilities to affect the short-
term bottom line rather than on delivering top-line business value. “In the past IT had
to be a strategic incubator because businesspeople simply didn’t recognize the potential
of technology,” said a member of the focus group.
As a result, instead of looking for ways to be different, in the past much business
strategy became a relentless race to compete on efficiencies with IT as the primary means
of doing so (Hitt et al. 1998; Porter 1996). In many industries, companies’ improved
information-processing capabilities have been used to drive down transaction costs to
near zero, threatening traditional value propositions and shaving profit margins. This
is leading to considerable disruption as business models (i.e., the way companies add
value) are under attack by new, technology-enabled approaches to delivering products
and services (e.g., the music industry, bookselling). Therefore:
Strategists [have to] honestly face the many weaknesses inherent in [the]
industrial-age ways of doing things. They [must] redesign, build upon and reconfig-
ure their components to radically transform the value proposition. (Tapscott 1996)
Such new business strategies are inconceivable without the use of IT. Other factors,
also facilitated by IT, are further influencing the relationship between the business
and IT strategy. Increasingly, globalization is altering the economic playing field. As
countries and companies become more deeply interrelated, instability is amplified.
Instead of being generals plotting out a structured campaign, business leaders are now
more likely to be participating in guerilla warfare (Eisenhardt 2002; Friedman 2005).
Flexibility, speed, and innovation are, therefore, becoming the watchwords of competi-
tion and must be incorporated into any business or IT strategy–development process.
These conditions have dramatically elevated the business’s attention to the
value of IT strategy (Korsten 2011; Weiss and Thorogood 2011). As a result, business
executives recognize that it was a mistake to consider technology projects to be solely
the responsibility of IT. There is, thus, a much greater understanding that business
executives have to take leadership in making technology investments in ways that will
shape and/or complement business strategy. There is also recognition at the top of most
organizations that problems with IT strategy implementation are largely the fault of
leaders who “failed to realize that adopting … systems posed a business—not just a
technological—challenge” and didn’t take responsibility for the organizational and
process changes that would deliver business value (Ross and Beath 2002).
Changing value models and the development of integrated, cross-functional
systems have elevated the importance of both a corporate strategy and a technology
strategy that crosses traditional lines of business. Many participants remarked that their
executive teams at last understand the potential of IT to affect the top line. “IT recently
added some new distribution channels, and our business has just exploded,” stated
one manager. Others are finding that there is a much greater emphasis on IT’s ability to
grow revenues, and this is being reflected in how IT budgets are allocated and projects
prioritized. “Our executives have finally recognized that business strategy is not only
enabled by IT, but that it can provide new business opportunities as well,” said another
manager. This is reflected in the changing position of the CIO in many organizations
over the past decade. “Today our CIO sits on the executive team and takes part in all
M02_MCKE0260_03_GE_C02.indd 39 12/3/14 8:34 PM

40 Section I • Delivering Value with IT
business strategy discussions because IT has credibility,” said a group member. “Our
executives now want to work closely with IT and understand the implications of tech-
nology decisions,” said another. “It’s not the same as it was even five years ago.” Now
CIOs are valued for their insight into business opportunities, their perspective across
the entire organization, and their ability to take the long view (Korsten 2011).
However, this does not mean that organizations have become good at developing
strategy or at effectively integrating business and IT strategies. “There are many incon-
sistencies and problems with strategy development,” said a participant. Organizations
have to develop new strategy-making capabilities to cope in the future competitive
environment. This will mean changing their current top–down method of developing
and implementing strategy. If there’s one thing leading academics agree on, it’s that
future strategy development will have to become a more dynamic and continuous pro-
cess (Casadesus and Ricart 2011; Eisenhardt 2002; Kanter 2002; Prahalad and Krishnan
2002; Quinn 2002; Weill et al. 2002). Instead of business strategy being a well-crafted
plan of action for the next three to five years, from which IT can devise an appropri-
ate and supportive technology strategy, business strategy must become more and more
evolutionary and interactive with IT. IT strategy development must, therefore, become
more dynamic itself and focused on developing strategic capabilities that will support a
variety of changing business objectives. In the future, managers will not align business
strategy and IT at particular points in time but will participate in an organic process
that will address the need to continually evolve IT and business plans in concert with
each other (Casadesus and Ricart 2011).
Four CriTiCal suCCess FaCTors
Each focus group member had a different approach to developing IT strategy, but there
was general agreement that four factors had to be in place for strategy development to
be effective.
1. Revisit your business model. The worlds of business and IT have traditionally
been isolated from each other, leading to misaligned and sometimes conflicting
strategies. Although there is now a greater willingness among business manag-
ers to understand the implications of technology in their world, it is still IT that
must translate their ideas and concepts into business language. “IT must absolutely
understand and focus on the business,” said a participant.
Similarly, it is essential that all managers thoroughly understand how their
business as a whole works. Although this sounds like a truism, almost any IT man-
ager can tell “war stories” of business managers who have very different visions
of what they think their enterprise should look like. Business models and strate-
gies are often confused with each other (Osterwalder and Pigneur 2010). A business
model explains how the different pieces of a business fit together. It ensures that
everyone in an organization is focused on the kind of value a company wants to
create. Only when the business model is clear can strategies be developed to articu-
late how a company will deliver that value in a unique way that others cannot easily
duplicate (Osterwalder and Pigneur 2010).
2. Have strategic themes. IT strategy used to be about individual projects. Now
it is about carefully crafted programs that focus on developing specific business
M02_MCKE0260_03_GE_C02.indd 40 12/3/14 8:34 PM

Chapter 2 • Delivering Business Value through IT Strategy 41
capabilities. Each program consists of many smaller, interrelated business and IT
initiatives cutting across several functional areas. These are designed to be adapted,
reconfigured, accelerated, or canceled as the strategic program evolves. Themes
give both business and IT leaders a broad yet focused topic of interest that chal-
lenges them to move beyond current operations (Kanter 2002). For example, one
retail company decided it wanted to be “a great place to work.” A bank selected
mobile banking as a critical differentiator. Both firms used a theme to engage the
imaginations of their employees and mobilize a variety of ideas and actions around
a broad strategic direction. By grouping IT and business programs around a few
key themes, managers find it easier to track and direct important strategic threads
in an organization’s development and to visualize the synergies and interdepen-
dencies involved across a variety of projects spread out across the organization and
over time.
3. Get the right people involved. One of the most important distinguishing factors
between companies that get high business value from their IT investment and those
that don’t is that senior managers in high-performing companies take a leadership
role in IT decision making. Abdication of this responsibility is a recipe for disas-
ter (Ross and Beath 2002). “In the past it was very hard to get the right people
involved,” said a focus group member. “Now it’s easier.” Another noted, “You don’t
send a minion to an IT strategy meeting anymore; it’s just not done.” In this type of
organization, the CIO typically meets regularly with the president and senior busi-
ness leaders to discuss both business and IT strategies.
Getting the right people involved also means getting business managers
and other key stakeholders involved in strategy as well. To do this, many com-
panies have established “relationship manager” positions in IT to work with and
learn about the business and bring opportunities for using technology to the table.
Research shows that the best strategies often stem from grassroots innovations, and
it is, therefore, critical that organizations take steps to ensure that good ideas are
nurtured and not filtered out by different layers of management (DeSouza 2011).
“We have two levels of strategy development in our organization,” said a focus
group participant. “Our relationship managers work with functional managers and
our CIO with our business unit presidents on the IT steering committee.” This com-
pany also looks for cross-functional synergies and strategic dependencies by hold-
ing regular meetings of IT account managers and between account managers and
infrastructure managers.
4. Work in partnership with the business. Successful strategy demands a true
partnership between IT and the business, not just use of the term. Strategy decisions
are best made with input from both business and IT executives (Ross and Beath
2002). The focus group agreed. “Our partnerships are key to our success,” stated
a manager. “It’s not the same as it was a few years ago. People now work very
closely together.” Partnership is not just a matter of “involving” business lead-
ers in IT strategy or vice versa or “aligning” business and IT strategies. Effective
strategizing is about continuous and dynamic synchronization of capabilities
(Smith and McKeen 2010). “Our IT programs need synchronizing with business
strategy—not only at a high level, but right down to the individual projects and
the business changes that are necessary to implement them properly,” explained
another participant.
M02_MCKE0260_03_GE_C02.indd 41 12/3/14 8:34 PM

42 Section I • Delivering Value with IT
The Many diMensions oF iT sTraTegy
One of the many challenges of developing effective IT strategy is the fact that
technology can be used in so many different ways. The opportunities are practically
limitless. Unfortunately, the available resources are not. Thus, a key element of IT
strategy is determining how best to allocate the IT budget. This issue is complicated
by the fact that most businesses today require significant IT services just to operate.
Utility and basic support costs eat up between 30 and 70 percent of the focus group
members’ budgets. That’s just the cost of “keeping the lights on”—running existing
applications, fixing problems, and dealing with mandatory changes (e.g., new legisla-
tion). IT strategy, therefore, has two components: how to do more with less (i.e., driving
down fixed costs) and how to allocate the remaining budget toward those projects that
will support and further the organization’s business strategy.
With occasional exceptions, CIOs and their teams are mostly left alone to deter-
mine the most cost-effective way of providing the IT utility. This has led to a variety of
IT-led initiatives to save money, including outsourcing, shared services, use of software-
as-a-service (SaaS), global sourcing, and partnerships. However, it is the way that IT
spends the rest of its budget that has captured the attention of business strategists. “It
used to be that every line of business had an IT budget and that we would work with
each one to determine the most effective way to spend it,” said a manager. “Now there
is much more recognition that the big opportunities are at the enterprise level and cut
across lines of business.”
Focus group members explained that implementing a strategic program in IT will
usually involve five types of initiatives. Determining what the balance among them will
be is a significant component of how IT strategy delivers business value. Too much or
too little emphasis on one type of project can mean a failure to derive maximum value
from a particular strategic business theme:
1. Business improvement. These projects are probably the easiest to agree on because
they stress relatively low-risk investments with a tangible short-to-medium-term
payback. These are often reengineering initiatives to help organizations streamline
their processes and save substantial amounts of money by eliminating unnecessary
or duplicate activities or empowering customers/suppliers to self-manage transac-
tions with a company. Easy to justify with a business case, these types of projects
have traditionally formed the bulk of IT’s discretionary spending. “Cost-reduction
projects have and always will be important to our company,” stated one member.
“However, it is important to balance what we do in this area with other types of
equally important projects that have often been given short shrift.”
2. Business enabling. These projects extend or transform how a company does
business. As a result, they are more focused on the top-line or revenue-growing
aspects of an enterprise. For example, a data warehouse could enable different
parts of a company to “mine” transaction information to improve customer ser-
vice, assist target marketing, better understand buying patterns, or identify new
business opportunities. Adding a new mobile channel could make it easier for
customers to buy more or attract new customers. A customer information file
could make it more enjoyable for a customer to do business with a company
(e.g., only one address change) and also facilitate new ways of doing business.
M02_MCKE0260_03_GE_C02.indd 42 12/3/14 8:34 PM

Chapter 2 • Delivering Business Value through IT Strategy 43
Often the return on these types of projects is less clear, and as a result it has been
harder to get them on the IT priority list. Yet many of these initiatives represent
the foundations on which future business strategy will be built. For example, one
CIO described the creation of a customer information file as “a key enabler for
many different business units. . . . It has helped us build bench strength and move
to a new level of service that other companies cannot match” (Smith 2003).
3. Business opportunities. These are small-scale, experimental initiatives designed
to test the viability of new concepts or technologies. In the past these types of proj-
ects have not received funding by traditional methods because of their high-risk
nature. Often it has been left up to the CIO to scrounge money for such “skunk-
works.” There is a growing recognition of the potential value of strategic innovation
projects in helping companies to learn about and prepare for the future. In some
companies the CEO and CFO have freed up seed money to finance a number of
these initiatives. However, although there is considerably more acceptance for such
projects, there is still significant organizational resistance to financing projects for
which the end results are unpredictable (Quinn 2002; Weiss and Thorogood 2011).
In fact, it typically requires discipline to support and encourage innovation exper-
iments, which, by definition, will have a high number of false starts and wrong
moves (DeSouza 2011). The group agreed that the key to benefiting from them is to
design them for learning, incorporate feedback from a variety of sources, and make
quick corrections of direction.
4. Opportunity leverage. A neglected but important type of IT project is one that oper-
ationalizes, scales up, or leverages successful strategic experiments or prototypes.
“We are having a great deal of success taking advantage of what we have learned
earlier,” said one manager. Coming up with a new strategic or technological idea
needs a different set of skills than is required to take full advantage of it in the mar-
ketplace (Charitou and Markides 2003; DeSouza 2011). Some companies actually use
their ability to leverage others’ ideas to their strategic advantage. “We can’t compete
in coming up with new ideas,” said the manager of a medium-sized company, “but
we can copy other peoples’ ideas and do them better.”
5. Infrastructure. This final type of IT initiative is one that often falls between the
cracks when business and IT strategies are developed. However, it is clear that
the hardware, software, middleware, communications, and data available will
affect an organization’s capacity to build new capabilities and respond to change.
Studies have found that most companies feel their legacy infrastructure can be
an impediment to what they want to do (Peslak 2012; Prahalad and Krishnan
2002). Research also shows that leading companies have a framework for making
targeted investments in their IT infrastructure that will further their overall strate-
gic direction (Weill et al. 2002). Unfortunately, investing in infrastructure is rarely
seen as strategic. As a result, many companies struggle with how to justify and
appropriately fund it.
Although each type of project delivers a different type of business value, typi-
cally IT strategy has stressed only those initiatives with strong business cases. Others
are shelved or must struggle for a very small piece of the pie. However, there was a
general recognition in the group that this approach to investment leads to an IT strategy
M02_MCKE0260_03_GE_C02.indd 43 12/3/14 8:34 PM

44 Section I • Delivering Value with IT
with a heavy emphasis on the bottom line. As a result, all participating companies
were looking at new ways to build a strategy-development process that reflects a more
appropriate balance of all dimensions of IT strategy.
Toward an iT sTraTegy-develoPMenT ProCess
Strategy is still very much an art, not a science, explained the focus group. And it is likely
to remain so, according to strategy experts. Strategy will never again be a coherent,
long-term plan with predictable outcomes—if it ever was. “Leaders can’t predict which
combinations [of strategic elements] will succeed [and] they can’t drive their organiza-
tions towards predetermined positions” (Quinn 2002). This situation only exacerbates
the problem that has long faced IT strategists—that is, it is difficult to build systems,
information, and infrastructure when a business’s direction is continually changing. Yet
this degree of flexibility is exactly what businesses are demanding (Chakravarty et al.
2013; Luftman and Zadeh 2011; Korsten 2011). Traditional IT planning and budgeting
mechanisms done once a year simply don’t work in today’s fast-paced business envi-
ronment. “We always seem to lag behind the business, no matter how hard we try,” said
a manager.
Clearly, organizations need to be developing strategy differently. How to do this
is not always apparent, but several companies are trying ways to more dynamically
link IT strategy with that of the business. Although no one company in the focus group
claimed to have the answer, they did identify several practices that are moving them
closer to this goal:
• “Rolling” planning and budget cycles. All participants agreed that IT plans and
budgets need attention more frequently than once a year. One company has cre-
ated an eighteen-month rolling plan that is reviewed and updated quarterly with the
business to maintain currency.
• An enterprise architecture. This is an integrated blueprint for the development
of the enterprise—both the business and IT. “Our enterprise architecture includes
business processes, applications, infrastructure, and data,” said a member. “Our
EA function has to approve all business and IT projects and is helpful in identify-
ing duplicate solutions.” In some companies this architecture is IT initiated and
business validated; in others it is a joint initiative. However, participants warned
that an architecture has the potential to be a corporate bottleneck if it becomes too
bureaucratic.
• Different funding “buckets.” Balancing short-term returns with the company’s
longer-term interests is a continual challenge. As noted earlier, all five types of
IT projects are necessary for an effective IT strategy (i.e., business improvement,
business enabling, business opportunities, opportunity leverage, and infrastruc-
ture). In order to ensure that each different type of IT is appropriately funded,
many companies are allocating predetermined percentages of their IT budget to
different types of projects (Smith and McKeen 2010). This helps keep continual
pressure on IT to reduce its “utility costs” to free up more resources for other
types of projects. “Since we implemented this method of budgeting, we’ve gone
from spending 70 percent of our revenues on mandatory and support projects to
spending 70  percent on discretionary and strategic ones,” said a manager. This
M02_MCKE0260_03_GE_C02.indd 44 12/3/14 8:34 PM

Chapter 2 • Delivering Business Value through IT Strategy 45
is also an effective way to ensure that IT infrastructure is continually enhanced.
Leading companies build their infrastructures not through a few large investments
but gradually through incremental, modular investments that build IT capabilities
(Weill et al. 2002).
• Relationship managers. There is no substitute for a deep and rich understand-
ing of the business. This is why many companies have appointed IT relationship
managers to work closely with key lines of business. These managers help business
leaders to observe their environments systematically and identify new opportunities
for which IT could be effective. Furthermore, together relationship managers can
identify synergies and interdependencies among lines of business. One organization
holds both intra- and interfunctional strategy sessions on a regular basis with busi-
ness managers to understand future needs, develop programs, and design specific
roadmaps for reaching business goals. “Our relationship managers have been a sig-
nificant factor in synchronizing IT and business strategies,” said its manager.
• A prioritization rubric. “We don’t do prioritization well,” said one participant.
IT managers have long complained that it is extremely difficult to justify certain
types of initiatives using the traditional business case method of prioritization.
This has led to an overrepresentation of business improvement projects in the IT
portfolio and has inhibited more strategic investments in general capabilities and
business opportunities. This problem is leading some companies to adopt multiple
approaches to justifying IT projects (Chakravarty et al. 2013; Ross and Beath 2002).
For example, business-enabling projects must be sponsored at a cross-functional
level on the basis of the capabilities they will provide the enterprise as a whole.
Senior management must then take responsibility to ensure that these capabili-
ties are fully leveraged over time. Infrastructure priorities are often left up to IT to
determine once a budget is set. One IT department does this by holding strategy
sessions with its relationship and utility managers to align infrastructure spending
with the organization’s strategic needs. Unfortunately, no one has yet figured out a
way to prioritize business opportunity experiments. At present this is typically left
to the “enthusiasms and intuitions” of the sponsoring managers, either in IT or in
the business (DeSouza 2011). “Overall,” said a manager, “we need to do a better job
of thinking through the key performance indicators we’d like to use for each type
of project.”
Although it is unlikely that strategy development will ever become a completely
formalized process, there is a clear need to add more structure to how it is done. A
greater understanding of how strategy is developed will ensure that all stakeholders
are involved and a broader range of IT investments are considered. The outcomes of
strategy will always be uncertain, but the process of identifying new opportunities and
how they should be funded must become more systematic if a business is going to real-
ize optimum value from its IT resources.
Challenges For Cios
As often happens in organizations, recognition of a need precedes the ability to put it
into place. IT leaders are now making significant strides in articulating IT strategy and
linking it more effectively with business strategy. Business leaders are also more open
M02_MCKE0260_03_GE_C02.indd 45 12/3/14 8:34 PM

46 Section I • Delivering Value with IT
to a more integrated process. Nevertheless, some important organizational barriers that
inhibit strategy development still remain.
A supportive governance structure is frequently lacking. “Now that so many
s trategies are enterprisewide, we need a better way to manage them,” explained one
manager. Often there are no formal structures to identify and manage interdepen-
dencies between business functions and processes. “It used to be that everything
was aligned around organizational boundaries, but strategy is now more complex
since we’re working on programs with broader organizational scope,” said another.
Similarly, current managerial control systems and incentives are often designed
to reward thinking that is aligned to a line of business, not to the greater organiza-
tional good. Enterprisewide funding models are also lacking. “Everything we do
now requires negotiation for funding between the lines of business who control the
resources,” a third stated. Even within IT, the group suggested it is not always clear
who in the organization is responsible for taking IT strategies and turning them into
detailed IT plans.
Traditional planning and budgetary practices are a further challenge. This is an
often-neglected element of IT strategy. “Our business and IT strategies are not always
done in parallel or even around the same time,” said a participant. As a result, it is not
easy to stay aligned or to integrate the two sets of plans. Another commented, “Our
business plans change constantly. It is, therefore, common for IT strategies to grow far-
ther and farther apart over time.” Similarly, an annual budgeting process tends to lock
an organization into fixed expenditures that may not be practical in a rapidly changing
environment. IT organizations, therefore, need both a longer-term view of their resourc-
ing practices and the opportunity to make changes to it more frequently. Even though
rolling budgets are becoming more acceptable, they are by no means common in either
IT or the business world today.
Both business and IT leaders need to develop better skills in strategizing. “We’ve
gotten really good at implementing projects,” said an IT manager. “Strategy and inno-
vation are our least developed capabilities.” IT is pushing the business toward better
articulation of its goals. “Right now, in many areas of our business, strategy is not well
thought through,” said another manager. “IT is having to play the devil’s advocate and
get them to think beyond generalities such as ‘We are going to grow the business by 20
percent this year.’” With more attention to the process, it is almost certain to get better,
but managers’ rudimentary skills in this area limit the quality of strategy development.
Over and over, the group stressed that IT strategy is mainly about getting the
balance right between conflicting strategic imperatives. “It’s always a balancing act
Barriers to Effective IT Strategy Development
• Lack of a governance structure for enterprisewide projects
• Inadequate enterprisewide funding models
• Poorly integrated processes for developing IT and business strategies
• Traditional budget cycles
• Unbalanced strategic and tactical initiatives
• Weak strategizing skills
M02_MCKE0260_03_GE_C02.indd 46 12/3/14 8:34 PM

Chapter 2 • Delivering Business Value through IT Strategy 47
Conclusion
Effective strategy development is becoming
vital for organizations. As the impact of IT
has grown in companies, IT strategy is finally
getting the attention it deserves in business.
Nevertheless, most organizations are still at
the earliest stages of learning how to develop
an effective IT strategy and synchronize it
with an overall business strategy. Getting
the balance right between the many differ-
ent ways IT can be used to affect a business
is a constant challenge for leaders and one on
which they do not always agree. Although
there is, as yet, no well-developed IT strat-
egy–development process, there appears to
be general agreement on certain critical suc-
cess factors and the key elements involved.
Over time, these will likely be refined and bet-
ter integrated with overall business strategy
development. Those who learn to do this well
without locking the enterprise into inflexible
technical solutions are likely to win big in our
rapidly evolving business environment.
References
Burgelman, R., and Y. Doz. “The Power of
Strategic Integration.” MIT Sloan Management
Review 42, no. 3 (Spring 2001): 28–38.
Casadesus-Masanell, R., and J. Ricart. “How to
Design a Winning Business Model.” Harvard
Business Review 89, nos. 1–2 (January–February
2011): 100–107.
Chakravarty, A., R. Grewal, and V. Sambamurthy.
“Information Technology Competencies,
Organizational Agility, and Firm Performance:
Enabling and Facilitating Roles.” Information
Systems Research 24, no. 4 (December 2013): 976–97.
Charitou, C., and C. Markides. “Responses to
Disruptive Strategic Innovation.” MIT Sloan
Management Review (Winter 2003): 55–63.
DeSouza, K. Intrapreneurship: Managing Ideas
in Your Organization. Toronto: University of
Toronto Press, 2011.
Eisenhardt, K. “Has Strategy Changed?” MIT
Sloan Management Review 43, no. 2 (Winter
2002): 88–91.
Friedman, T. The World is Flat: A Brief History of the
Twenty-First Century. New York: Farrar, Strauss
and Giroux, 2005.
Frohman, A. “Technology as a Competitive
Weapon.” Harvard Business Review (January–
February 1982): 80–94.
Gebauer, J. “Virtual Organizations from an
Economic Perspective.” Communications of the
ACM 40 (September 1997): 91–103.
Hitt, M., B. Keats, and S. DeMarire. “Navigating
in the New Competitive Landscape: Building
Strategic Flexibility.” Academy of Management
Executive 12, no. 4 (1998): 22–42.
Kanter, R. “Strategy as Improvisational Theater.” MIT
Sloan Management Review (Winter 2002): 76–81.
between our tactical and operational commitments and the work that builds our long-
term capabilities,” said a participant. Deciding how to make the trade-offs between
the different types of IT work is the essence of effective strategy. Unfortunately, few
businesses do this very well (Burgelman and Doz 2001; Luftman and Zadeh 2011).
According to the focus group, traditional business thinking tends to favor short-term
profitability, while IT leaders tend to take a longer-term view. Making sure some types
of IT work (e.g., infrastructure, new business opportunities) are not underfunded while
others (e.g., utility, business improvement) are not overfunded is a continual challenge
for all IT and business leaders.
M02_MCKE0260_03_GE_C02.indd 47 12/3/14 8:34 PM

48 Section I • Delivering Value with IT
Korsten, P. “The Essential CIO.” IBM Institute
for Business Value. Somers, NY: IBM Global
Business Services, 2011.
Luftman, J., and H. S. Zadeh. “Key Information
Technology and Management Issues 2010–
2011: An International Study.” Journal of
Information Technology 26, no. 3 (2011): 193–204.
McKeen, J., and H. Smith. Management Challenges
in IS: Successful Strategies and Appropriate Action.
Chichester, England: John Wiley & Sons, 1996.
Osterwalder, A., and Y. Pigneur. Business Model
Generation. Hoboken, NJ: John Wiley & Sons, 2010.
Peslak, A. R. “An Analysis of Critical Information
Technology Issues Facing Organizations.”
Industrial Management and Data Systems 112, no.
5 (2012): 808–27.
Porter, M. “What Is Strategy?” Harvard Business
Review (November–December 1996): 61–78.
Prahalad, C., and M. Krishnan. “The Dynamic
Synchronization of Strategy and Information
Technology.” MIT Sloan Management Review
(Summer 2002): 24–33.
Quinn, J. “Strategy, Science, and Management.” MIT
Sloan Management Review (Summer 2002): 96.
Rivard, S., B. Aubert, M. Patry, G. Pare,
and H. Smith. Information Technology and
Organizational Transformation: Solving the
Management Puzzle. New York: Butterworth
Heinemann, 2004.
Ross, J., and C. Beath. “Beyond the Business Case:
New Approaches to IT Investment.” MIT Sloan
Management Review (Winter 2002): 51–59.
Smith, H. A. “The Best of the Best: Part II.” CIO
Canada, October 1 (2003).
Smith, H., and J. McKeen. “Investment Spend
Optimization at BMO Financial Group.” MISQ
Executive 9, no. 2 (June 2010): 65–81.
Tapscott, D. The Digital Economy: Promise and Peril
in the Age of Networked Intelligence. New York:
McGraw-Hill, 1996.
Weill, P., M. Subramani, and M. Broadbent.
“Building IT Infrastructure for Strategic Agility.”
MIT Sloan Management Review (Fall 2002): 57–65.
Weiss, J., and A. Thorogood. “Information
Technology (IT)/Business Alignment as
a Strategic Weapon: A Diagnostic Tool.”
Engineering Management Journal 23, no. 2 (June
2011): 30–41.
M02_MCKE0260_03_GE_C02.indd 48 12/3/14 8:34 PM

49
C h a p t e r
3 Making IT Count1
1 This chapter is based on the authors’ previously published article, Smith, H. A., J. D. McKeen, and C. Street.
“Linking IT to Business Metrics.” Journal of Information Science and Technology 1, no. 1 (2004): 13–26. Reproduced
by permission of the Information Institute.
From the first time IT started making a significant dent in corporate balance sheets, the holy grail of academics, consultants, and business and IT managers has been to show that what a company spends on IT has a direct impact on its
performance. Early efforts to do this, such as those trying to link various measures
of IT input (e.g., budget dollars, number of PCs, number of projects) with various
measures of business performance (e.g., profit, productivity, stock value) all failed to
show any relationship at all (Marchand et al. 2000). Since then, everyone has prop-
erly concluded that the relationship between what is done in IT and what happens in
the business is considerably more complex than these studies first supposed. In fact,
many researchers would suggest that the relationship is so filtered through a variety
of “conversion effects” (Cronk and Fitzgerald 1999) as to be practically impossible to
demonstrate. Most IT managers would agree. They have long argued that technology
is not the major stumbling block to achieving business performance; it is the business
itself—the processes, the managers, the culture, and the skills—that makes the differ-
ence. Therefore, it is simply not realistic to expect to see a clear correlation between
IT and business performance at any level. When technology is successful, it is a team
effort, and the contributions of the IT and business components of an initiative cannot
and should not be separated.
Nevertheless, IT expenditures must be justified. Thus, most companies have
concentrated on determining the “business value” that specific IT projects deliver. By
focusing on a goal that matters to business (e.g., better information, faster transaction
processing, reduced staff), then breaking this goal down into smaller projects that IT
can affect directly, they have tried to “peel the onion” and show specifically how IT
delivers value in a piecemeal fashion. Thus, a series of surrogate measures are usually
used to demonstrate IT’s impact in an organization. (See Chapter 1 for more details.)
More recently, companies are taking another look at business performance met-
rics and IT. They believe it is time to “put the onion back together” and focus on what
M03_MCKE0260_03_GE_C03.indd 49 12/3/14 8:35 PM

50 Section I • Delivering Value with IT
really matters to the enterprise. This perspective argues that employees who truly
understand what their business is trying to achieve can sense the right ways to per-
sonally improve performance that will show up at a business unit and organizational
level. “People who understand the business and are informed will be proactive and …
have a disposition to create business value every day in many small and not-so-small
ways” (Marchand et al. 2000). Although the connection may not be obvious, they say,
it is there nevertheless and can be demonstrated in tangible ways. The key to linking
what IT does to business performance is, therefore, to create an environment within
which everyone thoroughly understands what measures are important to the business
and is held accountable for them. This point of view does not suggest that all the work
done to date to learn how IT delivers value to an organization (e.g., business cases,
productivity measures) has been unnecessary, only that it is incomplete. Without close
attention to business metrics in addition, it is easy for IT initiatives and staff to lose their
focus and become less effective.
This chapter looks at how these controversial yet compelling ideas are being
pursued in organizations to better understand how companies are attempting to link
IT work and firm performance through business metrics. The first section describes
how business metrics themselves are evolving and looks at how new management
philosophies are changing how these measures are communicated and applied. Next
it discusses the types of metrics that are important for a well-rounded program of
business measurement and how IT can influence them. Then it presents three differ-
ent ways companies are specifically linking their IT departments with business met-
rics and the benefits and challenges they have experienced in doing this. This section
concludes with some general principles for establishing a business measurement pro-
gram in IT. Finally, it offers some advice to managers about how to succeed with such
a program in IT.
Business MeasureMent: an Overview
Almost everyone agrees that the primary goal of a business is to make money for its
shareholders (Goldratt and Cox 1984; Haspeslagh et al. 2001; Kaplan and Norton 1996).
Unfortunately, in large businesses this objective frequently gets lost in the midst of
people’s day-to-day activities because profit cannot be measured directly at the level
at which most employees in a company work (Haspeslagh et al. 2001). This “missing
link” between work and business performance leads companies to look for ways to
bridge this gap. They believe that if a firm’s strategies for achieving its goal can be tied
much more closely to everyday processes and decision making, frontline employees
will be better able to create business value. Proponents of this value-based manage-
ment (VBM) approach have demonstrated that an explicit, firmwide commitment to
shareholder value, clear communication about how value is created or destroyed, and
incentive systems that are linked to key business measures will increase the odds of a
positive increase in share price (Haspeslagh et al. 2001).
Measurement counts. What a company measures and the way it measures
influence both the mindsets of managers and the way people behave. The best
measures are tied to business performance and are linked to the strategies and
business capabilities of the company. (Marchand et al. 2000)
M03_MCKE0260_03_GE_C03.indd 50 12/3/14 8:35 PM

Chapter 3 • Making IT Count 51
Although companies ascribe to this notion in theory, they do not always act
in ways that are consistent with this belief. All too often, therefore, because they
lack clarity about the links between business performance and their own work,
individuals and even business units have to take leaps of faith in what they do
(Marchand et al. 2000).
Nowhere has this been more of a problem than in IT. As has been noted often,
IT investments have not always delivered the benefits expected (Bensaou and Earl
1998; Holland and Sharke 2001; Peslak 2012). “Efforts to measure the link between
IT investment and business performance from an economics perspective have…
failed to establish a consistent causal linkage with sustained business profitability”
(Marchand et al. 2000). Value-based management suggests that if IT staff do not
understand the business, they cannot sense how and where to change it effectively
with technology. Many IT and business managers have implicitly known this for
some time. VBM simply gives them a better framework for implementing their
beliefs more systematically.
One of the most significant efforts to integrate an organization’s mission and
strategy with a measurement system has been Kaplan and Norton’s (1996) balanced
scorecard. They explain that competing in the information age is much less about
managing physical, tangible assets and much more about the ability of a company to
mobilize its intangible assets, such as customer relationships, innovation, employee
skills, and information technology. Thus, they suggest that not only should business
measures look at how well a company has done in the past (i.e., financial performance),
but they also need to look at metrics related to customers, internal business processes,
and learning and growth that position the firm to achieve future performance. Although
it is difficult putting a reliable monetary value on these items, Kaplan and Norton sug-
gest that such nonfinancial measures are critical success factors for superior financial
performance in the future. Research shows that this is, in fact, the case. Companies that
use a balanced scorecard tend to have a better return on investment (ROI) than those
that rely on traditional financial measures alone (Alexander 2000).
Today many companies use some sort of scorecard or “dashboard” to track a vari-
ety of different metrics of organizational health. However, IT traditionally has not paid
much attention to business results, focusing instead on its own internal measures of
performance (e.g., IT operations efficiency, projects delivered on time). This has per-
petuated the serious disconnect between the business and IT that often manifests itself
in perceptions of poor alignment between the two groups, inadequate payoffs from IT
investments, poor relationships, and finger-pointing (Holland and Sharke 2001; Peslak
2012; Potter 2013). All too often IT initiatives are conceived with little reference to major
business results, relying instead on lower-level business value surrogates that are not
always related to these measures. IT organizations are getting much better at this bot-
tom-up approach to IT investment (Smith and McKeen 2010), but undelivered IT value
remains a serious concern in many organizations. One survey of CFOs found that only
49 percent felt that their ROI expectations for technology had been met (Holland and
Sharke 2001). “Despite considerable effort, no practical model has been developed to
measure whether a company’s IT investments will definitely contribute to sustainable
competitive advantage” (Marchand et al. 2000). Clearly, in spite of significant efforts
over many years, traditional IT measurement programs have been inadequate at
M03_MCKE0260_03_GE_C03.indd 51 12/3/14 8:35 PM

52 Section I • Delivering Value with IT
assessing business value. Many IT organizations believe, therefore, that it is time for
a different approach to delivering IT value, one that holds IT accountable to the same
measures and goals as the rest of the business.
Key Business Metrics fOr it
No one seriously argues that IT has no impact on an organization’s overall financial
performance anymore. There may be disagreement about whether it has a positive or
a negative impact, but technology is too pervasive and significant an expense in most
firms for it not to have some influence on the corporate bottom line. However, as has
been argued earlier, we now recognize that neither technology nor business alone is
responsible for IT’s financial impact. It is instead a joint responsibility of IT and the busi-
ness. This suggests that they need to be held accountable together for its impact. Some
companies have accepted this principle for individual IT projects (i.e., holding business
and IT managers jointly responsible for achieving their anticipated benefits), yet few
have extended it to an enterprise level. VBM suggests that this lack of attention to enter-
prise performance by IT is one reason it has been so hard to fully deliver business value
for technology investments. Holding IT accountable for a firm’s performance according
to key financial metrics is, therefore, an important step toward improving its contribu-
tion to the corporate bottom line.
However, although financial results are clearly an important part of any mea-
surement of a business’s success today, they are not enough. Effective business metrics
programs should also include nonfinancial measures, such as customer and employee
satisfaction. As already noted, because such nonfinancial measures are predictive of
future performance, they offer an organization the opportunity to make changes that
will ultimately affect their financial success.
Kaplan and Norton (1996) state “the importance of customer satisfaction probably
cannot be overemphasized.” Companies that do not understand their customers’ needs
will likely lose customers and profitability. Research shows that merely adequate satis-
faction is insufficient to lead to customer loyalty and ultimately profit. Only firms where
customers are completely or extremely satisfied can achieve this result (Heskett  et al.
1994). As a result, many companies now undertake systematic customer satisfaction
surveys. However, in IT it is rare to find external customer satisfaction as one of the
metrics on which IT is evaluated. While IT’s “customers” are usually considered to be
internal, these days technology makes a significant difference in how external custom-
ers experience a firm and whether or not they want to do business with it. Systems that
are not reliable or available when needed, cannot provide customers with the informa-
tion they need, or cannot give customers the flexibility they require are all too common.
And with the advent of online business, systems and apps are being designed to inter-
face directly with external customers. It is, therefore, appropriate to include external
customer satisfaction as a business metric for IT.
Another important nonfinancial business measure is employee satisfaction. This
is a “leading indicator” of customer satisfaction. That is, employee satisfaction in one
year is strongly linked to customer satisfaction and profitability in the next (Koys
2001). Employees’ positive attitudes toward their company and their jobs lead to posi-
tive behaviors toward customers and, therefore, to improved financial performance
M03_MCKE0260_03_GE_C03.indd 52 12/3/14 8:35 PM

Chapter 3 • Making IT Count 53
(Rucci et al. 1998; Ulrich et al. 1991). IT managers have always watched their own
employee satisfaction rate intently because of its close links to employee turnover.
However, they often miss the link between IT employee satisfaction and customer
satisfaction—both internal customer satisfaction, which leads to improved general
employee satisfaction, and external customer satisfaction. Thus, only a few companies
hold IT managers accountable for general employee satisfaction.
Both customer and employee satisfaction should be part of a business metrics
program for IT. With its ever-growing influence in organizations, technology is just
as likely to affect external customer and general employee satisfaction as many other
areas of a business. This suggests that IT has three different levels of measurement and
accountability:
1. Enterprise measures. These tie the work of IT directly to the performance of the
organization (e.g., external customer satisfaction, corporate financial performance).
2. Functional measures. These assess the internal work of the IT organization as a
whole (e.g., IT employee satisfaction, internal customer satisfaction, operational
performance, development productivity).
3. Project measures. These assess the performance of a particular project team in
delivering specific value to the organization (e.g., business case benefits, delivery
on time).
Functional and project measures are usually well addressed by IT measurement
programs today. It is the enterprise level that is usually missing.
Designing Business Metrics fOr it
The firms that hold IT accountable for enterprise business metrics believe this approach
fosters a common sense of purpose, enables everyone to make better decisions, and
helps IT staff understand the implications of their work for the success of the organi-
zation (Haspeslagh et al. 2001; Marchand et al. 2000; Potter 2013; Roberts 2013). The
implementation of business metrics programs varies widely among companies, but
three approaches taken to linking IT with business metrics are distinguishable.
1. Balanced scorecard. This approach uses a classic balanced scorecard with mea-
sures in all four scorecard dimensions (see the “Sample Balanced Scorecard Business
Metrics” feature). Each metric is selected to measure progress against the entire
enterprise’s business plan. These are then broken down into business unit plans
and appropriate submetrics identified. Individual scorecards are then developed
with metrics that will link into their business unit scorecards. With this approach,
IT is treated as a separate business unit and has its own scorecard linked to the
business plan. “Our management finally realized that we need to have everyone
thinking in the same way,” explained one manager. “With enterprise systems, we
can’t have people working in silos anymore.” The scorecards are very visible in the
organization with company and business unit scorecards and those of senior execu-
tives posted on the company’s intranet. “People are extremely interested in seeing
how we’re doing. Scorecards have provided a common framework for our entire
company.” They also provide clarity for employees about their roles in how they
affect key business metrics.
M03_MCKE0260_03_GE_C03.indd 53 12/3/14 8:35 PM

54 Section I • Delivering Value with IT
Although scorecards have meant that there is better understanding of the
business’s drivers and plans at senior management levels, considerable resistance
to them is still found at the lower levels in IT. “While developers see how they can
affect our customers, they don’t see how they can affect shareholder value, profit,
or revenue, and they don’t want to be held accountable for these things,” stated
the same manager. She noted that implementing an effective scorecard program
relies on three things: good data to provide better metrics, simplicity of metrics,
and enforcement. “Now if someone’s scorecard is not complete, they cannot get a
bonus. This is a huge incentive to follow the program.”
2. Modified scorecard. A somewhat different approach to a scorecard is taken by
one company in the focus group. This firm has selected five key measures (see the
“Modified Scorecard Business Metrics” feature) that are closely linked to the com-
pany’s overall vision statement. Results are communicated to all staff on a quarterly
basis in a short performance report. This includes a clear explanation of each mea-
sure, quarterly progress, a comparison with the previous year’s quarterly results,
and a “stretch” goal for the organization to achieve. The benefit of this approach is
that it orients all employees in the company to the same mission and values. With
everyone using the same metrics, alignment is much clearer all the way through the
firm, according to the focus group manager.
In IT these key enterprise metrics are complemented by an additional set
of business measures established by the business units. Each line of business
identifies one or two key business unit metrics on which they and their IT team
Sample Balanced Scorecard Business Metrics
• Shareholder value (financial)
• Expense management (financial)
• Customer/client focus (customer)
• Loyalty (customer)
• Customercentric organization (customer)
• Effectiveness and efficiency of business operations (operations)
• Risk management (operations)
• Contribution to firmwide priorities and business initiatives (growth)
Modified Scorecard Business Metrics
• Customer loyalty index. Percentage of customers who said they were very satisfied with
the company and would recommend it to others.
• Associate loyalty index. Employees’ perception of the company as a great place to work.
• Revenue growth. This year’s total revenues as a percentage of last year’s total revenues.
• Operating margin. Operating income earned before interest and taxes for every dollar of
revenue.
• Return on capital employed. Earnings before interest and tax divided by the capital used
to generate the earnings.
M03_MCKE0260_03_GE_C03.indd 54 12/3/14 8:35 PM

Chapter 3 • Making IT Count 55
will be measured. Functional groups within IT are evaluated according to the
same metrics as their business partners as well as on company and internal IT
team performance. For example, the credit group in IT might be evaluated on
the number of new credit accounts the company acquires. Shared IT services
(e.g.,  infrastructure) are evaluated according to an average of all of the IT func-
tional groups’ metrics.
The importance the company places on these metrics is reflected in the
firm’s generous bonus program (i.e., bonuses can reach up to 230 percent of an
individual’s salary) in which all IT staff participate. Bonuses are separate from
an individual’s salary, which is linked to personal performance. The percentage
influence of each set of business measures (i.e., enterprise, business unit, and
individual/team) varies according to the level of the individual in the firm.
However, all staff have at least 25 percent of their bonus linked to enterprise
performance metrics. No bonuses are paid to anyone if the firm does not reach its
earnings-per-share target (which is driven by the five enterprise measures out-
lined in the “Modified Scorecard Business Metrics” feature). This incentive sys-
tem makes it clear that everyone’s job is connected to business results and helps
ensure that attention is focused on the things that are important to the company.
As a result, interest is much stronger among IT staff about how the business is
doing. “Everyone now speaks the same language,” said the manager. “Project
alignment is much easier.”
3. Strategic imperatives. A somewhat different approach is taken by a third focus
group company. Here the executive team annually evaluates the key environmen-
tal factors affecting the company, then identifies a number of strategic imperatives
for the firm (e.g., achieve industry-leading e-business capability, achieve 10–15
percent growth in earnings per share). These can vary according to the needs of
the firm in any particular year. Each area of the business is then asked to identify
initiatives that will affect these imperatives and to determine how they will be
measured (e.g., retaining customers of a recent acquisition, increased net sales, a
new product). In the same way, IT is asked to identify the key projects and mea-
sures that will help the business to achieve these imperatives. Each part of the
company, including IT, then integrates these measures into its variable pay pro-
gram (VPP).
The company’s VPP links a percentage of an individual’s pay to business
results and overall business unit performance. This percentage could vary from a
small portion of one’s salary for a new employee to a considerable proportion for
senior management. Within IT, the weight that different measures are accorded in
the VPP portion of their pay is determined by a measurement team and approved
by the CIO and the president. Figure 3.1 illustrates the different percentages allo-
cated to IT’s variable pay component for a typical year. Metrics can change from
year to year depending on where management wants to focus everyone’s attention.
“Performance tends to improve if you measure it,” explained the manager. “Over
the years, we have ratcheted up our targets in different areas. Once a certain level
of performance is achieved, we may change the measure or change the emphasis on
this measure.”
M03_MCKE0260_03_GE_C03.indd 55 12/3/14 8:35 PM

56 Section I • Delivering Value with IT
An important difference from the scorecard approach is the identification of key
IT projects. “These are not all IT projects, but a small number that are closely aligned
with the strategic business imperatives,” stated the manager. “Having the success of
these projects associated with their variable pay drives everyone’s behavior. People
tend to jump in and help if there’s a problem with one of them.” The goal in this process
is for everyone to understand the VPP measures and to make them visible within IT.
Targets and results are posted quarterly, and small groups of employees meet to discuss
ideas about how they can influence business and IT goals. “Some amazing ideas have
come out of these meetings,” said the manager. “Everyone knows what’s important,
and these measures get attention. People use these metrics to make choices all the time
in their work.”
Each of these business measurement programs has been implemented somewhat
differently, but they all share several key features that could be considered principles of
a good business metrics program for IT:
1. Focus on overall business performance. These programs all focus employees on
both financial and nonfinancial enterprise performance and have an explicit expecta-
tion that everyone in the organization can influence these results in some way.
2. Understanding is a critical success factor. If people are going to be held
accountable for certain business results, it is important that they understand
them. Similarly, if the organization is worried about certain results, this must be
communicated as well. Holding regular staff meetings where people can ask ques-
tions and discuss results is effective, as is providing results on a quarterly basis.
Understanding is  the goal. “If you can ask … a person programming code and
they can tell you three to four of their objectives and how those tie into the compa-
ny’s performance and what the measures of achieving those objectives are, you’ve
got it” (Alexander 2000).
3. Simplicity. Successful companies tend to keep their measures very simple and
easy to use (Haspeslagh et al. 2001). In each approach already outlined, a limited
number of measures are used. This makes it very easy for employees to calculate
Business Results
40%
Report Card Goals
30%
Partner
Satisfaction
10%
Application Delivery
Effectiveness
5%
Production
Availability
5%
Member
Retention
5%
Product
Recovery
5%
Key Projects
30%
IT Performance
60%
IT Variable Pay
100%
figure 3.1 Percentage Weightings Assigned to IT Variable Pay Components for a Particular Year
M03_MCKE0260_03_GE_C03.indd 56 12/3/14 8:35 PM

Chapter 3 • Making IT Count 57
their bonuses (or variable pay) based on the metrics provided, which further
strengthens the linkage between company performance and individual effort.
4. Visibility. In each of the programs already discussed, metrics were made widely
available to all staff on a quarterly basis. In one case they are posted on the com-
pany’s intranet; in another they are distributed in a printed report; in a third they
are posted in public areas of the office. Visibility encourages employee buy-in and
accountability and stimulates discussion about how to do better or what is working
well.
5. Links to incentive systems. Successful companies tend to include a much
larger number of employees in bonus programs than unsuccessful ones
(Haspeslagh et al. 2001). Extending incentive schemes to all IT staff, not just
management, is important to a measurement program’s effectiveness. The
most effective programs appear to distinguish between fair compensation for
individual work and competencies and a reward for successfully achieving
corporate objectives.
aDvice tO Managers
The focus group had some final advice for other IT managers who are thinking of
implementing a business metrics program:
• Results will take time. It takes time to change attitudes and behavior in IT, but it
is worth making the effort. Positive results may take from six months to a year to
appear. “We had some initial pushback from our staff at the beginning,” said one
manager, “but now the metrics program has become ingrained in our attitudes and
behaviors.” Another manager noted, “We had a few bumps during our first year,
but everyone, especially our executives, is getting better at the program now [that]
we’re in our third year. It really gets our staff engaged with the business.” If there
has been no dramatic difference within three years, management should recognize
that it is either using the wrong measures or hasn’t got employee buy-in to the pro-
gram (Alexander 2000).
• Have common goals. Having everyone measured on the same business goals
helps build a strong team at all levels in the organization. It makes it easier to set
priorities as a group and collaborate and share resources, as needed.
• Follow up on problem areas. Companies must be prepared to take action about
poor results and involve staff in their plans. In particular, if companies are going to
ask customers and employees what they think, they must be prepared to act on the
results. All metrics must be taken seriously and acted on if they are to be used to
drive behavior and lead to continuous improvement.
• Be careful what you measure. Measuring something makes people pay attention
to it, particularly if it is linked to compensation. Metrics must, therefore, be selected
with care because they will be a major driver of behavior. For example, if incen-
tives are solely based on financial results, it is probable that some people may be so
driven that they will trample on the needs and interests of others. Similarly, if only
costs are measured, the needs of customers could be ignored. Conversely, if a metric
indicates a problem area, organizations can expect to see a lot of ingenuity and sup-
port devoted to addressing it.
M03_MCKE0260_03_GE_C03.indd 57 12/3/14 8:35 PM

58 Section I • Delivering Value with IT
• Don’t use measurement as a method of control. A business metrics program
should be designed to foster an environment in which people look beyond their
own jobs and become proactive about the needs of the organization (Marchand
et al. 2000). It should aim to communicate strategy and help align individual and
organizational initiatives (Kaplan and Norton 1996). All managers should clearly
understand that a program of this type should not be used for controlling behavior,
but rather as a motivational tool.
Conclusion
Getting the most value out of IT has been a
serious concern of business for many years.
In spite of considerable effort, measurement
initiatives in IT that use surrogates of busi-
ness value or focus on improving internal
IT behavior have not been fully successful in
delivering results. Expecting IT to participate
in achieving specific enterprise objectives—
the same goals as the rest of the organiza-
tion—has been shown to deliver significant
benefits. Not only are there demonstrable
financial returns, but there is also consider-
able long-term value in aligning everyone’s
behavior with the same goals; people become
more supportive of each other and more
sensitive to the greater corporate good, and
decisions are easier to make. A good business
metrics program, therefore, appears to be a
powerful component of effective measure-
ment in IT. IT employees may initially resist
accountability for business results, but the
experiences of the focus group demonstrate
that their objections are usually short lived. If
a business measurement program is carefully
designed, properly linked to an incentive pro-
gram, widely implemented, and effectively
monitored by management, it is highly likely
that business performance will become an
integral part of the mind-set of all IT staff and
ultimately pay off in a wide variety of ways.
References
Alexander, S. “Business Metrics.” Computerworld
34, no. 24 (2000): 64.
Bensaou, M., and M. Earl. “The Right Mind-Set for
Managing Information Technology.” Harvard
Business Review 76, no. 5 (September–October
1998): 110–28.
Cronk, M., and E. Fitzgerald. “Understanding ‘IS
Business Value’: Derivation of Dimensions.”
Logistics Information Management 12, no. 1–2
(1999): 40–49.
Goldratt, E., and J. Cox. The Goal: Excellence in
Manufacturing. Croton-on-Hudson, NY: North
River Press, 1984.
Haspeslagh, P., T. Noda, and F. Boulos. “Managing
for Value: It’s Not Just About the Numbers.”
Harvard Business Review (July–August 2001):
65–73.
Heskett, J., T. Jones, G. Loveman, E. Sasser, and L.
Schlesinger. “Putting the Service Profit Chain
to Work.” Harvard Business Review (March–
April 1994): 164–74.
Holland, W., and G. Sharke. “Is Your IT System
VESTed?” Strategic Finance 83, no. 6 (December
2001): 34–37.
Kaplan, R., and D. Norton. The Balanced
Scorecard. Boston: Harvard Business School
Press, 1996.
Koys, D. “The Effects of Employee Satisfaction,
Organizational Citizenship Behavior, and
Turnover on Organizational Effectiveness: A
Unit-Level, Longitudinal Study.” Personnel
Psychology 54, no. 1 (Spring 2001): 101–14.
Marchand, D., W. Kettinger, and J. Rollins.
“Information Orientation: People, Technology
M03_MCKE0260_03_GE_C03.indd 58 12/3/14 8:35 PM

Chapter 3 • Making IT Count 59
and the Bottom Line.” Sloan Management
Review (Summer 2000): 69–89.
Peslak, A. R. “An Analysis of Critical Information
Technology Issues Facing Organizations.”
Industrial Management and Data Systems 112, no.
5 (2012): 808–27.
Potter, K. “Business Key Metrics Data: Accelerate
the IT Value Journey.” Gartner Group, ID:
G00256958, October 16, 2013.
Roberts, J. P. “Define Strategic IT Metrics as
Part of Your IT Strategy.” Gartner Group, ID:
G0025861, November 5, 2013.
Rucci, A., S. Kirn, and R. Quinn. “The Employee-
Customer-Profit Chain at Sears.” Harvard
Business Review 76 (January/February 1998):
82–97.
Smith, H., and J. McKeen. “Investment Spend
Optimization at BMO Financial Group.” MISQ
Executive 9, no. 2 (June 2010): 65–81.
Ulrich, D., R. Halbrook, D. Meder, M. Stuchlik,
and S. Thorpe. “Employee and Customer
Attachment: Synergies for Competitive
Advantage.” Human Resource Planning 14
(1991): 89–103.
M03_MCKE0260_03_GE_C03.indd 59 12/3/14 8:35 PM

60
C h a p t e r
4 Effective Business– IT Relationships1
1 This chapter is based on the authors’ previously published article, Smith, H. A., and J. D. McKeen. “Building
a Strong Relationship with the Business.” Communications of the Association for Information Systems 26, Article
19 (April 2010): 429–40. Reproduced by permission of the Association for Information Systems.
There is no doubt that a strong business–IT relationship is now critical to the success of an organization’s successful and effective use of IT (Bassellier and Benbasat 2004; Kitzis and Gomolski 2006). With the rapid evolution of IT in busi-
ness, simply “keeping the lights on” and delivering systems on time and on budget are
not enough. Today, IT’s ability to deliver value is closely linked with the nature of its
relationship with a large number of business stakeholders. Recognizing this, many IT
functions have tried to become “partners” with the business at the most senior strategic
levels, but with limited success (Gordon and Gordon 2002). It has become clear from
these initiatives that business–IT interactions are more complex and highly resistant
to change than first assumed and that building a strong relationship with business is a
major challenge for most IT leaders.
We know that the nature and quality of the business–IT relationship are affected
by many factors such as the subfunction of IT involved (e.g., operations, application
development), the business unit involved, the management levels involved, changing
expectations, and general perceptions of IT (McKeen and Smith 2008). However,
research suggests that IT managers are still somewhat naïve about how relationships
work in business and that interpersonal interaction and clear communication are often
missing between the groups. We have also learned that perceptions of the value IT
delivers are correlated with how well IT is perceived to understand and identify with
the business (Anonymous 2002; Gold 2006; Tallon et al. 2000).
Nevertheless, we still know very little about the elements that contribute to a
“strong relationship” between IT and business, nor even about how to characterize
such a relationship (Day 2007). This chapter first looks at the nature of the business–IT
relationship and how an effective relationship could be characterized. Then it examines
in turn each of the four foundational elements of a strong, positive relationship, making
suggestions for how IT managers could strengthen them.
M04_MCKE0260_03_GE_C04.indd 60 12/3/14 8:36 PM

Chapter 4 • Effective Business–IT Relationships 61
The NaTure of The BusiNess–iT relaTioNship
“The IT-business relationship is a set of beliefs that one party holds about the other and
how these beliefs are formed from the interactions of . . . individuals as they engage in
tasks associated with an IT service” (Day 2007). The business–IT relationship in orga-
nizations tends to span the full range of relationship possibilities. Some members of
the focus group felt they had generally healthy and positive relationships, and others
labeled them negative or ineffective. Overall, “there’s still a general perception that IT is
slow, expensive, and gets in the way,” said one manager. Even the focus group member
with the most positive business–IT relationship admitted it was “not easy,” and one set
of researchers has described it as typically “arduous” (Pawlowski and Robey 2004).
Although “you can’t have a one-sided relationship,” as one focus group manager
remarked, agreement is almost universal that IT needs to change if it is to improve.
Literally dozens of articles have been written about what IT should be doing to make it
better. For example, IT should better understand the fundamentals of business and aim
to satisfy the “right” customers (Kitzis and Gomolski 2006); act as a knowledge broker
(Pawlowski and Robey 2004); get involved in the business and be skilled marketers
(Schindler 2007); manage expectations (Ross 2006); convince the business that it under-
stands its goals and concerns and communicate in business language (Bassellier and
Benbasat 2004); and demonstrate its competencies (Day 2007). In short, “IT has to keep
proving itself” to the business to demonstrate its value (Kaarst-Brown 2005). Thus, prac-
titioners and researchers both consistently stress that cultivating a strong business–IT
relationship is “a continuous effort” (a focus group member); “ongoing” (Luftman and
Brier 1999); a “core IT skill” (Feeny and Willcocks 1998); and “ emergent” (Day 2007).
On the business side of the relationship, two features stand out. First, business
managers are often disengaged from IT work, according to both the focus group and
researchers (Ross and Weill 2002). For example, in some cases in the focus group, IT
staff have taken on business roles in projects in order to get them done. Second, it is
clear that what business wants from this relationship is continually changing. “The
business–IT relationship is cyclical,” explained one manager. “The business goes back
and forth about whether it wants IT to be an order taker or an innovator. Every time the
business changes what it wants, the relationship goes sour.”
So what do we know about the business–IT relationship in organizations? First, we
know it is a multifaceted interaction of people and processes. It is unfortunately true that
the existence of positive relationships between individual business and IT professionals
does not necessarily mean that interactions will be positive on a particular develop-
ment project, with the IT help desk, with an individual business unit, or between IT
and the business as a whole (McKeen and Smith 2008). Because relationships manifest
themselves in so many ways—formal and informal, tacit and explicit, procedural and
cultural—we must recognize that their complexity means that they don’t lend them-
selves to simplistic solutions (Day 2007; Guillemette et al. 2008; Ross 2006).
Second, we know difficult, complex relationships often exhibit lack of clarity
around expectations and accountabilities and difficulty communicating (Galford and
Drapeau 2003; Pawlowski and Robey 2004). This, in turn, leads to lack of trust. In the
business–IT relationship, “complexity often arises when expectations differ in vari-
ous parts of an organization, leaving a CIO with the difficult task of reconciling them
and elucidating exactly what the IT function’s mission and strategic role should be”
M04_MCKE0260_03_GE_C04.indd 61 12/3/14 8:36 PM

62 Section I • Delivering Value with IT
(Guillemette et al. 2008). Several focus group members complained that different parts
of their business expected different things from IT. “In some parts of our business, they
want IT to be an order-taker; in others, they want us to be thought leaders and innova-
tors,” stated one manager. Another noted, “We live in an age of unmet expectations.
There’s never enough resources to do everything the business wants us to do.”
Third, assumptions by the business about IT tend to cluster into patterns. One
researcher has identified five sets of assumptions: (1) IT is a necessary evil, (2) IT is a
support, not a partner, (3) IT rules, (4) business can do IT better, and (5) business and IT
are equal partners. Business leaders who espouse one of these sets will tend to have sim-
ilar ideas about who should control IT’s direction, how central IT is to business strategy,
the value of IT skills and knowledge, how to justify IT investments, and who benefits
from IT (Kaarst-Brown 2005). Building on this idea, another study has also shown that
business–IT relationships tend to vary along similar patterns. Different organizations
tend to adopt one of five IT value profiles and expect IT to behave in accordance with
the profile selected (see Appendix A). Problems arise when the assumptions and value
profiles espoused by IT conflict with those of the organization or a specific part of the
organization. As a result, many “disconnects” are often present in the relationship. For
example, although IT organizations often seek to be a business partner, their participa-
tion in this way is not always welcomed by the business (Pawlowski and Robey 2004).
Focus group members defined a strong business–IT relationship in ways that
recognize each of these factors. To them, it should include the following:
• Clearly defined expectations, governance models, and accountabilities.
• Trust between the two groups.
• Articulation and incorporation of corporate and client values and priorities in all
IT work.
• A blurred line between business and IT (i.e., no “us vs. them”).
• IT dedicated to business success.
• IT serving as a trusted advisor to the business.
• Mutual recognition of IT value.
In short, a strong business–IT relationship is one where realistic, mutual
expectations are clearly articulated and communicated through individual and
procedural interactions and where both groups recognize that all facets of this
relationship are important to the successful delivery of IT value.
Characteristics of the Business–IT Relationship
• IT has to keep proving itself.
• The business is often disengaged from IT work.
• Business expectations of IT change continually.
• The relationship is affected by the interaction of many people and processes at multiple
levels.
• Clarity is often lacking around expectations and accountabilities.
• Business assumptions of IT tend to cluster.
• There are many “disconnects” between the two groups.
M04_MCKE0260_03_GE_C04.indd 62 12/3/14 8:36 PM

Chapter 4 • Effective Business–IT Relationships 63
The fouNdaTioN of a sTroNg BusiNess–iT relaTioNship
Strong relationships do not simply happen. They are built over time and, if they are to
deliver value for the organization, they must be built to endure (Day 2007). The focus
group told several stories of how the business–IT relationship in their organization had
deteriorated when a business or IT leader changed or when a project wasn’t delivered
on time. Because it can so easily become dysfunctional, constant attention and nurturing
are needed at all levels, said the focus group. However, building a strong relationship
is not easy to do. Although there is no shortage of prescriptions, the sustained nature
of problems in this relationship suggests that some underlying root causes need to be
addressed (Appendix B provides one organization’s view of what is needed in this
relationship).
We have suggested previously that four components must be in place in order
to deliver real business value with IT: competence, credibility, interpersonal inter-
action, and trust. The focus group reviewed these components and agreed that they
also form the foundation of a successful and effective business–IT relationship. The
focus group saw that developing, sustaining, and growing a strong business–IT rela-
tionship in each of these areas is closely intertwined with IT’s ability to deliver value
with technology. Therefore, a consistent and structured initiative to strengthen the
business–IT relationship in these dimensions will also lead to an improved ability to
deliver value successfully (see Figure 4.1). In the remainder of this chapter, we look
at these four components in turn, discussing in detail how each acts as an important
building block of a strong business–IT relationship and suggesting how each could
be strengthened.
Value
Trust
Interpersonal Interaction
Credibility
Competence
figure 4.1 Strong Relationships are Built on a Strong Foundation
M04_MCKE0260_03_GE_C04.indd 63 12/3/14 8:36 PM

64 Section I • Delivering Value with IT
Building Block #1: Competence
Although a competent IT organization that consistently delivers cost-efficient and reli-
able services is the bare minimum for an IT function, businesses today expect a great
deal more of both their IT organizations and their IT professionals. Although many
IT organizations have adopted an internal service model in order to “operate IT like a
business” and have demonstrated that they can provide services as effectively as exter-
nal service providers, these competencies fall short of what business now expects of IT
(Kitzis and Gomolski 2006). Over the last decade, researchers and practitioners have
identified a number of new competencies that are now required—to a greater or lesser
extent—from all IT professionals.
First and foremost, IT staff need business knowledge. This goes beyond basic know-
ledge of a single business unit to include the “big picture” of the whole organization.
IT personnel need to understand the business context in which their technologies are
deployed, including organizational goals and objectives, capabilities, critical success
factors, environment, and constraints. At all levels, they need to be able to “think about
and understand the development of the business as [any other business] member would
and participate in making [it] successful in the same way” (Bassellier and Benbasat
2004). Furthermore, they need to be able to apply their business understanding to help
the organization visualize the ways in which “IT can contribute to organizational per-
formance and look for synergies between IT and business activities” (Bassellier and
Benbasat 2004). In this regard, an important competence an IT department and its staff
can bring to an organization is cross-domain and cross-functional business knowledge
(Kitzis and Gomolski 2006; Wailgum 2008a).
Developing business knowledge does not mean that IT staff should become busi-
nesspeople but that they should be able to demonstrate they understand the business’s
goals, concerns, language, and processes and are working to help achieve them (Feeny
and Willcocks 1998). One focus group organization surveyed its senior managers about
IT and found that these managers felt IT staff had a poor understanding of the business;
as a result, they didn’t trust IT’s ideas.
Other key competencies that IT must cultivate include the following:
• Expertise. This includes having up-to-date knowledge, being able to support a
technical recommendation, applying expertise to a particular business situation,
and offering wise advice on risks, options, and trade-offs, as well as the ability
to bring useful new ideas and external information (e.g., about new technolo-
gies or what the competition is doing with technology) to the business (Joni 2004;
Pawlowski and Robey 2004).
• Financial Awareness. Awareness of how IT delivers value and the ability to act in
accordance with this value is a rare and prized skill (Mahoney and Gerrard 2007).
All the focus group members felt pressure to continually demonstrate the business
value of IT and recognized a strong need to make all IT staff more aware of such
concepts as ROI, total cost of ownership, and how IT affects the bottom line and/or
business strategy.
• Execution. It is not enough to understand the business and develop a vision;
IT must also operationalize them. Since much of the business–IT relationship is
dynamic—that is, continually being re-created—every IT action speaks about its
competence. It is well known that the inability to deliver an individual project on
M04_MCKE0260_03_GE_C04.indd 64 12/3/14 8:36 PM

Chapter 4 • Effective Business–IT Relationships 65
time and within budget will undermine the business’s view of IT’s overall compe-
tence. However, it is also the case that the actions of IT operations, the help desk,
and other IT subfunctions will also be held up to similar scrutiny. As one focus
group manager stated, “Poor delivery of any type can break a relationship.”
In short, if the IT function is not seen to be competent at executing basic IT services
or able to communicate in business terms, it will simply not be given an opportunity to
participate in higher-order business activities, such as planning and strategy develop-
ment (Gerrard 2006).
sTreNgTheNiNg CompeTeNCe
• Find ways to develop business knowledge in all IT staff. Focus group members
use “lunch and learn” sessions, job shadowing, and short-term assignments in
the business to accomplish this, but they recognize that more needs to be done to
develop this competence.
• Link IT’s success criteria to business metrics. This not only lifts IT’s perspective
to larger business concerns, but it also introduces all IT staff to the key financial and
other measures that drive the rest of the organization.
• Make business value an explicit criteria in all IT decisions. Asking why the busi-
ness should care about a particular IT decision, and how it will affect the business
in both the long and short terms, changes the focus of IT professionals in a subtle
but very effective way, enabling them to communicate even technical decisions in
business terms.
• Ensure effective execution in all IT activities. This ensures that IT sends a consis-
tent message of competence to all parts and levels of the organization.
Building Block #2: Credibility
Credibility is the belief that others can be counted on to do what they say they will
do. It is built in many ways. Keeping agreements and acting with integrity, honesty,
and openness are essential behaviors, whereas lack of timely and substantive responses
and failure to observe deadlines can undermine it (Feeny et al. 1992; Greenberg et al.
2007). Focus group managers concurred that credibility is very important to the busi-
ness–IT relationship. Although in earlier days, credibility was largely about the ability
to deliver systems on time and budget, now earning and maintaining credibility with
the business has become more complex. Today’s IT projects often involve many more
elements (e.g., multiple platforms, risk management, adherence to laws and standards)
and stakeholders than in the past, and the methods and tools of delivery are constantly
changing. Furthermore, research shows that it is often the “little things” that can be
most significant in undermining credibility and that people often make decisions based
on IT’s attention or inattention to such details (Buchanan 2005). One study concluded
that “each and every IT service incident and event must be considered for its long-term
influence” (Day 2007).
IT staff often assume that because they are competent they will be credible, but this
is an invalid assumption. Thus, for example, a survey of CIOs found that they wished
their developers “didn’t appear so clueless to the rest of the organization” (Wailgum
2008b). It is essential, therefore, that competence be demonstrated for others to feel
M04_MCKE0260_03_GE_C04.indd 65 12/3/14 8:36 PM

66 Section I • Delivering Value with IT
someone is credible (Ross 2006). This is especially important in relationships where
there is little face-to-face interaction. In these cases in particular, work must be visible
and communication constant in order to demonstrate credibility (Hurley 2006).
sTreNgTheNiNg CrediBiliTy
• Communicate frequently and explicitly. Make progress and accomplishments
visible in clear and nontechnical ways. Focus group members found that when
difficult decisions are planned together and clearly articulated in advance, much
less tension develops in the relationship.
• Pay attention to the “little things.” Wherever possible, take steps to provide
prompt feedback and responses to queries and to ensure consistently high- quality
service encounters.
• Utilize external cues to credibility. Examples include awards, endorsements from
third parties, and the experience and background of IT staff. These specifics can be
very useful when starting a new relationship with the business.
• Assess all business touch points. All focus group members stressed the need to
really listen to what the business says about its expectations and the problems it
feels exist in the relationship. Just the effort alone sends a strong and positive mes-
sage about the importance of this relationship, said a manager. However, he also
stressed that undertaking such a review creates expectations that changes will be
made, so regular reports back to the business about what is being done to improve
things are especially important.
Building Block #3: interpersonal interaction
The business–IT relationship is shaped by the development of mutual understand-
ing, interests, and expectations, which are formed and shaped during a wide variety
of interpersonal interactions (Gold 2006). Business–IT interactions must be developed
and nurtured at many different levels in the business–IT relationship, said focus group
managers, and although CEO–CIO interactions can set the tone for the relationship, the
connections at multiple touch points contribute to its overall quality (Flint 2004; Prewitt
2005). The following are the four significant dimensions of interpersonal interaction:
• Professionalism. This is the unarticulated set of working behaviors, attitudes,
and expectations that serves as the glue that keeps teams of diverse individuals
working together toward the same goal. These behaviors are not only carefully
watched by the business, they are also just as important within IT, said the focus
group. Members noted that difficult internal IT relationships can lead to problems
delivering effective IT services. Five sets of attitudes and behaviors contribute to
developing IT professionalism: (1) comportment (i.e., appearance and manners on
the job), (2) preparation (i.e., displaying competence and good organization), (3)
communication skill (i.e., both clarity and etiquette), (4) judgment (i.e.,  the abil-
ity to make right choices for the organization), and (5) attitude (i.e.,  caring about
doing a job well and about doing the right thing for the company) (McKeen and
Smith 2008).
• Nontechnical communication. Over and over, research has found that the inabil-
ity to communicate clearly with the business in its own terms can undermine the
M04_MCKE0260_03_GE_C04.indd 66 12/3/14 8:36 PM

Chapter 4 • Effective Business–IT Relationships 67
business–IT relationship (Bassellier and Benbasat 2004; Kitzis and Gomolski 2006).
Today, because IT staff work across many organizational boundaries, they must
also be effective at translating and interpreting needs, not only from business to
technology and vice versa, but also between business units, in order to enable
members of different communities to understand each other (Wailgum 2008a).
Increasingly, as IT programs and services are delivered collaboratively by external
partners and to external partners, clarity in communication is becoming mission
critical.
• Social skills. The social dimension of the business–IT relationship is often
ignored by both sides, leading to misunderstandings and lack of trust (Day 2007).
Social bonds help diverse groups build trust and develop a common language,
both of which are essential to a strong relationship. Socialization also helps build
mutual understanding, enabling all parties to get comfortable with one another
and uncovering hidden assumptions, which may become obstacles to success
(Kaarst-Brown 2005). Socialization also develops empathy and facilitates problem
solving (Feeny and Willcocks 1998).
Unfortunately, many IT organizations are structured in ways that create barri-
ers between business and IT. For example, the use of “relationship managers” to act as
interfaces between IT and the business is a mixed blessing. Although individually, these
managers may be skilled and viewed positively by the business, focus group members
noted that their position often leads them to act as gatekeepers to the business. One
manager mentioned being hauled on the carpet to explain his lunch with a business
manager (a personal friend), which hadn’t been approved by the relationship manager!
“We need a broad range of social interactions with the business,” said another manager.
“We use account managers, but we also encourage interactions through such things
as lunches and social events.” Ongoing, face-to-face interaction is the ideal, but with
today’s virtual teams and global organizations, other forms of social interaction, such
as networking and collaboration tools, are being introduced to help bridge gaps in this
area. Social bonds can be created in a virtual environment, but these take longer and are
harder to develop although they are, if anything, more important than in a more tradi-
tional workplace (Greenberg et al. 2007).
• Management of politics and conflict. The business–IT relationship can be
turbulent, and IT personnel are not noted for their skills in dealing with the
conflicts and challenges involved. Furthermore, conflict and politics tend to
be exacerbated by the types of projects most commonly undertaken by IT—that
is, those that cross internal and external organizational boundaries (Weiss and
Hughes 2005). As a result, IT functions and personnel need ways to effectively
address conflict and use it to deliver creative solutions. All too often, conflict is
avoided or treated as a “hot potato” to be tossed up the management hierarchy
(Weiss and Hughes 2005). Straight talk and the development of a healthy give-
and-take attitude are fundamental to dealing with conflict at its source. Experts
also recommend the development of transparent processes for managing
disagreements and frank discussions of the trade-offs involved in dealing with
problems (Pascale et al. 1997). These not only help stop damaging escalation
and growing uncertainty but also help to model conflict-resolution skills for the
staff involved.
M04_MCKE0260_03_GE_C04.indd 67 12/3/14 8:36 PM

68 Section I • Delivering Value with IT
As well, failure to understand the role of politics in a particular organization
makes IT personnel less effective in their business interactions because they cannot craft
“win–win” solutions. Thus, all IT staff need to understand something about politics and
how they can affect their work. At more senior levels, it is imperative that IT profes-
sionals learn how to act “wisely and shrewdly in a political environment” (Kitzis and
Gomolski 2006). Since politics are part of every business relationship and cannot be
avoided, IT personnel must learn how to work with them, said focus group members,
even if they are trying to avoid them as much as possible.
sTreNgTheNiNg iNTerpersoNal iNTeraCTioNs
• Expect professionalism. IT managers must not only articulate professional values
and behaviors, they must also live them and measure and reward them in their
staff.
• Promote a wide variety of social interactions at all levels. Whether face-to-face
or virtual, sharing information about each other ’s background and interests is
an important way to bolster working relationships at all levels. Therefore, even
where formal relationship managers are in place, IT leaders should encourage all
IT staff to connect informally with their business colleagues. “Social interaction
facilitates quick problem ownership and resolution and helps to develop a com-
mon language,” said a focus group participant. Although the need for socializa-
tion increases as one moves up the organizational hierarchy, even at the lowest
levels staff should be expected to spend about 10 percent of their time in this type
of interaction (Kitzis and Gomolski 2006).
• Develop “soft skills” in IT staff. Although the need for interpersonal skills in IT
has never been greater, many companies still give their development short shrift,
preferring instead to stress technical competencies. In developing interpersonal
skills, formal training should be only one component. It is even more important
that IT managers take time to develop such skills in their staff through mentor-
ing and coaching. Many focus group members have implemented “soft” skills
development initiatives informally, but they have also admitted that the pressure
to be instantly productive often detracts from both business and IT participation
in them.
Building Block #4: Trust
Effective interpersonal interactions, a belief that the job at hand will get done and get
done right, and demonstrated business and technical competence are all required to
facilitate trust that IT can be a successful partner with the business. But even if these
are in place, proactive measures are still needed to actually build trust between the two
groups. In many firms, an underlying sense of distrust of IT as a whole remains:
IT’s processes are notoriously convoluted and bureaucratic, leaving the business
unsure of how to accomplish their business strategies with IT. From strategy
alignment to prioritization to budgeting and resourcing to delivering value to
managing costs, it must be clear that what IT is doing is for the benefit of the
enterprise, not itself. (McKeen and Smith 2008)
M04_MCKE0260_03_GE_C04.indd 68 12/3/14 8:36 PM

Chapter 4 • Effective Business–IT Relationships 69
The most important way to build trust at this level is through effective gover-
nance. The story of how one CIO managed to transform the business–IT relationship at
Farm Credit Canada illustrates its importance:
[At FCC, when Paul MacDonald became CIO], IT was considered a necessary
evil. Business people were afraid of it and wished it would just go away. . . .
[Transforming this relationship] was a very difficult and complex job—especially
for cross-functional processes. Clear responsibilities and accountabilities had to be
defined. . . . “It’s all about clarity of roles and responsibilities,” MacDonald said.
The new IT governance model was validated and refined through sessions with
key business stakeholders. “These sessions were important to demonstrate that we
weren’t just shuffling the boxes around in IT,” [MacDonald] said. . . . MacDonald
also made sure that the new model actually worked the way it was supposed to.
“There were cases where it didn’t . . . and with these, we made changes in our pro-
cesses.” He attributes his willingness to make changes where needed to his ability
to make the new model actually function the way it was supposed to. . . .
“Today, at FCC user satisfaction is very high and IT is seen as being indis-
pensable. . . . [MacDonald] stressed that it is important to review and refine the
new governance model continually.” “There were some things that just didn’t
work,” he said. “We are still constantly learning.” (Smith and McKeen 2008)
Effective governance should be designed to build common business goals and
establish a good decision-making process (Gerrard 2006). Mature processes in IT and
transparency about costs develop trust (Levinson and Pastore 2005; Overby 2005).
A  focus group manager stated succinctly, “[M]ore transparency equals fewer sur-
prises and you get transparency through governance.” Aspects of governance that
have enhanced trust in focus group organizations include integrated planning, defined
accountabilities, a clear picture of mandates and authorities, and clarity around how
work gets done.
Another focus group manager explained the importance of governance in this way:
In the past, we couldn’t break the trust barrier. Now, [with an effective governance
structure] we are more proactive and are fighting fewer fires. Our processes ensure proper
escalation and a new focus on value. In short, governance captures the value of a good
relationship and good fences make good neighbours.
Trust is essential for both superior performance and for developing the collabora-
tive relationships that lead to success (Greenberg et al. 2007). It is developed through
consistency, clear communication, willingness to tackle challenges, and owning up to
and learning from mistakes (Upton and Staats 2008). Both inconsistent messages to
stakeholders and inconsistent processes and standards can seriously undermine trust
(Galford and Drapeau 2003).
Nevertheless, it must be stressed that there is no optimal form of governance
(Gordon and Gordon 2002). The key is to develop a model of IT governance that
addresses the business’s expectations of its IT function. Thus, an IT organization can best
build trust if it clearly understands the organization’s priorities for IT and designs its
governance model to match (Guillemette et al. 2008).
M04_MCKE0260_03_GE_C04.indd 69 12/3/14 8:36 PM

70 Section I • Delivering Value with IT
sTreNgTheNiNg TrusT
• Design governance for clarity and transparency. IT leaders should assess how the
business views IT processes—from the help desk on up. It is important to recognize
that all processes play a very visible role in how IT is viewed in the organization
and that clear, effective, and fair processes are needed to break the “trust barrier”
between business and IT at all levels.
• Mandate the relationship. Although it may seem counterintuitive, companies
have had success from strictly enforcing relationship basics such as formal roles and
responsibilities, joint scorecards, and the use of common metrics. Such structural
measures can ensure that common expectations, language, and goals are developed
and met.
• Design IT for business expectations. Clearly understanding the primary value the
business wants IT to deliver can help IT understand how to focus its process and
governance models (see Appendix A).
Conclusion
There is clearly no panacea for a strong busi-
ness–IT relationship. Yet, the correlation
between a good relationship and the ability
to deliver value with IT makes it impera-
tive that leaders do all they can to develop
effective interpersonal and interfunctional
business–IT relations. It is unfortunately still
incumbent on IT leadership to take on the
bulk of this task, if only because it will make
IT organizations more effective. Business–IT
relationships are complex, with interactions
of many types, at many levels, and between
both individuals and across functional and
organizational entities. This chapter has not
only identified and explored what a strong
business–IT relationship should look like in
its many dimensions but also has described
the four major components needed to build
it: competence, credibility, interpersonal
skills, and trust. Unfortunately, business–IT
relationships still leave a lot to be desired in
most organizations. Recognizing that what it
takes to build a strong business–IT partner-
ship is also closely related to what is needed
to deliver IT value may help to focus more
attention on these mission-critical activities.
References
Anonymous. “Senior IT People Excluded from
IT Decision-Making.” Career Development
International 7, no. 6/7 (2002).
Bassellier, G., and I. Benbasat. “Business
Competence of Information Technology
Professionals: Conceptual Development and
Influence on IT-Business Partnerships.” MIS
Quarterly 28, no. 4 (December 2004).
Buchanan, L. “Sweat the Small Stuff.” Harvard Business
Review (April 2005). hbr.org/2005/04/sweat-the-
small-stuff/ar/1 (accessed March 10, 2011).
Day, J. “Strangers on the Train: The Relationship
of the IT Department with the Rest of the
Business.” Information Technology and People 20,
no. 1 (2007).
Feeny, D., B. Edwards, and K. Simpson.
“Understanding the CEO/CIO Relationship.”
MIS Quarterly 16, no. 4 (1992).
Feeny, D., and L. Willcocks. “Core IS Capabilities
for Exploiting Information Technology.”
Sloan Management Review 39, no. 3 (Spring
1998).
M04_MCKE0260_03_GE_C04.indd 70 12/3/14 8:36 PM

Chapter 4 • Effective Business–IT Relationships 71
Flint, D. “Senior Executives Don’t Always Realize
the True Value of IT.” Gartner Inc., ID Number:
COM-22-5499, June 21, 2004.
Galford, R., and A. Drapeau. “The Enemies of
Trust.” Harvard Business Review #R0302G
(February 2003).
Gerrard, M. “Three Critical Success Factors in the
Business/IT Relationship.” Gartner Inc., ID
Number: G00143352, October 18, 2006.
Gold, R. “Perception Is Reality: Why Subjective
Measures Matter and How to Maximize Their
Impact.” Harvard Business School Publishing
Balanced Scorecard Report (July–August 2006).
Gordon, S., and J. Gordon. “Organizational
Options for Resolving the Tension Between
IT Departments and Business Units in the
Delivery of IT services.” Information Technology
and People 15, no. 4 (2002).
Greenberg, P., R. Greenberg, and Y. Antonucci.
“Creating and Sustaining Trust in Virtual
Teams.” Business Horizons 50 (2007).
Guillemette, M., G. Paré, and H. Smith. “What’s
Your IT Value Profile?” Cahier du GReSI #08-04.
Montréal, Canada: HEC Montréal, November
2008.
Hurley, R. “The Decision to Trust.” Harvard
Business Review #R0609B (September 2006).
Joni, S. “The Geography of Trust.” Harvard
Business Review #R0403F (March 2004).
Kaarst-Brown, M. “Understanding an
Organization’s View of the CIO: The Role
of Assumptions About IT.” MIS Quarterly
Executive 4, no. 2 (June 2005).
Kitzis, E., and B. Gomolski. “IT Leaders Must
Think Like Business Leaders.” Gartner Inc., ID
Number: G00143430, October 26, 2006.
Levinson, M., and R. Pastore. “Transparency
Helps Align IT with Business.” CIO Magazine
(June 1, 2005).
Luftman, J., and T. Brier. “Achieving and
Sustaining Business–IT Alignment.” California
Management Review 41, no. 1 (Fall 1999).
Mahoney, J., and M. Gerrard. “IT Value
Performance Tools Link to Business–IT
Alignment.” Gartner Inc., ID Number:
G00152551, November 2, 2007.
McKeen, J., and H. Smith. IT Strategy in Action.
Upper Saddle River, NJ: Pearson-Prentice Hall,
2008.
Overby, S. “Turning IT Doubters into True
Believers: Executive Summary.” CIO Research
Reports (June 1, 2005).
Pascale, R., M. Millemann, and L. Gioja.
“Changing the Way We Change.” Harvard
Business Review (November–December 2007).
Pawlowski, S., and D. Robey. “Bridging User
Organizations: Knowledge Brokering
and the Work of Information Technology
Professionals.” MIS Quarterly 28, no. 4 (2004).
Prewitt, E. “The Communication Gap.” CIO
Magazine (June 1, 2005).
Ross, J. “Trust Makes the Team Go ‘Round.’”
Harvard Management Update 11, no. 6 (June
2006): 3–6.
Ross, J., and P. Weill. “Six IT Decisions Your IT
People Shouldn’t Make.” Harvard Business
Review #R0211F (November 2002).
Schindler, E. “What IT Can Learn from the
Marketing Department.” CIO Web 2.0 Advisor,
September 21, 2007. advice.cio.com/esther_
schindler/what_it_can_learn_from_the_mar-
keting_department (accessed March 10, 2011).
Smith, H., and J. McKeen. “Creating a Process-
Centric Organization at FCC: SOA from the
Top Down.” MIS Quarterly Executive 7, no. 2
(June 2008): 71–84.
Tallon, P., K. Kramer, and V. Gurbaxani.
“Executives’ Perceptions of the Business Value
of Information Technology: A Process-Oriented
Approach.” Journal of Management Information
Systems 16, no. 4 (Spring 2000).
Upton, D., and B. Staats. “Radically Simple IT.”
Harvard Business Review R0803 (March 2008).
Wailgum, T. “Why Business Analysts Are So
Important for IT and CIOs.” CIO Magazine
(April 16, 2008a).
Wailgum, T. “Eight Reasons Why CIOs Think
Their Application Developers Are Clueless.”
CIO Magazine (September 3, 2008b).
Weiss, J., and J. Hughes. “Want collaboration?
Accept—and Actively Manage—Conflict.”
Harvard Business Review #R0503F (March 2005).
M04_MCKE0260_03_GE_C04.indd 71 12/3/14 8:36 PM

72 Section I • Delivering Value with IT
Appendix A
The Five IT Value Profiles
Each of the following profiles is a unique way for IT to contribute to an organization.
One is not “better” than the other, nor is one profile more or less mature than any other.
Each represents a different, consistent way of organizing IT to deliver value. Each is
different in five ways: main activities, dominant skills and knowledge, the business–IT
relationship, governance and decision-making, and accountabilities.
Profile A: Project Coordinator
This type of IT function coordinates IT activities between the business and outsourc-
ers. Therefore, the primary value it delivers is organizational flexibility through the
IT outsourcing strategy it establishes and through promoting informed IT decision
making in the business units. The Project Coordinator function works with the busi-
ness units, helping them formalize their requirements, and then finds an outsourcer
to develop and implement what is needed. The Project Coordinator also manages
the relationships between vendors and business units, not only with the organiza-
tion’s current activities but also in planning for the future by developing strategic
partnerships.
Profile B: Systems Provider
The primary mission of the Systems Provider is to provide the organization with qual-
ity information systems at the lowest possible cost. Strategically, the Systems Provider
uses the organization’s business plans to set IT’s goals, prepare budgets, and determine
the resources needed to implement the organization’s strategy for the required systems
development projects.
Profile C: Architecture Builder
The primary mission of this type of IT function is to link the firm’s various business
units by integrating computerized systems, data, and technological platforms. The
Architecture Builder seeks to design a flexible architecture and infrastructure that will
meet the company’s needs. The architecture builder typically receives broad strategic
direction from the organization and designs an architecture and infrastructure with
which the organization can implement its strategy.
Profile D: Partner
The main objective of the Partner IT function is to create IT-enabled business capabili-
ties to support current business strategies. IT and the business collaborate to achieve a
two-way strategic alignment that is developed iteratively and reciprocally over time.
The Partner is a catalyst for change in business processes and seeks to improve organi-
zational efficiency. As guardian of the organization’s business processes, the Partner’s
mission therefore extends far beyond its technological tools.
M04_MCKE0260_03_GE_C04.indd 72 12/3/14 8:36 PM

Chapter 4 • Effective Business–IT Relationships 73
Profile E: Technological Leader
The Technological Leader tries above all to use innovation to transform the organiza-
tion’s strategy. IT’s main objective is therefore to identify opportunities, find innovative
organizational applications for technology that will enable the organization to secure a
significant competitive advantage, and then implement such applications.
Source: Guillemette et al. 2008.
Appendix B
Guidelines for Building a Strong Business–IT Relationship
The following was provided by a focus group member and is an excerpt from a com-
pany memo on improving the business–IT relationship.
Now more than ever, we must truly understand the business transformation
agenda. This will require us to potentially interact differently than in the past or in a
mode beyond what our executives may be looking for. We must
• Stop acting as and being viewed as order takers once IT projects have been
identified.
• Develop an understanding of business improvement ideas before they become ini-
tiatives or projects.
• Be prepared to offer alternative perspectives on business solutions.
• Be part of the strategic equation and have “feet on the street.”
• Engage early before ideas and issues turn into projects.
• Continue to shape the solution during pre-concept and concept phases.
To develop a relationship with the business units where we are viewed as a trusted
advisor and as adding value, we need to truly be part of their decision-making process
and team. We must ask ourselves the following questions:
• Are we considered a member of the business’s senior leadership team?
• Are we consulted before decisions are made or just asked to execute what has
already been decided?
• Are we involved in shaping the content of the strategic agenda not just its schedule?
Creating a consistent forum for one-on-one strategic interaction should allow us
to rise above the normal churn of issues, projects, or other regularly scheduled meet-
ings and be positioned to truly start understanding where our help is needed. Potential
short-term next steps include the following:
• Get invited to each business unit’s leadership team meetings.
• Schedule a monthly one to one strategy meeting with no set agenda.
M04_MCKE0260_03_GE_C04.indd 73 12/3/14 8:36 PM

74
C h a p t e r
5 Business–IT Communication1
1 This chapter is based on the authors’ previously published article, Smith, H. A., and J. D. McKeen. “How
to Talk so Business Will Listen . . . and Listen so Business Can Talk.” Communications of the Association for
Information Systems 27, Article 13 (August 2010): 207–16. Reproduced by permission of the Association for
Information Systems.
At an IT governance meeting, attended by all our business executives,
our IT architect was asked to discuss IT security and what steps
needed to be taken to improve it. The architect proceeded to bombard
the executives with extremely low-level details—an oversaturation of
information, which they did not understand—and he lost their attention
in very short order. What he did not do was deliver information in a
positive manner geared to his audience. As a result, there was diminished
business interest and understanding about this topic and a slowed-down
budget for needed upgrades, which also affected other projects.
—(Senior IT manager in a global retail organization)
As this true story illustrates, the ability to communicate with the business in busi-ness terms does not appear to be a current IT strength. This is a serious problem for IT managers because as IT and business grow more entwined, IT staff are
going to need to be increasingly organization savvy and possess greater business and
interpersonal competencies (Basselier and Benbasat 2004; Karlsen et al.; 2008; Mingay
2005). Yet, despite consistent complaints from both business and IT leaders about how
IT staff lack business and communication skills, it seems that many IT departments still
hire largely for technical competencies and have little budget available for “soft skills”
development (Cukier 2007). Problems communicating with business continue to play a
significant part in today’s poor perceptions of IT in organizations and inhibit what IT is
able to do for the organization (McKeen and Smith 2009). IT managers often bemoan the
fact that IT-based initiatives—for example, to implement new technologies or establish
M05_MCKE0260_03_GE_C05.indd 74 12/3/14 8:37 PM

Chapter 5 • Business–IT Communication 75
a standard infrastructure—which they believe could have significant benefits for their
organizations are not funded. Many of the reasons for this lie in IT’s inability to explain
the value of such investments in terms the business will understand.
In short, one of the most important skills all IT staff need to develop today is how
to communicate effectively with business. “Effective communication between IT . . . and
its stakeholders has never been so important . . . so complex or so difficult to get right.”
(Mingay 2005). Over and over, research has shown that if IT and business cannot speak
the same language, focus on the same issues, and communicate constructively, they
cannot build a trusting relationship (Karlsen et al. 2008). And business is consistently
more negative than IT about IT’s abilities in communicating effectively. In fact, even
while IT collaboration is improving, business’s assessment of IT’s communication skills
is declining (Willcoxson and Chatham 2004).
Much attention has been paid to organizational alignment between IT and
business (e.g., governance, structure), while very little has been paid to the nature
and impact of the social dimension of alignment, a big element of which involves
communication (Reich and Benbasat 2000). This chapter explores the business and
interpersonal competencies that IT staff will need in order to do their jobs effectively
over the next five to seven years and what companies should be doing to help develop
them. It begins by characterizing the state of communication in the business–IT rela-
tionship and why “good communication” is becoming increasingly important. Then,
it explores what is meant by “good communication” in this relationship and looks at
some of the inhibitors of effective communication between these groups. Finally, it dis-
cusses the key communication skills that need to be developed by IT staff and makes
recommendations for how organizations can improve or develop communication in the
business–IT relationship.
CommuniCation in the Business–it Relationship
“Poor communication is a constant source of irritation, confusion, and animosity,”
said one focus group manager. Another agreed: “So many of our IT staff don’t under-
stand organizational dynamics. They say and do things that would be completely
inappropriate anywhere else in our company.” There is general agreement between
practitioners and researchers that poor business–IT communication is the source
of poor relationships and alignment between these groups (Bittler 2008; Reich and
Benbasat 2000). One study noted:
Many IT people have “turned off” their business peers with too much techni-
cal jargon. This is one reason why the number of IT people that are “allowed” to
speak with business people has been deliberately limited in many organizations.
(Bittler 2008)
Communication is both an enabler and an inhibitor of a good business–IT
relationship. On one hand, poor communication tends to be persistent and of lasting
concern to practitioners (Coughlan et al. 2005). Often, IT personnel are perceived to
live in an “ivory tower,” disengaged from the needs of the business (Burton et al.
2008). Typically, these problems are described as a communication or a cultural “gap”
M05_MCKE0260_03_GE_C05.indd 75 12/3/14 8:37 PM

76 Section I • Delivering Value with IT
between the two groups and are considered a major cause of systems development fail-
ures (Coughlan et al. 2005; Reich and Benbasat 2000). “We struggle with communica-
tion gaps and challenges,” said a manager. “There’s a lot of IT arrogance we need to
deal with.” Another commented, “IT doesn’t listen and doesn’t talk the talk.”
On the other hand, there is broad recognition that good communication is essential
for many reasons. First, it is fundamental to building a strong, positive business–IT rela-
tionship. “When business people believe IT people ‘get it,’ the relationships are always
improved” (Bittler 2008). Second, it helps set sensible expectations of IT and helps IT to
manage how it is perceived in business (Day 2007). Third, it is an essential element of
building trust and partnership, which in turn help drive the delivery of business value
(McKeen and Smith 2012). Fourth, it is essential to conveying the business value of IT
(Hunter 2007). And finally, it is critical to understanding the priorities and pressures of
the business. Focus group managers spoke of the need for staff who would listen and look
for new opportunities to deliver business value. In short, good communication is widely
seen as being critical for IT to deliver successful projects, effective performance, and value
( Karlsen et al. 2008; Reich and Benbasat 2000; Willcoxson and Chatham 2004).
As a result, improving communication is increasingly recommended as a top pri-
ority for IT managers (Burton et al. 2008; Mingay 2005). Several managers stated that
they are working on building communication into their annual goals and into their
expectations of staff. What is missing, however, is a better understanding of the nature
of good business–IT communication and some of the obstacles IT managers face in
improving it (Coughlan et al. 2005). Thus, poor communication continues to be the
norm in most organizations (Pawlowski and Robey 2004).
What is “Good” CommuniCation?
Unfortunately, there is no magic formula for defining and teaching “good” communica-
tion since it is a complex concept that has many dimensions. There are, however, some
principles that are recognized as important elements of effective communication which
can be used as guidelines for those who wish to assess their communication performance.
• Principle 1: The effectiveness of communication is measured by its outcomes.
Communication is successful when it achieves the outcomes we desire (Gilberg 2006).
However, all too often we measure communication by our intentions rather than its out-
comes. The problem with that is this: “Communication is in the ear of the beholder,”
and even the most direct, clear, understandable, and consistent message can there-
fore get distorted through such filters as politics, culture, and personal points of
view. As messages get passed along to others, they get further distorted, much like
in the children’s game of “Telephone.” One study showed that although 97 percent of
managers believed their own communication was clear, only 25 percent of the same
people believed that the communication they received from their direct superior was
clear and effective (Martin 2006). Another study showed that IT managers feel their
communication is more effective than business managers feel it is (Willcoxson and
Chatham 2004).
• Principle 2: Communication is social behavior. Communication not only trans-
mits ideas but also negotiates relationships. Thus, how you say what you mean is
M05_MCKE0260_03_GE_C05.indd 76 12/3/14 8:37 PM

Chapter 5 • Business–IT Communication 77
just as important as what you say (Tannen 1995). This is an especially important
principle for IT staff to learn because, as teams become increasingly diverse and
virtual, many of the traditional nonverbal signals that we instinctively rely on to
provide meaning are lost. A host of factors act as a social subtext to our commu-
nication: tone of voice, rate of speed, degree of loudness, and pacing and pausing.
These are all culturally learned signals that affect how we evaluate each other as
people (Tannen 1995). Gender and culture are key social filters that all of us use.
For example, the degree of directness and indirectness in communication has often
been a source of significant misunderstandings. Women learn to be more indirect
when telling others what to do so as not to be perceived as “bossy”; men are indi-
rect when admitting to fault or weakness. In short, there is no one “right” way to
speak, but speakers and listeners need to become more aware of the power of dif-
ferent linguistic styles, and managers must learn to use and take advantage of these
styles in different communication situations (Tannen 1995).
• Principle 3: Shared knowledge improves communication. It is all too well known
that many IT people don’t “speak the language of the business.” As one manager
stated, “Many IT staff think they’ve ‘communicated’ by explaining a technology need
or a technology decision, instead of ensuring that everyone understands the business
implications of what’s involved.” Studies show that the more IT staff learns about
the business, the better communication becomes (Reich and Benbasat 2000). This is
true not only because IT people understand business better but also because shared
knowledge leads to increased frequency of communication and greater mutual under-
standing, both of which lead to more success in implementation, which in turn leads
to more communication and improved relationships (Reich and Benbasat 2000). Thus,
the creation of shared knowledge can be the beginning of a “virtuous circle” of con-
tinuously improving communication (see Figure 5.1).
• Principle 4: Mature organizations have better communication. Although commu-
nication is a social process, it is also embedded within and fundamental to organiza-
tional processes (Coughlan et al. 2005). Organizational maturity plays a significant
part in the effectiveness of business–IT communication because strong practices
support and reinforce good interpersonal communication. “You can’t be a part-
ner unless you’re a mature IT organization,” explained one manager. The research
supports this contention, showing that high-performing IT functions have a strong
foundation of communication (Peppard and Ward 1999; Reich and Benbasat 2000).
Thus, successful IT organizations embed appropriate communication in their pro-
cesses and consider this to be a significant component of IT’s work (Mingay 2005).
This work is even more important in times of organization transformation. “We are
quite good about communicating operationally,” said a manager, “but we need to
improve when talking with our business executives about strategy.” Another com-
mented, “we need better skills to move up the ‘run, change, innovate’ curve, and
we need the organizational maturity to do this.” The focus group identified some
of the areas where improved maturity could help communication: developing busi-
ness cases; assessing risk; integrating with the “big picture”; and communicating
across business silos. In short, although communication is often seen as an individ-
ual competency, it should be viewed and managed as an IT functional competency
at all levels.
M05_MCKE0260_03_GE_C05.indd 77 12/3/14 8:37 PM

78 Section I • Delivering Value with IT
oBstaCles to effeCtive CommuniCation
Why is it so difficult to achieve effective business–IT communication? The principles
haven’t changed much over time, but they have often not been applied, or they have
been forgotten or ignored as busy IT managers focus on tight timelines and major
deliverables (Mingay 2005). However, in addition to these considerations, some other
obstacles to effective communication can hinder or prevent communication from
occurring. These include the following:
• The changing nature of IT work. There is no question that IT work has become
more complex over time. Increasingly, IT staff are intermediaries between third-party
contract staff, global staff, or external stakeholders and vendors as well as tradi-
tional business users. When multiple cultures, different political contexts, diverse
time zones, and virtual relationships are added into the mix, communication simply
becomes more multifaceted and challenging. Furthermore, organizations are expect-
ing IT to do more for them. Transformation, innovation, or simply bigger and more
visible projects all require more communication than the norm and therefore more
management attention (Mingay 2005). “We must take a broader view of communi-
cation,” stated an IT manager. “And we need conversations at many levels.” Thus,
although IT may have adopted communication solutions that meet the needs of the
past, these are inadequate for present and future needs.
Shared Knowledge
Increased
Communication
Mutual Understanding
and “Common Sense”
THE VIRTUOUS
COMMUNICATION
CYCLE
Implementation
Success
fiGuRe 5.1 Shared Knowledge Leads to Improved Communication
M05_MCKE0260_03_GE_C05.indd 78 12/3/14 8:37 PM

Chapter 5 • Business–IT Communication 79
• Hiring practices. “IT organizations can no longer support smart, super-talented,
but socially disruptive people who cannot work well with a team or with the
business,” said one manager. The group concurred that IT skills are changing to
become more consultative and collaborative. Yet, frequently their organizations still
hire for technology skills, rather than the “softer” skills, such as communication,
which are essential for success these days. One study found that there is seri-
ous misalignment in hiring between “the skills needed for a job (which heavily
emphasize communication and general business skills . . . ) [and] the job require-
ments that are . . . advertised (which tend to emphasize formal technical training)”
(Cukier 2007).
• IT and business organization structures. A few years ago, many IT functions
attempted to deal with their communication problems by creating relationship
managers. These were skilled IT individuals whose job was to bridge the busi-
ness and IT organizations and thus act as a communication conduit between the
two groups. Unfortunately, relationship managers have become a mixed blessing
at best and an obstacle at worst, restricting contact between the two groups and
thereby limiting the development of shared knowledge and mutual understand-
ing. “Relationship managers appear to do more to exacerbate rather than amelio-
rate,” found one study (Coughlan et al. 2005). A focus group manager agreed, “You
can’t partner if your only contact is through a relationship manager.” Furthermore,
business silos can make communication about enterprise issues extremely chal-
lenging for IT staff, who can be expected to play a “knowledge broker” role, not
only between IT and business but also between business units (Pawlowski and
Robey 2004).
• Nature and frequency of communication. It’s a bit of a chicken-and-egg situa-
tion: More frequent contact with business leads to improved communication, but
IT’s communication is often so full of jargon, technocentric, and inappropriate that
many organizations have sought ways to limit the amount and nature of commu-
nication between the two groups. One study found that about one-third of IT staff
simply did not speak to the business at all (Basselier and Benbasat 2004). However,
some of the focus group stated that, even when they are not restricted, IT staff often
have trouble getting business to take the time to sit with them. Researchers have
pointed out that it is the sharing of tacit and unstructured knowledge, which takes
place in low-risk and informal settings, that contributes most to effective communi-
cation and mutual understanding (Basselier and Benbasat 2004; Dunne 2002; Kitzis
and Gomolski 2006). Limiting one’s focus to formal interactions (e.g., through IT
governance processes) has been shown to be the least effective way of communicat-
ing successfully (Dunne 2002).
• Attitude. Finally, IT’s attitude can be a huge obstacle to good communication. It
was surprising to hear this complaint from so many in the focus group. “Our IT
staff think their work is about IT. They don’t understand that we’re here to deliver
business value with technology,” one manager stated. One manager described IT
staff as “crotchety”; another as “obtuse”; and several stated IT staff are “defen-
sive.” It is not surprising that if this is the case, a negative attitude on the part of an
IT worker toward his or her work, business, or employer ends up being reflected
in communication and how it is perceived (McKeen and Smith 2012). In turn, this
can color how the communication is received (Anonymous 2005; Martin  2006).
M05_MCKE0260_03_GE_C05.indd 79 12/3/14 8:37 PM

80 Section I • Delivering Value with IT
Unfortunately as well, many IT staff are motivated by the desire to be right rather
than the desire to communicate effectively (Gilberg 2006). “We definitely need a
‘we’ attitude in IT,” said a manager, “not an ‘us–them’ attitude.”
Overcoming these obstacles will require a combination of management attention
to all dimensions of business–IT communication and the development of critical com-
munication skills in IT staff. The next two sections of this chapter address these issues.
“t-level” CommuniCation skills foR it staff
Although IT workers’ communication skills need upgrading, there is no one-size-fits-all
strategy for doing this (Kalin 2006). Nor do lists of communication competencies move
us much further forward in clarifying exactly what IT workers are doing wrong and what
needs to change in their communication style (see Appendix A for a sample list). It has
been suggested that as business becomes more complex, it really needs more T-shaped
professionals who are not only deep problem solvers in their home discipline but also
capable of interacting with and understanding others from a wide range of disciplines and
functional areas (Ding 2008). People possessing these skills are able to shape their knowl-
edge to fit problems and apply synergistic thinking (Leonard-Barton 1995). Unfortunately,
most IT organizations encourage I-shaped skills—that is, deep functional expertise. As a
result, the individual is driven ever deeper into his or her specialized set of skills (Leonard-
Barton 1995).
Developing T-shaped IT staff addresses the concern some in the focus group
expressed that emphasizing the development of “soft skills” could come at the expense
of the excellent technology skills still needed by the organization. “You don’t want
your staff becoming disconnected from their technological capabilities,” said one.
“Connecting the dots” between the group’s comments and the research on communica-
tion shows that four communication skills form the horizontal bar of the “T” for IT pro-
fessionals (the vertical one being the professionals’ technology skills and knowledge):
1. Translation. IT staff typically fail miserably at translating IT issues and con-
cerns into business impacts—as illustrated by the story at the beginning of this
chapter. Eliminating jargon is the first step. “Too often our IT population speaks
in nano-words and gigabits, instead of using the English language,” said a man-
ager. However, translation requires more than this because it requires the ability to
understand how IT initiatives will affect the business or deliver value to it. To com-
municate effectively about IT’s value, IT managers “must translate IT’s operational
performance into business performance . . . and drive home the message that all IT
initiatives are business initiatives” (Hunter 2007). It is not often recognized that IT
staff are effectively knowledge brokers and that translation is a critical part of their
work (Pawlowski and Robey 2004). As a result, bridging and translation skills are
still rare in IT, agreed the focus group.
The work involved in translation can be characterized as a four-step process
where IT staff move from the world of technology into the world of business to dis-
cuss problems in terms of business impact and possible business solutions and then
back into IT to translate these solutions into technological reality (see Figure 5.2). “In
the end,” said a manager, “we must be able to translate what the business knows
and wants into actionable IT proposals.”
M05_MCKE0260_03_GE_C05.indd 80 12/3/14 8:37 PM

Chapter 5 • Business–IT Communication 81
2. Tailoring. IT staff also need to adapt their communication to the needs of their
audience. This involves two skills. First, IT workers need to know their audience—
understanding their needs, their agendas, and their politics—so that they communicate
in ways the business needs and wants to hear (Burton et al. 2008). Second, all IT per-
sonnel need to know how to choose communication methods appropriately. For
example, bad news is best delivered in face-to-face meetings, not in reports or e-mails
(as some in the focus group reported); and presentations to executives are not the
place to expound on one’s technology expertise (Martin 2006).
3. Transparency. Transparency is a cornerstone of trust in the business–IT relation-
ship (Smith and McKeen 2007), and IT managers should not assume that success
speaks for itself. The business needs to see what is being done in IT and what it costs.
In fact, it has been suggested that transparency is the key to changing the business’s
perception of IT’s value (Levinson and Pastore 2005). At an individual level, one
member of the focus group defined transparency as communication that is “honest,
accurate, ethical, and respectful.” “We need honesty and openness,” stated another.
Transparency also means involving the right people in making decisions and recog-
nizing that the goal is to get the communication process flowing both ways (Burton
et al. 2008; Dunne 2002). Other ways to promote transparent communication include
checking assumptions, clarifying goals, stating intentions up front, and asking for
feedback on understanding (Dunne 2002; Gilberg 2006).
4. Thinking, talking, and listening. An important communication skill that is
increasingly valued by business is the ability to “think outside the box” and to
challenge the status quo, albeit diplomatically and responsibly. Focus group man-
agers suggested that IT staff need to think “horizontally” across the enterprise in
order to do what is best for the business. Communicating innovative ideas effec-
tively involves “getting inside the head of the business,” they explained. In the
future, the ideal IT manager will “think and talk like a business person with a
strong background in technology” (Kitzis and Gomolski 2006). Thinking, how-
ever, does not mean simply blurting out ideas; it means understanding how and
where to speak and how to listen to others. Learning to listen can be a challenge
Translation
Translation
BUSINESS IT
Business
Impact of
Technology
Issues
Business
Solutions
IT Solutions
Technology
Issues
fiGuRe 5.2 Communicating with Business Involves Translation
M05_MCKE0260_03_GE_C05.indd 81 12/3/14 8:37 PM

82 Section I • Delivering Value with IT
for IT staff who tend to be impatient with politics and the process of coming to a
solution that everyone can live with (Dunne 2002). Similarly, IT staff can underesti-
mate the importance of listening to nonverbal communication or the “noise” of the
context in which communication takes place (Anonymous 2005; Coughlan et al.
2005). In short, this skill involves more than simply “talking and waiting to talk”
but also incorporates a more sophisticated and nuanced awareness of the process of
communication, recognizing that how one reaches a decision is as important to the
success of communication as the actual decision itself.
impRovinG Business–it CommuniCation
The focus group managers were the first to admit that much more needs to be done in
their own organizations to improve communication between IT and the business at all
levels. However, they were also implementing a number of practices that they believed
would promote the development of good communication skills among their staff and
also as an IT function. Their recommendations included the following:
• Make the importance of effective communication visible. It is well accepted that if
you want people to pay attention to something, you need to measure and incentiv-
ize for it. Several managers felt that good communication skills should be expected
of every IT staff member. “These are now baseline expectations for us,” said one.
A  key way to get staff to pay attention is to incorporate communication skills into
performance appraisals. One company makes it clear that specialized “niche” skills
are more likely to be outsourced and that those who understand and can work with
the business are more likely to have a long-term career in its organization.
• Work with HR to develop new skills expectations and roles. Several firms are
incorporating specific communication competencies into staff role descriptions.
One is even trying to create jobs that have titles which reflect the types of com-
petencies needed, such as “senior business consultant,” “technology relationship
manager,” and “business technology specialist.” Another is trying to make it easier
for IT staff to transfer laterally into the business for a period of time.
• Develop communication skills both formally and informally. To support these new
expectations, some firms offer formal training in communication skills in areas such
as making presentations, communication styles, and negotiations. Incorporating com-
munication skills into personal development plans is one way some managers tailor
formal skills development for personal needs. However, the effectiveness of formal
training is “mixed,” said many managers, and some firms don’t offer it at all, or only
as part of management development. More informal approaches include mentoring,
lunch-and-learn sessions, and self-assessment tools.
• Increase the nature and frequency of communication. Although not an ini-
tiative of any of the focus groups, the research is clear that creating a “virtuous
communication cycle” starts with creating shared knowledge between the two
groups all levels. There are few “quick fixes” to the communication problem, but
the importance of regular communication between IT and business at all levels
cannot be overemphasized (Reich and Benbasat 2000). Wherever possible, prior-
ity should be given to informal communication and social interaction as these are
the best ways to build up shared language and understanding (Burton et al.; 2008;
M05_MCKE0260_03_GE_C05.indd 82 12/3/14 8:37 PM

Chapter 5 • Business–IT Communication 83
Dunne 2002). These types of interactions are particularly important when face-to-
face communication is irregular or impossible (Greenberg et al. 2007). Recognizing
this, one company that makes extensive use of global, virtual teams encourages
socialization, and even virtual parties, through its social networking technologies.
• Spend more time on communication. Most important, IT leaders at all levels need to
spend more time on communication—not only in what and how they communicate
personally but, rather, in learning how their staff and organizations communicate.
They need to seek out and remove obstacles to communication, coach their staff,
become sensitized to their organization’s communication processes (both formal
and informal), and do whatever it takes to develop a shared understanding and
language with the business. Although the initial investment of time may be high, it
is certain to pay off in terms of an improved relationship with business and greater
perceptions of IT value.
Conclusion
“What we have here is a failure to commu-
nicate” is a famous (and sarcastic) movie
quote that is nevertheless an extraordinarily
accurate description of the business–IT rela-
tionship. Although many words and docu-
ments may flow between the two groups,
it is fair to say that often little true commu-
nication is occurring. This has resulted in
misunderstandings, dysfunctional behavior,
and, above all, a failure to deliver value to
the organization. This chapter has examined
the difficult and complex challenges facing
IT leaders as they attempt to improve their
function’s communication with the business.
It demonstrated that good communication
has both social and organizational dimen-
sions, both of which need to be appropri-
ately managed. It also showed that there is
a “virtuous circle” of communication, which
is associated with improved IT performance
and perceptions of IT value. In short, good
communication is important to the success-
ful implementation of IT in business, and
developing it is therefore worth more time
and attention than most managers currently
pay to it. This chapter has focused on the IT
side of the communication equation—since
it is usually held to be the culprit in the
sometimes nasty war of words that ranges
back and forth between the two groups.
There is much that can be done within IT to
improve communication skills—without los-
ing technology capabilities—but it neverthe-
less behooves business managers to explore
ways in which they can assist IT in doing
this. Most important, they can make the time
and effort to ensure that IT staff are well edu-
cated in how their business works. If they do,
business leaders just might find that many of
IT’s “communication problems” disappear.
References
Anonymous. “The Tone of Communication.” CIO
Magazine (July 8, 2005).
Basselier, G., and I. Benbasat. “Business Competence
of Information Technology Professionals:
Conceptual Development and Influence on
IT–Business Partnerships.” MIS Quarterly 28, no.
4 (December 2004).
Bittler, R. “Align Enterprise Architecture to the Top
2008 CIO Priorities.” Gartner Inc., ID Number:
G00159369, September 2, 2008.
M05_MCKE0260_03_GE_C05.indd 83 12/3/14 8:37 PM

84 Section I • Delivering Value with IT
Burton, B., D. Weiss, and P. Allega. “Q&A:
Architects Must Advocate, Evangelize and
Educate.” Gartner Inc., ID Number: G00155902,
March 11, 2008.
Coughlan, J., M. Lycett, and R. Macredie.
“Understanding the Business–IT Relationship.”
International Journal of Information Management
24, no. 4 (2005).
Cukier, W. “Diversity—The Competitive Edge:
Implications for the ICT Labour Market.”
Information and Communications Technology
Council, Ottawa, Canada, March 2007.
Day, J. “Strangers on the Train: The Relationship
of the IT Department with the Rest of the
Business.” Information Technology & People 20,
no. 1 (2007).
Ding, David. “T-Shaped Professionals, T-Shaped
Skills, Hybrid Managers.” Coevolving
Innovations in Business Organizations and
Information Technologies, September 6, 2008.
coevolving.com/blogs/index.php/archive/t-
shaped-professionals-t-shaped-skills-hybrid-
managers.
Dunne, D. “Q&A with the Wharton School’s
Richard Shell: Communication.” CIO Magazine
(March 1, 2002).
Gilberg, D. “A CIO’s Guide to Communication
Basics.” CIO Magazine (June 14, 2006).
Greenberg, P., R. Greenberg, and Y. Antonucci.
“Creating and Sustaining Trust in Virtual
Teams.” Business Horizons 50 (2007).
Hunter, R. “Executive Summary: Business
Performance Is the Value of IT.” Gartner Inc.,
ID Number: G00148820, April 1, 2007.
Information and Communications Technology
Council (ICTC). ICT Competency Profiles:
A Framework for Developing Tomorrow’s ICT
Workforce. Ottawa, Canada: ICTC. www.ictc-
ctic.ca, 2009.
Leonard-Barton, D. Wellsprings of Knowledge:
Building and Sustaining the Sources of Innovation.
Boston: Harvard Business School Press, 1995.
Kalin, S. “Tools and Tactics for Communicating
IT’s Value to the Business.” CIO Magazine
(August 1, 2006).
Karlsen, J., K. Graee, and M. Massaoud. “Building
Trust in Project-Stakeholder Relationships.”
Baltic Journal of Management 3, no. 1 (2008).
Kitzis, E., and B. Gomolski. “IT Leaders Must
Think Like Business Leaders.” Gartner Inc., ID
Number: G00143430, October 26, 2006.
Levinson, M., and R. Pastore. “Transparency
Helps Align IT with the Business.” CIO
Magazine (June 1, 2005).
Martin, C. “Check What Was Heard, Not What
Was Said.” CIO Magazine (December 28, 2006).
McKeen, J., and H. Smith. IT Strategy in Action.
Upper Saddle River, NJ: Pearson-Prentice Hall,
2009.
McKeen, J., and H. Smith. IT Strategy: Issues and
Practices. Upper Saddle River, NJ: Pearson-
Prentice Hall, 2012.
Mingay, S. “Effective Communication Between IT
Leaders and Stakeholders Must Be Structured
and Contextual.” Gartner Inc., ID Number:
G00130023, 2005.
Pawlowski, S., and D. Robey. “Bridging User
Organizations: Knowledge Brokering
and the Work of Information Technology
Professionals.” MIS Quarterly 28, no. 4
(December 2004).
Peppard, J., and J. Ward. “Mind the Gap: Diagnosing
the Relationship Between the IT Organization
and the Rest of the Business.” Journal of Strategic
Information Systems 8, no. 2 (1999).
Reich, B., and I. Benbasat. “Factors That Influence
the Social Dimension of Alignment Between
Business and Information Technology
Objectives.” MIS Quarterly 24, no. 1 (March 2000).
Smith, H., and McKeen, J. “Managing Perceptions
of IS.” Communications of the Association for
Information Systems 20, Article 47 (November
2007): 760–73.
Tannen, D. “The Power of Talk: Who Gets
Heard and Why.” Harvard Business Review
(September–October 1995).
Willcoxson, L., and R. Chatham. “Progress in
the IT/Business Relationship: A Longitudinal
Assessment.” Journal of Information Technology
19, no. 1 (March 2004).
M05_MCKE0260_03_GE_C05.indd 84 12/3/14 8:37 PM

Chapter 5 • Business–IT Communication 85
Appendix A
IT Communication Competencies
Level 1
Listens and clearly presents information
• Listens/pays attention actively and objectively (Persons with hearing impairments may lip-read.)
• Presents information and facts in a logical manner, using appropriate phrasing and vocabulary
• Shares information willingly and on a timely basis
• Communicates with others honestly, respectfully, and sensitively
• Recognizes and uses nonverbal communications
Level 2
Fosters two-way communication
• Recalls others’ main points and takes them into account in own communication
• Checks own understanding of others’ communication (e.g., paraphrases, asks questions)
• Elicits comments or feedback on what has been said
• Maintains continuous, open, and consistent communication with others, considering nonverbal
messaging as required
Level 3
Adapts communication
• Tailors communication (e.g., content, style, and medium) to diverse audiences
• Reads cues from diverse listeners to assess when and how to change planned communication
approach to effectively deliver message
• Communicates equally effectively with all organizational levels and sells ideas and concepts
• Understands others’ complex or underlying needs, motivations, emotions, or concerns and
communicates effectively despite the sensitivity of the situation
Level 4
Communicates complex messages
• Communicates complex issues clearly and credibly with widely varied audiences
• Handles difficult on-the-spot questions (e.g., from senior executives, public officials, interest
groups, or the media)
• Reads nonverbal communications signs and adapts materials and approach as required
• Overcomes resistance and secures support for ideas or initiatives through high-impact
communication
Level 5
Communicates strategically
• Scans the environment for key information and messages to form the development of com-
munication strategies
• Communicates strategically to achieve specific objectives (e.g., considers optimal “messaging”
and timing of communication)
• Uses varied communication vehicles and opportunities to promote dialogue and develop shared
understanding and consensus
Reproduced by permission of the Information and Communications Technology Council (ICTC) of Canada
www.ictc-ctic.ca
M05_MCKE0260_03_GE_C05.indd 85 12/3/14 8:37 PM

86
C h a p t e r
6 Effective IT Leadership1
1 This chapter is based on the authors’ previously published article, Smith, H. A., and J. D. McKeen. “Building
Better IT Leaders: From the Bottom Up.” Communications of the Association for Information Systems 16, article 38
(December 2005): 785–96. Reproduced by permission of the Association for Information Systems.
For IT to assume full partnership with the business, it will have to take
a leadership role on many vital organizational issues. . . . This leadership
role is not the exclusive prerogative of senior executives—it is the duty
of all IT employees. Effective leadership has enormous benefits. To realize
these benefits, leadership qualities should be explicitly recognized,
reinforced, and rewarded at all levels of the IT organization. This only
happens when a concerted effort is made to introduce leadership activities
into the very fabric of the IT organization. Leadership is everyone’s job.
(McKeen and Smith 2003)
This quote, taken from a book we published several years ago, remains as true today as it was then. But a lot has happened in the interim. Chiefly, in the chaotic business conditions of late, IT leadership development got sidetracked. The
dot-com boom and bust soured many companies on the top-line potential of IT and
refocused most CIOs on developing strong processes to ensure that IT’s bottom line
was kept under control (Roberts and Mingay 2004). But the wheel has turned yet again,
and there is now renewed emphasis on how IT can help the organization achieve com-
petitive differentiation and top-line growth (Korsten 2011).
The many new challenges facing IT organizations today—achieving busi-
ness growth goals, enterprise transformation, coping with technical and relationship
complexity, facilitating innovation and knowledge development, and managing an
increasingly mobile and virtual workforce—call for strong IT leadership. Unfortunately,
few IT leadership teams are well equipped for the job (Kaminsky 2012; Mingay et al.
M06_MCKE0260_03_GE_C06.indd 86 12/3/14 8:38 PM

Chapter 6 • Effective IT Leadership 87
2004). Traditional hierarchical structures with command-and-control leadership are not
only ineffective, but they also can actually become a barrier to the development of a
high-performance IT department (Avolio and Kahai 2003). New communications tech-
nologies are enabling new ways of leading and empowering even the most junior staff
in new ways. These factors are all bringing senior IT managers around to a new appre-
ciation of the need to build strong IT leaders at all levels of their organization.
This chapter looks first at the increasing importance of leadership in IT and how it
is  changing over time. Next, it examines the qualities that make a good IT leader. Then it
looks at how companies are trying to develop better IT leaders at all levels in their organiza-
tions. Finally, it outlines the value proposition for investing in IT leadership development.
The Changing Role of The iT leadeR
The death of the traditional hierarchical organizational structure and top-down com-
mand-and-control leader has been predicted for more than two decades (Bennis and
Nanus 1985), but it’s dying a slow and painful death. Although much lip service is paid
to the need for everyone in IT to be a leader, the fact remains that the traditional style of
leadership is still very much in evidence, especially in large IT organizations.
There appear to be at least three reasons for this. First, until now, there has been
very little pressure to change. As one manager pointed out, “We’ve been focusing on
centralizing our IT organization in the last few years, and centralized decision making
is inconsistent with the philosophy of ‘Everybody leads.’” Those IT managers strug-
gling with the complexities engendered by nonstandard equipment, nonintegrated
systems, and multiple databases full of overlapping but inconsistent data can be for-
given if this philosophy suggests the “Wild West” days of IT, when everyone did their
own thing.
Second, the organizations within which IT operates are largely hierarchical as
well. Their managers have grown up with traditional structures and chains of com-
mand. They are comfortable with them and are uncomfortable when they see parts of
their organization (e.g., IT) behaving and being treated differently by their CEO (Feld
and Stoddard 2004). Senior management may, therefore, pressure IT to conform to the
ways of the rest of the firm. This situation has recently become exacerbated by new
compliance regulations (e.g., Sarbanes–Oxley, privacy legislation) that require hierar-
chical accountability and severely limit flexibility. Third, many senior executives—even
within IT—find it difficult to relinquish control to more junior staff because they know
they still have accountability for their results. Keeping a hands-on approach to leader-
ship, they believe, is the only way to ensure work gets done right.
However, in spite of the remarkable tenacity of the hierarchical organization,
there are signs that traditional leadership modes in IT are now in retreat, and there is
a growing recognition that IT organizations must do a better job of inculcating leader-
ship behaviors in all their staff (Bell and Gerrard 2004; Kaminsky 2012). There are some
very practical reasons all IT staff are now expected to act as leaders, regardless of their
official job titles:
• Top-line focus. CEOs are looking for top-line growth from their organizations
(Korsten 2011). New technologies and applications largely drive the enterprise
differentiation and transformation efforts that will deliver this growth. Strong IT
M06_MCKE0260_03_GE_C06.indd 87 12/3/14 8:38 PM

88 Section I • Delivering Value with IT
leadership teams are needed to take on this role in different parts of the organi-
zation and at different levels. They can do this effectively only by sharing clear
goals and direction, understanding business strategy, and having the requisite
“soft” skills to influence business leaders (Roberts and Mingay 2004; Weiss and
Adams 2011).
• Credibility. No IT leadership initiatives within business will be accepted unless
IT  is consistently able to deliver results. This aspect of leadership is often called
“management” and is considered somewhat less important than transformational
aspects of leadership, but IT’s credentials in the latter rest solidly on the former
(Bouley 2006; Mingay et al. 2004). No business organization will accept IT  leadership
in other areas unless it has demonstrated the skills and competencies to consistently
deliver on what it says it will do. Furthermore, distinguishing between leadership
and management leads to a dysfunctional IT organization. “Managers who don’t
lead are boring [and] dispiriting, [whereas] leaders who don’t manage are distant
[and] disconnected” (Mintzberg 2004). We have too often forgotten that top-level
leaders are developed over time from among the rank and file, and that is where
they learn how to lead.
• Impact. There is no question that individuals within IT have more opportuni-
ties to affect an organization, both positively and negatively, than others at similar
levels in the business. The focus group felt that this fact alone makes it extremely
important that IT staff have much stronger organizational perspectives, decision-
making skills, entrepreneurialism, and risk-assessment capabilities at lower levels.
Today, because even small decisions in IT can have a major impact on an organiza-
tion, it is essential that a CIO be confident that his or her most junior staff have the
judgment and skills to take appropriate actions.
• Flexibility. Increasingly, IT staff and organizations are expected to be responsive
to rapidly changing business needs and help the enterprise compete in a highly
competitive environment. This situation requires IT staff to have not only the tech-
nical skills required to address a variety of needs, but also the ability to act in the
best interests of the organization wherever opportunities arise. “We are no longer
order takers in IT,” stated one manager. “All our staff are expected to do the right
things for our firm, even when it means saying ‘no’ to senior business manage-
ment.” Similarly, doing the right things involves being proactive. These actions take
significant amounts of organizational know-how to pull off—leadership skills that
rank-and-file IT staff are not noted for at present.
• Complexity. The responsibilities of IT have grown increasingly complex over
the past two decades (Smith and McKeen 2012). Not only is IT expected to be a
high- performance organization, it is also expected to offer change and innovation
leadership, interact with other organizations to deliver low-cost services, chart a
path through ever-growing new technology offerings, and offer content leadership.
The complexity of the tasks, relationships, knowledge, and integration now needed
in IT means that leadership cannot rest in the hands of one person or even a team.
Instead, new ways of instilling needed skills and competencies into all IT staff must
be found.
• New technology. Smartphones, collaboration tools, instant messaging, and
social media are all changing how leaders work—especially in IT. Increasingly,
staff are virtual or mobile and their interactions with their managers are mediated
M06_MCKE0260_03_GE_C06.indd 88 12/3/14 8:38 PM

Chapter 6 • Effective IT Leadership 89
by technology. At the same time, IT staff have much greater access more quickly
to the same information as their managers. New technologies change how infor-
mation is acquired and disseminated, how communication takes place, and how
people are influenced and decisions made. Traditional forms of control are, thus,
increasingly ineffective (Avolio and Kahai 2003).
All of these factors are driving the need to push leadership skills and compe-
tencies further down in the IT organization. Traditional hierarchies will likely remain
in place to define authority and accountability, and leadership is likely to become
increasingly situational—to be exercised as required by tasks and conditions (Bell and
Gerrard 2004; Kaminsky 2012). With the demands on IT projected to be ever greater in
the next decade, the need for more professional and sophisticated IT leadership is also
greater than ever before (Korsten 2011). In fact, many believe that IT leadership will
determine “which [IT] organizations disappear into the back office of utility services
and which ones build companywide credibility and drive business growth and ability”
(Mingay et al. 2004).
WhaT Makes a good iT leadeR?
In many ways the qualities that make a good IT leader resemble those that make any
other good leader. These can be divided into two general categories:
1. Personal mastery. These qualities embody the collection of behaviors that deter-
mine how an individual approaches different work and personal situations. They
include a variety of “soft” skills, such as self-knowledge, awareness of individual
approaches to work, and other personality traits. Most IT organizations include
some form of personal mastery assessment and development as part of their man-
agement training programs. Understanding how one relates to others, how they
respond to you, and how to adapt personal behaviors appropriately to different sit-
uations is a fundamental part of good leadership. One company’s internal leader-
ship document states, “Leaders must exercise self-awareness, monitor their impact
on others, be receptive to feedback, and adjust to that feedback.” “The higher up
you get in IT, the greater the need for soft skills,” claimed one member. Another
noted the positive impact of this type of skills development: “It’s quite evident
who has been on our management development program by their behaviors.” An
increasingly important component of this quality for IT staff is personal integrity—
that is, the willingness to do what you say you are going to do—both within IT and
with external parties such as users and vendors.
2. Leadership skill mastery. These qualities include the general leadership skills
expected of all leaders in organizations today, such as motivation, team building,
collaboration, communication, risk assessment, problem solving, coaching,
and mentoring. These are skills that can be both taught and modeled by current
leaders and are a necessary, but not sufficient, component of good IT leadership
(Bouley 2006).
However, good IT leaders are required to have a further set of skills that could
be collectively called “strategic vision” if they are going to provide the direction and
deliver the impact that organizations are expecting from IT. Because this is a “soft skill,”
M06_MCKE0260_03_GE_C06.indd 89 12/3/14 8:38 PM

90 Section I • Delivering Value with IT
there is no firm definition of this quality, but several components that help to develop
this quality at all levels in IT can be identified, including the following:
• Business understanding. It should go without saying that for an IT leader to have
strategic vision, he or she should have a solid understanding of the organization’s
current operations and future direction. This is well accepted in IT today, although
few IT organizations have formal programs to develop this understanding. Most
IT staff are expected to pick it up as they go along, mostly at the functional busi-
ness process level. This may be adequate at junior levels, but being able to apply
strategic vision to a task also involves a much broader understanding of the larger
competitive environment, financial management, and marketing. “Our customers
are now our end users. With our systems now reaching customers and reaching out
horizontally in the organization and beyond, IT staff all need a broader and deeper
appreciation of business than ever before,” said one manager.
• Organizational understanding. A key expectation of strategic vision in IT is enter-
prise transformation (Korsten 2011; Mingay et al. 2004). This involves more than
just generating insights into how technology and processes can be utilized to cre-
ate new products and services or help the organization work more effectively; it
also involves the effective execution of the changes involved. IT professionals have
long known that technology must work in combination with people and processes
to be effective. This is why they are now expected to be experts in change man-
agement (Kaminsky 2012). But being able to drive transformation forward involves
a number of additional skills, such as political savvy (to overcome resistance and
negative influences), organizational problem solving (to address conflicting stake-
holder interests), effective use of governance structures (to ensure proper support
for change), and governance design (to work with partners and service providers)
(Bell and Gerrard 2004; Kim and Maugorgne 2003; Raskino et al. 2013). Because IT
people come from a technical background and their thinking is more analytical, they
typically do not have strong skills in this area and need to acquire them.
• Creating a supportive working environment. Most IT work is done in teams.
Increasingly, these teams are virtual and include businesspeople, staff from ven-
dor companies, and members from different cultures. Motivating and inspiring
one’s colleagues to do their best, dealing with relationship problems and conflicts,
and making decisions that are consistent with the overall goals of the organiza-
tion and a particular initiative are the job of every IT staff member. Since much
leadership in a matrixed organization such as IT is situational, an IT professional
could be a leader one day and a follower the next. Thus, that person must know
how to create a work environment that is characterized by trust, empowerment,
and accountability. This involves clear communication of objectives, setting the
rules of engagement, developing strong relationships (sometimes virtually), and
providing support to manage risks and resolve issues (Bell and Gerrard 2004;
Kaminsky 2012; Light 2013).
• Effective use of resources. A good IT leader knows how to concentrate scarce
resources in places where they will have the biggest payoff for the organization.
This means not only making use of processes and tools to stretch out limited staff
but also understanding where resources should not be used (i.e., saying “no”).
In the longer term, using resources wisely may mean using job assignments and
M06_MCKE0260_03_GE_C06.indd 90 12/3/14 8:38 PM

Chapter 6 • Effective IT Leadership 91
budgets to enhance people’s capabilities, identifying and developing emergent
leaders, and using reward and recognition programs to motivate and encour-
age staff (Anonymous 2004). Unfortunately, IT staff have often been spread too
thinly, underappreciated, and not given time for training. Good IT leaders value
their people, run interference for them when necessary, and work to build “bench
strength” in their teams and organizations.
• Flexibility of approach. A good IT leader knows where and how to exercise
leadership. “Skill mastery must be complemented with the ability to know when
and where particular behaviors/skills are required and . . . how they should be
deployed” (McKeen and Smith 2003). Even though this is true in all parts of the
organization, leadership in IT can be a rapidly shifting target for two reasons. First,
IT staff are well-educated, well-informed professionals whose opinions are valu-
able. “Good IT leaders know when to encourage debate and also when to close it
down,” said a manager. Second, the business’s rapid shifts of priority, the changing
competitive and technical environment, and the highly politicized nature of much
IT work mean that leaders must constantly adjust their style to suit a dynamic
topography of issues and priorities. “There is a well-documented continuum of
leadership styles. . . . The most appropriate style depends on the enterprise style and
the business and strategic contexts” (Roberts and Mingay 2004).
• Ability to gain business attention. A large component of IT leadership is
focused not on the internal IT organization but outward toward all parts of the
business. One of the biggest challenges for today’s IT leaders is the fact that the
focus of their work is more on business value than on technology (Korsten 2011).
The ability to motivate business executives, often in more senior positions, lead
business transformation, and gain and maintain executive attention is central to
establishing and maintaining IT credibility in an organization (Kaminsky 2012;
McDonald and Bace 2004). A good IT leader knows how to position his or her
contribution in tangible, business terms; how to interact with business lead-
ers; and how to guide and educate them about the realities of IT use. “Bringing
value to the business is a very important trend in IT leadership,” stated one
participant.
IT leaders will need more or fewer of these qualities, depending on the scope and
type of their work. Obviously, IT staff responsible for sourcing will need a different mix
of these skills than will those with an internal IT focus or those with a business focus.
Leadership Styles Vary According to the Degree
of Involvement of Team Members
• Commanding. “Do what I tell you.”
• Pacesetting. “Do as I do now.”
• Visionary. “Come with me.”
• Affiliate. “People come first.”
• Coaching. “Try this.”
• Democratic. “What do you think?”
(after Roberts and Mingay 2004)
M06_MCKE0260_03_GE_C06.indd 91 12/3/14 8:38 PM

92 Section I • Delivering Value with IT
They will also be more important the higher one moves in the management hierarchy.
Nevertheless, these are skills that IT organizations should endeavor to grow in all their
staff from the most junior levels. Since these skills take time and practice to develop
and are in increasing demand, senior IT managers should put concrete plans in place to
ensure that they will be present when needed.
hoW To Build BeTTeR iT leadeRs
Everyone agrees that fostering leadership skills throughout all levels of IT is important
to IT’s future effectiveness (Bell and Gerrard 2004; Kaminsky 2012; Mingay et al. 2004;
Mintzberg 2004). However, the reality is that leadership development is very hit and
miss in most IT organizations. Many formal leadership courses have been cut or scaled
back substantially because of cost-control initiatives. When offered, most IT leadership
programs limit attendance to managers. Few organizations have articulated a com-
prehensive program of leadership development that includes other initiatives besides
training.
Leadership development in IT is not as simple as sending a few handpicked indi-
viduals on a training course. In fact, formal training may be one of the least effective
(and most expensive) aspects of building better IT leaders (Kesner 2003). Any compre-
hensive leadership development program has three layers (see Figure 6.1). The first,
most important, and probably the most difficult one is an environment within which
leaders at all levels can flourish. It is often suggested that leaders, like cream, will natu-
rally rise to the top regardless of the conditions in which they work. The reality is that
more and better leaders are created when organizations have a supportive process for
developing them that is widely understood. What’s needed is “a culture that nurtures
talented managers, rather than one that leaves them to struggle through a Darwinian
survival game” (Griffin 2003). There is general agreement on what constitutes this type
of culture:
A Supportive
Environment
Processes
and Practices
Formal
Training
figuRe 6.1 Effective Leadership Development Involves More then Training
M06_MCKE0260_03_GE_C06.indd 92 12/3/14 8:38 PM

Chapter 6 • Effective IT Leadership 93
• Well-articulated and instantiated values. Values guide how staff should behave
even when their managers aren’t around. They provide a basis for sound decision
making (IBM 2012; Stewart 2004). “If you’re going to push leadership down in the
organization, you have to push values down as well,” stated one manager. Others
noted that senior IT leadership should primarily be about forming and modeling
values, not managing tasks. Values are especially important now that staff are more
mobile and virtual (Cascio and Shurygailo 2003; IBM 2012). A strong value system
is crucial to bringing together and motivating a large, diverse workforce and help-
ing staff act in ways that support the company’s brand and values. Unfortunately,
although many organizations have values, they are often out of date or not mod-
eled by management (Stewart 2004).
• A climate of trust. Trust that management means what it says about values and
leadership development must be established early in any program. Trust is estab-
lished by setting expectations and delivering results that meet or exceed those
expectations. By sending clear messages to staff and exhibiting positive attitudes
about staff behavior, senior IT managers will help people feel they can begin to
take some risks and initiatives in their work (Cascio and Shurygailo 2003). If
people feel their culture is based on fair processes and that they can draw lessons
from both good and bad results, they will start to respond with the type of high
performance and leadership behaviors that are expected (Kim and Maugorgne
2003). Conversely, senior managers must take steps to weed out counterpro-
ductive behaviors, such as poor collaboration, that will undermine this climate
(Roberts and Mingay 2004).
• Empowerment. Empowerment thrives in a climate of trust, but leaders need to
deliberately encourage it as well. In IT one of the most important ways to do this
is to create mechanisms to support staff’s making difficult decisions. One company
recognized this by explicitly making “We’ll support you in doing the right things”
a central element in revamping its leadership promise. To make it real and visible,
the company established a clear process for junior staff to resolve potential con-
flicts with users about disagreements on what is “the right thing.” Furthermore,
they have established committees to help manage the risks involved in IT work,
get at the root cause of recurring issues, and protect the promises made to business
partners. Such processes, in conjunction with values and trust, create a manage-
ment system that empowers people and frees them to make appropriate decisions
(Stewart 2004). By staying connected with staff as teachers, coaches, champions,
and mentors, more senior leaders help more junior staff to take “intelligent risks”
and sponsor initiative (Light 2013; Taurel 2000).
• Clear and frequent communication. As with other types of change, one cannot
communicate too much about the need to create an environment to foster leader-
ship. “In spite of all we know about communication, it’s still one of our biggest
leadership gaps,” said a participant. Open, two-way communication is the hall-
mark of modern leadership. Leaders and followers are gradually learning how
to effectively use the electronic nervous system that now runs through all orga-
nizations (Avolio and Kahai 2003). Use of information technology and multiple
channels is now the norm, and redundancy is advisable because of the increased
opportunities for miscommunication in the virtual world. Senior executives
are using IT to communicate interactively with their most junior staff (Stewart
M06_MCKE0260_03_GE_C06.indd 93 12/3/14 8:38 PM

94 Section I • Delivering Value with IT
2004). One company has established an “Ask Phil” e-mail whereby any member
of IT can direct questions to the CIO. Leadership is about developing relation-
ships with people. It engages them and helps direct them to a particular goal.
Learning to leverage all conduits of communication to build and sustain an array
of relationships is, therefore, central to becoming an effective IT leader (Avolio
and Kahai 2003).
• Accountability. Acceptance of accountability is a key component of leadership.
A climate where accountabilities are clear is an important aspect of a leadership
development culture (Bell and Gerrard 2004). Natural leaders often first come to
senior management’s attention because they consistently deliver on what they
promise. The concept of accountability is also being extended to include expecta-
tions that IT staff will assist the business in achieving its growth goals and that IT
will not create technical impediments to implementing business strategies (Mingay
et al. 2004). Unfortunately, IT accountability is frequently absent, and this has nega-
tively affected the perceptions of IT leadership in the rest of the organization (Feld
and Stoddard 2004). No member of IT should be allowed to abdicate responsibility
for delivering results. However, focus group members stressed that in order to cre-
ate a culture of accountability, IT leaders must also provide the processes, tools, and
support to produce successful results.
The second layer of a leadership development program involves building
leadership activities into IT’s processes and daily work. Well-designed and documented
processes for such activities as planning, budgeting, conflict resolution, service delivery,
and financial reviews and approvals clearly articulate the individual elements that con-
tribute to leadership in particular situations. They make it easier for more junior staff to
carry out these activities and to learn what is expected of them (Bell and Gerrard 2004).
They also establish boundaries within which staff can exercise judgment and take risks.
Human resources management practices are a key component of fostering
leadership at this level as well. Many companies have begun to document the compe-
tencies that they expect staff to exhibit in each job category and level. These typically
include leadership as well as technical skills. “It gets harder to do this the higher up
the management hierarchy one goes,” stated one manager. “At the more senior levels,
leadership skills are much more individualized and are more difficult to capture, but
we’re working on it.” Specific training and development strategies work well for each
job stream at more junior levels. With more senior positions, development plans should
be created for each individual.
Job assignments are one of the most important ways to develop leadership exper-
tise. In fact, some experts suggest that 80 percent of the levers management has at its
disposal in this area are related to how a company uses assignments and job postings to
influence an individual’s experience (Kesner 2003). Job rotations, stretch assignments,
and on-the-job coaching and mentoring are all effective ways to build leadership skills.
Occasionally, this may entail taking risks and not always appointing the most qualified
person for a particular job (Roberts and Mingay 2004). Sometimes, this should involve
moving a person out of IT into the business for an assignment. All organizations should
have processes in place to identify emergent leaders and take proactive steps to design
individualized strategies of coaching and assignments that will fit their unique person-
alities (Griffin 2003). Succession planning should be a significant part of this process as
M06_MCKE0260_03_GE_C06.indd 94 12/3/14 8:38 PM

Chapter 6 • Effective IT Leadership 95
well. Recruiting leaders from outside is sometimes necessary, but this is a far more risky
and expensive way to address succession than growing leaders from within (Roberts
and Mingay 2004).
Finally, at the core of any leadership development program is formal training.
Commitment to formal leadership training in organizations has been patchy at best.
Training can be internally developed or externally purchased. The fastest-growing seg-
ment of executive education is customized programs for a particular organization that
are specifically tied to business drivers and values (Kesner 2003). In-house programs
are best for instilling vision, purpose, values, and priorities. External training is best
used for introducing new knowledge, practices, and thinking to leadership.
Because of the time and expense involved, leadership training should be used
strategically rather than comprehensively. Often IT resources can be so stretched that
finding time for development is the biggest challenge. One company reasserted the
importance of training by promising its staff that it would spend its entire annual train-
ing budget for the first time! This organization sees training as one tool for helping
individuals make their best contributions and achieving success; interestingly, it has
found that making it easier to find appropriate courses through the creation of a formal
curriculum and streamlining the registration and payment processes has led to a sig-
nificant uptake in employees’ taking advantage of development opportunities.
invesTing in leadeRship developMenT: aRTiCulaTing
The value pRoposiTion
Although leadership development is widely espoused, many organizations have
reduced their budgets in recent years, and that has hit formal training programs hard.
One manager remarked that his staff knew senior management was serious about
development when it maintained training budgets while trimming in other areas.
However, as mentioned earlier, training is only one facet of a good leadership develop-
ment program, and doing it right will take executive time and consistent attention, in
addition to the costs involved in establishing and following through on necessary com-
munications, procedures, and planning. It is essential to articulate the value proposition
for this initiative.
Experts suggest that several elements of value can be achieved by implementing
a leadership development program. Using a rubric established by Smith and McKeen
(see Chapter 1), these elements include the following:
• What is the value? Because different companies and managers have different
perceptions of value, it is critical that the value that is to be achieved by a lead-
ership development program be clearly described and agreed on. Some of the
value elements that organizations could achieve with leadership development
include improved current and future leadership capabilities and bench strength
(preventing expensive and risky hires from outside), improved innovation and
alignment with business strategy, improved teamwork (both internally and cross-
functionally), improved collaboration and knowledge sharing, greater clarity of
purpose and appropriate decision making, reduced risk, and a higher- performing
IT organization. When these value objectives are understood, it is possible to
develop metrics to determine whether or not the program is successful. Having
M06_MCKE0260_03_GE_C06.indd 95 12/3/14 8:38 PM

96 Section I • Delivering Value with IT
a focus and metrics for a leadership program will ensure that management pays
attention to it and that it doesn’t get shunted into a corner with the “soft and fuzzy
stuff” (Kesner 2003).
• Who will deliver the value? Because leadership development is partially HR’s
responsibility and partially IT’s, clarifying which parts of the program should be
delivered by which group is important. Similarly, much of the coaching, mentor-
ing, and experiential components will be fulfilled by different managers within
IT. It is, therefore, important for senior management to clarify roles and responsi-
bilities for leadership development and ensure they are implemented consistently
across the organization. Ideally, senior IT management will retain responsibil-
ity for the outer layer of the leadership program—that is, creating a supportive
working environment. At one company the senior IT team created several pack-
aged presentations for middle managers to help them articulate their “leadership
promises.”
• When will value be realized? Leadership development should have both long-
and short-term benefits. Effective training programs should result in visible
behavior changes, as already noted. The initial impacts of a comprehensive leader-
ship initiative should be visible in-house within a year and to business units and
vendors within eighteen to twenty-four months (McDonald and Bace 2004). Again,
metrics are an essential part of leadership programs because they demonstrate
their success and effectiveness. Although there is no causal link between leadership
development and improved business results, there should be clear and desirable
results achieved (Kesner 2003). Using a “balanced scorecard” approach to track
the different types of impacts over time is recommended. This methodology can be
used to demonstrate value to IT managers, who may be skeptical, and to HR and
senior management. It can also be used to make modifications to the program in
areas where it is not working well.
• How will value be delivered? This is the question that everyone wants to ask first
and that should only be addressed after the other questions have been answered.
Once it is clear what IT wants to accomplish with leadership development, it will be
much easier to design an effective program to deliver it.
Conclusion
Leadership development in IT is something
that everyone agrees is increasingly important
to helping companies achieve their business
goals. However, all too often it is a hit-and-
miss exercise, depending on management
whim and budget availability. It is now clear
that senior IT leaders must make leadership
development a priority if IT is going to con-
tribute to business strategy and help deliver
services in an increasingly competitive envi-
ronment. To do this, leadership develop-
ment in IT must start with the most junior
IT staff. An effective program involves more
than just training. It must include the cre-
ation of a supportive work environment and
the development of processes that deliver on
management’s promises. However, no lead-
ership program should be implemented in a
M06_MCKE0260_03_GE_C06.indd 96 12/3/14 8:38 PM

Chapter 6 • Effective IT Leadership 97
vacuum. There should be a clearly articulated
proposition outlining its value to the organi-
zation and a set of metrics to monitor its effec-
tiveness. Like technology itself, leadership
development will be effective only if manage-
ment takes a comprehensive approach that
integrates culture, behavior, processes, and
training to deliver real business value.
Anonymous. “A Guide for Leaders.” Presentation
to the IT Management Forum, November 2004.
Avolio, B., and S. Kahai. “Adding the ‘E’ to
Leadership: How It May Impact Your
Leadership.” Organizational Dynamics 31, no. 4
(January 2003): 325–38.
Bell, M., and M. Gerrard. “Organizational Chart
Is Falling into Irrelevance.” Gartner Inc., ID
Number: QA-22-2873, July 6, 2004.
Bennis, W. G., and B. Nanus. Leaders: The Strategies
for Taking Charge. New York: Harper and Row,
1985.
Bouley, J. “Leading versus Managing.” PM
Network 20, no. 2 (2006).
Cascio, W., and S. Shurygailo. “E-leadership and
Virtual Teams.” Organizational Dynamics 31, no.
4 (January 2003): 362–76.
Feld, C., and D. Stoddard. “Getting IT Right.”
Harvard Business Review 82, no. 2 (2004): 72–79.
Griffin, N. “Personalize Your Management
Development.” Harvard Business Review 81, no.
3 (March 2003).
IBM. “CEO Survey 2011: Leading through
Connections Executive Summary.” Somers,
NY: IBM Global Business Services, GBE03486-
USEN-00 (May 2012).
Kaminsky, J. “Impact of Non-Technical Leadership
Practices on IT Project Success.” Journal of
Leadership Studies 6, no. 1 (May 2012).
Kesner, I. “Leadership Development: Perk or
Priority?” Harvard Business Review 81, no. 3
(May 2003).
Kim, W., and R. Maugorgne. “Tipping Point
Leadership.” Harvard Business Review 81, no. 4
(April 2003).
Korsten, P. “The Essential CIO.” IBM Institute
for Business Value. Somers, NY: IBM Global
Business Services, 2011.
Light, M. “To Discern Potential Mastery,
Assess Project Management Leadership and
Planning Expertise.” Gartner Inc., ID Number:
G00258389, November 8, 2013.
McDonald, M., and J. Bace. “Keys to IT
Leadership: Credibility, Respect, and
Consistency.” Gartner Inc., ID Number:
TU-22-8013, June 28, 2004.
McKeen, J., and H. Smith. Making IT Happen:
Critical Issues in IT Management. Chichester,
England: John Wiley & Sons, 2003.
Mingay, S., J. Mahoney, M. P. McDonald, and M.
Bell. “Redefining the Rules of IT Leadership.”
Gartner Inc., ID Number: AV-22-9013, July 1,
2004.
Mintzberg, H. “Enough Leadership.” Harvard
Business Review 82, no. 11 (November 2004).
Raskino, M., D. Aron, P. Mecham, and J. Beck.
“CEOs and CIOs must Co-Design the C-Suite
for Digital Leadership.” Gartner Inc., ID
Number: G00258536, November 22, 2013.
Roberts, J., and S. Mingay. “Building a More
Effective IT Leadership Team.” Gartner Inc., ID
Number: TU-22-5915, June 28, 2004.
Smith, H. A., and J. D. McKeen. “IT in 2015,”
Presentation to Center for Information Systems
Research (CISR), Massachusetts Institute of
Technology, April 2012.
Stewart, T. “Leading Change When Business Is
Good: An Interview with Samuel J. Palmisano.”
Harvard Business Review 82, no. 12 (December
2004): 8.
Taurel, S. “On Leadership.” Corporate document,
Eli Lilly and Co., 2000.
Weiss, J., and S. Adams. “Aspiring and Changing
Roles of Technology Leadership: An
Exploratory Study.” Engineering Management
Journal 23, no. 3 (September 2011).
References
M06_MCKE0260_03_GE_C06.indd 97 12/3/14 8:38 PM

Mini Case
Delivering Business Value with
IT at Hefty Hardware2
“IT is a pain in the neck,” groused Cheryl O’Shea, VP of retail marketing, as she
slipped into a seat at the table in the Hefty Hardware executive dining room, next to
her colleagues. “It’s all technical mumbo-jumbo when they talk to you and I still don’t
know if they have any idea about what we’re trying to accomplish with our Savvy Store
program. I keep explaining that we have to improve the customer experience and that
we need IT’s help to do this, but they keep talking about infrastructure and bandwidth
and technical architecture, which is all their internal stuff and doesn’t relate to what
we’re trying to do at all! They have so many processes and reviews that I’m not sure
we’ll ever get this project off the ground unless we go outside the company.”
“You’ve got that right,” agreed Glen Vogel, the COO. “I really like my IT account
manager, Jenny Henderson. She sits in on all our strategy meetings and seems to really
understand our business, but that’s about as far as it goes. By the time we get a project
going, my staff are all complaining that the IT people don’t even know some of our
basic business functions, like how our warehouses operate. It takes so long to deliver
any sort of technology to the field, and when it doesn’t work the way we want it to, they
just shrug and tell us to add it to the list for the next release! Are we really getting value
for all of the millions that we pour into IT?”
“Well, I don’t think it’s as bad as you both seem to believe,” added Michelle
Wright, the CFO. “My EA sings the praises of the help desk and the new ERP system
we put in last year. We can now close the books at month-end in 24 hours. Before that,
it took days. And I’ve seen the benchmarking reports on our computer operations. We
are in the top quartile for reliability and cost-effectiveness for all our hardware and
systems. I don’t think we could get IT any cheaper outside the company.”
“You are talking ‘apples and oranges’ here,” said Glen. “On one hand, you’re
saying that we’re getting good, cheap, reliable computer operations and value for the
money we’re spending here. On the other hand, we don’t feel IT is contributing to
creating new business value for Hefty. They’re really two different things.”
“Yes, they are,” agreed Cheryl. “I’d even agree with you that they do a pretty
good job of keeping our systems functioning and preventing viruses and things. At
least we’ve never lost any data like some of our competitors. But I don’t see how they’re
contributing to executing our business strategy. And surely in this day and age with
increased competition, new technologies coming out all over the place, and so many
changes in our economy, we should be able to get them to help us be more flexible, not
less, and deliver new products and services to our customers quickly!”
2 Smith, H. A., and J. D. McKeen. “Delivering Business Value with IT at Hefty Hardware.” #1-L10-1-001,
Queen’s School of Business, May 2010. Reproduced by permission of Queen’s University, School of Business,
Kingston, Ontario, Canada.
98
M06_MCKE0260_03_GE_C06.indd 98 12/3/14 8:38 PM

Delivering Business Value with IT at Hefty Hardware 99
The conversation moved on then, but Glen was thoughtful as he walked back to
his office after lunch. Truthfully, he only ever thought about IT when it affected him and
his area. Like his other colleagues, he found most of his communication with the depart-
ment, Jenny excepted, to be unintelligible, so he delegated it to his subordinates, unless
it absolutely couldn’t be avoided. But Cheryl was right. IT was becoming increasingly
important to how the company did its business. Although Hefty’s success was built on
its excellent supply chain logistics and the assortment of products in its stores, IT played
a huge role in this. And to implement Hefty’s new Savvy Store strategy, IT would be
critical for ensuring that the products were there when a customer wanted them and
that every store associate had the proper information to answer customers’ questions.
In Europe, he knew from his travels, IT was front and center in most cutting-
edge retail stores. It provided extensive self-service to improve checkout; multichannel
access to information inside stores to enable customers to browse an extended product
base and better support sales associates assisting customers; and multimedia to engage
customers with extended product knowledge. Part of Hefty’s new Savvy Store business
strategy was to copy some of these initiatives, hoping to become the first retailer in
North America to completely integrate multimedia and digital information into each of
its 1,000 stores. They’d spent months at the executive committee meetings working out
this new strategic thrust—using information and multimedia to improve the customer
experience in a variety of ways and to make it consistent in each of their stores. Now,
they had to figure out exactly how to execute it, and IT was a key player. The question
in Glen’s mind now was how could the business and IT work together to deliver on this
vision, when IT was essentially operating in its own technical world, which bore very
little relationship to the world of business?
Entering his office, with its panoramic view of the downtown core, Glen had an
idea. “Hefty’s stores operate in a different world than we do at our head office. Wouldn’t
it be great to take some of our best IT folks out on the road so they could see what it’s
really like in the field? What seems like a good idea here at corporate doesn’t always
work out there, and we need to balance our corporate needs with those of our store
operations.” He remembered going to one of Hefty’s smaller stores in Moose River and
seeing how its managers had circumvented the company’s stringent security protocols
by writing their passwords on Post-it notes stuck to the store’s only computer terminal.
So, on his next trip to the field he decided he would take Jenny, along with Cheryl
and the Marketing IT Relationship Manager, Paul Gutierez, and maybe even invite the
CIO, Farzad Mohammed, and a couple of the IT architects. “It would be good for them
to see what’s actually happening in the stores,” he reasoned. “Maybe once they do, it
will help them understand what we’re trying to accomplish.”
A few days later, Glen’s e-mailed invitation had Farzad in a quandary. “He wants
to take me and some of my top people—including you—on the road two weeks from
now,” he complained to his chief architect, Sergei Grozny. “Maybe I could spare Jenny
to go, since she’s Glen’s main contact, but we’re up to our wazoos in alligators trying to
put together our strategic IT architecture so we can support their Savvy Stores initiative
and half a dozen more ‘top priority’ projects. We’re supposed to present our IT strategy
to the steering committee in three weeks!”
“And I need Paul to work with the architecture team over the next couple of
weeks to review our plans and then to work with the master data team to help them
outline their information strategy,” said Sergei. “If we don’t have the infrastructure and
M06_MCKE0260_03_GE_C06.indd 99 12/3/14 8:38 PM

100 Section I • Delivering Value with IT
integrated information in place there aren’t going to be any ‘Savvy Stores’! You can’t
send Paul and my core architects off on some boondoggle for a whole week! They’ve all
seen a Hefty store. It’s not like they’re going to see anything different.”
“You’re right,” agreed Farzad. “Glen’s just going to have to understand that I can’t
send five of our top people into the field right now. Maybe in six months after we’ve
finished this planning and budget cycle. We’ve got too much work to do now. I’ll send
Jenny and maybe that new intern, Joyce Li, who we’re thinking of hiring. She could use
some exposure to the business, and she’s not working on anything critical. I’ll e-mail
Jenny and get her to set it up with Glen. She’s so great with these business guys. I don’t
know how she does it, but she seems to really get them onside.”
Three hours later, Jenny Henderson arrived back from a refreshing noontime
workout to find Farzad’s request in her priority in-box. “Oh #*!#*@!” she swore. She
had a more finely nuanced understanding of the politics involved in this situation, and
she was standing on a land mine for sure. Her business contacts had all known about
the invitation, and she knew it was more than a simple request. However, Farzad, hav-
ing been with the company for only eighteen months, might not recognize the olive
branch that it represented, nor the problems that it would cause if he turned down the
trip or if he sent a very junior staff member in his place. “I have to speak with him about
this before I do anything,” she concluded, reaching for her jacket.
But just as she swiveled around to go see Farzad, Paul Gutierez appeared in her
doorway, looking furious. “Got a moment?” he asked and, not waiting for her answer,
plunked himself down in her visitor’s chair. Jenny could almost see the steam coming
out of his ears, and his face was beet red. Paul was a great colleague, so mentally put-
ting the “pause” button on her own problems, Jenny replied, “Sure, what’s up?”
“Well, I just got back from the new technology meeting between marketing and
our R&D guys, and it was just terrible!” he moaned. I’ve been trying to get Cheryl and
her group to consider doing some experimentation with cell phone promotions—you
know, using that new Japanese bar coding system. There are a million things you can
do with mobile these days. So, she asked me to set up a demonstration of the technol-
ogy and to have the R&D guys explain what it might do. At first, everyone was really
excited. They’d read about these things in magazines and wanted to know more. But
our guys kept droning on about 3G and 4G technology and different types of connec-
tivity and security and how the data move around and how we have to model and
architect everything so it all fits together. They had the business guys so confused we
never actually got talking about how the technology might be used for marketing and
whether it was a good business idea. After about half an hour, everyone just tuned out.
I tried to bring it back to the applications we could develop if we just invested a little
in the mobile connectivity infrastructure, but by then we were dead in the water. They
wouldn’t fund the project because they couldn’t see why customers would want to use
mobile in our stores when we had perfectly good cash registers and in-store kiosks!”
“I despair!” he said dramatically. “And you know what’s going to happen don’t
you? In a year or so, when everyone else has got mobile apps, they’re going to want
us to do something for them yesterday, and we’re going to have to throw some sort of
stopgap technology in place to deal with it, and everyone’s going to be complaining
that IT isn’t helping the business with what it needs!”
Jenny was sympathetic. “Been there, done that, and got the T-shirt,” she laughed
wryly. “These tech guys are so brilliant, but they can’t ever seem to connect what they
M06_MCKE0260_03_GE_C06.indd 100 12/3/14 8:38 PM

Delivering Business Value with IT at Hefty Hardware 101
know to what the business thinks it needs. Sometimes, they’re too farsighted and need
to just paint the next couple of steps of what could be done, not the ‘flying around in
jetpacks vision.’ And sometimes I think they truly don’t understand why the business
can’t see how these bits and bytes they’re talking about translate into something that it
can use to make money.” She looked at her watch, and Paul got the hint. He stood up.
“Thanks for letting me vent,” he said. “You’re a good listener.”
“I hope Farzad is,” she thought grimly as she headed down the hall. “Or he’s
going to be out of here by Thanksgiving.” It was a sad truth that CIOs seemed to turn
over every two years or so at Hefty. It was almost predictable. A new CEO would come
in, and the next thing you knew the CIO would be history. Or the user satisfaction rate
would plummet, or there would be a major application crash, or the executives would
complain about how much IT cost, or there would be an expensive new system failure.
Whatever it was, IT would always get blamed, and the CIO would be gone. “We have
some world-class people in IT,” she thought, “but everywhere we go in the business, we
get a bad rap. And it’s not always our fault.”
She remembered the recent CIM project to produce a single customer database for
all of Hefty’s divisions: hardware, clothing, sporting goods, and credit. It had seemed
to be a straightforward project with lots of ROI, but the infighting between the client
divisions had dragged the project (and the costs) out. No one could agree about whose
version of the truth they should use, and the divisions had assigned their most junior
people to it and insisted on numerous exceptions, workarounds, and enhancements, all
of which had rendered the original business case useless. On top of that, the company
had undergone a major restructuring in the middle of it, and a lot of the major play-
ers had changed. “It would be a lot easier for us in IT if the business would get its act
together about what it wants from IT,” she thought. But just as quickly, she recognized
that this was probably an unrealistic goal. A more practical one would be to find ways
for business and IT to work collaboratively at all levels. “We each hold pieces of the
future picture of the business,” she mused. “We need to figure out a better way to put
them together than simply trying to force them to fit.”
Knocking on Farzad’s door, she peeked into the window beside it. He seemed
lost in thought but smiled when he saw her. “Jenny!” he exclaimed. “I was just think-
ing about you and the e-mail I sent you. Have you done anything about it yet?” When
she shook her head, he gave a sigh of relief. “I was just rethinking my decision about
this trip, and I’d like your advice.” Jenny gave her own mental sigh and stepped into
the office. “I think we have a problem with the business and we need to fix it—fast,”
she said. “I’ve got some ideas, and what to do about the trip is just part of them. Can
we talk?” Farzad nodded encouragingly and invited her to sit down. “I agree with you,
and I’d like to hear what you have to say. We need to do things differently around here,
and I think with your help we can. What did you have in mind?”
Discussion Questions
1. Overall, how effective is the partnership between IT and the business at Hefty
Hardware? Identify the shortcomings of both IT and the business.
2. Create a plan for how IT and the business can work collaboratively to deliver the
Savvy Store program successfully.
M06_MCKE0260_03_GE_C06.indd 101 12/3/14 8:38 PM

Mini Case
Investing in TUFS3
“Why do I keep this around?” Martin Drysdale wondered. “It infuriates me every time
I see all that satisfaction over something that is now the bane of my existence.”
He looked gloomily at the offending photo, which showed the project team hap-
pily “clinking” pop cans and coffee cups in a toast: “Here’s to TUFS!” The Technical
Underwriting Financial System (TUFS) was the largest single investment in IT ever
made by Northern Insurance, and it was going to transform Northern by streamlining
the underwriting processes and providing strategic e-business capabilities. The TUFS
team had brought the project in on time and on budget, so the party was a thank-you
for all of the team’s dedicated, hard work. But it was two years ago when the camera
captured the happy moment for posterity, and Martin, CIO for Northern, had celebrated
with the rest.
“Yeah, right,” Martin grimaced as he turned from the photo to the e-mail message
on his computer screen, summoning him to a meeting with his boss that morning to
discuss TUFS. The system had turned into a nightmare in its first few months of opera-
tion. Now his job was on the line. What was supposed to have brought efficiency to
the underwriting process and new opportunities for top-line growth had become a
major corporate money pit. TUFS was still eating up the vast majority of Northern’s IT
budget and resources to fix the underwriting errors that kept appearing, and resistance
to the system had grown from sniping and grumbling into calls for Martin’s head. “No
wonder we’re not saving any money, though, with senior underwriting managers still
insisting on receiving some of their old reports, even though TUFS lets them look up the
same information online anytime they want,” Martin fumed. The meeting with the CFO
was to discuss TUFS and the company’s “very significant investment in this system.”
Feeling like a condemned prisoner on his way to the gallows, Martin grabbed his suit
jacket, straightened his tie, and headed up to the seventh-floor executive suite.
An hour later Martin was feeling very well grilled as he was confronted with a
long list of the problems with TUFS. The CFO, Melissa Freeman, had done her home-
work. Before her was a binder full of TUFS documentation, stretching back almost three
years from when the project had been first identified. “According to my calculations,
Northern has spent almost $4 million on this system, if you include all of the resources
dedicated to fixing the problems identified after implementation,” she noted. “And I
have yet to see any cost savings in the underwriting department. Why?”
“It’s true that there have been some unanticipated changes to the system that have
cost us, but the underwriters have never bought into the system,” Martin conceded.
“They insist on following their old procedures and then using the system at the last pos-
sible moment as a double-check. What can we do if they won’t use the system the way
it was designed?”
3 Smith, H. A., and J. D. McKeen. “Investing in TUFS.” #9-L05-1-003, Queen’s School of Business, February
2005. Reproduced by permission of Queen’s University, School of Business, Kingston, Ontario, Canada.
102
M06_MCKE0260_03_GE_C06.indd 102 12/3/14 8:38 PM

Investing in TUFS 103
“Could there possibly be a reason why they don’t like the system?” Freeman asked.
“It seems to me from looking at these change reports that the system hasn’t been meet-
ing our basic underwriting needs.”
Martin acknowledged that there had been some problems. “But my guys are tech-
nicians, not underwriters. They didn’t get much participation from the underwriters
in the first place. The underwriting department wouldn’t take the time to bring my
people up to speed on what they needed and why. As well, we were facing a very tight
deadline, which meant that we had to defer some of the functionality we had origi-
nally intended to include. That was senior management’s decision, and everyone was
informed about it when it was made.” He added that they were now asking for a TUFS
training program and a help desk to handle questions that underwriters might face
while using the system!
“A help desk and training program weren’t in our original plan,” Martin reminded
Freeman. “These extras are eating away at the system’s benefits.” According to the busi-
ness case prepared by the users, TUFS was supposed to pay for itself over its first two
years of operations from savings realized from the underwriting process. The system’s
problems certainly accounted for some of the extra costs, but the users hadn’t made any
of the process changes that would help those savings be realized. “They think we can
just plug in the system and cost savings will appear like magic. And other parts of the
system are going to take time to deliver benefits.”
The “other parts” he was referring to were the e-business capabilities that TUFS
provided. “If you will recall, this system was approved in the days when we had to have
e-business or we were going to be dinosaurs. In retrospect, we could have cut back on
this functionality more easily and left some of the underwriting functionality in, but
who knew?”
“Well, as you know, our financial resources are very limited at present.” Freeman
leaned forward. “I’ve been asked to make some recommendations to the executive com-
mittee about whether or not we should put more money into this system. TUFS has
been our number-one priority for two years now, and quite a few people are saying that
enough is enough—that we need to make some major changes around here.”
Martin took a deep breath, waiting for the ax to fall. Freeman continued, “What I
need to know now from you is this: What went wrong with our TUFS investment, and
what can we do to prevent these problems in the future? What do we need to do to real-
ize the benefits that were projected for TUFS? How can we measure these benefits? And
how can we best decide how to apportion our IT budget between TUFS and these other
projects?”
As he slowly exhaled and felt his pulse resume, Martin nodded. “I’ve got some
ideas. Can I get them to you in writing by the end of the week?”
Discussion Questions
1. What went wrong with the TUFS investment, and what can be done to prevent
these problems in the future?
2. What does Northern need to do to realize the benefits that were projected for TUFS?
3. How can Northern measure these benefits?
M06_MCKE0260_03_GE_C06.indd 103 12/3/14 8:38 PM

Mini Case
IT Planning at ModMeters4
Brian Smith, CIO of ModMeters, groaned inwardly as he listened to CEO John Johnson
wrapping up his remarks. “So our executive team thinks there are real business oppor-
tunities for us in developing these two new strategic thrusts. But before I go to the
board for final approval next month, I need to know that our IT, marketing, and sales
plans will support us all the way,” Johnson concluded.
Brian mentally calculated the impact these new initiatives would have on his orga-
nization. He had heard rumors from his boss, the COO, that something big was coming
down. He had even been asked his opinion about whether these strategies were techni-
cally doable, theoretically. But both at once? Resources—people, time, and money—were
tight, as usual. ModMeters was making a reasonable profit, but the CFO, Stan Abrams,
had always kept the lid screwed down tightly on IT spending. Brian had to fight for
every dime. How he was going to find the wherewithal to support not one but two new
strategic initiatives, he didn’t know.
The other VPs at this strategy presentation were smiling. Taking ModMeters
global from a North American operation seemed to be a logical next step for the com-
pany. Its products, metering components of all types, were highly specialized and in
great demand from such diverse customers as utility companies, manufacturers, and
a host of other industries. Originally founded as Modern Meters, the firm had grown
steadily as demand for its metering expertise and components had grown over the past
century or so. Today ModMeters was the largest producer of metering components in
the world with a full range of both mechanical and, now, digital products. Expanding
into meter assembly with plants in Asia and Eastern Europe was a good plan, thought
Brian, but he wasn’t exactly sure how he was going to get the infrastructure in place
to support it. “Many of these countries simply don’t have the telecommunications and
equipment we are going to need, and the training and new systems we have to put in
place are going to be substantial,” he said.
But it was the second strategic thrust that was going to give him nightmares, he
predicted. How on earth did they expect him to put direct-to-customer sales in place
so they could sell “green” electric meters to individual users? His attention was jerked
back to the present by a flashy new logo on an easel that the CEO had just unveiled.
“In keeping with our updated strategy, may I present our new name—MM!”
Johnson announced portentously.
“Oh, this is just great,” thought Brian. “Now I have to go into every single applica-
tion and every single document this company produces and change our name!”
Because of its age and scientific orientation, ModMeters (as he still preferred to
call it) had been in the IT business a long time. Starting back in the early 1960s, the
4 Smith, H. A., and J. D. McKeen. “IT Planning at ModMeters.” #1-L05-1-008, Queen’s School of Business,
September 2005. Reproduced by permission of Queen’s University, School of Business, Kingston, Ontario,
Canada.
104
M06_MCKE0260_03_GE_C06.indd 104 12/3/14 8:38 PM

IT Planning at ModMeters 105
company had gradually automated almost every aspect of its business from finance
and accounting to supply chain management. About the only thing it didn’t have was
a fancy Web site for consumers, although even that was about to change. ModMeters
currently had systems reflecting just about every era of computers from punch cards
to PCs. Unfortunately, the company never seemed to have the resources to invest in
reengineering its existing systems. It just layered more systems on top of the others.
A diagram of all the interactions among systems looked like a plate of spaghetti. There
was no way they were going to be able to support two new strategic thrusts with their
current budget levels, he thought as he applauded the new design along with the others.
“Next week’s IT budget meeting is going to be a doozy!”
Sure enough, the following week found them all, except for the CEO, back in the
same meeting room, ready to do battle. Holding his fire, Brian waited until all the VPs
had presented their essential IT initiatives. In addition to what needed to be done to
support the new business strategies, each division had a full laundry list of essentials
for maintaining the current business of the firm. Even Abrams had gotten into the act
this year because of new legislation that gave the firm’s outside auditors immense
scope to peer into the inner workings of every financial and governance process the
organization had.
After listening carefully to each speaker in turn, Brian stood up. “As many of you
know, we have always been cautious about how we spend our IT budget. We have been
given a budget that is equal to 2 percent of revenues, which seriously limits what we in
IT have been able to do for the company. Every year we spend a lot of time paring our
project list down to bare bones, and every year we make do with a patchwork of infra-
structure investments. We are now at the point where 80 percent of our budget in IT is
fixed. Here’s how we spend our money.” Brian clicked on a PowerPoint presentation
showing a multicolored pie chart.
“This large chunk in blue is just about half our budget,” he stated. “This is simply
the cost of keeping the lights on—running our systems and replacing a bare minimum
of equipment. The red chunk is about 30 percent of the pie. This is the stuff we have to
do—fixing errors, dealing with changes mandated by government and our own indus-
try, and providing essential services like the help desk. How we divide up the remain-
der of the pie is what this meeting is all about.”
Brian clicked to a second slide showing a second pie chart. “As you know, we
have typically divided up the remaining IT budget proportionately, according to who
has the biggest overall operating budget. This large pink chunk is you, Fred.” Brian
gestured at Fred Tompkins, head of manufacturing and the most powerful executive in
the room. It was his division that made the firm’s profit. The pink chunk easily took up
more than half of the pie. Tompkins smiled. Brian went on, pointing out the slice that
each part of the firm had been allotted in the previous year. “Finally, we come to Harriet
and Brenda,” he said with a smile. Harriet Simpson and Brenda Barnes were the VPs of
human resources and marketing, respectively. Their tiny slivers were barely visible—
just a few percent of the total budget.
“This approach to divvying up our IT budget may have served us well over the
years”—Brian didn’t think it had, but he wasn’t going to fight past battles—“however,
we all heard what John said last week, and this approach to budgeting doesn’t give
us any room to develop our new strategies or cover our new infrastructure or staffing
needs. Although we might get a little more money to obtain some new applications
M06_MCKE0260_03_GE_C06.indd 105 12/3/14 8:38 PM

106 Section I • Delivering Value with IT
and buy some more computers”—Abrams nodded slightly—“it won’t get us where we
need to go in the future.”
A third graph went up on the screen, showing the next five years. “If we don’t
do something now to address our IT challenges, within five years our entire IT budget
will be eaten up by just operations and maintenance. In the past we have paid mini-
mal attention to our infrastructure or our information and technology architecture or
to reengineering our existing systems and processes.” A diagram of the “spaghetti”
flashed on. “This is what you’re asking me to manage in a cost-effective manner. It isn’t
pretty. We need a better plan for making our systems more robust and flexible. If we
are going to be moving in new directions with this firm, the foundation just isn’t there.
Stan, you should be worried that we won’t be able to give our auditors what they ask for.
But you should also be worried about our risk exposure if one of these systems fails and
about how we are going to integrate two new business ventures into this mess.”
Tompkins looked up from his papers. It was clear he wasn’t pleased with where
this presentation was headed. “Well, I, for one, need everything I’ve asked for on my
list,” he stated flatly. “You can’t expect me to be the cash cow of the organization and
not enable me to make the money we need to invest elsewhere.”
Brian was conciliatory. “I’m not saying that you don’t, Fred. I’m just saying that
we’ve been given a new strategic direction from the top and that some things are going
to have to change to enable IT to support the whole enterprise better. For example, until
now, we have always prioritized divisional IT projects on the basis of ROI. How should
we prioritize these new strategic initiatives? Furthermore, these new ventures will
require a lot of additional infrastructure, so we need to figure out a way to afford this.
And right now our systems don’t ‘talk’ to the ones running in other divisions because
they don’t use the same terminology. But in the future, if we’re going to have systems
that won’t cost increasing amounts of our budget, we are going to have to simplify and
integrate them better.”
Tompkins clearly hadn’t considered the enterprise’s needs at all. He scowled but
said nothing. Brian continued, “We are being asked to do some new things in the com-
pany. Obviously, John hopes there’s going to be a payback, but it may take a while. New
strategies don’t always bear fruit right away.” Now looking at Abrams, he said point-
edly, “There’s more to IT value than short-term profit. Part of our business strategy is
to make new markets for our company. That requires investment, not only in equipment
and product but also in the underlying processes and information we need to manage
and monitor that investment.”
Harriet Simpson spoke for the first time. “It’s like when we hire someone new in
R&D. We hire for quality because we want their ideas and innovation, not just a warm
body. I think we need to better understand how we are going to translate our five key
corporate objectives into IT projects. Yes, we need to make a profit, but Stan needs to
satisfy regulators and Brenda’s going to be on the hot seat when we start marketing to
individuals. And we haven’t even spoken about Ted’s needs.” As the VP of R&D, Ted
Kwok was tasked with keeping one or more steps ahead of the competition. New types
of products and customer needs would mean expansion in his area as well.
Abrams cleared his throat. “All of you are right. As I see it, we are going to have
to keep the cash flowing from Fred’s area while we expand. But Brian’s got a point.
We may be being penny wise and pound foolish if we don’t think things through more
M06_MCKE0260_03_GE_C06.indd 106 12/3/14 8:38 PM

IT Planning at ModMeters 107
carefully. We’ve put a lot of effort into developing this new strategy, and there will be
some extra money for IT but not enough to do that plus everything all of you want. We
need to retrench and regroup and move forward at the same time.”
There was silence in the room. Abrams had an annoying way of stating the
obvious without really helping to move the ball forward. Brian spoke again. “The way
I see it, we have to understand two things before we can really make a new budget.
First, we need to figure out how each of the IT projects we’ve got on the table contri-
butes to one of our key corporate objectives. Second, we need to figure out a way to
determine the value of each to ModMeters so that we can prioritize it. Then I need to
incorporate a reasonable amount of IT regeneration so that we can continue to do new
projects at all.”
Everyone was nodding now. Brian breathed a small sigh of relief. That was step
one accomplished. But step two was going to be harder. “We have a month to get back
to the board with our assurances that the IT plan can incorporate the new strategies
and what we’re going to need in terms of extra funds to do this. As I said earlier, this
is not just a matter of throwing money at the problem. What we need is a process for IT
planning and budgeting that will serve us well over the next few years. This process
will need to accomplish a number of things: It will need to take an enterprise perspective
on IT. We’re all in these new strategies together. It will have to incorporate all types of
IT initiatives—our new strategies, the needs of Fred and others for the new IT to oper-
ate and improve our existing business, Stan’s new auditing needs, and our operations
and maintenance needs. In addition, we must find some way of allocating some of the
budget to fixing the mess we have in IT right now. It must provide a better way to con-
nect new IT work with our corporate objectives. It must help us prioritize projects with
different types of value. Finally, it must ensure we have the business and IT resources in
place to deliver that value.”
Looking at each of his colleagues in turn, he asked, “Now how are we going to
do this?”
Discussion Question
1. Develop an IT planning process for ModMeters to accomplish the demands as set
out above.
M06_MCKE0260_03_GE_C06.indd 107 12/3/14 8:38 PM

M06_MCKE0260_03_GE_C06.indd 108 12/3/14 8:38 PM

S e c t i o n i i
IT Governance
Chapter 7 Effective IT Shared Services
Chapter 8 Successful IT Sourcing: Maturity Model, Sourcing Options, and
Decision Criteria
Chapter 9 Budgeting: Planning’s Evil Twin
Chapter 10 Risk Management in IT
Chapter 11 Information Management: Stages and Issues
Mini Cases
■ Building Shared Services at RR Communications
■ Enterprise Architecture at Nationstate Insurance
■ IT Investment at North American Financial
M07_MCKE0260_03_GE_C07.indd 109 12/3/14 8:39 PM

110
C h a p t e r
7 effective it Shared Services1
1 This chapter is based on the authors’ previously published article, McKeen, J. D., and H. A. Smith. “Creating
IT Shared Services.” Communications of the Association for Information Systems 29, Article 34 (October 2011):
645–656. Reproduced by permission of the Association for Information Systems.
A “shared service” is the “provision of a service by one part of an organization where that service had previously been found in more than one part of the organization. Thus the funding and resourcing of the service is shared and the
providing department effectively becomes an internal service provider” (Wikipedia
2014). The key idea is “sharing” within an organization. It suggests centralization of
resources, uniformity of service, consistent processes for service provisioning, econo-
mies of scale, reduced headcount, and enhanced professionalism. As such it has definite
appeal for IT organizations, and creating them has been identified as one of the effective
habits of successful CIOs (Andriole 2007).
For the business, an IT shared service is also appealing but for a different set of
reasons. Although the promise of reducing costs, time, and complexity through reuse
and the ability to leverage IT skills and knowledge are attractive, they rank a distant
second to the ability to free up resources by transferring responsibility for a noncore
activity to another organizational body. Not surprisingly, the successful creation of a
shared service is by necessity an exercise in goal alignment (between the business and
IT) coupled with a strategy for goal attainment.
A shared services organization constitutes an alternate business model. Therefore,
the decision to adopt a shared services model entails a number of critical questions for
management, such as What are the key attributes of a good candidate for a shared ser-
vice? How should a shared service be organized, managed, and governed? What is the
relationship between shared services and the parent organization? What can be learned
from experience with a shared services model? What theoretical and practical insight is
offered by published studies of shared services?
This chapter explores these questions. It begins with a review of the published
literature to provide some definitional clarity concerning the shared services model
M07_MCKE0260_03_GE_C07.indd 110 12/3/14 8:39 PM

Chapter 7 • Effective IT Shared Services 111
and to differentiate shared services from other closely related models. The remainder of
the chapter focuses on the key management issues surrounding the IT shared services
model, including the pros and cons, key organizational factors, and identifying candi-
date shared services. It concludes with an integrated shared services conceptual model
and recommendations for moving toward successful shared services in IT.
IT Shared ServIceS: an OvervIew
As already noted, the key high-level concepts of a shared service are that a single group
within the organization manages the service, the service is offered to any organizational
unit in need of the service, and the shared service is a single-source provider. Accenture
(2005) similarly defines shared services as “the consolidation of support functions (such
as human resources, finance, information technology, and procurement) from several
departments into a standalone organizational entity whose only mission is to provide
services as efficiently and effectively as possible”. While these definitions work in
general, they also raise a number of questions. For instance, how does a shared ser-
vice differ from any other organizational unit that provides service to the organization
(e.g., IT or HR)? How does a shared services organization relate to the parent organiza-
tion? Does a shared service alter customer relationship in significant ways? How is a
shared service governed?
Bergeron (2003) offers additional clarity by defining a shared service as a:
collaborative strategy in which a subset of existing business functions are
concentrated into a new, semi-autonomous business unit that has a manage-
ment structure designed to promote efficiency, value generation, cost savings,
and improved service for the internal customers of the parent corporation, like
a business competing in the open market.
This definition answers some of the earlier mentioned questions. For instance,
it interprets shared services as a “collaborative strategy” that differentiates it from an
organizational structure/design exercise. For example, deciding that all customer sup-
port functions should report to the COO does not make customer support a shared
service.
Bergeron further specifies that the shared service should be a “semiautonomous”
business unit with its own management structure, which suggests a different and
more “arms-length” relationship with the parent organization—one that allows suf-
ficient management discretion to enable the shared services organization to attain its
goals. These goals also differ within this definition with respect to their breadth and
scope. Value generation, as a goal, takes the shared services organization well beyond
efficiency and cost considerations; the goal of a shared services organization is to
“improve the bottom line of the parent corporation, not to create a more efficient, inter-
nally streamlined shared business unit per se” (Bergeron 2003, p. 5).
Bergeron’s definition also differentiates a shared service with respect to its
customer orientation. In a shared services model, internal customers are treated as if
they were external customers to be won or lost. With this orientation, the shared service
competes aggressively for business, places customer satisfaction as a top priority,
M07_MCKE0260_03_GE_C07.indd 111 12/3/14 8:39 PM

112 Section II • IT Governance
actively manages customer relationships, collaborates effectively on new business ini-
tiatives, markets its services internally, and communicates its performance to the busi-
ness on the basis of quality, price, and time. This is not the lackadaisical approach to
customer service that is typical of organizations that treat their business partners as a
captive audience.
Treating internal customers like external customers is a laudable goal but, accord-
ing to one focus group member, a shared services organization can theoretically go well
beyond this. She explained that significant advantages accrue exclusively to an internal
provider. For instance, a shared services organization has existing relationships with
its internal customers with whom they enjoy unfettered access. Furthermore, they
share goals, strategies, and culture. They have common knowledge and are motivated
by the same reward systems. Their loyalty is to the same organization and they share
financial goals.
External providers, in contrast, lack these advantages but have the benefit of others.
Most have credibility beyond internal providers simply because they are competitive in
the marketplace. They may also have economies of scale and advanced technology that
can be amortized over a broad client base. Moreover, they may have superior skills
and knowledge. Her argument was that an effective shared services organization, to
the extent that it develops enhanced customer relationships and a competitive mar-
ket orientation while both facilitating and benefiting from internal customer access,
could at least theoretically realize the “best of both worlds”. More than just the conver-
gence and streamlining of an organization’s functions to ensure that they deliver to the
organization the services required of them as effectively and efficiently as possible, the
true shared services organization generates value for the parent organization as if (and
possibly) competing in the open market.
Shared services are related to, but should not be confused with, more traditional
models of delivering IT services (McKeen and Smith 2007). Carefully delineating each
of the following points further aids our understanding of shared services.
• A shared service is most easily differentiated from a decentralized service delivery
model. In the decentralized model, services are provided in various organizational
units and managed locally. It is common in highly diversified organizations to
find that each business unit has its own IT organization so that the provision of IT
services can be tailored to the unique differences existing within each of the strategic
business units.
• In contrast, a centralized model for IT services brings all resources under a single
management structure, adopting virtualization and standardization strategies to
increase utilization of key resources and to lower operational costs. There are two
primary differences between a centralized model and the shared services model.
First, shared services have a customer-centric mind-set (users of the service are
viewed as customers, and the shared service is dedicated to providing high- quality,
cost-effective, and timely service) and second, shared services are run as an inde-
pendent business with their own budget and bottom-line accountability. The focus
group concluded that a shared service is always centralized but a centralized ser-
vice is not necessarily a shared service; that is, centralization is a “necessary but
insufficient” condition for a shared service.
M07_MCKE0260_03_GE_C07.indd 112 12/3/14 8:39 PM

Chapter 7 • Effective IT Shared Services 113
• The shared services model also differs from outsourcing where an external third
party is paid to provide a service that was previously internal to the buying orga-
nization. While a shared services model is often viewed as a stepping-stone to out-
sourcing, the focus group suggested that the decision to create a shared service
should not be a de facto decision to outsource. The relationship between outsourcing
and shared services is further explored later.
• A shared services model also differs from a joint venture where two or more organi-
zations create a separate, jointly owned, legal, and commercial entity that provides
profit to its shareholders/owners. This delivery mechanism is used frequently in
various industries such as banking and finance as well as oil and petroleum. As
with the outsourcing model, the service is provided by an external agency that
owns the profits derived from the provision of the service.
After a lengthy discussion, the focus group reached a consensual understanding
of a shared services organization. The members suggested that a true shared service
must adhere to the following four principles:
1. Shared services involves more than just centralization or consolidation of simi-
lar activities in one location (although this was recognized as an essential part as
already noted);
2. Shared services must embrace a customer orientation (i.e., as already mentioned, a
shared service cannot behave as a monopolistic provider);
3. Sufficient management discretion and autonomy must exist within the shared ser-
vices organization to allow freedom to generate the necessary efficiencies to create
value for the parent organization; and,
4. Shared services must be run like a business in order to deliver services to internal
customers with costs, quality, and timeliness that are competitive with that of exter-
nal providers.
On this last point, one member of the focus group argued that a shared services
provider will never satisfy internal customers unless and until the shared services orga-
nization is allowed to offer services to external customers. In his organization, despite
spending a considerable amount of money on external consultants to prove that their
IT shared services was competitive with that of external providers, the business “just
didn’t buy it.” There seems to be a general unease among business executives about
whether or not they are getting real value from their IT investments and this carries
over to shared services.
The other major concern for the focus group was the interpretation of “value” as
created by the shared services organization. Some members felt that “value” was the
demonstration that the shared services unit could provide cost savings to their par-
ent organization. Other members felt that cost savings would be insufficient to justify
the creation of a shared services organization, arguing that simply centralizing services
would produce similar savings. They felt that a shared services organization should
be expected to generate additional value beyond efficiency—offering enhanced quality
and/or differentiated services—such that value could be realized in terms of revenue
generation. While no resolution emerged, it is clear that the broader interpretation of
value aligns better with the group’s accepted definition of shared services.
M07_MCKE0260_03_GE_C07.indd 113 12/3/14 8:39 PM

114 Section II • IT Governance
IT Shared ServIceS: PrOS and cOnS
A shared services model for IT has the potential to deliver significant benefits to the
organization (Bergeron 2003). From the parent organization’s perspective, shared
services promise to:
• Reduce costs (due to consolidated operations) and improve service (due to the
customer-centric focus)
• Reduce distractions from core competency activities (due to transfer of noncore
activities to the shared services organization)
• Potentially create an externally focused profit center (should the shared services
decide to offer services beyond the parent organization).
From the perspective of the shared business unit, the shared services model
promises:
• Increased efficiencies (due to standardization and uniformity of services)
• Decreased personnel requirements (due to consolidated operations)
• Improved economies of scale (due to the concentration of purchasing, HR, and
other specialized functions).
The focus group generally agreed with this list of possible benefits and suggested
additional items including:
• Professionalism (due to the adoption of a customer-centric approach in dealing with
clients)
• Uniformity of service (due to consistent service provisioning across the enterprise)
• Personnel development (due to focused hiring, training, and skills/knowledge
development, all targeted toward service management)
• Control (due to single-sourced service management).
However, there is also a case to be made against shared services (Bergeron 2003).
The focus group highlighted the following limitations as being the most relevant for IT
shared services:
• Becoming a disruption to the service flow
• Moving work to a central location thereby creating wasteful handoffs, rework, and/
or duplication
• Instilling an “us” versus “them” mentality within the provider–consumer relationship
• Lengthening the time it takes to deliver a service.
The focus group also added the following:
• Additional costs associated with management bureaucracy and overhead
• Loss of control experienced by independent business units
• An increased communications burden
• Extraordinary one-time costs at start-up that are reflected within the service
offerings.
Thus, while the list of benefits of shared services is long and impressive, the
downside risk is equally imposing. The focus group also warned that the list of benefits
represents “promised” benefits and that realizing actual benefits is a different matter!
M07_MCKE0260_03_GE_C07.indd 114 12/3/14 8:39 PM

Chapter 7 • Effective IT Shared Services 115
To gain a different perspective of the trade-offs between these pros and cons,
members of the focus group were asked to share their actual experiences with IT shared
services, highlighting failures as well as successes. Subsequent analysis revealed the
following patterns of failure (from greatest to least):
• Promised headcount reduction doesn’t materialize
• Customer-centric orientation gives way to indifferent service
• Excessive bureaucratization of the service
• Reduced headcount achieved but service levels deteriorate
• Cost efficiencies are realized through “one size fits all” service offerings
The following patterns of success were identified (from greatest to least):
• Service improves producing quality, time, and cost advantages
• Service quality and time/cost savings are realized
• Service quality improves but without noticeable savings
• Headcounts are reduced but service levels remain unchanged
The track record of the focus group was equivocal; no organization was celebrating
the highest level of success and none was publicly admitting to outright failure.
Explaining these differences in outcomes was the next challenge.
IT Shared ServIceS: Key OrganIzaTIOnal SucceSS FacTOrS
Interpreting the success of an organizational initiative depends on understanding the
goals and objectives of those promoting the initiative. To gain some insight into this
aspect of shared services, the focus group was asked what they felt was motivating the
current interest in shared services and whether it was being driven primarily from the
business or from IT. This allowed us not only to examine the driving factors behind
a shared services model but also to highlight any differences between the business
and IT perspectives. In the ensuing discussion, a significant gap emerged between
the views of the business and the IT organizations with respect to a shared services
model— specifically what problems it solved, the benefits it produced, and the unique
challenges the adoption of a shared services model presents.
The majority of members felt that the push for shared services was coming from
IT and that their IT organizations were sufficiently interested in actively promoting a
shared services model. In contrast, two members of the focus group declared that the
push within their organizations was definitely coming from the business. One was a
large organization whose goal was to become a “globally integrated enterprise” built on
shared business services. IT was no exception. Specialized IT services, located globally
anywhere that would yield advantage, were offered to all business units within the
organization as a shared service. The other organization was undergoing an enterprise-
wide initiative to outsource noncore activities and IT had come under the microscope.
Here, the focus group member stated that “our management clearly views shared
services as a prerequisite for outsourcing.”
For organizations where the push for shared services originates within IT, the
motivation was clearly cost savings and/or control. According to one manager, “shared
services are seen as one way to reduce IT cost and/or complexity and drive IT reuse.
This is being driven today out of the IT organization but we understand that our
M07_MCKE0260_03_GE_C07.indd 115 12/3/14 8:39 PM

116 Section II • IT Governance
business partners need to be onboard for anything beyond the simplest of IT shared
services”. Another manager stated that the interest was primarily being driven by her
IT organization to achieve the following three key goals:
• To create reusable business functions to enable cost reduction
• To drive agility by means of a set of well-defined horizontal services
• To ultimately create a rationalized and simplified application portfolio.
When asked what problems a shared services model might solve, the focus group
cited the following:
• Inconsistent integration patterns that lead to steadily increasing costs for solution
maintenance and enhancement
• Building redundant applications using overly specific models because of the lack of
a roadmap for sharing functionality
• Lack of integration, which hampers reusability and economies of scale
• Increasing and perhaps unnecessary IT complexity.
The significant gap between how the IT organization approaches shared services
as compared to the business is most apparent in the articulation of goals, objectives, and
the ultimate justification of a shared services model. This becomes increasingly signifi-
cant when coupled with the fact that the majority of shared services initiatives are being
driven by IT.
In organizations where the driving force for shared services resides within the
IT organization, the focus is commonly on that part of a shared service model that
addresses IT problems; for example, reducing redundancy, encouraging integration,
and rationalizing the application portfolio. Solving these problems, however, only
addresses business problems tangentially through reduced costs and streamlined pro-
cesses and fails outright to attain the goals of customer centricity and enhanced service
to the business. The differences between the business vision for shared services and the
IT vision, unless aligned, is a recipe for disaster. Based on input from the focus group,
we build a conceptual model that bridges this gap by integrating the technical aspects
of an IT shared service with the business aspects. But, before we do this, it is necessary
to first discuss the key factors that constitute the basis for decision making regarding IT
shared services.
IdenTIFyIng candIdaTe ServIceS
An analysis of the existing shared services within the focus group revealed very little in
terms of discernible patterns. Some of the shared services were business-oriented services
(e.g., payment processing or procurement) while others were IT-oriented (e.g., print
management or network services). Some were comprehensive (e.g., application develop-
ment, disaster recovery) while others were narrowly focused (e.g., credit authorization).
Some of the services were deemed “core” while others were “noncore.” Other than enter-
prisewide need, no obvious logical structure emerged from our analysis as a potential
decision guideline for nominating shared services.
In general, the focus group felt that the selection criteria of candidate services for
the shared services model were best understood by contrasting shared services with
outsourcing. They argued that any service being considered for outsourcing could also
M07_MCKE0260_03_GE_C07.indd 116 12/3/14 8:39 PM

Chapter 7 • Effective IT Shared Services 117
be a candidate for a shared service subject to three key differences: knowledge reten-
tion, control of resources, and value generation. That is, organizations appear to opt for
a shared service in preference to outsourcing in order to retain critical knowledge and
skills internally, to exercise greater control over these resources, or to capture additional
value from the specific service rather than allowing it to accrue to the outsourcing party.
The conclusion reached by the focus group was that the processes structured as shared
services appear to offer a significant level of either present or future intrinsic value to
the parent organization, which makes the organization reluctant to relinquish them to a
third party. Services without incremental intrinsic value beyond cost savings are simply
outsourced.
an InTegraTed MOdel OF IT Shared ServIceS
One member of the focus group presented his organization’s model of a shared service
(Figure 7.1). In contrast to the Lacity and Fox (2008) framework, this conceptual model
highlights the functional attributes of the business service, the management framework
required to monitor and deliver the service, and the common technical infrastructure ser-
vices that support it. It suggests that IT shared services is best viewed as inter connected
layers of services; that is, business services are built on top of operational processes
and common IT infrastructure, each of which deliver “services” but of a different sort.
For example, a common business function (e.g., e-forms) is leveraged by multiple busi-
ness entities, supported by commonly managed business delivery processes and SLAs,
Multi-Tenant
Business Services
Common Business
Service Delivery
Processes
Common Supporting
IT Infrastructure
Components
Monitoring &
Reporting
Network Mgmt
Server Mgmt Desktop Mgmt
Storage Mgmt
SLA Mgmt
Usage Mgmt
Security Mgmt
Business Unit Business Unit Business Unit
FIgure 7.1 IT Shared Service Conceptual Model
M07_MCKE0260_03_GE_C07.indd 117 12/3/14 8:39 PM

118 Section II • IT Governance
and runs on common, highly standardized IT infrastructure. This model highlights
how successful IT shared services depend on the effective coordination of each of these
service layers. Although service delivery processes, such as relationship management
and SLA management, are critical for the business, infrastructure processes, such as
server and network management, are equally critical for the IT organization. The model
also suggests that focusing on a single layer while neglecting key processes existing
within other layers is likely to be unsuccessful and lead to the eventual failure of the
shared service. In organizations where the shared service is being driven by the IT orga-
nization with the goal of reuse, for example, the focus group suggested that the real
danger is that attention will be predominantly focused on technical components while
neglecting the managerial components (e.g., building effective customer relationships).
recOMMendaTIOnS FOr creaTIng eFFecTIve
IT Shared ServIceS
Based on their experiences, focus group members agreed on four strategies that
they believed would contribute to the successful creation of an IT shared services
organization.
1. Create a transparent process for goal alignment. The group pointed out the
importance of establishing a transparent process for articulating common goals. For
IT managers, the key attraction of a shared service is typically cost savings and/or
reduced complexity. Being able to reduce costs by means of mobilizing reuseable
assets standardizing platforms and virtualizing services, and eliminating redun-
dant systems while providing a uniform and consistent level of service is appeal-
ing. For business managers, however, the promise of cost savings comes second to
the desire for enhanced customer service through improved quality, faster response
and delivery, greater financial transparency, and/or improved relationships with
IT. Without goal clarity, transparency, and alignment, the shared services organiza-
tion will champion one set of goals over another, creating animosity between the
parent organization and the shared services provider. One manager described the
experience in her firm as follows:
The centralization of the service was soon viewed by the business as a stand-
in-line-and-wait for a one-size-fits-all solution . . . the fact that the business was
unable to do an end-run on this delivery process was seen as unresponsive to
the urgent and unforeseen demands placed on the business . . . the elimination of
business priorities . . . no one on the business side wanted to hear about reduced
costs of service.
The focus group suggested that the creation of a shared service need not
degrade into a situation of conflicting goals. There is nothing to suggest that
improved service and cost reduction cannot be tackled simultaneously. In fact, the
centralization process alone should produce sufficient economy of resources to
enable enhanced quality of service. The difficulty is typically built in at the outset of
the shared service by failing to articulate a set of explicit goals that have acceptance
by both the business and IT. Without mutual acceptance and alignment, the shared
service can be doomed at inception.
M07_MCKE0260_03_GE_C07.indd 118 12/3/14 8:39 PM

Chapter 7 • Effective IT Shared Services 119
2. Develop a comprehensive investment model. Establishing a shared services
organization is not a trivial task. In a majority of the cases, the existence of multiple
distributed services across the enterprise (perhaps globally) presents formidable
barriers to consolidation and coordination. Time differences, cultural differences,
and geographical distances all complicate the process. For global enterprises, legal
differences also come into play in building an effective shared services organiza-
tion. The focus group suggested that the larger the organization, the more onerous
the task and the longer it takes. But shared services are not just large organiza-
tion phenomena. As a practical rule, Bergeron (2003) suggests, the “shared services
model is a viable option when the savings from reduction in staffing are greater
than the added overhead of creating a management structure to run the shared
business unit.”
Administrative overhead is a significant component of the overall invest-
ment in shared services. In addition, there are other substantial one-time costs
associated with centralizing operations. These include the relocation of people,
consolidation of technology, establishing support roles/activities, developing
capabilities/skills, and building communication networks to support centralized
operations. Most organizations currently have chargeback mechanisms in place
for IT services but, according to the members of the focus group, these are often
inadequate for a shared service. For well-defined services (like printing, desktops,
or e-forms), the costs are easily identified and associated with the service levels
provided. With more complex services (e.g., payroll management, disaster recov-
ery and planning, records management), however, costing of the actual service
requires more sophisticated algorithms to apportion costs2 for services provided.
A key component is the ability to establish baselines for existing services. Without
these, it is problematic to assess the incremental contribution of a shared service
after its implementation.
A shared service investment model needs to account for significant ongoing
costs in addition to the start-up costs mentioned earlier. Realistic implementation
times range from “at least a year in simple domestic business scenarios involving
one or two company locations to five years or more for a major international orga-
nization with dozens of locations” (Bergeron 2003). Furthermore, cultural change
can present a more formidable challenge than amassing resources (Lacity and Fox
2008). A shared business unit is first and foremost about building relationships
between the parent organization and the service unit. Building effective relation-
ships takes time (Smith and McKeen 2010).
The bottom line is that the investment model for the establishment of a shared
service requires sophistication, understanding, and a commitment from the busi-
ness as well as IT to make it work. Depending on the size of the undertaking, even
reaching a breakeven point can be protracted. However, to the extent that the
investment model is comprehensive and has the backing of senior management,
it can withstand the ongoing challenges faced by any significant organizational
transformation.
2 Difficulty arises with apportioning actual costs on a service level basis. For instance, actual costs vary over
time with usage but business managers prefer to be billed on the basis of standardized rates/costs for specific
services.
M07_MCKE0260_03_GE_C07.indd 119 12/3/14 8:39 PM

120 Section II • IT Governance
3. Redraft the relationship with the business. The establishment of a shared ser-
vice necessitates a different type of relationship between the business and the
service provider. For instance, with a distributed service, business management
has the  ability to impose priorities to reflect the demands of the business. These
localized priorities, however, rarely survive the transition to a centralized service
mechanism. As a result, the business typically experiences feelings of loss of con-
trol with the creation of a shared service. The old adage “centralize for control,
decentralize for service” applies. Even worse is the potential to develop an “us
versus them” mentality, where the business feels a tangible disconnect between the
urgent demands of their business and the unresponsiveness of the shared services
provider. The risk of this occurring is greatly enhanced in situations lacking goal
alignment.
A customer service orientation must therefore be instilled within the shared ser-
vices organization to guarantee that satisfaction of the client remains the key goal. The
need for an effective service orientation, particularly during the early stages of the
development, is to counter the risk of the shared service being perceived as a “distant,
unresponsive, and overly bureaucratic” provider. Furthermore, this orientation
must be conveyed to the parent organization. This involves strengthening internal
IT capabilities; changing the mind-set of IT personnel; training and motivation;
and commitment from all levels of management (Fonstad and Subramani 2009).
To accomplish this, the shared service must build “internal sales and marketing”
competencies, which require resources focused on communi cating with current and
prospective customers (Bergeron 2003).
4. Make people an integral part of the process. Lacity and Fox (2008) argue that
successful shared services result from effective management of four interrelated
change programs: business process redesign (i.e., what business processes the
shared services organization will perform); sourcing redesign (i.e., who performs
the business processes); organizational redesign (i.e., where business processes will
be performed); and technology enablement (i.e., technologies used to implement
and coordinate the work). The focus group agreed with the need to manage each
of these programs effectively but was particularly enamored with the notion that
each of these programs was appropriately viewed as a “change” process. Their
experience suggested that the difference between success and failure of an IT
shared services initiative was frequently the result of the effectiveness of the change
process itself.
The creation of a shared services organization requires significant transforma-
tion within the IT organization and directly impacts IT staff. As with outsourcing,
dislocations are inevitable. As decentralized staff become centralized, reductions
are expected, reporting relationships change, new skills are required, existing
skills become redundant, and the overall relationship with the business becomes
much more immediate and business-like with the focus on the bottom line. None
of this happens automatically. Communications and marketing strategies take on
new importance. Customer service is no longer a “take it or leave it” phenom-
enon. Training is essential. New metrics and key performance indicators become
necessary. Service level agreements must be articulated and managed. Together,
this represents enormous change for IT. Bergeron (2003) suggests, “The  pace of
M07_MCKE0260_03_GE_C07.indd 120 12/3/14 8:39 PM

Chapter 7 • Effective IT Shared Services 121
cultural change, not the availability of resources or technology, generally gates
the limitation.”
The focus group did not provide specific suggestions for organizations to fol-
low but stressed a realization of the enormity and significance of the organizational
change that accompanied the adoption of a shared services model and a call to
make the “people part” of a shared services implementation the top priority. In
short, a customer service orientation is built over time and through the conscious
and deliberate attention of all employees. It thus needs to be planned as thoroughly
as any other major organizational transformation initiative.
In recent years, the interest in adopting a shared
services model for IT has grown substantially.
This interest has been driven by the desire
of business for a more customer-centric
and responsive IT organization and by IT
organizations pursuing centralization and
standardization strategies. When success-
ful, an IT shared services model can satisfy
both goals but key challenges arise during
the development and implementation of
the shared service. By bringing together a
number of senior IT managers with experi-
ence in building shared service organizations,
this chapter has clarified what a shared ser-
vice is and what it is not, identified different
forms of success and failure, articulated an
integrated conceptual model, and provided a
number of suggestions to improve the chances
of successful implementation. For those
charged with developing IT shared services
as well as those investi gating this emerging
organizational form, this chapter provides
insight and under standing for achieving
successful shared services and ultimately
the goal of improving overall organizational
performance.
Conclusion
Accenture. “Driving High Performance in
Government: Maximizing the Value of Public-
Sector Shared Services.” http://www.accenture.
c o m / S i t e C o l l e c t i o n D o c u m e n t s / P D F /
Accenture_Driving_High_Performance_in_
Government_Maximizing_the_Value_of_
Public_Sector_Shared_Services , 2005.
Andriole, S. “The 7 Habits of Highly Effective
Technology Leaders.” Communications of the
ACM 50, no. 3 (March 2007): 67–72.
Bergeron, Brian. Essentials of Shared Services.
Hoboken, NJ: John Wiley & Sons Inc., 2003.
Fonstad, N., and M. Subramani. “Building
Enterprise Alignment: A Case Study.” MIS
Quarterly Executive 8, no. 1 (March 2009): 31–41.
Lacity, M., and J. Fox. “Creating Global Shared
Services: Lessons from Reuters.” MIS Quarterly
Executive 7, no. 1 (March 2008): 17–32.
McKeen, J. D., and H. A. Smith. “Delivering
IT Functions: A Decision Framework.”
Communications of the Association of Information
Systems 19, Article 35 (June 2007): 725–39.
Smith, H. A. and J. D. McKeen. “Building a
Strong Relationship with the Business.”
Communications of the Association of Information
Systems 26, Article 19 (April 2010): 429–40.
Wikipedia. http://en.wikipedia.org/wiki/
Shared_services, May 2014.
References
M07_MCKE0260_03_GE_C07.indd 121 12/3/14 8:39 PM

122
C h a p t e r
8
Successful IT Sourcing: Maturity
Model, Sourcing Options,
and Decision Criteria1
1 This chapter is based on the authors’ previously published article, McKeen, J. D., and H. A. Smith.
“Delivering IT Functions: A Decision Framework.” Communications of the Association for Information Systems 19,
no. 35 (June 2007): 725–39. Reproduced by permission of the Association for Information Systems.
Every five years starting in 1995, the focus group has taken stock of the responsibilities for which IT is held accountable (Smith and McKeen 2006; Smith and McKeen 2012). To no one’s surprise, the list of IT responsibilities has grown
dramatically. To the standard list of “operations management,” “systems development,”
and “network management” have now been added responsibilities such as business
transformation, regulatory compliance, enterprise and security architecture manage-
ment, information and content management, mobile and social computing, business
intelligence and analytics, risk management, innovation, demand management, and
business continuity management (Smith and McKeen 2012). Never before has IT man-
agement been challenged to assume such diversity of responsibility and to deliver on
so many different fronts. As a result, IT managers have begun to critically examine how
they source and deliver their various services to the organization.
In the past, organizations met additional demands for IT functionality by simply
adding more staff. Today, increasing permanent IT staff is less viable than in the past
and this has led IT organizations to explore other options. Fortunately, several sourcing
alternatives are at hand for delivering IT functionality. Software can be purchased or
rented from the cloud, customized systems can be developed by third parties, whole
business processes can be outsourced, technical expertise can be contracted, data center
facilities can be managed, networking solutions (e.g., data, voice) are obtainable, data
storage is available on demand, and companies will manage your desktop environment
as well as all of your support/maintenance functions. Faced with this smorgasbord of
sourcing options, organizations are experimenting as never before. As with other forms
of experimentation, however, there have been failures as well as successes, and most
decisions have been made on a “one-off” basis. What is still lacking is a unified decision
framework to guide IT managers through this maze of sourcing options.
M08_MCKE0260_03_GE_C08.indd 122 12/3/14 8:40 PM

Chapter 8 • Successful IT Sourcing 123
This chapter explores how organizations are choosing to source and deliver IT
“functions.” The first section defines what we mean by an IT function and proposes a
maturity model for IT functions. Following this, we take a conceptual look at IT sourc-
ing options, and then we analyze actual company experiences with four different IT
sourcing options—(1) in-house, (2) insource, (3) outsource,2 and (4) partnership—in
order to contrast theory with practice. The penultimate section of the chapter presents a
framework for guiding sourcing decisions stemming from the shared experiences and
insights of the managers in the focus group. The final section presents strategies for the
effective management of IT sourcing.
A MAturity Model for it functions
Smith and McKeen (2012) list the overall responsibilities for which IT is held account-
able. IT functions, in contrast, represent the specific activities that are delivered by IT
in the fulfillment of its responsibilities. For instance, IT is held responsible for deliver-
ing process automation, which it may satisfy by providing the following IT functions to
the organization: project management, architecture planning, business analysis, system
development, quality assurance and testing, and infrastructure support. Although an IT
department provides myriad functions to its parent organization, a compendium of the
key roles was created by amalgamating the lists provided by the members of the focus
group (see Table 8.1).3 This is meant to be representative, not comprehensive, to demon-
strate how IT functions can form the basis of a sourcing decision framework.
Participants pointed out that not all IT functions are at the same stage of devel-
opment and maturity, a fact that has ramifications for how these functions could be
sourced. And although some functions are well defined, common to most companies,
and commodity-like, others are unique, nonstandardized, and not easily shared. There
was general agreement, however, that a maturity model for IT functions has five stages:
(1) unique, (2) common, (3) standardized, (4) commoditized, and (5) utility.
1. Unique. A unique IT function is one that provides strategic (perhaps even
proprietary) advantage and benefit. These IT functions seek to differentiate the
organization in the marketplace. They are commonly, but not necessarily, deliv-
ered by internal IT staff due to the strategic aspect of the function being provided.
Alternately, the function may be provided either by “boutique” firms that create
special-purpose applications or by firms with in-depth industry experience that
cannot be matched by internal IT staff (or even the internal business managers).
Examples of unique IT functions might be business analysis, application integration,
or knowledge-enabling business processes. Such functions depend on familiarity
with the organization’s internal systems combined with an in-depth knowledge of
the business.
2. Common. This type of IT function caters to common (i.e., universal) organiza-
tional needs. Such a function has little ability to differentiate the business, but it
2 We use the term “outsource” inclusively to reflect specific options such as “off-shoring” and “near-shoring.”
3 We actually prefer the term service to function but we chose the term function to avoid confusion with the
usage of service as in service-oriented architecture (SOA).
M08_MCKE0260_03_GE_C08.indd 123 12/3/14 8:40 PM

124 Section II • IT Governance
Table 8.1 list of IT Functions
IT Function Description
Business analysis Liaison between IT and the business to align IT planning, match
technology to business needs, and forecast future business
directions
Systems analysis Elicits business requirements, designs process flow, outlines
document management, and creates design specifications for
developers
Strategy and planning Project prioritization, budgeting, financial planning/
accountability, strategy development, policy development,
and portfolio analysis
Data management Transactional data (e.g., invoicing, shipping), customer data
(e.g., customer relationship management [CRM]), records
management, knowledge management, and business
intelligence
Project management Managing the resources (e.g., money, people, time, and
equipment) necessary to bring a project to fruition in compliance
with requirements
Architecture Establishing the interaction of all system components (e.g.,
hardware, software, and networking), enterprise compliance with
specifications and standards
Application development Designing, writing, documenting, and unit testing required
code to enact specific functionality in compliance with a design
specification
Quality assurance and
testing
Testing all components of an application prior to production to
ensure it is functioning correctly and meets regulatory and audit
standards
Networking Managing all networking components (e.g., hubs and routers)
to handle all forms of organizational communication (e.g., data,
voice, and streaming video)
Operating systems and
services
Operating systems for all hardware platforms and other devices
(e.g., handhelds), upgrades, maintenance, and enhancements
Application support Provides enhancements, updates, and maintenance for
application systems plus help and assistance for application users
Data center operations Manages all operations of the production data center and
data storage environment, including backup, DRP, security and
access, and availability
Application software Manages all major applications (e.g., purchased or developed)
to ensure viability of functionality and upgradability with a
special emphasis on legacy systems
Hardware Data servers, power supplies, desktops, laptops, Blackberries,
telephones, and special equipment (e.g., POS, badge readers,
and RFID tags)
M08_MCKE0260_03_GE_C08.indd 124 12/3/14 8:40 PM

Chapter 8 • Successful IT Sourcing 125
provides a necessary, perhaps critical, component (e.g., financial systems and
HR). Providers capitalize on commonality of function and are motivated to pro-
vide functions (e.g., customer relationship management [CRM], quality assurance,
and content management) to maximize market applicability. Most print operations
are now common functions, for instance. Although they differ from firm to firm,
they are required by most firms but are not considered to provide any competitive
advantage.
3. Standardized. Standardized IT functions not only provide common tasks/ activities
but also adhere to a set of standards developed and governed by external agen-
cies. Although multiple, perhaps competing, standards may exist, the attributes of
such functions are well articulated, and as a result these functions enjoy wide appli-
cability due to their standardization. Providers of such functionality (e.g., billing/
payment functions, check processing, forms management, facilities management,
and disaster recovery planning) seek opportunities beyond common functions by
promoting (i.e., developing, proposing, and/or adopting) standards to enhance the
interoperability of their functional offerings.
4. Commoditized. These functions are considered commodities similar to oil
and gas. Once attributes are stipulated, functions are interchangeable and
indistinguishable (i.e., any barrel of oil will suffice). Furthermore, there may be
many providers of the function. A good example is application service providers
(ASPs) who deliver standard applications developed by third-party vendors to
client firms without customization. Other commodity functions include network
services, server farms, storage capacity, backup services, and universal power
supply (UPS). What really distinguishes a commodity is the realization that the
“risks imposed by its absence outweigh the burdens of maintaining its availability”
(Marquis 2006).
5. Utility. A utility function is a commodity (such as electricity) delivered by a cen-
tralized and consolidated source.4 This source typically consists of an amalgam of
suppliers operating within an integrated network capable of generating sufficient
resource to fulfill continuous on-demand requests. Private utilities operate in com-
petition with other providers, whereas public utilities tend to be single providers
overseen by regulatory agencies that govern supply, pricing, and size. Examples of
utilities include Internet service providers (ISPs) as well as other telecommunica-
tion services (e.g., bandwidth on demand, and cloud services).
These stages represent an evolutionary progression (or maturation) in IT func-
tionality. The logic is straightforward: successful, unique functions are copied by other
organizations and soon become common; commonality among IT functions paves
the way for standardization; standardized functions are easily and effectively trans-
acted as commodities; and finally, commoditized functions can be provided by utilities
should an attractive business model exist. The group interpreted this progression as an
ongoing process—that is, individual functions would be expected to advance through
4 This concept has generated a significant amount of interest (Hagel and Brown 2001; Rappa 2004; Ross and
Westerman 2004). Carr (2005), for example, speculates that not only is the utility computing model inevitable,
but it will also dramatically change the nature of the whole computing industry in a fashion similar to electri-
cal generation of the previous century.
M08_MCKE0260_03_GE_C08.indd 125 12/3/14 8:40 PM

126 Section II • IT Governance
the sequence of stages as they matured. Furthermore, the continual discovery of new
and unique IT functions, which are required by organizations to differentiate them-
selves and create strategic advantage in the marketplace, would guarantee the continu-
ation of the whole evolutionary progression as depicted in Figure 8.1.
Using this maturity model, we then classified the IT functions listed in Table 8.1
according to their attained maturity stage. The results are represented in Figure 8.2.
The differences among various IT functions are quite remarkable. Hardware (including
servers and storage) was considered to reside at the commodity end of the maturity
model due to its degree of standardization and interoperability, whereas business
analysis remains a relatively unique IT function that differs considerably from organi-
zation to organization. Application software is more varied; some application softwares
are commodity-like, whereas other applications are highly unique to individual firms.
The remaining IT functions vary similarly with respect to the maturity of their develop-
ment and adoption industrywide.
The impetus for this discussion of function maturity was an implicit assumption
that mature functions would be likely candidates for external sourcing, and unique
functions would be likely candidates for internal sourcing. For instance, functions such
as hardware, networks, common applications, and data center operations would be
natural candidates for external provisioning, and IT planning, business and systems
analysis, project management, and application development would be more likely pro-
vided by internal IT staff. The group agreed that these were indeed general trends. What
proved to be somewhat of a surprise, though, was the degree that this generalization
did not appear to hold as members of the focus group repeatedly shared examples of
their specific sourcing activities that ran counter to this generalization; for example,
they insourced commoditized functions and outsourced unique functions. We will
return to this point later.
Unique
Common
Standardized
Commoditized
Utility
figure 8.1 Maturity Model for IT Function Delivery
M08_MCKE0260_03_GE_C08.indd 126 12/3/14 8:40 PM

Chapter 8 • Successful IT Sourcing 127
it sourcing options: theory Versus prActice
Building on classifications developed by Lacity and Willcocks (2000), we considered
four different sourcing options for IT functions:
1. In-house. Permanent IT staff provide the IT function.
2. Insource. IT personnel are brought into the organization to supplement the
existing permanent IT staff to provide the IT function.
3. Outsource. IT functions are provided by an external organization using its own
staff and resources.
4. Partnership. A partnership is formed with another organization to provide IT
functions. The partnership could take the form of a joint venture or involve the cre-
ation of a separate company.
Figure 8.3 depicts the group’s assessment of what the relationship between
specific IT functions and sourcing options should be by superimposing the four IT sourc-
ing options on the maturity grid. From this model it is clear that in-house staff should be
assigned tasks that are in the unique–common maturity stages. Asking in-house staff to
provide commodity-like functions would not be leveraging their unique knowledge of
the business; because of their versatility, they can provide any IT function. As a result,
their area of application was seen as being on the left of Figure 8.3 from top to bottom.
Insourcing is basically a strategy of leveraging the in-house IT staff on a temporary basis.
As such, contract staff should normally be assigned to work with permanent IT staff on
a subset of the full range of tasks provided internally. Partnerships tend to exist in the
lower part of Figure 8.3 because the truly unique tasks of business/systems analysis,
Business Analysis
IT
F
u
n
c
ti
o
n
Systems Analysis
Strategy & Planning
Data Management
Project Management
Architecture
Application Development
Quality Assurance and Testing
Operating System and Services
Application Support
Data Center Operations
Application Software
Networking
Hardware
Unique Common
Maturity Stage
Standardized Commoditized Utility
figure 8.2 IT Functions Ranked by Maturity Stage
M08_MCKE0260_03_GE_C08.indd 127 12/3/14 8:40 PM

128 Section II • IT Governance
planning, data management, and project management tend to be limited to a single
organization and its strategy. Instead, partnerships were envisioned to focus on func-
tions such as hardware, applications, software, and networking. Such partnerships
could form regardless of maturity stage, which explains the left-to-right positioning
of this IT sourcing option in Figure 8.3 Finally, outsourcing should comprise a subset of
partnerships much the same as insourcing comprises a subset of in-house functions. The
reason is due to differences in governance; outsourcing arrangements are well articu-
lated and governed by service-level agreements (SLAs), and partnerships are typically
governed by memoranda of understanding (MOU). If an organization is interested in a
more flexible, innovative, and open-ended initiative, it would be better advised to seek
a joint venture with another firm. Hence, partnerships were seen to have broader poten-
tial as a sourcing option for IT functions.
Figure 8.3 represents the focus group’s “generally accepted wisdom” regarding IT
function sourcing. Unfortunately, due to the extent of the overlap of functions provided
by the different sourcing options, Figure 8.3 provides limited guidance for managers
tasked with choosing sourcing options for specific IT functions. In order to gain more
insight into decision behavior in practice, the group was asked to share recent examples
of IT functions they were currently delivering by each of the four sourcing options. In
addition, they were asked to describe the justification criteria that their firm used in
making these decisions as well as the benefits they felt they had realized.5 These exam-
ples were analyzed and the results used to create Table 8.2.
5 With few exceptions (e.g., Bandula and Hirschheim 2009), relatively little research has focused on under-
standing the reasons for (and justification of) IT sourcing decisions within organizational settings.
In-house
IT
F
u
n
c
ti
o
n
Insource
Partnership
Outsource
Business Analysis
Systems Analysis
Strategy & Planning
Data Management
Project Management
Architecture
Application Development
Quality Assurance and Testing
Operating System and Services
Application Support
Data Center Operations
Application Software
Networking
Hardware
Unique Common
Maturity Stage
Standardized Commoditized Utility
figure 8.3 Delivery Options for IT Functions
M08_MCKE0260_03_GE_C08.indd 128 12/3/14 8:40 PM

Chapter 8 • Successful IT Sourcing 129
Table 8.2 examples of Usage of the Four Delivery Options
Delivery
Option examples Justification Realized benefits
In-house • Strategic system
development
• Legacy system support
• New system
development
• Help desk/desktop
support
• Information/document
management
• Application support
• Intranet development
• Technology support
• Business systems
analysis
• Project management
• Security services
(change control)
• Business intelligence
and reporting
• Need to have
complete control
over the intellectual
property
• Need it now
• Work is strategic
• Skunkworks
• Internal
consulting to the
business
• High-speed delivery
• Leverage internal
business and system
knowledge
• Ownership of
intellectual property
• Security of data
• Protection and
preservation of critical
knowledge
• Focus on core systems
that are considered
key assets
Insource • Portal development
• Specialized system
(e.g., POS, CRM)
development
• Data warehouse
development
• Database development
• Intranet development
• Corporate systems
development
• Contract staff to
provide key skills
• Both local contractors
and offshore company
on retainer
• Need to have
control over project
delivery
• Exposing
intellectual property
not an issue
• Recurring program
delivery such as ERP
and CRM
• Highly flexible
(e.g., personnel,
engagement, and
assignments)
• Best of multiple
vendors used
• No need to expand
internal IT staff
• Staff easily meshed
with existing teams
• Semipermanent
personnel if desired
• Quick access to
specific skill sets
• Manage people as
opposed to contracts
• Evens out staffing
“hills and valleys”
(continued)
M08_MCKE0260_03_GE_C08.indd 129 12/3/14 8:40 PM

130 Section II • IT Governance
Delivery
Option examples Justification Realized benefits
Outsource • Infrastructure for new
product
• Business processes
(e.g., billing, payroll)
• Operations
• Help desk
• Field service support
• Network management
• Technology infrastruc-
ture (servers, storage,
communications)
• Web site development
and hosting
• Technology rollout
• New stand-alone
project delivery
• The work is not
“point of
differentiation.”
• Company does
not have the
competency
in-house.
• Deliverable is well
understood, and
SLAs are articulated
to the satisfaction of
both parties.
• The outsourcer is
“world class.”
• Speed to market for
specific products/
systems
• Acquire instant
expertise as vendors
are experts (often
world class)
• Business risk
transferred to
supplier
• Outsourcer provides
more “levers” for
value creation
(e.g., size, scope)
• Lower cost than
in-house
Partnership • Common service
(e.g., statement
processing and
payment services)
• Emergency backup and
support
• Shared infrastructure
• Special application
development (e.g.,
critical knowledge
requirement)
• Realize alignment
on a benefit-sharing
model
• Enable collaborating
partners to compete
with others outside
the partnership
• Future business
growth and/or
opportunities that
arose from the
partnership
• Benefits not limited
to a specific prod-
uct or system
deliverable
• Decreased learning
time and shared
learning costs with
partners
Perhaps the most surprising result based on the examples in column 2 of Table 8.2
is the lack of evidence of a relationship between IT functions and sourcing options. Such
a relationship, were it to exist, would provide a natural basis for a decision framework.
However, not only does it not exist, but there is also considerable evidence to the contrary
(i.e., the observation that identical IT functions are being delivered by all four sourcing
options). As a case in point, various types of systems development as well as applica-
tion support/maintenance functions are provided by all four sourcing options. Earlier we
noted the generally accepted wisdom did not appear to hold up that commodity func-
tions are ready candidates for outsourcing, whereas unique functions are not. The data in
Table 8.2 further corroborate this observation. Given this, one wonders what the operative
criteria for choosing sourcing options are if not the type (or maturity) of the IT function.
Table 8.2 Continued
M08_MCKE0260_03_GE_C08.indd 130 12/3/14 8:40 PM

Chapter 8 • Successful IT Sourcing 131
the “reAl” decision criteriA
To explore this issue, participants were asked to review a recent business case and to
share the actual criteria that were used to select the specific IT sourcing option. Column 3
in Table 8.2 illustrates the justifications used for each of the four sourcing options. This
paints a much clearer picture of the decision criteria being used by IT managers when
selecting sourcing options.6
decision criterion #1: flexibility
As a decision criterion, flexibility has two dimensions: response time (i.e., how quickly
IT functionality can be delivered) and capability (i.e., the range of IT functionality).
In-house staff rate high on both dimensions. Insourcing, as a complement to permanent
IT staff, is also a highly flexible sourcing option. Although outsourcing can theoretically
provide just about anything, as a sourcing option it exhibits less flexibility because of
the need to locate an outsourcer who can provide the specific function, negotiate a con-
tract, and monitor progress. Finally, partnerships enjoy considerable flexibility regard-
ing capability but much less in terms of response time.7 Within a partnership, the goal is
to create value for the members of the partnership beyond what can be created by any
single organization. How this value is created is up to the partnership, and as long as
the parties agree, virtually anything is possible.
decision criterion #2: control
This decision criterion also has two dimensions: delivery (i.e., ensuring that the deliv-
ered IT function complies with requirements) and security (i.e., protecting intellectual
assets). Because they rank high on both dimensions of control, in-house and insourcing
options are favored in cases where the work is proprietary, strategic, “below the radar”
(i.e., skunkworks), or needed immediately (see Table 8.2). Outsourcing is the preferred
delivery option when the function is not considered “a point of differentiation” and the
deliverable is well understood and easily governed by means of a service-level agree-
ment. Partnerships are designed to be self-controlling by the membership, and as pre-
viously observed, the functions provided by partnerships tend to be more open ended
than those provided by other options.
In Table 8.2, column 4 presents the benefits of each sourcing option. For the most
part, this list is closely aligned with the list of justifications found in column 3. As such, it
reinforces the existence of flexibility and control as key decision criteria. But in addition,
a third key factor appears: knowledge enablement. Mentioned only tangentially within
the list of justifications (e.g., “competence,” “internal consulting,” and “world class”),
it is much more evident within the list of realized benefits (e.g., “leveraging internal
business and system knowledge,” “preservation of critical knowledge,” “quick access
to specific skill sets,” “decreased learning time,” and “sharing the learning costs with
7 Response time within a partnership depends on two interdependent conditions holding: (1) a partnership
must already exist, and (2) all partners must be committed to the same delivery timeline.
6 This analysis excludes other factors such a political, institutional, or environmental which can sometimes
override normal organizational factors in IT sourcing decisions (Mola and Carugati 2012).
M08_MCKE0260_03_GE_C08.indd 131 12/3/14 8:40 PM

132 Section II • IT Governance
partners”). Marquis (2006) argues that “what is not easily replicable, and thus is poten-
tially strategic, is an organization’s intelligence and capability. By combining skills and
resources in unique and enduring ways to grow core competencies, firms may succeed
in establishing competitive advantage.”
decision criterion #3: Knowledge enhancement
Behind many sourcing decisions is the need to either capture knowledge or retain it.
One firm cited the example of developing a new business product. It “normally” would
have been outsourced, but it was intentionally developed by in-house staff augmented
by key contract personnel. The reason was to transfer knowledge of this new busi-
ness product to internal IT personnel as well as to business personnel (who were also
unfamiliar with this type of business offering). At another firm, the decision was made
to insource key expertise “not to do the work, but to train internal staff how to do the
work.” The manager stated, “It would have been more logical and far cheaper to out-
source the whole project.” In another firm the support function for a key application
was repatriated because the firm felt that it was losing an important learning oppor-
tunity that would keep staff abreast of developments in the market and develop new
knowledge concerning a key line of business with growth potential. Furthermore, it is
not just knowledge development that is the critical factor; knowledge retention is equally
important. Whether implicitly or explicitly, knowledge enhancement appears to play a
key role in most sourcing decisions.
decision criterion #4: Business exigency
Unforeseen business opportunities arise periodically, and firms with the ability to
respond do so. Because of the urgency and importance of these business opportuni-
ties, they are not governed by the standard planning/budgeting processes and, indeed,
most do not appear on the annual IT plan. Instead, a decision is made to seize the
opportunity, and normal decision criteria are jettisoned in order to be responsive to
the business. In these cases, whichever sourcing option can produce results fastest is
selected. The sourcing option could be any of the four but is less likely to be a partner-
ship unless the urgent request can be accommodated within the structure of an existing
arrangement. Seen in a resource-planning context, business exigency demands consti-
tute the “peaks” or “spikes.” As one manager stated, “We have peaks and valleys, and
we outsource the peaks.”
The discussion also revealed the existence of two distinct sets of decision criteria:
“normal” versus “actual.” Manager after manager explained their decisions with the
following preface: “Normally we would make the decision this way, but in this case we
actually made the decision differently.” When the participants referred to the normal set,
they primarily cited issues of flexibility, control, and knowledge enablement. But when
they described the actual decision criteria used to select the sourcing option, a fourth
factor emerged: “business exigency.”
It is difficult to ascertain the full effect of this last decision criterion. Certainly busi-
ness exigency is a dominant factor. In an urgent situation, the fastest sourcing option
will take precedence. However, it is likely that the other three decision criteria play a
significant role in the majority of sourcing decisions regarding IT functionality. We are
left to conclude that business exigency plays a more dramatic but less frequent role.
M08_MCKE0260_03_GE_C08.indd 132 12/3/14 8:40 PM

Chapter 8 • Successful IT Sourcing 133
A decision frAMeworK for sourcing it functions
Finally, the focus group was asked to outline a set of strategies for deciding how to
source and deliver IT functions based on their collective experience and insights. The
following step-by-step framework emerged.
identify your core it functions
The identification of core functions is the first and most critical step in creating a deci-
sion framework for selecting sourcing options. One manager captured this as follows:
The days of IT being good at all things have long gone. . . . Today you have to pick
your spots. . . . You have to decide where you need to excel to achieve competitive
differentiation. . . . Being OK at most things is a recipe for failure sooner or later.
It was argued that the IT organization should approach the exercise of identifying
its core functions by taking a page from the business handbook—that is, decide where
competitive advantage lies, buttress it with the best resources, and divest all ancillary
activities. In the case of IT, “divestiture” translates into seeking external sourcing of
functions because the responsibility and accountability for all IT functions will always
remain with the IT organization.
Asked what constitutes a core function, the group suggested that it would depend
entirely on where and how the IT organization decides it can leverage the business
most effectively. Interestingly, what was considered core varied dramatically across the
sample of organizations represented, spreading across the entire spectrum of IT func-
tions, including legacy system enhancement, business process design, enterprise system
implementation, project management, and even data center operations. The only
conclusion that resonated with the entire group was that “it matters more that the  IT
organization has identified core functions than what those functions actually are.”
The articulation of core functions has major implications. First, the selection of core
functions lays the cornerstone for the decision framework for sourcing options. That is
because, ideally, in-house functions reflect the organization’s set of core functions. The
assignment of permanent IT personnel to core IT functions, by default, assigns noncore
activities to the remaining three IT sourcing options (as we will see in the next strategy).
Second, the selection of core functions directly impacts the careers of IT personnel. For
example, one manager explained that at her organization “project management, busi-
ness process design, and relationship management are key skills, and we encourage
development in these areas.” The implications for IT staff currently fulfilling “noncore”
roles can be threatening as these areas are key targets for external sourcing.
create a “function sourcing” profile
One participant introduced the concept of a “function sourcing” profile—a device that
had been deployed successfully within his organization. It is reproduced in Table 8.3
and modified to accommodate the list of IT functions found in Table 8.1. This sample
profile demonstrates (1) current core functions, (2) future core functions (additions and
deletions), and (3) preferred sourcing options for each IT function. What is most impor-
tant is that this profile is built on an internal assessment of core IT functions. Research
M08_MCKE0260_03_GE_C08.indd 133 12/3/14 8:40 PM

134 Section II • IT Governance
(Bullen et al. 2007) has shown that core functions tend to change over time suggesting
that this analysis be conducted perhaps every few years. The justification provided by
this particular organization for its specific sourcing profile follows:
• Project management, business analysis, and architecture (both system and enter-
prise) are primarily provided in-house but may be augmented with insourced
resources as required. In-house sourcing is preferred for these functions for two
reasons: First, project management and business analysis are recognized strengths
within the organization, and second, this gives the organization more control over
project direction.
• Because it is not recognized as a core function, development is primarily outsourced
or insourced depending on the scope of the project.
• Quality assurance (QA) and testing are largely insourced as these are recognized as
highly specialized skills, although not core functions. As a result, an entire division
of IT is dedicated to these activities. Resources within this group are primarily con-
tractors from a variety of vendors.
Table 8.3 Sample Function Delivery Profile
Core Function? IT Function In-house Insource Outsource Partnership
Yes Business analysis ✓
Systems analysis ✓
In Future Strategy and planning ✓ ✓
In Future Data management ✓
Yes Project management ✓ ✓
Yes Architecture ✓ ✓
Application
development
✓ ✓ ✓
QA and testing ✓
Now but not in
future
Networking ✓ ✓
Operating systems
and services
✓
Yes Application support ✓
Data center
operations
✓
Application
software
✓ ✓
Hardware ✓
M08_MCKE0260_03_GE_C08.indd 134 12/3/14 8:40 PM

Chapter 8 • Successful IT Sourcing 135
• Application support is a designated core function. Given the depth of business
process knowledge needed as well as the in-depth knowledge of key applications
required, this function is staffed entirely by internal IT personnel.
• Networking is currently provided by in-house staff augmented by insourced
staff but is in transition. A recently formed partnership will eventually make
this a noncore activity, and networking will eventually be provided entirely by
the partner. This sourcing option allows cost sharing and accommodates future
growth. The partnership does not provide competitive advantage; it just makes
good business sense.
• The strategy and planning function as well as data management have been
designated as future core functions. The firm is insourcing expertise from a top
strategy consultancy to transition this skill to internal IT personnel. This explicitly
recognizes the emerging importance of IT to the firm. Similarly, data management
needs to become a key competitive strength in order to shorten product develop-
ment cycles and time to market.
The sample profile depicted in Table 8.3 does not represent a “preferred” or even
“typical” IT sourcing strategy. Instead, it simply demonstrates how the four sourcing
options combine to satisfy the IT needs of a specific organization. Other organizations
with a different mix of core functions (or even with the same mix) might well demon-
strate a very different profile.
evolve full-time it personnel
Because of the alignment between core IT functions and in-house delivery, it is
evident that sourcing decisions should be based on leveraging an organization’s full-
time IT personnel. In fact, the focus group argued that this factor should be used
to determine the majority of sourcing decisions. It is based on the realization that
permanent IT personnel collectively represent a major investment by the organiza-
tion and that this investment needs to be maximized (or at least optimized). This
reinforces the previous discussion of “knowledge enhancement” as one of the key
decision criteria in the selection of IT sourcing mechanisms. One manager said the
following:
We choose a sourcing option based on how it can build strength in one of our designated
core competency areas. This may involve insourcing, outsourcing, a partnership, or any
combination of these [but] … we have never outsourced a core competency.
The sample profile in Table 8.3 suggests how the three external sourcing options
(i.e., insourcing, outsourcing, and partnerships) can be used to supplement permanent
IT personnel. Furthermore, the group suggested that a precedence for ordering should
exist among the sourcing options. Specifically, in-house and insourcing considerations
should be resolved before outsourcing and partnerships are explored. The criteria to be
used to decide between outsourcing and partnerships as sourcing options should be
flexibility, control, and business exigency (given that knowledge enablement is used to
decide between in-house and insourcing). Insourcing, in particular, can be used stra-
tegically to bring in expertise to backfill knowledge gaps in core IT functions, address
business exigency needs, and take on new (or shed old) core functions. Furthermore,
M08_MCKE0260_03_GE_C08.indd 135 12/3/14 8:40 PM

136 Section II • IT Governance
insourcing represents variable costing, so there is usually maximal flexibility, which
helps to smooth out resource “peaks and valleys.”
The other method suggested to evolve internal IT staff, beyond supplement-
ing them with the three external sourcing options, is to hire strategically.8 In other
words, the range of IT sourcing options permits “strategic” hiring as opposed to
“replacement” hiring. In the past, IT organizations felt the need to “cover all the
bases” with their hiring, and as individuals departed the organization, replacements
were sought. Today, however, there is no such impetus. In fact, attrition in noncore
areas is considered advantageous as it permits hiring in designated strategic areas.
This approach extends to permanent staff as well—that is, existing staff are strongly
encouraged to develop their skills and expertise in alignment with designated core
IT functions.
encourage exploration of the whole range of sourcing options
Based on our sample of companies, it can be concluded that we are in the learning phase
of IT function sourcing. Some firms are clearly taking advantage of this opportunity and
exercising their options in many different, often creative, ways. Others, perhaps more
reticent, are sampling less broadly—choosing to stay within their “comfort zone”—
and sourcing IT functions predominantly with in-house resources. Most, however, are
somewhere in the middle—that is, actively exploring different types of sourcing options
mostly for the first time. In all cases, exploration appears to be taking place without any
strategy or guidelines; hence, decisions are taken one at a time. As a result, learning
has been piecemeal—a phenomenon that may partially explain the lack of established
trends in Table 8.2.
combine sourcing options strategically
One of the key reasons for focusing on IT functions as opposed to another unit of
analysis (e.g., projects, applications, or services) became clear by way of an exam-
ple described by a manager. Satisfying her firm’s data storage needs could involve
using the provider ’s equipment, facilities, and staff. Or it could be the organization’s
hardware and staff in the provider ’s facilities, or basically any combination of the
above. In each of these situations, the organization could justifiably claim that it had
“outsourced” its data storage. Such a claim would be highly ambiguous. As a result,
decisions need to be focused on the sourcing of specific IT functions—that is, a micro-
versus a macroview.
Adopting a microview makes it possible to entertain the use of combinations of
sourcing options for the provision of IT functions. Participants pointed out that mul-
tiple sourcing options are often used within a single project. In fact, they suggested
that selecting a single sourcing option for a project in its entirety is fast becoming
8 Although organizations continuously search for top IT talent, there appears to be a general aversion to
increasing permanent staff among the focus group’s companies. The consensus in the focus group was that
this hiring aversion is fueling the growth of sourcing options such as insourcing, outsourcing, and partner-
ships, but the group was reluctant to use this factor to explain IT sourcing behavior. Instead, they claimed
that the real driver was the existence of many alternative sourcing options, which have demonstrated the
capability of providing superior results.
M08_MCKE0260_03_GE_C08.indd 136 12/3/14 8:40 PM

Chapter 8 • Successful IT Sourcing 137
nonstandard practice. The reality is that multiple providers are necessary to meet
today’s demands, particularly those of the business-exigency variety. This need for an
amalgam of sourcing options is easily understood with functions such as application
development. Here requirements and design may be done in-house, coding may be
outsourced to a third party, testing and quality assurance may be done by insourced
experts, and implementation and rollout might be in partnership. Combining separate
sourcing options strategically can result in realizable benefits such as speed to market
and quality of product or service. Speed to market results from parallel, synchronized
development, and quality results from engaging sourcing options based on demon-
strated expertise and best practice.
A MAnAgeMent frAMeworK for successful sourcing
As sourcing takes on a more central part of IT and organizational strategy, we are
learning more about what it takes to manage sourcing successfully. Furthermore, these
emergent management practices have a reciprocal impact on sourcing decisions. The
focus group identified a number of key factors essential to effective management of
sourcing options: develop a sourcing strategy, develop a risk mitigation strategy,
develop a governance strategy, and understand the cost structures.
develop a sourcing strategy
Whether a company uses sourcing strategically or not, every organization should have
an overall sourcing strategy. Using a decision framework (such as that presented in
this chapter), organizations need to determine what to source, where to source, and to
whom to source. There are many different ways of determining what to source but, in
practice, numerous approaches to “right-sourcing” are possible. What is right for one
organization is not necessarily right for another. The point is that organizations must go
through the exercise of determining for themselves what’s core and what’s not and this
will pave the way for an effective sourcing strategy.
develop a risk Mitigation strategy
“War stories” abound. Every firm can cite examples of activities that had to be
resourced to a different vendor, tasks that needed to be reinsourced, or contracts that
were renegotiated because of problems. The fact is sourcing introduces new levels of
risk to the organization. Loss of control, security and privacy problems, poor-quality
work, hidden costs, lack of standards, unmet expectations, and bad publicity are just
some of the problems that have been experienced. When moving into new forms of
sourcing, it is important to incorporate risk management and mitigation into every
aspect of sourcing.
• Detailed planning is essential. Precise definitions of roles, responsibilities, and expec-
tations must be developed. Specialists in outsourcing are now available to provide
advice on how to select a vendor and plan the work involved. The specialists can
assist—but not replace—the IT sourcing team in understanding how to assess and
engage a vendor. This is especially important when considering offshore sourcing
because of the additional complexities involved.
M08_MCKE0260_03_GE_C08.indd 137 12/3/14 8:40 PM

138 Section II • IT Governance
• Monitoring and an audit trail must be incorporated into the contract to both encour-
age self-correction and ensure all parties live up to their commitments.
• All potential risks should be rated as to both the likelihood of occurrence and their
impact if they do occur. Appropriate steps should be explicitly taken to reduce and/
or manage these risks.
• An exit strategy must be devised. “Any well-designed sourcing strategy must retain
alternatives to pull activities back in-house,” explained one manager.
• Finally, exercise caution when moving into new avenues of sourcing. The hype
in the popular press, often originating from vendors, greatly inflates the benefits
that can be achieved while minimizing the risks. It is recommended that managers
experiment with a “simple, substantial pilot” before committing the company to a
significant new outsourcing initiative.
develop a governance strategy
“With any sourcing option, governance must be super-good,” said a manager. Most IT
organizations now recognize the importance of relationship management at all levels
(i.e., the frontline, middle, and senior management) in delivering value. Nevertheless,
it cannot be underestimated. “Layers of governance are critical to successful sourc-
ing relationships,” said one manager. Others also suggested retaining strong internal
project management and ensuring that vendors also have these skills. “You can’t out-
source the relationship with the customer,” they agreed. Governance problems are exac-
erbated when offshore sourcing is undertaken because of the difficulties of managing
relationships at a distance. This is one reason the larger offshore vendors are setting up
local development centers. At minimum, an offshore outsourcer should name an inter-
nal manager who will act as the organization’s champion and be responsible for quality
assurance. Ideally, an outsourcing relationship should be structured to ensure shared
risk so both parties are incented to make it work.
understand the cost structures
One of the most important elements of successful sourcing is a complete understand-
ing of the cost structures involved. Previously, vendors have profited from their abil-
ity to squeeze value from outsourced activities because they had a better and more
detailed appreciation of their costs. Furthermore, they were able to apply disciplines
and service-level agreements to their work, which IT organizations were often prohib-
ited from doing. Today this is changing. Companies are applying the same standards
to their own work, enabling them to make more appropriate comparisons between the
costs of doing an activity internally (i.e., in-house or insource) and outsourcing it. They
also have a better understanding of the true costs of outsourcing, including relationship
management and contract management, which have frequently been underestimated in
the past. “We need to thoroughly understand our economic model,” said one manager.
“Vendors have the advantage of knowing best practices and economies of scale, but
they are at a disadvantage from a profit and knowledge point of view. If we can’t com-
pete in-house, we should outsource.” Ongoing cost comparisons are effective as they
motivate both parties to do their best and most cost-effective work.
M08_MCKE0260_03_GE_C08.indd 138 12/3/14 8:40 PM

Chapter 8 • Successful IT Sourcing 139
Despite a steadily growing industry of third-
party providers, IT organizations to date
have ventured rather cautiously into this new
area of IT sourcing. This chapter attempts to
explain why this is so by examining the deci-
sion behavior and practices of a number of
leading-edge organizations. From this analy-
sis, four key decision criteria were identi-
fied: (1) flexibility, (2) control, (3) knowledge
enhancement, and (4) business exigency.
Today IT managers have an incredible range
of available options in terms of how they
choose to source and deliver IT functions.
Clearly, the mistake is not to investigate the
full range of these options. What has been
lacking is greater direction and guidance in
selecting IT sourcing options. The concept of
a maturity model for IT functions was intro-
duced as was a function-sourcing profile to
map sourcing options onto core and noncore
IT functions. These elements form the basis of
a decision framework to guide the selection of
sourcing options. Based on this framework,
organizations can develop more strategic,
nuanced, and methodological approaches to
IT function sourcing and management.
Conclusion
Bandula, J., and R. Hirschheim. “Changes in
IT Sourcing Arrangements: An Interpretive
Field study of Technical and Institutional
Influences.” Strategic Outsourcing: An
International Journal 2, no. 2 (2009): 84–122.
Bullen, C., T. Abraham, K. Gallagher, K. Kaiser,
and J. Simon. “Changing IT Skills: The Impact
of Sourcing Strategies on In-House Capability
Requirements.” Journal of Electronic Commerce
in Organizations 5, no. 2 (April–June 2007):
24–37, 39–46.
Carr, N. G. “The End of Corporate Computing.”
MIT Sloan Management Review 46, no. 3 (Spring
2005): 67–73.
Hagel, J., and J. S. Brown. “Your Next IT Strategy.”
Harvard Business Review 79, no. 9 (October
2001): 105–13.
Lacity, M., and L. Willcocks. “An Empirical
Investigation of Information Technology
Sourcing Practices: Lessons from Experience.”
MIS Quarterly 22, no. 3 (2000): 363–408.
Marquis, H. A. “Finishing Off IT.” MIT Sloan
Management Review 47, no. 4 (Summer 2006):
12–16.
Mola, L., and A. Carugati. “Escaping ‘Localisms’
in IT sourcing: Tracing Changes in Institutional
Logics in an Italian Firm.” European Journal of
Information Systems 21, no. 4 (July 2012): 388–403.
Rappa, M. A. “The Utility Business Model and the
Future of Computing Services.” IBM Systems
Journal 43, no. 1 (2004): 32–42.
Ross, J. W., and G. Westerman. “Preparing for
Utility Computing: The Role of IT Architecture
and Relationship Management.” MIT Sloan
Management Review 43, no. 1 (2004): 5–19.
Smith, H. A., and J. D. McKeen. “IT in 2015.”
Presentation to Center for Information Systems
Research (CISR), Massachusetts Institute of
Technology, April 2012.
Smith, H. A., and J. D. McKeen. “IT in 2010: The
Next Frontier.” MIS Quarterly Executive 5, no. 3
(September 2006): 125–36.
References
M08_MCKE0260_03_GE_C08.indd 139 12/3/14 8:40 PM

140
C h a p t e r
9 Budgeting: Planning’s Evil Twin
Don’t ever try to contact an IT manager in September because you won’t get very far. September is budget month for most companies, and that means that most managers are hunkered down over a spreadsheet or in all-day meetings
trying to “make the numbers work.” “Budgeting is a very negative process at our firm,”
one IT manager told us. “And it takes way too long.” Asking many IT managers about
budgeting elicits much caustic comment. Apparently, significant difficulties with IT
budgeting lead to widespread disenchantment among IT leaders who feel much of the
work involved is both artificial and overly time consuming.
Others agree. While there has been little research done on IT budgeting per se
(Hu and Quan 2006; Kobelsky et al. 2006), there appears to be broad, general consensus
that the budgeting processes of many corporations are broken and need to be fixed
(Buytendijk 2004; Hope and Fraser 2003; Jensen 2001). There are many problems. First,
budgeting takes too long and consumes too much managerial time. One study found
that budgeting is a protracted process taking at least four months and consuming
about 30 percent of management’s time (Hope and Fraser 2003). Second, most budget-
ing processes are no longer effective or efficient. They have become disconnected from
business objectives, slow, and expensive (Buytendijk 2004). Third, rigid adherence to
these annual plans has been found to stifle innovation and discourage frontline staff
from taking responsibility for performance (Hope and Fraser 2003; Norton 2006). And
fourth, although many researchers have studied how organizations choose among stra-
tegic investment opportunities, studies show that the budgeting process frequently
undercuts management’s strategic intentions, causing significant frustration among
managers at all levels (Norton 2006; Steele and Albright 2004).
Finally, the annual planning cycle can cast spending plans “in concrete” at a
time when the business needs to be flexible and agile. This is particularly true in IT.
“Over time . . . IT budgeting processes become institutionalized. As a result, IT invest-
ments become less about creating competitive advantages for firms [and] more about
following organizational routine and creating legitimacy for management as well as
organizations” (Hu and Quan 2006). Now that senior business leaders recognize the
M09_MCKE0260_03_SE_C09.indd 140 12/3/14 8:41 PM

Chapter 9 • Budgeting: Planning’s Evil Twin 141
strategic importance of IT and IT has become many firms’ largest capital expenditure
(Koch 2006), a hard look at how IT budgets are created is clearly merited.
This chapter first looks at key concepts in IT budgeting to establish what they
mean for IT managers and how they can differ among IT organizations. Then it explores
why budgets are an important part of the management process. Next the chapter
examines the elements of the IT budget cycle. Finally, it identifies some recommended
practices for improving IT budgeting.
Key ConCepts in it Budgeting
Before looking at how budgeting is actually practiced in IT organizations, it is important
to understand what a budget is and why an effective IT budgeting process is so impor-
tant, both within IT and for the enterprise as a whole. Current organizational budgeting
practices emerged in the 1920s as a tool for managing costs and cash flows. Present-
day annual fixed plans and budgets were established in the 1970s to drive performance
improvements (Hope and Fraser 2003). Since then, most organizations have adhered
rigidly to the ideals of this process, in spite of much evidence of their negative influence
on innovation and flexibility (Hope and Fraser 2003). These problems are clearly illus-
trated by the impact this larger corporate fiscal management process has on IT budget-
ing and the problems IT managers experience in trying to make their budget processes
work effectively. The concepts and practices of the corporate fiscal world bear little
similarity to how IT actually works. As a result, there are clear discontinuities between
these two worlds.
These gaps are especially apparent in the differences between the fiscal view of
IT and the functional one. Fiscal IT budgets (i.e., those prepared for the CFO) are bro-
ken down into two major categories: capital expenditures and operating expenses, although
what expenditures go into each is highly variable across firms. In accounting, capital
budgets are utilized to spread large expenses (e.g., buying a building) over several
years, and operating expenses cover the annual cost of running the business. The dis-
tinction between these two concepts gets very fuzzy, however, when it comes to IT.
Generally speaking, all IT organizations want to capitalize as much of their spend-
ing as possible because it makes their annual costs look smaller. However, CIOs are
limited by both organizational and tax policies when deciding on the types of IT expen-
ditures they can capitalize. It is the CFO who, through corporate financial strategy,
establishes what may be capitalized, and this, in turn, determines what IT can capitalize
in its fiscal budget and what it must consider as an operating expense. As a result, some
firms capitalize project development, infrastructure, consulting fees, and full-time staff,
whereas others capitalize only major technology purchases.
How capital budgets are determined and the degree to which they are scrutinized
also vary widely. Some firms allocate and prioritize IT capital expenses out of a cor-
porate “pot”; others manage IT capital separately. Typically, capital expenses appear
to be more carefully scrutinized than operating expenses, but not always. It is surpris-
ing to learn how different types of expenses are handled by different firms and the
wide degree of latitude allowed for IT costs under generally accepted accounting prin-
ciples. In fact, there are few generally accepted accounting principles when it comes
to IT spending (Koch 2006). As a result, researchers should use caution in relying on
measures of the amount of capital spent on IT in firms or industries.
M09_MCKE0260_03_SE_C09.indd 141 12/3/14 8:41 PM

142 Section II • IT Governance
It is within this rather fuzzy fiscal context that the structure and purpose of
functional IT budgets (i.e., those used by IT managers as spending plans) must be under-
stood because these accounting concepts do not usually correspond exactly with how
IT managers view IT work and how they plan and budget for it. In contrast to how
fiscal IT budgets are designed, IT managers plan their spending using two somewhat
different categories: operations costs and strategic investments:
• Operations costs. This category consists of what it costs to “keep the lights on” in IT.
These are the expenses involved in running IT like a utility. Operations involves the
cost of maintenance, computing and peripheral functions (e.g., storage, network), and
support, regardless of how it is delivered (i.e., in-house or outsourced). This category
can, therefore, include both operating and capital costs. Between 50 and 90 percent of
a firm’s IT budget (average 76 percent) is spent in this area, so the spending involved
is significant (Gruman 2006). In most firms there is continual pressure on the CIO to
reduce operations costs year after year (Smith and McKeen 2006).
• Strategic investment. The balance of the IT budget consists of the “new”
spending—that is, spending on initiatives and technology designed to deliver new
business value and achieve the enterprise’s strategic objectives. Because of the
interactive nature of IT and business strategy, this part of the IT budget can include
a number of different types of spending, such as business improvement initiatives
to streamline processes and cut costs, business-enabling initiatives to extend or
transform how a company does business, business opportunity projects to test the
viability of new concepts or technologies and scale them up, and sometimes infra-
structure (Smith et al. 2007). Because spending in this area can include many dif-
ferent kinds of expenses (e.g., full-time and contract staff, software and hardware),
some parts of the strategic investment budget may be considered capital expenses,
whereas others are classified as operating expenses.
Another fuzzy fiscal budgeting concept is cost allocation—the process of allocating
the cost of the services IT provides to others’ budgets. The cost of IT can be viewed as
a corporate expense, a business unit expense, or a combination of both, and the way in
which IT costs are allocated can have a significant impact on what is spent for IT. For
example, a majority of companies allocate their operating expenses to their business
units’ operating budgets—usually using a formula based on factors such as the size and
previous year’s spending of the business unit. Similarly, strategic expenses are typically
allocated on the basis of which business unit will benefit from the investment. In today’s
IT environment, these approaches are not always effective for a number of reasons.
Many strategic IT investments involve the participation of more than one busi-
ness unit, but budgeting systems still tend to be designed around the structure of the
organization (Norton 2006). This leads to considerable artificiality in allocating devel-
opment resources to projects, which in turn can lead to dysfunctional behavior, such as
lobbying, games, nonsupportive cross-functional work, and the inability to successfully
implement strategy (Buytendijk 2004; Norton 2006). “We don’t fund corporate projects
very well,” admitted one manager whose company allocates all costs to individual
business units.
Allocations can also lead to operational inefficiencies. “The different allocation
models tend to lead to ‘gaming’ between our business units,” said another participant.
“Our business unit managers have no control over their percentage of operating costs,”
M09_MCKE0260_03_SE_C09.indd 142 12/3/14 8:41 PM

Chapter 9 • Budgeting: Planning’s Evil Twin 143
explained a third. “This is very frustrating for them and tends to be a real problem
for some of our smaller units.” Because of these allocations, some business units may
not be willing to share in the cost of new hardware, software, or processes that would
lead to reduced enterprise costs in the longer term. This is one of the primary reasons
so many IT organizations end up supporting several different applications all doing
the same thing. Furthermore, sometimes, when senior managers get disgruntled with
their IT expenses, this method of allocating operations costs can lead to their cutting
their IT operational spending in ways that have little to do with running a cost-effective
IT organization. For example, one company cut back on its budget for hardware and
software upgrades, which meant that a significant percentage of IT staff then had to be
redeployed to testing, modifying, and maintaining new systems so they would run on
the old machines. Although IT managers have done some work educating their CEOs
and CFOs about what constitutes effective cost cutting (e.g., appropriate outsourcing,
adjusting service levels), the fact remains that most business executives still do not
understand or appreciate the factors that contribute to the overall cost of IT. As a result,
allocations can lead to a great deal of angst for IT managers at budget time as they try
to justify each expense while business managers try to “nickel and dime” each expense
category (Koch 2006).
As a result of all this fuzziness, modern IT budgeting practices do little to give
business leaders confidence that IT spending is both effective and efficient (Gruman
2006). And the challenges IT managers face in making IT spending fit into contempo-
rary corporate budgeting practices are significant.
the importanCe of Budgets
Ideally, budgets are a key component of corporate performance management. “If done
well, a budget is the operational translation of an enterprise’s strategy into costs and
planned revenue” (Buytendijk 2004). Budgets are also a subset of good governance pro-
cesses in that they enable management to understand and communicate what is being
spent and where. Ideally, therefore, a budget is more than a math exercise; it is “a blue-
print for fiscally sound IT and business success” (Overby 2004). Effective IT budgeting
is important for many reasons, but two of the most important are as follows:
1. Fiscal discipline. As overall IT spending has been rising, senior business leaders
have been paying much closer attention to what IT costs and how its budgets are
spent. In many organizations a great deal of skepticism remains that IT budgets are
used wisely, so reducing spending, or at least the operations portion of the bud-
get, is now considered a key way for a CIO to build trust with the executive team
(Gruman 2006). Demonstrating an understanding and appreciation of the realities
of business finance has become a significant part of IT leadership (Goldberg 2004),
and the ability to create and monitor a budget is, therefore, “table stakes” for a CIO
(Overby 2004).
It is clear that senior executives are using the budgeting process to enforce
tougher rules on how IT dollars are spent. Some organizations have centralized
IT budgeting in an effort to better understand what is being spent; others are
making the link between reducing operations spending and increasing invest-
ment in IT a reason for introducing new operations disciplines (e.g., limiting
M09_MCKE0260_03_SE_C09.indd 143 12/3/14 8:42 PM

144 Section II • IT Governance
maintenance, establishing appropriate support levels). Still others have established
tighter requirements for business cases and monitoring returns on investment.
Organizations also use their IT budgets to manage and limit demand. “Our IT bud-
get is capped by our CEO,” stated one manager. “And it’s always less than the
demand.” Using budgets in this way, although likely effective for the enterprise,
can cause problems for CIOs in that they must in turn enforce spending disciplines
on business unit leaders.
Finally, budgets and performance against budgets are a key way of holding
IT management accountable for what it spends, both internally to the leader-
ship of the organization and externally to shareholders and regulatory bodies.
Improperly used, budgets can distort reality and encourage inappropriate
behavior (Hope and Fraser 2003; Jensen 2001). However, when used responsi-
bly they can be “a basis for clear understanding between organizational levels
and can help executives maintain control over divisions and the business”
(Hope and Fraser 2003). Research is beginning to show a positive relationship
between good IT budgeting practices (i.e., using IT budgets to manage demand,
make investment decisions, and govern IT) and overall company performance
(Kobelsky et al. 2006; Overby 2004).
2. Strategy implementation. Budgets are also the means to implement IT
strategy, linking the long-term goals of the organization and short-term goal
execution through the allocation of resources to activities. Unfortunately,
research shows that the majority of organizations do not link their strategies to
their budgets, which is why so many have difficulty making strategic changes
(Norton 2006). This is particularly true in IT. As one manager complained, “No
one knows what we’re doing in the future. Therefore, our goals change regu-
larly and at random.” Another noted, “The lines of business pay little attention
to IT resources when they’re establishing their strategic plans. They just expect
IT to make it happen.”
Budgets can affect IT strategy implementation in a number of ways.
First, where IT dollars are spent determines the impact IT can have on corporate
performance. Clearly, if 80 percent of IT expenditures are going to operations and
maintenance, IT can have less strategic impact than if this percentage is lower.
Second, how discretionary IT dollars are spent is important. For example, some
companies decide to invest in infrastructure, and others do not; some will choose
to “bet the company” on a single large IT initiative, and others will choose more
focused projects. In short, the outcome of how a company chooses among invest-
ment opportunities is reflected in its budgets (Steele and Albright 2004).
Third, the budgeting process itself reflects and reinforces the ability of stra-
tegic decision making to have an impact. Norton (2006) states that because bud-
get processes are inherently biased toward the short term, operational needs will
systematically preempt strategic ones. In IT the common practice of routinely
allocating a fixed percentage of the IT strategic budget to individual business
units makes it almost impossible to easily reallocate resources to higher-priority
projects at the enterprise level or in other business units. In addition, siloed bud-
geting processes make it difficult to manage the cross-business costs of strategic
IT decisions.
M09_MCKE0260_03_SE_C09.indd 144 12/3/14 8:42 PM

Chapter 9 • Budgeting: Planning’s Evil Twin 145
Overall, budgets are a critical element of most managerial decisions and processes
and are used to accomplish a number of different purposes in IT: compliance, fiscal
accountability, cost reduction, business unit and enterprise strategy implementation,
internal customer service, delivering business value, and operational excellence, to
name just a few. This, in a nutshell, is the reason IT budgeting is such a complex and
challenging process.
the it planning and Budget proCess
Given that IT budgets are used in so many different ways and serve so many stake-
holders, it is no wonder that the whole process of IT budgeting is “painful,” “artificial,”
and in need of some serious improvement. Figure 9.1 illustrates a generic and simplified
IT planning and budgeting process. This section outlines the steps involved in putting
together an IT budget utilizing some of the key concepts presented earlier.
Corporate processes
The following three activities set the corporate context within which IT plans and
budgets are created.
1. Establish corporate fiscal policy. This process is usually so far removed from the
annual budget cycle that IT leaders may not even be aware of its influence or the
wide number of options in the choices that are made (particularly around capital-
ization). Corporate fiscal policies are not created with IT spending in mind but, as
already noted, can significantly impact how a fiscal IT budget is created and the
Corporate Processes
Set Fiscal IT Budget
It
P
ro
c
e
s
s
e
s
Set Functional IT Budget
Establish
Corporate Fiscal
Strategy
Establish IT
Capital Budget
Establish IT
Operations Budget
Remaining $
Set BU & IT
Strategic
Priorities
Assess Actual
IT Spending
Financial Statements
IT Operations
Allocations to
Bu Budgets
Performance Against Budget
Establish IT
Operations Budget
Allocate Strategic
IT Investments
Set IT Spending
Levels
Establish
Strategic
Goals
Translation
figure 9.1 A Generic IT Planning and Budgeting Process
M09_MCKE0260_03_SE_C09.indd 145 12/3/14 8:42 PM

146 Section II • IT Governance
levels of scrutiny under which certain kinds of expenses are placed. A more direct
way that corporate fiscal policies affect IT is in company expectations around the
return on investment for IT projects. Most companies now have an explicit expected
return rate for all new projects that is closely monitored.
2. Establish strategic goals. Conversely, IT budgeting is directly and continuously
affected by many corporate strategic goals. The process of establishing IT and
business unit strategies occurs within the context of these overall goals. In some
organizations there is tight integration between enterprise, business unit, and IT
strategic planning; in others these elements are more loosely coupled, informal,
and iterative. However, what is truly rare is a provision for enterprise funding
for enterprise IT initiatives. Thus, corporate strategic goals are typically broken
down into business unit budgets. As one manager explained, “First our execu-
tives decide our profits and then the business units decide how to achieve them
and then IT develops a plan with the business unit . . . . We still don’t do many cor-
porate projects.”
3. Set IT spending levels. Establishing how much to spend on IT is the area that has
been most closely studied by researchers. This is a complex process, influenced by
many external and internal factors. Externally, firms look to others in their industry
to determine the level of their spending (Hu and Quan 2006). In particular, compa-
nies frequently use benchmarks with similar firms to identify a percentage of rev-
enue to spend on IT (Koch 2006). Unfortunately, this approach can be dangerous for
a number of reasons. First, it can be a strong driver in inhibiting competitive advan-
tage and leading to greater similarities among firms in an industry (Hu and Quan
2006). Second, this metric tells management nothing about how well its money is
being spent (Koch 2006). Third, it does not address IT’s ability to use IT strategically
(Kobelsky et al. 2006).
A second and increasingly strong external driver of IT spending is the regulatory
environment within which a firm operates. Legislation, standards, and professional
practices all affect what IT can and cannot do and how its work is done (Smith and
McKeen 2006). These, in turn, affect how much is spent on IT and where it is spent
(Hu and Quan 2006). Other external factors that have been shown to affect how much
money is spent on IT include the following:
• Number of competitors. More concentration in an industry reduces the amount
spent.
• Uncertainty. More uncertainty in a business’s external environment leads to
larger IT budgets.
• Diversification of products and services. Firms competing in more markets will
tend to spend more on IT (Kobelsky et al. 2006).
Internal factors affecting the size of the IT budget include the following:
• Affordability. A firm’s overall performance and cash flow will influence how much
discretion it has to spend on IT.
• Growth. Growing firms tend to invest more in IT than mature firms.
• Previous year’s spending. Firm spending on IT is unlikely to deviate significantly
year to year (Hu and Quan 2006; Kobelsky et al. 2006).
M09_MCKE0260_03_SE_C09.indd 146 12/3/14 8:42 PM

Chapter 9 • Budgeting: Planning’s Evil Twin 147
it processes
These are multilevel and complex and frequently occur in parallel with each other.
• Set functional IT budget. This budget documents spending as it relates to how
IT organizations work—that is, what is to be spent on IT operations and how much
is available to be spent on strategic investments. As already noted, the operations
budget is relatively fixed and contains the lion’s share of the dollars. In spite of this,
IT managers must go through a number of machinations annually to justify this
expenditure. Most IT organizations are still seen as cost centers, so obtaining budget
approvals is often a delicate, ongoing exercise of relationship building and educa-
tion to prevent inappropriate cost cutting (Koch 2006). Once the overall IT operations
budget has been established, the challenge of allocating it to the individual business
units remains, which, given the complexity of today’s shared technical environ-
ment, is often a fixed or negotiated percentage of the total. Business units can resent
these allocations over which they have no control, and at best, they are viewed as a
“necessary evil.” In organizations where the IT operations budget is centralized, IT
managers have greater opportunity to reduce expenses year by year by introducing
standards, streamlining hardware and software, and sharing services. However, in
many companies, operations budgets are decentralized into the business units and
aggregated up into the overall IT budget. This approach makes it considerably more
difficult for IT managers to implement effective cost-reduction measures. However,
even in those firms that are highly effective and efficient, the relentless pressure from
executives to do more with less makes this part of the annual budgeting process a
highly stressful activity.
Allocating the funds remaining to strategic investments is a completely sep-
arate process in which potential new IT projects are prioritized and their costs
justified. Companies have many different ways of doing this, and most appear
to be in a transition phase between methods of prioritization. Traditionally, IT
organizations have been designed to parallel the organization structure, and new
development funds have been allocated to business units on the basis of some
rule of thumb. For example, each business unit might be allotted a certain num-
ber of IT staff and dollars to spend on new development (based on percentage
of overall revenue) that would remain relatively stable over time. More recently,
however, with greater integration of technology, systems, and data, there has
been recognition of the cross-business costs of new development and of the need
for more enterprise spending to address these. Increasingly, therefore, organi-
zations are moving to prioritize some or all new development at the enterprise
level, thereby removing fixed allocations of new development resources from the
business units.
However it is determined, the strategic portion of the functional IT budget
also involves staffing the initiatives. This introduces yet another level of complex-
ity in that, even if the dollars are available, appropriate IT resources must also be
available to be assigned to particular projects to address the organization’s cost-
cutting requirements. Thus, undertaking a new project involves not only cost jus-
tification and prioritization but also requires the availability of the right mix of
skills and types of staff. Although some firms use fixed percentages of full-time,
M09_MCKE0260_03_SE_C09.indd 147 12/3/14 8:42 PM

148 Section II • IT Governance
contract, and offshore staff in their projects, most use a mix of employees and con-
tract staff in their development projects in order to keep overhead costs low. As
a result, creating new IT development budgets often involves a complementary
exercise in staff planning.
• Set the fiscal IT budget. A second, parallel stream of IT budgeting involves
establishing the fiscal IT budget, which the CFO uses to implement the com-
pany’s fiscal strategy and provide financial reports to shareholders and regula-
tory and tax authorities. This is seen largely by IT managers as a “translation”
exercise where the functional IT budget is reconstituted into the operating and
capital spending buckets. Nevertheless, it represents an additional “hoop”
through which IT managers must jump before their budgets can be approved.
In some companies capital funding is difficult to obtain and must be justified
against an additional set of financial criteria. Some organizations require IT
capital expenditures be prioritized against all other corporate capital expenses
(e.g., buildings, trucks), which can be a very challenging exercise. In other firms
CFOs are more concerned about increasing operating expenses. In either case
this is an area where many IT managers set themselves up for failure by fail-
ing to “speak the language of finance” (Girard 2004). Because most IT managers
think of their work in terms of operations and strategic investments, they fail to
understand some of the larger drivers of fiscal strategy such as investor value
and earnings per share. To get more “traction” for their budgets, it is, therefore,
important for IT leaders to better translate what IT can do for the company into
monetary terms (Girard 2004). To this end, many companies have begun working
more closely with their internal finance staff and are seeing greater acceptance of
their budgets as a result.
assess actual it spending
At the other end of the budgeting process is the need to assess actual IT spending and
performance. A new focus on financial accountability has meant that results are more
rigorously tracked than in the past. In many companies finance staff now monitor
business cases for all new IT projects, thus relieving IT of having to prove the busi-
ness returns on what is delivered. Often the challenge of finding the right resources
for a project or unexpected delays means that the entire available development bud-
get may not be spent within a given fiscal year. “We typically tend to spend about 85
percent of our available development budget because of delays or resourcing prob-
lems,” said one manager. Hitting budget targets exactly in the strategic investment
budget is, therefore, a challenge, and current IT budgeting practices typically do not
allow for much flexibility. On the one hand, such practices can create a “use it or lose
it” mentality; if money is not spent in the fiscal year, it will disappear. “This leads
to some creative accruals and aggressive forecasting,” said the focus group. On the
other hand, IT managers who want to ensure there is enough money for key expen-
ditures create “placeholders” (i.e., approximations of what they think a project will
cost) and “coffee cans” (i.e., unofficial slush funds) in their budgets. The artificial tim-
ing of the budget process, combined with the difficulties of planning and estimation
and reporting complexity, all mean that accurate reporting of what is spent can get
distorted.
M09_MCKE0260_03_SE_C09.indd 148 12/3/14 8:42 PM

Chapter 9 • Budgeting: Planning’s Evil Twin 149
it Budgeting praCtiCes that deliver value
Although there is general agreement that current budgeting practices are flawed,
there are still no widely accepted alternatives. Within IT itself, companies seem to
be experimenting with ways to tweak budgeting to make it both easier and more
effective. The following five practices have proven to be useful in this regard:
1. Appoint an IT finance specialist. Many companies now have a finance expert
working in IT or on staff with the CFO working with IT. “Getting help with
finance has really made the job of budgeting easier,” said one manager. “Having
a good partnership with finance helps us to leverage their expertise,” said another.
Financial specialists can help IT managers to understand their costs and drivers
in new ways. Within operations, they can assist with cost and value analysis of
services and infrastructure (Gruman 2006) and also manage the “translation” pro-
cess between the functional IT budget and the fiscal IT budget. “Finance helps us
to understand depreciation and gives us a deeper understanding of our cost com-
ponents,” a focus group member noted. Finance specialists are also being used to
build and monitor business cases for new projects, often acting as brokers between
IT and the business units. “They’ve really helped us to better articulate business
value. Now they’re in charge of ensuring that the business gets the benefits they
say they will, not IT.” The improving relationship between finance and IT is making
it easier to gain acceptance of IT budgets. “Having dedicated IT finance people is
great since this is not what IT managers want to do,” said a participant.
2. Use budgeting tools and methodologies. About one-half of the members of the focus
group felt they had effective budgeting tools for such things as asset tracking, rolling
up and breaking down budgets into different levels of granularity, and reporting.
“We have a good, integrated suite of tools,” said a manager, “and they really help.”
Because budgets serve so many different stakeholders, tools and methodologies can
help “slice and dice” the numbers many ways, dynamically enabling changes in one
area to be reflected in all other areas. Those who did not have good or well-integrated
tools found that there were gaps in their budgeting processes that were hard to fill.
“Our poor tools lead to disconnects all over the place,” claimed an IT manager. Good
links to the IT planning process are also needed. Ideally, tools should tie budgets
directly to corporate strategic planning, resource strategies, and performance met-
rics, enabling a further translation among the company’s accounting categories and
hierarchy and its strategic themes and targets (Norton 2006).
3. Separate operations from innovation. Most IT managers mentally separate
operations from innovation, but in practical terms maintenance and support are
often mixed up with new project development. This happens especially when IT
organizations are aligned with and funded by the business units. Once IT funds
and resources are allotted to a particular business unit, rather than to a strate-
gic deliverable, it is very difficult to reduce these allocations. Agreement appears
to be growing that operations (including maintenance) must be financially sep-
arated from new development in order to ensure that the costs of the first are
fully scrutinized and kept under control while focus is kept on increasing the pro-
portion of resources devoted to new project development (Dragoon 2005; Girard
2004; Gruman 2006; Norton 2006). Repeatedly, focus group managers told sto-
ries of how their current budget processes discourage accuracy. “There are many
M09_MCKE0260_03_SE_C09.indd 149 12/3/14 8:42 PM

150 Section II • IT Governance
disincentives built into our budgeting processes to keep operational costs down,”
said one manager. Separating operations from innovation in budgets provides a
level of visibility in IT spending that has traditionally been absent and that helps
business unit leaders better understand the true costs of delivering both new sys-
tems and ongoing services.
4. Adopt enterprise funding models. It is still rare to find organizations that pro-
vide corporate funding for enterprisewide strategic IT initiatives, yet there is broad
recognition that this is needed (Norton 2006). The conflict between the need for truly
integrated initiatives and traditional siloed budgets frequently stymies innovation,
frustrates behavior designed for the common good, and discourages accountabil-
ity for results (Hope and Fraser 2003; Norton 2006; Steele and Albright 2004). It is,
therefore, expected that more organizations will adopt enterprise funding models
for at least some IT initiatives over the next few years. Similarly, decentralized bud-
geting for core IT services is declining due to the cost-saving opportunities avail-
able from sharing these. Since costs will likely continue to be charged back to the
differing business units, the current best practice is for IT operation budgets to be
developed at an enterprise level.
5. Adopt rolling budget cycles. IT plans and budgets need attention more frequently
than once a year. Although not used by many companies, an eighteen-month rolling
plan that is reviewed and updated quarterly appears to be a more effective way of
budgeting, especially for new project development (Hope and Fraser 2003; Smith
et al. 2007). “It is very difficult to plan new projects a year in advance,” said one
manager. “Often we are asked for our ‘best estimates’ in our budgets. The problem
is that, once they’re in the budget, they are then viewed as reality.” The artificial
timing of budgets and the difficulty of estimating the costs of new projects are key
sources of frustration for IT managers. Rolling budget cycles, when combined with
integrated budgeting tools, should better address this problem while still providing
the financial snapshots needed by the enterprise on an annual basis.
Although IT budget processes have been
largely ignored by researchers, they are a
critical linchpin between many different
organizational stakeholders: finance and
IT, business units and IT, corporate strategy
and IT, and different internal IT groups. Not
surprisingly, therefore, IT budgeting is much
more complex and difficult to navigate than
it appears. This chapter has outlined some
of the challenges faced by IT managers try-
ing to juggle the realities of dealing with
both IT operations and strategic investments
while meeting the differing needs of their
budget stakeholders. Surprisingly, very few
guidelines are available for IT managers in
this area. Each organization appears to have
quite different corporate financial policies,
which, in turn, drive different IT budget-
ing practices. Nevertheless, IT managers do
face many common challenges in budget-
ing. Although other IT practices have ben-
efited from focused management attention
in recent years (e.g., prioritization, opera-
tions rationalization), budgeting has not as
yet been targeted in this way. However, as
business and IT leaders begin to recognize
the key role that budgets play in implement-
ing strategy and controlling costs, it is hoped
they will make a serious effort to address the
budgeting issues faced by IT.
Conclusion
M09_MCKE0260_03_SE_C09.indd 150 12/3/14 8:42 PM

Chapter 9 • Budgeting: Planning’s Evil Twin 151
Buytendijk, F. “New Way to Budget Enhances
Corporate Performance Measurement.” Gartner
Inc., ID Number: 423484, January 28, 2004.
Dragoon, A. “Journey to the IT Promised Land.”
CIO Magazine, April 1, 2005.
Girard, K. “What CIOs Need to Know about
Money.” CIO Magazine, Special Money Issue,
September 22, 2004.
Goldberg, M. “The Final Frontier for CIOs.” CIO
Magazine, Special Money Issue, September 22,
2004.
Gruman, G. “Trimming for Dollars.” CIO
Magazine, July 1, 2006.
Hope, J., and R. Fraser. “Who Needs Budgets?”
Harvard Business Review 81, no. 2 (February
2003): 2–8.
Hu, Q., and J. Quan. “The Institutionalization
of IT Budgeting: Empirical Evidence from
the Financial Sector.” Information Resources
Management Journal 19, no. 1 (January–March
2006): 84–97.
Jensen, M. “Corporate Budgeting Is Broken—
Let’s Fix It.” Harvard Business Review 79, no. 11
(November 2001): 95–101.
Kobelsky, K., V. Richardson, R. Smith, and R.
Zmud. “Determinants and Consequences of
Firm Information Technology Budgets.” Draft
paper provided by the authors, May 2006.
Koch, C. “The Metrics Trap … and How to Avoid
It.” CIO Magazine, April 1, 2006.
Norton, D. “Linking Strategy and Planning
to Budgets.” Balanced Scorecard Report.
Cambridge, MA: Harvard Business School
Publishing, May–June 2006.
Overby, S. “Tips from the Budget Masters.” CIO
Magazine, Special Money Issue, September 22,
2004.
Smith, H. A., and J. D. McKeen. “IT in 2010.” MIS
Quarterly Executive 5, no. 3 (September 2006):
125–36.
Smith, H. A., J. D. McKeen, and S. Singh.
“Developing IT Strategy for Business Value.”
Journal of Information Technology Management
XVIII, no. 1 (June 2007): 49–58.
Steele, R., and C. Albright. “Games Managers
Play at Budget Time.” MIT Sloan Management
Review 45, no. 3 (Spring 2004): 81–84.
References
M09_MCKE0260_03_SE_C09.indd 151 12/3/14 8:42 PM

152
C h a p t e r
10 Risk Management in IT1
1 This chapter is based on the authors’ previously published article, Smith, H. A., and J. D. McKeen. “A Holistic
Approach to Managing IT-Based Risk.” Communications of the Association for Information Systems 25, no. 41
(December 2009): 519–30. Reproduced by permission of the Association for Information Systems.
Not so long ago, IT-based risk was a fairly low-key activity focused on whether IT could deliver projects successfully and keep its applications up and run-ning (McKeen and Smith 2003). But with the opening up of the organization’s
boundaries to external partners and service providers, external electronic communica-
tions, and online services, managing IT-based risk has morphed into a “bet the com-
pany” proposition. Not only is the scope of the job bigger, but also the stakes are much
higher. As companies have become more dependent on IT for everything they do, the
costs of service disruption have escalated exponentially. Now, when a system goes
down, the company effectively stops working and customers cannot be served. And
criminals routinely seek ways to wreak havoc with company data, applications, and
Web sites. New regulations to protect privacy and increase accountability have also
made executives much more sensitive to the consequences of inadequate IT security
practices—either internally or from service providers. In addition, the risk of losing or
compromising company information has risen steeply. No longer are a company’s files
locked down and accessible only by company staff. Today, company information can be
exposed to the public in literally hundreds of ways. Our increasing mobility, the porta-
bility of storage devices, and the growing sophistication of cyber threats are just a few
of the more noteworthy means.
Therefore, the job of managing IT-based risk has become much broader and more
complex, and it is now widely recognized as an integral part of any technology-based
work—no matter how minor. As a result, many IT organizations have been given the
responsibility of not only managing risk in their own activities (i.e., project develop-
ment, operations, and delivering business strategy) but also of managing IT-based risk
in all company activities (e.g., mobile computing, file sharing, and online access to infor-
mation and software). Whereas in the past companies have sought to achieve security
M10_MCKE0260_03_GE_C10.indd 152 12/3/14 8:43 PM

Chapter 10 • Risk Management in IT 153
through physical or technological means (e.g., locked rooms, virus scanners), under-
standing is now growing that managing IT-based risk must be a strategic and holistic
activity that is not just the responsibility of a small group of IT specialists but also part
of the mind-set that extends from partners and suppliers to employees and customers.
This chapter explores how organizations are addressing and coping with increas-
ing IT-based risk. It first looks at the challenges facing IT managers in the arena of risk
management and proposes a holistic view of risk. Next it examines some of the charac-
teristics and components needed to develop an effective risk management framework
and presents a generic framework for integrating the growing number of elements
involved in it. Finally, it describes some successful practices organizations could use for
improving their risk management capabilities.
A Holistic View of it-BAsed Risk
With the explosion in the past decade of new IT-based risks, it is increasingly recog-
nized that risk means more than simply “the possibility of a loss or exposure to loss”
(Mogul 2004) or even a hazard, uncertainty, or opportunity (McKeen and Smith 2003).
Today, risk is a multilayered concept that implies much more is at stake.
“IT risk has changed. IT risk incidents harm constituencies within and outside
companies. They damage corporate reputations and expose weaknesses in com-
panies’ management teams. Most importantly, IT risk dampens an organization’s
ability to compete.” (Hunter and Westerman 2007)
As a result, companies are now focused on “enterprise risk management” as a
more comprehensive and integrated approach to dealing with risk (Slywotzky and
Drzik 2005). Although, not every risk affecting an enterprise will be an IT-based risk,
the fact remains that an increasing number of the risks affecting the enterprise have an
IT-based component. For example, one firm’s IT risk management policy notes that the
goal of risk management is to ensure that technology failures or data integrity do not
compromise the company’s strategic objectives, the company’s reputation and stake-
holders, or its success and reputation.
But, in spite of the increasing number and complexity of IT-based threats facing
organizations and evidence that links risk management with IT project success (Didraga
2013), it remains difficult to get senior executives to devote their attention (and commit
the necessary resources) to effectively manage these risks. A recent global survey noted,
“while the security community recognizes that information security is part of effective
business management, managing information security risk is still overwhelmingly seen as
an IT responsibility worldwide” (Berinato 2007). Another study of several organizations
found that none had a good view of all key risks and 75 percent had major gaps in their
approach to IT-based risk management (Coles and Moulton 2003). In short, while IT has
become increasingly central to business success, many enterprises have not yet adjusted
their processes to incorporate IT-based risk management (Hunter and Westerman 2007).
Knowing what’s at stake, risk management is perennially in the top ten priorities
for CIOs (Hunter et al. 2005) and efforts are being made to put effective capabilities
and processes in place in IT organizations. However, only 5 percent of firms are at a
high level of maturity in this area, and most (80 percent) are still in the initial stages
M10_MCKE0260_03_GE_C10.indd 153 12/3/14 8:43 PM

154 Section II • IT Governance
of this work (Proctor 2007). Addressing risk in a more professional, accountable, and
transparent fashion is an evolution from traditional IT security work. At a Gartner
symposium the following was pointed out:
“[T]raditionally, [IT] security has been reactive, ad hoc, and technically-focused. . . .
The shift to risk management requires an acceptance that you can’t protect yourself
from everything, so you need to measure risk and make good decisions about
how far you go in protecting the organization.” (Proctor 2007)
Companies in the group largely reflected this transitional state. “Information
security is a primary focus of our risk management strategy,” said one manager. “It’s
very, very visible but our business has yet to commit to addressing risk issues.” Another
stated, “We have a risk management group focused on IT risk, but lots of other groups
focus on it too. . . . As a result, there are many different and overlapping views, and we
are missing integration of these views.” “We are constantly trying to identify gaps in
our risk management practices and to close them,” said a third.
There is, however, no hesitation about identifying the sources of risk. Every com-
pany in the group had its own checklist of risk items, and experts have developed
several different frameworks and categorizations that aim to be comprehensive (see
Appendix A for some of these). What everyone agrees on is that any approach to deal-
ing with IT-based risk must be holistic—even though it is an “onerous” job to package
it as a whole. “Every category of risk has a different vocabulary,” explained one focus
group manager. “Financial, pandemic, software, information security, disaster recovery
planning, governance and legal—each view makes sense, but pulling them together is
very hard.” Risk is often managed in silos in organizations, resulting in uncoordinated
approaches to its management and to decision-making incorporating risk. This is why
many organizations, including several in the focus group, are attempting to integrate
the wide variety of issues involved into one holistic enterprise risk management strat-
egy that uses a common language to communicate.
The connection among all of the different risk perspectives is the enterprise. Any
IT problem that occurs—whether with an application, a network, a new system, a ven-
dor, or a hacker (to name just a few)—has the increasing potential to put the enterprise
at risk. Thus, a holistic view of IT-based risk must put the enterprise front and center in
any framework or policy. A risk to the enterprise includes anything (either internal or
external) that affects its brand, reputation, competitiveness, financial value, or end state
(i.e., its overall effectiveness, efficiency, and success).
Figure 10.1 offers an integrated, holistic view of risk from an enterprise perspec-
tive. A wide variety of both internal and external IT-based risks can affect the enterprise.
Externally, risks can come from the following:
• Third parties, such as partners, software vendors, service providers, suppliers, or
customers
• Hazards, such as disasters, pandemics, geopolitical upheavals, or environmental
considerations
• Legal and regulatory issues, such as failure to adhere to the laws and regula-
tions affecting the company, including privacy, financial reporting, environmental
reporting, and e-discovery
M10_MCKE0260_03_GE_C10.indd 154 12/3/14 8:43 PM

Chapter 10 • Risk Management in IT 155
Internally, some risks are well known, such as those traditionally associated with
IT operations (availability, accessibility) and systems development (not meeting sched-
ules or budgets, or delivering value). Others are newer and, although they must be
managed from within the organization, they may include both internal and external
components. These include the following:
• Information risks, such as those affecting privacy, quality, accuracy, and protection
• People risks, such as those caused by mistakes or lack of adherence to security
protocols
• Process risks, such as problems caused by poorly designed business processes or by
failure to adapt business processes to IT-based changes
• Cultural risks, such as risk aversion and lack of risk awareness
• Controls, such as ineffective or inadequate controls to prevent or mitigate risk
incidents
• Governance, such as ineffective or inadequate structure, roles, or accountabilities to
make appropriate risk-based decisions
Finally, there is the risk of criminal interference, either from inside or outside
the organization. Unlike other types of risk, which are typically inadvertent, crimi-
nal actions are deliberate attacks on the enterprise, its information, or sometimes its
employees or customers. Such threats are certainly not new. Everyone is familiar with
viruses and hackers. What is new, however, is that many more groups and individu-
als are targeting organizations and people. These include other national governments,
organized crime, industrial spies, and terrorists. “These people are not trying to bring
systems down, like in the past,” explained a group member. “They are trying to get
information.”
External Risk
Legal/
Regulatory
Hazards Third
Parties
ENTERPRISE
RISK
Internal Risk
People Processes Culture
Governance
System
Development
Operations Information
C
R
I
M
I
N
A
L
I
N
T
E
R
F
E
R
E
N
C
E Controls
figuRe 10.1 A Holistic View of IT-Based Risk
M10_MCKE0260_03_GE_C10.indd 155 12/3/14 8:43 PM

156 Section II • IT Governance
Holistic Risk MAnAgeMent: A PoRtRAit
Tackling risk in a holistic fashion is challenging, and building an effective framework
for its management is challenging. It is interesting to note that there is much more agree-
ment from the focus group and other researchers about what effective risk management
looks like than how to do it. With this in mind, we outline some of the characteristics and
components of an effective, holistic risk management program:
1. Focus on what’s important. “Risks are inevitable,” admitted a manager. “The first
question we must ask is ‘What are we trying to protect?’” said another. “There’s
no perfect package, and some residual risk must always be taken.” A third added
“Risks are inevitable, but it’s how they’re managed—our response, contingency
plans, team readiness, and adaptability—that makes the difference.” In short, risk is
uncertainty that matters, something that can hurt or delay an enterprise from reach-
ing its objectives (Hillson 2008). Although many managers recognize that it’s time
to take a more strategic view of risk, “[W]e still don’t have our hands around what’s
important and what we should be monitoring and protecting” (Berinato 2007).
Risk management is therefore not about anticipating all risks but about attempting
to reduce significant risks to a manageable level and knowing how to assess and
respond to it (Slywotzky and Drzik 2005). Yet, more than protecting the enterprise,
risk management should also enable IT to take more risk in the safest possible way
(Caldwell and Mogul 2006). Thus, the focus of effective risk management should
not be about saying “no” to a risk, but how to say “yes,” thereby building a more
agile enterprise (Caldwell and Mogul 2006).
2. Expect changes over time. Few companies have a good grasp of risk management
because IT is a discipline that is evolving rapidly (Proctor 2007). As a result, it
would be a mistake to codify risk practices and standards too rapidly, according to
the focus group. Efforts to do this have typically resulted in “paperwork without
context,” said one manager. Within a particular risk category, risk management
actions should be “continuous, iterative, and structured,” group members agreed.
In recognition of this reality, most participant organizations have a mandatory risk
assessment at key stages in the system development process to capture the risk
picture involved with a particular project at several points in time and many have
regular, ongoing reviews of required operational controls on an annual or bian-
nual basis to do the same thing. In addition, when incidents occur, there should
always be a process for evaluating what happened, assessing its impact, and deter-
mining if controls or other management processes need to be adapted (Coles and
Moulton 2003). Finally, organizations should also be continually attempting to sim-
plify and streamline controls wherever possible to minimize their burden. This is a
process that is often missed, admitted one manager.
However, despite the fact that each of these steps is useful, it is also essential
to stand back from these initiatives and see how the holistic risk image is
developing. It is this more strategic and holistic view that is often missing in orga-
nizations and that firms often fail to communicate to their staff. One of the greatest
risks to organizations comes from employees themselves, not necessarily through
their intentional actions, but because they don’t recognize the risks involved in
their actions (Berinato 2007). Therefore, many believe it is time to recognize that
risk cannot be managed solely through controls, procedures, and technology but
M10_MCKE0260_03_GE_C10.indd 156 12/3/14 8:43 PM

Chapter 10 • Risk Management in IT 157
that all employees must understand the concepts and goals of risk management
because the enterprise will always need to rely on their judgment to some extent
(Symantec Corporation 2007). In the same vein, many managers frequently do
not comprehend the size and nature of the risks involved and thus resource their
management inappropriately (Coles and Moulton 2003). As a result they tend to
delegate many aspects of risk management to lower levels in the organization,
thus preventing the development of any longer-term, overall vision (Proctor 2008;
Witty 2008).
3. View risk from multiple levels and perspectives. Instead of dealing with security
“incidents” in a one-at-a-time manner, it is important to do root cause analysis in
order to understand risks in a more multifaceted way. To date, risk management
has tended to focus largely on the operational and tactical levels and not viewed
in a strategic way. One manager explained, “We need to assess risk trends and
develop strategies for dealing with them. Tactics for dealing with future threats will
then be more effective and easier to put in place.” Another noted, “We must aim for
redundancy of protection—that is, multiple layers, to ensure that if one layer fails,
others will catch any problems.”
Furthermore, risk, security, and compliance are often intermixed in people’s
minds. Each of these is a valid and unique lens through which to view risk and
should not be seen as being the same. For example, one expert noted that 70 percent
of a typical “security” budget is spent on compliance matters, not on protecting
and defending the organization (Society for Information Management 2008), and
this imbalance means that overall spending in many firms is skewed. One firm
uses the “prudent man” rule to deal with risk, which recommends a diversity of
approaches—being proactive, prevention, due diligence, credibility, and promoting
awareness—to ensure that it is adequately covered and that all stakeholders are
properly protected. Monitoring and adapting to new international standards and
laws, completing overall health checks, and analysis of potential risks are other
new dimensions of risk that should be incorporated into a firm’s overall approach
to risk management.
deVeloPing A Risk MAnAgeMent fRAMewoRk
With a holistic picture in mind, organizations can begin to develop a framework for fill-
ing in the details. The objective of a risk management framework (RMF) is to create a
common understanding of risk, to ensure the right risks are being addressed at the right
levels, and to involve the right people in making risk decisions. An RMF also serves to
guide the development of risk policies and integrate appropriate risk standards and
processes into existing practices (e.g., the SDLC). No company in the focus group had
yet developed a comprehensive framework for addressing IT-based risk, although
many had significant pieces in place or in development. In this section, we attempt to
piece these together to sketch out what an RMF might contain.
An RMF should serve as a high-level overview of how risk is to be managed in an
enterprise and can also act as a structure for reporting on risk at various levels of detail.
Currently, many companies have created risk management policies and require all staff
to read and sign them. Unfortunately, such policies are typically so long and complex as
M10_MCKE0260_03_GE_C10.indd 157 12/3/14 8:43 PM

158 Section II • IT Governance
to be overwhelming and ineffective. “Our security policy alone is two hundred pages.
How enforceable is it?” complained a manger. Another noted that the language in his
company’s policy was highly technical. As a result, user noncompliance in following
the recommended best practices was considerable. Furthermore, a plethora of commit-
tees, review boards, councils, and control centers are often designed to deal with one or
more aspects of risk management, but they actually contribute to the general complex-
ity of managing IT-based risk in an organization.
It should not be surprising that this situation exists, given the rapidity with which
technologies, interfaces, external relationships, and dependencies have developed
within the past decade. Organizations have struggled to simply keep up with the waves
of legislation, regulation, globalization, standards, and transformation that seem to
continually threaten to engulf them. An RMF is thus a starting point for providing an
integrated, top-down view of risk, defining it, identifying those responsible for making
key decisions about it, and mapping which policies and standards apply to each area.
Fortunately, current technology makes it easy to offer multiple views and multiple lev-
els of this information, enabling different groups or individuals to understand their
responsibilities and specific policies in detail and see links to specific tools, practices,
and templates, while facilitating different types of reporting to different stakeholders
at different levels. By mapping existing groups, policies, and guidelines into an RMF,
it is easier to see where gaps exist and where complexities in processes should be
streamlined.
A basic RMF includes the following:
• Risk category. The general area of enterprise risk involved (e.g., criminal, opera-
tions, third party).
• Policies and standards. These state, at a high level, the general principles for
guiding risk decisions, and they identify any formal corporate, industry, national,
or international standards that should apply to each risk category.2 For example,
one company’s policy regarding people states the following, in part:
Protecting the integrity and security of client and corporate information is
the responsibility of every employee. Timely and effective reporting of actual
and suspected privacy incidents is a key component of meeting this respon-
sibility. Management relies on the collective experience and judgment of its
employees.
Another company policy regarding culture states, “We need to embed a risk man-
agement focus and awareness into all processes, functions, jobs, and individuals.”
• Risk type. Each type of risk associated with each category (e.g., loss of
information, failure to comply with specific laws, inability to work due to system
outages) needs to be identified. Each type should have a generic name and defi-
nition, ideally linked to a business impact. Identifying all risk types will take
2 Some international standards include Committee of Sponsoring Organizations (COSO) of the Treadway
Commission, www.coso.org; SAI Global, www.saiglobal.com; and the Office of Government Commerce’s
Management of Risk (M_o_r) (www.ogc.gov.uk/guidance_management_of_risk.asp).
M10_MCKE0260_03_GE_C10.indd 158 12/3/14 8:43 PM

Chapter 10 • Risk Management in IT 159
time and probably require much iteration as “there are an incredible variety of
specific risks” (Mogul 2004). However, developing lists and definitions is a good
first step (Baccarini et  al. 2004; Hillson 2008; McKeen and Smith 2003) and is
already a common practice among the focus group companies, at least for certain
categories of risk.
• Risk ownership. Each type of risk should have an owner, either in IT or in the busi-
ness. As well, there will likely be several stakeholders who will be affected by risk-
based decisions. For example, the principal business sponsor could be the owner
of risk decisions associated with the development or purchase of a new IT system,
but IT operations and architecture as well as the project manager will clearly be
key stakeholders. In addition to specialized IT functions, such as IT security, audit
and privacy functions in the business will likely be involved in many IT risk-based
decisions. Owners and stakeholders should have clear responsibilities and account-
abilities. In the focus group, some major risk types were owned by committees,
such as an enterprise risk committee, or the internal audit, social responsibility and
risk governance committee, or the project risk review council on which stakeholder
groups were represented.
• Risk mitigation. As an RMF is developed, each type of risk should be associ-
ated with controls, practices, and tools for addressing it effectively. These fall into
one of two categories: compulsory and optional. Group members stressed that
overemphasis on mitigation can lead to organizational paralysis or hyper-risk
sensitivity. Instead participants stressed the role of judgment in right sizing miti-
gation activities wherever possible. “Our technology development framework
does not tell you what you have to do, but it does give you things to consider
in each phase,” said one manager. “We look first at the overall enterprise risk
presented by a project,” said another, “and develop controls based on our evalu-
ation of the level and types of risk involved.” The goal, everyone agreed, is to
provide a means by which risks can be managed consistently, effectively, and
appropriately.3
• Risk reporting and monitoring. This was a rather controversial topic in the focus
group. Although everyone agreed it is important to make risk and its management
more visible in the organization, tracking and reporting on risk have a tendency to
make management highly risk averse. One manager said:
We spent a year trying to quantify risks and developing a roll-up report, but we threw
it away because audit didn’t understand it and saw only one big risk. This led to endless
discussion and no confidence that IT was handling risk well. Now we use a very simple
reporting framework presenting risk as high, medium, or low. This is language we all
understand.
There are definitely pressures to improve risk measurement (Proctor 2007), but
clearly care must be taken in how these metrics are reported. For example, one company
3 “Risk Management Guide for Information Technology Systems” (csrc.nist.gov/publications/nistpubs/800-30/
sp800-30 ), the National Institute of Standards and Technology’s Special Publication 800-30, provides
guidance on specific risk mitigation strategies.
M10_MCKE0260_03_GE_C10.indd 159 12/3/14 8:43 PM

160 Section II • IT Governance
uses a variety of self-assessments to ensure that risks have been properly identified and
appropriate controls put in place. However, as risk management procedures become
better understood and more codified, risk reporting can also become more formalized.
This is particularly the case at present with operational process controls and fundamen-
tal IT security, such as virus or intrusion detection.
However, risk monitoring is an ongoing process because levels and types of
risk are changing continually. Thus, an RMF should be a dynamic document as new
types of risk are identified, business impacts are better understood, and mitigation
practices evolve. “We need to continually monitor all categories of risk and ask our
executives if the levels of risk are still the same,” said a focus group member. It
is clear that failure to understand how risks are changing is a significant risk in
itself (Proctor 2007). It is therefore especially important to have a process in place
to analyze what happens when an unforeseen risk occurs. Unless efforts are made
to understand the root causes of  a  problem, it is unlikely that effective mitigation
practices can be put in place.
iMPRoVing Risk MAnAgeMent cAPABilities
Risk management in most areas does not yet have well-documented best practices or
standards in place. However, the focus group identified several actions that could lead
to the development of effective risk management capabilities:
• Look beyond technical risk. One of the biggest inhibitors of effective risk manage-
ment is too tight a focus on technical risk, rather than on business risk (Coles and
Moulton 2003). A traditional security approach, for example, tends to focus only on
technical threats or specific systems or platforms.
• Develop a common language of risk. A clearer understanding of business risk
requires all stakeholders—IT, audit, privacy, legal, business managers—to speak
the same language and use comparable metrics—at least at the highest levels of
analysis where the different types of risk need to be integrated.
• Simplify the presentation. Having a common approach to discussing or
describing risk is very effective, said several focus group members. While the
work that is behind a simple presentation may be complex, presenting too
much complexity can be counterproductive. The most effective approaches are
simple: a narrative, a dashboard, a “stoplight” report, or another graphic style
of report.
• Right size. Risk management should be appropriate for the level of risk involved.
More effective practices allow for the adaptation of controls while ensuring that the
decisions made are visible and the rationale is communicated.
• Standardize the technology base. This is one of the most effective ways to reduce
risk, according to the research, but it is also one of the most expensive (Hunter
et al. 2005).
• Rehearse. Many firms now have an emergency response team in place to rapidly
deal with key hazards. However, it is less common that this team actually rehearses
its disaster recovery, business continuity, or other types of risk mitigation plans.
M10_MCKE0260_03_GE_C10.indd 160 12/3/14 8:43 PM

Chapter 10 • Risk Management in IT 161
One manager noted that live rehearsals are essential to reveal gaps in plans and
unexpected risk factors.
• Clarify roles and responsibilities. With so many groups in the organization
now involved in managing risk in some way, it is critical that roles and responsi-
bilities be documented and communicated. Ideally, this should be in the context
of an RMF. However, even if an RMF is not in place, efforts should be made to
document which groups in the organization are responsible for which types of
enterprise risk.
• Automate where appropriate. As risk management practices become stan-
dardized and streamlined, automated controls begin to make sense. Some
tools can be very effective, noted the focus group, provided they are applied
in ways that facilitate risk management, rather than becoming an obstacle to
productivity.
• Educate and communicate. Each organization has its own culture, and
most need to work with staff, business managers, and executives to make
them more aware of risks and the need to invest in appropriate manage-
ment. However, some organizations, like one insurance company in the
focus group, are so risk-phobic that they need education to enable them to
take on more risk. Such companies could benefit from better understanding
their “risk portfolio” of projects (Day 2007). Such an approach can often help
encourage companies to undertake more risky innovation initiatives with
more confidence.
Conclusion
Organizations are more sensitized to risk
than ever before. The economy, regulatory,
and legal environment; business complex-
ity; the increasing openness of business rela-
tionships; and rapidly changing technology
have all combined to drive managers to seek
a more comprehensive understanding of risk
and its management. Whereas in the past,
risk was managed in isolated pockets by
such functions as IT security, internal audit,
and legal, today recognition is growing that
these arenas intersect and affect each other.
And IT risk is clearly involved in many types
of business risk these days. Criminal activ-
ity, legal responsibilities, privacy, innova-
tion, and operational productivity, to name
just a few, all have IT risk implications. As a
result, organizations need a new approach to
risk—one that is more holistic in nature and
that provides an integrative framework for
understanding risk and making decisions
associated with it. Accomplishing this is no
simple task, so developing such a framework
will likely be an ongoing activity, as experts
in IT and others begin to grapple with how to
approach such a complex and multidimen-
sional activity. This chapter has therefore not
tried to present a definitive approach to risk
management. There is general agreement
that organizations are not ready for this.
Instead, it has tried to sketch an impression
of how to approach risk management and
what an effective risk management program
might look like. IT managers and others have
been left to fill in the details and complete
the portrait in their own organizations.
M10_MCKE0260_03_GE_C10.indd 161 12/3/14 8:43 PM

162 Section II • IT Governance
Baccarini, D., G. Salm, and P. Love. “Management
of Risks in Information Technology Projects.”
Industrial Management + Data Systems 104,
no. 3–4 (2004): 286–95.
Berinato, S. “The Fifth Annual Global State
of Information Security.” CIO Magazine,
August 28, 2007.
Caldwell, F., and R. Mogul. “Risk Management
and Business Performance Are Compatible.”
Gartner Inc., ID Number: G00140802,
October 18, 2006.
Coles, R., and R. Moulton. “Operationalizing IT
Risk Management.” Computers and Security 22,
no. 6 (2003): 487–92.
Day, G. “Is It Real? Can We Win? Is It Worth
Doing? Managing Risk and Reward in an
Innovation Portfolio.” Harvard Business Review,
December 2007.
Didraga, O. “The Role and the Effects of
Risk Management in IT Projects Success.”
Informatica Economica 17, no. 1 (2013): 86–98.
Hillson, D. “Danger Ahead.” PM Network,
March 2008.
Hunter, R., and G. Westerman. IT Risk: Turning
Business Threats into Competitive Advantage.
Boston: Harvard Business School Press, 2007.
Hunter, R., G. Westerman, and D. Aron. “IT Risk
Management: A Little Bit More Is a Whole
Lot Better.” Gartner EXPCIO Signature Report,
February 2005.
References
McKeen, J., and H. Smith. Making IT Happen:
Critical Issues in IT Management. Chichester,
England: John Wiley & Sons, 2003.
Mogul, R. “Gartner’s Simple Enterprise Risk
Management Framework.” Gartner Inc., ID
Number: G00125380, December 10, 2004.
Proctor, P. IT “Risk Management for the
Inexperienced: A CIO’s Travel Guide to
IT ‘Securistan.’” Presentation to Gartner
Symposium ITxpo 2007 Emerging Trends, San
Francisco, CA, April 22–26, 2007.
Proctor, P. “Key Issues for the Risk and Security
Roles, 2008.” Gartner Inc., ID Number:
G00155764, March 27, 2008.
Rasmussen, M. “Identifying and Selecting the
Right Risk Consultant.” Forrester Research
Teleconference, July 12, 2007.
Slywotzky, A., and J. Drzik. “Countering the
Biggest Risk of All.” Harvard Business Review,
April 2005.
Society for Information Management. “Executive
IT security.” Private presentation to the SIM
Advanced Practices Council, May 2008.
Symantec Corporation. “Trends for July–December
2006.” Symantec Internet Security Threat Report
XI (March 2007).
Witty, R. “Findings: IT Disaster Recovery Can
Upsell Business Continuity Management.”
Gartner Inc., ID Number: G00155402,
February 19, 2008.
M10_MCKE0260_03_GE_C10.indd 162 12/3/14 8:43 PM

Chapter 10 • Risk Management in IT 163
Appendix A
A Selection of Risk Classification Schemes
MCKeen and SMith (2003)
• Financial risk
• Technology risk
• Security
• Information and people
• Business process
• Management
• External
• Risk of success
BaCCaRini, SalM, and love (2004)
• Commercial risk
• Economic circumstances
• Human behavior
• Political circumstances
• Technology and technical issues
• Management activities and controls
• Individual activities
JoRdan and SilCoCKS (2005)
• Project risk
• IT services
• Information assets
• IT service providers and vendors
• Applications
• Infrastructure
• Strategic
• Emergent
RaSMuSSen (2007)
• Information security risk
• Policy and compliance
• Information asset management
• Business continuity and disaster
recovery
• Incident and threat management
• Physical and environment
• Systems development and operations
management
CoMBined FoCuS GRoup CateGoRieS
• Project
• Operations
• Strategic
• Enterprise
• Disaster recovery
• Information
• External
• Reputation
• Competitive
• Compliance and regulatory
• Forensic
• Opportunity
• Ethical
• Physical
• Business continuity
• Business process
M10_MCKE0260_03_GE_C10.indd 163 12/3/14 8:43 PM

164
C h a p t e r
11 Information Management: Stages and Issues1
More than ever before, we are living in an information age. Yet until very recently, information and its sibling, knowledge, were given very little atten-tion in IT organizations. Data ruled. And information proliferated quietly in
various corners of the business—file cabinets, PCs, databases, microfiche, e-mail, and
libraries. Then along came the Internet and social media, and the business began to
understand the power and the potential of information. For the past few years, busi-
nesses have been clamoring for IT to deliver more and better information to them (IBM
2012; Smith and McKeen 2005c). As a result, information delivery has become an impor-
tant part of IT’s job.
Now that businesses recognize the value of improved information, IT is facing
huge challenges delivering it:
Not only does effective information delivery require IT to implement new
technologies, it also means that IT must develop new internal nontechnical and
analytic capabilities. Information delivery makes IT work much more visible in
the organization. Developing standard data models, integrating information
into work processes, and forcing (encouraging) business managers to put the
customer/employee/supplier first in their decision making involves IT practi-
tioners in organizational and political conflicts that most would likely prefer to
avoid. Unfortunately, the days of hiding in the “glass house” are now completely
over and IT managers are front and center of an information revolution that will
completely transform how organizations operate. (Smith and McKeen 2005a)
This points out a truth that is only just beginning to sink into the organization’s
collective consciousness. That is, although information delivery may be the responsibility
1 This chapter is based on the authors’ previously published article, Smith, H. A., and J. D. McKeen.
“Information Management: The Nexus of Business and IT.” Communications of the Association for Information
Systems 19, no. 3 (January 2007): 34–46. Reproduced by permission of the Association for Information Systems.
M11_MCKE0260_03_GE_C11.indd 164 12/3/14 8:44 PM

Chapter 11 • Information Management: Stages and Issues 165
of IT, information management (IM) requires a true partnership between IT and the busi-
ness. IT is involved with almost every aspect of IM, but information is the heart and soul
of the business, and its management cannot be delegated or abdicated to IT. Thus, IM
represents the true nexus of the business and IT. Because of this, IM has all the hall-
marks of an emerging discipline—the offspring of a committed, long-term relationship
between the business and IT. It requires new skills and competencies, new frames of
reference, and new processes. As is often the case, IT workers are further advanced in
their understanding of this new discipline, but many business leaders are also recogniz-
ing their responsibilities in this field. In some organizations, notably government, IM is
now a separate organizational entity, distinct from IT.
This chapter explores the nature and dimensions of IM and its implications for IT,
looking at IM from the enterprise point of view. Information delivery can be viewed
from a purely IT perspective, whereas information management addresses the busi-
ness and IT issues and challenges in managing information effectively. The first section
examines the scope and nature of IM and how it is being conceptualized in organiza-
tions. The next presents a framework for the comprehensive management of informa-
tion. Then the key issues currently facing organizations in implementing an effective IM
program are addressed. Finally, the chapter presents some recommendations for getting
started in IM.
InformatIon management: How Does It fIt?
Information management is an idea whose time has come for a number of reasons. One
focus group member explained it in this way:
In today’s business environment, it is a given that we must know who our customer is
and ensure our organization’s information enables us to make the right business decisions.
As well, emerging regulations are starting to shape the IM requirements of all companies.
These include privacy and security safeguards on customer information, long-term storage
of historical records, and stronger auditability. We are now being held legally accountable
for our information.
Thus, IM has three distinct but related drivers: (1) compliance, (2) operational
effectiveness and efficiency, and (3) strategy.
Information, as we are now recognizing, is a key organizational resource, along
with human and financial capital. Captured and used in the right way, many believe
information is a different form of capital, known as structural capital (Stewart 1999).
However, unlike human and financial capital, information is not finite. It cannot be
used up, nor can it walk out the door. Furthermore, information capabilities—that is,
the ability to capture, organize, use, and maintain information—have been shown to
contribute to IT effectiveness, individual effectiveness, and overall business perfor-
mance (Kettinger and Marchand 2005; Marchand et al. 2000; Perez-Lopez and Alegre
2012). Therefore, many companies now believe that creating useful structural capital is
a strategic priority (IBM 2012; Kettinger and Marchand 2005).
Unlike information technology, which provides the technology, tools, and
processes with which to capture, store, and manipulate data, or knowledge management
M11_MCKE0260_03_GE_C11.indd 165 12/3/14 8:44 PM

166 Section II • IT Governance
(KM), which focuses on how best to leverage the know-how and intangible experience
of the organization’s human capital, IM provides the mechanisms for managing enter-
prise information itself. IM represents the “meat” in the data–information–knowledge
continuum and provides a foundation that can be used by both IT and KM to create
business value (see Figure 11.1).
As noted earlier, organizations today are beset with demands for more and better
information and more controls over it. IM is the means to get above the fray and clarify
how the enterprise will manage information as an integrated resource. In theory, it
covers all forms of information needed and produced by the business, both structured
and unstructured, including the following:
• Customer information
• Financial information
• Operational information
• Product information
• HR information
• Documents
• E-mail and instant messages
• Customer feedback
• Images and multimedia materials
• Business intelligence
• Relationship information (e.g., suppliers, partners)
• Information about physical objects (i.e., the internet of things)
• Externally generated information (e.g., government records, weather information)
• Geolocation information
In practice, some of these forms will be more thoroughly managed than others,
depending on the organization involved.
The “IM function” is also responsible for the complete information life cycle:
acquisition or creation, organization, navigation, access, security, administration,
storage, and retention. Because IM falls into the gray area between the business and
IT and is not yet a separate organizational entity, many organizations are finding
it is essential to develop an enterprisewide framework that clarifies the policies,
principles, roles, responsibilities and accountabilities, and practices for IM in both
groups.
Knowledge Management
Information Technology
Information Management
fIgure 11.1 IM is Fundamental to Organizational Success—Both IT Effectiveness and Individual
Performance
M11_MCKE0260_03_GE_C11.indd 166 12/3/14 8:44 PM

Chapter 11 • Information Management: Stages and Issues 167
a framework for Im
Because much information use crosses traditional functional boundaries, organiza-
tions must take an enterprise perspective on IM for it to be effective. A framework for
implementing IM involves several stages that move from general principles to specific
applications. Although these are presented as distinct activities, in practice they will
likely evolve iteratively as the organization and its management learn by doing. For
example, one company developed and implemented its privacy policy first then recog-
nized the need for an information security policy. As this was being implemented, it cre-
ated a more generic IM policy that incorporated the other two in its principles.
stage one: Develop an Im Policy
A policy outlines the terms of reference for making decisions about information. It pro-
vides the basis for corporate directives and for developing the processes, standards,
and guidelines needed to manage information assets well throughout the enterprise.
Because information is a corporate asset, an IM policy needs to be established at a very
senior management level and approved by the board of directors. This policy should
provide guidance for more detailed directives on accountabilities, quality, security, pri-
vacy, risk tolerances, and prioritization of effort.
Because of the number of business functions affected by information, a draft policy
should be developed by a multidisciplinary team. At minimum, IT, the privacy office,
legal, HR, corporate audit, and key lines of business should be involved. “We had lots
of support for this from our audit people,” said one manager. “They recognize that an
IM policy will help improve the traceability of information and its transformations, and
this makes their jobs easier.” Another recommended reviewing the draft policy with
many executives and ensuring that all business partners are identified. “Ideally, the
policy should also link to existing IM processes such as security classifications,” stated
another. “It’s less threatening if people are familiar with what it implies, and this also
helps identify gaps in practices that need to be addressed.”
stage two: articulate the operational Components
The operational components describe what needs to be in place in order to put the
corporate IM policy into practice across the organization (see Figure 11.2). In turn, each
component will have several “elements.” These could vary according to what different
organizations deem important. For example, the strategy component at one company
has six elements: (1) interacting with the external environment, (2) strategic planning,
(3) information life cycle, (4) general planning, (5) program integration, and (6) per-
formance monitoring (for a description of the elements identified by this firm, see
Appendix A). Together, the operational components act as a context to describe current
IM practices in the organization and reference existing best practices in each area. “This
is a living document, and you should expect it to be continually refined,” noted a focus
group member.
The IM framework’s operational components and individual elements act as a dis-
cussion document to position IM in the business and to illustrate its breadth and scope.
“There’s a danger of IM being perceived as a ‘technology thing,’” stated a manager.
M11_MCKE0260_03_GE_C11.indd 167 12/3/14 8:44 PM

168 Section II • IT Governance
Although it is often IT groups that spearhead the IM effort, they recognize that it
shouldn’t necessarily be located in IT permanently. “Ideally, we need a corporate infor-
mation office that cuts across lines of business and corporate groups, just like IT,” said
another manager.
stage three: establish Information stewardship
Many roles and responsibilities associated with IM need to be clearly articulated. These
are especially important to clarify because of the boundary-spanning nature of informa-
tion. Both political and practical issues arise when certain questions are asked: Who is
responsible for the quality of our customer data? Whose version of name and address
do we use? Who must sign off on the accuracy of our financial information? Ideally,
most organizations would like to have a single version of each of their key informa-
tion subjects (e.g., customer, product, employees) that all lines of business and systems
would use. This would enable proper protections and controls to be put in place. And
this is clearly a long-term IM goal for most. However, legacy environments, politics,
and tight budgets mean that the reality is somewhat less perfect with duplicate versions
of the same information and several variants being used by parts of the business.
Information stewards are businesspeople. They should be responsible for deter-
mining the meaning of information “chunks” (e.g., customer name and address) and
their business rules and contextual use. They should be responsible for the accuracy,
timeliness, consistency, validity, completeness, and redundancy of information. Stewards
also determine who may access information according to privacy and security policies
and provide guidance for the retention and deletion of information in accordance with
regulatory and legal requirements. In addition, stewards make the information’s charac-
teristics available to a broad audience through the organization’s metadata.
Stewardship, like IM, is an evolving role that few understand fully. Ideally, there
should be one steward for each key information subject, but this is nowhere near the
reality in most organizations. One organization has established a working group for each
of its major subjects, with representatives from all affected stakeholder groups as well
as IT. The working groups’ goals are to reduce duplicate records, correct information,
Strategy
Culture and Behaviors
Governance
Technology &
Architecture
ProcessesPeople
fIgure 11.2 Operational Components of an IM Framework
M11_MCKE0260_03_GE_C11.indd 168 12/3/14 8:44 PM

Chapter 11 • Information Management: Stages and Issues 169
simplify processes, and close “back doors.” In the longer term, these groups hope to
develop standard definitions and a formal stewardship process and ultimately use
these to retool IT’s data infrastructure.
“We are struggling with this concept,” admitted a manager. “This is not a simple
task, and no one in our business wants to take accountability as yet.” Stewardship also
takes time, and many business units are not yet prepared to allocate resources to it. “At
present, we are hitching our wagons to other projects and hoping to make some prog-
ress in this way,” said another manager. “Every area is taking some steps, but they’re
all at different levels of maturity. This can be frustrating because progress is so slow.”
All agreed that the role of information steward needs to be better defined and incor-
porated into organizational and HR models. New performance metrics also need to be
established to monitor progress against these goals in ways that link IM activities to key
business objectives.
stage four: Build Information standards
Standards help ensure that quality, accuracy, and control goals can be met. When all
parts of an organization follow the same standards, it is relatively easy to simplify
the processes and technology that use a piece of information, said the focus group.
Conversely, different information standards used by different business groups will
inhibit effective IM. Setting information standards can be challenging, and it’s even
harder to actually implement them, participants noted. The latter is partly due to the
large number of legacy applications in most organizations and also because it is dif-
ficult to get funding for this work.
Not all information needs to be standardized, however—only that which is used
by more than one business unit. When information is used more broadly, a standard
needs to be established. A metadata repository is useful for this. This repository stores
information definitions; standards for use and change; and provides cross-references
for all models, processes, and programs using a particular piece of information. A meta-
data repository can be jointly used by the business, when beginning a new project, and
IT, when developing or modifying applications. It can be invaluable to both groups
(and the enterprise) in helping them to understand how their work will affect others,
thus preventing potential problems.
Typically, cross-functional working groups composed of business and IT staff
establish standards. “Metadata is really where the rubber meets the road,” said one
manager. “It can be a very powerful tool to prevent the duplication of data in the orga-
nization.” However, it is a huge undertaking and takes time to show value. “You need
strong IT executive support for this,” he said. “It is not something that those outside
of IT initially understand.” The focus group recommended starting with what exists
currently (e.g., a data warehouse), then growing from there. One firm initially estab-
lished a procedure that any changes to production systems had to update the metadata
repository first. “We weren’t prepared for the demand this created,” stated the manager
involved. “It’s much better to incorporate this step in front-end analysis than at the end
of development.”
Finally, education and awareness play an essential role at this stage. “We always
underestimate the importance of awareness,” said a participant. “We must make sure
that no project starts in the organization that doesn’t use standards. The only way to
M11_MCKE0260_03_GE_C11.indd 169 12/3/14 8:44 PM

170 Section II • IT Governance
do this is to keep this issue continually in front of our business executives.” The other
group members agreed. “Standards are the cornerstone of IM,” said one. “If they are
followed, they will ensure we don’t add further layers of complexity and new steps.”
Issues In Im
As with anything new, those involved with IM in their organizations face a host of
challenges and opportunities as they try to implement more effective processes and
practices around information. Some of these can be mixed blessings in that they are
both drivers of IM and complications (e.g., legislation). Others are simply new ways
of looking at information and new perspectives on the way organizations work. Still
others are genuinely new problems that must be addressed. When combined with the
fact that IM “belongs” exclusively to neither IT nor the business, these add up to a
huge organizational headache, especially for IT. “Sometimes the businesspeople are not
ready for the disciplines associated with IM,” said one manager. “If they’re not ready,
we move on to an area that is.” Another said, “Sometimes it’s more trouble than it’s
worth to involve the business, and we just do the work ourselves.”
Culture and Behavior
In the longer term, however, the focus group agreed that IM is something that all parts
of the organization will have to better understand and participate in. One of the most
comprehensive challenges is changing the culture and behavior surrounding informa-
tion. Marchand et al. (2000) suggest that six interdependent beliefs and behaviors are
needed by all staff to support a positive “information orientation.” These have been
strongly correlated to organizational performance when they are present with strong IT
and IM practices:
1. Integrity. Integrity “defines both the boundaries beyond which people in an
organization should not go in using information and the ‘space’ in which people
can trust their colleagues to do with information what they would do themselves”
(Marchand et al. 2000). Where integrity exists, people will have confidence that
information will not be used inappropriately.
2. Formality. Formality is the ability to trust formal sources of information
(as  opposed to informal ones). Formality enables an organization to provide
accurate and consistent information about the business and establish formal pro-
cesses and information flows that can be used to improve performance and provide
services to customers.
Standards require . . .
• A unique name and definition
• Data elements, examples, and character length (e.g., name prefix)
• Relationship rules
• Implementation requirements
• Spacing and order
M11_MCKE0260_03_GE_C11.indd 170 12/3/14 8:44 PM

Chapter 11 • Information Management: Stages and Issues 171
3. Control. Once formal information is trusted, it can be used to develop integrated
performance criteria and measures for all levels of the company. In time, these will
enable monitoring and performance improvement at the individual and work unit
levels and can be linked to compensation and rewards.
4. Transparency. Transparency describes a level of trust among members of an
organization that enables them to speak about errors or failures “in an open and
constructive manner without fear of unfair repercussions” (Marchand et al. 2000).
Transparency is necessary to identify and respond effectively to problems and for
learning to take place.
5. Sharing. At this level, both sensitive and nonsensitive information is freely
shared among individuals and across functional boundaries. Information
exchanges are both initiated by employees and formally promoted through pro-
grams and forums.2
6. Proactiveness. Ultimately, every member of an organization should be proac-
tive about acquiring new information about business conditions and testing new
concepts.
Information risk management
The increasing breadth and scope of IT, combined with greater use of outsourcing and
mobility, has made information more vulnerable to both internal and external fraud
and has raised the level of risk associated with it. Management must, therefore, take
proactive measures to determine an appropriate risk/return trade-off for information
security. Costs are associated with information security mechanisms, and the business
must be educated about them. In some cases these mechanisms are “table stakes”—that
is, they must be taken if the company wants to “be in the game.” Other risks in informa-
tion security include internal and external interdependencies, implications for corpo-
rate governance, and impact on the value proposition. Risk exposures can also change
over time and with outsourcing, mobile applications, and cloud computing.
The focus group agreed that security is essential in the new world of IM. Today
most organizations have basic information protection, such as virus scanners, firewalls,
and virtual private networks. Many are also working on the next level of security, which
includes real-time response, intrusion detection and monitoring, and vulnerability analy-
sis. Soon, however, information security will need to include role-based identity and access
management. An effective information-security strategy includes several components:
• An information protection center, which classifies data, analyzes vulnerabilities, and
issues alerts
• Risk management
• Identity management, including access management, digital rights management,
and encryption technology
• Education and awareness
• Establishment of priorities, standards, and resource requirements
• Compliance reviews and audits
2 Privacy laws in many countries inhibit the sharing of personal information for any purpose other than that
for which it was collected. Customer information can, therefore, be shared only with consent.
M11_MCKE0260_03_GE_C11.indd 171 12/3/14 8:44 PM

172 Section II • IT Governance
Many of the decisions involved must be made by the lines of business, not IT, as
only the business can determine access rules for content and the other controls that will
facilitate identity and access management.
Information Value
At present, the economics of information have not yet been established in most organi-
zations. It is, therefore, often hard to make the case for IM investments not only because
the benefits are difficult to quantify but also because of the large number of variables
involved. A value proposition for IM should address its strategic, tactical, and opera-
tional value and how it will lower risk and develop new capabilities. Furthermore, an
effort should be made to quantify the value of the organization’s existing information
assets and to recognize their importance to its products and services.
Determining “value” is a highly subjective assessment. Thus, different compa-
nies and even different executives will define it differently. Most businesses define
value broadly and loosely, not simply as a financial concept (Ginzberg 2001). However,
because there is no single, agreed-on measure of information value, misunderstandings
about its definition can easily arise (Beath et al. 2012). Therefore, it is essential that
everyone involved in IM activities agree on what value they are trying to deliver and
how they will recognize it. Furthermore, value has a time dimension. It takes time for
an IM investment to pay off and become apparent. This also must be recognized by all
concerned.
Privacy
Concern for the privacy of personal information has been raised to new levels, thanks to
legislation being enacted around the world. All companies need enterprisewide privacy
policies that address the highest privacy standards required in their working environ-
ments. For example, if they operate globally, policies and practices should satisfy all
legislation worldwide. Privacy clearly should be both part of any long-term IM initia-
tives, and also what an organization is doing currently. As such, it is both an IM issue
and an initiative in its own right. Both existing processes and staff behavior will be
affected by privacy considerations. “Privacy is about respect for personal information
and fair and ethical information practices. Training should start with all new employees
and then be extended to all employees,” said a manager. Many countries now require
organizations to have a chief privacy officer. If so, this person should be a key stake-
holder in ensuring that the organization’s IM practices for data quality and accuracy,
retention, information stewardship, and security are also in keeping with all privacy
standards and legislation.
As with other IM initiatives, it is important that senior management under-
stand and support the changes needed to improve privacy practices over time. “Good
practices take time to surface,” said a manager. “It takes time and resources to ensure
all our frontline staff and our information collection and management processes are
compliant.” Accountabilities should be clearly defined as well. Ideally, IM policy and
stewards set the standards in this area with privacy specialists and operational staff
(in both IT and the business) responsible for implementing them. With the increase
in outsourcing, particularly to offshore companies, all contracts and subcontracting
M11_MCKE0260_03_GE_C11.indd 172 12/3/14 8:44 PM

Chapter 11 • Information Management: Stages and Issues 173
arrangements must be reviewed for compliance in this area. “Our company is still liable
for privacy breaches if they occur in one of our vendor firms,” noted a group member.
knowledge management
Although many organizations have been soured on knowledge management (KM)
because of its “soft and fuzzy” nature (Smith and McKeen 2004), the fact remains that
IM provides a solid foundation that will enable the organization to do more with what
it knows (see Figure 11.1). Even firms that do not have a separate KM function recog-
nize that better IM will help them build valuable structural capital. There are many
levels at which IM can be improved. At the most elementary, data warehouses can
be built and the information in them can be analyzed for trends and patterns. One
company is working on identifying its “single points of knowledge” (i.e., those staff
members who have specialized knowledge in an important area) and capturing this
knowledge in a formal way (e.g., in business processes or metadata). Many firms are
making customer information management a priority so they can use this information
to both serve their customers better and to learn more about them.3 This clearly cannot
be done unless information is integrated across processes and accessible in a usable
format (Beath et al. 2012; Smith and McKeen 2005b). Finally, information can be aggre-
gated and synthesized to create new and useful knowledge. For example, Wal-Mart
takes transaction-level information from its sales process and aggregates and analyzes
it to make it useful both to the sales process and to other areas of the business. It iden-
tifies trends and opportunities based on this analysis and enables information to be
viewed in different ways, leading to new insights.
the knowing–Doing gap
Most organizations assume that better information will lead to better decisions and
actions, but research shows that this is not always (or even often) the case. All too often
companies do not utilize the information they have. One problem is that we really
understand very little about how organizations and groups actually use information in
their work (Beath et al. 2012; Pfeffer and Sutton 2000). Some organizations do not make
clear links between desired actions and the acquisition and packaging of specific infor-
mation. Although this may seem like common sense, the focus group agreed that the
complex connections between decisions and actions are not always well understood.
Effective technology, strong IM practices, and appropriate behaviors and values are all
necessary to ensure the information–action connection is made (Smith et al. 2006).
gettIng starteD In Im
Although IM is not IT, the fact remains that IT is still largely driving IM in most orga-
nizations. Whether this will be the case in the longer term remains to be seen. Most
members would like to see the situation reversed, with the business driving the effort to
3 Customer information is particularly sensitive and may be analyzed only with a customer’s consent in many
countries. The need to monitor consents adds a further layer of complexity to this already challenging activity.
M11_MCKE0260_03_GE_C11.indd 173 12/3/14 8:44 PM

174 Section II • IT Governance
establish appropriate IM policies, procedures, stewardship, and standards and IT sup-
porting IM with software, data custodianship, security and access controls, information
applications and administration, and integrated systems. In the shorter term, however,
IT is working hard to get IM the attention it deserves in the business.
Focus group participants had several recommendations for others wishing to get
started in IM:
• Start with what you have. “Doing IM is like trying to solve world hunger,” said one
manager. “It just gets bigger and bigger the longer you look at it.” Even just listing all
of the information types and locations in the organization can be a daunting task, and
the job will probably never be fully complete. The group, therefore, recommended
doing an inventory of what practices, processes, standards, groups, and repositories
already exist in the organization and trying to grow IM from there. It is most impor-
tant to get the key information needed to achieve business objectives under control
first. For many companies, this may be customer information; for others, it may be
product or financial information. “It’s really important to prioritize in IM,” said a
manager. “We need to focus on the right information that’s going to have the biggest
return.” It may help to try to quantify the value of company information in some
way. Despite the fact that there is no accepted accounting method for doing so as yet,
some firms are adapting the value assessment methodologies used for other assets.
“When you really look at the value of information, it’s worth a staggering amount
of money. This really gets senior management attention and support,” noted a focus
group member.
A top-down approach is ideal, yet it may not always be practical. “It took
us over a year to get an information policy in place,” said a participant. “In the
meantime, there are significant savings that can be realized by taking a bottom-up
approach and cleaning up some of the worst problems.” Harnessing existing com-
pliance efforts around privacy, security, and the other types of regulation is also
effective. At minimum, these will affect information architecture, access to data,
document retention, and data administration for financial and personal informa-
tion (Smith and McKeen 2006). “We can take either an opportunity or a fear mindset
toward regulation,” said a manager. Companies that see compliance from a purely
tactical perspective will likely not see the value of increased controls. If, however,
they see regulation as a chance to streamline and revamp business processes and
the information they use, their compliance investments will likely pay off. Those
interested in IM can also take advantage of the dramatically elevated attention lev-
els of the board and executives to compliance matters.
• Ensure cross-functional coordination among all stakeholders. Business involve-
ment in IT initiatives is always desirable, and it is impossible to do IM without it.
“No IM effort should go ahead without fully identifying all areas that are affected,”
stated one manager. Typically, legal, audit, and the privacy office will have a keen
interest in this area. Equally typical, many of the business units affected will not
be interested in it. For operational groups, IM is often seen as bureaucratic over-
head and extra cost, which is why education and communication about IM are
essential. “You have to allow time for these groups to get on board with this con-
cept and come around to the necessity of taking the time to do IM right,” said a
M11_MCKE0260_03_GE_C11.indd 174 12/3/14 8:44 PM

Chapter 11 • Information Management: Stages and Issues 175
participant. He noted that this effort has to be repeated at each level of the orga-
nization. “Senior management may be supportive, but members of the working
groups may not really understand what we’re trying to accomplish.”
• Get the incentives right. Even with IM “socialization” (i.e., education and com-
munication), politics is likely to become a major hurdle to the success of any IM
efforts. Both giving up control and taking accountability for key pieces of infor-
mation can be hard for many business managers. Therefore, it is important to
ensure incentives are in place that will motivate collaboration. Metrics are an
important way to make progress (or the lack of it) highly visible in the organiza-
tion. One firm developed a team scorecard for its customer information working
group that reported two key measures to executives: the percentage of remain-
ing duplicate records and the percentage of “perfect” customer records. Each of
these was broken down into a number of leading indicators that helped focus
the group’s behavior on the overall effort rather than on individual territories.
Another firm linked its process and information simplification efforts to bud-
gets. The savings generated from eliminating duplicate or redundant information
(and its associated storage and processing) were returned to the business units
involved to be reinvested as they saw fit. This proved to be a huge motivator of
enterprise-oriented behavior.
• Establish and model sound information values. Because frontline workers, who
make many decisions about information and procedures, ultimately cannot cover
all eventualities, all staff need to understand the fundamental reasons for key com-
pany information policies and directives. Corporate values around information
guide how staff should behave even when their managers aren’t around. And they
provide a basis for sound decision making about information (IBM 2012; Stewart
2004). Others have noted that senior IT leadership should primarily be about
forming and modeling values, not managing tasks, and this is especially true for
IM, said the focus group. Values are particularly important, they noted, now that
staff are more mobile and virtual and, thus, more empowered. If such values are
effectively articulated and modeled by leaders, they will drive the development of
the appropriate culture and behaviors around information.
Information management is gaining increas-
ing attention in both IT and the business.
Driven by compliance and privacy legisla-
tion, the increasing vulnerability of corpo-
rate information, and the desire for greater
integration of systems, IM is beginning
to look like an emerging discipline in its
own right. However, the challenges facing
organizations in implementing effective
IM practices are many and daunting. Not
least is the need to try to conceptualize the
scope and complexity of work to be done.
Tackling IM is likely to be a long-term task.
IT managers have a huge communications
job ahead in trying to educate business lead-
ers about their responsibilities in informa-
tion stewardship, developing sound IM
practices, and inculcating the culture and
behaviors needed to achieve the desired
results. Developing a plan for tackling the
Conclusion
M11_MCKE0260_03_GE_C11.indd 175 12/3/14 8:44 PM

176 Section II • IT Governance
large and ever-increasing amount of infor-
mation involved is only the first step. The
more difficult effort will be involving every
member of the organization—from the board
to frontline workers—in seeing that it is
carried out effectively. Although IT can lead
this effort initially and provide substantial
support for IM, ultimately its success or fail-
ure will be due to how well the business does
its part.
Beath, C., I. Bercerra-Fernandez, J. Ross, and
J. Short. “Finding Value in the Information
Explosion.” MIT Sloan Management Review 53,
no. 4 (Summer 2012).
Ginzberg, M. “Achieving Business Value Through
Information Technology: The Nature of High
Business Value IT Organizations.” Report
commissioned by the Society for Information
Management Advanced Practices Council,
November 2001.
IBM. CEO Survey 2011: Leading through Connections
Executive Summary. Somers, NY: IBM Global
Business Services, May 2012, GBE03486-USEN-00.
Kettinger, W., and D. Marchand. “Driving Value
from IT: Investigating Senior Executives’
Perspectives.” Report commissioned by
the Society for Information Management,
Advanced Practices Council, May 2005.
Marchand, D., W. Kettinger, and J. Rollins.
“Information Orientation: People, Technology
and the Bottom Line.” MIT Sloan Management
Review 4, no. 41 (Summer 2000): 69–80.
Perez-Lopez, S., and J. Alegre. “Information
Technology Competency, Knowledge Processes
and Firm Performance.” Industrial Management
and Data Systems 112, no. 4 (2012): 644–62.
Pfeffer, J., and R. Sutton. The Knowing-Doing Gap.
Boston: Harvard Business School Press, 2000.
Smith, H. A., and J. D. McKeen. “Marketing KM to
the Business.” Communications of the Association
for Information Systems 14, article 23 (November
2004): 513–25.
Smith, H. A., and J. D. McKeen. “Information
Delivery: IT’s Evolving Role.” Communications
of the Association for Information Systems 15,
no. 11 (February 2005a): 197–210.
Smith, H. A., and J. D. McKeen. “A Framework
for KM Evaluation.” Communications of the
Association for Information Systems 16, no. 9
(May 2005b): 233–46.
Smith, H. A., and J. D. McKeen. “Customer
Knowledge Management: Adding Value
for Our Customers.” Communications of the
Association for Information Systems 16, no. 36
(November 2005c): 744–55.
Smith, H. A., and J. D. McKeen. “IT in the New
World of Corporate Governance Reforms.”
Communications of the Association for Information
Systems 17, no. 32 (May 2006): 714–27.
Smith, H. A., J. D. McKeen, and S. Singh. “Making
Knowledge Work: Five Principles for Action-
Oriented Knowledge Management.” Knowledge
Management Research and Practice 4, no. 2 (2006):
116–24.
Stewart, T. Intellectual Capital: The New Wealth of
Organizations. New York: Doubleday, 1999.
Stewart, T. “Leading Change When Business Is
Good: An Interview with Samuel J. Palmisano.”
Harvard Business Review 82, no. 12 (December
2004).
References
M11_MCKE0260_03_GE_C11.indd 176 12/3/14 8:44 PM

Chapter 11 • Information Management: Stages and Issues 177
Appendix A
Elements of IM Operations
A. StRAtegy
• External environment
• Strategic planning
• Information life cycle
• Planning
• Program integration
• Performance monitoring
B. PeoPle
• Roles and responsibilities
• Training and support
• Subject-matter experts
• Relationship management
C. PRoCeSSeS
• Project management
• Change management
• Risk management
• Business continuity
• Information life cycle:
• Collect, create, and capture
• Use and dissemination
• Maintenance, protection, and
preservation
• Retention and disposition
D. teChnology AnD ARChiteCtuRe
• IM tools
• Technology integration
• Information life cycle: organization
• Data standards
e. CultuRe AnD BehAvioRS
• Leadership
• IM awareness
• Incentives
• IM competencies
• Communities of interest
F. goveRnAnCe
• Principles, policies, and standards
• Compliance
• IM program evaluation
• Quality of information
• Security of information
• Privacy of information
M11_MCKE0260_03_GE_C11.indd 177 12/3/14 8:44 PM

Mini CAse
Building Shared Services at RR
Communications4
Vince Patton had been waiting years for this day. He pulled the papers together in front of
him and scanned the small conference room. “You’re fired,” he said to the four divisional
CIOs sitting at the table. They looked nervously at him, grinning weakly. Vince wasn’t
known to make practical jokes, but this had been a pretty good meeting, at least relative to
some they’d had over the past five years. “You’re kidding,” said Matt Dawes, one of the
more outspoken members of the divisional CIO team. “Nope,” said Vince. “I’ve got the
boss’s OK on this. We don’t need any of you anymore. I’m creating one enterprise IT orga-
nization, and there’s no room for any of you. The HR people are waiting outside.” With
that, he picked up his papers and headed to the door, leaving the four of them in shock.
“That felt good,” he admitted as he strode back to his office. A big man, not
known to tolerate fools gladly (or corporate politics), he was not a cruel one. But those
guys had been thorns in his side ever since he had taken the new executive VP of IT job
at the faltering RR Communications five years ago. The company’s stock had been in
the dumpster, and with the dramatically increased competition in the telecommunica-
tions industry as a result of deregulation, his friends and family had all thought he was
nuts. But Ross Roman, RR’s eccentric but brilliant founder, had made him an offer he
couldn’t refuse. “We need you to transform IT so that we can introduce new products
more quickly,” he’d said. “You’ll have my full backing for whatever you want to do.”
Typically for an entrepreneur, Roman had sketched the vision swiftly, leaving some-
one else to actually implement it. “We’ve got to have a more flexible and responsive IT
organization. Every time I want to do something, they tell me ‘the systems won’t allow
it.’ I’m tired of having customers complaining about getting multiple bills for each of our
products. It’s not acceptable that RR can’t create one simple little bill for each customer.”
Roman punctuated his remarks by stabbing with his finger at a file full of letters to the
president, which he insisted on reading personally each week. “You’ve got a reputation
as a ‘can do’ kind of guy; I checked. Don’t bother me with details; just get the job done.”
Vince knew he was a good, proactive IT leader, but he hadn’t been prepared
for the mess he inherited—or the politics. There was no central IT, just separate divi-
sional units for the four key lines of business—Internet, mobile, landline, and cable TV
service—each doing its own thing. Every business unit had bought its own hardware
and software, so introducing the common systems that would be needed to accomplish
Roman’s vision would be hugely difficult—that is, assuming they wanted them, which
they didn’t. There were multiple sales systems, databases, and customer service centers,
all of which led to customer and business frustration. The company was in trouble not
only with its customers but also with the telecommunications regulators and with its
4 Smith, H. A., and J. D. McKeen. “Shared Services at RR Communications.” #1-L07-1-002, Queen’s School of
Business, September 2007. Reproduced by permission of Queen’s University, School of Business, Kingston,
Ontario, Canada.
178
M11_MCKE0260_03_GE_C11.indd 178 12/3/14 8:44 PM

Building Shared Services at RR Communications 179
software vendors, who each wanted information about the company’s activities, which
they were legally entitled to have but which the company couldn’t provide.
Where should he start to untangle this mess? Clearly, it wasn’t going to be possible to
provide bundled billing, responsiveness, unified customer care, and rapid time to market
all at once, let alone keep up with the new products and services that were flooding into the
telecommunications arena. And he hadn’t exactly been welcomed with open arms by the
divisional CIOs (DIOs), who were suspicious of him in the extreme. “Getting IT to operate as
a single enterprise unit, regardless of the product involved, is going to be tough,” he admit-
ted to himself. “This corporate culture is not going to take easily to centralized direction.”
And so it was. The DIOs had fought him tooth and nail, resisting any form of integra-
tion of their systems. So had the business unit leaders, themselves presidents, who were
rewarded on the basis of the performance of their divisions and, therefore, didn’t give a hoot
about “the enterprise” or about anything other than their quarterly results. To them, central-
ized IT meant increased bureaucracy and much less freedom to pick up the phone and call
their buddy Matt or Larry or Helen, or Dave and get that person to drop everything to deal
with their latest money-making initiative. The fact that it cost the enterprise more and more
every time they did this didn’t concern them—they didn’t care that costs racked up: testing
to make sure changes didn’t affect anything else that was operational; creation of duplicate
data and files, which often perpetuated bad data; and loss of integrated information with
which to run the enterprise. And the fact that the company needed an army of “data cleans-
ers” to prepare the reports needed for the government to meet its regulatory and Sarbanes–
Oxley requirements wasn’t their concern. Everyone believed his or her needs were unique.
Unfortunately, although he had Roman’s backing in theory, in practice Vince’s posi-
tion was a bit unusual because he himself didn’t have an enterprise IT organization as
yet and the DIOs’ first allegiance was clearly to their division presidents, despite having
a “dotted line” reporting relationship to Vince. The result was that he had to choose his
battles very, very carefully in order to lay the foundation for the future. First up was rede-
signing the company’s internal computer infrastructure to use one set of standard tech-
nologies. Simplification and standardization involved a radical reduction of the number
of suppliers and centralized procurement. The politics were fierce and painful with the
various suppliers the company was using, simultaneously courting the DIOs and busi-
ness unit leaders while trying to sell Vince on the merits of their brand of technology for
the whole company. Matt Dawes had done everything he could to undermine this vision,
making sure that the users caused the maximum fuss right up to Roman’s office.
Finally, they’d had a showdown with Roman. “As far as I’m concerned, moving to
standardized hardware and software is nondiscussable,” Vince stated bluntly. “We can’t even
begin to tackle the issues facing this company without it. And furthermore, we are in seri-
ous noncompliance with our software licensing agreements. We can’t even tell how many
users we have!” This was a potentially serious legal issue that had to be dealt with. “I prom-
ised our suppliers that we would get this problem under control within eighteen months,
and they’ve agreed to give us time to improve. We won’t have this opportunity again.”
Roman nodded, effectively shutting down the argument. “I don’t really understand
how more standardization is going to improve our business flexibility,” he’d growled,
“but if you say so, let’s do it!” From that point on, Vince had moved steadily to consoli-
date his position, centralizing the purchasing budget; creating an enterprise architecture;
establishing a standardized desktop and infrastructure; and putting tools, metrics, and
policies in place to manage them and ensure the plan was respected by the divisions.
M11_MCKE0260_03_GE_C11.indd 179 12/3/14 8:44 PM

180 Section II • IT Governance
Dawes and Larry Hughes, another DIO, had tried to sabotage him on this matter yet
again by adopting another manufacturer’s customer relationship management (CRM)
system (and yet another database), hoping that it could be up and running before Vince
noticed. But Vince had moved swiftly to pull the plug on that one by refusing the project
access to company hardware and giving the divisional structure yet another black mark.
That episode had highlighted the need for a steering committee, one with teeth to
make sure that no other rogue projects got implemented with “back door funding.” But
the company’s entrepreneurial culture wasn’t ready for it, so again foundational work
had to be done. “I’d have had a riot on my hands if I’d tried to do this in my first few
years here,” Vince reflected as he walked back to his office, stopping to chat with some of
the other executives on his way. Vince now knew everyone and was widely respected at
this level because he understood their concerns and interests. Mainly, these were finan-
cial—delivering more IT for less cost. But as Vince moved around the organization, he
stressed that IT decisions were first and foremost business decisions. He spoke to his col-
leagues in business terms. “The company wants one consistent brand for its organization
so it can cross-sell services. So why do we need different customer service organizations
or back-end systems?” he would ask them. One by one he had brought the “C”-level
executives around to at least thinking about the need for an enterprise IT organization.
Vince had also taken advantage of his weekly meetings with Roman to demonstrate
the critical linkage between IT and Roman’s vision for the enterprise. Vince’s motto was
“IT must be very visible in this organization.” When he felt the political climate was
right, he called all the “Cs” to a meeting. With Roman in the room for psychological
support, he made his pitch. “We need to make all major IT decisions together as a busi-
ness,” he said. “If we met monthly, we could determine what projects we need to launch
in order to support the business and then allocate resources and budgets accordingly.”
Phil Cooper, president of Internet Services, spoke up. “But what about our specific
projects? Won’t they get lost when they’re all mixed up with everyone else’s? How do
we get funding for what we need to do?”
Vince had a ready answer. “With a steering committee, we will do what’s best for
the organization as a whole, not for one division at the expense of the others. The first
thing we’re going to do is undertake a visioning exercise for what you all want our busi-
ness to look like in three years, and then we’ll build the systems and IT infrastructure to
support that vision.”
Talking the language of business had been the right approach because no one
wanted to get bogged down in techno-jargon. And this meeting had effectively turned
the tide from a divisional focus to an enterprise one—at least as far as establishing a steer-
ing committee went. Slowly, Vince had built up his enterprise IT organization, putting
those senior IT managers reporting to him into each of the business divisions. “Your job
is to participate in all business decisions, not just IT ones,” he stated. “There is nothing
that happens in this company that doesn’t affect IT.” He and his staff had also “walked
the talk” over the past two years, working with the business to identify opportunities for
short-term improvements that really mattered a lot to the divisions. These types of quick
wins demonstrated that he and his organization really cared about the business and
made IT’s value much more visible. He also stressed accountability. “Centralized units
are always seen to be overhead by the business,” he explained to his staff. “That’s why
we must be accountable for everything we spend and our costs must be transparent.
We also need to give the business some choices in what they spend. Although I won’t
M11_MCKE0260_03_GE_C11.indd 180 12/3/14 8:44 PM

Building Shared Services at RR Communications 181
compromise on legal, safety, or health issues, we need to let them know where they can
save money if they want. For example, even though they can’t choose not to back up
their files, they can choose the amount of time it will take them to recover them.”
But the problem of the DIOs had remained. Used to being kings of their own king-
doms, everything they did appeared to be in direct opposition to Vince’s vision. And it
was apparent that Roman was preaching “one company” but IT itself was not unified.
Things had come to a head last year when Vince had started looking at outsourcing.
Again the DIOs had resisted, seeing the move as one designed to take yet more power
away from them. Vince had offered Helen a position as sourcing director, but she’d
turned it down, seeing it as a demotion rather than a lateral move. The more the DIOs
stonewalled Vince, the more determined he became to deal with them once and for all.
“They’re undermining my credibility with the business and with our suppliers,” Vince
had complained to himself. “There’s still so much more to do, and this divisional struc-
ture isn’t working for us.” That’s when he’d realized he had to act or RR wouldn’t be
able to move ahead on its next project: a single customer service center shared by the
four divisions instead of the multiple divisional and regional ones they had now.
So Vince had called a meeting, ostensibly to sort out what would be outsourced
and what wouldn’t. Then he’d dropped the bombshell. “They’ll get a good package,”
he reassured himself. “And they’ll be happier somewhere else than always fighting
with me.” The new IT organizational charts, creating a central IT function, had been
drawn up, and the memo appointing his management team had been signed. Vince
sighed. That had been a piece of cake compared to what he was going to be facing now.
Was he ready for the next round in the “IT wars”? He was going to have to go head to
head with the business, and it wouldn’t be pretty. Roman had supported him in getting
the IT house in order, but would he be there for the next step?
Vince looked gloomily at the reports the DIOs had prepared for their final meeting.
They documented a complete data mess—even within the divisions. The next goal was
to implement the single customer service center for all divisions, so a customer could
call one place and get service for all RR products. This would be a major step forward in
enabling the company to implement new products and services. If he could pull it off,
all of the company’s support systems would, for the first time, talk to each other and
share data. “We can’t have shared services without common data, and we can’t have
good business intelligence either,” he muttered. Everything he needed to do next relied
on this, but the business had seen it differently when he’d last tried to broach the subject
with them. “These are our data, and these are our customers,” they’d said. “Don’t mess
with them.” And he hadn’t . . . . but that was then. Now it was essential to get their infor-
mation in order. But what would he have to do to convince them and to make it happen?
Discussion Questions
1. List the advantages of a single customer service center for RR Communications.
2. Devise an implementation strategy that would guarantee the support of the
divisional presidents for the shared customer service center.
3. Is it possible to achieve an enterprise vision with a decentralized IT function?
4. What business and IT problems can be caused by lack of common information and
an enterprise IM strategy?
5. What governance mechanisms need to be put in place to ensure common customer
data and a shared customer service center? What metrics might be useful?
M11_MCKE0260_03_GE_C11.indd 181 12/3/14 8:44 PM

Mini CAse
Enterprise Architecture
at Nationstate Insurance5
Jane Denton looked around at her assembled senior IT leadership team waiting to hear
what she was going to say. Most were leaning forward eagerly, though some appeared
more cautious. They were a good team, she knew, and she wanted to lead them well.
A seasoned CIO, with a whole career behind her in IT, Jane was the newly appointed
global CIO of Nationstate Insurance. This would be her last job before retirement in
three years and she wanted to find a way to make a lasting difference in this company.
Nationstate was an excellent company—Jane had done her homework. It was one of
the largest in the United States, with a worldwide presence in personal and commercial
insurance, and had recently been voted one of Forbes’ “Best Big Companies.” It had
good systems, good user–IT relationships, and good people. But the company aspired
to be great and Jane wanted to help them by taking IT to the next level. She knew that
the world was changing—largely as a result of technology—and she knew that IT and
its traditional approach to systems development was also going to have to change.
“Our IT function needs to become more cutting edge in adopting emerging technolo-
gies,” she had told the CEO shortly after she was hired, “and we need to become more
flexible and agile in our approach to development work.” Now she had this time and
this team to accomplish her goals.
However, it was much easier said than done. Like almost every large organiza-
tion, Nationstate had a hodgepodge of different systems, data, and processes—most
serving just one of its six business units (BUs). Nationstate’s decentralized structure
had served it well in the past by enabling individual BUs to respond quickly to chang-
ing market needs but a couple of years before Jane’s arrival, recognizing the need for
some enterprise thinking, the CEO had created a federated structure with some central-
ized functions, including parts of IT. So some of IT was now centralized and shared by
all the BUs (e.g., operations) and reported directly to Jane, while the rest (e.g., system
development) was decentralized. Each BU had its own CIO and IT staff who reported
jointly to the BU’s president and to Jane.
This potentially unwieldy structure was made more palatable by the fact that the
business unit CIOs had great business knowledge and were well trusted by their presi-
dents. In fact, it was central IT that was often seen as the roadblock by the BUs. She had
never led an IT organization like it, she reflected, and in her first few months, she had
made a considerable effort to understand the strengths and weaknesses of this model
and how responsibilities had been divided between centralized enterprise services
and the decentralized IT groups (each quite large themselves) in the business units.
5 Smith, H. A., and J. D. McKeen. “Enterprise Architecture at Nationstate Insurance.” #1-L11-1-001, Queen’s
School of Business, September 2007. Reproduced by permission of Queen’s University, School of Business,
Kingston, Ontario, Canada.
182
M11_MCKE0260_03_GE_C11.indd 182 12/3/14 8:44 PM

Enterprise Architecture at Nationstate Insurance 183
Now she thought she had a good enough handle on these that she could begin work
with her senior leadership team (the BU CIOs) to develop a plan to transform IT into
the kind of technology function Nationstate would need in the years to come.
“I know you are both enthusiastic and apprehensive about transformation,”
she said. “We have a great organization and no one wants to lose that. We need to be
resp