Posts Tagged ‘Sarbanes-Oxley’

More IT Regulation: Is It A Good Thing For CIOs?

Wednesday, August 4th, 2010
Image Credit
Could more laws actually make a CIOs life easier?

Could more laws actually make a CIOs life easier?

Software is all around us. CIOs depend on it to keep the company up and running. If for some reason, a company’s critical applications stop running, run incorrectly, or divulge private data to bad guys, there’s a good chance that the company is going to quickly have a new CIO. If only there was some way to make software more reliable so that CIO’s could spend their time focusing on the things that really matter…

3 Possible Futures For Software

You would think that CIOs would have already used their collective influence to get software vendors to do the right thing. However, as system outages that still exist today clearly show – this has not happened. Thomas Smedinghoff is a lawyer who studies science and technology law. According to Smedinghoff, there are three possible futures for how software vendors are going to be required to do a better job of supporting CIOs:

  1. Increased legal obligations for software vendors to do a better job of ensuring that their applications and associated communications are secure.
  2. A much bigger responsibility to tell the world when there is a security breach.
  3. Defining just what is meant by “reasonable security” and then ensuring that every application provides at least this level of protection.

What’s Coming Down The Road

This of course leads a CIO to the next question: which one of these future possibilities is going to happen (or will it be all of them?) Smedinghoff points out that little by little, the responsibility to disclose when a personal data breech occurs is getting written into laws in each state.
Legal scholars are predicting that within the next 10 years or so CIOs should expect that their IT vendors will be required by law to improve both the security as well as the quality of their software applications. Toyota’s recent car troubles may end up representing a first step in this direction.
Where does all of this lead to? Once again those legal scholars are predicting that by 2015 we should expect software vendors to find themselves being required to clearly specify their products capabilities as well as their limitations. What will give these words some bite is that they will have had to be verified by 3rd party certification firms.

What All Of This Means For You

When you become CIO, running an IT department will be much different than it is today. While that is good news, it also means that you’re going to have a different set of tasks that you’re going to have to do.
Gone will be the days in which you had to spend so much time and energy just keeping applications up and running not to mention secure. Now you’ll be spending a lot more time during the selection process doing double checks to make sure that each vendor’s product truly has been verified and certified by reputable 3rd party firms.
Yes, your life as a CIO will have become much more manageable because you should experience fewer fire drills. However, you had better start getting ready to become a good fact checker so that you choose the right vendor after all the rules have been changed…

- Dr. Jim Anderson
Blue Elephant Consulting –
Your Source For Real World IT Department Leadership Skills

Question For You: Do you think that these new IT regulations will cause the cost of software to increase?

Click here to get automatic updates when The Accidental Successful CIO Blog is updated.

P.S.: Free subscriptions to The Accidental Successful CIO Newsletter are now available. Learn what you need to know to do the job. Subscribe now: Click Here!

What We’ll Be Talking About Next Time

Times they are a changing. Once upon a time a CIO only had to worry about making sure the email servers stayed up and everyone thought that he / she was doing a great job. That’s no longer enough. Now CIOs are viewed as being the hub of a company’s new media activities – generating, transmitting, storing, and ultimately archiving more and more information. Do you know what you need to be doing?

Tags: , , , , , ,
Posted in vendors | No Comments »

CIOs And The Governance Problem

Monday, June 1st, 2009
CIOs Have A Lot Of Extra Work That Nobody Ever Sees

CIOs Have A Lot Of Extra Work That Nobody Ever Sees

All too often, an outsider looking in would have the mistaken impression that the life of a CIO was filled with decisions about what high-tech project to undertake next or how to better align the IT department with the rest of the company. The reality is that a great deal of a CIOs time is spent worrying about internal controls – not terribly glamorous, but critical if a CIO wants to keep his / her job.

Just What Is Due Diligence?

Remember Enron? Or Worldcom? These are the guys that you can thank for today’s business environment which includes a lot of relatively new safeguards that require a lot of work to report on (such as the Sarbanes-Oxley Act of 2002).

Although it’s the CEO who is ultimately on the line to ensure that there is no funny business going on, it’s the CIO who creates the reports that the CEO uses to keep tabs on the firm. If something slips past the CIO, then he/she will be slipping out the door to search for a new job.

However, it’s not just the accounting systems that the CIO is responsible for keep track of. There’s a lot more where that came from.

Just What Is A CIO Responsible For Keeping Track Of?

There are four major areas that any good CIO knows that he/she needs to stay on top of. The problem is that they are each so large that any one of them could turn into a full-time job. Here’s the list:

  1. Outsourcing: you thought that once the outsourcing contract was signed, the CIO’s job was done? The CIO has to determine what work goes to the outsourcer, what stays at home, and how different pieces get stitched together when they are completed.
  2. Information Asset Value: There is no way that a CIO can protect all of the data that streams into a company or that is generated within a company. Instead, what he /she has to do is to come up with a way to prioritize the risk associated with each piece of information and then work very hard to secure the important stuff.
  3. New Technology: There will always be new, better, faster technologies showing up on your doorstep every day. Determining when it makes sense to buy new technology is the role that a CIO was born to play.
  4. Competition: there are two sides to this coin. The first has to do with having the CIO make sure that competitive information flows in, gets processed, and then finds its way to the decision makers who need to know about it. The other side is to make sure that the firm has the information defenses in place to resist and repel any competitor who tries to obtain information that they should not have.

How Can A CIO Ever Be Successful?

In order to be successful, a CIO must first admit that he / she can’t do it all by himself / herself. Having the board of directors and senior management backing IT initiatives is a key part of being successful.

Keep in mind that security needs to be baked in – it can’t be an afterthought. One way to make life easier is to adopt and implement standards - this way you can piggyback on the work that other smart people have done.

Questions For You

What do you think about the job of CIO – is it a good job or is it one that you can never win at? How involved in managing the outsourcing do you think a CIO should be? How do you come up with a value for your information assets? Leave me a comment and let me know what you are thinking.

Click here to get automatic updates when
         The Accidental Successful CIO Blog is updated.

Coming Up Next Time

In the end, it all comes down to execution. No, not chopping heads off, but rather how you go about having your IT department perform the tasks that the business needs them to do. How hard could this possibly be…?

Tags: , , , , , , , ,
Posted in information | 1 Comment »

Where Is Your Next CIO Coming From?

Wednesday, February 25th, 2009
Many Firms Don't Have A Plan For How They Would Replace Their Current CIO

Many Firms Don't Have A Plan For How They Would Replace Their Current CIO

So here’s the scenario: a previously unknown meteor comes streaking down to earth and somehow lands squarely on top of your CIO squashing him/her instantly. What do you do next? Where would your replacement CIO come from and do you know who that would be?

A study conducted by the equipment supply firm CDW has revealed that even at firms with 1,000 or more employees, 38% of them did not have a formal CIO succession plan. Ouch – watch out for those meteors!

Even if your CIO doesn’t spend a lot of time outside where there might be meteors, a good point to keep in mind is that the average tenure of a CIO is 3-5 years. When you start to think about who might replace your current CIO, one question comes to mind immediately: internal vs external.

It really doesn’t help matters that exactly what the qualifications to be CIO are can be quite subjective. In most cases it really depends on several factors including the size of your company, what industry you play in, and what the current expectations of the IT department are.

A study done by Information Week revealed that of 500 current CIOs, 58% of them were recruited from the outside. This means that choosing the outsider is not all that unusual.

When it comes down to deciding if you should be looking internally vs externally, company culture can play a big role. If your firm has a history of hiring from the outside, then getting your next CIO from their will feel much more natural.

Internal candidates can be a great way to go because they already know so much about the company. At the same time, they often find themselves in a situation in which they are in over their heads in responsibilities. External CIO candidates often have the experience to do the job; however, simply because they come from the outside expectations will be higher for them.

In the end make sure that you choose carefully from all of your potential sources – you’re going to need the best possible talent in your top IT spot.

Does your company have a CIO succession plan? Have you ever had to use it? Do you get your CIOs internally or externally? How long do they last? Leave me a comment and let me know what you are thinking.

Tags: , , , , , , , , ,
Posted in CIO | No Comments »

Does IHOP Have Tasty Lessons To Serve Up For IT?

Monday, February 2nd, 2009

IHOP's CIO Has Some Lessons For All CIOs Who Want A Seat At The Table

IHOP's CIO Has Some Lessons For All CIOs Who Want A Seat At The Table

I don’t know about you, but I’m always open to having breakfast no matter what time of day it is. This might explain why so much of my life has been spent sitting in IHOP restaurants eating mountains of pancakes. When I stumbled across an interview with IHOP’s CIO in eWeek magazine, I was of course interested…

Patrick Piccininno became IHOP’s CIO way back in 2003. He’s got some interesting thoughts on what it takes to get and keep a CIO as a part of a company’s strategy team. Piccininno agrees that just to get the CIO a seat at the table has been a long fought battle.

He believes that in order for a CIO to keep his/her seat at the table, they need to make sure that they are not a wallflower – they actually have to be participating members in planning the corporate strategy and they need to be willing to work with the CEO and the other members of the executive team.

Here’s the key take-away for all of us IT lovers: Piccininno states that in his experience, a CIO needs to take off his/her technology hat and instead put on their business hat. When working with other members of the executive team it’s critital the that CIO focus on those transformational initiatives that will help the company to achieve its business results.

Piccininno believes that what the rest of the company really wants from the IT department is to simply believe that they are in good hands – that the IT infrastructure will support whatever needs to be done to grow the business.

I think that we’ve all heard this kind of talk before, but it can be very difficult to understand exactly how to put it into effect in the real world. Piccininno offered an example that provided a good case study.

Back in July of 2007, IHOP announced that it was going to buy the Applebee’s restaurant chain. This was a big deal – it was valued at about US$2.1B. As Piccininno points out, a key part of the decision to go ahead and buy Applebee’s rested on the ability of the IHOP IT department to be able to successfully integrate two sets of disparate systems and environments quickly in order to reduce costs.

In order for IHOP’s IT department to be able to support this large scale merger, they needed to have made and implemented key IT infrastructure decisions a long time ago. Because they had made these decisions, the CIO was able to play his role in supporting the company’s strategy for purchasing Applebee’s.

The business world that we all find ourselves living in these days sure seems to have become more complex. We’ve got new regulations to live with including Sarbanes-Oxley and General Computing Controls. What all of this means to a business is that IT is now up in front and center of how the business is run. Without including IT in the planning of the company’s future direction, there is a great chance that the rest of the company won’t be able to find their way…

Do you feel that IT has a “seat at the table” at your firm? Does your CIO have the ability to talk tech with the IT staff and then turn around and talk business with the rest of the firm? Do you feel that your IT department does a good job of supporting the rest of the firm or are you constantly holding them back? Leave me a comment and let me know what you are thinking.

Tags: , , , , , , , , , ,
Posted in CIO | No Comments »