Software risk is huge, but standards are emerging and the CIO must lead efforts to ensure safety
The CEO and CIO relationship has always been a complex one. Ten years ago, CEOs held mega-power over CIOs, seeing IT as a back-office function and giving orders with very little consideration of technology. Nowadays, CEOs are more engaged, technology savvy and give more importance to the CIO’s role. As per Gartner, the CIO and CEO relationship is becoming more strategic as they build platforms for digital leadership and CIOs are now being seen as huge players in the success of modern businesses.
However, CEOs are flying blind.
Software is one of the key pillars of a modern business, driving new services and disrupting traditional business practices. Yet, few business executives currently have insight into the structural risk of their IT systems. What they know is that the systems work, until they don’t. Often, these large, enterprise systems encompass legacy technology in the back office that’s stabilised through routine maintenance, linked together with modern front-office apps, until something disruptive happens. Take the recent Tesco Bank hack for instance, which paralysed its online banking operations and cost the bank £2.5 million so far, putting pressure on Benny Higgins, the Chief Executive, keen to show shareholders they are taking care of the problem.
It can be hard to hear but the truth is… CIOs are driving IT-intensive businesses with very little insights on software risk exposure. They often rely on subjective opinions expressed by those building these systems. And if customer-facing services are compromised by technical issues, it’s their role and the CEO’s one on the line.
By ensuring CEOs have a clear understanding of what IT is delivering and for what level, smarter decisions about speed-to-market and risk can be made by CIOs. This also enables the board to seamlessly support overall IT performance and increase investment.
The changing role of the CIO
As CIOs become more focused on business-enablement, this means helping other areas of the business understand complex IT issues that can make a difference between success and failure and move from the IT black box to a transparent world supported by facts and objective measures. Software system-level health must be tied into business strategies across all departments and translated into easy-to-understand business cases that CEOs understand.
To help CIOs get better transparency and cross-functional understanding, the Consortium for IT Software Quality (CISQ), an IT standards organisation, has published a set of engineering best practices against which system-level analysis can be run as a neutral third party “evaluator.” CISQ, founded by the Software Engineering Institute at Carnegie Mellon University and the Object Management Group (OMG), also published several studies correlating poor software structure with major security, stability and performance-related glitches that cause major business disruptions.
Its standards can shine a light into dark, hidden corners within a system, and as we know, sunshine is the best disinfectant.
The evolving CEO-CIO relationship
It is no surprise strong relationships between the CEO and CIO are key to the success of forward-thinking businesses. But it is only by having regular dialogue that the understanding of each other’s needs will improve and trust will be built.
To gain more information about transformational technology that can drive market competition and better customer experience, CEOs should rely on CIOs. Simultaneously, CIOs should be able to objectively communicate with facts regarding software risks that may pose a threat to business success. This is the way an allied relationship can be formed, with the CEO and CIO working together to accelerate the business while protecting IT.
CIOs are too often focused on value and IT cost reduction, therefore putting the business at more inherent risk. As a shareholder of a few listed companies myself, I am always glad to learn they are ahead of the competition with new services at a controlled cost, but I also want to know at what level of risk such performance is achieved. All shareholders and board members who experienced a post-software disaster stock crash will share my concerns.
The next wave of successful CEOs and CIOs must be able to talk about competitive advantages, inherent cost and time-to-market while adding facts about the robustness and security of underlying business enablers (i.e. the software asset).]
Finally, regarding business modernisation, in shifts like digital transformation, the latest research from Forrester reveals the CIO was actually valued as the most important leader in driving or in supporting such initiatives. This supports the idea that CIOs must provide transparent IT performance metrics to their CEO, and in return, CEOs should leverage these insights demonstrate to the boardroom how fast the business can innovate while controlling risks and costs, with a clear view ahead.
As businesses strive to succeed in the digital world, transparency between the CIO and CEO is essential to navigating the choppy waters. Driving blind is not an option.