IT Decisions: Sometimes They Shouldn’t Be Made By The IT Department

While preparing for an IT strategy workshop with a client, I came across an interesting article, Six IT Decisions Your IT People Shouldn’t Make, by Jeanne Ross and Peter Weill, in the Harvard Business Review, Nov. 2002. Paraphrasing their main points, there are some decisions that are simply too important to leave to the IT folks:

1. How much should we spend on IT? Too many companies focus on IT spending metrics, without first defining what they expect from IT. Executives must first define the role of IT, and then set funding to achieve that objective. If spending decisions are left to the IT group, the company will most likely fail to develop systems that support the business, in spite of high IT spending.
2. Which IT initiatives should be funded? No firm can afford to satisfy every user request for new systems. Executives must decide which IT initiatives will and will not be funded. Otherwise, the IT group will try to do too much, or will do too many low-value projects, or won’t focus on the really high-payback initiatives.
3. Which IT capabilities should be firm-wide? Executives must decide which IT capabilities should be centralized and which should left to business units or departments. If the IT group makes this decision, they may insist on too much standardization, limiting flexibility. Or they may not standardize enough, which increases costs and limits company-wide synergies.
4. How good do our IT services need to be? Executives must decide which IT services should be optimized based on costs and benefits. If service level decisions are left to the IT group, the firm may wind up paying for services that aren’t worth the cost, or users may suffer from too much downtime, slow response time, or unreliable network connectivity.
5. What security and privacy risks will we accept? Security and privacy always involve tradeoffs. Executives must decide how much security and privacy they are willing to pay for, and how much they are willing to sacrifice convenience to get it. If left to the IT group, security and privacy may be overemphasized, inconveniencing employees and trading partners. Or, the IT group may underemphasize security and privacy, exposing the firm to liability and loss.
6. Whom do we blame if an IT initiative fails? When a project goes south, it’s easy to blame IT. To maximize likelihood of success, executives should assign a business executive to be accountable for each IT project and monitor business metrics before and after implementation. If a business executive is not responsible, the firm will likely not realize the full business value of information systems.

In many companies that I visit, there is a great deal of dissatisfaction with information technology. A recent Computerworld article indicates that the average tenure of a corporate CIO is only 18-36 months, while the CFO averages five years in the position.

If Ross and Weill are right, some of the blame lies not with the IT group, but with the fact that senior management abdicates too much of its role in IT decision-making. With information technology now accounting for nearly half of all capital spending, executives cannot afford to continue to manage IT in this way.

Furthermore, it’s not as if senior management should only deal with IT at the level of strategy. Careful examination of the six decisions indicates that, while the first three questions focus on IT strategy, the last three focus on execution. Therefore, senior management must collaborate with IT in setting IT strategy; and they must also learn to deal with IT at the level of execution.

Just because a decision involves computers does not mean that the IT group should make it. Bringing senior management into IT decision making at the right points will ensure that the IT choices will be aligned with business strategy. Companies will spend enough on IT but not too much, and the right systems will be implemented.

May 2004