How regulation may redefine the role of technology in business
I’ve been watching with some interest the discussion around who will “own” information technology within the emerging digital businesses: those new businesses created in response to ubiquitous IT, communication networks and social media. Many of these arguments have a strong feeling of a turf war, positioning different areas of the business as the most obvious group to own and manage IT across the business or advocating the creation of a collection of new technology-based C-suite roles to paper over perceived limitations in the skill set of established IT departments and CIOs.
Both of these arguments, however, seem to be only addressing the symptoms and not the cause of the problem.
The role information technology plays in business has changed. In the past IT was a tool to reduce costs and help a business grow. These new digital businesses use technology to create value, to engage customers and partners and to work in new ways. Information technology has become a capability that is woven into the fabric of a business, rather than an asset we deploy to achieve scale. We’re not moving around responsibility for IT: we’re building new business models that use IT in new ways.
Instead of focusing on who the new owner of IT might be, the question we should be asking ourselves is “How does a digital business consume (govern) information technology?” This is an important question, and one that we need to delve into more deeply. (Indeed, I like to keep posts fairly compact but this one post was roughly 2,000 words by the time I was happy that I’ve had covered the issue.)
The major point that the debate has been neglecting is that, in the long run, governance and not perceived importance nor the size of an existing group’s budget IT, will determine how information technology will fit into a digital business.
Government regulation for financial, anti money-laundering (AML) and counter terrorism-financing (CTF) reporting will drive both public and private business to create governance models that will enable them to show auditors that they can trust the transactions that flow through the heart of their digital businesses. It is these governance models that will determine the future role of IT in business.
The end of the IT department?
Ubiquitous consumer computing and communications technologies – such as the smartphone you probably have in your hand – are changing what it means to be a well-managed business. The best way to think about this change is to consider it as an expansion in value space for IT.
We used to define the value of IT in terms of cost savings, net present value (NPV) and time to payback. This is the world that established IT departments have developed deep expertise in: IT as a tool to drive scale and reduce costs by automating data collection and processing.
New technologies, however, are more focused on enabling companies to engage with customers, employees and partners in new ways. This might be the table touch-application that consumers use as a second screen while watching a sports event, or it might be the smartphone application that blurs the line between the online retail and in-store experience. It might also be tight integration into Facebook or other third-party systems, or even the development of a public API, to allow customers to interact with the company across a range of platforms, many of which the company does not own nor control.
These new technologies don’t provide cost savings, nor can the benefits that they bring can’t be captured by a NPV calculation. They’re best thought of as creating new sources of business value.
Traditional IT budgets are in decline, driven down by the migration to cloud and other on-demand solutions. Most IT departments also have little experience in the new digital business technologies and struggle to fit them into their existing software development and service management processes. At the same time the marketing and sales teams, the parts of organizations that interact directly with customers, are rapidly ramping up their IT spend, leaving the IT department behind as they experiment with these new technologies.
This raises the obvious question in many peoples’ minds. Will the role of the IT department expand to include these new technologies (technologies which many IT departments clearly struggle with)? Or will the ownership of IT in business shift to a new group in the business (either the marketing department, who are on track to overtake IT as the largest spender on IT in the business, or will a new department be created, one that subsumes the existing IT department?).
The future role of IT
As Andy Mulholland pointed out in a previous post on CIO of the Future:
The fundamental question we need to ask ourselves is not “What is the role of the CIO and the IT department?” This is something that is already well defined and understood. The question we need to ask ourselves is “What role should technology be playing in the business?”
The traditional role of IT is in decline. The IT department was created to procure and maintain the expensive IT assets that many businesses needed to grow into the global corporations that we know today. Now these assets are being swapped for on demand services, services that many lines of business feel comfortable procuring on their own. At the same time new technologies are being used in new ways to create value, rather than to simply reduce costs.
The challenge facing most IT departments is what to do about this decline.
The challenge for all businesses is to understand what the change means for the business as a whole.
IT is no longer a monolithic asset that will be managed by a single entity in a business, so it’s silly to wonder who will be the “owner of IT”, who will make all decisions on how IT is procured and used across the business. The value space has expanded, and we’re using IT for a lot more than simply reducing costs. Different lines of business use technology in different ways, requiring different skills and different techniques to define and measure value.
The question we need to understand is: How will the management of IT fit into future governance structures across the business?
The failure of (many) Chief Innovation Officers
It’s often thought that seats at the C-level are created for those things that a business deems most important. Finance is obviously important, especially for a public company, hence the CFO. If information technology is important then, by extension, a company will have a CIO, and so on.
While this trend might be true in the short term, in the longer run being seen as important is not enough.
There have been many roles created at the C-level, such as the Chief Innovation Officer, which have come and gone in many companies. They failed to find something to anchor themselves in the organization, something to provide these roles with the authority they need to last beyond the preferences of a single CEO or the latest trend in business management practices.
The thing that anchors a senior role in an organization for the long run is governance, having decision rights over and being accountable for a resource or asset essential to the operation of the business. The CFO is the most obvious example, with the regulatory requirement for a published and externally audited set of accounts forcing the vast majority of public businesses to hire a CFO.
The failure of many Chief Innovation Officer roles can be attributed to a lack of decision rights: they didn’t fit into the governance model for the organization. Other members of the C-level simply worked around them, as the Chief Innovation Officer didn’t control any the resources or assets the other members of the C-level needed to be successful.
What will determine the role of IT in business?
So what governance requirements are going to shape how IT fits into a business? What forces will determine if IT will have one owner or many, and who this owner might be?
Two examples spring to mind:
- Existing regulations for public companies to publish externally audited financial reports
- Emerging regulations for public and private companies to support government and international AML and CTF programmes
External audit is an obvious candidate. With marketing departments going rogue often there’s only a tenuous link between what’s happening at the coalface and a company’s chart of accounts. One day the auditors will come knocking, and they will want to be able to trace a transaction all the way from the point of purchase (which well may be for a non-standard product procured via a widget in a social media platform) through to the company’s general ledger.
One great example of this challenge is from a large fast food chain in Europe.
The chain found itself confronted with increasing customer disloyalty and declining revenue. The firm’s old business model wasn’t working anymore as consumer behavior had changed. Rather than its brand being a beacon used to consumers to plan their day – “hey, let’s grab a quick snack there before hitting the clubs” – it had come to represent a predictable and consequentially uninteresting experience. Consumers were turning to recommendation services, accessed via their smartphones, to find somewhere more interesting to meet for their pre-club snack.
The firm’s response was to renovate its restaurant to create a more pleasant café-like atmosphere and to introduce a sandwich of the month to make the menu more dynamic. Consumers would find the new ambiance more to their liking and desire to try the latest sandwich would draw them in.
This is a situation that would make any CIO sit back for a moment. Every month there would be a new product on the menu for customers to try. This implies changes in everything from the till back through the supply chain to the new collection of suppliers required to support the new offering. This sort of constant business process churn will put a spanner into the works of many core systems, causing the CIO to push back.
The response from the fast food chain’s marketing department was to go rogue. All the technology required to support the changing menu was implemented and maintained by marketing, away from the IT department. The only integration between marketing and core IT systems would be a spreadsheet capturing marketing’s monthly profit and loss that would be manually uploaded to the general ledger.
Many firms are finding themselves in similar situations: their marketing department is responding to (what it sees as) unstoppable market forces by implementing significant IT solutions away from the IT department.
At some stage the external auditors are going to come knocking. They’ll want a complete picture of how transactions for these new offerings are generated and managed across the entire business. The business will not be able to provide the auditors with information they demand.
Anti Money-Laundering & Counter Terrorism-Financing
Another, less obvious, candidate is anti-money laundering and counter terrorism financing regulation.
Recently there has been an explosion in the number of privately managed complementary currencies. Some of these currencies are used within social networks and games to purchase services and virtual products. Others, such as Bitcoin and similar “cryptocurrencies”, are designed to supplement or even replace sovereign currencies.
As these currencies have matured they have begun to attract organized crime. Korean police, for example, captured the leaders of a money-laundering group for a Chinese gold farming ring targeting Korean online games. The foreign affairs bureau of the Seoul Metropolitan Police Agency said in their press release: “We arrested two individuals; including the ringleader who is a 37-year-old man named “Jeong”. Jeong’s ring purchased in-game money in China … and then cashed the money through domestic game item brokerages. They then illegally wired a combined 38 million dollars from Korea to China.” Jeong and his ring reportedly sold the game money illegally produced in China using cheap labor and virus programs.
The anonymous, peer-to-peer nature of Bitcoin is also attractive to criminal groups. The FBI stated that “Bitcoins will likely continue to attract cyber-criminals who view it as a means to move or steal funds” while the Washington Post labeled it “the currency of choice for seedy online activities”. Services are also emerging which facilitate illicit activities, such as Bitcoin “mixers” (such as like Bit Laundry) where Bitcoins and cash are exchanged for “clean” ones, typically for a a 1% transaction fee.
As businesses, even privately held businesses, integrate themselves into this new commercial environment they find themselves increasingly subject to AML and CTF regulation.
Create a complementary currency for exclusive use by your customers (even a currency that is simply “points” that can be traded for “services”, or possibly even something as seemingly innocent as pre-paid mobile minutes) and you will need to prove that your business and your currency is not being used to launder money or finance terrorism. Integrate your business with a complementary currency provided by a third party and the same regulation may apply. Even simply accepting Bitcoins as payment (which necessitates integrating your business with the Bitcoin network) might subject you to these regulations.
The future shape of IT in business
While the final shape of IT in business might be up for debate, we can see that governance will have a large influence on what this future shape might be.
Regardless of how IT assets and services are purchased and managed, we can see that regulation is a strong driver to create a single C-level role which is responsible for ensuring that all technology across the business is used in a way that supports the firm’s regulatory needs. This is a role similar in nature to that of the CFO, though the domain of expertise will differ significantly.
All CFOs are accountable for a firm’s financial reporting, while good CFOs will also work across the business to ensure that all lines of business are extracting as much value as possible from the financial reporting and financial assets that own.
All members of this new C-level IT role will be accountable for the firm’s transaction reporting, while the good ones work across the business to ensure that all lines of business are extracting as much value as possible from the IT assets and services that they own. This is a different skill set to those required by the current CIO (IT asset management), CDO (web and mobile) or CTO (technology development).
Most businesses allow the lines of business to manage their own budgets, though the head of the line of business is expected to have the skills and expertise do this and they do it within a governance and reporting framework managed by the finance department.
A similar arrangement might emerge for governing IT. This suggests that the head of each line of business will need to acquire the skills and expertise they need to manage the IT that their department needs. It is unlikely that we will need to create a new set of C-level roles to manage different areas of IT.
How is your business coping with the transformation required to become digital business? Do you have a new IT governance framework in place? Or are you experimenting with different options, such as creating a CDO?