Thrive. Grow. Achieve.

Who needs a CIO ? And what would they do for me anyway ?

Paul Williams December 7, 2016

AGENDA

WHO NEEDS A CIO?

• What do you do anyway ?

–Connect the dots between Business and Technology.

–Processes for IT best practice –Capacity and Capability –Identify opportunities and threats from

technology –Bridge between Executives and IT

• What am I missing ?

–SAAS, PAAS and the new world order

• How Raffa Can Assist You

Can your business survive without technology ?

Do you know what your IT team is doing ? or can do ?

Are you compliant with the law ? With best practice ?

How can you manage change? What’s the right priority ?

Who can assess vendors independently ?

Is there a different way to do this ?

Who Needs a CIO? Page 2

MIS MANAGER VS CIO

When is a CIO the right choice

May not need a CIO all the time, but role is critical :

•During major change

•When IT is no longer meeting the enterprise needs

•New Initiatives / New Business

Who needs a CIO Page 3

CIO Manager / Supervisor Primary focus is Business opportunities and drivers Primary focus is maintenance / IT Operations

External and Enterprise focus – How IT is leveraged

Business area inward focused on IT

Proactive, Opportunity seeking to improve Responsive to demands, reactive

Strategy and execution focused – What to perform Process and Procedure focused – How to perform

Critical during times of change or in larger environments

Works in a smaller or stable environment

Generates and drives strategic plans Requires Strategic leadership from outside, may generate tactical plans

ITS NOT AS SIMPLE AS IT SEEMS SOMETIMES YOU NEED EXPERT KNOWLEDGE

Does your business have a web address or business email ?

Your web address Backup and Disaster Recovery Do you have legal exposure for sensitive data

What does the group do all day

Outsourced and Hosted services are not secure

Who Needs a CIO page 4

Do you own the web address

No its Rented – the ‘DNS’ record links that name with specific “Addresses”

Is your data secure? Do you have it backed up?

Are copies off site (fire) ? Have you ever tried to restore data ? How long could you be down without irreparable Harm

Do you know your legal obligations about data

Employees ? Customers ? Donors ?

PII, HIPPA,PCIDSS – who has access and how Not just digital data. Voicemail, paper records. Birthday including year ? Address and phone ? Do you know what

they are doing ?

Do you know what they can do ?

Expectation gaps: Never want to say ‘No’. Set up to fail

Keeping the lights on (Housekeeping) Maintenance (Obsolescence) Growth (Volume / Size, Projects, Features) Capacity and Capability

What are you getting for your spend ?

Software is not really a good asset

Maintenance and housekeeping High Risk High Cost Low added value

WHAT’S YOUR TECH INVENTORY ?

End user computers (and software)

Back Office Computers, Storage, Data (and software)

Security: Passwords and more

Network: All the connected devices

How important is technology to your enterprise ?

Critical ?

Essential ?

Peripheral ?

Will it stay the same?

What are your technology lifecycles ?

• Hardware ?

• Software ?

• End of Life ?

• End of Use ?

Who Needs a CIO Page 5

Expensive. Don’t last long (3-5 years)

Hate power spikes, heat, water ~ 5 year life

Keys to the kingdom

The Domain, LAN or WAN

WHAT’S YOUR SKILLS INVENTORY ?

How many people / what people

Generalists • Helpdesk : Internal or External

• Supporting Functions:

Supervision, Project Management, Business Analyst

Specialists –Administrators

–Engineers

–Developers

What resources do I have ?

What are their competencies

Certifications ?

What do I need ?

Is there a gap ?

What’s most valuable to my business ?

Where are my biggest risks ?

Who Needs a CIO ? Page 6

•Future specialists •Can be a commodity •Low investment •Generic Skills

•Specific Skills •Privileged Access •Out of hours support ?

•Key System architects •Hard to replace •‘On demand’ ?

•Should not have ‘1’ •Need governance

CAPACITY AND CAPABILITY

•How does my Inventory translate into Capability • What you HAVE today is a constraint – created by past decisions

• Resources are focused around status quo and stability (reliability, repeatability, Routine, Maintenance)

–Not the best environment for change – but do you need to change ?

–If the Inventory doesn’t match the Enterprise you can change the inventory !

What you have and what you need may not be aligned

IT tends to over estimate capacity and capability to deliver change

Result is delivery below expectations

Processes and people are harder to change than systems

Page 7 Who needs a CIO?

WHAT DOES A CIO (OR IT) DO ANYWAY ?

–What Processes you have in place • WHAT does IT do, HOW is it done

–Are you getting what you need ? – Are you really getting good value ?

• Main Elements: People, Services, Software,

Hardware

• What Information you are processing and storing –Compliance – HIPPA, PCIDSS, PII –Accuracy / Quality and standards –Completeness / Controls –Security

Technology uses its own (arcane and full of acronyms) language.

In a smaller enterprise the CIO role is not a full time job. Changing technology is changing the role too.

The world is changing and your enterprise needs to keep up. It’s a survivability issue.

Tech is everywhere. There are complex rules that can hurt you

Page 8 Who needs a CIO?

• Looks at what you HAVE / ARE DOING / CAN DO with technology in your Enterprise, Compared to what you SHOULD HAVE / SHOULD be doing – and acts to close the gaps.

WHAT CAN YOU DO FOR ME ?

Where does IT fit in the enterprise

What does IT contribute

Where can best value be achieved Where are the key opportunities for improvement

Help manage IT better

• Reporting • Scorecards • Planning • Execution • Governance • Projects • Key Performance Indicators • Communication

Yes, but how can I do these things ?

We have no dedicated CIO and / or I still don’t get these answers

Change is not natively easy. Without Governance, reporting, compliance, its hard to achieve accountability for delivering value (In IT or indeed elsewhere)

Who Needs a CIO Page 9

Help in bridging the cultural and language barrier Simple tools to manage Technology resources and projects

SIMPLE TOOLS AND PROCESSES ROUTINE MANAGEMENT

Cyclical tool to manage a department

Formal communication between execution and management

Over time see trends and patterns

Suggested Weekly or bi weekly

Can have meeting notes on reverse or second page

Presentation Title / Page 10

Broad Focus Areas

■What’s Important in the function at the moment

■Where are we spending time money and effort

New Information

■What’s New this cycle

■What did we achieve in the last cycle

■What did we find out

Targets for this cycle / week

■What are we going to get done

■Who is doing it

■What’s the status of ongoing efforts

Open items / Roadblocks

■Open Decisions

■ Things I am waiting for others (who) on

■Carried forward open issues

THE 4-BLOCK REPORT : DATE / PRESENTED BY

SIMPLE TOOLS AND PROCESSES ROUTINE KPI’S / METRICS

Usually Monthly

Aligns with Enterprise Financial Reporting

Meaningful indication of performance

Who needs a CIO Page 11

MONTHLY IT METRICS DATE / PRESENTED BY

Item Content Budget Operating budget with narrative. Performance to

Plan / Last year Reliability Uptime %, failure rates, downtime stats. Trended

over time (Network Phones, Backups, Servers) Helpdesk Tickets handled, average time to close,

Outstanding unresolved by importance (critical) Capacity Utilization: Storage, Compute, Network Inventory Bought, Broken, Repaired, Retired, Lost/Stolen

(phones and aircards if owned as well) Staff Gaps, new, exits, promo’s, Training, Skills Services SAAS provider performance by provider Change Management

Planned and Deployed changes. Outcome summary

SIMPLE TOOLS AND PROCESSES CAPITAL / PROJECT REPORTING

Project reporting is about how well change is being executed

Do you know what projects IT are executing on ?

What are your expectations on scope and delivery ?

How are you gate keeping and prioritizing projects ?

Who needs a CIO Page 12

USUALLY MONTHLY EXCEL 1 LINE PER PROJECT.

Item Content Name Name and code for project (if coded) Description Business name / meaningful to all Purpose Why do this project (type, benefit, priority, risk) Budget Project Lifetime (original) budget to actual.

Performance to plan. Estimate to complete, contingency balance

Scope management

Changes to scope – Approved, waiting, declined

Dates Approved, planned start, Planned end, Projected end

Status Green (on plan / target), Yellow (at Risk), Red (off target –Time, Budget, scope, outcome)

SIMPLE TOOLS AND PROCESSES PROJECT REPORTING

Individual project reporting is about progress and execution of a specific objective

Often Weekly. But can change on activity level on project

Who needs a CIO Page 13

CYCLES WITH ACTIVITY. USUALLY 1 SHEET

Item Content Name Name, description, objectives Team Who, roles, responsibilities Budget Budget details, vendors Changes to scope / dates

Changes to scope – Approved, waiting, declined

Milestones Key dates within project Status Green (on plan / target), Yellow (at Risk), Red

(off target –Time, Budget, scope, outcome) Current activity Good / Bad, delivered / Missed, Roadblocks /

Issues, Next Planned Activity, Projected outcomes, Milestone reporting

All sheets = ‘Book of Knowledge’ a standard PMO tool

SIMPLE TOOLS AND PROCESSES COMPLEX PROJECT REPORTING

Where a project is high risk, or a large project, with cross functional teams or enterprise wide impact

E.g. changing ERP systems

Copies from MS project

Use Excel data Bars for complete %

Who needs a CIO Page 14

PROJECT STEERING / STAKEHOLDER MEETINGS

Item Content Objective / Milestone

Project Component being reported E.g. Cleaned up Vendor Master file, Chart of accounts sign off

Dates Planned start, Due, projected Completion Percentage Complete Actions Responsibilities and actions due / performed

SIMPLE TOOLS AND PROCESSES IT STRATEGY / DELIVERABLES

Annual or longer view of multiple changes or projects

Simple presentation of complex issues

Present IT and projects to a board

Who needs a CIO Page 15

Time scale / Item

Q1 16

Q2 16

Q3 16

Q4 16

Q1 17

Q2 17

Exchange Upgrade ERP Migration New Location opens Office 2013 deployment IP Video Deployment Intranet / SharePoint

Simple depiction of major initiatives that can be easily shared and digested. High level summary – Low level details can be built as required

THE WORLD TURNS – NEW TERMS

THE ‘CLOUD’ –A different way of providing services and managing technology –Enabled by “virtualization”

VIRTUALIZATION

–Compute capability can be separated from computer hardware –Less hardware, more efficient. Shared data and resources.

CLOUD APPLICATIONS

–Programs designed to be delivered via the internet (E.g. Turbotax online)

SOFTWARE AS A SERVICE (SAAS) –Rental agreement rather than purchase –Usually priced on usage over time or volume

PLATFORM AS A SERVICE (PAAS)

–The ability to buy or rent computing capacity, rather than acquire or build it. –Someone else is responsible for ‘Plumbing’

BIG DATA

–A (new) technology to handle analysis of very high data volumes very fast –As near as possible to real time results (Amazon, Google suggestions) –Marketing term for a specific product / business problem

New Technologies

New ways of delivering service

New Risks

New Opportunities

New Language to describe the capabilities

16 Who needs a CIO Page

WHAT IS THE ‘CLOUD’

The ‘Cloud’ a Simple definition –Computers / Programs (What computers do for us) are managed and provided as a ‘Service’ rather than components. This service is generally made accessible to users via internet connections

History: –Mainframes

• Big, Expensive, Did one thing, Inflexible, Local

–Client / Server • Smaller unit cost, Networked, Distributed, Generally focus on 1 function

–Virtualization - Separation of ‘Logical’ and ‘Physical’ • Shared Hardware, Dynamic load and capacity.

–Inside your network= “Private cloud” –Provided externally = “Public Cloud”

• What is the computer (Mainframe, Server etc)

• Less important than • What it can do • How it is Accessed

Ill defined term’

Multiple uses with different meanings

Most significant is ‘Public Cloud’ and ‘Private Cloud’

All computers as commodities

17 Who needs a CIO Page

WHAT DOES IT MEAN FOR IT

–Virtualization • Mainstream technology • Efficient (cost, support, reliability, resilience)

–Outsource/Cloud is often better than on premise

• All inclusive models (24/7, Risk Mitigation) • Remove single point failures / dependencies • Security is as good or better than in house • Scalable at short notice • Changes what IT does

Is IT Infrastructure good ‘Value’ for you ? Is it a Core Competence ? What’s your Risk ? What should your energy be directed towards ?

Should we be virtualized or in the Cloud ?

Absolutely to both – Hybrid model depending on enterprise

Self host generally if very high data volumes (scanning many his resolution images for example) or high level of integrations with localized systems

18 Who needs a CIO Page

WHAT DOES IT MEAN FOR IT

Possible Strategies / viewpoints

Are we BIG enough to have enough skills to support specific technologies in house ?

Using SAAS we can avoid having to hire skill set specialists

Should IT functions be a primary competence of our business ?

Can also consider full outsource models

19 Who needs a CIO Page

Product SAAS Status Impact Results

Email Common High Reliability, resilience, Frees resource for Enterprise mission

Payroll Common High Compliance, Security, Risk

SharePoint Rare (but growing) High Resilience, Accessibility

Website Common High Security, Reliability, Capacity

ERP / Accounting Becoming common High Reliability, Accessibility, Key skills

Helpdesk (system) Common Med Reliability, Accessibility - Stays up even if you are down !

Telephony Becoming common Med Depends on installed base and equipment

HR Systems Common High Security

CRM systems Common Med Reliability, accessibility

POS Common is small orgs High Risk, compliance. Can be more efficient in house but higher risk

Network / Connectivity

Growing High In house skill is expensive. Key man dependencies. Critical infrastructure

CLOSING VIEWPOINT

Things change – Entropy vs Development •We make decisions with what information we can gather and digest

• Research • Experts • Evaluations

•As new choices (and mandates) become available

• Need to re-evaluate options • Context of past decisions and current status • Some ‘trigger points’ – Obsolescence, Contracts, Strategy, Staff turnover,

Compliance, Growth

•Not all new options are right – Change vs Stability • Lots of marketing hype. Don’t get sold on shiny toys • Biggest benefits are not always cost • Will it help achieve the goals of the enterprise - how

How do you stay informed ? •People like us. Field experts, Benchmarks, Peer review, Sector experience, Passion in our fields.

Where am I compared to best practice

Where am I compared to my peers

For my type and size of enterprise

What keeps me awake at night

Am I happy with what IT is doing for me now

Who Needs a CIO Page 20

EVERYDAY ISSUES / GLOBAL BEST PRACTICE

Stop keeping credit card numbers (everywhere):

• End to end encryption for POS • Tokenization for Web

Don’t host your web site from your office

• Resource and access sharing is a bad idea. They will conflict.

Only collect personal data you NEED and keep it safe. Have a clean up process

• Most executives who lose sensitive data lose their jobs. Minimize the data and take care of it.

Check your backups work and are safe

• Perform test restores, Keep offsite copies (secure). Understand how you would recover from a failure.

SAAS and Cloud / Hosting is not a silver bullet

• New flexible solutions – New issues. Wont solve every problem but are a game changer

Some simple thoughts to take away

Who Needs a CIO Page 21

THANK YOU!

Paul Williams Cell: 551.497.1839 E-mail: PGWilliams@raffa.com Seth Zarny Direct: 301.279.6500 E-mail: SZarney@raffa.com

Q

A

Who needs a CIO? Page 25