Who controls the IT department?

While most CIOs I talk to think that IT spending will increase in the coming months, they also recognize that the last few years of limited IT infrastructure investments may have permanently altered the balance of power in their organization. The weak economy has forced companies to allocate funds based more on departmental initiatives than on general initiatives like infrastructure upgrades. And every IT initiative has to have both a budget that shows a net profit from the investment and an executive sponsor who's willing to risk his or her reputation (and, in some cases, his or her job) to make sure that the investment performs as outlined in the budget. With these departmental VPs and business unit managers taking more of the risk, they're also taking a more active leadership role in the projects. In many organizations, this has resulted in a power shift away from the IT group and the CIO, toward the division or department that initiates a major IT initiative.

One of the major reasons this shift has occurred is that these divisional executives have options for getting their projects completed other than just "calling IT." They can use external consulting firms who have industry experience and expertise to help them develop and deploy solutions. They can choose among several outsourced development companies that can deliver solutions for 50 to 70 percent of the costs they're typically quoted by internal IT groups. And when their own internal IT groups won't or can't cooperate, they can turn to complete, turnkey hosted solutions.

I recently worked with a senior executive who purchased a hosted sales force automation (SFA) solution because his company's IT group was too inflexible about supporting the software that he felt did the best job for his sales team. Because he could justify it financially, the president of the company allowed him to host his entire SFA infrastructure, over the heated objections of the company's CIO. Confrontations like these can be avoided if CIOs will tightly define the role of IT in the organization and make sure that their staff understands that they have to look at the business reasons for projects first and the technology issues second.

Own the standards
The primary role of any IT group in a corporation is to define the core standards and how they interoperate. These include standards that define directories that manage authentication and authorization, security standards that protect the company from external threats and internal theft, infrastructure standards that guarantee interoperability of all of the devices connected to the corporate network, and many other corporate standards. What most standards don't address are the bounds within which external solutions can be deployed on the IT infrastructure. There's always been a basic assumption that anything that hooks to the company's network will be controlled by IT. This assumption has to be revisited.

Corporate standards must be able to guarantee security without being too rigid. New standards must assume that external companies, individuals, and even systems will need some capability to access and interact with corporate assets. Rather than waiting for departments to bring their connectivity demands to you, choose to be more active. Meet with department sponsors and their vendors, especially software development vendors, and discuss your infrastructure goals. Help vendors propose solutions that already work well within your prescribed architecture. Open communication will minimize the number of disagreements you'll have to manage.

Create tools to enforce them
One of the best ways to enforce standards is to create tools that use them. One of my clients has created a Web-based (HTTP Post) and Web services-based authentication system that any external vendor can use to allow employees access to the systems that they install for departments. By centralizing authentication, they can make sure that applications are only accessed by legitimate users. And by providing the authentication tool, they can work with external vendors in a prescribed and cooperative fashion to integrate their authentication rather than having to do a series of one-off integration projects.

Another client has created a complete base framework that can be used to access any of their corporate information, from the accounting system to the e-mail system to the file store. Vendors developing departmental or corporate solutions must use these objects to use corporate assets. This approach accelerates the development process, guarantees the security and accessibility of corporate assets, and lets IT maintain control of the underlying standards. They've also found that opening their systems to vendors at the object level has allowed them to support many applications and systems in a short amount of time by simply adding interfaces or application bridges.

Be an advisor
The most important realization that a progressive IT staff can make is that IT is a steward of the infrastructure and not its owner. Focus on doing what's best for the company, and make sure that the business units understand why they would choose one alternative over another. Whether the final solution is delivered by the current IT staff, an external vendor, or a hosting partner, the most important objective is to deliver quality solutions, on time and under budget, while maintaining the integrity of the company's IT assets.

TechRepublic originally published this article on 22 October 2003.