Follow direction to the letter original and plagiarism free. 4 page of the said case study. grading_requirements_case_study.docIT Oversight case study.pdf
Unformatted Attachment Preview
Board practices for
investments vary widely and
o ten wildly. As technology’s
cost, complexity, and
onsequences grow, directors
d a framework to develop
IT policies thatfitthe
companies they oversee.
Information Technology and
the Board of Directors
ver since the Y2K scare, boards bave grown increas-i
ingly nervous about corporate dependence on infop
mation technology. Since then, computer crashes,
denial of service attacks, competitive pressures, and the
need to automate compliance with government regulations have heightened board sensitivity to IT risk. Unfortunately, most boards remain largely in the dark when
it comes to IT spending and strategy. Despite the fact that
corporate information assets can account for more than
50% of capita! spending, most boards fall into the default
mode of applying a set of tacit or explicit rules cobbled together from the best practices of other firms. Few understand the full degree oftheir operational dependence on
computer systems or the extent to which IT plays a role
in shaping their firms’ strategies.
by Richard Nolan and F. Warren McFarlan
HARVARD BUSINESS REVIEW
Information Technology and the Board of Directors
This state of affairs may seem excusable because to
date there have been no standards for IT governance. Certainly, board committees understand their roles with regard to other areas of corporate control. In the U.S., the
audit committee’s task, for example, is codified in a set of
Generally Accepted Accounting Principles and processes
and underscored by regulations such as those of the New
York Stock Exchange and Securities and Exchange Commission. Likewise, the compensation committee acts according to generally understood principles, employing
compensation consulting firms to verify its findings and
help explain its decisions to shareholders. The governance
committee, too, has a clear mission: to look at the composition of the board and recommend improvements to
its processes. To be sure, boards often fail to reach set
standards, but at least there are standards.
Because there has been no comparable body of knowledge and best practice, IT governance doesn’t exist per se.
Indeed, board members frequently lack the fundamental
knowledge needed to ask intelligent questions about not
only IT risk and expense but also competitive risk. This
leaves the ClOs, who manage critical corporate information assets, pretty much on their own. A lack of board
oversight for IT activities is dangerous; it puts the firm at
risk in the same way that failing to audit its books would.
Understanding this, a small group of companies has
taken matters into its own hands and established rigorous
IT governance committees. Mellon Financial, Novell,
Home Depot, Procter & Gamble, Wal-Mart, and FedEx,
among others, have taken this step, creating board-level
IT committees that are on a par with their audit, compensation, and governance committees. When the IT
governance committee in one of these companies assists
the CEO, the CIO, senior management, and the board in
driving technology decisions, costly projects tend to remain under control, and the firm can carve out competitive advantage.
The question is no longer whether the board should
be involved in IT decisions; the question is, how? Having
observed the ever-changing IT strategies of hundreds
of firms for over 40 years, we’ve found that there is no
one-size-fits-all model for board supervision of a company’s IT operations. The correct IT approach depends on
a host of factors, including a company’s history, industry,
competitive situation, financial position, and quality of
IT management. A strategy that works well for a clothing
retailer is not appropriate for a large airline; the strategy
Richard Nolan (email@example.com) is an emeritus professor of
business at Harvard Business School in Boston and a professor of management and organization at the University of
Washington Business Schooi in Seattle. E Warren McFarlan
(firstname.lastname@example.org) is a Baker Foundation Professor and
the Aibert H. Gordon Professor of Business Administration
emeritus at Harvard Business School.
that works for eBay can’t work for a cement company.
Creating a board-level committee is not, however, a best
practice all companies should adopt. For many firms consulting firms, small retailers, and book publishers, for
instance – it would be a waste of time.
In this article, we show board members how to recognize
their firms’ positions and decide whether they should take
a more aggressive stance. We illustrate the conditions under
which boards should be less or more involved in IT decisions. We delineate what an IT governance committee
should look like in terms of charter, membership, duties,
and overall agenda. We offer recommendations for developing IT governance policies that take into account an
organization’s operational and strategic needs, as well as
suggest what to do when those needs change. As we demonstrate in the following pages, appropriate board governance can go a long way toward helping a company avoid
unnecessary risk and improve its competitive position.
The Four Modes
We’ve found it helpful to define the board’s involvement
according to two strategic issues: The first is how much
the company relies on cost-effective, uninterrupted, secure, smoothly operating technology systems (what we
refer to as “defensive” IT). The second is how much the
company relies on IT for its competitive edge through
systems that provide new value-added services and products or high responsiveness to customers (“offensive” IT).
Depending on where companies locate themselves on
a matrix we call “The IT Strategic Impact Grid” (at right),
technology governance may be a routine matter best handled by the existing audit committee or a vital asset that
requires intense board-level scrutiny and assistance.
Defensive IT is about operational reliability. Keeping
IT systems up and running is more important in the company’s current incarnation than leapfrogging the competition through the clever use of emerging technology. One
famously defensive firm is American Airlines, which developed the SABRE reservation system in the late 1960s.
Once a source of innovation and strategic advantage, the
SABRE system is now the absolute backbone of American’s operations: When the system goes down, the airline
grinds to a complete halt. Boards of firms like this need
assurance that the technology systems are totally protected against potential operational disasters-computer
bugs, power interruptions, hacking, and so on – and that
costs remain under control.
Offensive IT places strategic issues either over, or on
the same level as, reliability. Offensive IT projects tend
to be ambitious and risky because they often involve
substantial organizational change. An offensive stance is
called for when a company needs to alter its technology
strategy to compete more effectively or to raise the firm to
a position of industry leadership. Because of the resources
HARVARD BUSINESS REVIEW
Information Technology and the Board of Directors
The IT Strategic Impact Grid
How a board goes about governing IT activities generally depends on a company’s size, industry, and competitive landscape.
Companies in support mode are least dependent on IT; those in factory mode are much more dependent on it but are relatively
unambitious when it comes to strategic use. Firms In turnaround mode expect that new systems will change their business; those
in strategic mode require dependable systems as well as emerging technologies to hold or advance their competitive positions.
* If systems fail fora minute or more, there’s
an immediate loss of business.
k Decrease in response time beyond one second
. If systems fail for a minute or more, there’s an
immediate loss of business.
ic Decrease in response time beyond one second
has serious consequences for both internal and
has serious consequences for both internal and
• Most core business activities are online.
.-• Systems work is mostly maintenance.
‘< Systems work provides little strategic a: a differentiation or dramatic cost reduction. * New systems promise major process and service transformations. •k New systems promise major cost reductions. *Newsystems will close significant cost, service, or process performance gap with competitors. Support Mode Turnaround Mode a: Even with repeated service interruptions of up o to 12 hours, there are no serious consequences. * User response time can take up to five seconds with online transactions. '*'' Internal systems are almost invisible to suppliers and customers. There's little need for extranet capability. •A-Company can quickly revert to manual procedures for 80% of value transactions. •^•- New systems promise major process and service transformations. -• New systems promise major cost reductions. New systems will close significant cost, service, or process performance gap with competitors. •k IT constitutes more than 50% of capital spending. *• IT makes up more than 15% of total corporate expenses. * Systems work is mostly maintenance. LOW TO HIGH NEED FOR NEW INFORMATION TECHNOLOGY required to take an offensive position, financially and competitively strong companies usually have to be intensively involved in IT on all levels. Wal-Mart, for example, is replacing bar codes with radio frequency identification (RFID) technology, which effectively drives the supply chain directly from the supplier to the warehouse without tbe need for scanning by associates. Firms can be either defensive or offensive in their strategic approach to IT-approaches we call "modes." Let's look at each mode in turn. Support Mode (Defensive). Firms in this mode have both a relatively low need for reliability and a low need for strategic IT; technology fundamentally exists to support employees' activities. The Spanish clothier Zara, which began as a small retail shop, is a good example; the company keeps strict control over its supply chain operaOCTOBER 2005 tions by designing, producing, and distributing its own clothing. Though IT is used in these areas, the company won't suffer terribly if a system goes down. (For more on Zara, see Kasra Ferdows, Michael A. Lewis, and jose A.D. Machuca, "Rapid-Fire Fulfillment," HBR November 2004.) Core business systems are generally run on a batch cycle; most error correction and backup work is done manually. Customers and suppliers don't have access to internal systems. Companies in support mode can suffer repeated service interruptions of up to 12 hours without serious bottom-line consequences, and high-speed Internet response time isn't critical. For such firms, the audit committee can review IT operations. The most critical questions for members to ask are: "Should we remain in support mode, or should we change our IT strategy to keep up with or surpass the Information Technology and the Board of Directors Asking the Tough Questions What board members need to know about IT depends on the company's strategic position. Firms in support and factory mode should have their audit committees, with the help of an IT expert, query management. Organizations in turnaround and strategic mode will want the assistance of a full-fledged IT committee in getting answers to their questions. If your company is in Support Mode, ask the questions in set A . If your company is in Factory Mode, ask the questions in sets A and B . If your company is in Turnaround Mode, ask the questions in sets A and C>.
If your company is in Strategic Mode, ask the questions in sets A , !>, and C>.
* Has the strategic importance of our IT changed?
* What are our current and potential competitors doing in the area of IT?
* A r e we following best practices in asset management?
* Is the company getting adequate RO! from information resources?
* Do we have the appropriate IT infrastructure and applications to exploit the development
of our intellectual assets?
•k Has anything changed in disaster recovery and security that will afFectour business’s
‘•’ Do we have in place management practices that will prevent our hardware, software,
and legacy applications from becoming obsolete?
Do we have adequate protection against denial ofservlce attacks and hackers?
-it Are there fast-response processes in place in the event of an attack?
* Do we have management processes In place to ensure 24/7 service levels, including tested backup?
•*Are we protected against possible Inteilectual-property-infringement lawsuits?
•:2.’Are there any possible IT-based surprises lurking out there?
* Are our strategic IT development plans proceeding as required?
* Is our applications portfolio sufficient to deal with a competitive threat or to meet a potential opportunity?
* Do we have processes in place that will enable us to discover and execute any strategic IT opportunities?
* Do we have processes in place to guard against IT risk?
* Do we regularly benchmark to maintain our competitive cost structure?
competition?” and “Are we spending money wisely and
not just chasing after new technology fads?” (In this
mode, the spending mantra is, “Don’t waste money.” For
a list of questions appropriate to each mode, see the exhibit “Asking the Tough Questions.”)
Factory Mode (Defensive). Companies in this mode
need highly reliable systems but don’t really require stateof-the-art computing. They resemble manufacturing
plants; if the conveyor belts fail, production stops. (Airlines and other businesses that depend on fast, secure,
real-time data response fall into this group.) These companies are much more dependent on the smooth operation of their technology, since most of their core business
systems are online. They suffer an immediate loss of business if systems fail even for a minute; a reversion to manual procedures is difficult, if not impossible. Factory-mode
firms generally depend on their extranets to communicate with customers and suppliers. Typically, factorymode organizations are not interested in being the first to
implement a new technology, but their top management
HARVARD BUSINESS REVIEW
I n f o r m a t i o n T e c h n o l o g y and the Board of D i r e c t o r s
and boards need to be aware of leading-edge practice and
monitor the competitive landscape for any change that
would require a more aggressive use of IT.
Because business continuity in IT operations is critical
for these firms, the board needs to make sure that disaster recovery and security procedures are in place. The
audit committee for a large East Coast medical center,
for example, recently authorized a full disaster recovery,
security, and operational environment review simply to
ensure that appropriate safeguards were there. The study
was expensive but completely necessary because, in the
event of a failure, patients’lives would be at risk. (In this
mode, the spending mantra is,”Don’t cut corners.”)
Turnaround Mode (Offensive). Companies in the
midst of strategic transformation frequently bet the farm
on new technology. In this mode, technology typically
accounts for more than 50% of capital expenditures and
more than 15% of corporate costs. New systems promise
major process and service improvements, cost reductions,
and a competitive edge. At the same time, companies in
this mode have a comparatively low need for reliability
when it comes to existing business systems; like companies in support mode,they can withstand repeated service
interruptions of up to 12 hours without serious consequences, and core business activities remain on a batch
cycle. Once the new systems are installed, however, there
is no possible reversion to manual systems because all
procedures have been captured into databases.
Companies usually enter turnaround mode with a major
IT project that requires a big reengineering effort, often
accompanied by tbe decision to outsource or move a substantial portion of their operations offshore. Most firms
don’t spend a long time in turnaround mode; once the
change is made, they move into either factory mode or
strategic mode. American Airlines functioned in turnaround mode when it created the SABRE system; now it
lives in factory mode. Similarly, the Canadian company
St. Marys Cement operated in support mode until it
began equipping its trucks with GPS devices, which
pushed it into temporary turnaround mode.
Board oversight is critical for companies in turnaround
mode; strategic IT plans must proceed on schedule and on
budget, particularly when competitive advantage is at
stake. (Here, the spending mantra is,”Don’t screw it up.”)
Strategic Mode (Offensive). For some companies, total
innovation is the name of the game. New technology informs not only the way they approach the marketplace but
also the way they carry out daily operations. Strategic-mode
firms need as much reliability as factory-mode firms do, but
they also aggressively pursue process and service opportunities, cost reductions, and competitive advantages. Like
turnaround firms, their IT expenditures are large.
Not every firm wants or needs to be in this mode;
some are forced into it by competitive pressures. Consider Boeing, a company that dominated the commercialOCTOBER 2005
airline-manufacturing industry until Airbus took the
lead. Now convinced that its future rests on the successful design, marketing, and delivery of a new commercial
plane, Boeing has embarked on an ambitious technology
project that it hopes will return the company to industry
dominance. Its new 787 plane, due in 2008, will be
equipped with a new lightweight carbon composite skin.
Since carbon composite skin is a relatively new material to be used so extensively in a commercial airplane,
a neural network will be embedded in the fuselage and
wings to constantly monitor load factors and make adjustments as changing conditions warrant. The 787 will be
manufactured and assembled through the world’s largest
project management system, which will simultaneously
coordinate thousands of computers and automate an
integrated supply chain comprising hundreds of global
partners. Each supplier will send components via specially equipped 747s to Boeing’s site in Everett, Washington,
where the 787 will be assembled in a mere three days, ensuring low costs and fast delivery. The 787 is like a jigsaw
puzzle whose pieces must fall into perfect alignment at
once, making Boeing both operationally and strategically
dep)endent on IT.
As is the case for firms in turnaround mode, board-level
IT governance is critical in strategic mode. Organizations
require a fully formed IT oversight committee with at
least one IT expert as a member. (The mantra for strategicmode companies is, “Spend what it takes, and monitor
results like crazy.”)
As we said at the outset, the specific action a company
should take with respect to IT oversight depends on
which mode it’s in. Regardless of its business, it behooves
any company to take an in-depth look at its current business through the IT lens. In doing so, a company gains
a much firmer grasp of what it needs to be successful.
How to Conduct IT Oversight
Having identified which mode they currently inhabit,
companies then need to decide what kind of IT expertise
they need on the board. Firms that require a high level of
reliability need to focus on managing IT risk. The job
of these boards is to assure the completeness, quality,
security, reliability, and maintenance of existing IT investments that support day-to-day business processes.
Rarely will such companies want a separate IT committee.
Instead, the audit committee must do double duty as
the IT governance team and delve deeply into the quality
of the company’s IT systems.
On the other hand, companies that need to go beyond
defensive mode require an independent IT governance
committee, ra …
Purchase answer to see full
Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.
You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.Read more
Each paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.Read more
Thanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.Read more
Your email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.Read more
By sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.Read more