FIRMA®
FIRMA FORUM Newsletter
This the feature article from our Winter, 2008 FIRMA FORUM Newsletter. Members can view the entire issue, and past issues, in our archive
The Risk Intelligent CIO: Becoming a Front-Line IT Leader in a Risky World
By Dolores Atallo-Hazelgreen
This article is the first in a series of two taken from a publication in our series on Risk Intelligence. The issues outlined herein will serve as a starting point for the crucial dialog on raising your institution’s Risk Intelligence while solidifying the important role of the chief information officer.
In a business world as fraught with new risks as it is entwined with new technology, Chief Information Officers (and those they report to) are increasingly aware that IT-related problems can come at a staggering cost to an organization’s bottom line and reputation. At the same time, perceptive CIOs realize that simply managing technology risks – however effectively they do so – is insufficient. Rather, they understand the imperative to exploit technology to manage risk across the entire enterprise, not merely within the IT department.
With heightened sensitivities around the issue of risk management, CIOs and IT professionals face both challenges and opportunities: to improve their IT department’s risk practices; to elevate their role from low-profile caretaker to high-value leader; and to harness the power of technology across the organization to attain a higher level of risk management, operational excellence, and competitive advantage.
Grandiose goals for the IT shop? Far from it. Prescient CIOs already realize that information technology has a critical role to play in corporate governance, risk management, and regulatory compliance efforts. And they know that any organization-wide initiative should be tightly aligned with IT projects, priorities, and processes. The current high-risk environment provides a unique transformational opportunity for IT leaders with the vision and ambition to grasp it.
The Anachronistic CIO
When technology was first making inroads into business, the IT leader’s traditional job was “keeper of the infrastructure.” The CIO-equivalent (the title did not exist at the time) presided over huge mainframes (and the requisite data punch cards), but little else.
Over time, as technology advanced into almost every aspect of the enterprise and became indispensable to the functioning of the organization, the CIO’s profile began to rise.
If a single phrase could sum up the mission of technology executives during this phase, it might be this: “Get it done – better, faster, cheaper, and smarter.” Their job was to support business processes and develop or deploy new applications. But they were rarely challenged on a managerial basis – they were “techs” more than “execs.”
Likewise, their technology departments were basically miniature software companies. If traditional CIOs were unfamiliar with business strategy, it didn’t much matter; the executive branch didn’t understand IT either. Thus, technology and strategy were rarely uttered in the same breath.
The fortunes of the CIO took another turn ten-plus years ago with the rise of the Internet. Paradigms were being smashed and the World Wide Web was changing everything. CIOs seemed to be in a perfect position to become a true strategic partner in the business. But somehow the opportunity slipped away. When the dot-com bubble burst in the first year of the 21st century, the aura surrounding CIOs was also punctured. Product and business organizations took over decision-making and strategy development around new technology tools, and CIOs once again became glorified caretakers responding to the needs of others.
Today, CIOs are pulled in many directions: by auditors, who want carefully documented evidence of strong IT controls; by CFOs, who want immaculate data, compressed closing cycles, and real-time information; and by CEOs, who want information upon which to base their strategic decisions. Adding to the stress are recent trends in offshoring and outsourcing, which have broadened the CIO’s responsibilities while simultaneously diminishing oversight capabilities; the rise in end-user computing, which has eliminated the relative safety of mainframe computing and replaced it with more-exposed user machines; and Sarbanes-Oxley, which has placed significant emphasis on general computer controls and has accelerated a shift away from manual and toward automated controls.
Dolores Atallo-Hazelgreen specializes in advising Deloitte & Touche LLP’s banking and financial services clients on risk management issues and corporate governance process transformation. She has more than 17 years experience assisting clients in customizing risk frameworks that focus on achieving business objectives and meeting industry standards.