Posted: August 3rd, 2022

Ist 635 week 5 diss

IT Project Management and Risk

As discussed in the readings, IT projects have notoriously high failure rates. I would like you to discuss issues of IT project risk. Why do you think IT projects are so subject to failure? Are they really riskier than other projects? What impact does project risk have on organizational IT value?  What can organizations do to manage this risk?

information systemsProject management

March 2014 (13:1) | MIS Quarterly Executive 15

MISQUarterly
Executive

Many IT Projects Still Suffer From Poor Estimation1,2
Despite a great deal of attention in the trade and academic press, IT projects continue to fail

at an alarmingly high rate. One of the most-cited reasons for these failures is poor estimation
practices.

“Unrealistic expectations based on inaccurate estimates are the single largest cause of [IT
project] failure.”3

Estimation is defined as an informed assessment of an uncertain event. For IT project
managers, accurate estimates are the foundation for effective project planning and execution
and, ultimately, project success. Unfortunately, most project managers do a very poor job
of estimating and, as a result, most IT projects are classified as failures—61% in the latest
Standish Group report.4 The Standish Group’s data shows some improvement in the overall
success rate since 2004 (which it partially attributes to the Agile development process and
improved project management expertise). However, its figures show a slight increase in both
time and cost overruns since 2010—signaling that there is still much room for improvement.
According to Standish, 74% of challenged projects experience time overruns and 59%

1 Leslie Willcocks is the accepting senior editor for this article.
2 The authors would like to thank Steve McConnell and Arin Sime for their input throughout this research project. We would
also like to acknowledge the McIntire School of Commerce for providing financial support for this research project, thank research
assistant Meg Raymond and thank the Project Management Institute for posting a link to our survey.
3 Futrell, R. T., Shafer, D. F. and Shafer, L. I. Quality Software Project Management, Prentice Hall, 2002.
4 The Standish Group: Chaos Manifesto 2013, available at http://versionone.com/assets/img/files/ChaosManifesto2013 .

IT Project Estimation: Contemporary
Practices and Management Guidelines
Many IT projects continue to suffer from poor estimation. Indeed, the accuracy of
estimation has hardly changed from that reported in a seminal study carried out over
20 years ago. Based on findings from two recent survey-based studies, which replicated
and then extended the original study, we provide guidelines for improving IT project
estimation, taking account of the greater use today of Agile, rather than traditional
Waterfall, development methods.1,2

R. Ryan Nelson
University of Virginia (U. S.)

Michael G. Morris

16 MIS Quarterly Executive | March 2014 (13:1) misqe.org | © 2014 University of Minnesota

IT Project Estimation

experience cost overruns. Further evidence can
be found in a review of 180 IT projects completed
between 1999-2013,5 64% of which suffered from
poor estimation.

In this article, we examine the practice of IT
project estimation, report the findings from two
studies and provide recommendations to help
project managers improve project estimation.

“An estimate is the most optimistic
prediction that has a non-zero probability
of coming true … Accepting this definition
leads irrevocably toward a method
called what’s-the-earliest-date-by-which-
you-can’t-prove-you-won’t-be-finished
estimating.”6

Why Estimates Matter
Accurate estimation is very important to IT

project managers for a wide variety of reasons:
● Avoiding the vicious cycle: poor estimation

results in more schedule pressure, which
in turn creates more stress, producing
more mistakes, and ultimately more
schedule slips, creating even more
schedule pressure, and so on.7

● Avoiding the ripple effect: slippage in one
project’s completion date can have a ripple
effect on other projects and stakeholders
throughout the organization. Effective
organizations require a portfolio of well-
coordinated projects to succeed, and better
estimation leads to better coordination
with other tasks and projects throughout
the portfolio.8

● Avoiding late-in-the-project discovery that
the project has been underestimated,

5 See Nelson, R. R. “Project Retrospectives: Evaluating Project
Success, Failure, and Everything in Between,” MIS Quarterly
Executive (4:3), 2005, pp. 361-372; Nelson, R. R. “IT Project
Management: Infamous Failures, Classic Mistakes, and Best
Practices,” MIS Quarterly Executive (6:2), 2007, pp. 67-78; and
Nelson, R. R. and Jansen, K. J. “Mapping and Managing Momentum
in IT Projects,” MIS Quarterly Executive (8:3), 2009, pp. 141-148.
6 DeMarco, T. Controlling Software Projects: Management,
Measurement and Estimation, Yourdon Press, 1982.
7 McConnell, S. Software Estimation: Demystifying the Black Art,
Microsoft Press, 2006.
8 Boehm, B. Software Engineering Economics, Prentice-Hall, 1981.
This book contains a thorough discussion of software estimation and
scheduling, which is presented in terms of Boehm’s COCOMO cost-
estimation model.

which is difficult, if not impossible to
correct.9

● Facilitating better budgeting: accurate
budgets depend on accurate estimates of
size, effort and time.10

● Evaluating project personnel:
compensation is often tied to project
performance.

● Generating more credibility for the project
team: being part of a team that brings a
project in on budget and schedule can do
wonders for an individual’s career, not to
mention job satisfaction.11

In practice, estimation is both an art and a
science. While the art of estimation is closely tied
to personal experience, heuristics and common
sense, the science of estimation can be based on
complex statistical analysis, algorithms, historical
data and computer-based tools.

To gain a better understanding of exactly how
these various methods are used in practice, we
conducted two research studies, focusing on
contemporary estimation practices and their
linkage to project success. The first study focused
on an organizational-level analysis of project
estimation. Results from 60 IT professionals
suggested that, consistent with responses
from a similar study carried out 20 years ago,
there is still much room for improvement in
how estimates are generated and used within
organizations. Moving down a level of analysis,
the second study focused on project-level data
from 115 IT professionals. It also compared
traditional Waterfall and Agile development
methods with respect to estimation practices and
project success. (The survey methodologies used
for each of these studies are described in more
detail in the Appendix.)

Research Study 1:
Organization-Level Analysis of

Project Estimation
In 1992, Lederer and Prasad published the

results of a survey of 115 IT professionals on their

9 Brooks, F. The Mythical Man-Month, Addison-Wesley, 1975.
10 Jones, C. Estimating Software Costs, McGraw-Hill, 1998.
11 DeMarco, T. and Lister, T. Peopleware: Productive Projects and
Teams (3rd Edition), Addison-Wesley, 2013.

March 2014 (13:1) | MIS Quarterly Executive 17

IT Project Estimation: Contemporary Practices and Management Guidelines

organizations’ cost estimation practices,12 which
we have used as a baseline for our research.
That study provided an in-depth understanding
of the estimation process in the early 1990s—
an era of organizational computing marked by
the rapid diffusion of the personal computer, the
rise of network computing (before the takeoff of
the Internet) and the beginning of the business
process reengineering movement. Lederer and
Prasad’s research exposed a stark contrast
between the perceived importance of accurate
project estimation and the state of practice, and
they prescribed a set of management guidelines
aimed at improving estimation practices.

The primary objective of our first study was
to discover how project estimation perceptions
and practices have changed over the more than
20 years since Lederer and Prasad’s original
study. We modified the survey used by Lederer
and Prasad and distributed it to a similar target
population.13 The results of our study are
compared and contrasted with the Lederer and
Prasad findings below.

There is Still a Significant Need for
Estimation Improvement

After 20 years, there is still a profound need
for improvement in IT project estimation—as
highlighted in Table 1. Although the vast majority
of our respondents believe that estimation is
important (88% described it as “very important”

12 Lederer, A. L. and Prasad, J. “Nine Management Guidelines for
Better Cost Estimating,” Communications of the ACM (35:2), 1992,
pp. 51-59. This was one of Lederer and Prasad’s original studies on
cost estimation, with other informative articles being published over
a 10-year period.
13 While the general profile of respondents and companies in
our study is similar to the Lederer and Prasad sample, there was a
significant difference in industries represented—with their largest
percentage of respondents coming from manufacturing (32%),
compared with service industries (31%) in our sample.

or “moderately important,” the highest two
possible ratings on the five-point scale), the
data also suggests that only 31% of projects are
completed reasonably close to their estimated
time or cost. The good news, however, is that our
study shows that both estimation awareness and
performance have improved somewhat since the
early 1990s.

How Estimates Are Used
As stated above, estimates can be important

for a variety of reasons. Table 2 shows that
estimation seems to be used more for project
planning and control (rows 1 to 5) than for
evaluating estimators, developers and others
involved in a project (rows 6 to 8). These findings
are consistent with Lederer and Prasad’s findings,
with the top five remaining the same, albeit in a
different rank order.

Our respondents were then asked about
their organizations’ most common estimation
practices, and the top five responses are listed
in Table 3. Interestingly, although 75% of
projects use formal estimates, only 54% involved
developers in the estimation process—suggesting
that 21% of projects do not have any estimation
input from the developers even though they use
formal estimates. This finding is contrary to the
first of Lederer and Prasad’s “Nine Management
Guidelines for Better Cost Estimating:” “Assign
the initial estimating task to the final developer.” A
second Lederer and Prasad guideline is “Monitor
the course of a project from the preparation of
the estimate through project completion.” This
practice was reported for 71% of projects in our
study, which is virtually identical to the 70%
reported by Lederer and Prasad in 1992.

Table 1: Importance and Accuracy of IT Project Estimation
Lederer &

Prasad
Study 1

The accurate estimation of IT projects is moderately/very important. 84% 88%

What percentage of all IT projects significantly overrun their estimates? 63% 56%

What percentage of all IT projects significantly underrun their estimates? 14% 13%

What percentage of all IT projects are completed at cost close to estimate. 23% 31%

18 MIS Quarterly Executive | March 2014 (13:1) misqe.org | © 2014 University of Minnesota

IT Project Estimation

The Estimation Process and Causes of
Inaccuracies

Respondents were asked about the basis they
used for their estimations. As seen in Table 4,
they rely most heavily on comparisons to similar,
past projects when arriving at their estimates—
whether these comparisons are based on
personal memory or on documented facts. It is
interesting to note that the rank ordering of the
bases by our respondents is virtually identical to
what Lederer and Prasad found in their research
20 years ago (only items 4 and 5 were reversed in
order).

Our survey included a question on peer or
team-reviewed estimates, which was not included
in the original Lederer and Prasad survey,
because this practice is promoted by the use of
Agile development. Our respondents reported
that this practice was the third-most extensively
used basis for estimation.

The final part of our study replicating the
Lederer and Prasad study was to ask respondents
to identify the factors most responsible for
inaccurate estimates—giving them a total of 26
causes to choose from (the top five are listed in
Table 5). Again, these findings are remarkably
consistent with Lederer & Prasad’s (the notable
exception being that “Insufficient user-analyst
communication and understanding” dropped
from fourth position in their study to ninth in
ours).

The clear message continues to be that initial
estimates will be inaccurate because of frequent
changes by users, lack of users’ understanding
of requirements, inadequate task/problem
identification and insufficient analysis at the
estimation stage. As a result, estimators are
encouraged to revise estimates during the
course of the project (reported by 63% of
our respondent organizations) and to delay
committing to a target for as long as possible.

Table 2: How Estimates are Used

Use of Estimate
Importance of Use

(1 = Very unimportant;
5 = Very important)

1. To select proposed projects for implementation 4.40

2. To staff projects 4.20

3. To schedule projects 4.17

4. To quote the charges to users for projects 4.04

5. To control or monitor project implementation 3.93

6. To evaluate project estimators 3.26

7. To audit project success 3.33

8. To evaluate project developers 3.13

Table 3: Project Estimation Practices

Top 5 Responses
Percentage of IT

Projects

1. Formal estimates are prepared 75%

2. Formal monitoring of project progress 71%

3. Estimate revised because requirements change 63%

4. Cost-benefit analysis used to justify project 61%

5. Developers participate in estimation 54%

March 2014 (13:1) | MIS Quarterly Executive 19

IT Project Estimation: Contemporary Practices and Management Guidelines

Research Study 2: Project-Level
Analysis of Project Estimation

Study 1 enabled us to gain an overall view
of organizational project estimation practices.
We wanted to supplement these findings
with a more detailed second study of project
estimation practices that focused on project-level
data. In Study 2, we therefore surveyed 115 IT
professionals and asked them to respond with
data about their most recently completed IT
projects.

Another factor we wanted to explore in Study
2 (based on what we learned in Study 1 as well
as input from two software estimation experts
consulted throughout the research project) is the

changes in the IT development landscape since
Lederer and Prasad’s 1992 study. Specifically, the
growth of Agile development has fundamentally
altered the way in which projects are conceived
and managed. Collecting data at the project level
allowed us to learn more about the usefulness
and accuracy of project-estimation practices in
the context of specific development environments
(e.g., Agile vs. traditional Waterfall development),
which obviously carries important implications
for IT managers today.

As shown in Table 6, we found that traditional
Waterfall methodologies (or variants) were
still the most widely used. However, Agile
methodologies made up a significant proportion

Table 4: Bases of the Estimating Process

Basis
Extensiveness of Use

(1 = Not used at all;
5 = Extremely extensive)

1. Comparison to similar, past projects based on personal memory 3.48

2. Comparison to similar, past projects based on documented facts 3.45

3. Peer or team-reviewed estimates 3.08

4. A simple arithmetic formula (such as summing task durations) 2.96

5. Intuition 2.94

6. Guessing 2.76

7. Established standards (such as averages, standard deviations,
etc.)

2.71

8. An estimation tool (e.g., software package) 1.63

9. A complex statistical formula (such as multiple regression,
differential equations, etc.)

1.57

Table 5: Causes of Inaccurate Estimates

Causes (Top 5 Out of 26)
Extent of Responsibility

(1 = Not resp. at all;
5 = Extremely responsible)

1. Frequent user requests for changes 3.70

2. Users’ lack of understanding of their own requirements 3.54

3. Overlooked tasks 3.35

4. Poor or imprecise problem definition 3.26

5. Insufficient analysis when developing estimate 3.11

20 MIS Quarterly Executive | March 2014 (13:1) misqe.org | © 2014 University of Minnesota

IT Project Estimation

(nearly a third) of all projects in our Study 2
sample. 14

Consistent with the findings of Study 1, the
94 projects in Study 2 for which estimated vs.
actual costs were reported tended to come in over
budget, although there was also a healthy number
of projects on or even under budget in the sample
(see Table 7).

Clearly, the 40% of projects reported as
over budget indicates that estimation and/
or execution problems persist in IT projects.
However, the 60% of projects that are on or
under budget is a hopeful sign that the project
management discipline is progressing. Moreover,
Agile projects seem to be performing better than
Waterfall projects in terms of cost performance
against budget. Of the 38 (out of 94) projects
that were over budget, the average percentage
over the original estimate was nearly 73%, with a
range between 1% and 900%. For the 29 projects
under budget, the range was much smaller, from
2% to 93%, with an average of 17%.

14 Schwaber, K. and Beedle, M. Agile software development with
Scrum, Prentice Hall, 2002.

In terms of schedule compared to the original
estimate, on average, projects started 25 days
late (with none starting early), and finished an
average of 56 days late (with a maximum of 3.1
years). Once again, Agile projects tended to start
and finish closer to their estimated times. Table 8
summarizes the results for project timelines.

In terms of functionality compared to
the original estimate, regardless of start or
finish time, 90% of the originally specified
requirements were completed.

A Detailed Look at Project-Level
Estimation Methods and Practices

Based on the responses in Study 1 and input
from our two experts, we constructed a list of
commonly accepted estimation best practices
and asked respondents in Study 2 to say which
of them were followed during their most recently
completed IT projects (see Table 9). The good
news is that several of these practices are used
on projects in the organizations we sampled. Our
survey showed that Waterfall and Agile projects
employ similar estimation practices, with the
exception of preparing formal estimates, which,

Table 6: Development Methodologies
Methodology Count Percentage

Waterfall (or variant) 45 47.9%

Agile—Scrum14 11 11.7%

Agile—other 19 20.2%

Other (e.g., ad hoc and hybrid) 19 20.2%

Table 7: Cost Performance
Estimates vs. Actuals Total Waterfall Agile

Over budget 40% 47% 33%

Under budget 31% 33% 33%

On budget 29% 20% 33%

Table 8: Schedule Performance
Start Time Finish Time

Total WF Agile Total WF Agile

Late 36% 31% 30% 61% 67% 53%

Early 0% 0% 0% 17% 13% 13%

On Time 64% 69% 70% 22% 20% 33%

March 2014 (13:1) | MIS Quarterly Executive 21

IT Project Estimation: Contemporary Practices and Management Guidelines

not surprisingly, is more prevalent in Waterfall
projects.

Table 10 lists the 11 most commonly used
methods for estimating the costs of respondents’
most recent IT projects.

The rankings in Table 10 compare favorably
with the organizational-level data from Study
1 (see Table 4). (Note, however, that due to the
specific project focus of Study 2 the question was
asked differently.) The top three cost-estimation
methods were identical in both studies. Other
common—and surprising—findings are the
apparently wide use of “guessing” as a common
basis of cost estimation (particularly in Agile
projects) and the relatively low use of estimation
tools to support the process (although the use
of tools has increased slightly from the 17%

reported by Lederer and Prasad in 1992).
Cost-estimation tools most commonly cited by
respondents were Excel, internally developed
proprietary tools and Construx Estimate (a
freeware tool), although none of these was widely
used.

Table 10 indicates some differences in the
cost-estimation methods used for Waterfall
and Agile projects. Whereas Waterfall projects
tend to compare with past projects, use
individually prepared and reviewed estimates,
and use established organizational standards,
Agile projects are more likely to rely on expert
judgment, formulas and group-based estimates.

To provide additional detail about the
estimation process and bases for estimation,
respondents also identified the most common

Table 9: Estimation Best Practices In Use
Best Practice Total WF Agile

A formal estimate was prepared 86% 93% 73%

Progress against the estimate was formally monitored throughout the
project 80% 82% 80%

The same people who eventually executed the project plan (e.g.,
developers) also participated in the preparation of the initial estimate 67% 69% 63%

The estimate was revised to accompany changes in user requirements
during the project 61% 64% 57%

Project scope was reduced to meet a target completion date 38% 38% 40%

Table 10: Method for Estimating Project Cost
Most- to Least-used Method Total WF Agile

Comparison to similar, past projects based on documented facts 59% 67% 43%

Comparison to similar, past projects based on personal memory 58% 58% 57%

Estimates created by individuals and reviewed in a group setting 56% 58% 57%

Expert judgment without use of documented facts 54% 51% 67%

A simple arithmetic formula (such as summing task durations) 52% 47% 57%

Estimates created in a group setting 49% 38% 70%

Estimates created by individuals and reviewed by individuals 45% 51% 37%

Guessing 39% 31% 47%

Established organizational standards (such as averages, standard
deviations, etc.) 34% 51% 20%

An estimation tool (e.g., software package) 21% 27% 13%

A complex statistical formula (such as multiple regression) 9% 4% 20%

22 MIS Quarterly Executive | March 2014 (13:1) misqe.org | © 2014 University of Minnesota

IT Project Estimation

methods used to estimate project size and
complexity. Table 11 lists the five most common
methods used across the large sample of Study 2
projects.

Work breakdown structure is by far the
most commonly used method for estimating
project size and complexity, which suggests
a formality and structure that has developed
over time in project management. However, the
most surprising finding is the low level of use of
lines of code for estimating size and complexity,
despite prior studies and popular literature on
software estimation reporting a heavy reliance
on this method.15 There are two reasons why
this method is now less popular than in the past.
First, is the type of project typical in today’s
IT environments. Increasingly, contemporary
projects include a large number of integration or
COTS (commercial off-the-shelf ) projects, which
often make the use of lines of code challenging or
impossible. The other contextual change includes
the growth of Agile development methodologies,
which often promote the use of relative size

15 See for example McConnell, S., op. cit., 2009 p. 198.

estimates (e.g., story points in Table 11). Our
survey results suggest it may be necessary to
reconsider and refine techniques promoted in
the popular IT development literature concerned
with the use (and even relevance of ) lines of code
to estimate many of today’s IT projects.

Estimate Creation and Presentation
In addition to the methods and practices used

to create IT project estimates, we also wanted
to examine who was responsible for creating an
estimate, when and how it was created and the
form in which it was presented. Table 12 lists the
person(s) most responsible for estimate creation.

These findings were as expected and similar
for both Waterfall and Agile projects, with the
exception that Agile projects were more likely
to have the people doing the work (but not the
technical lead) responsible for creating the
estimates. Estimation experts recommend this as
a best practice.

The only surprising result in Table 12 is
the relatively large percentage of respondents
reporting that someone outside of the project
team (i.e., not directly involved with the

Table 11: Methods Used to Estimate Size and Complexity of IT Projects
Most- to Least-used Method Total WF Agile

Work breakdown structure 71% 73% 53%

Work drivers (number of interface changes, number of new modules,
etc.)

46% 58% 33%

Story points (relative estimate of the size and complexity of work in an
Agile project)

32% 16% 67%

Function points (formal count of number of user inputs, outputs,
inquiries, files and external interfaces based on IFPUG standards or
other industry standard approach)

27% 36% 20%

Lines of code 8% 7% 7%

Table 12: Responsibility for Estimate Creation
Person(s) Responsible (Multiple Responses Allowed) Total WF Agile

Technical lead 74% 73% 70%

Person(s) doing the work (not technical lead) 72% 64% 83%

Manager 53% 58% 43%

Independent estimator 14% 16% 13%

Someone else outside of the project team 20% 22% 17%

March 2014 (13:1) | MIS Quarterly Executive 23

IT Project Estimation: Contemporary Practices and Management Guidelines

project), but not an independent estimator,
was responsible for creating the estimate. The
open-ended comments provided with these
responses suggested that people with little
formal (or informal) estimation expertise,
or even familiarity with the technology, are
frequently driving project estimates. Amazingly,
one respondent reported that the sales manager
was responsible for creating the estimate for her
most recent project.

To get a sense for the timing of estimate
creation, we asked respondents when the project
estimate was created. As expected, by far the
most common response was that estimates were
created before any work on the project was done
(see Table 13). Note that a relatively high number
of Agile projects (40%) were still creating
estimates through product-concept-completion.
Again, this is often viewed as a recommended
practice.

Additional qualitative data gathered from
respondents suggested that baseline estimates
are commonly prepared at the proposal stage
and updated as major milestones are achieved.
In fact, one respondent indicated that estimates
were refined at eight different points during his
last IT project. Revisiting estimates throughout a

project is often a recommended best practice, so
greater use of this practice could well improve
estimation accuracy.

Finally, respondents reported a variety of
techniques for presenting estimates to internal
management or external clients. Rather than
using a monolithic, single-point estimate, our
survey indicates wide variation in how estimates
are presented, including some differences
between Waterfall and Agile projects (see Table
14).

It is surprising (and somewhat encouraging)
that the use of a single-point estimate falls in the
middle of Table 14, with other more contextually
driven factors (ranges, feature lists or confidence
factors), exceeding or rivaling the popularity of
less flexible, single-point estimates.

To summarize, most of the 115 projects
reported on in Study 2 were either late and/or
over budget, with Agile projects faring somewhat
better in both areas. A possible explanation for
the better performance of Agile projects (in
terms of estimation) is that they tend to rely
more on expert judgment, formulas and group-
based estimates. In addition, estimates for the
Agile projects in the survey tended to be:

Table 13: Timing for Estimate Creation
When Estimate is Created (Multiple Responses Allowed) Total WF Agile

Before any work on the project was done 72% 67% 73%

Requirements complete 46% 42% 30%

Through product-concept-completion 32% 29% 40%

At a defined gate or milestone in a stage-gate process 29% 33% 23%

Table 14: Estimate Presentation
Most Common to Least Used (Multiple Responses Allowed) Total WF Agile

Cost or effort range 54% 56% 50%

Schedule range 49% 40% 53%

Feature list (e.g., definitely, probably or maybe) 49% 44% 60%

Single-point number 45% 47% 33%

Confidence factors (probability of delivering on-time and/or on-budget) 33% 36% 27%

Cases (e.g., best, most likely, worst) 29% 33% 17%

Plus-or-minus qualifiers (e.g., 6 months, +3 months, – 2 months) 26% 24% 23%

24 MIS Quarterly Executive | March 2014 (13:1) misqe.org | © 2014 University of Minnesota

IT Project Estimation

● Prepared by people who would also be
doing the work

● Baselined at the beginning of the project
and updated throughout the project

● Presented in (cost/effort/schedule)
ranges rather than as single-point
numbers.

Common Estimation Problems
In light of the cost, schedule and functionality

estimation challenges reported above, we also
asked respondents which estimation-related
problems they encountered during their last
IT projects. They cited the following (listed in
descending order of influence as reported in
prior studies):16

1. Insufficient analysis when developing the
estimate

2. Lack of adequate methodology/guidelines
for estimation

3. Lack of historical data on past estimates
and actual results

4. Pressure from managers or other
stakeholders to increase or reduce
estimates, and over-reliance on a single
person’s estimate

5. A lack of visibility or control over actual
data compared to estimates.

Although less directly linked to estimation per
se, other problems that are either antecedents
or consequences of poor estimation practice
identified by managers included:

● Frequent user requests for changes
● Users’ lack of understanding of their own

requirements
● Overlooked tasks
● Changing personnel
● Poor or imprecise problem definition.
Qualitative data provided by project

managers also suggested that drastic budget
cuts by government agencies was a factor in
causing projects to miss the original estimates.
A representative comment was “The program
was tracking in accordance with the estimate

16 The ranked order of 26 proposed causes of inaccurate estimates
from Study 1 and Lederer and Prasad (1992).

both in terms of time and budget. The Federal
agency simply slashed the budget.” Other
inputs from respondents implied difficulties in
managing offshore development teams (what
one person termed “misinterpretation and rogue
creativity” of team inputs), and undue pressure
from stakeholders, including variations of the
following comment: “Every project we estimate
gets significant pushback from [stakeholders] to
cut the estimate.”

Evaluation of Project Success
Finally, we asked Study 2 respondents to

evaluate seven project success criteria for their
most recent IT projects.17 As reported above,
most (61%) projects were late, and 40% were
over budget. While these numbers tell a similar
story of project failure to that reported by
the Standish Group, other criteria tell a quite
different story. As demonstrated in Figure 1
and Table 15, the vast majority of projects
in our survey met requirements, produced
products/services that were used by their
target constituencies, resulted in organizational
learning and provided value. Moreover, overall
stakeholder satisfaction was rated at 91%.

These findings suggest that roughly 9 out
of 10 projects can be classified as “successful
failures”—that is, projects that fail on one or
more process criteria (schedule and/or budget
in particular), but succeed on all of the important
outcome criteria. Representative comments from
the respondents included the following:

“We delivered 10% more scope with 10%
less budget three weeks late.”

“The project came in slightly over schedule
but exceeded expectations.”

“The board of directors had the project
audited this month by external auditors
and it is being showcased in our industry
groups, newspapers and to our shareholders
to demonstrate our capabilities.”

It is also interesting to compare our survey
results with the benchmark results of 180
project retrospectives conducted in 130 different
organizations between 1999 and 2013. Once

17 For a more detailed description of project success, see Nelson,
R. R., op. cit., 2005, pp. 361-372.

March 2014 (13:1) | MIS Quarterly Executive 25

IT Project Estimation: Contemporary Practices and Management Guidelines

again, these collective findings suggest that IT
projects tend to come in over schedule and/or
budget, yet eventually meet requirements and
add value to the organization. So, the bad news
is that most IT projects continue to fail in terms
of meeting estimates, but the good news is that
stakeholders seem to be satisfied as long as the
project results in a product/service that adds
value within their organization.18

As previously noted, the most common
determinant of project failure is poor estimation.
Data suggests that this “classic mistake” is the
most common of all, occurring in 64% of the 180
benchmark projects. In all of the studies reported
in this article, there are many possible causes

18 Updated data from Nelson, R. R., op. cit., 2005, on 180 project
retrospectives conducted in 130 different organizations between
1999 and 2013.

of poor estimation, including poor problem/
requirements definition, scope creep, lack of
requisite knowledge and skills, inadequate
estimation methodologies, lack of historical data,
lack of visibility or control, and pressure from
stakeholders. We now provide guidelines for
addressing each of these problem areas.

Guidelines for Improving IT
Project Estimation

Based on the findings of our research, we
provide 10 guidelines for project managers on
how to improve their estimation practices.

1. Admit You Have a Problem
One of the striking revelations from our two

studies is that some of the key findings are very

Figure 1: Project Success Criteria
OVERALL

STAKEHOLDER
SATISFACTION

(91%)

LEARNING
(87%)

USE
(94%)

OUTCOME VALUE
(89%)

COST
(60%)

TIME
(39%)

PRODUCT
(90%)

PROCESS

Table 15: Project Success Criteria
Yes Benchmark18

The project came in on schedule 39% 40%

The project came in on budget 60% 45%

The project produced a product of acceptable quality and met other
product-related specifications, including requirements, usability, ease
of use, modifiability and maintainability 90% 68%

The project’s resulting product/service is being used by its target
constituencies 94% 88%

The project increased stakeholder knowledge and helped prepare the
organization for future challenges 87% 82%

The project will directly result in improved efficiency and/or
effectiveness for the client organization(s) 89% 70%

Overall, stakeholders were satisfied with the project 91% NA

26 MIS Quarterly Executive | March 2014 (13:1) misqe.org | © 2014 University of Minnesota

IT Project Estimation

similar to those of Lederer and Prasad over 20
years ago. While there have been tremendous
advancements in the project management
discipline, technology, IT development processes
and the education level of IT professionals,
it is clear that developing accurate estimates
continues to be a huge problem. As one
respondent stated: “Our estimation process has
been ‘spotty’ at best. … we’ve certainly not found
the holy grail of estimating (yet).”

2. Revisit the Prescriptions Offered by
Lederer and Prasad

Although Lederer and Prasad’s work
was done over 20 years ago, many of their
prescriptions can be adapted for today’s IT
development environment, even though that
environment has changed (e.g., the increased use
of Agile methods). Based on our studies, several
of their specific recommendations are still valid:

● Assign the initial estimating task to the
final developers

● Delay finalizing the estimate until the end
of a thorough study of requirements

● Monitor project progress closely—
including actuals versus estimates

● Rely on documented facts, standards and
simple arithmetic formulas rather than
guessing, intuition, personal memory
or complex formulas to generate the
estimate.

3. Conduct Project Retrospectives.
Project teams should be encouraged to

perform status reviews throughout the life of a
project. Such reviews can happen, for example,
at the end of each day (daily standup), two-
week intervals, completion of a major milestone
and project completion. In addition to learning
lessons and making necessary adjustments,
actual data can be captured for use in estimating
the next sprint (the basic unit of development in
Scrum), phase or project.

4. Employ Estimation Tools
As shown in Tables 4 and 10 above, the use

of estimation tools (e.g., software packages)
was relatively low in both of our studies (only
21% of Study 2 respondents reported using an
estimation tool). Estimation tools can help to:

● Evaluate and sanity-check project plan
alternatives against industry data or an
organization’s historical data (if captured
via project retrospectives)

● Negotiate a reasonable schedule and
budget, using a tool’s reporting capability

● Improve visibility and control over actual
data compared to estimates

● Coordinate estimated and actual project
data within and across project teams.

In addition to Microsoft Project and Excel
(including templates and add-ons), dedicated
estimation tools include freeware19 and other
packages.20

5. Understand Agile Approaches
and Adapt Estimation Techniques
Accordingly

The findings from our studies underscore
the importance of Agile development methods
in modern software development. Therefore,
it is critically important that project managers
understand these methods and how traditional
estimation techniques can be adapted to fit the
context of Agile development.21 Key principles
behind the Agile Manifesto22 include:

● Our highest priority is to satisfy the
customer through early and continuous
delivery of valuable software

● Deliver working software frequently, from
a couple of weeks to a couple of months,
with a preference to the shorter timescale

● Working software is the primary measure
of progress.

Clearly, frequent estimation and delivery
cycles are central to the Agile approach—and an
effective way to improve estimation (one sprint
or deliverable at a time).

19 Freeware estimation tools include Construx Estimate (http://
www.construx.com/estimate) and COCOMO (http://sunset.usc.edu/
csse/research/COCOMOII).
20 Other estimation tools include QSM SLIM-Estimate (http://
www.qsm.com/tools/slim-estimate) and SEER (http://www.galorath.
com).
21 For a good primer that explains the philosophy, tools and
techniques associated with estimation for Agile development, see
Cohn, M. Agile Estimating and Planning, Prentice Hall, 2005. Agile
estimation methods include relative (a.k.a. story point) estimation
and planning poker.
22 http://agilemanifesto.org/principles.html.

March 2014 (13:1) | MIS Quarterly Executive 27

IT Project Estimation: Contemporary Practices and Management Guidelines

6. Avoid Cognitive Biases Toward
Estimation

People are subject to an almost limitless set
of biases when making subjective judgments or
decisions, and the process of estimation is no
exception. Perhaps the best way to avoid letting
biases creep into estimation judgments is to be
aware of them. Some specific biases that are
particularly dangerous for project managers in
estimating projects include the following.

Underestimation Bias. People have a strong
tendency to underestimate, particularly when
the focal object of estimation is unknown or
complex. This obviously includes software and/
or outsourced projects (and is worse when
requirements, technologies, etc. are new or
unknown). Indeed, in over 15 years of teaching
estimation to mid-career IT professionals
(average work experience more than 12 years),
we have found that perhaps the most common
tendency from in-class workshops is for them
to underestimate when asked to give a range
estimate for a series of questions.

The Planning Fallacy. Related to the
underestimation bias, the planning fallacy23 is
the tendency for people and organizations to
underestimate the time, costs and risks of future
actions and at the same time overestimate the
benefits of those actions. Thus, the planning
fallacy results not only in time overruns, but
also in cost overruns and benefit shortfalls.
Kahneman and Tversky’s original explanation for
the fallacy was that planners focus on the most
optimistic scenario for the task, rather than using
their full experience of how much time similar
tasks require. It is interesting to note that this
bias only affects predictions about one’s own
tasks; when uninvolved observers predict task
completion times, they show a pessimistic bias,
overestimating the time that will be taken.24 This
suggests the need to involve external auditors
and/or use peer- or team-reviewed estimates,

23 The term “planning fallacy” was first coined in 1979 in
Kahneman, D. and Tversky, A. “Intuitive prediction: Biases
and corrective procedures,” TIMS Studies in Management
Science, (12), 1979, pp. 313-327. Since then the effect has been
found for predictions of a wide variety of tasks, including tax
form completion, school work, furniture assembly, computer
programming and even origami.
24 Buehler, R., Griffin, D. and Ross, M. “Inside the Planning
Fallacy: The causes and Consequences of Optimistic Time
Predictions,” Gilovich, T., Griffin, D. and Kahneman, D. (Eds.)
Heuristics and Biases: The Psychology of Intuitive Judgment,
Cambridge University Press, 2002, pp. 250-270.

as our research shows that many firms are now
doing.

Wishful Thinking. As implied by the results
of our studies, project managers think tasks will
be finished quickly and easily because that is
what they want to happen. Unfortunately, there is
a bigger penalty for underestimating (non-linear
impact due to planning errors, shortchanged
requirements, high-risk practices, etc.) than for
overestimating (linear impact due to Parkinson’s
Law, where work tends to expand to fill the
estimate).

Self-Serving Bias. By taking credit for tasks
that went well but blaming delays on outside
influences, project managers or those centrally
involved with creating project estimates often
discount past evidence of how long a task should
take. Experiments have demonstrated that when
people made their predictions anonymously,
they do not show an “optimistic bias.”25 This
suggests that people sometimes make optimistic
estimates to create a favorable impression with
others.

Focalism Bias. The focalism bias refers to
the mental discounting of factors believed to
be outside the specifics of the project.26 These
factors include “overhead” tasks (e.g., meetings,
sickness and vacations) and “black swan events”
(low-probability, high-impact risks).

7. Understand the Estimate-
Convergence Graph

The estimate-convergence graph (a.k.a.
the “cone of uncertainty”) derives from
research that found that project estimates fall
within predictable ranges at various stages
of a project.27 One of our survey respondents
reported on his company’s practice of requiring
project managers to estimate in ranges. At
the beginning of the feasibility phase, project
managers are asked to come up with a 100%
cushion, at the beginning of the definition phase,
a 75% cushion, at the beginning of the design
phase, a 50% cushion and at the beginning of
the construction phase, a 25% cushion. Project

25 Pezzo, M., Litman, J. and Pezzo, S. “On the distinction between
yuppies and hippies: Individual differences in prediction biases
for planning future tasks,” Personality and Individual Differences
(41:7), 2006, pp. 1359-1371.
26 Wilson, T., Wheatley, T., Meyers, J., Gilbert, D. and Axsom,
D. “Focalism: A source of durability bias in affective forecasting,”
Journal of Personality and Social Psychology (78:5), 2000,
pp. 821-36.
27 Boehm, B., op. cit., 1981.

28 MIS Quarterly Executive | March 2014 (13:1) misqe.org | © 2014 University of Minnesota

IT Project Estimation

managers update their estimates at the end of
each phase, resulting in improved estimation
accuracy as a project progresses through its life
cycle.

8. Understand the Difference Between
a Target and an Estimate

Estimates are arrived at based on careful
analysis, whereas targets represent a desired
schedule or cost and can be set without any
analysis. Project managers should be encouraged
to carefully set targets within a reasonable
range of an estimate and delay making a firm
commitment for as long as possible.

“Estimation’s role is to determine whether
you have a realistic chance of meeting your
targets. If the target is within roughly 20%
of the estimated outcome, you can control
the project to meet the targets (make
minor adjustments to features, schedule and
resources). If the gap between the target
and the estimate is greater than about
20%, it is not possible to control the project
to meet the targets.”28

9. Manage Stakeholders
Given the role that stakeholders play in

defining project requirements, setting targets,
changing requirements (i.e., scope creep)
and exerting pressure on the project team
throughout a project, project teams need to find
more effective ways to involve stakeholders.
For example, another key principle of Agile
development is that “business people and
developers must work together daily throughout
the project.” This practice enhances transparency
and may help control stakeholder pressure.

10. Develop Estimation Competencies
of Project Managers and Team
Members

As emphasized by the first guideline, the
IT development community is simply not very
good at estimation. We urge project managers
to look for opportunities to develop and hone
their estimation competencies and those of
project team members. Such training might
involve everything from a multi-hour workshop,
to a multi-day short course, to broader courses
as part of an advanced degree. All of these

28 McConnell, S., op. cit., 2006.

approaches are appropriate and can make an
immediate difference. Once trained, project
managers and their teams can help infuse
the training and ideas into internal training
programs or professional development
initiatives. Ample opportunities for such training
exist and project managers who continue to
ignore them do so at their own peril.

Concluding Comments
Insanity can be defined as doing the same

thing over and over again and expecting a
different result. In effect, this is what the IT
development community has been doing with
respect to estimation for more than 20 years. The
findings from Study 1 are remarkably consistent
with similar findings first reported in the early
1990s, with “classic” estimation mistakes still
being made—over-reliance on personal memory,
use of intuition and guessing. Moreover, the
common causes of poor estimation practices
today have changed little over the same time
span—change requests from users, users’ lack
of understanding of requirements, poor problem
definition and insufficient analysis prior to an
estimate being made.

The results from our Study 2, which looked at
project-level data, are slightly more encouraging.
Our findings indicate that contemporary
practices, including Agile development methods,
seem to be making some headway toward
improving project success. Interestingly, most
projects met their stated requirements, produced
usable products and services, and improved
organizational value, leading to a high overall
stakeholder satisfaction rating. However,
somewhat paradoxically, most of the projects
were late and many (40%) were over budget,
reiterating the need for better time and cost
estimation. Thus, today’s “typical” project can be
characterized as a “successful failure.”

Many of the deficiencies in current projects
can be traced back to poor estimation, so there
is clearly room for improvement in estimation
practices. We have provided specific guidelines
for IT project managers to help them reverse the
trend so that the estimation problems identified
by our studies do not continue for another 20
years.

March 2014 (13:1) | MIS Quarterly Executive 29

IT Project Estimation: Contemporary Practices and Management Guidelines

Appendix: Survey Research
Methodologies

Research Study 1: Organization-Level
Analysis of Project Estimation

The survey questionnaire included 35 multi-
part questions requiring responses on five-point
Likert-type scales. Other questions required
respondents to report the proportion of projects
on which they carried out particular estimating
practices. After piloting the survey with 40 IT
professionals and revising it to improve clarity
and completeness, the questionnaire was
distributed in 2010 via an Internet-based survey
tool to several hundred IT professionals affiliated
with a major U.S. graduate school program on the
Management of IT (alumni and current students;
all working IT professionals).

The 60 respondents had a similar profile to
those in Lederer and Prasad’s 1992 survey: they
were responsible, educated and experienced IT
professionals familiar with their current firms.
While all respondents had a direct connection to
project estimation, most (72%) were responsible
for project/department management, with the
remainder involved with estimation, systems
analysis/design, programming and/or database
administration. All respondents had a four-year
college degree and at least some graduate-level
education. On average, respondents supervised
31 employees and had 15 years of experience in
IT with six years at their current companies.

The firms varied in size and industry. Their
annual sales ranged from $900,000 to $25 billion
with a mean of $4.5 billion. The average number
of employees was 9,423 with a range of six to
77,000. On average, there were 1,539 employees
in their IT departments, ranging from one to
18,000. IT department annual budgets ranged
from $900,000 to $15 billion, with a mean of $1.1
billion. The primary industries represented were
consulting/services (31%), banking/finance
(24%), government (13%), education (7%) and
healthcare (7%).

Study 2: Project-Level Analysis of
Project Estimation

Study 1 provided a useful snapshot of overall
organizational estimation practices and enabled
us to directly benchmark the results against

the Lederer and Prasad 1992 study. However,
we felt that a second study at a lower level of
analysis—i.e., at the project level rather than
the organizational level—would provide project
managers with additional detail, richness and
insights. Furthermore, by collecting data at the
project level, we were more able to directly tie
project estimation practices to project outcomes
(schedule, cost, functionality), which Study 1
suggested continue to be a challenge for project
managers.

In reviewing the results of Study 1 and talking
with project managers, we realized that it would
be much easier for them to talk about outcomes
on a specific project (rather than projects in
general). To add additional validity and reliability
to our insights from Study 1, we therefore
decided we needed to collect information on a
wide variety and scale of individual projects.
Armed with this project-level data, we felt we
would be able to generalize our results for the
broader population of contemporary IT projects.

In Study 2, we surveyed 115 IT professionals
during 2011 and asked each respondent to
provide data about his or her most recently
completed IT project. Virtually all of the
respondents indicated they were project/
program managers or directors, giving us
confidence that they were in a position of
responsibility over project timelines, costs and
outcomes. Not surprisingly given the turnover
in IT-related fields, most (86%) had worked for
their current employer for less than 10 years
and just over half (51%) had worked in the IT
field for more than 10 years. A wide variety of
industries were represented in the sample, with
consulting/services having by far the highest
number of respondents (see the table).

Additionally, the organizations in the Study 2
sample tended to be quite large. Annual revenue
averaged $9 billion, and the average number of
employees was 27,000.

As in Study 1, the projects reported on in
Study 2 covered a wide spectrum of size, scope
and functionality. This variance was expected
because we asked each respondent to provide
data on the last project that they worked on (not
any project or a typical project). Projects ranged
from a small web application development
project costing several thousand dollars to a
$350 million IT infrastructure project for a large
international airport. In between, there were

30 MIS Quarterly Executive | March 2014 (13:1) misqe.org | © 2014 University of Minnesota

IT Project Estimation

database and data center projects, business
intelligence/analytics, ERP, CRM, systems

integration and many web-development projects.
Project budgets averaged $11 million, with a
median budget of $440,000.

About the Authors

R. Ryan Nelson
R. Ryan Nelson (rnelson@virginia.edu) is
Professor, IT Area Coordinator and Director of
the Center for the Management of Information
Technology (CMIT) at the McIntire School of
Commerce of the University of Virginia. He
received his Ph.D. in business administration
from the University of Georgia in 1985 and spent
five years on the faculty of the University of
Houston before joining the University of Virginia.
He has published several articles on the topic of
project management in MIS Quarterly Executive
and currently serves on that publication’s
editorial board.

Michael G. Morris
Michael Morris received his Ph.D. in Management
Information Systems from Indiana University
in 1996. He has previously served as a senior
editor at MIS Quarterly and Information Systems
Research. His research has been published in MIS
Quarterly, Organizational Behavior and Human

Decision Processes, Personnel Psychology, IEEE
Transactions on Engineering and Management
and Decision Sciences, among others.

Survey 2 Primary Business Activity
Industry Percentage

Consulting/services 50.67%

Government 10.67%

Financial services 6.67%

Healthcare 5.33%

Communication 6.67%

Education 4.00%

Retail 5.33%

Utilities 4.00%

Insurance 2.67%

Legal 2.67%

Manufacturing 1.33%

Copyright of MIS Quarterly Executive is the property of MIS Quarterly Executive and its
content may not be copied or emailed to multiple sites or posted to a listserv without the
copyright holder’s express written permission. However, users may print, download, or email
articles for individual use.

MISQuarterly Executive Vol. 10 No. 4 / Dec 2011 157© 2011 University of Minnesota

CIO and Business Executive Leadership Approaches to Establishing Company-Wide Information Orientation

CIO and BusIness exeCutIve LeadershIp
apprOaChes tO estaBLIshIng COmpany-wIde
InfOrmatIOn OrIentatIOn1,2

William J. Kettinger
University of Memphis
(U.S.)

Chen Zhang
University of Memphis
(U.S.)

Donald A. Marchand
IMD (Switzerland)

MISQUarterly
Executive

Executive Summary12

In the digital world, business executives have a heightened awareness of the strategic
importance of information and information management to their companies’ value
creation. This presents both leadership opportunities and challenges for CIOs. To
prevent the CIO position from being marginalized and to enhance CIOs’ contribution
to business value creation, they must move beyond being competent IT utility managers
and play an active role in helping their companies build a strong information usage
culture. The purpose of this article is to provide a better understanding of the leadership
approaches that CIOs and business executives can adopt to improve their companies’
information orientation. Based on our findings from four case studies, we have created
a four-quadrant leadership-positioning framework. This framework is constructed from
the CIO’s perspective and indicates that a CIO may act as a leader, a follower or a non-
player in developing the company’s information orientation to achieve its strategic focus.
The article concludes with guidelines that CIOs can use to help position their leadership
challenges in introducing or sustaining their companies’ information orientation
initiatives and recommends specific leadership approaches depending on CIOs’ particular
situations.

THE GROWING IMPORTANCE OF INFORMATION AS A
BUSINESS RESOURCE
In today’s digital world, enabled by social media, cloud computing, sensor networks,
online service offerings and big data applications, the volume, velocity and variety
of data are growing at unprecedented rates as individuals are constantly producing,
gathering and sharing information. Consumers, including the growing number
of digital “natives,” demand information competence in their network-based
communication. From a business perspective, IT and information are increasingly
embedded in products, services and business processes, leading companies to
collecting and managing ever greater amounts of data. Transforming the vast amount
of data both inside and outside companies into relevant information offering business
insights and helping companies improve efficiencies, seize opportunities and compete
is a critical challenge in the dynamic digital business environment.

Today’s leading CEOs, CFOs and COOs understand this. They recognize that
improving information management and leveraging the power of information and
digitization throughout all aspects of their business is critical to the execution of their
business strategies and their companies’ survival and prosperity. A growing number
of these business leaders have turned their attention to building a strong information
culture within the top management team and throughout their companies. For
example, an information-oriented COO of a U.S. bank stated:

1 Elena Karahanna, Omar El Sawy and Varun Grover are the accepting senior editors for this article.
2 An earlier draft of this article was presented at the 2010 SIM Academic Workshop on New IS Leadership
Roles for a Digital World in St. Louis, MO. The authors would like to acknowledge the valuable feedback from
workshop participants. We are appreciative of the excellent guidance provided by Elena Karahanna and the other
special issue editors and the anonymous reviewers.

MISQE is
Sponsored by

158 MIS Quarterly Executive Vol. 10 No. 4 / Dec 2011 © 2011 University of Minnesota

Kettinger et al. / CIO and Business Executive Leadership Approaches to Establishing Company-Wide Information Orientation

“The information that you provide drives
the conversation that you have every day
with both your customers and your fellow
employees. And the conversation you have
drives the culture of your organization. If there
is a common language that is created in the
company, it helps to not just achieve financial
objectives or customer service objectives, but
it also helps you establish a consistent culture
in your organization.”

Some CIOs are in the forefront of leading efforts to
transform the IT function from being more than just
a reliable IT utility. They recognize the importance of
exploiting the company’s information resource and of
emphasizing the “I” in IT. These CIOs act as partners
on the senior management team by formulating and
executing information-enabled business strategies.
In a recent Wall Street Journal article, Thomas
Davenport writes: “CIOs are called ‘information
officers’ for a reason: They’re supposed to provide
information that informs corporate decisions and
actions.”3 Unfortunately, some CIOs have not yet
recognized the importance of exploiting information
or are not in the leadership position to effect the
needed movement toward improving their companies’
information capabilities to the level necessary in
today’s digital world.

The fact that an increasing number of business
executives have started emphasizing information
management and usage to improve strategy execution
presents CIOs with both leadership opportunities
and challenges. To prevent the CIO position from
being marginalized and to enhance their contribution
to business value creation, CIOs must identify the
leadership approach they can take in driving their
companies’ efforts to better leverage information
for superior business performance.4 The purpose
of this article is to provide better understanding of
the leadership approaches that CIOs and business
executives may use to improve their firms’
information orientation (IO) in support of its business
strategy. Our findings are derived from four case
studies of companies in service and manufacturing
industries (CEMEX, European Specialty Chemical
Company, Citigroup CEEMEA [Central and Eastern
Europe, Middle East and Africa] Sales and Trading

3 “Making Sense of It All: Getting Knowledge From Information,”
Wall Street Journal, April 25, 2011. http://online.wsj.com/
a r t i c l e / S B 1 0 0 0 1 4 2 4 0 5 2 7 4 8 7 0 4 6 6 2 6 0 4 5 7 6 2 5 7 3 8 0 3 0 8 6 8 5 6 4 2 .
html#articleTabs%3Darticle
4 Leadership scholars such as Warren Bennis consider leadership as a
function of being aware of yourself and your situation (sensemaking),
having a vision that is well communicated (charting the map), building
trust and influence among colleagues and subordinates, and taking
effective action toward your vision (mobilizing).

Unit, and European Retail Bank). We examined the
IO leadership approach used (or not used) by these
firms’ CIOs, as well as their interactions with business
executives. We observed that IO is important to each
company and that the CIO may act as a leader, a
follower or a non-player in the company’s information
capability development to strengthen the company’s
strategic focus. Based on the findings, we present a
leadership-positioning framework from the CIO’s
perspective. We conclude by providing managerial
insights and guidelines that will help CIOs identify
an appropriate leadership course of action in their
companies’ informating efforts.

DIMENSIONS OF INFORMATION
ORIENTATION
Information orientation is a managerial perspective
that recognizes how effective use and management
of information adds value to a firm’s strategic
orientation and how investments of information
technology practices, information management
practices and information behaviors and values
facilitate the development of the firm’s information
capabilities. The extent to which an organization
leads in developing and nurturing these three core
information-oriented practices will largely determine
its capabilities to use information effectively.5 The
details of these three core dimensions of IO are
presented in Table 1.

In today’s information-intensive organizations, these
three core information-oriented practices are often
adopted to support business strategies. Executing
business strategies that focus on resource control,
opportunity leveraging and knowledge creation has
been a major preoccupation of CEOs and other non-
IS senior executives. While the competitive context
determines which of these three strategic foci is
dominant in a specific company or industry, all three
demand highly informated business practices. This
is the reason that developing a strong information
orientation has captured the attention of senior
business executives.

5 Marchand, D. A., Kettinger, W. J. and Rollins, J.

Information
Orientation

: The Link to Business Performance, Oxford University
Press, 2001.

© 2011 University of Minnesota MIS Quarterly Executive Vol. 10 No. 4 / Dec 2011 159

CIO and Business Executive Leadership Approaches to Establishing Company-Wide Information Orientation

INFORMATION ORIENTATION
AS A CRITICAL ENABLER OF
BUSINESS STRATEGY6
The popular press has already highlighted that 95%
of senior executives believe strong information
management is critical for business strategy and value
creation.7 In our conversations with senior executives
from a variety of industries, they confirmed they
had recognized the importance of information and
information management to their businesses and
business strategies:

“We adopt management by numbers or
evidence-based management. Information
forms the starting point for dialogs among
people. It is a shared language to communicate
with managers and front line specialists.”
(EVP, U.S. Claim Management Service
Company)

6 Marchand, D. A., Kettinger, W. J. and Rollins, J. “Information
Orientation: People, Technology and the Bottom Line,” Sloan
Management Review (42:3), 2000, pp. 69-80.
7 “Managing Information in the Enterprise: Perspectives for Business
Leaders,” Forbes Insights, 2010, p.2. http://images.forbes.com/
forbesinsights/StudyPDFs/SAP_InformationManagement_04_2010.
pdf; also see: Wall Street Journal, op. cit., April 25, 2011. This article
recommends five books that executives need to read if they want to be
leaders to “… harness technology to make the most of information.”
Thomas Davenport states that one of the books (Making the Invisible
Visible: How Companies Win with the Right Information, People
and IT) takes the “I” perspective and “… describes the concept of
‘information orientation’ and how it produces better organizational
performance … Based on a substantial research study … the formula
they advocate is right on, and any CIO would benefit from trying it.”

“… to go from the fact that a customer wants
something to the fact that I give him something
and I get my money for it, and all the steps in-
between takes information from one point to
another point. Today, product and information
waits in queue a lot of the time … If I could start
measuring the time in-between and eliminate
it as a waste, then I believe it’s money to be
made.” (COO, U.S. Equipment Manufacturer)

Control-oriented business strategies, such as that
followed by CEMEX, emphasize exploiting the
company’s existing capabilities and resources and
using the most efficient approach to optimize the
business and maximize value created. When control-
oriented executives are also information oriented, they
can strengthen their control strategies by using timely
and accurate information to measure and monitor both
operational processes and management processes in
a panoptic fashion,8 and institute continuous process
improvements. Information transparency allows
them to drill down and monitor the performance of
divisions, teams and individuals. As a result, they can
thrust responsibilities and decision rights down the
organizational hierarchy and trust people will carry
them out properly.

Opportunity-oriented business strategies, such as that
followed by European Specialty Chemical Company,
emphasize sensing market opportunities through
alertness and taking advantage of these opportunities

8 See: Grover, V. and Markus, M. L., eds. Business Process
Transformation: Advances in Management Information Systems, M. E.
Sharpe, 2008.

Table 1. Dimensions of Information Orientation
Dimensions of
Information
Orientation6

Definition

Information
Technology Practices

A company’s ability to manage information technology (i.e., hardware, software,
application programs, networks and technical expertise) effectively for operational
support, business process support, innovation support and management support.

Information
Management
Practices

A company’s ability to manage the use of information in support of coordination
and control, tactical problem solving and strategic decision making. Information
management practices involve sensing, collecting, organizing, processing and
maintaining information to enhance decision making. These information management
practices move beyond organizational-level databases to include personal, social
media and customer information management.

Information
Behaviors and Values

A company’s ability to instill in its people information-centric behaviors and values
as information integrity, information transparency, information sharing, proactiveness
in information sensemaking, understanding of others’ job goals and their information
needs, and a willingness to use formal systems—all important for building and
sustaining a strong information culture.

160 MIS Quarterly Executive Vol. 10 No. 4 / Dec 2011 © 2011 University of Minnesota

Kettinger et al. / CIO and Business Executive Leadership Approaches to Establishing Company-Wide Information Orientation

through agile responses to the needs of customers,
partners and suppliers.9 When opportunity-oriented
senior executives are also information oriented, they
are able to assess market conditions and anticipate
changes in the marketplace more accurately, track
competitor and stakeholder responses to their strategic
actions, evaluate the effectiveness of countermoves
and make necessary adjustments.

People-oriented business strategies, such as
that followed by Citigroup CEEMEA Sales and
Trading Unit, focus on maximizing the knowledge
contributions of employees and incorporating
them into business processes and capabilities.
When people-oriented executives have a strong
information orientation, they often adopt information-
based measurement tools to evaluate people’s
knowledge-creating and -contributing behavior.
They also create an open environment with a high
degree of information transparency, strengthen
the communication links among people so that
information about knowledge holders can be easily
located,10 and help individuals take ownership of and
responsibility for their knowledge.

LEADERSHIP APPROACHES TO
DEVELOPING AN INFORMATED
BUSINESS STRATEGY
Establishing information orientation in support of a
business strategy is a shared responsibility among
senior executives. However, due to the variety of
mindsets, motivations, experiences and strategic views
among senior executives, business executives and
CIOs may play different roles in leading this process.

Senior business executives’ increasing recognition of
the role of information orientation in improving the
company’s performance demands that CIOs must pay
at least equal attention to developing IO. This means
the CIO must be able to identify the approach he/she
will adopt in leading the firm’s efforts to improve its
information capabilities to support its strategic focus
on control, opportunity or people. We conducted four
case studies in which we examined the leadership

9 Zaheer, A. and Zaheer, S. “Catching the Wave: Alertness,
Responsiveness and Market Influence in Global Electronic Networks,”
Management Science (43:11), 1997, pp. 1493-1509.
10 See: Dennis, A. and Vessey, I. “Three Knowledge Management
Strategies: Knowledge Hierarchies, Knowledge Markets, and
Knowledge Communities,” MIS Quarterly Executive (4:4), 2005, pp.
25-45.

approaches played by the CIOs in establishing IO and
their interactions with business executives.11

Ideally, the CIO and business executives would both
recognize the value of establishing IO (including
all three dimensions: IT practices, information
management practices, and information behaviors
and values) and act in partnership to co-lead the
IO initiatives to achieve their strategic goals in a
Participatory manner (as happened in CEMEX).

However, in companies where the CIO sees the
IO potential but business executives are slower
to make this connection, the CIO must act as a
Transformational Leader to introduce and nurture IO
initiatives until a senior executive coalition also sees
the value of IO and further diffuses the IO concept
throughout the company (this approach was used in
European Specialty Chemical Company).

If the CIO does not immediately recognize the
value of IO (possibly because of focusing only on
IT practices and running an IT utility) or cannot
immediately take the lead in IO initiatives (because
of a lack of influence), business executives will drive
the IO initiatives. In this situation the CIO must act
as a follower and play a Servant Leader role if he/she
wants to eventually earn a place of strategic influence
on the senior management team (the Citigroup
CEEMEA Sales and Trading case illustrates this
approach).

When neither business executives nor the CIO
recognizes the value of IO or takes the IO leadership
reins, the firm may flounder and lose competitiveness.
The situation may become so bad that the firm’s
stakeholders responsible for corporate oversight may
have to step in and replace the senior executives,
including the CIO, with a new management team that
can deliver value (as happened at European Retail
Bank).

Based on these observations from the four case
companies we have constructed the strategic
leadership-positioning framework shown in Figure
1. Each of the four quadrants of the framework is
described below and illustrated through the relevant
case study.

11 A CIO’s IO leadership approach is the manner in which a CIO
provides direction, implements plans and influences other senior
executives and subordinates to improve the information orientation
of the entire organization, including the IT practices, information
management practices and information behaviors and values.

© 2011 University of Minnesota MIS Quarterly Executive Vol. 10 No. 4 / Dec 2011 161

CIO and Business Executive Leadership Approaches to Establishing Company-Wide Information Orientation

IO Initiative Led by a CIO/Business
Executive Partnership
In the upper right quadrant of Figure 1, the CIO forms
a partnership with business executives to lead IO
efforts. With this IO leadership approach, the CIO
must be a Participative Leader12 and ensure that he/
she continues to provide strategic insights to develop
informated business strategies. The CIO is a strong
equal-value partner with information-savvy business
executives who influences the business strategy
while supporting the business with reliable and
cost-effective IT resources and services.13 The CIO
favors decision-making based on consultation with
other senior managers.14 The CIO’s performance is
evaluated not only on delivery of IT practices but also
on the other two dimensions of IO, helping to create a
strong information culture of effective information use
driving strategy execution.

In CEMEX, both the CEO and the two consecutive
CIOs recognized the value of information and
information practices in continuously improving
business processes and they acted as strategic partners
12 See: Lewin, K. and Lippitt, R. “An Experimental Approach to the
Study of Autocracy and Democracy: A Preliminary Note,” Sociometry
(1), 1938, pp. 292-300.
13 Marchand, D. A. “The Chief Information Officer—Achieving
Credibility, Relevance & Business Impact,” in Leading in the Top
Team: The CXO Challenges, ed. Preston, B., Cambridge University
Press, 2008, pp. 204-222.
14 See: Yukl, G. A. Leadership in Organizations, 2nd ed., Prentice-
Hall, 1989.

in enhancing the company’s IO. The CIOs not only
led the IT organization in delivering reliable and
cost-effective IT services to support the company’s
domestic growth and international expansion, but
also used their business insights to act as key leaders
in improving the information culture in support of
business process improvements and post-merger
integration. Through advocacy and dialogue with
the business executive team, both CIOs pushed for
process standardization and information-driven
personal responsibility and control to effect their
business strategies and were recognized as partners for
doing so. The CEMEX case is described in the panel
below.

IO Initiative Led by the CIO
This IO leadership approach is the lower right
quadrant of Figure 1. It applies where the CIO
recognizes the value of IO but business executives
do not, which requires the CIO to garner support for
IO initiatives by communicating a vision for how IO
can contribute to business strategies and outlining an
evolutionary path to developing IO. The CIO acts as a
Transformational Leader who:

● Has a strong information mindset
● Raises business managers’ level of

consciousness about the importance of
developing IO

Figure 1: Leadership Positions in Driving Information Orientation in Case Companies

Leadership of CIO in Driving
Information Orientation

Leadership
of Business
Executives
in Driving

Information
Orientation

162 MIS Quarterly Executive Vol. 10 No. 4 / Dec 2011 © 2011 University of Minnesota

Kettinger et al. / CIO and Business Executive Leadership Approaches to Establishing Company-Wide Information Orientation

CEMEX: Business Executive and CIO Partnership Leading the IO Initiative
Headquartered in Monterrey, Mexico, CEMEX is a leading global building-materials company that produces,
distributes and sells cement, ready-mix concrete, aggregates and other construction materials. Its business
strategies and information orientation have been strongly influenced by CEO Lorenzo Zambrano in partnership
with two consecutive CIOs and his senior business executive team.

CEMEX can best be categorized as following a control strategic focus, which is manifested by senior managers’
continuous efforts to increase efficiency and standardization to produce growth from the company’s existing
portfolio of products and through mergers and acquisitions. Reflective of the control orientation is senior
managers’ intense focus on process. Zambrano remarked:

“…CEMEX is committed to a continuous improvement process that produces a constant increase in
productivity and efficiency … CEMEX has implemented capital allocation and capital budgeting processes that
are designed to assure the most efficient allocation of our investment dollars.”

15

From the beginning of his tenure as CEO, Zambrano recognized the value of information to his business, first as
a necessity in competing domestically in Mexico and then as the key differentiator in competing internationally.
He said:

“Information is your ally: you use it to detect quicker and get better faster, or [to] determine who is better
and then you go and find out why. As we grow, we clearly need more information. I must admit that I want the
information for myself. We want to keep innovating … but we want to have that under control.”

Former CIO Gelacio Iniguez also recognized the importance of people’s beliefs about information and
information-use behavior. Instead of overly focusing on IT practices, he emphasized the need to change
people’s mindset about information:

“I personally don’t like to talk about technical issues … I spent three years studying different philosophies of
human behavior and have worked very hard to incorporate these philosophies into the CEMEX culture … My
role is to constantly challenge people in the businesses, to change their mindset, to help them think about things
differently.”

Prior to 2000, the partnership between Zambrano and Iniguez focused on developing infrastructure in support
of CEMEX’s control-oriented strategy. Based on a shared vision for strong information-usage behaviors and
values, they improved the information practices adopted by the company’s employees and managers. With the
infrastructure in place and the information culture established, Iniguez turned over the CIO reins to José Luis
Luna. Both Luna and Zambrano continued emphasizing the need to further improve CEMEX’s information
practices and information culture:

“We were a group of people within CEMEX driven by a vision of changing the culture and organization of the
company.” José Luis Luna, CIO, CEMEX

The business executive team and Luna continued advancing their informated strategic focus through
business process standardization and improving employees’ information-usage effectiveness, symbolically
communicated as the “CEMEX Way.” Luna acted as a strategic partner who not only delivered reliable IT
services but also used his business knowledge and strategic insight to actively promote the standardization
of information systems and business processes in post-merger integrations. For example, in 2004, CEMEX
announced its intention to acquire RMC group, the world’s largest ready-mix concrete producer with sites
spread across many countries. In parallel with the organizational post-merger integration process, Luna and the
rest of the IT organization played a key role in the CEMEX Way integration. Luna recalled a meeting he had
with Zambrano and the Executive Committee in November 2004:

15

15 Zambrano, L., Transcript from the Annual Analyst and Investor
Meeting, July 1, 2004, p. 8.

© 2011 University of Minnesota MIS Quarterly Executive Vol. 10 No. 4 / Dec 2011 163

CIO and Business Executive Leadership Approaches to Establishing Company-Wide Information Orientation

● Has a clear vision about informated business
strategies that inspires business managers

● Engages in information-related conversations
that intellectually stimulate business managers

● Empowers business managers to accomplish
more than what is usually expected of them.16

As a Transformational Leader in building IO in the
organization, the CIO is aware of the risks involved,
and not only clearly conveys that his/her vision for IO
grows out of the needs of the company but also strives
to establish an emotional commitment to achieving IO
among business managers.17

The Group CIO at European Specialty Chemical
Company recognized that the firm’s opportunity-
oriented strategy that focused on fulfilling customer
needs for innovative products used a “pull” approach
and identified the critical role of IO in achieving this
strategic focus. Because business executives initially
did not recognize the value of IO, he acted as a
Transformational Leader in improving the company’s
IO in support of its business strategy. In order to
communicate his vision about IO and garner support
for it, he invited external consultants to provide
training workshops to senior managers and business
unit (BU) managers to build information awareness

16 See: Bass, B. M. Leadership and Performance Beyond
Expectations, Free Press, 1985.
17 See: Bennis, W. G. and Nanus, B. Leaders: The Strategies for
Taking Charge, Harper & Row, 1985.

and outline the evolutionary path to improve the
company’s information capabilities.

Stimulated by the workshop discussions and inspired
by the Group CIO’s vision, the management team of
one BU stepped up and took the lead in formulating
and implementing the IO initiatives in support of the
BU’s customer-centric innovation strategy. The Group
CIO, hoping to achieve transformational change in the
company’s IO mindset, willingly gave up ownership
of the project so he could secure this BU’s total
commitment.

By demonstrating the business value of IO in this
“pioneer” BU to the Corporate Group Level senior
executives, the Group CIO emerged as a stronger
business partner in the eyes of his corporate senior
executive colleagues. The success of the pioneer
BU’s informating initiatives provided a best practice
example for the other BUs to learn from and emulate,
gradually diffusing the IO concept throughout the
group. Moreover, the pioneer BU was cited as
a significant factor in the friendly acquisition of
European Specialty Chemical Company. The full case
study is described in the panel below.

IO Initiative Led by Business Executives
The upper left quadrant of Figure 1 is the case where
business executives recognize the value of IO but the
CIO does not. This can occur in one of two ways.
Either business executives initiate efforts to build

CEMEX: Business Executive and CIO Partnership Leading the IO Initiative CEMEX (cont.)
“I proposed to the Executive Committee that we take some countries in the European RMC operations and start
our learning, because we needed to understand how to implement the CEMEX Way on this new platform.”

Luna and a core group of CEMEX Way experts undertook a multi-country campaign and had conversations
with RMC business managers and employees to incorporate their European operational best practices into
the CEMEX Way while also selling their information culture and business model to often apprehensive RMC
employees. With the business insights generated from this post-merger integration campaign, Luna and his
team advocated a new business process governance model for all of CEMEX that would speed up corporate-
wide innovation, gain further enterprise-wide control through standards and common information culture, and
enhance mergers and acquisitions best practice. This further moved Luna’s reputation beyond that of a CIO to
that of a business leader effecting a control strategy.

Driven by a strong information orientation, CEMEX business executives and the successive CIOs developed
a global technology infrastructure, and a culture of information sharing, transparency and self-control.
Improved information capabilities enabled senior executives to not only continue pursuing business process
standardization using best practices but also explore business opportunities through selective and deliberate
international acquisitions. Today, CEMEX is one of the world’s largest building supplies companies, with
annual sales of approximately $14 billion and employing more than 40,000 people in about 50 countries.
CEMEX continues to mount IT-embedding initiatives to get the most out of its employees, increase information
transparency and focus on global business process best practices.

164 MIS Quarterly Executive Vol. 10 No. 4 / Dec 2011 © 2011 University of Minnesota

Kettinger et al. / CIO and Business Executive Leadership Approaches to Establishing Company-Wide Information Orientation

European Specialty Chemical Company: CIO Leading the IO Initiative
Through more than 30 acquisitions and divestitures in the previous 10 years, European Specialty Chemical
Company (ESCC) had transformed itself from a commodity bulk chemical company into a specialty chemical
company targeting innovative products for customers. The corporation had 20 business units (BUs) of varying
sizes, innovation levels and profitability. The company prides itself on its ability to sense customers’ needs and
co-create innovative products that met specialized demands across the 20 BUs:

“We are on a journey, but we are like 20 different ships [20 BUs] going at different speeds to our destination.
Yes, we have made progress to acquire a portfolio of innovative product based companies, but we are quite
diverse and decentralized. We have “speed boats” growing and innovating with customers for value-based
pricing, and we have “tankers” still pushing more traditional products based on volume and price to business
customers with low understanding and expectations of what we can do for them to make them more innovative
and profitable in the use of our products.” ESCC Group Board Member

The Corporate Group Level CIO had corporate-wide responsibility for IT and information capability leadership
but had to work within a decentralized structure where individual BUs’ CIOs and business executives had
influence and autonomy. The Corporate Group Level CIO recognized that deployment of IT without an equal
focus on how people use information in business transactions and decision making would not lead his company
to optimize business performance. He believed that linking senior managers’ opportunity-seeking business
strategy with an appropriate focus on improving the firm’s IO was critical to achieving performance impacts.
Specifically, he believed that the company should move beyond merely IT infrastructure standardization to
improved information usage for product and service innovation, as well as to accurate and timely information
flows in value chain operations from R&D through to sales. The problem he faced was that few executives
shared his vision. Although the Corporate Group Level executive team recognized the need for possible
standardization and IT cost efficiencies, there was little initial recognition for the need to build a strong
information orientation in support of the company’s strategy.

As an initial move to gain the confidence of the Corporate Group Level executive team and to achieve greater
group synergies in a decentralized environment, the Corporate Group Level CIO convinced the group board
that the company needed to first focus on IT standardization, reducing total costs of the IT infrastructure and
investing in more customer-centric IT. The latter included, for example, CRM systems to gain better market
intelligence in the chemical compound and scientific research communities. To support these aims, the CIO
focused on ensuring that BUs ran the necessary IT with high levels of reliability while freeing capital resources
for them to engage in deploying competitive IT applications in line with their transition to a more customer-
centric innovation strategy. These initial efforts realized cost savings across the entire company and led to better
conformance by the fleet of different BUs.

Next, the CIO determined he needed BU involvement in and eventually ownership of IO initiatives because the
BUs possessed the customer relationships and had the unique insight on how information could best add value
to each BU’s unique customer niches. He needed to get buy-in from BU managers and to reduce the potential
perceptions of “a zero sum game” among the 20 BUs concerning corporate-wide IO development. To achieve
this, he launched an educational program with the help of a European executive development institute. This
program involved all senior BU managers (business and IT) and focused on how IO with a strong information
culture can enhance BUs’ business strategies. This program also enabled the CIO to identify one particularly
high performing BU—the Automotive Chemicals (AC) BU—whose management team stepped up and wanted
to better implement a customer-centric business strategy through the deployment of IT and use of information.

While inspiring, nurturing and supporting this “pioneer” BU in developing its IO, the Corporate Group Level
CIO decided that a more successful leadership strategy might be to let the BU management team take the lead
in formulating and implementing the initiatives and take complete ownership for IO in their BU.

The AC BU had invested in CRM tools and databases to enhance sharing of customer and product knowledge
between the sales, marketing, development and research functions. However, the BU’s president realized that
the deployment of CRM, ERP and business intelligence tools alone would not make people share and use
information effectively. As he put it:

© 2011 University of Minnesota MIS Quarterly Executive Vol. 10 No. 4 / Dec 2011 165

CIO and Business Executive Leadership Approaches to Establishing Company-Wide Information Orientation

IO in support of the business strategy on their own
without the counsel of the CIO, or business executives
initially offer the CIO the opportunity to participate
as a strategic partner but the CIO cannot break out
of his/her comfort zone and sits back in the hope of
continuing to run IT as a utility, leaving information
usage and culture to the general business managers.
In either case, a CIO who wants to catch up with
IO-enlightened senior executives will likely adopt a
Servant Leadership approach where he/she faithfully
delivers on the strategic requests in an incremental
fashion over time to win legitimacy from the business
leaders. Such a CIO must emerge as a leader by
becoming a servant, eschewing all credit for his/
her efforts for the good of the cause—the focus is
on leadership by meeting the needs of others first.18
Essentially, the CIO needs to build a reputation as a
valued manager of IT resources and operations, who
executes flawlessly and makes small but important
contributions toward building IO in support of
the business strategy. Over time as the CIO builds
credibility and relevance, he/she may be invited more
often to participate as a business leader in driving IO
initiatives.

18 See: Greenleaf, R. K. Servant Leadership: A Journey into the
Nature of Legitimate Power and Greatness, Paulist Press, 1977.

This IO leadership approach is illustrated by the
Citigroup CEEMEA Sales and Trading Unit case.
Senior business executives, led by the managing
director, acted as the spearheads leading the
improvement of IO throughout the unit. The head
of the unit’s IT group was late to the game, so he
adopted a servant’s posture, always demonstrating a
good corporate citizenship style and fully supporting
the strategic requests from the business executive
team to improve IO. With the IT group successfully
implementing key IT applications over time, the
leadership team helped establish assessment tools to
monitor and reward employees for their knowledge
contributions as well as encouraged the recruitment
and hiring of information-centric and team-oriented
individuals. The unit’s IT group CIO hoped that by
demonstrating strong servant leadership through high
quality IT delivery, he might be invited more often
to the “top table” and make contributions that would
support IO development and ultimately support the
unit’s business strategy. The full Citigroup CEEMEA
Sales and Trading Unit case is described in the panel
below.

IO Leadership Void

The lower left quadrant of Figure 1 describes
the situation where neither the CIO nor business

European Specialty Chemical Company (cont.)
“We have an information-usage gap not only within functions likes sales and marketing, but also across
functions as well.”

The AC BU CIO developed an action plan for enhancing the use of the information in the CRM database and
making it more useable for primary business users in sales, marketing and product development. Another
team focused on improving information behaviors and information management practices in the BU. This
team developed a new code of conduct for information use, a “CRM Cockpit” to enhance use and training
in handling customer information, and an IO scorecard that would measure information-related performance
and link IO efforts to specific business practices supporting the opportunity-seeking strategy. In the process of
implementing all IO initiatives, the BU president and BU Management Board held themselves accountable for
progress and made sure that the IO improvements were linked to business practices that improved customer
focus, innovation and delivery of new products.

In 2007, ESCC was the target of a friendly acquisition by a natural resources company based in ESCC’s home
country. ESCC’s senior executives recognized the IO success of the AC “pioneer” BU. To make ESCC a
more attractive target for the acquisition, they therefore gave the Corporate Group Level CIO the go ahead to
implement a group-wide IT strategy to standardize infrastructure and major applications. He was also asked
to prepare group managers for improving information management practices through an IO initiative in all 19
remaining BUs.

In response to the AC IO improvement initiatives and the superior performance results, several other BUs
quickly moved ahead with their own IO improvement programs. In 2008, the AC BU was cited by the acquiring
firm as the most successful, growth-oriented and innovative unit among the 20 BUs and as a significant factor
in the acquisition.

166 MIS Quarterly Executive Vol. 10 No. 4 / Dec 2011 © 2011 University of Minnesota

Kettinger et al. / CIO and Business Executive Leadership Approaches to Establishing Company-Wide Information Orientation

Citigroup CEEMEA Sales and Trading Unit: Business Executives Leading IO Initiatives
The CEEMEA [Central and Eastern Europe, Middle East and Africa] Sales and Trading Unit at Citigroup
generates revenue from two sources: (1) trading financial instruments and (2) spread revenue, providing
customers with hedges for their exposures. The CEEMEA region covers 31 countries that are diverse in size,
geographies, languages, religions, culture, risk, financial market development, regulatory regime and corporate
governance.

On his appointment, the CEEMEA Sales and Trading Unit Manager Director, Suneel Bakhshi, found that
country organizations were managed in a decentralized way and were only loosely linked to the central trading
hub in London. Bakhshi identified the need to pursue a people-oriented business strategy and develop a new
business model with much stronger relationships between the London hub and the country organizations so
that customer and risk information could be shared throughout the region. Bakhshi understood that people and
information were crucial for the unit’s success as the unit depended on the knowledge of individual traders,
who used their financial expertise to develop creative financial products tailored to the local risk environment.
The unit’s products and services are information based; traders need to have smart trading ideas and real-time
information about changes in the market environments. As Bakhshi put it,

“Infocentricity [IO] cannot be compromised. I can negotiate on other things. But not this one!”

Bakhshi took the leadership role in forming a new, information-centric business executive team, successfully
diffusing the concept of IO throughout the unit, and undertaking a strategic intervention that focused on
improving the unit’s IO (Bakhshi used the term Infocentricity). Driven by the recognition that he needed to
extract the tacit knowledge of his star traders, he instituted an IO improvement initiative driven initially by
business executives, without the strategic involvement of IT or a CIO. His business management team initially
relied on the unit’s functional/systems skills and outsourcing, and Citigroup’s corporate IT back office to
develop the necessary IT platform support. To encourage information behavioral changes, Bakhshi used his
business management team to develop a unit-wide IO scorecard with specific measures of how information was
being sensed, shared and used at the individual, team and organization levels. Incentives and bonuses were put
in place to reward traders for information entered into the system that resulted in sales by other traders.

Once these IO initiatives were well under way, Bakhshi appointed Umesh Jagtiani as regional head of the
eCommerce unit because of his business background, a similar Infocentricity mindset and his outsourcing
skills, which were needed to further improve and institutionalize the IT practices in support of the IO
initiatives. Jagtiani recognized that he had been late coming into the game and was not empowered with high
level leadership authority for the IO initiative. He was appointed to ensure that he successfully facilitated the
implementation of several IT applications and their roll-outs. His attitude was that if the business executive
team wanted to roll out the applications incrementally in the various countries in the CEEMEA region, he
would do exactly what the executive team asked him to do. He did not try to pretend that he knew better than
the business executives how to implement IT.

In addition to rolling out Treasury products to clients, Jagtiani and his IT team helped build a robust intranet
platform for reporting, risk and credit management, trading information flow management and a fully
functional client relationship management application. The change management strategy Jagtiani followed
comprised improving IO in terms of operating culture and behaviors, the scorecards and other IO initiatives
that were identified by the business executive team. Over time, he built a reputation for providing successful
and reliable IT services to the unit and for fulfilling the business needs and strategic requests. As he delivered
IT applications and services with great care, he gradually began to convey messages about good information
behavior to signal to the entire organization that he possessed a similar IO mindset as the remainder of the
executive team and regional business managers. For example, he stated:

“In the past, traders saw information as proprietary … Today, this information is no longer ‘personally’ owned.
A culture of transparency has transformed the way business is managed. Both good and bad results are shared
within the team, and overall, the impact on business has been extremely positive.”

© 2011 University of Minnesota MIS Quarterly Executive Vol. 10 No. 4 / Dec 2011 167

CIO and Business Executive Leadership Approaches to Establishing Company-Wide Information Orientation

executives recognize the value of IO. Because neither
is willing to take a leadership position in driving the
development of IO, the company will probably fail,
given the criticality of information in today’s digital
world. Hopefully, in this situation and before the
firm faces serious financial distress, the oversight
stakeholders will step in and replace both the business
and IT executives with a management team that
shares a mindset about the role of IO in support of the
business strategy and is capable of delivering value.
This requires decisive leadership at a stakeholder
level.

The European Retail Bank case (see panel below)
demonstrates the consequence of an IO leadership
void. After acquiring one of its largest competitors
without conducting sufficient IT or informational due
diligence, ERB’s senior management team focused
on cutting operational costs instead of growing the
business. This cost cutting disregarded the importance
of integrated information for effective operations
and customer service. Due to a bureaucratic cultural
mentality, business executives and the CIO were
both occupied with several initiatives and did not
recognize the value of improving the merged firm’s
IO to support the business strategy. After the merger,
ERB continued to shift between growth strategies
and cost-efficiency control strategies; there was
an “information void” in the mindsets of business
managers and the CIO. The lack of recognition of the
value of IO and the lack of leadership in developing
IO from both the IT and business sides led to poor
business performance, which eventually caused the
group board of the holding company to step in and
replace the entire senior management team, including
the CIO.

CIO GUIDELINES FOR CHOOSING
AN IO LEADERSHIP APPROACH
In many companies, because of the different views,
experiences and mindsets among senior management

team members, CIOs can adopt different IO leadership
approaches depending on the specific situations they
are in relative to business executives. To help CIOs
position themselves in relation to business executives
and identify which approach to adopt to improve the
company’s IO, we offer the following guidelines,
grouped under sensemaking and mapping a course,
and mobilizing.

Guidelines for Sensemaking and
Mapping a Course
1. Assess Where the Company Currently is in Terms
of IO

Before a CIO can position himself/herself in the IO
improvement efforts and decide what to do next, he/
she needs to make sense of “where are we now,”19
focusing especially on the company’s IO capabilities
and their relationship to its business strategies.
Specifically, the CIO needs to:

● Identify how information is embedded in the
way business is done

● Understand the information content and needs
of the various business practices

● Assess how information is being used and
managed by evaluating a representative cohort
of managers and professionals

● Recognize how improving the company’s IO
can enhance the business strategy.

Furthermore, it is necessary for the CIO to assess the
extent to which business executives recognize the
value of information and information management.
For example, in the ESCC case, the Group Level
CIO saw the potential for using information to drive
innovation and co-created customer responses, but the
Group Level business executives initially viewed IT

19 See: Weick, K., Sutcliffe, K. and Obstfeld, D. “Organizing and
the Process of Sensemaking,” Organization Science (16:4), 2005, pp.
409-421.

Citigroup CEEMEA Sales and Trading Unit (cont.)
Reflective of his continued deferential Servant Leadership approach, Jagtiani credited Bakhshi:

“The reason why the idea of improving information management and use didn’t go away is because Bakhshi
continuously drove it with a passion.”

Within three years, the IO initiatives to support the unit’s people-oriented business strategy boosted the unit’s
business performance in several ways. Earnings before interest and taxes doubled, revenue increased by 57%
and profit increased by 106%. The unit won several Euro-Money awards, including best emerging market
currencies and best at risk management.

168 MIS Quarterly Executive Vol. 10 No. 4 / Dec 2011 © 2011 University of Minnesota

Kettinger et al. / CIO and Business Executive Leadership Approaches to Establishing Company-Wide Information Orientation

European Retail Bank: IO Leadership Void Leads to Failure
European Retail Bank (ERB) was an established national bank operating in a Western European country within
a mature banking market. The bank had over 1,300 branches and operated nearly 700 ATMs. In terms of assets,
the bank was second in the country and comprised 14% of the overall banking group’s assets. ERB’s senior
business executives decided to expand its capital assets, customer base and volume of transactions by acquiring
another large retail bank in the same country and becoming the largest retail bank in the country.

To achieve the integration of the two merged banks, ERB’s senior business executives decided to first focus on
restructuring, capturing cost synergies and streamlining operations between the two merged banks. However,
neither IT nor a CIO was actively involved in the pre-merger due-diligence process or consulted in advance on
comprehensive post-merger integration planning. As a result, there was post-merger bureaucratic wrangling
between IT and business people from the two relatively equal merged entities. After two years, the integration
had not progressed, and ERB launched another initiative called VIVA, which had two phases.

In the first phase, the bank focused on further cost-cutting and achieving efficiencies by improving risk and
credit management and hoped to turn the branch and ATM networks of the combined bank into a more efficient
and unified product distribution system. Despite these front-office changes, back-office integration issues
continued to keep ERB from moving into more lucrative customer-centric niches and cross-selling.

A main reason for the unsuccessful back office integration was the lack of information focus throughout ERB
by both the business and the IT sides. Prior to the merger, ERB had been managed with a traditional and strictly
hierarchical information structure and style. The IT organization operated as an IT utility provider. The strong
bureaucratic culture mandated transaction verification and authorization by top management of just about all
business decisions. Such a bureaucratic culture led to a complicated and slow decision-making process in the
management ranks. Employees had a “let’s wait and see” attitude toward customers. Information sharing that
occurred only through traditional reporting was supported by an outdated legacy computer network running
as a cost-based operational utility. The people culture was one of low trust because the authorization process,
coupled with legacy transaction systems and large amounts of internal paperwork, created a climate of
suspicion and doubt about communications up and down the hierarchy.

Due to the lack of an IO mindset, sales activities were product-focused and reactive to customer needs.
Customer segmentation was very simple, almost simplistic. An unfocused customer strategy had resulted in
a complex product line with too many offerings. When a customer visited a branch, the branch representative
could not identify the customer’s profile because the IT system did not provide accurate information on
customer behavior or product portfolios. Customer transaction reports, new customer profiles and asset targets
for relationship managers were only available on a quarterly basis. A centralized customer account system only
recorded sales volumes and customer/sales ratios—useful for senior managers, but not for customer relationship
managers.

The CIO also failed to recognize the importance of developing IO. IT operations focused primarily on
technically unifying the two IT platforms and data centers instead of improving the use and management of
information throughout the now merged branch structure and ATM service network. The acquisition created
considerable challenges for the IT systems in the combined bank. To deal with the merger, the IT organization
attempted to unify two banking systems by cloning ERB’s IBM platform and copying the system of the
acquired bank onto this clone. However, due to the two banks’ different operations and products, the copied
system could not be easily merged. The CIO noted: “Instead of ending up with one merged system, we ended
up with two separate platforms and data centers.” As a result, branch employees had to switch from one system
to the other, depending on which bank the customer had originally opened the account with. When ERB
implemented Internet banking, information sharing was not possible between the Internet banking operations,
with the older ERB IT systems being used while the entire back office was being redesigned for merged
operations. Existing ERB customers could not easily perform Internet banking transactions with their branch
banking. This channel conflict resulted in poor customer service and customer defection.

© 2011 University of Minnesota MIS Quarterly Executive Vol. 10 No. 4 / Dec 2011 169

CIO and Business Executive Leadership Approaches to Establishing Company-Wide Information Orientation

as a utility whose costs needed to be better controlled.
And in the CEMEX case, the former CIO and the
CEO both recognized their company’s weaknesses
and identified a need to use information to establish
a greater reach and range of control by making
information transparent and useful throughout the
company. In both cases, the CIOs made sense of their
unique situation by gaining greater understanding of
how effective management and use of information
could facilitate the business practices and support the
business strategies. It is also important for the CIO
to determine the extent to which business executives
have already initiated IO improvement efforts and
have assumed a leading role.

2. Decide Whether You Want to Be a Leader

The CIO must realize that improving the company’s
IO and leaving a positive information legacy requires
careful planning and execution as well as changing
people’s mindset and behavior throughout the
company. Even though business executives may
recognize that information management capability
plays a key role in their company, it is possible that
improving IO may not rise to the top of their priorities
given other pressing business demands. In such a
situation, a CIO who recognizes the criticality of IO
will need to make a conscious decision on whether
to rise to the occasion and take over the reins of IO
leadership. Taking on the IO leadership role is not fail-
safe and risk-free. The CIO may find it challenging to
break out of his/her technical comfort zone, engage
with general managers on changing the company’s
information culture, and take on responsibilities for
people’s information behaviors and values in business
activities. A lack of perceived control and confidence
in the CIO’s ability to become actively involved in the

business domain often creates inertia that prevents the
CIO from making the move toward leading IO efforts.

Questions that have to be answered include:

● Is the CIO willing to take risks, experiment,
learn from both successes and mistakes and—
more importantly—encourage others to do the
same on an IO improvement journey?

● Is the CIO confident that he/she is capable of
defining an inspiring vision for IO and sharing
it with business executives as well as the rest
of the company?

● Does the CIO believe he/she can build
relationships with and gain commitment from
people throughout the company, especially
from business leaders, and work with them
continuously to overcome the challenges on
the IO journey?

If the answer is yes to these questions, then the CIO
must select an appropriate leadership approach.

3. Select a Leadership Approach

Based on the outcome of the sensemaking activity
(Guideline 1), the CIO can then map his/her
leadership position in our framework (Figure 1).
If the CIO and business executives both recognize
the importance of IO, and are willing to lead their
company on an IO journey but have not initiated
IO efforts, the CIO can adopt the Participative
Leadership approach and become a key player in the
IO initiatives (upper right quadrant of the framework).

If business executives have already recognized the
importance of IO and initiated efforts to improve IO,
but the CIO has not been involved as a key player,

European Retail Bank (cont.)
Three years later, ERB continued to be unprofitable. At this point, senior managers initiated the second phase
of the VIVA program, which focused on enhancing sales effectiveness, developing more targeted product
offers and cross-selling financial products. However, the CIO continued to implement the nitty-gritty changes
in the bank’s workflows and IT systems, creating an “information void” in ERB that would dilute the new
sales, service and customer relations efforts of the business managers and employees. This information void
continued to negatively affect ERB in the next few years. When reflecting on the problems that ERB had
experienced in the VIVA program, ERB’s chief controller summed up:

“Our … system still lacks information about our channels, products and customers—information that is
essential to improving the profitability and effectiveness of our business.”

Five years into the VIVA program, the Group Board of ERB’s holding company had had enough and belatedly
replaced the senior management team, including the CIO, citing a lack of progress in bringing value to the
bank’s shareholders.

170 MIS Quarterly Executive Vol. 10 No. 4 / Dec 2011 © 2011 University of Minnesota

Kettinger et al. / CIO and Business Executive Leadership Approaches to Establishing Company-Wide Information Orientation

the CIO can adopt the Servant Leadership approach
(upper left quadrant of the framework). The lack of
involvement by the CIO may be due either to he/she
being appointed after the IO initiatives are under way
or because he/she cannot break out of the conventional
IT comfort zone to take responsibilities for business
people’s information usage and culture.

If business executives have not recognized the value
of IO and the CIO has the vision to lead the company
along an evolutionary path to develop IO, the CIO
can adopt the Transformational Leadership approach
(lower right quadrant of the framework).

If the IO concept has not gained traction among
business executives and the CIO is content with
only managing IT resources and operations as a
utility, he/she should be forewarned that this could
result in Stakeholder Leadership intervention (lower
left quadrant of the framework). When the current
management team, including the CIO, fails to
recognize the value of IO, this can lead to ineffective
business strategies and unsatisfactory business
performance. In this situation, the entire team is in
danger of being replaced by a new management team
that is willing to develop information capabilities and
an information culture that will support the company’s
business strategy.

Guidelines for Mobilizing Resources for
IO Improvement
Based on the CIO’s leadership positioning relative
to business executives (Guideline 3), the CIO needs
to identify how to effectively mobilize people and
resources toward IO improvement.

4. Mobilizing with the Participative Leadership
Approach

The CIO adopting the Participative Leadership
approach partners with like-minded business
executives, acts as both an IT leader and, more
importantly, as an information-savvy business
leader. As such, the CIO shares the IO leadership
responsibilities, pursues the same strategic direction,
maximizes business and technical synergies, and
improves company/BU performance over time.
The shared information mindset also promotes a
shared commitment to mutual risk taking among the
business executives and the CIO. The CIO needs to
continuously improve the information capabilities
that can enhance business practices by focusing on
all three IO dimensions (IT practices, information

management practices, and people’s information
values and behaviors).

The participative leader also needs to improve
the IT unit’s IO, help IT people develop business
acumen and knowledge, and push for IT personnel
performance evaluations based on the success of both
IO efforts and business execution efforts. In CEMEX,
for example, the CEO and the two successive CIOs
were “on the same page” concerning the value of
information and information practices and the need
to continuously improve business processes. As
information orientation know-how was accumulated
over time, it was institutionalized in waves of
symbolically represented management initiatives
such as the “CEMEX Way” to maintain people’s
enthusiasm for effective information use.

5. Mobilizing with the Servant Leadership Approach

A CIO who adopts the Servant Leadership approach
because he/she was appointed after business
executives have initiated the efforts to improve IO
first needs to demonstrate his/her value to the business
executives as a reliable technology provider. With this
approach, the CIO gains credibility by managing IT
resources and delivering IT services effectively and
efficiently, meeting and exceeding the expectation of
business executives. As the CIO builds a reputation
as a valued IT provider who faithfully delivers on the
strategic requests from business executives, he/she
then builds business credibility by becoming more
knowledgeable about IT-enabled business processes
and the information requirements of business
processes.

A CIO who adopts the Servant Leadership approach
because he/she was initially content with running an
IT utility and could not break out of his/her comfort
zone needs to incrementally develop an information
mindset and gain business knowledge through close
interactions with information-oriented business
people. With this approach, a CIO can over time
demonstrate to business executives his/her acquired
information perspective and strategic business
acumen, gradually developing a shared language and
goals.20

With sufficient credibility and relevance, the CIO
following the Servant Leadership approach will be
invited to the “top table” more often and asked to
deliver innovative business solutions enabled by IO
and eventually be recognized as a genuine player on

20 Preston, D. and Karahanna, E. “How to Develop a Shared Vision:
The Key to IS Strategic Alignment,” MIS Quarterly Executive (8:1),
2009, pp. 1-8.

© 2011 University of Minnesota MIS Quarterly Executive Vol. 10 No. 4 / Dec 2011 171

CIO and Business Executive Leadership Approaches to Establishing Company-Wide Information Orientation

the IO leadership team. For example, in Citigroup’s
CEEMEA Sales and Trading Unit, the regional head
of the eCommerce unit recognized that he had been
late coming to IO activities and did not have sufficient
leadership authority to design the IO initiative. Rather,
he had been appointed to ensure the successful
implementation of IT applications supporting the IO
initiative. However, by conveying that he possessed
a similar belief in the Infocentricity [IO] philosophy
of the CEO and by his deference to the business
executive team taking ownership of his flawlessly
executed information solutions, he hoped to earn a
place on the senior executive team.

6. Mobilizing with the Transformational Leadership
Approach

A CIO who adopts the Transformational Leadership
approach to help business executives develop a shared
information mindset and gain their commitment
in the hope that he/she will establish a partnership
needs to demonstrate the value of IO to the business
executives. The CIO needs to proceed deliberately
at first to prevent or reduce potential resistance from
business executives. He/she may need to communicate
the vision for IO to business managers and help them
identify opportunities for improving both information
capabilities and business performance. One technique
to further this aim is to build a common IO mindset
by launching a company-wide educational program as
well as local evangelizing. Consultants might also be
brought in to conduct benchmarking to shock and/or
cajole business executives to move from their current
position toward an IO mindset.

Next, the CIO needs to identify a subset of the
company (such as a business unit or functional
area) where a strong IO can yield high payoffs. This
pioneer unit is often one of the top-performing units
of the company with a highly motivated management
team eager to achieve even greater success. The
Transformational Leader can build a positive legacy
by delivering high IO value in the pioneer unit. In
the ESCC case, for example, the Group Level CIO
identified such a business unit through his interactions
with BU managers in the IO awareness-building
training programs. This pioneer unit was performing
reasonably well but the unit’s management team
saw the need for richer customer information to be
gained at all touch points so it could co-create unique
specialty chemical products tailored to automotive
customer needs. Subsequently, the Group Level
CIO let the unit’s leadership team take the IO lead
and ownership. Gradually, the success of this unit in
developing IO provided a best practice example, and

the IO concept gained buy-in from more business
executives, eventually spreading throughout the
company.

Summary of IO Leadership Approaches
and Guidelines
Table 2 summarizes the three CIO IO leadership
approaches and the guidelines that CIOs may adopt in
driving information orientation in their companies.

CONCLUDING COMMENTS
To safeguard, expand, or even transform the CIO’s
role in the IT-embedded and information-driven
company, the CIO needs to focus more on the “I” of
“IT” and break out of the comfort zone of running
an IT utility. Our four-quadrant framework helps
CIOs identify their leadership approach to IO efforts
and informs our recommendations for IO leadership
actions. While CIOs need to continue acting as
valued managers of IT resources and operations, they
must also be perceived as in-house experts on how
information is used across their companies’ business
processes.

To lead as the corporate information steward is a
lofty goal and requires a close working relationship
with business managers and employees to learn how
information is embedded in business practices. CIOs
will have to take more responsibility for leading
the information cultural change necessary among
general managers if companies are to achieve
more acute information sensing and widespread
sharing of valuable information. A company’s CIO
must work closely with HR to devise performance
evaluation metrics including IO scorecards that
reward people for effective use and management of
information. A strong information focus and extensive
business knowledge will enable the CIO to identify
opportunities where information management and use
can help improve the company’s strategic focus and
will help the CIO to become a strategic leader.

172 MIS Quarterly Executive Vol. 10 No. 4 / Dec 2011 © 2011 University of Minnesota

Kettinger et al. / CIO and Business Executive Leadership Approaches to Establishing Company-Wide Information Orientation

Table 2. Summary of CIOs’ Leadership Approaches in Driving Information Orientation
CIO’s Leadership
Approach in
Driving IO

Focus Recommendations

Partner with
Business
Executives as
a Participative
Leader

• Understand business executives’
perspectives, strategic focus and the
business practices associated with
the strategic focus through close
collaboration with business executives.

• Clearly understand the information
requirements (e.g., product
information, customer information,
market information) of these business
practices.

• Continuously improve the information
capabilities that can enable business
practices by focusing on all three IO
dimensions (technology, information
management and people’s values and
behaviors).

• Enhance the IO within the IT unit by
educating IT people on the IO concept;
help IT people develop business
acumen and knowledge.

• Push for performance evaluation at all
levels of the company that is based on
both the success of IO efforts and the
success of strategic business efforts.

The CIO should pay particular attention to
people’s information-usage behavior since
putting the technology in place does not
guarantee people will effectively use the
information delivered by the technology. In
collaborations with business managers, the
CIO may focus on:

1. Providing training to business users to
enhance their handling of information

2. Providing activity-based and result-
based coaching and feedback sessions
for people at various levels of the
company

3. Building a strong information culture by
not only making information available
but also holding people accountable for
their information behavior

4. Adopting a scorecard that measures
individual and group information
behavior and performance

5. Building information-usage behavior
into business processes and creating a
standard template for information-usage
behavior.

Lead as a
Transformational
Leader

• Promote the IO concept to business
executives through training programs.

• Help business executives identify
opportunities for improving both
business performance and information
management; prevent or reduce the
perception of improving IO as a zero-
sum game.

• Create and communicate a vision for
IO that emerges from the company’s
needs.

• Identify a subset of the company with
good performance and willing to be
the IO pioneer unit; reach a common
understanding with that unit’s business
leaders.

• Continue to be an IO inspirer and
supporter but hand over the ownership
and leadership of IO efforts to the
pioneer unit’s management team.

The CIO needs to first raise business
executives’ level of IO recognition in a
natural way (e.g., with help from external
parties such as a consulting firm or an
educational institute). Doing this will mean
that business executives perceive the CIO as
trying to help them achieve better business
performance instead of trying to shift power
away from them and toward the CIO.

Once a pioneer unit for the IO initiative has
been identified, the CIO needs to empower
that unit by handing over IO ownership
with little demand for credit. But at the
same time, the CIO has to be aware of the
IO progress in the unit and be willing to
help and support whenever needed.

Throughout the whole process, the CIO
needs to possess self-awareness of his/her
transformational approach and the risks
involved.

© 2011 University of Minnesota MIS Quarterly Executive Vol. 10 No. 4 / Dec 2011 173

CIO and Business Executive Leadership Approaches to Establishing Company-Wide Information Orientation

APPENDIX: RESEARCH
METHODOLOGY
We selected four companies that operate in different
industries. Two (European Specialty Chemical
Company and Citigroup CEEMEA Sales and Trading
Unit) operate in more knowledge-intensive industries
and have a stronger emphasis on people’s knowledge
creation than the other two (CEMEX and European
Retail Bank). All four would benefit from being more
competent in their use of information at all levels of
the company and across processes. In essence, all
the companies could benefit from not only better IT
practices but also better information management
practices and an improved information culture. For
example, in CEMEX (a cement commodity company),
truck drivers, who are not knowledge workers, have
to interact with customers at delivery sites, capturing
their satisfaction information and entering it into an IT
system. This information is in turn used to customize
the next truck driver’s interaction with that customer
to further improve overall customer satisfaction with
the company.

Our research data was collected primarily from in-
depth face-to-face interviews, diagnostic surveys,

action learning and interventions that members of
our research team conducted with over 200 senior
business managers and IT managers from the
four case companies. These managers were asked
about their IO leadership approaches and about the
development of IO that supported their companies’
business strategies. The interviews were conducted
as part of preparing written cases studies for use
as teaching tools and as ad hoc conversations with
executives during and after professional training
workshops and executive education sessions at IMD.
Two members of our research team recorded and
further discussed the key points of these interviews
as they prepared cases and collaborated on research
projects.

ABOUT THE AUTHORS
William J. Kettinger
Bill Kettinger (bill.kettinger@memphis.edu) is
Professor and the FedEx Endowed Chair in MIS at the
Fogelman College of Business and Economics at the
University of Memphis. Kettinger’s focus is practical,
rigorous research appearing in leading journals. He
has received such honors as a Society of Information

Table 2. Summary of CIOs’ Leadership Approaches in Driving Information Orientation (cont.)
CIO’s Leadership
Approach in
Driving IO

Focus Recommendations

Lead as a
Transformational
Leader (cont.)

• Continuously share the IO success
in the pilot unit with the rest of
the company, especially the senior
management team.

• Gain buy-in from more business
executives and gradually initiate IO
efforts in the rest of the company.

Follow as a
Servant Leader

• Manage IT resources and deliver IT
services effectively and efficiently.

• Build reputation as a valued technology
leader.

• Gain knowledge about business
processes and needs.

• Understand the information
requirements of business processes and
decision making.

• Identify opportunities to improve
information capabilities to meet
business needs in support of the
company’s strategy.

The CIO can increase his/her business
acumen and understanding of information
requirements of the business through:

1. Closer interactions with business
managers in IT implementation and
deployment

2. Communicating with business managers
using information terms

3. Attending business seminars and
other training opportunities with an
information focus.

174 MIS Quarterly Executive Vol. 10 No. 4 / Dec 2011 © 2011 University of Minnesota

Kettinger et al. / CIO and Business Executive Leadership Approaches to Establishing Company-Wide Information Orientation

Management’s Best Paper Award, and directed a SIM
APC study of the business drivers of IT value. He
serves on the editorial boards of Information Systems
Research, Journal of the Association of Information
Systems and MIS Quarterly Executive. He consults
with global companies such as enterpriseIQ®, AT&T
and IBM.

Chen Zhang
Chen Zhang (czhang12@memphis.edu) is an assistant
professor of management information systems at
the Fogelman College of Business and Economics at
the University of Memphis. She received her Ph.D.
from Purdue University. Her research focuses on
information management, online information search
behavior, open source software development and open
innovation. Her work has been published in journals
such as Information Systems Research and IEEE
Software.

Donald A. Marchand
Donald Marchand (marchand@imd.ch) is Professor
of Strategy Execution and Information Management
at IMD, Lausanne, Switzerland. He is author or
co-author of eight books, over 140 articles, book
chapters, cases and reports, and advises leading
global companies. Marchand is also Chairman of
enterpriseIQ®, which offers proven metrics of how
effective companies manage and use knowledge,
information and technology. He is former Dean of the
School of Information Studies at Syracuse University.
He earned his Ph.D. and M.A. at UCLA, and B.A. at
UC Berkeley.

Copyright of MIS Quarterly Executive is the property of MIS Quarterly Executive and its content may not be

copied or emailed to multiple sites or posted to a listserv without the copyright holder’s express written

permission. However, users may print, download, or email articles for individual use.

MISQuarterly Executive Vol. 7 No. 2 / Jun 2008 57© 2008 University of Minnesota

CIO Leadership Profiles: Implications of Matching CIO Authority and Leadership Capability on IT Impact

CIO LeadershIp prOfILes: ImpLICatIOns Of
matChIng CIO authOrIty and LeadershIp
CapabILIty On It ImpaCt1

David S. Preston
Texas Christian
University

Dorothy E. Leidner
Baylor University

Daniel Chen
Texas Christian
University

MISQUarterly
Executive

Executive Summary

Ultimately, organizations invest in information technology (IT) initiatives to improve
their level of performance. However, there have been mixed results from the payoff of IT
investments. This article presents evidence that the variation in benefits derived from IT
is in part due to the organization’s CIO leadership profile. This profile is determined by
whether the CIO’s level of strategic decision-making authority is high or low, and whether
his or her strategic leadership capability is high or low. We label the resulting four
CIO leadership profiles: (1) IT Orchestrator, (2) IT Laggard, (3) IT Advisor and (4) IT
Mechanic, and have identified the typical characteristics of CIOs that match each of these
profiles.

Based on empirical data collected from a field study,2 we show that the level of IT
contribution to a firm’s performance varies according to the leadership profile of its
CIO. We show how organizations can assess their current CIO leadership profile and
provide recommendations for CIOs who need to change their CIO profile to best fit their
organization’s goals. Over time, there will be a shift to IT Orchestrators, and CIOs lacking
the necessary characteristics should plan to acquire them.

THE IMPORTANCE OF CIO LEADERSHIP TO THE
MODERN ORGANIZATION
Over the past several decades, information technology (IT) has become essential
for organizations to increase operational efficiency and to obtain strategic success.3
However, many organizations have experienced the “productivity paradox”—
they have not been able to observe business value that is directly linked with their
investments in IT. Savvy organizations have realized that they cannot derive business
value by simply pouring vast sums of money into IT; rather, the strategic leadership of
IT is the key to maximizing its potential benefits.

The chief information officer (CIO) plays a critical role in the ability of an
organization to derive business value from IT. Organizations that view the CIO as a
strategic asset are more likely to create business value through IT and thereby achieve
superior business performance.4

However, not all firms need to include IT as an integral part of their business strategy.
We argue that the impact of IT within an organization depends on the fit between the
CIO and the strategic context of the organization. This article describes four distinct
profiles of CIO leadership. We examine the influence of these four profiles on IT’s

1 Jeanne Ross is the accepting Senior Editor for this article.
2 The authors acknowledge the support of the TCU Office of Research and Sponsored Projects, which provided
a grant for the survey data collection.
3 For more on the critical role of IT in obtaining both efficiencies and strategic success, see Sambamurthy, V.,
Bharadwaj, A., and Grover, V. “Shaping agility through digital options: Reconceptualizing the role of information
technology in contemporary firms,” MIS Quarterly (27:2), 2003, pp. 237-263.
4 For a comprehensive analysis of the organizational views of CIOs and IT performance, see Chatterjee, D.,
Richardson, V. J., and Zmud, R. W. “Examining the shareholder wealth effects of announcements of newly
created CIO positions,” MIS Quarterly (25:1), 2001, pp. 43-70.

MISQE is
Sponsored by

58 MIS Quarterly Executive Vol. 7 No. 2 / Jun 2008 © 2008 University of Minnesota

CIO Leadership Profiles: Implications of Matching CIO Authority and Leadership Capability on IT Impact

contribution to a firm’s performance and then assess
the characteristics of each CIO leadership profile
within organizations. The primary focus of our
research is to enable organizations to understand how
the fit between the CIO and the organizational context
determines the benefits derived from IT. Given the
potential importance of the CIO within the modern
organization, as well as recent attention given to this
topic, our findings provide criteria that enable an
organization to examine its current CIO leadership
profile and balance its return on IT investments.

CLASSIFyING CIO LEADERSHIP
PROFILES
We have classified CIO leadership on two dimensions:

The CIO’s strategic decision-making authority •
within the organization.
The CIO’s strategic leadership capability. •

The Decision-Making Authority
Dimension
CIO strategic decision-making authority is the degree
to which the CIO has the authority to engage in
strategic decision making within the organization.
Strategic decision making is distinguished from
tactical or operational decision making in that it
concerns decisions that will have a significant and
lasting impact on organizational performance.

Given the pervasiveness of IT across functional
groups and the intertwined nature of business and
technology in modern organizations, the CIO should
have the decision-making authority to lead strategic
IT initiatives if IT is to contribute to the success
of the organization. However, despite the strategic
importance of IT, some CIOs are still not granted the
same strategic decision-making authority as other
business executives, and there are large differences in
the strategic decision-making authority of CIOs across
organizations. For instance, Kaarst-Brown5 noted
that “… many IT executives are still not at the table
because they are not viewed equal to their business
peers.” Other researchers have observed that, in
many organizations, the CIO plays a critical role not

5 Insights into the variations in authority given to CIOs across
organizations can be found in Kaarst-Brown, M. L. “Understanding an
organization’s view of the CIO: The role of assumptions about IT,” MIS
Quarterly Executive (4:2), 2005, p. 287.

only in IT strategic planning, but in business strategic
planning as well.6

These disparities in the roles of CIOs across
organizations are supported by the following statement
from a CIO of a major Midwestern university, who
was interviewed as part of our study. He said: “In my
years networking with various executives, I still find
that many firms have completely different views on
the strategic role of the CIO. In some organizations
the purpose of the CIO is purely operational—he is
there to essentially fix the pipes like a plumber. In
other organizations, the CIO is considered to be a true
strategic leader. In many organizations, the CIO may
be stuck somewhere in the middle of this range.”

The Leadership Capability Dimension
CIOs who have the authority to pursue strategic IT
initiatives need to be capable leaders to successfully
execute strategic projects; otherwise, the consequences
for the organization could be problematic. Many
CIOs are generally considered to be competent at
managing the technical aspects of IT, such as keeping
key systems operational; however, many CIOs fail as
strategic leaders.7

This issue is of concern to organizations since
it is through strategic leadership that CIOs can
most significantly influence the impact of IT on
organizational performance. CIOs who are effective
strategic visionaries are well suited to select and
champion strategic initiatives that are designed to
increase organizational performance. On the other
hand, CIOs who are not capable strategic leaders are
likely to have a lower level of influence, or possibly
even a detrimental influence, on the contribution that
IT makes to organizational performance.

The CIO of a large private hospital in our study
supported the importance of a capable IT leader to
the organization. He said, “To truly make an impact,
the CIO must have the ability to personally make
strategic decisions. However, if the CIO does not have

6 Leidner and Mackay found that some CIOs were not only leading
IT strategy, but were also initiating organizational strategy. See Leidner,
D. E., and Mackay, J. M. “How Incoming CIOs Transition into Their
New Jobs,” MIS Quarterly Executive (6:1), 2007, pp. 17-28.
7 To obtain a valid and unbiased assessment of CIOs, it is necessary
to get the viewpoint of business executives, rather than CIOs
themselves. One of the few studies to have done this is Smaltz, D.
H., Sambamurthy, V., and Agarwal, R. “The antecedents of CIO role
effectiveness in organizations: An empirical study in the healthcare
sector,” IEEE Transactions on Engineering Management (53:2), 2006,
pp. 207-222. For an in-depth look at CIOs and why they succeed, or
fail, see Broadbent, M., and Kitzis, E. S. The New CIO Leader, Harvard
Business School Press, 2006.

© 2008 University of Minnesota MIS Quarterly Executive Vol. 7 No. 2 / Jun 2008 59

CIO Leadership Profiles: Implications of Matching CIO Authority and Leadership Capability on IT Impact

the background and experience to support the right
decisions, the results can definitely be harmful.”

The Four CIO Leadership Profiles
Using the two dimensions described above, we
have constructed a 2×2 matrix that identifies four IT
leadership profiles (see Figure 1):

IT Orchestrator (high leadership capability, •
high decision-making authority).
IT Mechanic (low leadership capability, low •
decision-making authority).
IT Advisor (high leadership capability, low •
decision-making authority).
IT Laggard (low leadership capability, high •
decision-making authority).

OvERvIEw OF RESEARCH
METHODOLOGy AND FINDINGS
Our research findings are derived from six semi-
structured interviews with industry CIOs and pairs of
survey responses (one from the CIO and at least one
from a senior business executive) from 174 diverse
organizations from a range of industries. (Fuller details
of the research methodology and respondents are in
the Appendix.8)

8 For further information about this study, please contact David
Preston (d.preston@tcu.edu).

We assigned each of the 174 CIOs to one of the four
CIO leadership profiles.9 The breakdown was as
follows:

IT Orchestrators: 55 (32%)•
IT Laggards: 32 (18%)•
IT Advisors: 31 (18%)•
IT Mechanics: 56 (32%)•

Impact of CIO Leadership Profile on IT
Contribution
For each of the profiles, we assessed the level of IT
contribution to organizational performance by using
various statistical techniques10 to analyze the responses
of the organizations’ CEOs or other top business
executives. We asked these business executives to
assess the extent to which IT had contributed to the
following seven areas of organizational performance:
return on investment, sales revenue increase, market
share increase, cost savings, operating efficiency,
process improvement, and customer satisfaction. For
each area, they rated the IT contribution level on a
scale from 1 (IT contribution is minimal) to 5 (IT has
contributed to a very great extent). Based on these
responses, we averaged the seven components of IT

9 We assigned the 174 CIOs to the four leadership profiles based
on high and low levels (with respect to the average value of the
total sample) of decision-making authority and strategic leadership
capability. We measured CIO decision-making authority as the degree to
which the CIO has the authority to make strategic decisions to meet the
organization’s business needs, taking account of the following issues:
strategic options, strategic actions, courses of action, IT initiatives, and
IT investments. CIO strategic leadership capability was measured as
the degree to which business executives rated the CIO as an effective
strategic leader, a strategic business planner, and a visionary.
10 Statistical analyses included both hierarchical regression and one-
way analysis of variance (ANOVA).

Figure 1: CIO Leadership Profiles

IT OrchestratorIT Advisor

IT Mechanic IT Laggard

CIO Decision-making Authority

CIO
Leadership
Capability

High

Low High

60 MIS Quarterly Executive Vol. 7 No. 2 / Jun 2008 © 2008 University of Minnesota

CIO Leadership Profiles: Implications of Matching CIO Authority and Leadership Capability on IT Impact

contribution for each CIO leadership profile. The
results are shown in Figure 2.

The data in Figure 2 clearly illustrates how the CIO
leadership profile impacts the level of contribution IT
makes to organizational performance. We observed
that the IT contribution level is higher than the overall
average in firms where the CIO is classified as an
IT Orchestrator or IT Advisor and lower than the
average where the CIO is classified as an IT Laggard
or IT Mechanic.11 Firms with IT Orchestrators had
the highest IT contribution level, while those with
IT Mechanics had the lowest IT contribution level.
Our analysis shows that the CIO’s strategic decision-
making authority and leadership capability collectively
have a highly statistically significant impact on the
contribution of IT to an organization’s performance.

Other Factors Differentiating the Four
CIO Leadership Profiles
Previous research has identified several factors that
may help to further explain the differences between
the IT contribution levels associated with each of the
CIO leadership profiles. However, our study found that
a CIO’s age, gender, education level, business and IT
experience, and length of service with the organization
or as its CIO did not vary significantly across the
four leadership profiles. But we did find significant
differences in three factors—CIO attributes, CIO
integration with top management, and organizational

11 The results of our statistical analysis indicate that the IT
contribution levels of each of the four CIO profiles are statistically
different from the average. The IT contribution levels of Orchestrators
and Mechanics were found, respectively, to be significantly higher
and lower than the average (0.01 level of significance via a two-tailed
t-test). Advisors were found to be significantly higher than average
(0.10 level of significance via a one-tailed t-test). Laggards were found
to be significantly lower than average (0.10 level of significance via a
two-tailed t-test).

commitment to IT. The components of each of these
factors are shown in Figure 3. Our study collected
data on these six components so we could identify
the distinguishing characteristics of CIOs in each
leadership profile.

We describe the characteristics of each of the four CIO
leadership profiles below in terms of “low,” “average,”
or “high” ratings for each of these six components.12
CIO knowledge (strategic knowledge and
interpersonal skills) were rated by business executives
on a scale of 1 (low) to 5 (high). CIOs used the same
1 to 5 scale to rate the level of IT resources. Business
executives rated the organization’s strategic IT vision
(the degree to which IT is designed to transform the
organization) on a scale of 1 to 3, where 1 equates to
an “automative” vision, 2 equates to an “informative”
vision, and 3 equates to a “transformative” vision.13

We found that four of these six components (the CIO’s
strategic knowledge, the CIO’s interpersonal skills, the
CIO’s membership of the top management team, and
the organization’s strategic IT vision) directly influence
the level of IT contribution within the organization.

12 We tested the value of each component for each profile versus the
average values across all CIOs via an ANOVA test. In our statistical
analysis, profiles that had a component value significantly below
or above the overall average were designated as “low” and “high,”
respectively. Profiles with characteristics that were not significantly
different from the overall average were designated as “average.”
13 At one extreme, some organizations espouse an automative
vision where the role of IT focuses on replacing human labor and
reducing operational costs. At the other extreme, some organizations
espouse a transformative vision where the role of IT is to transform
the organization through new products or business strategies. And
some firms may have an informative vision, which can be considered
as an intermediate level of transformation, where the role of IT is to
provide information to key decision makers and employees. For more
information, see Schein, E. H. “The role of the CEO in the management
of change: The case of information technology” in Kochan, T. A., and
Useem, M. (eds.) Transforming Organizations, Oxford University
Press, 1992.

Figure 2: CIO Leadership Profiles and IT Contribution

CIO Leadership Profile
IT Contribution Level
(1 = Low; 5 = High)

IT Orchestrator 3.54

IT Advisor 3.26

IT Laggard 2.81

IT Mechanic 2.49

Overall Average 3.05

© 2008 University of Minnesota MIS Quarterly Executive Vol. 7 No. 2 / Jun 2008 61

CIO Leadership Profiles: Implications of Matching CIO Authority and Leadership Capability on IT Impact

Because of this, we pay particular attention to these
four components in the following descriptions of
each of the four CIO leadership profiles. For each
profile, we also provide an illustrative example of a
CIO we encountered in our research who fits into that
classification.

PROFILE OF THE IT
ORCHESTRATOR
In our study, 32 per cent of CIOs were classified as IT
Orchestrators. This type of CIO is an effective strategic
leader who is granted a great deal of freedom in
making strategic decisions. Such a CIO is empowered
to influence organizational outcomes. We summarize
the defining characteristics of IT Orchestrator CIOs in
Figure 4.

The knowledge level and interpersonal attributes of IT
Orchestrators are considerably higher than the overall
average in our sample. Also, more of these CIOs report
directly to the CEO and are formal members of the
top management team. IT Orchestrators benefit from

organizational support in the form of higher-than-
average investments in IT. We posit that CIOs who are
IT Orchestrators have the leadership skills that enable
them to secure investments for IT. Alternatively an
organization that invests highly in IT might actively
seek a capable IT leader to handle such strategic
responsibilities. Both explanations are plausible,
and, in fact, some combination of the two may likely
explain the higher-than-average investments in IT in
these firms.

The CIO of a major electronics manufacturer provided
insight into this phenomenon: “I am not exactly sure
of all the aspects that are required to make sure that IT
delivers to the bottom line at the end of day. However,
one thing I do know is that I cannot perform—and as a
result IT cannot deliver—if we [the IT department] are
not provided with the proper funding and staff to get
the job done.”

We also found that not only do firms with IT
Orchestrator CIOs make large investments in IT, they
also generally espouse a vision that IT can strategically
transform the organization. A transformative vision

Figure 3: Factors Differentiating CIO Leadership Profiles

Factor Components
CIO Attributes Strategic IT and business knowledge•

Interpersonal skills (political savvy and •
communication ability)

CIO Integration with Top Management CIO reporting level•
CIO is a member of the top management team •

Organizational Commitment to IT Dedication of resources to IT•
Strategic IT vision•

Figure 4: IT Orchestrator—Summary of Characteristics

CIO Attributes
CIO Integration with

Top Management
IT Commitment

Strategic
Knowledge

(1-5)

Interpersonal
Skills
(1-5)

Percentage
reporting to

the CEO

Percentage
a member

of top
management

team

IT
Resources

(1-5)

Strategic IT
Vision
(1-3)

IT
Orchestrator

High
(4.10)

High
(4.40)

High
(60%)

High
(89%)

High
(3.90)

High (2.12)

Overall
Average

3.53 3.87 47% 77% 3.54 1.93

62 MIS Quarterly Executive Vol. 7 No. 2 / Jun 2008 © 2008 University of Minnesota

CIO Leadership Profiles: Implications of Matching CIO Authority and Leadership Capability on IT Impact

is consistent with high IT investment levels, and
such firms may be ill-served without a CIO with
the requisite strategic knowledge and interpersonal
skills. However, it has been noted that CIOs with
these attributes are in short supply. To maximize
the impact on IT performance, such firms should
employ a strategically capable CIO who is a formal
member of the top management team and promote
a transformative IT vision within the organization.
Collectively, these practices can be taxing for the
firm—but there are considerable benefits in terms of
improved organizational performance. As our research
has shown, organizations with an IT Orchestrator CIO
obtain the greatest contribution from IT.

PROFILE OF THE IT MECHANIC
At the other end of the spectrum and in stark contrast
to IT Orchestrators, IT Mechanic CIOs have a low
level of both strategic effectiveness and strategic
decision-making authority. We summarize the defining
characteristics of IT Mechanic CIOs in Figure 5.

In our research, 32 percent of CIOs were classified
as IT Mechanics. These CIOs generally had the

lowest levels of strategic knowledge and weaker
interpersonal skills. In addition, a lower percentage of
these CIOs reported to the CEO than any of the other
types of CIO. The CIO of a non-profit organization
who was interviewed as part of this study noted: “I
can tell you first hand that the reporting level of the
CIO is the indicator that you should look at if you
want to examine if the organization considers IT to be
strategically important. When I was a CIO in industry,
I reported directly to the CEO, which enabled me to
play a key role in the corporate strategy. In my current
position, I report to an underling of the CEO, and I
don’t have the same influence to see that IT helps fuel
the business.”

Also, firms with an IT Mechanic CIO tend to have
an IT vision that is more automation-oriented than
transformative. Based on these collective findings, it
is not surprising that the lowest contribution of IT to
organizational performance was found in firms with IT
Mechanic CIOs. The average IT contribution rating of
2.49 (on a scale of 1 to 5) in these firms indicates that
IT does not contribute appreciably to the performance
of the organization. However, it is important to note
that this low level of IT impact may be consistent with

Illustrative Example of an IT Orchestrator CIO

“Midwestern General Hospital” (MGH) is a large general medical and surgical hospital with approximately
3,000 employees located in an urban center in the Midwestern United States. The contribution of IT to MGH’s
organizational performance was rated very high (4.43), well above the IT Orchestrator average of 3.54. MGH’s
CIO is considered a highly capable strategic leader (4.67) and is granted a high level of decision-making
authority (4.60). All of these ratings are higher than the average ratings for IT Orchestrators, so MGH can be
considered as a highly pronounced example of an organization with an IT Orchestrator CIO.

MGH’s CIO is well suited for this leadership profile. He has a very high level of strategic knowledge and has
developed complementary interpersonal skills. He is highly integrated within the business—he reports directly
to the CEO and is a formal member of the top management team, which enables him to communicate ideas for
strategic planning directly to other senior executives. He indicated that he has forged strong relationships with
other members of the top management team. Such relationships are expected because a strategically capable
and socially adept CIO with formal access to the top management team has the forum and ability to develop a
partnership with the upper echelon of the organization.

We observed that MGH has a strong commitment toward IT since it dedicates a large amount of resources to IT
and promotes a vision that the purpose of IT is to transform its current business processes. We therefore infer
that MGH includes IT as a central part of its strategic mission and expects to yield commensurate benefits from
its investments and organizational efforts to capitalize on IT.

The current CIO appears to be a good fit for MGH’s organizational mission. This capable executive has
been with MGH for 23 years and served as CIO for 18 years. However, MGH should consider grooming a
replacement for this CIO since he is now in his mid-60s and may soon retire. MGH should ensure that the
potential replacement is a strong leader who can meet the expectations for success set by MGH. However, IT
leaders of this caliber are often in short supply.

© 2008 University of Minnesota MIS Quarterly Executive Vol. 7 No. 2 / Jun 2008 63

CIO Leadership Profiles: Implications of Matching CIO Authority and Leadership Capability on IT Impact

the organizational goals of a firm. If a firm constrains
its CIO’s strategic decision-making authority and
employs a CIO with only limited strategic leadership
capability, it is a signal that IT is not viewed as a
strategic enabler within the organization.

In fact, the high percentage of our sample that was
classified as IT Mechanic CIOs may reflect an
intentional decision on the part of top management
teams to limit or neutralize the risk of investing in

IT resources and in developing a strategic CIO. As
expected, the contribution of IT to the performance
of these organizations is not huge. At the same time,
the risk of over-investing in IT with disappointing
benefits is very low. We therefore consider employing
an IT Mechanic CIO to be a risk-averse strategy aimed
at minimizing potential IT investment risks while
maintaining a functioning operational environment.

Figure 5: IT Mechanic—Summary of Characteristics

CIO Attributes
CIO Integration with
Top Management
IT Commitment
Strategic
Knowledge
(1-5)
Interpersonal
Skills
(1-5)

Percentage
reporting

to the CEO

Percentage
a member
of top
management
team
IT
Resources
(1-5)
Strategic IT
Vision
(1-3)

IT
Mechanic

Low
(2.94)

Low
(3.35)

Low
(36%)

Average
(73%)

Average
(3.46)

Low
(1.78)

Overall
Average

3.53 3.87 47% 77% 3.54 1.93

Illustrative Example of an IT Mechanic CIO

“Eastern General Hospital” (EGH) is a large general medical and surgical hospital with approximately
1,900 employees in a suburban setting in the eastern United States. The contribution of IT to organizational
performance was rated as very low (1.81), well below the average of 2.49 for firms with IT Mechanic CIOs.
EGH’s CIO is not considered a capable strategic leader (2.33) and has a low level of decision-making authority
(2.00).

EGH (unlike MGH—another general hospital) emphasizes neither the importance of the CIO position nor a
strategic focus on IT. We observed that the CIO appears to be more characteristic of an operational manager
than a true executive since he is not a formal member of the top management team and reports to the chief
medical officer rather than to the CEO. EGH does not appear to have a strong strategic commitment to IT. Its
vision is for IT to merely automate current operational processes and reduce costs. Therefore IT does not play
a strategic role within EGH. However, it dedicates significant resources to IT, though they are geared toward
operational rather than strategic goals.

The current CIO appears to be an appropriate fit for this managerial role (rather than an executive role) since
he does not have strong strategic knowledge or interpersonal skills. Although he may have strong technical and
managerial skills, he does not have the attributes needed by a transformational leader. However, the EGH’s top
executives appear to be satisfied with their CIO’s current level of productivity and the status quo; the current
CIO has been with EGH for 24 years and has served as CIO for 12 years despite his lack of leadership ability.
His length of tenure in this position indicates that he may also be satisfied within his IT Mechanic role.

The EGH and MGH cases illustrate that organizations in the same business can successfully have CIOs with
different leadership profiles. The important thing is to ensure a good level of fit between the CIO and the
organizational context.

64 MIS Quarterly Executive Vol. 7 No. 2 / Jun 2008 © 2008 University of Minnesota

CIO Leadership Profiles: Implications of Matching CIO Authority and Leadership Capability on IT Impact

PROFILE OF THE IT ADvISOR
Organizations with an IT Advisor CIO (18 per cent
in our study) are of particular interest since they
obtain a moderately high IT contribution but require
fewer resources and less strategic commitment to
IT than firms with an IT Orchestrator CIO. We use
the label “IT Advisor” since this type of CIO has
limited decision-making authority but is a highly
capable leader with vast strategic knowledge who
may be well suited to serve as a strategic advisor to
the top management team on IT issues. Although the
impact of IT in firms with IT Advisor CIOs is lower
than in those with IT Orchestrator CIOs, it is higher
than the overall average and higher than firms with
IT Laggard or IT Mechanic CIOs. Thus even when
the CIO’s strategic decision-making authority is
relatively low, as it is for firms with an IT Advisor
CIO, having a capable leader in the CIO position helps
IT contribute to organizational performance. This
observation underscores the importance of strategic
leadership skills for CIOs. We summarize the defining
characteristics of this type of CIO in Figure 6.

Like IT Orchestrators, business executives consider
IT Advisors to have strategic knowledge and strong
interpersonal skills. However, there are several key
factors that distinguish these two types of CIO. We
observed that IT Advisor CIOs’ integration with top
management and their firms’ IT visions are near the
overall average. In addition, we observed that, even
though firms with IT Advisor CIOs provide the lowest
level of resources to the IT department, they still
obtain a relatively high level of IT impact. Despite
minimizing their IT investment and commitment,
these firms are able to derive organizational benefits
from IT by employing a capable CIO. In essence, their
approach is a “low cost alternative” compared to firms

with IT Orchestrator CIOs, which require substantial
IT investments and dedication to a transformative IT
vision.

PROFILE OF THE IT LAGGARD
Firms with an IT Laggard CIO have a level of IT
contribution that is lower than average but higher than
that of firms with IT Mechanic CIOs. IT Laggards are
the inverse of IT Advisors since they are provided with
a relatively high level of decision-making authority,
but they do not have the requisite leadership skills
to capitalize on the strategic authority provided to
them. We summarize the defining characteristics of IT
Laggard CIOs in Figure 7.

The strategic decision-making authority given to IT
Laggard CIOs suggests that top management has high
expectations for them to derive potential benefits from
IT. However, it is possible that IT Laggards’ leadership
capability is hampered by a fairly conservative IT
vision. Without a more aggressive IT vision, IT
Laggards may be unable to capitalize on their decision-
making authority and are consequently labeled as
incapable leaders. We note that despite firms with IT
laggard CIOs making higher-than-average investments
in IT resources, they do not obtain the same level of
impact as firms with more capable but underfunded IT
Advisor CIOs.

Our analysis showed that the IT contribution in firms
with IT Laggard CIOs was slightly higher than in
those with IT Mechanic CIOs. This finding could
indicate that IT Laggards are able to use some of
their decision-making authority to lead initiatives
that potentially have a moderate strategic impact and
are within the scope of their abilities. It could also

Figure 6: IT Advisor – Summary of Characteristics

CIO Attributes
CIO Integration with
Top Management
IT Commitment
Strategic
Knowledge
(1-5)
Interpersonal
Skills
(1-5)
Percentage
reporting to
the CEO
Percentage
a member
of top
management
team
IT
Resources
(1-5)
Strategic IT
Vision
(1-3)

IT Advisor
High
(4.04)

High
(4.35)

Average
(42%)

Average
(77%)

Low
(3.11)

Average
(1.87)

Overall
Average
3.53 3.87 47% 77% 3.54 1.93

© 2008 University of Minnesota MIS Quarterly Executive Vol. 7 No. 2 / Jun 2008 65

CIO Leadership Profiles: Implications of Matching CIO Authority and Leadership Capability on IT Impact

indicate that Laggards eschew potentially more risky
initiatives that would have greater strategic impact but
are outside of their “strategic comfort zone.” Firms
with IT Laggard CIOs might still target strategic IT
initiatives but more likely under the guidance of the
top management team than the CIO.

THREE KEy LESSONS ON IT
LEADERSHIP
Given that the strategic management of IT continues to
be a key issue for organizations, we summarize three
key lessons based on our findings. We believe that
these lessons provide insights for both IT executives

Illustrative Example of an IT Advisor CIO

“Wholesaler Inc.” is a small to mid-sized wholesaler of recreational goods in the southeast of the United
States, with approximately 200 employees. The contribution of IT to organizational performance was rated as
moderately high (3.3), which is on par with the typical firm with an IT Advisor CIO. Wholesaler Inc.’s CIO
is considered by business executives to be a capable strategic leader (4.33) but is not granted a high level of
decision-making authority (2.60). Both of these ratings are close to the average for IT Advisor CIOs. This CIO
is thus a quintessential IT Advisor—a CIO who is a strong strategic leader but does not have the authority to
make strategic decisions independently.

The CIO’s integration with the top ranks of Wholesaler Inc.’s management is typical of IT Advisors—he
reports directly to the CEO but is not a formal member of the top management team. Wholesaler Inc.’s strategic
IT vision is also typical of firms with IT Advisor CIOs. The most salient characteristic of Wholesaler Inc. is
that it provides a low amount of resources to IT (2.33). This indicates that the firm wishes to minimize its direct
IT investments even though it has a CIO who is a capable strategic leader. The combination of a minimalist
approach from the business side and a strategic CIO means that Wholesaler Inc. is able to obtain a reasonably
high level of IT contribution and a good “bang for the buck” from its IT investments and commitment to IT.
We note that IT investments do not directly influence the contribution of IT on organizational performance;
however, investments in initiatives that are in accordance with organizational objectives may indirectly
influence organizational success.

The CIO indicated that he has formed a very strong partnership with the top management team. This
partnership may enable this knowledgeable and adept CIO to navigate the decision-making environment
dominated by the top management team and act as an advisor for decisions on strategic IT initiatives.

Wholesaler Inc.’s CIO has been in this executive position for only three years. Therefore it is unclear whether
he is content with an advisory role and will stay with the firm in the long run if he is not provided with the
appropriate resources or decision-making authority to enable him to exploit his strategic leadership capabilities.

Figure 7: IT Laggard—Summary of Characteristics

CIO Attributes
CIO Integration with
Top Management
IT Commitment
Strategic
Knowledge
(1-5)
Interpersonal
Skills
(1-5)
Percentage
reporting to
the CEO
Percentage
a member
of top
management
team
IT
Resources
(1-5)
Strategic IT
Vision
(1-3)

IT Laggard
Low
(3.11)

Low
(3.36)

Average
(47%)

Average
(71%)

Average
(3.47)

Average
(1.97)

Overall
Average
3.53 3.87 47% 77% 3.54 1.93

66 MIS Quarterly Executive Vol. 7 No. 2 / Jun 2008 © 2008 University of Minnesota

CIO Leadership Profiles: Implications of Matching CIO Authority and Leadership Capability on IT Impact

and business executives about the role of IT leadership
within the organization.

Lesson 1: Know Thyself
CIOs will benefit from understanding their own
leadership profile. Our findings clearly demonstrate
that IT’s contribution to organizational performance
varies significantly across the four CIO leadership
profiles. CIOs who want to increase the level of IT
contribution to their organizations’ performance
can gain an understanding of how to achieve this by
assessing their current profile.

Although organizations may not officially decree
their CIOs’ level of strategic decision-making
authority, CIOs should assess their level of authority
by evaluating their prior and current experiences
in leading initiatives within their organizations.14
However, CIOs must keep in mind that not all
organizations expect a high level of contribution
from IT. It is therefore also imperative for a CIO to

14 Our survey results found that CIOs and top management team
members have a high degree of agreement on the CIO’s perceived level
of strategic decision-making authority. Therefore CIOs can generally
accurately assess their level of decision-making authority in the
organization.

understand the top management team’s vision for IT. If
that vision is transformative, the organization needs an
IT Orchestrator CIO. If the vision is automative, a CIO
that matches the IT Mechanic profile is appropriate. In
firms where the vision is informative (i.e., the role of
IT is to provide information to key decision-makers)
an IT Advisor CIO will likely be needed.

By understanding his or her current profile, as well
as the profile needed to support the top management
team’s vision for IT, the CIO can make adjustments
to better serve the organization. Note, though,
that the CIO’s leadership ability is based on the
top management team’s perception. The CIO
characteristics most readily changeable and within the
CIO’s control are strategic IT and business knowledge,
and interpersonal skills (i.e., the CIO attributes listed
in Figure 3). CIOs who want—or need—to adjust their
own profile will need to begin with these attributes.

The other CIO characteristics (integration with top
management and organizational commitment to
IT) are generally not under the direct control of the
CIO. However, the CIO can work to influence these
characteristics by forging close relationships with the
top management team, by ensuring that the IT function
is a top performer on service-management metrics, by

Illustrative Example of an IT Laggard CIO

“Parts Manufacturer Inc.” (PMI) is a mid–sized U.S. parts manufacturer for several industry sectors, with
approximately 600 employees. The contribution of IT to organizational performance is moderately low (2.71),
which is on par with the IT Laggard average. Senior executives do not consider the CIO to be a capable
strategic leader (2.67); however, this CIO is granted a high level of strategic decision-making authority (4.30).

This firm has a moderate level of IT commitment since its IT resources and strategic IT vision are on par with
the average of firms with IT Laggard CIOs and with the overall average. In addition, the CIO’s integration with
top management is average since he is not a formal top management team member but does report directly to
the CEO. We observed that PMI’s CIO is in charge of a wide range of strategic decisions for IT; however, he
does not have the strategic knowledge or interpersonal skills necessary for a strategic leader in this position.
This accounts for PMI having a moderately low level of IT contribution, probably due to the relatively
unprepared IT leader acting as the key decision maker within a firm that appears to seek only marginal gains
from IT.

PMI’s CIO indicated that he has a strong partnership with the top management team. Although he has the
authority to make strategic decisions, he may choose to collaborate with top executives who can compensate
for any deficits in his strategic knowledge base. However, the CIO’s weak interpersonal skills may cast doubt
on his assertion that he can foster such a relationship.

PMI provides its CIO with authority that, at present, he may not be equipped to handle. However, we note that
he has been the firm’s CIO for just two years. Perhaps he will acquire greater knowledge and interpersonal
skills should he remain in this role for a longer period. To some degree, strategic knowledge, or the application
of strategic knowledge, is company specific. The CIO’s interpersonal skills may also further develop after he is
able to understand the behavior and goals of PMI’s top management.

© 2008 University of Minnesota MIS Quarterly Executive Vol. 7 No. 2 / Jun 2008 67

CIO Leadership Profiles: Implications of Matching CIO Authority and Leadership Capability on IT Impact

tracking the value of IT projects, and by identifying
projects that have delivered on their business cases.

Lesson 2: The Global Digital Economy
Will Need More IT Orchestrators
Two of the four CIO leadership profiles (IT
Orchestrator and IT Mechanic) have a good match
between the CIO’s strategic decision-making authority
and leadership capability, and two (IT Advisor and
IT Laggard) have a mismatch. IT Orchestrator CIOs
are well suited for organizations that want to be
at the forefront of IT innovation. However, not all
organizations currently believe that an IT Orchestrator
is necessary; an IT Mechanic may be ideal for an
organization that has only limited needs from IT and
wishes to minimize IT costs. On the other hand, there
is untapped potential from IT in organizations with IT
Advisor or IT Laggard CIOs.

Although not all organizations see the need for an IT
Orchestrator, the global digital environment in which
many firms now operate increasingly demands that
IT is used to help them achieve greater innovation
and efficiency. Organizations operating in this
environment will need IT to support their business
strategies and will be best served by IT Orchestrator
CIOs. IT Mechanics, IT Laggards, and IT Advisors
may therefore have to evolve into IT Orchestrators.

Moreover, current IT Orchestrator CIOs who wish
to continue maximizing the potential impact of
IT will need to maintain a high level of decision-
making authority and strategic leadership capability
as the organizational structure and business priorities
change with time. These CIOs need to ensure that
they keep their strategic knowledge base current
and their interpersonal skills polished. Since the top
management team could be continually changing,
the CIO must also consistently work to build and
maintain strong partnerships with these top executives
and develop a uniform agreement that IT is key to the
firm’s business strategy. Therefore IT Orchestrator
CIOs must continually monitor their attributes and
strive to improve them.

All CIOs, regardless of their current leadership
profile, need to be aware that future trends will favor
the appointment of IT Orchestrators. CIOs without
the necessary attributes for the IT Orchestrator
profile should be prepared to adapt (see Lesson 3);
if they don’t, they may find themselves out of a job.
IT Advisors, IT Laggards, and IT Mechanics should
therefore prepare to methodically reshape themselves
as IT Orchestrators.

Lesson 3: IT Advisors, IT Laggards, and
IT Mechanics Can Transition across
Profiles
Actions for IT Advisors. Our research has shown that
an IT Advisor CIO can derive moderately high benefits
from IT with minimal commitment of resources
within an organization that generally has a moderate
strategic IT vision. To transition to the IT Orchestrator
profile, an IT Advisor needs to focus on obtaining
additional funding and strive to instill a vision among
top business executives that transformation through
IT is fundamental to the firm’s corporate strategy. To
gain greater IT commitment from the organization,
an IT Advisor CIO should demonstrate a track record
for IT to the top management team by providing
clear examples of how IT has delivered value to the
business. An IT Advisor with strong interpersonal
skills has the political savvy and communication skills
to formulate and present business cases that show
IT is critical to current and future operations and the
business strategy. Such business cases will increase
the firm’s level of IT commitment and consequently
increase the CIO’s strategic decision-making authority.

Actions for IT Laggards. We found that IT Laggards’
leadership capabilities generally fall short of what’s
needed to achieve the firm’s strategic IT goals. IT
Laggard CIOs should immediately address their
shortcomings and should lobby the top management
team to attend programs that will accelerate their
personal development. These programs might be
advanced business classes (e.g., graduate-level
classes in strategy, finance, etc.) designed to improve
their strategic knowledge, or executive development
programs designed to enhance and refine IT Laggards’
“soft” skills.

Actions for IT Mechanics. IT Mechanics who want to
develop into IT Orchestrators must both improve their
executive attributes and transform their organizations’
view of IT. We recommend that IT Mechanic CIOs
first focus on developing their leadership capabilities
and then subsequently work to extend their decision-
making authority. In essence, we are recommending
that IT Mechanic CIOs first work to transition
themselves into IT Advisors and subsequently work to
transform themselves into IT Orchestrators.

MAKING uSE OF THE CIO
LEADERSHIP PROFILES
The lessons learned from our study provide a lens
through which CIOs and their senior business

68 MIS Quarterly Executive Vol. 7 No. 2 / Jun 2008 © 2008 University of Minnesota

CIO Leadership Profiles: Implications of Matching CIO Authority and Leadership Capability on IT Impact

colleagues can understand their current CIO leadership
profiles. An organization and its CIO can evaluate
the current CIO leadership profile by focusing on
the CIO’s attributes, CIO integration within the
firm, and the organization’s IT commitment. The top
management team can then assess if the profile meets
the firm’s plans to derive benefits from IT. The CIO
can identify shortcomings in his or her own profile
and take steps to remedy them so he or she can better
serve the organization as the need for IT Orchestrators
comes to the fore.

We believe that the profiles developed for this study
and the quantified findings from our research will
enable executives to directly influence the CIO
leadership profile and the contribution made by IT
within their organizations. We also believe that this
study will provide a foundation for future research on
the impact of CIOs on organizational practices and the
bottom line of their firms.

APPENDIx: RESEARCH
METHODOLOGy
To conduct this empirical study, we collected data
in 2006/2007 from CIOs and their corresponding
top business executives via a survey. The CIO is
defined as the highest-ranking IT executive within the
organization. Top business executives included the
organization’s CEO or business executives who are
either formal members of the top management team
or reported directly to the CEO. Business executives
responded to questions on the quality of the CIO’s
leadership capabilities, attributes, the organization’s
strategic IT vision, and IT’s contribution to
organizational performance. CIOs responded to
questions on their integration with top management
and the resources provided to IT. Both the CIO
and matched CEO or other top business executives
responded to questions on the CIO’s strategic decision-
making authority, and the mean responses were used,
after assessing the inter-rater reliability (the degree of
agreement among respondents).

Matched-pair surveys from 174 diverse U.S.-based
organizations within multiple industries were returned,
providing responses from both the CIO and at least
one corresponding top business executive. Among the
174 organizations, 78 (44.8%) were in the healthcare
industry, 18 (10.4%) were in the manufacturing
industry, 16 (9.2%) were in the finance industry, 15
(8.6%) were retailers or wholesalers, 15 (8.6%) were
consulting firms, 8 (4.6%) were in the construction/
real estate development industry, 8 (4.6%) were

educational institutions, and the remaining 16
(9.2%) were from miscellaneous industries. All
the organizations had annual revenue of more than
$650,000, and the average number of employees was
7,643. The average age of the CIOs was 49.6 years,
and average tenure as the firm’s CIO was 8.8 years.
Of the 174 CIOs, 35 (20.1%) were women and 139
(79.9%) were men.

AbOuT THE AuTHORS
David S. Preston
David Preston (d.preston@tcu.edu) is an assistant
professor of information systems at Texas Christian
University, Fort Worth, Texas. He received his Ph.D. in
MIS from the University of Georgia and also holds an
M.B.A. from the University of Georgia and a B.S. and
an M.S. in Engineering from the University of Florida.
His research interests include the role and impact of
the CIO in the organization, IS strategic alignment,
and the impact of IS on organizational performance.
His work has been published or is forthcoming in
Information Systems Research, IEEE Transactions on
Engineering Management, ICIS Proceedings, Journal
of Logistics Information Management, Business
Intelligence Journal, and IS Control Journal.

Dorothy E. Leidner
Dorothy Leidner (dorothy_leidner@baylor.edu) is
the Randall W. and Sandra Ferguson Professor of
Information Systems at Baylor University, Waco,
Texas. She has broad international experience, having
previously served as associate professor at INSEAD,
and as visiting professor at Monterrey Tech University
(ITESM) in Mexico and at the University of Caen,
France. She is also a regular visiting professor
at the University of Mannheim in Germany. She
received her Ph.D. in Information Systems from the
University of Texas at Austin. Her research has been
published in a variety of journals, including MIS
Quarterly, Information Systems Research, Journal of
Management Information Systems, Decision Sciences,
and Organization Science. Leidner received best
paper awards in 1993 from the Hawaii International
Conference on System Sciences, in 1995 from
MIS Quarterly, and in 1999 from the Academy of
Management OCIS division. She is currently serving
as Senior Editor for MIS Quarterly and is on the
editorial board of MIS Quarterly Executive.

Daniel Chen
Daniel Chen (d.chen@tcu.edu) is an assistant professor
of information systems at Texas Christian University,
Fort Worth, Texas. He received his Ph.D. in MIS from

© 2008 University of Minnesota MIS Quarterly Executive Vol. 7 No. 2 / Jun 2008 69

CIO Leadership Profiles: Implications of Matching CIO Authority and Leadership Capability on IT Impact

the University of Georgia and also holds an M.B.A.
degree from Washington University in St. Louis.
Chen’s research interests lie at the interface between
information technology and strategic management. His
primary areas of research are organizational impact of
IT infrastructures, the role and value of IS leadership,
and business value of IT.

BETTER
DECISION RIGHTS

F
or better or worse, the IT
spending boom has ground
to a halt, replaced by a
more sober era where IT
decisions are made with far
greater scrutiny. Once bit-
ten, twice shy is the name
of the game, as CEOs take

more control of IT initiatives and
tighten the purse strings by demanding
greater justification for new initiatives.
This cautious, less trusting environment
has resulted in a credibility gap between
management and IT, with IT staff in the
vulnerable position of feeling expend-

able as long as the outsourcing bug is in
the air. And IT staff frustration is often
compounded as staff members are
blamed for IT decisions made by top
management!
The irony of this scenario is that there

has never been a more important role for
IT in the e-business environment of
today. Integration of IT in internal
processes and external markets is grow-
ing at a furious pace. The stakes for good
communication are high. On one hand
there is an adversarial relationship due to
the credibility gap and the starkly differ-
ent language spoken at the business and

“The perils of screwing up (with technology) are greater every
year, making the stakes for effective communication even higher.”

—STAN LEPEAK, VP OF TECHNOLOGY
RESEARCH SERVICES AT METAGROUP.

FIX IT-BUSINESS
RELATIONSHIPS
THROUGH

80 December 2007/Vol. 50, No. 12 COMMUNICATIONS OF THE ACM

By Varun Grover, Raymond M. Henry,
and Jason B. Thatcher

IT ends. On the other, there is the need
for executive management and the top
IT brass to come together to synchronize
organizational IT with business needs
[1]. A sour relationship between these
groups is not good in an environment
where the downside risks of IT failure
are catastrophic and the upside potential
is often dictated by competitors.
Just how bad is it? We surveyed senior

IT managers in a variety of industries and
focused on some very simple questions:

• Who makes major IT decisions? Who
is held accountable for them?

• Does this affect the relationship of your
group with top management?

In this article, we discuss the concepts of
decision rights and accountability, and the
gap that might sour the relationship
between IT management and top man-
agement.

DECISION RIGHTS AND ACCOUNTABILITY
IT decisions in organizations are made in
a wide variety of areas. Major decision
areas range from those involving IT strat-
egy, or the role of technology in trans-
forming business, to more technical
decisions concerning IT infrastructure.
An appropriate decision-making frame-
work is critical for organizations that want
to effectively manage IT and information
assets. These include not only the hard-
ware and software assets, but the increas-
ingly important data on customers,
suppliers, and business processes. Without
an effective framework that allocates deci-
sion rights to the appropriate people, deci-
sions regarding IT assets will be
conducted in a piecemeal, incomplete, or
sub-optimal manner. Such non-integrated
thinking does not bode well, considering
that IT assets are a collective resource that
leverages the business.
Any decision-making framework must

COMMUNICATIONS OF THE ACM December 2007/Vol. 50, No. 12 81

82 December 2007/Vol. 50, No. 12 COMMUNICATIONS OF THE ACM

also define accountability for IT decisions. Who is
held responsible for decision failure and who gets
credit for success? An IT governance system that cre-
ates a balance between decision rights and account-
ability can promote desirable decision making with
respect to IT assets [4, 12]. A mismatch between the
two can erode relationships and promote ineffective
or inefficient decision making.
The decision rights and accountability framework

for a firm is usually implemented through its struc-
ture, processes, committees, procedures, and incen-
tives. For instance, some firms may treat IS as a
centralized cost center with a fixed budget and
processes that allow IS to only react to user requests.
Such an environment does not promote “out of the
box” thinking for the IT
group. In this environ-
ment, if IT leadership is
held accountable for a lack
of strategic direction or
the inability to respond
nimbly to competitor
moves due to restrictive
legacy systems, there will
be dissonance in the IT
group. Ultimately this dis-
sonance will result in poor
relationships between the
IT group and top manage-
ment. On the other hand,
an aggressive IT group that is allowed to retain deci-
sion rights for major IT decisions and has control
processes in place to measure outcomes promotes
innovative solutions for the business. If the account-
ability systems become overly stifling, however, this
can again create a mismatch.
Figure 1 illustrates the decision rights and account-

ability gaps of IT executives. The top-left-hand cor-
ner is referred to as a technocentric gap, where IT
executives make major decisions but the accountabil-
ity systems are weak. Such environments often result
in overspending on IT that may not yield commen-
surate business benefits. In some cases this could
result in frustration for business groups, ultimately
resulting in a transformation of structures, processes,
or incentives to foster greater accountability [9]. In
other cases business groups are just not motivated to
think through IT decisions. As one CEO com-
mented, “Because the business people are uninter-
ested in information systems, the information systems
people have the power” [7].
The business gap (bottom-right corner of Figure 1)

occurs when major IT decisions are not made by IT
executivs, but business groups are not held account-

able for executive decisions. Business leaders might
ignore potentially valuable technology projects or
suddenly cancel them when they run into difficulties
[6]. Often cost considerations dominate decision
making, and the resulting IT assets are not aligned
with existing competencies. In the case of a large elec-
tronics manufacturer, an executive committee denied
IT’s request for a new scalable platform based upon
an external vendor’s aggressive proposal for cutting
costs through outsourcing. In such situations IT
groups may feel frustrated because they believe their
skills are underutilized and opportunities are being
lost. Frustration could also result from the lack of
control over their asset base, and in some cases their
future viability. Moreover, the blame often falls on IT

when projects run into
difficulties.
The off diagonal boxes

in Figure 1 reflect align-
ment between rights and
accountability. In cases
where both are low, IT
groups are usually not
strategic to the business
and are viewed as admin-
istrative units that service
the information needs of

the firm. The high-high box reflects a strategic norm,
where IT is given the power to make major decisions,
but it is kept in check through control systems that
monitor decision outcomes.

IT EXECUTIVE PERCEPTIONS OF THE GAP
Various organizational forms are used to implement
decision rights and accountability. Some of these are
tacit or cultural, such as the historical notoriety of
the IT group, while others are explicit, such as
incentives, procedures, or committees. However, in
many cases such forms do not keep up with enter-
prise changes and their original intent gets diluted.
Therefore, rather than examining these organiza-
tional forms, we argue that how these forms are
“perceived” by IT executives is what matters. Execu-
tives can best assess whether they feel they have a
balance (no gap), technocentric gap, or business gap
between rights and accountability. Our focus is to
empirically assess these perceptions, and their impli-
cations for the relationship of IT management with
top management.
We surveyed 89 senior IT executives (CIOs or VPs

of IS) across a diverse set of industries (see the side-
bar). After soliciting participation in an ongoing proj-
ect, we requested that they respond to a series of
questions on their perception of decision rights and

High

Low

Low High

Technocentric Gap
• Danger of overspending on IT
• IT assets may not be utilized
for business purposes
• Business group frustration
with IT group

Strategic Norm
Works where IT is viewed as
competent and strategic to
the business

Administrative Norm
Works for organizations
where IT is viewed as a
support function.

Business Gap
• Cost considerations
dominate IT decisions

• IT assets may not utilize
internal competencies
• IT group frustration with
business groups

Decision
Rights

Accountability

Figure 1. IS decision
rights-accountability gap

framework.

accountability as pertaining to major IT decisions in
their organization.

Major IT decisions. A number of typologies have
been proposed to categorize major IT decisions [11].
In this study we use six categories that represent major
IT decisions. These are:

• IT strategic vision. The
strategic role of IS in
the organization.

• IT architecture. How
technical capabilities are
organized for business
needs.

• IT investments. The
amount, type, and pri-
ority of IT investments.

• IT infrastructure. How
IT services are shared.

• Application develop-
ment. Management of
development and
implementation.

• Outsourcing. IT out-
sourcing policy and
management.

We requested that the
respondents assess the
decision rights and
accountability for these
decisions across five distinct groups. The “groups”
include IT management (the respondent’s group),
top management, business units, IT units, and ven-
dors. Decision rights were defined as the extent to
which groups make or have final “say so” over deci-
sions, while accountability for outcomes was defined as
the extent to which groups are held responsible for
the outcome of decisions. Responses were captured
for each group’s role in each decision (in percentage
terms). For instance, decision rights for decisions of
IT strategic vision could be distributed across the
five groups, with the total equaling 100. A respon-
dent could indicate that top management has 50%
of the rights, and IT management has 50% (that is,

decision rights are shared). A similar percentage
response was solicited for accountability of out-
comes.

Quality of relationship. Our particular interest was
in assessing the quality of the relationship between IT
management and top management. This was done
through a series of seven internally consistent ques-

tions that required
responses ranging from
strongly agree to strongly
disagree. Each question
describes an aspect of IT
management’s relationship
with top management
such as effectiveness, level
of cooperation, quality of
decisions, level of conflict,
feeling of partnership, and
satisfaction. After check-
ing statistically for the
internal consistency and
validity of the scale, these
items were aggregated to
form a “quality of relation-
ship” measure.

INTRIGUING PATTERNS
EMERGE FROM FINDINGS
The results on levels of
decision rights and
accountability are illus-
trated in Figures 2 and

3

respectively. The bars rep-

resent the average for the 89 executives surveyed. As
can be seen, major decision rights and accountabil-
ity for IT infrastructure and architecture, arguably
the more technical areas, reside primarily with IT
management or other IT units. Top management,
IT management, and business units tend to share
significant decision rights for IT investment and
strategic vision decisions. IT management and top
management are responsible for outsourcing deci-
sions, while application development is primarily
shared by IT management and the business units.
However, more interesting patterns emerge when

COMMUNICATIONS OF THE ACM December 2007/Vol. 50, No. 12 83

Strategic Vision

Architecture

IT Investment

Infrastructure

Application Development

Outsourcing

0% 20% 40% 60% 80% 100%

VendorsIT UnitsBusiness UnitsTop ManagementIT Management

VendorsIT UnitsBusiness UnitsTop ManagementIT Management
Strategic Vision
Architecture
IT Investment
Infrastructure
Application Development
Outsourcing
0% 20% 40% 60% 80% 100%

Figure 2. Decision rights.

Figure 3. Accountability.

There are a number of solutions to BRIDGE THE BUSINESS GAP,
but a precursor is to recognize that gaps exist.

one looks at the gaps between decision rights and
accountability. Table 1 illustrates these gaps (average
differences), with the negative numbers indicating
where accountability exceeds decision rights. As can
be seen in the column under IT management, all
numbers are negative
indicating that IT man-
agement perceives a busi-
ness gap, where
accountability for major
IT decisions exceeds deci-
sion rights. Table

2

describes this gap as per-
ceived by IT management
and its correlation with
the measure on relation-
ship

quality.

Significant

correlations indicate
where IT management is most sensitive to the per-
ceived gaps, and where these gaps affect the quality of
the relationship with top management. The last col-
umn of the table describes the correlation of top man-
agement’s perceived level of accountability with
relationship quality. Significant correlations here indi-
cate where relationship quality is stronger if top man-
agement takes on greater
accountability for decision out-
comes.
As can be seen from the tables,

some interesting patterns emerge
with respect to the various cate-
gories of major IT decisions.
Good IT governance promotes
desired behavior with respect to
IT deployment. By parceling out
decisions to the right people and
holding them accountable, gover-
nance can promote both empow-
erment and control [11]. However, in addition, we
find that for some decisions, poor governance can
adversely affect the instrumental relationship between
IT and top management. We make four observations
from these results.
First, the higher level strategic vision and IT invest-

ment decisions follow similar patterns. Strategic vision
decisions set the role of IT in the firm, while invest-
ment decisions establish resource commitment, prior-
itization, and the IT portfolio. In both types of
decisions there are large rights-accountability gaps
perceived by IT management, which adversely affect
relationship quality. For these decisions, top manage-
ment might be making unpalatable IT investment
decisions, while leaving IT management accountable
for the success or failure of these decisions. The results

suggest that governance mechanisms that can pro-
mote greater accountability on the part of top man-
agement are particularly useful here. It is not
sufficient to have executive committees with both top
and IT management representation if they are pro-

viding only decision
inputs. The assessment of
decisions should also be
brought within the charter
of such committees or
other governance struc-
tures. One company fol-
lowing an approach of
clearly specifying business-
oriented progress objec-

tives as a part of IT investment decisions was able to
enhance coordination, reduce cost, and improve
capacity [3].
Secondly, we find that more technical IT architec-

ture and infrastructure decisions follow slightly different
patterns. Architecture decisions concern issues of
mapping technical choices to business processes,
while infrastructure decisions involve explicit techni-
cal choices on shared network, Web, and data services
throughout the firm. While the gap is moderate for

both these decisions, its affect on relationship quality
is inconsequential for architecture decisions but
important for infrastructure decisions. Holding top
management more accountable does not help rela-
tionship quality in either case. This indicates that IT
feels that these decisions are outside top manage-
ment’s experience or expertise. IT management
would rather increase its own authority over technical
decisions that have enterprisewide implications.
Increased control over technical infrastructural deci-
sions, where IT management has an integral stake,
will facilitate better relationships with top manage-
ment. Of course, while architecture and infrastruc-
ture boards can be found in companies across a
variety of industries (including Dow Jones, Verizon,
and Hartford), it is critical that they not be comprised
of pure technologists, but have people grounded in
IT, but fluent in business [5].
Thirdly, we observe that IT infrastructure and out-

84 December 2007/Vol. 50, No. 12 COMMUNICATIONS OF THE ACM

Strategic Vision
Architecture
IT Investment
Infrastructure

Application
Development

Outsourcing

-23

-1

0

-2

1

-10

-12

-6

1
3
0
2
0

-1

IT
Management

13

2

19

1

7

7

Top
Management

8

5

4

3
8
2

Business
Units

1
0

-2

4

-3

-2

IT
Units Vendors

Strategic Vision
Architecture
IT Investment
Infrastructure
Application Development
Outsourcing

High (-23)

Medium (-10)

High (-21)

Medium (-10)

Medium (-12)

Low (-6)

Significant

Not Significant

Significant
Significant
Not Significant
Significant
Significant
Not Significant
Significant
Not Significant
Significant

Not Significant

Business Gap
Correlation of Gap with

Relationship Quality
Correlation of Top Management

Accountability with Relationship Quality

Table 1. Decision rights-
accountability gap.

Table 2. Correlations
with relationship

quality.

sourcing decisions follow similar patterns too. In general,
the results suggest lower business gaps, which would
suggest no major governance problem. However, the
gap perceived by IT management has a significant
influence on relationship quality. Situations where top
management makes outsourcing decisions for which
IT groups are held responsible will adversely affect
relationship quality. IT groups are certainly sensitive
concerning decisions regarding infrastructure man-
agement and outsourcing policies because of their
centrality in the provision of IT services. These deci-
sions directly reflect IT’s effectiveness, professional-
ism, and future viability. Rather than top
management taking on more accountability, IT man-

agement would prefer to be a central mediator of
these decisions and take on greater decision rights.
However, it is important that control systems are in
place to monitor IT-centric decisions. For instance, at
Xerox, outsourcing decisions are made by the top IT
manager, with the CEO and CFO providing an infor-
mal network for guidance, support, and counsel [10].
Finally, application development decisions are differ-

ent. These decisions involve development and imple-
mentation of applications. Usually, IT groups and
business units are involved in the development in con-
cert. IT management perceives moderate gaps in deci-
sion rights and accountability that surprisingly have
little adverse effect on the relationship with top man-
agement. However, governance that increases the
accountability of top management helps the relation-
ship. We suspect that development decisions require
coordinating authority in dealing with users of busi-
ness units. Without top management taking on
accountability, IT management is vulnerable to blame
for failures. More complex tripartite governance struc-
tures are necessary. For instance, a large financial ser-

vices firm uses steering committees involving IT man-
agement at the local and enterprise levels and business
unit managers to oversee IT development. Top man-
agement is involved in all major committee decisions.

GOVERNANCE APPROACHES
This study alerts firms to the importance of estab-
lishing a decision rights-accountability framework
for the firm. We focused on one such outcome, the
quality of the relationship between IT management
and top management. While these results focused on
the “biased” view of an IT executive in determining
gaps, we would argue that it is these perceptions that
are the ultimate manifestations of organizational

structures, processes, and incen-
tives. How these are perceived
will directly affect organizational
outcomes.
There are a number of solutions

to bridge the business gap, but a
precursor is to recognize that gaps
exist. After that there are structural,
process, and relationship capabili-
ties that can be implemented [8].
Structural capabilities including
formal positions, committees, and
task forces can be used to design
the appropriate governance frame-
work. Processes (like chargeback,
SLAs, and balanced scorecard) also
offer useful accountability mecha-
nisms. However, most important
are the relationship capabilities that
allow effective joint working rela-
tionships between IT and business
groups.

Some firms set up IT as a cost center, usually
reflecting a utility orientation toward IT. In these sit-
uations major IT decisions are made outside the IT
domain and IT “reacts” to business needs. At the
other extreme, the IT group can be set up as a profit
center with the ability to provide services to the inter-
nal firm or external firms. In the former case, the cou-
pling between the IT group and the firm is tight; in
the latter the relationship is loose, and served by mar-
ket mechanisms. The gap between decision rights and
accountability could be low in both cases as top man-
agement either retains or relinquishes most rights and
accountability for the IT budget.
Most firms, however, operate in some form of a

partnership mode, where various groups work
together through governance mechanisms like struc-
tures and processes. Top management and IT man-
agement can jointly determine the parameters of these

COMMUNICATIONS OF THE ACM December 2007/Vol. 50, No. 12 85

Decision
Types

Gap
Level

Relationship
Quality

For strategic
vision
decisions
and IT
investment
decisions

For IT
architecture
decisions

For IT
infrastructure
and IT
outsourcing
decisions

For
application
development
decisions

high

moderate

moderate
to low

moderate

adversely
affected
by the gap

not affected
by the gap

adversely
affected
by the gap
not affected
by the gap

Governance
Consideration

having top
management
take on greater
accountability

giving IT
management
greater
decision rights

giving IT
management
greater
decision rights
having top
management
take on greater
accountability

Governance
Examples

through executive
committees that
also assess the
decision outcomes

through
architecture
boards that have
technologists with
business acumen

with support and
counsel of top
management

through tripartite
structures that
involve top
management to
manage user and
business unit issues

and
governance
considerations
include

the
perceived
business
gap is

and the
relationship
between IT
and top
management
is

Table 3. Summary of
results and guidelines.

partnerships, but they need to pay attention to possi-
ble discrepancies between authority and accountabil-
ity [2]. The results here suggest that different
arrangements can be made for different types of IT
decisions. For strategic and major IT investment deci-
sions, the interaction and relationship between IT
and top management need to be carefully formulated
so that this important working relationship allows the
firm to be effective in deploying new IT initiatives
that are important to business performance. More
than half the firms identified as the CIO 100 used an
executive council, consisting of IT and business exec-
utives, to vet ideas for new projects [3]. For architec-
ture and infrastructural decisions, where IT
management has superior expertise, they can take the
greater role in terms of decision-making capacity and
accountability. Outsourcing decisions also seem to fall
here, since IT groups have a vested interest (and per-
haps expertise). Application development, however,
may require more complex tripartite governance
involving IT management, business units, and top
management. Table 3 summarizes the major results
and guidelines from the study.

CONCLUSION
With the greater scrutiny on IT decisions, it is criti-
cal that the sometimes-adversarial relationship
between IT managers and top management be made
more effective. This is an imperative in today’s envi-
ronment, where IT is ubiquitous, and is the source
of many innovative ideas that can help generate rev-
enue. If the feasibility set from IT is closed to busi-
ness due to poor relationship quality between the IT
and business sides, the business will flounder. Our
study strongly indicates that IT managers perceive a
gap between their decision rights and accountability
for major IT decisions. For most decisions the mag-
nitude of this gap affects their relationship with top
management. However, different IT decisions might
not require the same rights-accountability frame-
work. More technical decisions are better handled
by the IT groups, while others require shared

responsibility. Planning an effective governance
structure that recognizes these differences is essential
for business leaders to be better managers of the
technology they deploy.

REFERENCES
1. Craig, D., Kankamedala, K., and Tinaikar, R. The next frontier in IT
strategy: A McKinsey survey. McKinsey Quarterly (Spring 2007).

2. Cramm, S. Share power to gain control. CIO Magazine (Mar. 1, 2005).
3. Dragoon, A. More governance best practices. CIO Magazine (Aug. 15,
2003).

4. Gurbaxani, V. and Whang, S. The impact of information systems on
organizations and markets. Commun. ACM 34, 1 (1991), 59–73.

5. Koch, C. A new blueprint for the enterprise. CIO Magazine (Mar. 1,
2005).

6. Lohmeyer, D., Pogreb, S. and Robinson, S. Who’s accountable for IT?
The McKinsey Quarterly (2002);
www.mckinseyquarterly.com/article_page.aspx?ar=1251&L2=18&L3
=30

7. Monnoyer, E. What CEOs really think about IT. The McKinsey
Quarterly (2003); www.mckinseyquarterly.com/article_page.aspx?ar=
1337&L2=13&L3=13

8. Peterson, R. Crafting information technology governance. Information
Systems Management (Fall 2004), 7–22.

9. Ross, J.W. and Weill, P. Six IT decisions your IT people shouldn’t
make. Harvard Business Review 80, 3 (2002).

10. Wallington, P. Time to create a CXO coalition. CIO Magazine (Aug.1,
2001).

11. Weill, P. Don’t just lead, govern: How top-performing firms govern
IT. MIS Quarterly Executive, 3, 1 (2004), 1–18.

12. Weill, P. and Ross, J.W. IT Governance: How Top Performers Manage
Decision Rights for Superior Results. Harvard Business School Press,
Boston, MA, 2004.

Varun Grover (vgrover@clemson.edu) is the William S. Lee
Distinguished Professor of Information Systems in the Department of
Management at Clemson University in Clemson, South Carolina.
Raymond M. Henry (rhenry@clemson.edu) is an assistant profes-
sor in the Department of Management at Clemson University.
Jason B. Thatcher (jthatch@clemson.edu) is an assistant
professor in the Department of Management at Clemson University.

Permission to make digital or hard copies of all or part of this work for personal or class-
room use is granted without fee provided that copies are not made or distributed for
profit or commercial advantage and that copies bear this notice and the full citation on
the first page. To copy otherwise, to republish, to post on servers or to redistribute to
lists, requires prior specific permission and/or a fee.

86 December 2007/Vol. 50, No. 12 COMMUNICATIONS OF THE ACM

HHOOWW WWEE CCOOLLLLEECCTTEEDD TTHHEE DDAATTAA

We surveyed 89 executives listed in the Directory of Top Computer Executives were surveyed. These executives were
selected from U.S. companies with over 50 IT employees or over 1,000 PCs or listed on the Fortune 1000 or Forbes 500
lists. Respondents were given a choice of responding to a paper-based version or a Web version of the instrument.
Approximately half the executives are from manufacturing, service, or governmental organizations and approximately
one-third are from financial, retail, or health care sectors. The average number of employees per organization is approxi-
mately 31,000 and there is no bias toward any geographic area.

ai Regulation Is Coming

102 Harvard Business ReviewSeptember–October 2021

AUTHORS

REGULATION

ai Regulation Is Coming

PHOTOGRAPHER LI SUN

How
to prepare
for the
inevitable

François Candelon
Global director, BCG
Henderson Institute

Rodolphe Charme di Carlo
Partner, Boston Consulting Group

Midas De Bondt
Project leader, Boston
Consulting Group

Theodoros Evgeniou
Professor, INSEAD

Harvard Business Review
September–October 2021  103

I D E A I N B R I E F

ABOUT THE ART

Li Sun sees the “creatures” in his photographs as embodying the
contradiction between the sense of freedom he felt as a child
growing up in the countryside and the surveillance cameras he
feels watching him on every corner in modern cities.

THE CHALLENGE
As companies increas-
ingly embed artificial
intelligence in their
products, processes, and
decision-making, the
focus of discussions
about digital risk is shift-
ing to what the software
does with the data.

WHY IS THIS A PROBLEM?
Misapplied and un-
regulated AI may lead
to unfair outcomes,
primarily because it can
amplify biases in data.
And algorithms often
defy easy explanation,
which is complicated by
the fact that they change
and adapt as more data
comes in.

HOW TO FIX IT
Business leaders need
to explicitly examine
a number of factors.
To ensure equitable
decisions, they need to
evaluate the impact of
unfair outcomes, the
scope of decisions taken,
operational complexity,
and their organizations’
governance capabilities.
In setting standards
for transparency, they
must look at the level of
explanation required and
the trade-offs involved.
In controlling the evolv-
ability of AI, they need to
consider risks, complex-
ity, and the interaction
between AI and humans.

104 Harvard Business ReviewSeptember–October 2021

O R M O S T O F T H E PA S T D E C A D E ,
public concerns about digital technology have focused
on the potential abuse of personal data. People were
uncomfortable with the way companies could track their
movements online, often gathering credit card numbers,
addresses, and other critical information. They found it
creepy to be followed around the web by ads that had clearly
been triggered by their idle searches, and they worried about
identity theft and fraud.

Those concerns led to the passage of measures in the
United States and Europe guaranteeing internet users some
level of control over their personal data and images—most
notably, the European Union’s 2018 General Data Protec-
tion Regulation (GDPR). Of course, those measures didn’t
end the debate around companies’ use of personal data.
Some argue that curbing it will hamper the economic
performance of Europe and the United States relative to less
restrictive countries, notably China, whose digital giants
have thrived with the help of ready, lightly regulated access
to personal information of all sorts. (Recently, however, the
Chinese government has started to limit the digital firms’
freedom—as demonstrated by the large fines imposed on
Alibaba.) Others point out that there’s plenty of evidence
that tighter regulation has put smaller European companies
at a considerable disadvantage to deeper-pocketed U.S.
rivals such as Google and Amazon.

F
REGULATION

Harvard Business Review
September–October 2021  105

But the debate is entering a new phase. As companies
increasingly embed artificial intelligence in their products,
services, processes, and decision-making, attention is
shifting to how data is used by the software—particularly
by complex, evolving algorithms that might diagnose a
cancer, drive a car, or approve a loan. The EU, which is again
leading the way (in its 2020 white paper “On Artificial Intel-
ligence—A European Approach to Excellence and Trust”
and its 2021 proposal for an AI legal framework), considers
regulation to be essential to the development of AI tools that
consumers can trust.

What will all this mean for companies? We’ve been
researching how to regulate AI algorithms and how to
implement AI systems that are based on the key principles
underlying the proposed regulatory frameworks, and we’ve
been helping companies across industries launch and scale
up AI-driven initiatives. In the following pages we draw on
this work and that of other researchers to explore the three
main challenges business leaders face as they integrate AI
into their decision-making and processes while trying to
ensure that it’s safe and trustworthy for customers. We also
present a framework to guide executives through those
tasks, drawing in part on concepts applied to the manage-
ment of strategic risks.

UNFAIR OUTCOMES: THE RISKS OF USING AI
AI systems that produce biased results have been making
headlines. One well-known example is Apple’s credit card
algorithm, which has been accused of discriminating against
women, triggering an investigation by New York’s Depart-
ment of Financial Services.

But the problem crops up in many other guises: for
instance, in ubiquitous online advertisement algorithms,
which may target viewers by race, religion, or gender, and
in Amazon’s automated résumé screener, which filtered
out female candidates. A recent study published in Science
showed that risk prediction tools used in health care, which
affect millions of people in the United States every year,
exhibit significant racial bias. Another study, published in
the Journal of General Internal Medicine, found that the
software used by leading hospitals to prioritize recipients of
kidney transplants discriminated against Black patients.

In most cases the problem stems from the data used to
train the AI. If that data is biased, then the AI will acquire
and may even amplify the bias. When Microsoft used tweets
to train a chatbot to interact with Twitter users, for example,
it had to take the bot down the day after it went live because
of its inflammatory, racist messages. But it’s not enough to
simply eliminate demographic information such as race or
gender from training data, because in some situations that
data is needed to correct for biases.

In theory, it might be possible to code some concept of
fairness into the software, requiring that all outcomes meet
certain conditions. Amazon is experimenting with a fairness
metric called conditional demographic disparity, and other
companies are developing similar metrics. But one hurdle is
that there is no agreed-upon definition of fairness, nor is it
possible to be categorical about the general conditions that
determine equitable outcomes. What’s more, the stakehold-
ers in any given situation may have very different notions of
what constitutes fairness. As a result any attempts to design
it into the software will be fraught.

In dealing with biased outcomes, regulators have mostly
fallen back on standard antidiscrimination legislation.
That’s workable as long as there are people who can be
held responsible for problematic decisions. But with AI
increasingly in the mix, individual accountability is under-
mined. Worse, AI increases the potential scale of bias: Any
flaw could affect millions of people, exposing companies
to class-action lawsuits of historic proportions and putting
their reputations at risk.

What can executives do to head off such problems?
As a first step, prior to making any decision, they should

deepen their understanding of the stakes, by exploring
four factors:

The impact of outcomes. Some algorithms make or
affect decisions with direct and important consequences
on people’s lives. They diagnose medical conditions, for
instance, screen candidates for jobs, approve home loans,
or recommend jail sentences. In such circumstances it
may be wise to avoid using AI or at least subordinate it to
human judgment.

The latter approach still requires careful reflection,
however. Suppose a judge granted early release to an
offender against an AI recommendation and that person

REGULATION

AI increases the potential scale of bias: Any flaw could affect millions
of people, exposing companies to class-action lawsuits.

106 Harvard Business ReviewSeptember–October 2021

then committed a violent crime. The judge would be under
pressure to explain why she ignored the AI. Using AI could
therefore increase human decision-makers’ accountability,
which might make people likely to defer to the algorithms
more often than they should.

That’s not to say that AI doesn’t have its uses in high-
impact contexts. Organizations relying on human deci-
sion-makers will still need to control for unconscious bias
among those people, which AI can help reveal. Amazon
ultimately decided not to leverage AI as a recruiting tool
but rather to use it to detect flaws in its current recruiting
approach. The takeaway is that the fairness of algorithms
relative to human decision-making needs to be considered
when choosing whether to use AI.

The nature and scope of decisions. Research suggests
that the degree of trust in AI varies with the kind of decisions
it’s used for. When a task is perceived as relatively mechani-
cal and bounded—think optimizing a timetable or analyzing
images—software is regarded as at least as trustworthy as
humans.

But when decisions are thought to be subjective or the
variables change (as in legal sentencing, where offenders’

extenuating circumstances may differ), human judgment
is trusted more, in part because of people’s capacity for
empathy. This suggests that companies need to commu-
nicate very carefully about the specific nature and scope
of decisions they’re applying AI to and why it’s preferable
to human judgment in those situations. This is a fairly
straightforward exercise in many contexts, even those with
serious consequences. For example, in machine diagnoses
of medical scans, people can easily accept the advantage
that software trained on billions of well-defined data points
has over humans, who can process only a few thousand.

On the other hand, applying AI to make a diagnosis
regarding mental health, where factors may be behavioral,
hard to define, and case-specific, would probably be inap-
propriate. It’s difficult for people to accept that machines
can process highly contextual situations. And even when the
critical variables have been accurately identified, the way
they differ across populations often isn’t fully understood—
which brings us to the next factor.

Operational complexity and limits to scale. An algo-
rithm may not be fair across all geographies and markets.
For example, one selecting consumers for discounts may

Harvard Business Review
September–October 2021  107

appear to be equitable across the entire U.S. population but
still show bias when applied to, say, Manhattan residents
if consumer behavior and attitudes in Manhattan don’t
correspond to national averages and aren’t reflected in the
algorithm’s training. Average statistics can mask discrim-
ination among regions or subpopulations, and avoiding it
may require customizing algorithms for each subset. That
explains why any regulations aimed at decreasing local or
small-group biases are likely to reduce the potential for scale
advantages from AI, which is often the motivation for using
it in the first place.

Adjusting for variations among markets adds layers to
algorithms, pushing up development costs. Customizing
products and services for specific markets likewise raises
production and monitoring costs significantly. All those
variables increase organizational complexity and overhead.
If the costs become too great, companies may even aban-
don some markets. Because of GDPR, for example, certain
developers, like Gravity Interactive (the maker of Ragnarok
and Dragon Saga games), chose to stop selling their products

in the EU for some time. Although most will have found a
way to comply with the regulation by now (Dragon Saga was
relaunched last May in Europe), the costs incurred and the
opportunities lost are important.

Compliance and governance capabilities. To follow
the more stringent AI regulations that are on the horizon
(at least in Europe and the United States), companies will
need new processes and tools: system audits, documenta-
tion and data protocols (for traceability), AI monitoring,
and diversity awareness training. A number of companies
already test each new AI algorithm across a variety of
stakeholders to assess whether its output is aligned with
company values and unlikely to raise regulatory concerns.

Google, Microsoft, BMW, and Deutsche Telekom are all
developing formal AI policies with commitments to safety,
fairness, diversity, and privacy. Some companies, like the
Federal Home Loan Mortgage Corporation (Freddie Mac),
have even appointed chief ethics officers to oversee the
introduction and enforcement of such policies, in many
cases supporting them with ethics governance boards.

108 Harvard Business ReviewSeptember–October 2021

TRANSPARENCY: EXPLAINING WHAT WENT WRONG
Just like human judgment, AI isn’t infallible. Algorithms will
inevitably make some unfair—or even unsafe—decisions.

When people make a mistake, there’s usually an inquiry
and an assignment of responsibility, which may impose legal
penalties on the decision-maker. That helps the organization
or community understand and correct unfair decisions and
build trust with its stakeholders. So should we require—
and can we even expect—AI to explain its decisions, too?

Regulators are certainly moving in that direction. The
GDPR already describes “the right…to obtain an explanation
of the decision reached” by algorithms, and the EU has
identified explainability as a key factor in increasing trust
in AI in its white paper and AI regulation proposal.

But what does it mean to get an explanation for auto-
mated decisions, for which our knowledge of cause and
effect is often incomplete? It was Aristotle who pointed out
that when this is the situation, the ability to explain how
results are arrived at can be less important than the ability to
reproduce the results and empirically verify their accuracy—
something companies can do by comparing AI’s predictions
with outcomes.

Business leaders considering AI applications also need to
reflect on two factors:

The level of explanation required. With AI algorithms,
explanations can be broadly classified into two groups,
suited to different circumstances.

Global explanations are complete explanations for all out-
comes of a given process and describe the rules or formulas
specifying relationships among input variables. They’re typ-
ically required when procedural fairness is important—for
example, with decisions about the allocation of resources,
because stakeholders need to know in advance how they will
be made.

Providing a global explanation for an algorithm may
seem straightforward: All you have to do is share its formula.
However, most people lack the advanced skills in math-
ematics or computer science needed to understand such
a formula, let alone determine whether the relationships
specified in it are appropriate. And in the case of machine
learning—where AI software creates algorithms to describe
apparent relationships between variables in the training

data—flaws or biases in that data, not the algorithm, may be
the ultimate cause of any problem.

In addition, companies may not even have direct insight
into the workings of their algorithms, and responding to
regulatory constraints for explanations may require them
to look beyond their data and IT departments and perhaps
to external experts. Consider that the offerings of large soft-
ware-as-a-service providers, like Oracle, SAP, and Salesforce,
often combine multiple AI components from third-party
providers. And their clients sometimes cherry-pick and
combine AI-enabled solutions. But all an end product’s
components and how they combine and interconnect will
need to be explainable.

Local explanations offer the rationale behind a specific
output—say, why one applicant (or class of applicants) was
denied a loan while another was granted one. They’re often
provided by so-called explainable AI algorithms that have
the capacity to tell the recipient of an output the grounds
for it. They can be used when individuals need to know only
why a certain decision was made about them and do not, or
cannot, have access to decisions about others.

Local explanations can take the form of statements that
answer the question, What are the key customer character-
istics that, had they been different, would have changed the
output or decision of the AI? For example, if the only differ-
ence between two applicants is that one is 24 and the other
is 25, then the explanation would be that the first applicant
would have been granted a loan if he’d been older than 24.
The trouble here is that the characteristics identified may
themselves conceal biases. For example, it may turn out that
the applicant’s zip code is what makes the difference, with
otherwise solid applicants from Black neighborhoods being
penalized.

The trade-offs involved. The most powerful algo rithms
are inherently opaque. Look at Alibaba’s Ant Group in China,
whose MYbank unit uses AI to approve small business loans
in under three minutes without human intervention. To
do this, it combines data from all over the Alibaba ecosys-
tem, including information on sales from its e-commerce
platforms, with machine learning to predict default risks
and maintain real-time credit ratings.

Because Ant’s software uses more than 3,000 data
inputs, clearly articulating how it arrives at specific

REGULATION

Should we require—and can we even expect—AI to explain its
decisions? Regulators are certainly moving in that direction.

Harvard Business Review
September–October 2021  109

assessments (let alone providing a global explanation)
is practically impossible. Many of the most exciting AI
applications require algorithmic inputs on a similar
scale. Tailored payment terms in B2B markets, insurance
underwriting, and self-driving cars are only some of the
areas where stringent AI explainability requirements may
hamper companies’ ability to innovate or grow.

Companies will face challenges introducing a service like
Ant’s in markets where consumers and regulators highly
value individual rights—notably, the European Union and
the United States. To deploy such AI, firms will need to
be able to explain how an algorithm defines similarities
between customers, why certain differences between two
prospects may justify different treatments, and why similar
customers may get different explanations about the AI.

Expectations for explanations also vary by geography,
which presents challenges to global operators. They could
simply adopt the most stringent explainability require-
ments worldwide, but doing so could clearly put them at
a disadvantage to local players in some markets. Banks
following EU rules would struggle to produce algorithms
as accurate as Ant’s in predicting the likelihood of bor-
rower defaults and might have to be more rigorous about
credit requirements as a consequence. On the other hand,
applying multiple explainability standards will most likely
be more complex and costly—because a company would,
in essence, be creating different algorithms for different
markets and would probably have to add more AI to ensure
interoperability.

There are, however, some opportunities. Explainabil-
ity requirements could offer a source of differentiation:
Companies that can develop AI algorithms with stronger
explanatory capabilities will be in a better position to win
the trust of consumers and regulators. That could have
strategic consequences. If Citibank, for example, could
produce explainable AI for small-business credit that’s as
powerful as Ant’s, it would certainly dominate the EU and
U.S. markets, and it might even gain a foothold on Ant’s own
turf. The ability to communicate the fairness and transpar-
ency of offerings’ decisions is a potential differentiator for
technology companies, too. IBM has developed a product
that helps firms do this: Watson OpenScale, an AI-powered
data analytics platform for business.

The bottom line is that although requiring AI to provide
explanations for its decisions may seem like a good way
to improve its fairness and increase stakeholders’ trust, it
comes at a stiff price—one that may not always be worth
paying. In that case the only choice is either to go back to
striking a balance between the risks of getting some unfair
outcomes and the returns from more-accurate output over-
all, or to abandon using AI.

LEARNING AND EVOLVING: A SHIFTING TERRAIN
One of the distinctive characteristics of AI is its ability to
learn; the more labeled pictures of cows and zebras an
image-recognition algorithm is fed, the more likely it is to
recognize a cow or a zebra. But there are drawbacks to con-
tinuous learning: Although accuracy can improve over time,
the same inputs that generated one outcome yesterday could
register a different one tomorrow because the algorithm has
been changed by the data it received in the interim.

In figuring out how to manage algorithms that evolve—
and whether to allow continuous learning in the first place—
business leaders should focus on three factors:

Risks and rewards. Customer attitudes toward evolving
AI will probably be determined by a personal risk-return
calculus. In insurance pricing, for example, learning algo-
rithms will most likely provide results that are better tailored
to customer needs than anything humans could offer, so
customers will probably have a relatively high tolerance for
that kind of AI. In other contexts, learning might not be a
concern at all. AI that generates film or book recommenda-
tions, for instance, could quite safely evolve as more data
about a customer’s purchases and viewing choices came in.

But when the risk and impact of an unfair or negative
outcome are high, people are less accepting of evolving
AI. Certain kinds of products, like medical devices, could
be harmful to their users if they were altered without any
oversight. That’s why some regulators, notably the U.S.
Food and Drug Administration, have authorized the use of
only “locked” algorithms—which don’t learn every time the
product is used and therefore don’t change—in them. For
such offerings, a company can run two parallel versions of
the same algorithm: one used only in R&D that continuously
learns, and a locked version for commercial use that is

REGULATION

110 Harvard Business ReviewSeptember–October 2021

approved by regulators. The commercial version could be
replaced at a certain frequency with a new version based on
the continuously improving one—after regulatory approval.

Regulators also worry that continuous learning could
cause algorithms to discriminate or become unsafe in new,
hard-to-detect ways. In products and services with which
unfairness is a major concern, you can expect a brighter
spotlight on evolvability as well.

Complexity and cost. Deploying learning AI can add
to operational costs. First, companies may find themselves
running multiple algorithms across different regions,
markets, or contexts, each of which has responded to local
data and environments. Organizations may then need to
create new sentinel roles and processes to make sure that
all these algorithms are operating appropriately and within
authorized risk ranges. Chief risk officers may have to
expand their mandates to include monitoring autonomous
AI processes and assessing the level of legal, financial,
reputational, and physical risk the company is willing to
take on evolvable AI.

Firms also must balance decentralization against
standardized practices that increase the rate of AI learning.
Can they build and maintain a global data backbone to
power the firm’s digital and AI solutions? How ready are
their own systems for decentralized storage and processing?
How prepared are they to respond to cybersecurity threats?
Does production need to shift closer to end customers, or
would that expose operations to new risks? Can firms attract
enough AI-savvy talent in the right leadership positions
in local markets? All those questions must be answered
thoughtfully.

Human input. New data or environmental changes can
also cause people to adjust their decisions or even alter their
mental models. A recruiting manager, for example, might
make different decisions about the same job applicant at
two different times if the quality of the competing candi-
dates changes—or even because she’s tired the second time
around. Since there’s no regulation to prevent that from
happening, a case could be made that it’s permissible for
AI to evolve as a result of new data. However, it would take
some convincing to win people over to that point of view.

What people might accept more easily is AI comple-
mented in a smart way by human decision-making. As

described in the 2020 HBR article “A Better Way to Onboard
AI” (coauthored by Theodoros Evgeniou), AI systems can
be deployed as “coaches”—providing feedback and input to
employees (for instance, traders in financial securities at an
asset management firm). But it’s not a one-way street: Much
of the value in the collaboration comes from the feedback
that humans give the algorithms. Facebook, in fact, has
taken an interesting approach to monitoring and accelerat-
ing AI learning with its Dynabench platform. It tasks human
experts with looking for ways to trick AI into producing an
incorrect or unfair outcome using something called dynamic
adversarial data collection.

When humans actively enhance AI, they can unlock
value fairly quickly. In a recent TED Talk, BCG’s Sylvain
Duranton described how one clothing retailer saved more
than $100 million in just one year with a process that
allowed human buyers to input their expertise into AI that
predicted clothing trends.

G I V E N T H AT T H E growing reliance on AI—particularly
machine learning—significantly increases the strategic risks
businesses face, companies need to take an active role in
writing a rulebook for algorithms. As analytics are applied
to decisions like loan approvals or assessments of criminal
recidivism, reservations about hidden biases continue to
mount. The inherent opacity of the complex programming
underlying machine learning is also causing dismay, and
concern is rising about whether AI-enabled tools developed
for one population can safely make decisions about other
populations. Unless all companies—including those not
directly involved in AI development—engage early with
these challenges, they risk eroding trust in AI-enabled
products and triggering unnecessarily restrictive regulation,
which would undermine not only business profits but also
the potential value AI could offer consumers and society.

HBR Reprint R2105G

FRANÇOIS CANDELON is a managing director and senior partner
at the Boston Consulting Group and the global director of the

BCG Henderson Institute. RODOLPHE CHARME DI CARLO is a partner
in the Paris office of the Boston Consulting Group. MIDAS DE BONDT
is a project leader in the Brussels office of the Boston Consulting
Group. THEODOROS EVGENIOU is a professor at INSEAD.

Regulators worry that continuous learning could cause algorithms to
discriminate or become unsafe in new, hard-to-detect ways.

Harvard Business Review
September–October 2021  111

Copyright 2021 Harvard Business Publishing. All Rights Reserved. Additional restrictions
may apply including the use of this content as assigned course material. Please consult your
institution’s librarian about any restrictions that might apply under the license with your
institution. For more information and teaching resources from Harvard Business Publishing
including Harvard Business School Cases, eLearning products, and business simulations
please visit hbsp.harvard.edu.

Kudos to Robert Kaplan and Michael Porter
for their illustration of careful process
analysis and cost accounting in health care.
Their idea is terrific—but it is hardly novel.
Geisinger Health System in Pennsylvania
and Intermountain Healthcare in Utah have
long employed process analysis, and in
my 1997 book, Market-Driven Health Care,
I advocated activity-based costing of medi-
cal care bundles, which I called “health
care focused factories.”

Kaplan and Porter barely mention, how-
ever, that people are not fungible, so their
costs cannot be measured like the costs of

widgets in manufacturing. Some patients
are much sicker than others. A process fre-
quently called risk adjustment accounts for
these differences. The impact of risk ad-
justments on costs can be enormous. In a
risk-adjustment and activity-based costing
analysis that my students and I performed
for a total-knee-replacement procedure,
we found that while the average payment
was $35,000, the top decile averaged
$615,000. Useful risk adjustment requires
complex statistical analysis. If it were done
as the authors suggest, by simply adding
comorbidities, the analysis could create

thousands of different products, each
requiring separate analysis.

Furthermore, the implementation of
activity-based costing can “solve the
U.S. health care cost crisis” only if, as the
authors suggest, payers switch to reim-
bursing providers for value and bundles of
care. But those adopting the Kaplan-Porter
methods could repeat the mistakes of the
California health care providers that used
process analysis to price their offerings to
insurers in the 1990s: Many suffered sub-
stantial financial losses, in part because
their prices lacked risk adjustments and
reinsurance to protect them against ad-
verse selection by very sick patients.
Regina E. Herzlinger, Nancy R. McPherson
Professor of Business Administration,
Harvard Business School

HBR article by Robert S. Kaplan and Michael E. Porter, September 2011

“U.S. health care costs currently exceed 17% of GDP
and continue to rise,” say Harvard Business School
professors Kaplan and Porter. They trace spending to
its source: health care providers. Doctors, nurses, and
specialists do not understand the value of medical care
to the consumer; they overspend because they can’t
accurately measure health outcomes. The authors take
a look at providers that are measuring costs the right
way, and then prescribe a cost-measurement system
based on individual patient conditions.

How to Solve the Cost
Crisis in Health Care

Why Your IT Project May Be
Riskier Than You Think
HBR article by Bent Flyvbjerg and Alexander
Budzier, September 2011
The authors’ research found that one in
six IT projects finishes wildly over budget,
with an average cost overrun of 200%.

The article avoids the root cause of IT
failures: the lack of a framework for
effective collaboration. Far too many
organizations can’t do joined-up think-

ing across the enterprise. I see only
one universal language that can fa-
cilitate this essential communication:
the language of end-to-end business

process management. Combine that with
the ubiquitous need for compliance, and
it’s clear why effective process manage-
ment is emerging as a core capability for
Enterprise 2.0.
Michael Gammage, VP product marketing,
Nimbus Partners

Outlining how the project will potentially
affect both internal and external people
(for example, partners and customers) is
essential to understanding the project’s

22  Harvard Business Review November 2011

Interaction

The authors respond: We are pleased
that Professor Herzlinger endorses our
approach of building cost models based
on good process maps, but her letter con-
tains numerous errors. Like many in the
health care sector, she confuses charges
with costs (Myth #1 in our article) when
she describes her students’ analysis of
the variation in total-knee-replacement
payments. She errs in her assertion
that we introduce an adverse selection
problem. We explicitly solve the problem
by capturing costs at the individual pa-
tient level. Providers and payers can use
patient-specifi c information to explain
and predict the cost and outcome varia-
tions caused by some being “much sicker
than others.” Herz linger asserts that
we assume all patients are as alike as
widgets. Just the opposite! Our approach
captures how costs vary when providers
respond to the diff erent medical needs of
individual patients. And her concern that
costing thousands of diff erent patient
types would be complex is unfounded.
The scale of the model is driven by
a provider’s diff erent processes and
resources, not by the number
of diff erent types of patients
it serves.

The best way to comment on any article is on
HBR.ORG. You can also reach us via
E-MAIL: hbr_letters@hbr.org
FACEBOOK: facebook.com/HBR
TWITTER: twitter.com/HarvardBiz
Correspondence may be edited for
space and style.

Interact with Us

risk factors. And incorporating them
into a risk-management plan helps
companies better navigate through
tricky project waters. Savvy IT and
project sponsors acknowledge that
human factors must be considered
when building the business case.
Alicia A. Lewis, manager,
PricewaterhouseCoopers

HBR.ORG

Available in two scheduling options:

Four Consecutive Weeks
April 29 – May 25, 2012

2×2 Option
April 29 – May 11 and July 15 – 27, 2012

To learn more, visit:

RealizeYourLeadership.com

Columbia Senior Executive Program

How to realize
leadership potential

2.
Call for Help

4.
Apply
Resolution

3.
Address
the Issue

1.
Recognize
Organizational
Problem

Practical skills for
the business-minded

1377 Nov11 Interaction Layout [S];25.indd 231377 Nov11 Interaction Layout [S];25.indd 23 9/27/11 2:13 PM9/27/11 2:13 PM

Copyright 2011 Harvard Business Publishing. All Rights Reserved. Additional restrictions
may apply including the use of this content as assigned course material. Please consult your
institution’s librarian about any restrictions that might apply under the license with your
institution. For more information and teaching resources from Harvard Business Publishing
including Harvard Business School Cases, eLearning products, and business simulations
please visit hbsp.harvard.edu.

A Matrixed Approach toD*-f& aI %’ o- IrNnI~ a. L 3
U~ …. s I I T overnance

Throughout an organization,

individuals make decisions

daily that influence the need

for and the value received

from information technology.

A simple one-page framework

can help companies allocate

IT decision rights and

accountabilities so that

individual IT decisions align

with strategic objectives.

Peter Weill and Jeanne Ross

very enterprise engages in IT decision making, but each differs considerably
C in how thoughtfully it defines accountability and how rigorously it formal-

izes and communicates decision-making processes. Without formal IT gov-
ernance, individual managers are left to resolve isolated issues as they arise,

and those individual actions can often be at odds with each other. Our study of almost
300 enterprises around the world suggests that IT governance is a mystery to key deci-
sion makers at most companies. On average, just one in three senior managers knows
how IT is governed at his company. (See “About the Research,” p. 28.) In this case, igno-
rance is definitely not bliss. When senior managers take the time to design, implement,
and communicate IT governance processes, companies get more value from IT.

While the research did not identify a single best formula for governing IT, one thing
is abundantly clear: Effective IT governance doesn’t happen by accident. Top-per-
forming enterprises carefully design governance. In those companies, managers at all
levels throughout the enterprise apply that design as they make daily decisions about
the use of IT. Further, 60% to 80% of senior executives in those companies have a clear
understanding of and can describe their IT governance. In fact, senior management
awareness of IT governance is the single best indicator of its effectiveness.

The effectiveness of an enterprise’s or business unit’s IT governance can be assessed
by evaluating how well it enables IT to deliver on four objectives: cost-effectiveness,
asset utilization, business growth and business flexibility. Our research, which weighed
each factor according to its relative importance to each company, showed that gover-
nance performance varies significantly across enterprises in an approximately bell-
shaped distribution. (See ‘Assessing IT

Governance

Performance’ p. 29.) According to
this measure, high IT governance performance correlated with the achievement of
other desired measures of success. For example, companies that effectively govern
information technology garner profits that are 20% higher than those of other com-
panies pursuing similar strategies.’ They also achieve higher returns on equity and
growth in market capitalization.

Although it cannot be conduded that superior governance performance causes
superior financial performance, it can definitely be said that the two measures corre-
late quite well. It is certainly plausible that the two are linked. Effective governance
aligns IT investments with overall business priorities, determines who makes the IT
decisions and assigns accountability for the outcomes. IT is inextricable from other

Peter Wefll is director of the Center for Information Systems Research and a senior research
scientist at the MIT Sloan School of Management. Jeanne Ross is principal research scientist
at the Center for Information Systems Research, MIT Sloan School of Management. Contact
them at pweill@mitedu and jross@mitedu.

26 MIT SLOAN MANAGEMENT REVIEW WINTER 2005

key enterprise assets (financial resources, human resources, intel-

lectual property, physical structure and organizational relation-

ships), and its governance overlaps with other enterprisewide

governance processes. There is surely a good deal to learn from

examining how successful enterprises govern their IT.

How Key IT Governance Decisions Are Made
IT governance encompasses five major decision domains. IT

principles comprise the high-level decisions about the strategic

role of IT in the business. IT architecture includes an integrated

set of technical choices to guide the organization in satisfying

business needs. IT infrastructure consists of the centrally coordi-

nated, shared IT services that provide the foundation for the

enterprise’s IT capability and were typically created before precise

usage needs were known. Business application needs are the busi-

ness requirements for purchased or internally developed IT

applications. Last, prioritization and investment decisions deter-

mine how much and where to invest in IT.
Each of these decision areas can be addressed at the corporate,

business unit or functional level or some combination of the

three. And senior management can hold business unit or IT man-

agers accountable for the related outcomes. Thus, the first step in

designing IT governance is to determine who should make and

be held accountable for each decision area. (See “Key Issues for

Each IT Decision Area,” p. 30.)
There are six archetypal approaches to IT decision making,

ranging from highly centralized to highly decentralized. Most

companies employ a variety of them, using different approaches

for different decisions. In a business monarchy – the most cen-

tralized approach – a senior business executive or a group of

senior executives, sometimes including the CIO, makes all the IT-

related decisions for the enterprise. In an IT monarchy, those

decisions are made by an individual IT executive or a group of IT

executives. In a federal system, C-level executives and business

representatives of all the operating groups collaborate with the IT

department. This is equivalent to the central government and the

states working together. In an IT duopoly, a two-party decision-

making approach involves IT executives and a group of business

leaders representing the operating units. In afeudal system, busi-

ness unit or process leaders make separate decisions on the basis

of the unit or process needs. And, finally, the most decentralized

system is anarchy, in which each individual user or small group

pursues his, her or their own IT agenda.
A matrix that juxtaposes the five decision areas against the six

archetypal approaches creates on a single page a valuable tool for

specifying, analyzing and communicating where IT decisions are

made. Take United Parcel Service of America Inc. as an example.

(See “IT Governance on One Page,” p. 31.) UPS’s governance

arrangements reflect the company’s commitment to offering

total, integrated solutions for customers’ global commerce needs.

WINTER 2005 MIT SLOAN MANAGEMENT REVIEW 27r lustration: 6′ Se CutlerlSI

Senior management accountability for principles and investment
decisions ensures that IT issues are incorporated into the com-
pany’s strategic decision-making processes. The CIO, who is a
member of the senior management team, translates principles
and investment decisions into IT architecture and infrastructure
(such as standards, policies and processes). Business unit proj-
ects, delivered in the context of business and IT principles, define
business application needs in a way that both enhances business
unit performance and supports corporate objectives. 2

UPS’s IT governance creates strategic control at the top of the

company while empowering decision making at multiple organi-
zational levels. Senior management works to make IT governance
transparent so that everyone understands and follows prescribed
processes for proposing, implementing and using IT. This limits
the role of organizational politics in IT-related decisions and
shows in the company’s bottom-line performance.

Governance Mechanisms
Once the types of decisions and the archetypes for making those
decisions are mapped out, a company must design and imple-
ment a coordinated set of governance mechanisms that managers

will work with on a daily basis. Enterprises generally design three

kinds of governance mechanisms: (1) decision-making struc-
tures, (2) alignment processes and (3) formal communications.

Decision-making structures. The most visible IT governance
mechanisms are the organizational committees and roles that
locate decision-making responsibilities according to intended
archetypes. Different archetypes rely on different decision-mak-
ing structures. Anarchies (which are rarely used – or at least
rarely admitted to!) require no decision-making structures at all.

Feudal

arrangements rely on local decision-making structures.
But monarchy, federal or duopoly arrangements demand deci-
sion-making structures with the representation and authority to
produce enterprisewide synergies.

Alignment processes. Alignment processes are management
techniques for securing widespread and effective involvement in
governance decisions and their implementation. For example, the
IT investment proposal process delineates steps for defining,
reviewing and prioritizing IT projects, in determining which
projects will be funded. Architecture exception processes provide
a formal assessment of the costs and value of project implemen-
tations that veer from company standards. Service-level agree-
ments and chargebacks help IT units clarify costs for IT services
and instigate discussion of the kinds of services the business
requires. Finally, formal tracking of business value from IT forces
firms to determine the payback on completed projects, which can
help firms focus their attention on generating intended benefits.

Formal communications. A huge barrier to effective IT gover-
nance is lack of understanding about how decisions are made,
what processes are being implemented and what the desired out-
comes are. Management can communicate governance processes
in a variety of ways: general announcements, the institution of
formal committees, regular communication from the office of
the CIO or the office of IT governance, one-on-one sessions,
intranets and so on. Our research indicates that more communi-
cation generally means more effective governance.

Well-designed, well-understood and transparent mechanisms
promote desirable IT behaviors and individual accountability.
For example, UPS has designed four coordinated governance
mechanisms to implement the company’s intended governance
arrangements: (l) an IT steering committee, comprising four top
executives who accept primary responsibility for principles and
investment decisions, (2) an IT governance committee of senior
IT executives responsible for key architecture decisions, (3) a for-
mal “charter” process that winnows down the entire enterprise’s
IT project proposals to those best aligned with strategic objec-
tives and (4) an escalation process to handle exceptions to archi-
tecture standards at the appropriate organizational level. These
four mechanisms clarify processes and accountabilities so that

28 MIT SLOAN MANAGEMENT REVIEW WINTER 2005

This article is based on two studies led by the authors. The
first was a survey of ClOs at 256 enterprises in the Ameri-
cas, Europe and the AsialPacific region on how large enter-
prises across a wide range of industries – both for profit
and not – govern IT. The survey was developed by MIT
Sloan’s Center for Information Systems Research in 2001
and distributed throughout 2002, both electronically and

on paper, by Gartner Inc. to members of its EXP group and
by CISR to participants in executive programs. Gartner

additionally contributed to the research by conducting 10
case studies on IT governance. The second study comprised

a set of 40 interview-based case studies at large companies

such as Johnson & Johnson, Carlson Companies, UPS, Delta
Air Lines and ING DIRECT, which examined IT governance in
the context of organizational changes such as enterprise
resource planning implementations, e-business initiatives,
enterprise architecture development and IT-enabled orga-
nizational transformations. These cases were developed by
CISR researchers and affiliates between 1995 and 2004. To
understand how top-performing enterprises governed IT,
MIT CISR researchers analyzed the data using both statisti-
cal and qualitative analysis. This article draws on and

extends the material in P. Weill and J. Ross, IT Governance:
How Top Performers Manage IT Decision Rights for Supe-
rior Results (Boston: Harvard Business School Press, 2004).

individuals throughout the company can make decisions that

result in desirable behavior as defined at UPS.

How Top Performers Govern
There is no single best model of IT governance. Given different

strategies and organizational forms, different enterprises will

attempt to encourage different behaviors. Governance arrange-

ments thus can vary from more centralized approaches (most

notably monarchies) to more decentralized approaches (most

notably feudal designs), with federal and some duopoly designs

straddling the two. Similarly, some governance mechanisms sup-

port more centralized approaches (such as executive committees

and centralized capital approval process). Others support more

hybrid approaches (such as business/IT relationship managers

and service-level agreements).’ Decentralized governance

designs involve very few mechanisms.

Ultimately, however, effective IT governance should be evi-

dent in business-performance metrics. We investigated the IT

governance patterns of leaders relative to the following financial

performance measures: 4 profit as measured by return on equity

(ROE), return on investment (ROI) and percent profit margin;

asset utilization as measured by return on assets (ROA); and

growth as measured by percent change in revenue per year. It is

clear that top-performing companies govern significantly differ-

ently from other companies. Even among top performers, gov-

erning styles differ according to which performance metric they

emphasize. (See “Governance Lessons From Leaders,” p. 32.)

-e ; I

The worksheet below allows you to assess how well your com-

pany’s IT governance facilitates its goals. The average score in

our sample was 69 out of 100. The top third scored above 74.

How does your company compare?

QUESTION:
. How important
‘ are the following

outcomes of your
IT governance?

t1 (not irr
5 (very ir

a. Cost-effective
use of IT

b. Effective use of
IT for growth

c. Effective use of IT
for asset utilization

d. Effective use of ITfor
business flexibility

Importance =
Total

0
, QUESTION:
‘How successfully
|does your IT
Igovernance
rinfluence these
IoUtcomes?

mportant) S (very successful)

,: ,
x d= ,’- _
x

:E . ; : ,D

– X; f: _T t

0 CALCULATEGOVERNANCE Total
PERFORMANCE : ImportanceTotal

‘Theformula’snumeratorreprasentsa totalscorethat increasesfwhen either orbothot the
following are true, (1) the objective is rnportant,and (2) the objective Is achieved. To make
sure the overal performrrr-e scoring is weighted toward the actualsahevemeet of ob)ectves,
we divide by the ‘totsl importance score. The mtltiplier or 20 is appfied skiply to adjust
the ratsg scale so that the highest achievable perlormancescore is 100.

Centralized Approaches and Profitability The most profitable com-
panies tend to be centralized in their approach to IT governance.

Their strategies emphasize efficient operations. Accordingly, it is

desirable for IT governance to encourage a high degree of stan-

dardization in the pursuit of low business costs. Key mechanisms

include executive committees for decision making, centralized

processes for architecture compliance and exceptions, enter-

prisewide IT investment decision processes, and formal post-

implementation assessments of IT-related projects. The United

Nations Children’s Fund (UNICEF) is an example.

Although UNICEF is not for profit, its emphasis on cost-effec-

tiveness and rapid organizational learning led it to adopt a cen-

tralized IT governance model. UNICEF operates in remote and

sometimes dangerous locations, including sites affected by armed

conflict, natural disasters and other tragedies. For years, IT at

UNICEF supported administrative tasks at headquarters but was

nearly nonexistent in the field offices, where the needs of children

were directly addressed. In the mid-1990s, senior management

recognized that the lack of IT in field offices was handcuffing

operations, so the organization, led by CIO Andre Spatz, equipped

remote locations with IT services. Spatz worked with other C-level

managers to establish priorities and make important trade-offs

among features like cost, reliability, speed and accessibility. The

result was improved global knowledge, information flow, trans-

parency and communication. Field offices now can serve their

constituents based on transaction-level and value-added informa-

tion that they could not access only a few years ago.

Decentralized Approaches and Growth The fastest-growing compa-
nies are focused on innovation and time to market. They insist on

local accountability. They measure success through growth in

revenues, which are often generated from products introduced in

the last two or three years. These companies seek to maximize

responsiveness to local customer needs and minimize constraints

on creativity and business unit autonomy by establishing few, if

any, enterprisewide technology and business-process standards.

Accordingly, they require few governance mechanisms, often

relying only on an investment process that identifies high-prior-

ity strategic projects and manages risk.

Atlanta-based Manheim Auctions, the U.S. market leader in

business-to-business car auctions, recognized during the early

years of e-commerce that the Internet would offer opportunities to

grow its business.5 In the late 1990s, Manheim introduced online

WINTER 2005 MIT SLOAN MANAGEMENT REVIEW 29

I.~

auction capabilities and experimented with related revenue-generat-
ing electronic capabilities. One service, the Manheim Market Report,
generated significant value by providing online information on the
company’s auctions to car dealers and other industry participants.

To launch its fast-growth online business, the company cre-
ated an independent business unit, Manheim Online, a sub-
sidiary of Manheim Interactive. Hal Logan, then the CEO of
Manheim Interactive, worked with the senior management team
to define principles and strategic business requirements. Like
most high-growth startups, the company did not tightly govern
architecture or infrastructure, focusing instead on managing
projects for rapid development. A development team was made
responsible for all aspects of each new Manheim Online service
rollout: product management, deploying of the Web servers,
development of the service and quality assurance of the service.

Manheim’s decentralized approach to IT governance allowed
the company to innovate and grow its business base. As the devel-
opment teams’ focus on speed of delivery became unsustainable
in the context of the larger company, Manheim eventually iden-
tified a need for more centralized architecture and reusable infra-

structure services. Its online business today is integrated into the
overall Manheim Auctions business model, relying on a set of
shared IT services. Accordingly, IT governance has transitioned
to a blend of centralized and decentralized arrangements.

Hybrid Approaches and Asset Utilization Companies seeking opti-
mal asset utilization attempt to balance the contrasts between gov-
ernance for profitability and governance for revenue growth and
innovation. They focus on using shared services to achieve either
responsiveness to customers or economies of scale – or both.
Their IT principles emphasize sharing and reuse of processes, sys-
tems, technologies and data. Asset utilization demands a hybrid
approach to governance, mixing elements of centralized and
decentralized governance. Leaders who excel at asset utilization
typically rely on duopolies and federal governance design. They
introduce governance mechanisms to address the tensions between
enterprisewide and local control. Those mechanisms include high-

level business-IT relationship managers, service-level agreements

and IT chargeback, IT leadership teams comprising business unit

IT representatives, and enterprisewide business process teams with

�,eee”

IT governance encompasses five major decision areas. In thinking about who should make and be accountable for these decisions, a
number of the questions should be addressed.

IT Principles a Hoow do the business prindples translate to IT principles that guide IT decision making?
X What is the role of IT in the business?
a What are desirable IT behaviors?
‘a How will IT be funded?

IT Architecture Ea What are the core business processes of the enterprise? How are they related?
ii What information drives these core processes? How must this data be integrated?
EV What technical capabilities should be standardized enterprisewide to support IT efficiencies and facili-

tate process standardization and integration?
‘ What activities must be standardized enterprisewide to support data integration?
Ei What technology choices will guide the enterprise’s approach to IT initiatives?

IT Infrastructure ml What infrastructure services are most critical to achieving the enterprise’s strategic objectives?
Strategies uWhat infrastructure services should be implemented enterprisewide and what are the service-level

requirements of those services?
in How should infrastructure services be priced?
wR What is the plan for keeping underlying technologies up-to-date?
n What infrastructure services should be outsourced?

Business Application a What are the market and business process opportunities for new busiaess applications?
Needs w How are strategic experiments designed to assess success?

xi How can business needs be addressed within architectural standards? When does a business need jus-
tify an exception to a standard?

* Who will own the outcomes of each project and institute organizational changes to ensure the value?

IT Investment and a What process changes or enhancements are strategically most important to the enterprise?
Prioritization w What is the distribution in the current IT portfolio? Is this portfolio consistent with the enterprise’s

strategic objectives?
n What is the relative importance of enterprisewide versus business unit investments? Do actual invest-

ment practices reflect their relative importance?
mi How is the business value of IT projects determined following their implementation?

30 MIT SLOAN MANAGEMENT REVIEW WINTER 2005

IT members. The hybrid approach is common, but it clearly *
demands a great deal of management attention. f

ING DIRECT, the international direct banking unit of

Dutch financial services conglomerate ING Groep N.V.,

takes a hybrid approach to IT governance.6 ING DIRECT is

organized into nine country-based businesses. Each coun-

try unit operates autonomously, but the units share a com-

mon business model. The bank leverages standardized

business solutions as well as standardized technical and

infrastructure components, offering a product set featuring

savings accounts, term deposits, personal loans/mortgages,

retirement savings plans and a few select mutual funds.

ING DIRECT’s IT governance uses duopoly arrange-

ments for all its IT decisions. The key mechanism is the

Information Technology and Operations Council (made up

of the CIOs and COOs of the country-based businesses and

the head office CIO/COO). The Council makes enter-

prisewide principles, architecture, infrastructure and invest-

ment decisions. Its semiannual meetings offer a forum for

coordinating ING’s IT plan with the businesses’ mid-term

plans. The outcome of this meeting serves as input for the

ING DIRECT Council (executive team meeting), where the

international business strategy is discussed and defined. In

doing so, ING DIRECT allows IT capabilities to influence

business strategy just as strategy influences IT.

To facilitate development and reuse of business process mod-

ules, ING DIRECT looks to its local businesses for innovations. If

a country unit wants to introduce a new product, country man-

agers develop a product proposal detailing financial and business

implications and risks. A product committee at the company’s

head office approves every new product, based on a thorough and

detailed review process involving all business units. The outcome

of this selection process is a global standard rather than an iso-

lated local solution. In addition, ING DIRECT’s chief architect

helps define application specifications so that the new applica-

tion modules work effectively with existing modules and fit with

the existing business, application and technical architecture. This

arrangement supports ING DIRECT’s desirable behaviors of

building modules for reuse, standardizing applications and

achieving a universally compatible architecture.

Minneapolis-based Carlson Companies Inc. takes a different

approach to hybrid IT governance. 7 Carlson is a $20 billion, pri-

vately owned conglomerate in the marketing, hospitality and travel

business. It has grown through acquisition, with operating groups

in relationship marketing services, loyalty programs (Gold Points

Reward Network), hotels (Radisson Hotels and Resorts, Regent

International Hotels), restaurants (T.G.I. Friday’s Inc.), cruises and

travel services.

Traditionally, each Carlson operating group functioned inde-

pendently and competed with other operating groups. But in 2000,

1-

A matrix that juxtaposes the five IT decision domains against five of

the six archetypal approaches creates, on a single page, a valuable

tool for specifying, analyzing and communicating where IT deci-

sions are made. UPS’s governance is clear and relatively centralized:
A subset of the senior management team takes responsibility for

defining IT principles and IT investment; the CIO’s team is held

accountable for IT architecture and IT infrastructure; and business

unit leaders and enterprisewide process managers are responsible

for defining business application needs.

GOVERNANCE
,ARCHETYPE

Business.
Monarchy

IT Monarchy

DECISION DOMAIN .IT Business
IT IT Infrastructure Application

Principles Architecture Strategies Needs

.,…..,x. … ,
IT

Investment

: 57

x x

Federal

IT Duopoly

Feudal

chairman and CEO Marilyn Carlson sought to change that com-

petitive relationship to a collaborative one. CIO Steve Brown, who

reports directly to the CEO, was given responsibility for defining the

role of IT for the integrated enterprise.
Toward that end, Brown articulated two key principles. First,

application development could continue to take place within

operating groups, but applications would be presented to users

through a shared portal, and, where necessary, data would be

shared across business units. Second, Carlson would have a

shared IT infrastructure.
To translate these principles into IT architecture, infrastructure,

business applications and IT investment decisions, Carlson assigned

governance responsibilities to five decision-making structures: the

Carlson Technology Architecture Committees (CTAC), which

reside in each operating group and take responsibility for meeting

the unique needs of each individual business; the Enterprise Archi-

tect Organization (EAO), a team of business unit IT representatives

that sets corporatewide standards guiding the development efforts

of all the operating units; the IT Council, made up of the CTOs and

CIOs of each operating group, which meets monthly to talk about

new technologies and ways technology can be leveraged across Carl-

son; the Carlson Shared Services Board, the business unit ClOs and

CFOs, who meet to identify opportunities to provide shared IT and

financial services to the company; and an Investment Committee, a

subset of the Executive Committee, which renders final judgment

on all large Carlson Companies investment projects.

WINTER 2005 MIT SLOAN MANAGEMENT REVIEW 31

Af :

With some responsibility for IT decisions being more central-

ized (investment, for example) and some less centralized (such as

business application needs), Carlson’s governance arrangements

attempt to maximize opportunities to leverage shared services

while minimizing constraints on the unique needs of related but

distinct operating requirements across diverse business units.

(See “IT Governance at Carlson Companies.”)

Large, global companies often require the benefits of a hybrid

IT governance model to achieve both the synergies emphasized in

more centralized models and the autonomy allowed by more

decentralized models. In addition to Carlson and ING DIRECT,

companies like DuPont, J.P. Morgan Chase and Johnson & John-

son achieve these benefits by implementing IT governance at

three levels: the enterprise, the region or group of businesses and

the business unit. J.P. Morgan Chase, for example, encourages

autonomy in order to generate innovation and recognize the very

different requirements of businesses that range from credit cards

to investment banking. But the company has instituted some

enterprisewide IT principles in order to encourage the use of

standardized technologies where they can provide economies of

scale. At the division level, J.P. Morgan Chase businesses have

introduced governance mechanisms that facilitate sharing of cus-
tomer data so that business units can, when appropriate, present
a single face to the customer. At the individual business unit level,
each business can design the IT governance arrangements that
best address its own needs for synergy and autonomy.

Companies attempting to realize cost savings by capitalizing
on business unit synergies often look to shared services to remove
duplication or reduce IT unit costs. DuPont, for example, has an
enterprise IT architecture group with representatives from all
regions, all strategic business units and all competency centers.
This group proposes architecture rules to a team consisting of the
corporate CIO and the CIOs of the largest business units. That
team makes sure the rules make sense for the businesses and takes
responsibility for enforcing architectural standards. Enterprise-
level governance mechanisms like DuPont’s establish parameters
for IT governance design at lower organizational levels.

Recommendations to Guide Effective IT Governance Design
Effective IT governance demands that senior managers define
enterprise performance objectives and actively design governance
to facilitate behavior that is consistent with those objectives. Often

I-.

Top-performing companies govern significantly differently from other companies. Even among top performers, governing styles dif-
fer according to which performance metric they emphasize.

PROFIT
PERFORMANCE
ASSET UTILIZATION GROWTH

Profitability via enterprisewide
integration and focus on core
competencies

Efficient operation by encour-
aging sharing and reuse

Encourage business unit innova-
tion with few mandated processes

Key Metrics RQI°RQE and business process ROA and unit IT cost Revenue growth
co5ts

Key IT Governance E Enterprisewide management E Business/IT relationship u Budget approval and risk
Mechanisms mechanisms (e.g., executive manager management

committee) 1 Process teams with IT members pi Local accountability
* Architecture process s SLA and chargeback as Portals or other information/
-a Capital approval * IT leadership decision-making services sources
a Tracking of business value of IT body

Layers of centrally mandated Shared services centrally coordi- Local customized capability with
IT Infrastructure shared services nated few required shared services

Low business costs through stan- Low IT unit costs; reuse of stan- Local innovation with communities
Key IT Principles dardized business processes dard models or services of practice; optional shared services

More centralized

E.g,, Monarchies and Federal

Blended More decentralized

E.g,, Federal and Duopoly E.g., Feudal arrangements;
risk management emphasis

* Based on analysis of companies with statistically significantly higher three-year industry-adjusted performance: profit (ROIIROEI, asset utilization (ROA), growth (revenue growth).

32 MIT SLOAN MANAGEMENT REVIEW WINTER 2005

Strategic Driver

Governance

– -‘ I I

Carlson Companies allocates IT decision making to encourage

business unit autonomy while ensuring strategic use of corpo-

rate IT funds. Five decision-making mechanisms implement this
objective. The IT investment committee, a subset of the senior
executive committee, makes IT investment decisions. The CIO is

responsible for establishing IT principles, and the CIO’s central-
ized enterprise architecture organization makes architecture
decisions. Carlson uses a duopoly – members of the board of its

shared services organization, as well as the ClOs and CTOs of the
business units – to make infrastructure decisions. Application
needs are feudal, allowing each business unit to meet unique
business needs. In addition to these decision-making mecha-

nisms, Carlson benefits from three alignment mechanisms to

allocate accountability for daily decisions. First, an architecture
exception process relies on the CTAC (Carlson Technology Archi-
tecture Committee) in each business unit to either make excep-
tion decisions or forward them to the Enterprise Architecture
Organization. Second, a services catalog, compiled by the
shared services unit, provides a listing of infrastructure services
and their prices to help the Carlson Shared Services Board con-
sider changes to infrastructure services. Finally, Carlson’s fund-
ing process requires the business unit and the CIO’s office to
carefully develop authorization proposals for funding of IT proj-
ects as input to the IT funding process.

DECISION DoMAIN

IT Principles

Input Decision

Chairman ” 0
and CEO t0- I 0

IT Architecture

Input Decision

: IT Infrastructure
Strategies

Input Decision

,~~~~~~~~~~~——– ,_. ,,, \ …….. , I..* I f:…..::; -.,,.,……,, ,,. ,,,
…)

0,,,,.ESS,,, ,-_.,__,_,,._7D, -,, 5,-

-CIO eCIO *EAO
EAO

-Architecturee,
exception

Services *IT Council
catalog CSS Board

* CrAC

p a st t e rn si nam l
patterns in all companies

companies have mature business governance processes to use as a

starting point in designing IT governance.’ For example, the Ten-

nessee ValleyAuthority piggybacked its IT governance on its more

mature business governance mechanisms, such as its capital

investment process. The TVA’s IT governance included a project

review committee, benchmarking and selective chargeback – all

familiar mechanisms from the engineering side of the business.9

Companies can use the one-page framework of IT governance

to help design structures and processes that enhance their strategic

use of IT. In order to use the framework effectively, management

teams must first establish the context for IT governance. That

means clarifying how the company will operate, how the com-

pany’s structure will support its operations and what governance

arrangements will elicit the desirable behaviors that structure can-

not ensure. Governance arrangements generally transcend organi-

zational structure and can be more stable than structure.

IT governance design should encompass four steps:

Identify the company’s needs for synergy and autonomy.
Senior managers are often enamored of the potential to derive

business value from synergistic efforts like cross-selling, standard

Business
Application Needs

Input : Decision

IT Investment

Input Decision r
*:. Irnestme

…. ilk ,, _ I… 9;. .-
– —- mm 6 TTT-e

*IT Council
*CSS Board
.CIO

-Al * Business cOs
business – Some bussness
leaders leadcrs

CTAC

technology platforms or enterprisewide business processes. Man-

agement teams should consider realistically both the benefits and

costs of such synergies. Synergy-autonomy trade-offs force senior
managers to make tough decisions and communicate those deci-

sions throughout the enterprise. Clarifying those decisions estab-

lishes the parameters for the design of IT governance and

accompanying managerial incentives.

Establish the role of organization structure. Companies have
long relied on organization structure to create the context for

achieving organizational objectives. For some time, this resulted

in pendulum-like swings between centralized and decentralized

organizational forms. Companies eventually pursued both cen-

tralization and decentralization simultaneously by introducing

more matrixed reporting relationships. However, the complexity

of matrices can overwhelm managers and limit effectiveness. By

establishing organizational priorities for autonomy and synergy,

companies can introduce organizational designs and incentive

systems that reinforce their priorities. Governance processes –

and related incentives – can then compensate for the limitations

and instability of the organizational structure. These governance

WINTER 2005 MIT SLOAN MANAGEMENT REVIEW 33

GOVERNANCE
ARCHETYPE

Business –
Monarchy

IT Monarchy

Federal –

IT Duopoly
Feudal

processes can be easier to design if their objectives are clear and
less disruptive to implement.

Identify the desirable IT-related behaviors that fall outside the
scope of organizational structures. Management teams that
understand what behaviors organizational structures will enforce
can identify the additional behaviors they must promote in order
to achieve their objectives. Then, rather than restructuring each
time priorities shift, new governance mechanisms can force new
behaviors without requiring reorganization. Governance mecha-
nisms can provide organizational stability by demanding disci-
plined processes. And governance itself appears to become more
stable as companies learn good governance practices.10 Together,

organizational structure and IT governance design can allow
companies to achieve seemingly conflicting objectives.

For example, even if organizational structures emphasize the

autonomy of individual business units, a company can establish IT
architecture principles that limit business unit technical choices –
and achieve enterprisewide cost objectives. Similarly, IT investment
decision processes can direct business unit priorities toward enter-
prise priorities by approving only projects that support enterprise
strategies, even if organizational structures place responsibility for
accomplishing project outcomes on business unit managers. Dual
incentives are necessary in most companies to motivate senior-level
managers to focus on both enterprisewide and business unit goals.

Thoughtfully design IT governance on one page. When the
objectives of IT governance are clear, companies can design IT
governance by outlining governance arrangements and then

specifying the mechanisms that will implement the intended
arrangements. Companies that have not been effective in using
IT strategically should expect to invest in organizational learning.
Early in the learning cycle, those decision-making mechanisms
may involve large numbers of managers.

For example, in the mid-1990s, the senior executive team at
Dow Corning Corp. sought to transform IT from back-office
function to strategic enabler.11 The executive committee met reg-
ularly for several years to redefine the role of IT, articulate the role
of the CIO, establish architectural principles, outline key projects

-particularly the implementation of an enterprise system –
and closely manage IT investment priorities. Once the full execu-
tive committee had entrenched IT as a key function, installed a

capable CIO, and gained competence in articulating how IT
should enable business strategy, ongoing IT governance responsi-
bilities were assumed by a subset of executive committee mem-

bers. The ability to reduce the size of the steering committee,
indicated that Dow Corning had created sustainable senior man-
agement participation in high-level IT management. Making the
CIO a member of both the business monarchy and the IT monar-
chy provided a natural linkage between business and IT strategy.

EFFECTIVE IT GOVERNANCE certainly doesn’t happen accidentally.
But companies that have followed the steps enumerated above
have had demonstrable success designing, communicating and

refining IT that creates real business value in their enterprises.

ACKNOWLEDGMENTS

Both authors contributed equally to this article and would like to thank
all the managers who participated in the research as well as Marianne
Broadbent, Mark McDonald and their colleagues at Gartner Inc. We
also would like to acknowledge the MIT Sloan CISR Patrons and
Sponsors for supporting this research.

REFERENCES

1. R Weill and J. Ross, “IT Governance: How Top Performers Manage
IT Decision Rights for Superior Results” (Boston: Harvard Business
School Press, 2004).

2. See J.W. Ross, “United Parcel Service: Delivering Packages and
e-Commerce Solutions,” working paper 318, MIT Sloan School of
Management, Center for Information Systems Research, Cambridge,
Massachusetts, 2001.

3. For a discussion of hybrid governance arrangements, see C.V.
Brown and S.L. Magill, “Reconceptualizing the Context-Design Issue
for the Information Systems Function,” Organization Science 9, no. 2
(March-April 1998): 176-194.

4. The analysis was adjusted for industry differences so that compa-
nies were compared to competitors.

5. For more information see www.manheim.com and R. Woodham
and R Weill, “Manheim Interactive: Selling Cars Online,” working
paper 4160-01, MIT Sloan School of Management, Center for Infor-
mation Systems Research, Cambridge, Massachusetts, August
2001.

6. For a more complete description of governance and architecture at
ING DIRECT, see D. Robertson, “ING DIRECT: The IT Challenge (A)”
and “ING DIRECT: The IT Challenge (B),” IMD-3-1344 and IMD-3-
1345, [MD International, Lausanne, Switzerland 2003.

7. For a more complete description of IT governance at Carlson Com-
panies, see R Weill and J. Ross, “Mechanisms for Implementing IT
Governance,” chap. 4 in “IT Governance: How Top Performers Man-
age IT Decision Rights for Superior Results” (Boston: Harvard Busi-
ness School Press, 2004).

8. See V. Sambamurthy and R.W. Zmud, “Arrangements for Informa-
tion Technology Governance: A Theory of Multiple Contingencies,” MIS
Quarterly 23 (June 1999): 261-288. The authors find that corporate
governance is one of three important contingencies influencing IT gov-
ernance arrangements in organizations. The other two contingencies
are absorptive capacity and economies of scope.

9. References to TVA excerpted with permission from Gartner. See M.
Broadbent and R Weill, “Effective IT Governance: By Design,” Gartner
EXP Premier Report, Gartner Inc., January 2003.

10. In our research, we found that companies with effective gover-
nance changed some aspect of governance about once per year,
whereas companies with less effective governance changed gover-
nance as many as three times per year.

11. J.W. Ross, “Case Study – Dow Corning Corporation: Business
Processes and Information Technology,” Journal of Information Tech-
nology 14, no. 3 (1999): 253-266.

Reprint 46208. For ordering itnformation, see page 1.
Copyright © Massachusetts Institute of Technology, 2005. All rights reserved.

34 MIT SLOAN MANAGEMENT REVIEW WINTER 2005

COPYRIGHT INFORMATION

TITLE: A Matrixed Approach to Designing IT Governance
SOURCE: MIT Sloan Manage Rev 46 no2 Wint 2005

WN: 0534907228008

The magazine publisher is the copyright holder of this article and it
is reproduced with permission. Further reproduction of this article in
violation of the copyright is prohibited. To contact the publisher:
http://mitsloan.mit.edu/smr/

Copyright 1982-2005 The H.W. Wilson Company. All rights reserved.

Expert paper writers are just a few clicks away

Place an order in 3 easy steps. Takes less than 5 mins.

Calculate the price of your order

You will get a personal manager and a discount.
We'll send you the first draft for approval by at
Total price:
$0.00