Posted on: February 17, 2021
Like never before, business limitations have been exposed in glaring fashion due to the devastating impact of COVID-19. The pandemic hit at a time when digital transformation was accelerating in many companies across the globe. And, while some may feel that a big “PAUSE” button was pushed, the opportunity to transform is greater than ever. According to Gartner, Inc.’s 2020 View From the Board of Directors Survey, 69% of respondents are pushing the acceleration of digital initiatives. The reality is that while these devastating impacts continue and the pandemic is in another wave, true digital transformation will require even stronger leadership and vision.
Technology alone cannot lead the way to digital transformation – we need leaders across the organization, in both the business and IT, that share a common vision for truly transforming the organization.
In most companies, IT has not had to play the role of a cross-functional change agent. They have often thrived as a supporting agent, keeping things running and delivering new technologies that provide the infrastructure to run the systems of the business safely, securely, and efficiently. But digital transformation will accelerate and evolve in new ways as the world looks to emerge from the pandemic, and IT needs to take a leading role. According to Gartner, Inc.’s report on The Roadmap to CISO Effectiveness, meeting with several non-IT stakeholders correlates positively with CISO effectiveness. The key is that these stakeholders possess unique insight about future business strategies, initiatives, and technologies.
With the pandemic, digital transformation investments are shifting to short- and long-term operational resilience and business continuity as leadership realizes that there is nothing more important than to maintain the trust of customers, employees, and investors alike. Companies have woken to the fact that continuity is the currency that brand trust is based on, and they know that continuity is much more than just shifting to working from home for a period. Continuity of operations that reaches a level of true resilience requires developing new lines of business or ways of working that can withstand or adapt to a pandemic or other catastrophic conditions. As the world changes rapidly, every company needs to consider how they stay relevant beyond just keeping things functioning until they can get back to a “new normal.” Normal is a thing of the past.
There are many implications of this new way of working as companies everywhere seek new strategies for becoming more resilient, and IT has a chance to play a leading role as organizational changemakers. IT should embrace the opportunity to expand their role beyond back office technology and become partners in painting the strategic vision for the organization, including better ways to manage risk and improve business continuity through innovation.
IT organizations that embrace the mantle of being digital transformation changemakers for the organization will be seen as true leaders and not just technologists in a more traditional supporting role.
The key to this kind of transformational leadership role is to partner directly with the business side to explore the new normal and all of its opportunities, realizing that technology alone cannot enact the changes needed. IT risk assessment leadership should promote a vision of how IT and business teams must work creatively together. IT leaders must work directly and closely with the business to understand what the new normal means. They need to understand how the most critical services that customers rely upon are delivered. This goes beyond managing the IT components into understanding what makes great customer experiences and what the business provides in concert with IT to deliver on customer commitments. This more complete visibility into how the business operates can drive new insights and ideas for transformation.
IT leaders, including the CISO, are vital to enabling relationship-building with the business across the team, including developing their staff to work well with the business. Gartner, Inc. states that “beyond providing technical insight, cybersecurity staff must be able to effectively partner with the business.” This takes adaptability and insight into the operations and challenges of a variety of business stakeholders.
IT and business teams need to come together now more than ever to create new ways of working and to understand and pivot on the relationships and process interdependencies required to create a truly resilient organization. Leaders in IT need to help the entire company view processes and services from a customer perspective and not just an IT perspective.
How can you, as a senior leader of information technology, empower your IT team leads to navigate the business through a digital transformation that starts with the customer and not just take the technology viewpoint? This is a critical question, and IT needs to embrace its role in working with and leading the business in focusing on the customer first.
IT leaders can focus more attention on and learn more about how the business operates by working closely with the business to deploy the best solution for managing operational resilience. At its core, a system that enables the operational resilience journey includes business continuity, IT disaster recovery, and crisis management in an integrated solution. But it should go beyond that to include the management of operational and third-party risk as well as more targeted risks that threaten resilience today, such as cyber risk.
Business leaders are starting to embrace resilience as an initiative that encompasses business continuity and much more. This ultimately leads to questions about technology’s role to enable resilience in the new normal and not be caught off guard with the next major crisis. The right solution gives visibility into how the business works and provides tools to build strategies for responding to any potential disruption across business, risk, and IT areas as well as explore areas of improvement even in times of normalcy or calm.
There is no better way for IT to learn how the business operates than to be a direct partner to the business in mapping the critical business services needed for the organization to survive and thrive. These services must be fully understood from the customer touchpoints all the way through to the IT systems that are involved. This requires (1) a system that captures insights by engaging everyone across the organization and (2) a system that combines business and IT knowledge for a complete operational picture. A risk management system that is rooted in business continuity and IT disaster recovery becomes a communication vehicle across the organization, and most significantly, drives sharing between IT and the business. With such a system, how the business works and how everything interrelates can be captured and understood.
IT leaders should work with the business to look for a risk management solution that brings all areas of digital transformation into focus from a business perspective. The system should enable exploring key questions that leadership needs to know:
- How do we deliver for our customers?
- How do we understand what is critical, where our risk lies, and what needs to improve in terms of efficiency?
- What is our exposure from a resilience perspective due to operational risk, third-party risk, cyber risk, business continuity planning, and IT disaster recovery?
- What do we need to focus on based on the new normal, and what is now most critical to maintaining the trust in our brand?
The operational resilience journey is not a simple, minor evolution of business continuity planning − it requires a comprehensive view which ultimately requires a system to enable a more comprehensive journey that brings the organization together. The right system can lead to a whole new way of working. The right technology sits between the business and IT in an intelligent way, enabling IT and the business to communicate in new ways.
The right technology choice is not always the obvious one
In discussing how companies are making decisions about the right solution to manage operational resilience, there is often a common story with two different endings.
The story goes like this:
“The cross-functional risk and resilience team (including members from all parts of the business) did an exhaustive search and had settled on the right solution for managing our business continuity efforts and positioning us to build an integrated operational risk and resilience solution for the future. We really liked the way it captured information from a customer perspective and tied it to our people, processes, and technology to understand how our organization worked. It engaged everyone to contribute their knowledge so we could connect all the dots. It connected to IT systems to tie everything together with minimal effort and maximum visibility. And, it gave an executive perspective to make business decisions that no other could offer.”
BUT (and here is where there is a fork in the story) −
Bad ending #1:
“Unfortunately, we didn’t involve IT until late in the process. They said we could do all this in their current system by adding another module. They convinced our executives it would be the best choice to keep everything on one platform and that workflows would be streamlined. We had a hard time justifying our position because the one platform/workflow message is strong in our company. But we didn’t really get to talk to IT leadership about how improving workflows is not hitting the mark because it is only making what we do today better. It is not rethinking what we need to do to truly transform our resilience.
Without understanding how we need to transform our risk program, IT didn’t understand the visibility they would be missing, the way that the business needed to be more engaged, and the way this would help us be more agile as a business by understanding how everything relates to our customer. So, I feel IT led us in a direction that is less focused on what is really needed, both now and in the future, to be better prepared. This decision will hold us back for many years before someone will realize the business knew best.”
Good ending #2:
“IT was involved all along, and they jointly led the way in deciding what solution would solve our most pressing problems related to becoming a more resilient organization. They understood the importance of expanding their view of the business with a solution that would engage everyone to participate and would capture information all the way from the critical services we deliver to our customers to the processes and IT applications and infrastructure they depend on. They saw the depth and flexibility of the leading operational resilience system that could be managed not just by IT, but also by the business where appropriate.
For example, building reports and dashboards was something we wanted to enable our end users to do, and IT realized the benefits of that based on already being stretched thin and wanting to meet the executive team’s needs quickly. They really understood the visibility that leadership needed to make decisions and respond to the next challenge, whether we planned for it or not, and with that understanding, they focused on the best system for that purpose. They saw the value of keeping the system separate but tightly integrated with their IT infrastructure. They made the decision that put them in a leadership position to help drive our transformation − not simply do what felt best in the short term by deciding to stay on their platform with a tool that didn’t meet everyone’s needs. Everyone is thrilled with the decision and what potential the future now holds, with IT and the business being better ready to collaborate on how to drive digital transformation.”
If you wind up with the bad ending (#1 above), IT will be missing a chance to lead in a much more transformative way. The business will be living with less visibility into their operations because the system will be lacking information. This will be because users are less engaged and less efficient in their ability to add meaningful information to the system. And, ultimately, this will result in an organization that cannot pivot or respond as well as situations change. But with the right vision, IT can lead with the business to avoid short-term thinking and accept that the right choice is not always one platform.
- IT should equip its leaders to take a leading role in post-pandemic digital transformation of the organization’s resilience abilities by understanding the business from all angles, including a customer perspective.
- Becoming more resilient requires a deeper understanding of how technology is being used to deliver the complexities across the business and what is most critical from a customer viewpoint.
- This requires cross-functional leadership in risk and resilience that will create the best experience for business and IT together.
- IT’s leadership is needed to select the right technology for managing operational resilience that is sufficiently integrated with, but properly separated from, the IT core systems.
- A resilience information management system that flexes to the organization and engages everyone in a way that makes sense to them is critical.
- IT leaders can best enable a resilience culture by avoiding a short-sighted decision to add the next module to the IT platform that happens to be called “operational resilience” and instead engage with the business to understand how the right technology can deliver visibility, agility, efficiency, and engagement across the organization to build a long-standing culture of resilience.
- Gartner, Inc., The Roadmap to CISO Effectiveness, Published November 2, 2020, ID G00735094, gartner.com.
- Gartner, Inc., Understand the Board’s Priorities and How They Shifted in 2020, Published September 11, 2020, ID G00733918, gartner.com.