CIOs who help create corporate strategy also find themselves responsible for the risks that come with it. These are not the traditional IT-centered aspects of risk management, such as disaster recovery and data security. Rather, CIOs must now manage fundamental corporate risks as serious as outdated business models that threaten to kill the company or faulty processes that could harm employees or customers.
Squashing looming business risks stands out as a key theme among the winners of our annual CIO 100 awards. We honor companies whose projects put IT innovation in the center of their growth strategies. Many of this year's winning projects demonstrate how CIOs lead the way in changing how colleagues work, thereby mitigating profound risks to the company.
"We in this profession have to frame our work in terms of risks and payoffs to the business, not technology projects to check off," says Paul Stamas, vice president of IT at Mohawk Fine Papers, a paper mill that is expanding into digital publishing. Stamas, his CEO and the rest of the company kicked off a corporate transformation two years ago, after they saw a bleak future for Mohawk if it continued to rely on dead-tree paper manufacturing as its only business, he says. In his winning project, Stamas raced to set up an IT infrastructure in the cloud that would let the company experiment with new business models.
It's easier to identify serious business risks when you see the company as a collection of processes--such as dreaming up new products or interacting with customers, says David Kruzner, co-head of consulting at iGate, a consultancy and outsourcing company. The places where those processes slow down or fall apart point to risks that can rot the very core of the company, Kruzner says.
CIOs are as accountable for making change successful as the CEO or the head of the department where the change is happening, he says. "CIOs are co-owners of change."
To smooth the way, CIOs have to take several steps to make sure colleagues are ready for change. Before any work begins, you should meet with the non-IT peers who are asking for the project and have a brass-tacks talk. Discuss how the company has agreed to spend the money and how everyone's excited about the business case but none of it will materialize until--and this is the brassy part--business leaders commit part of their time, staff and budget to the work. "I've seen CIOs say, 'If I don't have you, I'm not doing it,'" Kruzner says.
This year's CIO 100 winners got those commitments and used IT-led innovation to vanquish various types of business risk.
Risk: Losing Customers, Damaging the Corporate Reputation
Remember the ancient days in 2010 when you couldn't get the iPhone on any network other than AT&T? The moment Apple and Verizon finally struck a deal that year, Shankar Arumugavelu, CIO of Verizon Wireless, knew that pent-up demand for a Verizon-compatible version of Apple's phone, set to launch in 2011, might sink his customer order system. He did not want IT problems to hamper Verizon's sales to existing customers, new customers and especially, in competitive spirit, AT&T defectors, he says. He also didn't want to risk damaging Verizon's reputation in these times of angry tweets and intense media coverage of iPhone mania.
The IT group designed the Iconic Phone Launch portal, a Web-based system made to handle an onslaught of orders for popular devices. The team finished the design in October 2010, which left Verizon three months to build, test and deploy it before Apple released the new phone. In addition to high transaction volumes, the portal had to handle pre-orders and back orders, which were unheard of before smash hit phones like the iPhone and Droid Razr, he says.
Another complication: Many AT&T customers switching to Verizon would want to keep their old cell numbers. Arumugavelu made sure the third parties that port phone numbers could connect their systems to the portal. "We had to make sure that didn't become our weakest link" and cost the company customers, he says. "First impression is everything. We take it seriously."
On a regular day, Verizon Wireless sells about 60,000 devices. On the day in February 2011 when the iPhone 4 debuted on Verizon, the system handled peak volumes of 160,000 orders per hour. The portal also cut order-processing time from eight minutes to four. "This was a big event," he chuckles. And a flawless one, made all the sweeter as he watched AT&T's systems falter.
If the portal had started to slow, Verizon was ready with a Plan B, which entailed processing orders without using functions deemed nonessential. For example, if an order was placed by an existing Verizon customer, the system wouldn't bother with real-time credit checks, to save time and decrease network traffic, he says. Instead, under this Plan B, the credit checks would come later, during less-busy hours.
It was critical, Arumugavelu says, that the portal not only address the big business risks that would result from the deluge of orders but also handle the smaller risks that crop up along the way. Building real-time fraud detection, including credit checks, into the ordering process means Verizon can stop iffy transactions before they go through, eliminating the need to revoke orders later, after losing money as bad actors skip out on payments. Such technology-enabled changes in business processes have saved Verizon $300 million so far, he says.
Verizon Wireless plans to use the portal as the foundation of a new point-of-sale system that works across all its channels--physical stores, website, customer call center and indirect outlets such as other retailers.
Risk: Getting Beat by Competitors, Getting Stuck for Multimillion-Dollar Refunds
Boeing predicts that in the next 20 years, the air travel industry will need 34,000 new planes to meet flying demand worldwide. That's potentially $4.5 trillion worth of planes. But all that business could easily remain out of Boeing's reach, executives at the $68.7 billion company realized.
Why? Boeing has an order backlog that, if nothing changed in its processes or technology, would take seven years to fill. Delays in producing the company's vaunted Dreamliner, for example, have already cost Boeing millions. One customer, Air India, ordered 27 Dreamliners in 2006 and received the first one just this June, three years late. The airline demanded up to $1 billion in compensation for its trouble; Boeing offered $145 million. The companies recently agreed on an undisclosed sum.
Simply put, Boeing has to get its factories working faster, says CIO Kim Hammonds, "for Boeing to realize its potential in the marketplace."
Before Hammonds thought about technology changes, she worked with non-IT leaders to figure out how to improve the workflow by making changes in the engineering, manufacturing, quality-assessment and supply-chain processes. Each of these monster systems involves hundreds of applications. To focus the evaluation, Hammonds' team looked at how individual people did their jobs daily to see where the existing technology helped or hurt.
A mechanic on the shop floor trying to open a set of plans might have to wait 10 seconds to see a digital 3-D drawing and its associated documents, which tell him what parts are needed to build the object the illustration shows. Lots of small waits add up to slow manufacturing, she says. But Boeing needs big changes, too, or it won't achieve the production rates it needs. Right now, the company makes 3.5 Dreamliners a month, but it expects to build 10 a month in 2014, Hammonds says.
To get there, manufacturing, engineering, quality management and supply chain applications were upgraded, and the interfaces between the systems were overhauled to simplify processes such as ordering parts, updating contracts and scheduling plane production. In all, Boeing rolled out 35 new applications, enhanced 100 others and tweaked 50 interfaces. The project is one of the largest in Boeing's history, with more than 500,000 man-hours spent on it.
Stepping up Dreamliner production is just part of Boeing's larger goal of increasing manufacturing rates by 40 percent within the next three years. That will take years off its backlog and make room for new orders, Hammonds says. "We needed to do this."
Risk: Death, Environmental Damage, Financial Losses
Jim Noble, senior vice president of IT at Talisman Energy, "watched with horror" as the BP oil spill unfolded in the Gulf of Mexico in 2010. He had left BP two months before the explosion at BP's drilling site, which killed 11 people and released nearly 5 million barrels of oil.
Noble doesn't know exactly what went wrong for BP, but he takes the oil industry's inherent risks to heart. "In our business, we want people to go home at night safe and sound. You don't have that if you're working at a hedge fund or in retail."
So Talisman built a system designed to reduce the risks it faces. It can cost up to $100 million to put together a deep-water drilling expedition and $1 million a day to run it, but only about one in three expeditions turns up valuable oil. Refining the process of building and running a successful rig will save money and lives, he says.
Noble's team pieced together a system that tells Talisman more than it ever knew about what's happening at a deep-water drilling site, almost as soon as it happens.
Rigs erected 150 miles offshore plunge a mile through the ocean and another mile or more into the sea floor. Weather and other atmospheric changes, problems with equipment or a lack of information can lead to poor decision-making. "Standing on one of these drilling rigs with 30-foot waves breaking over you, it's dark and noisy," he says. "You're just not giving the job your full, undivided attention. That's when people make mistakes."
Talisman enabled high-bandwidth communications at the drill pipe to transmit thousands of megabits of data per second from sensors on the drill bit, including temperature, pressure, speed and depth. To avoid the half-second or one-second latency of satellites, Talisman is implementing a technique used by the military to bounce microwave signals off the troposphere, a moist layer of the Earth's atmosphere.
Talisman also built a real-time dashboard to bring together geoscience, drilling and engineering data that had previously remained in three separate systems. Visualizations of the data show scientists (warm and dry at Talisman's headquarters) what's happening at the wells so they can advise the crews to adjust the drilling equipment accordingly. They can guide the drill bit to avoid obstacles as it digs, for example, and respond to emergencies faster and with more accurate information.
Before the new processes and technology were in place, Talisman experts could make drilling decisions every five to 15 minutes. Now adjustments can be made every second, he says.
Talisman has been able to reduce staffing on the rigs, as well as the number of times employees had to perform "interventions" on the machinery to fix or avoid a problem. Lost-time incidents, where work is stopped or slowed because of safety issues, are down. No one wants another BP disaster. "Failure to detect and adequately respond to these changing conditions can cost hundreds of millions to billions [of dollars] and, unfortunately, people's lives," he says. "[We] want to do something to avoid it ever happening again."
Risk: Failing Compliance Audits, Catastrophic Patient Treatment Delays
Last year the emergency department of the Christiana Care Health System handled 172,000 patient visits, including 3,841 traumas--incidents where a person's limbs, organs or life itself are at risk. Information about what happens to each patient must be recorded to comply with regulations, to keep accreditations and to be available in case of audits, internal peer reviews or legal requests. Until recently, a good chunk of that work was done by sharp-eyed staff with pen and paper.
For example, a clinician treating an emergency room patient often wants to consult with a neurologist, cardiologist or other specialist on call. The clinician would have to take a minute or two to find a clerk to make the call. The clerk would do so, then log the calls on paper, noting the time of the outbound call and of the response. About 150,000 calls to and from clerks are logged per year. It wasn't possible to do any systematic analysis of this paper information, and gathering data for audits and certification requirements or to respond to complaints or lawsuits was "a huge burden. [The paper logs] were stored on pallets in an Iron Mountain warehouse that required forklifts to pull the books for people to review," says Randall Gaboriault, CIO. "It would take hours and hours to go over logs."
When a trauma patient enters the emergency department, a nurse must document which areas of the body each clinician treats. Christiana nurses had traditionally done this by observing and writing the information down. They had to know people, even behind their surgical masks, or ask who was who amid the chaos. Such documentation is necessary not only for internal performance monitoring and legal issues but also to qualify for accreditation as a level one--the highest level--trauma center.