Offering regional and national programs, CIO (and CSO) events bring together some of the most respected names and thought leaders in information technology and security. Presented by CIOs and other senior level executives, these invitation-only programs offer timely topics and strong networking. Learn More »
Webcast: In the Google Apps Cloud: How to Achieve Your Business Objectives
Dec 3rd, '09, 1 - 2 pm US/Eastern (GMT-5)
Join Council member Brent Hoag, Director, Global IT, at JohnsonDiversey, as he discusses the adoption of Google Apps which has helped meet four corporate goals; sustainability, simplification, increased employee productivity and global collaboration.
Webcast: Collaboration Initiatives: Benchmarks & Best Practices
Dec 15th, '09, 4 - 5 pm US/Eastern (GMT-5)
Join Council members Ruth Thorpe, VP & CIO at the U.S. Pharmaceutical Operations of Sanofi-Aventis, and Gary Kuyper, CIO at Bethany Christian Services, as they speak about their collaboration initiatives and experiences in how and why they chose the social networking and collaboration tools they are using and their business goals for collaboration, and facing culture change challenges.
Data Overview: Collaboration Initiatives Field Guide: Benchmarks & Best Practices
This appendix to the Council Field Guide provides an analysis which discusses benchmarks for collaboration IT implementation costs, adoption rates and payoffs. The overview identifies top IT and business goals and satisfaction rates for collaboration initiatives as well as best practices and lessons learned for implementing collaboration IT.
Learn more about the CIO Executive Council »
The Accountability Trap
Accountability without authority is a recipe for failure. Here's how to make sure it doesn't happen to you.
June 27, 2008 — CIO —
Allison was recently appointed Chief Compliance Officer in the IT department of a huge financial services company, and was set up to fail from day one.
The set-up was pretty obvious to an outsider, but not to her. She enthusiastically told me of the importance of regulatory compliance in their industry and the stature of her position as the one person accountable for the compliance of the entire IT function.
"The regulators require a single point of contact," she explained. "We need to ensure consistent processes and metrics throughout the organization. And our CIO gave me the authority to make it happen."
I was reminded of past discussions with Chief Security Officers, quality managers in the pharmaceuticals industry, and business continuity managers. All these people had been made accountable for other people's compliance, and believed they had the authority to control other people's behaviors.
Sigh. I hated to burst Allison's bubble. But time and again, history has proven that this approach doesn't work. Here's why:
Executives have businesses to run, and they're not going to let a compliance officer tell them how to do it. Sure, they'll comply when it's easy or when they really have to—with the big, visible initiatives. But on a day-to-day basis, Allison has three factors going against her:
1. Others are not being held accountable for their own compliance—she is. Why should they put effort into something that's outside their own personal performance objectives?
2. Executives are held accountable for business results, and they aren't going to let Allison cause them to fail at that. They're not going to change their processes or disrupt their operations to help with her objectives.
3. Allison is the one who's accountable. So if others mess up and bad things happen, she'll take the fall.
Allison may as well have been given the title, "Chief Scapegoat."
The Path of Accountability
The trap of the scapegoat occurs in many situations beyond compliance. It may be that ITIL "process owners" are tasked with implementing changes in the way the rest of the IT organization works. Or perhaps IT is asked to implement ERP and takes responsibility for changing clients' business processes.
The organizational principle that applies in all these situations is straightforward: Accountability and authority must flow down through the solid lines of the reporting hierarchy. It must never flow sideways such that someone is given accountability or authority for peers' behaviors.
Connecting Capital Planning, Construction, and Everything in Between
How to Accelerate ROI on Governance
The Tripwire HIPAA Solution
Beyond PCI Checklists: Securing Cardholder Data
Best Practices to Mitigate Risk
PCI Compliance
Enhance SAP
Extending Client Refresh - 11 Steps to Maximize Savings
CIOs Weigh In On Virtualization
Jim Malone, Editorial Director of CXO Media's C...
Beyond Installing ITPM Software: How a global company reduced risk and successfully implemented ITPM
IT Consolidation Made Easy
Taking a Seat at the Executive Table: The Reality of Virtualization
Resource Alerts
Get instant email notifications by topic when white papers, webcasts, and case studies are added to our library.
Cisco Pedigree Wins Over VCs
Hacks of Chinese Temple Were Online Kung Fu, Abbot Says
Jolicloud Aims to Steal Chrome OS's Netbook Thunder
Check Point Tackles Web 2.0 Apps and Social-Site Widget Control
Is Federal Stimulus Money Being Used for IT Hardware, Not Hiring?
Obama Backs U.S. Return to Math, Science, Tech
HP Reports Solid Q4 on Services Growth
NTT DoCoMo Moves Up Date to Shut Off 2G Mobile
Sanyo Delays Increase in Solar Cell Production
RIM, Motorola Latest Defendants in Visual Voicemail Suit
