Offering regional and national programs, CIO (and CSO) events bring together some of the most respected names and thought leaders in information technology and security. Presented by CIOs and other senior level executives, these invitation-only programs offer timely topics and strong networking. Learn More »
Portfolio Management Maturity Model at Chevron - Presentation & Discussion
November 13, 11:30 AM - 12:30 PM ET (GMT-4)
The fundamental goal of the model is to help IT become a business partner and earn a seat at the table. Core to the model is to establish a five year IT strategic road map that is owned by the business. Presenter Janinne Franke is manager of strategy, planning & optimization at Chevron's corporate department & services. She will share processes and lessons learned from developing and implementing the model.
Learn more about the CIO Executive Council »
Apply today for a FREE subscription to CIO Magazine!
The Accountability Trap
Accountability without authority is a recipe for failure. Here's how to make sure it doesn't happen to you.
June 27, 2008 — CIO — Allison was recently appointed Chief Compliance Officer in the IT department of a huge financial services company, and was set up to fail from day one.
The set-up was pretty obvious to an outsider, but not to her. She enthusiastically told me of the importance of regulatory compliance in their industry and the stature of her position as the one person accountable for the compliance of the entire IT function.
"The regulators require a single point of contact," she explained. "We need to ensure consistent processes and metrics throughout the organization. And our CIO gave me the authority to make it happen."
I was reminded of past discussions with Chief Security Officers, quality managers in the pharmaceuticals industry, and business continuity managers. All these people had been made accountable for other people's compliance, and believed they had the authority to control other people's behaviors.
Sigh. I hated to burst Allison's bubble. But time and again, history has proven that this approach doesn't work. Here's why:
Executives have businesses to run, and they're not going to let a compliance officer tell them how to do it. Sure, they'll comply when it's easy or when they really have to—with the big, visible initiatives. But on a day-to-day basis, Allison has three factors going against her:
1. Others are not being held accountable for their own compliance—she is. Why should they put effort into something that's outside their own personal performance objectives?
2. Executives are held accountable for business results, and they aren't going to let Allison cause them to fail at that. They're not going to change their processes or disrupt their operations to help with her objectives.
3. Allison is the one who's accountable. So if others mess up and bad things happen, she'll take the fall.
Allison may as well have been given the title, "Chief Scapegoat."
The Path of Accountability
The trap of the scapegoat occurs in many situations beyond compliance. It may be that ITIL "process owners" are tasked with implementing changes in the way the rest of the IT organization works. Or perhaps IT is asked to implement ERP and takes responsibility for changing clients' business processes.
The organizational principle that applies in all these situations is straightforward: Accountability and authority must flow down through the solid lines of the reporting hierarchy. It must never flow sideways such that someone is given accountability or authority for peers' behaviors.
Stop mobility from jeopardizing PCI compliance with these best practices.
The PCI Data Security Standard
ITCi White Paper: Challenges and Opportunities of PCI
Proving Control of the Infrastructure
BlackBerry in the Regulatory Spotlight - A White Paper by Day Pitney LLP
Oxford International Modernizes Vehicle Order Management System for Leading European Automaker, an IBM Case Study
Find out what Forrester says about mobile endpoint security and its management.
Zen Master Series - The Transformation of Application Development with Ascendant Technology
IT Risk Management: Preparing for the Perfect Storm
The New "Black Art." Learn why few companies do DNS well. Why fewer can scale it.
Advanced DNS and Traffic Management Solutions: The Keys to Enhancing and Securing your Enterprise Network
The Power of Telepresence
Resource Alerts
Get instant email notifications by topic when white papers, webcasts, and case studies are added to our library.
Aster Data Updates 'frontline' Analytic Database
US Online Ad Growth Slows in 2008's First Half
CA Makes Virtualization Push, Stays Above VMware vs. Microsoft Fray
Massive Welsh Data Center to Fire Up Early Next Year
Pramati Developing Enterprise Collaboration Widgets
Bull Focuses on High-Performance Computing with Acquisition
Famitsu Publisher's Tokyo Game Show Picks
Report: AMD to Spin-Off Manufacturing
Oracle and SAP Fail to Settle TomorrowNow Lawsuit
Oracle and SAP Fail to Settle TomorrowNow Lawsuit
Just the basics, please. Sometimes we all need a refresher or we need to make sure our team and our colleagues are all on the same page.
Over 25 tutorials on everything from business intelligence to virtualization.
