by Clint Boulton

CIOs on the hook for governance as automation rises

Nov 12, 20208 mins
Artificial IntelligenceBPM SystemsCIO

With business leaders increasingly pushing for automation, CIOs must step up to help guide how and where such technologies should be deployed.

interconnecting gears / process / automation / machinery / mechanism / efficiency
Credit: Anawat S. / Getty Images

Automation technologies are becoming woven throughout the fabric of virtually every company, raising the question of IT’s role in governing such capabilities. CIOs can and should provide guardrails to make sure automation technologies run properly — if the business will only let them, experts say.

That if is the sticking point: Most business lines procure technologies for their teams with involvement from IT. Some IT leaders welcome such independence, while others view it as a slippery slope that courts risk. Regardless, the democratization of technology services enabled by machine learning (ML), artificial intelligence (AI), robotic process automation (RPA) and low-code/no-code solutions is growing more ubiquitous across business lines. And it appears here to stay.

“It comes down to what is the best enabler for the business,” says Tim Langley-Hawthorne, CIO of Hitachi Vantara. “Sometimes you just have to get out of the way.” 

Getting humans out of the way is one of the main goals of the automation revolution blanketing businesses worldwide. Software bots automate routine business processes, such as populating insurance forms with data that humans traditionally entered via pen and paper, then keyboards. Physical robots move anything from parts to merchandise, while their robotic coworkers place it in boxes, and other machines clean floors. Chatbots retrieve low-level information for inquiring consumers throughout the customer service value chain. And that’s to say nothing of the various other tasks offloaded to high-caliber ML and AI algorithms.

With automation like this, who needs humans? Yet entrusting too many functions to automation without governance can be a bit like letting lunatics run the asylum; it’s destined to end poorly. “You can blow your leg off if you’re not careful,” says Dion Hinchcliffe, an analyst for Constellation Research, of relying on automation without proper guidance.

A tale of two types of CIOs

CIOs generally fall into one of two camps: technologists with computer science chops and those with business backgrounds in sales or consulting. The former tends to like to lock things down, while the latter is often more permissive. IT typically has more control over custom software, but rise of SaaS (software-as-a-service) has made it easier for business lines to get capabilities they require without IT.

Tim Langley-Hawthorne, CIO, Hitachi Vantara Hitachi Vantara

Tim Langley-Hawthorne, CIO, Hitachi Vantara

For instance, Hitachi Vantara business staff didn’t ask for IT’s blessing when they purchased a SaaS tool to automatically generate OKRs (objectives and key results), but Langley-Hawthorne chipped in an integration with the company’s single sign-on capability — a gateway capability that qualifies as a guardrail. “Quite frankly, they didn’t need me,” Langley-Hawthorne says.

But that could change. Should business colleagues opt to integrate the tool into its Oracle ERP system, IT will have to be involved, Langley-Hawthorne says.

Langley-Hawthorne is also exploring how to use low-code technology to enable business users to develop automated solutions to traditionally manual tasks. His idea is to enable experimentation at the edge of the business, with the ability to reel it back in.

“My philosophy is to put basic guardrails and governance in place to try to make the business succeed,” Langley-Hawthorne says. 

Arthur Hu, CIO, Lenovo Lenovo

Arthur Hu, CIO, Lenovo

Technology springs up outside of the CIO’s governance as a natural business response to an unmet need, and automation capabilities are no different, says Lenovo CIO Arthur Hu. Invariably, however, a hammer is really just a hammer and there is a finite number of nails. At Lenovo, an RPA tool broke down when the business line implemented a few bots across a long tail of use cases, Hu says. “The scope got bigger and there was not enough standardization and validation of the use cases for RPA,” Hu says.

The RPA fail at Lenovo underscored how business users are hungry for self-service IT capabilities. Accordingly, Hu says the CIO should help guide business use cases, rather than squashing them.

Automation presents a paradox

IT can help recommend the proper tool, provide a framework for governance and reuse, and help manage the tool’s ability to scale, says Hinchcliffe, adding that CIOs can ensure that technologies comply with business processes and compliance rules and “don’t leak” sensitive information outside the company.

But from whence does governance spring? Should business leaders ask CIOs for help providing it? Or should CIOs insert themselves into an implementation to control it?

Given the various risks, which include cybersecurity breaches or failures to protect data privacy, the CEO and board should insist on governing automation, says Joseph Pucciarelli, an IDC analyst who advises IT executives. “There is an impetus and responsibility for leadership of an organization to balance empowerment with the effective use of resources,” Pucciarelli says. At the very least, business lines should want to loop in the CIO to provide cover for cyber and compliance risks.

Unfortunately, that is rarely the case, as most automation technologies, including ML, AI and RPA, are happening outside of the reach of IT, says IDC analyst Serge Findling, who researches digital transformation. And when the business has problems, it tends to be because they haven’t properly integrated it into IT systems. Therein lies the paradox, because IT, with its holistic view of data, architecture and business processes, is best positioned to govern the deployment of automation, Findling says.

Mark Settle, a former CIO with stints at Okta and IHS, summed up the failure of automation to take root in a Forbes column thusly, “Many automation crusades have lost their initial momentum by failing … to prioritize areas of opportunity that are aligned with strategic corporate objectives and the capabilities of individual tools. Some form of governance procedure involving senior business leaders is needed to target areas of maximum opportunity and prioritize proposed initiatives.”

Automation governance playbook

Enterprises that have demonstrated the most success with automation are leveraging a “center of excellence” (COE) model, a collaboration between business and IT to identify business use cases where automation could help, says Findling. Such a center fosters a continuous feedback loop in which models are updated quickly and governance is baked in from the beginning of each project.

SAP has embraced the COE as part of its operating model for weaving automation capabilities into its S/4 HANA ERP system, says Mike Hyland, director of the company’s S/4HANA Center of Excellence.

Today, more than 1,000 SAP engineers incorporate ML, AI, RPA and natural language processing into the company’s cloud software to generate predictions based on patterns gleaned from historical data, automatically populate data in fields, and process spoken commands for “situation handling,” Hyland says. The idea is that SAP affords companies critical automation capabilities running in the cloud while indemnifying them from worrying about cybersecurity, GDPR compliance and other regulatory risks. The guardrails for their transactional system-of-record are bought and paid for.

A COE provides a fine central command for enterprises to attain the Holy Grail: automation at scale, in which a company derives benefits across the full range of its business lines, says Settle. To automate at scale, enterprises should develop automation engineers, business process analysts and automation operations specialists. These staffers will helm competency centers and automation factories — COEs — that provide training, documentation and, ideally, guardrails.

The bottom line

Automation is becoming critical, as organizations lean increasingly on software that must be continuously updated to run their businesses, says Abby Kearns, CTO of Puppet, a provider of automated tooling for devops. 

Abby Kearns, CTO, Puppet Puppet

Abby Kearns, CTO, Puppet

“Software defines how businesses work, how they compete and engage with customers,” Kearns tells, adding that there simply isn’t enough tech talent to operate the hyperscale systems most businesses rely on. 

Tech organizations have leave to automate infrastructure, and to manage the deployment of apps at scale, but the business often has the discretion to automate business processes.

Even so, governance is critically important for global organizations consuming cloud services that could hop across several continents, Kearns says, adding that “every leader” must be involved in establishing and reinforcing the governance rules.