Six Experts Tell How IT Should Cope Post-9/11

It has become a clichŽ

The Sept. 11 terrorist attacks on New York City and Washington, D.C., changed everything. But "everything" covers a lot of ground. What, specifically, has changed, and how does it affect the way we do business? Even more specifically, how does this new world look from the CIO’s seat? We asked six experts what CIOs should expect and do in critical areas including security, supply chain and staff management in this putatively altered world.

GLOBAL BUSINESS

Importance of IT Just Went Up

DAVID DOBRIN

President, B2B Analysts, Cambridge, Mass., and CIO WorldView columnist

Before Sept. 11, many people thought we’d have a mild recession. No one believes that anymore. In certain industries?like electronics?people just aren’t buying anything.

CIOs need to provide timely, accurate reports on volatile business situations and do so with limited resources. For global and multinational businesses, this can be complicated. Many such companies have B2B systems with suppliers and partners. But what happens when things break down? For example, transportation across borders is no longer as reliable as it was before Sept. 11. Companies are very high velocity these days. Even having two weeks of demand disappear creates all sorts of surprises. For example, your company may have to build up inventory, but that’s pricey. What if you run out of warehouse space? The integrated supply chains companies have built can tolerate only so many variables.

Companies will have to redesign their supply chains. There will be less belief in the highly integrated, low-lead-time, low-inventory supply chain stitched together with IT. CIOs need to provide the business with the capability to be more responsive, to get advanced warnings from customers, to look at point-of-sale data from retailers and feed that back to manufacturing. In a recessionary environment, IT can make a huge difference because it can give companies early warnings about changing business situations.

Another big change will be in how business gets done. It’s absolutely clear that people aren’t traveling, but multinationals still have to communicate. There’s a demand on IT to use the Internet and telecommunications to accomplish what travel enabled before.

Suddenly there’s this huge demand for technologies such as teleconferencing and videoconferencing that previously few CIOs thought to be important. And it’s not just a question of installing technology. In virtual meetings, many participants don’t pay full attention. They are answering e-mail or surfing the Internet. With such technology-

facilitated meetings replacing personal communications, these contacts should be shorter and occur more frequently. Virtual meetings should also be supported by documents; action items written down at one meeting should be part of the agenda at the next meeting. Essentially, meetings have to be approached with a different discipline, and that will take time to learn.

Intercompany communication on a global scale also has challenges. There are cultural issues as well as practical ones like time-zone differences. Using technology to communicate instead of face-to-face contact has implications for network support, usage policies and firewalls. The good news: For multinationals, connection to the Internet isn’t much of an issue, nor is reliability. The Internet was designed for a nuclear attack.

The cost of business travel will now be spent on technology. CIOs will now be responsible for a large redeployment of resources. As communication technologies replace travel, the technology itself becomes more important, which means that managing the technology is more important.

RISK MANAGEMENT

Plan for People, Not Just Systems

JOHN MCCARTHY

Senior manager in information risk-management practice, KPMG, Washington, D.C.

One of the great lessons of this tragedy, and others in the last decade, has been helping company leaders see the people in their organization as part of the risk-

management equation. Most companies have a business plan for technology failure?things like someone putting bad software on the system or dealing with a security or hacker threat. Now what we’re seeing post-Sept. 11 is the recognition by leadership that there’s an even greater need to understand people processes in the context of risk management and disaster recovery.

Companies need to think about how they will take care of their employees, account for the missing and deal with the families in the event of a fire, a flood or an explosion in the building. How will you take the services and processes handled by those people and transfer that responsibility to another part of the organization so the business can continue dealing with a disaster? You can’t let a major disaster stop the entire organization from doing anything else?you have to look at how you can separate the tragedy from the necessity to keep delivering services. You have to know what the critical functions are and how to continue them in the face of disaster. How will you communicate internally and externally? You must figure out how you will talk to industry peers and associations, and how you will deal with state, local and federal authorities.

Also, think about how you will communicate with customers. How will you talk to them about the status of your business and your employees, particularly if the business?say, a financial institution?has a piece of the customer’s money?

A big lesson for CIOs and other leadership is that continuity management is not a line function. It’s a core function that must be managed from the top of the organization. CIOs are familiar with this, as they have long argued that technology also cuts across the business and needs attention from the executive team. After Sept. 11, CIOs will have a lot more credibility when making arguments for replicating critical systems. The case has been made graphically for CEOs that the kind of discussion that has gone on at the CIO and CFO level in terms of risk management aren’t way out there?they need to be addressed ahead of time. The watchword coming out of this is going to be enterprise risk management?no more point solutions. If you want to survive something this extreme, an enterprise approach is what will make the difference between making the business go or not.

SUPPLY CHAIN

Build Safety Stock, Then Forget You Have It

YOSEF SHEFFI

Head of the center for transport studies, MIT, Cambridge, Mass.

I think security is a long-term issue, and it may lead to some of the following mitigation strategies. One is deciding which parts are crucial for your production line and which parts can withstand a longer lead time. Usually these decisions are based on how well you can forecast demand for these items and how good the forecast is. For hard-to-forecast items, companies may want to start building some safety stock, but for the bread-and-butter items that are replenished day in and day out there will not be a big impact. Original equipment manufacturers are not going to increase their safety stock for items across the board?just the ones that are hard to forecast.

The other strategy is to have good suppliers. For example, the majority of your stock may come from overseas at low cost, but now you will have a secondary local supplier to whom you have to give some business right now. You can’t just keep them on standby. People always knew that you had to have more than one supplier, but it was OK to have one supplier in Taiwan and one supplier in Singapore because while one might have political or labor problems you always had the other. Now, introducing security into the equation, I may want one abroad and one in America.

Just-in-time manufacturing is here to stay. Smart companies may build some safety stock, but it will be independent of just-in-time. They will not give in to the temptation of using the safety stock, because there are lots of other benefits of just-in-time besides low inventory?specifically high quality and quick diagnosis of supply chain problems. With just-in-time you don’t have inventory to cover up your problems. Now you will have to act as if you don’t have inventory even though you do.

Inventory is a security blanket?it allows you to cover up your problems. The key to running just-in-time is to cover yourself from supply chain disruptions with some inventory or a local supplier. It will be a mistake to move to just-in-case.

The decision of when to use your safety stock depends upon the fundamental difference between something you control and something you do not. For example, if you have a disruption because terrorists attack the World Trade Center and the border is closed, there is nothing you can do to fix it. Then you use your safety stock. However, if your supplier starts shipping defective material, stop the line and fix the problem immediately as if you don’t have the extra inventory. With safety stock, the temptation is to say, "We have inventory, don’t worry about it." But that’s exactly when you need to address the problem.

LEADERSHIP

Balance Change with Routine

JOSEPH BADARACCO

Harvard Business School professor focusing on leadership and ethics, Cambridge, Mass.

The first thing for managers to consider is the importance of preparation. It’s true that preparation for Y2K helped many CIOs on Sept. 11 because they had redundant systems.

So contingency planning is important. But the kind of contingency planning most people do is "best case plus 20 percent," "worst case minus 20 percent." Sept. 11 presents us with a much more dramatic situation.

But there’s only so much you can do. There will always be things you can’t foresee. What you can do as a manager is keep all lines of communication open so you can communicate quickly when something unexpected happens, even something drastic. You’ve got to be ready to scramble?and not just as an individual but as a team. The team will always be more resourceful than a single person. Scrambling means learning about what’s happened quickly and formulating a response.

Another thing to consider is that it’s going to be very hard for people to differentiate between long-term and short-term changes after the Sept. 11 attacks. One scenario is that we really stamp down terrorism. Another comparably probable scenario is that there are more attacks, and we move into an Israel-like state, with permanent insecurity. Those are radically different worlds. It’s going to be hard to know for a while how things will turn out.

That said, people have a strong need for routines. Their old routines will assert themselves. From time to time, people will be pulled back, reminded. Maybe when they go into a tall building, for instance. This catastrophe reached people at a very deep level.

For the next couple of months, managers need to do two things?and these things are a bit contradictory. The first is to get back to work, because things need to be done and because people need routines. At the same time, managers have to find a way to give people space and let them work through this. You have to be sensitive to the way people are feeling. People respond to crises differently and at different speeds.

If flying is an inescapable part of someone’s job and they refuse to fly, at some point you’re going to have to find somebody else to do the job. At some point, the work has to go on. But somebody who says, "I can’t deal with flying now" might be willing to fly in a month.

Try to think creatively about other ways to get business done. My sense is that people relied on airplanes vastly more than they needed to. The cost and inconvenience of flying is very high. We’re getting streaming video from Afghanistan right now; I don’t understand why everyone’s got to fly to Des Moines.

I.T. STAFF

Lead Them Through the Transition

DAVID FOOTE

Cofounder and managing partner, Foote Partners, New Canaan, Conn.

When I talk with executives, one of the first references I use is Charles Darwin, who said, "It is not the strongest of the species that survive, nor the most intelligent, but the one most responsive to change." That’s true for companies and for our country as a whole right now. We’re certainly strong, but can we make a transition?

Change is the easy part; changes are situational, external. Transition is the response to change. Transitions are psychological, internal, focused on an ending. People don’t like endings.

A transition is the end of something but also the beginning of something. But the in-between is scary. Employees are focusing on what we’re losing?that’s happening big time right now. They know that life is not going to be the same, but they don’t know what that’s going to be like. It’s a transition to an unknown.

What you have to do for employees is create temporary systems to get through it. First off, you’ve got to get people talking about this. Bring in a psychologist or therapist. You have to acknowledge losses openly and sympathetically.

1 2 Page 1
Page 1 of 2
FREE Download: Learn how leading organizations are rising to the cloud security challenge