IT Value Maximisation Is a Boardroom Issue

19 February 2008 Ade McCormack

Ade McCormack, founder of Auridian, explains his theory of the 'IT Value Stack' and its bearing on corporate governance.

There is a lingering feeling amongst business leaders that investment in IT is not yielding an appropriate return in respect of business value. This is exacerbated by the fact that the IT industry has not worked out how to articulate the value IT delivers in a meaningful manner.

To address this, I have developed a methodology called the IT Value Stack that provides a framework for levering maximum business value from one’s IT investment and how to measure that value.


IT matters, and it matters to the extent that IT is increasingly core to many businesses. What gives an airline its competitive advantage? It is not the type of planes they use or the service level of the baggage handlers, though they do have the potential to negatively impact value.

"The most successful organisations will be those that have a CEO who has come up through the IT department."

I would contend that the airline's competitive advantage comes from its knowledge of its customers and its ability to price in accordance with the market and still make a profit. This requires sophisticated use of IT.

From this perspective, the airline starts to look more like an information management business. Once that fact is recognised, it makes perfect sense to insource all differentiating IT systems while outsourcing the non-differentiated.

In such businesses there should be IT representation at board level, and the most successful organisations will be those that have a CEO who has come up through the IT department.

This line of thinking is apocryphal to boardrooms of a certain age, but the iPod generation will find this much easier to come to terms with.  


Both private and public sector organisations are expected to practice good governance. In a perfect world every organisation would impose and adhere to its own high governance standards. Enron, Worldcom, Parmalat, to name but a few, have reminded us that this is not always the case. This has prompted external regulatory bodies to impose external standards in certain markets.

Sarbannes-Oxley is an example of compliance legislation, where the burden of adherence is significant, and the consequences of non-compliance are both deep and dire. Prison has become a hot topic amongst the boardrooms of many US-quoted companies.

Regardless of whether or not this legislation is an over reaction to the fear that a lack of faith in US industry will lead to a collapse in the associated stock markets, it exists and it must be taken seriously.

As organisations embark on the path to compliance, they soon discover that the controls needed to demonstrate good governance are underpinned by IT. Thus, the robustness of those controls is in direct proportion to the quality of the IT department.

Given that the IT department is generally treated as a ‘black box’, this moves IT from being an ancillary service of no great import to a major potential business risk. To establish the level of risk, the executive team has to open the lid of the box. And in many cases, what they see will shock them.


We all understand the concept of engineering, and associate good engineering with reliable brands such as BMW and Bang and Olufson. The IT industry contains many exemplars of good engineering practice, though good practice is more associated with the world of hardware.

Software engineering is another story. Software, being more malleable, is generally subjected to less testing, with little to no design and scant analysis. Generally, software engineering has become a term associated with a narrow band within the software spectrum, namely real-time development, where the consequences of software failure are profound.

"CIOs seem to talk in jargon rather than business objectives, profit and risk."

Imagine a vendor having to recall half a million mobile phones because of a glitch in the embedded call management software. Real-time developers practice engineering, the rest of the software market generally does not. Or in some cases, decides to let the customer/user inadvertently do the testing by releasing the software prematurely.

Today, hardware is a commodity. The real value of the IT investment lies in the software. If that software has been thrown together rather than engineered, then the quality of the governance control is questionable.

From my perspective, software engineering was abandoned in the nineties. A more casual approach to software development followed. The IT industry will ultimately benefit from the increased focus on corporate governance, which has in turn spawned the concept of IT governance.

IT departments will soon be trawling through their archived documentation looking for good practice manuals, which will in turn trigger a resurgence in ‘software engineering methodologies’.

The IT investment needs to be managed with care. Reckless software development undermines that. Many IT departments have a lot of work to be removed from the executive risk register.

My concern is that the opening of the black box and the associated disillusionment with what is inside could trigger a new wave of negativity towards the IT industry, in turn starting the next technology ice age.


If the CIO is given a place at the top table, then these problems are less likely to fester. Most organisations have not grasped this and will continue to treat the CIO as a miscreant son who is occasionally called into the library for a stern talking to.

This has to change, although it is unattractive to many executives that the average CIO behaves more like a mature techie than a politically aware businessperson. Such CIOs seem to talk in jargon rather than business objectives, profit and risk. Consequently, they are not welcome.

This is a job for Human Resources to groom the CIO to be equipped for the executive team. It would probably be good practice to avoid taking on a CIO unless they are in possession of executive DNA.

So these issues will continue to fester until the next-generation CIO becomes the norm rather than the exception.

Smart CIOs have tried to catch the CEO’s attention, as they recognise IT has a role to play in creating competitive advantage. But trying to do that via the CFO, whose eye is on cost rather than innovation (which is defined as ‘a type of risk’ in financial glossaries), is a real challenge. This arrangement must change.


This lack of IT voice and a general disdain for IT has made it easier for organisations to entertain the idea of outsourcing. Globalisation has made offshoring a natural extension of this.

Outsourcing the black box in its entirety may give the executive team a sense of relief in that they have handed over their IT risk to an 'expert', but as we have seen, this is not sound move.

"By outsourcing all your IT, you have in effect put your corporate governance in the hands of a third party outsourcer."

There are many reasons why this is not a good decision, not least when your core business is information management. By outsourcing all your IT you have in effect put your corporate governance in the hands of a third party outsourcer, as they now ‘own’ your controls.

Any CIO could have told you that, but not when they are several layers of management away. Over time, organisations will realise that only specific activities should be outsourced, and certainly not the business controls.

The mistakes of the board in respect of outsourcing will deepen the distrust they have in technology. Over zealous vendors are certainly a guilty party. The lack of strategic counsel in respect of IT is the real problem.

The lack of trust between the CIO and the boardroom means that any attempts by the former to flag this are misconstrued as an act borne out of self-interest.

Such organisations typically receive their guidance from the outsourcing vendor.

Resolving the issue of IT value maximisation is a non-trivial exercise. IT requires nothing short of an organisational overhaul. The first step is for the boardroom to realise that this problem is rooted in the lack of IT leadership within the organisation.

Ultimately, IT leadership is a boardroom responsibility and not one that can be abdicated to the IT function.

Copies of The IT Value Stack: A Boardroom Guide to IT Leadership can be ordered through