From the Other Side of the Table — CIO Questions to Potential Employers

Sitting on the opposite end on the board room table, CIOs need to understand the type of organization they will be joining. Having been on the other end several times, it is important to get a sense that you will be valuable as a CIO and most importantly have job satisfaction. Below are a few questions I think can help.

• What is your company’s mission and vision? What steps are you taking to accomplish them?
• Can you explain your company’s brand and how it has evolved?
• Can you describe your company’s growth (or lack there of) in terms of revenue and hiring over the last 5-10 years?
• What do you think distinguishes this company from its competitors, both from a public and employee perspective? How is technology used by your competitors? How is a CIO role used by your competitors?
• Can you explain your company’s structure and how a CIO role will fit in?
• How do you see the CIO role contributing to the success of the organization?
• Is this a new CIO position, or did someone leave? If someone left, why did they leave? If this is a new position why are you looking for a CIO now?
• How would you describe the company’s culture and leadership philosophy and style? Could you describe the type of employee who fits well with it?
• What are some of the technical problems facing your staff, and how to do you see the CIO role solving it?
• How is the technology department perceived today? What past steps have been taken to correct this perception? What steps were successful or not?
• What steps have the company done recently to show how it values its technology?
• How does management view the CIO role and the importance of the IT department?
• What is the company’s plan for the next five plus years, and how does the IT department fit into these plans?
• How do other executives view IT?  As a Business Peer/Game changer or Service Provider/Cost Center?
• How have various types of decisions been made (i.e. M&A, process changes, layoffs, loss of business, risks, new business)?
• How will my leadership responsibilities and performance be measured? By whom? How often?
• What would you say are the five most important skills/traits needed to excel in this position?
• What particular achievements would equate to success in this role? What would success look like?
• What challenges will this role face? What advice will you give to succeed?
• Are you most interested in a candidate who works independently, on a team, cross-functionally, or through a combination of them all?
• What is your ideal communication style? Do you meet regularly with your team, rely heavily on e-mail, use status reports or work primarily through other means?
• How much guidance or assistance is made available to employees in developing career goals?
• What resources will be available to the CIO to ensure success?
• How do you see me as a candidate for the job in comparison with an ideal candidate?
• Do you have any concerns about me or about my qualifications that may prevent you from selecting me for the role?

Systems Objective Scorecard

During the course of managing an IT department, it is important for IT management to understand areas of risks. There are standard best practices that can be engaged to score your department/organization. Below I have added some as a starting point. These are by no way complete.

 

Management and Planning

Objective 1

The staff responsibilities to information systems environment are assigned to specialized personnel.

Deficiencies in this objective could lead to not knowing and/or too many responsibilities associated to information systems.

 

Objective 2

The strategies about information systems, development plans and budget are mapped according to the strategic goal and company business.

Deficiencies in this objective could lead to the design, purchase/construction, development and system operations not responding to the company and business needs.

 

Objective 3

The selection of a service provider is based on company policies.

Deficiencies in this objective could lead to unsuitable service and inaccurate generated information, vulnerable or lack of integrity.

 

Objective 4

The services levels given by the provider are consistent with the Management expectations.

Deficiencies in this objective could lead to unsuitable service and inaccurate generated information, vulnerable or lack of integrity.

 

Objective 5

Users receive correct formation in use and handling the information systems.

Deficiencies in this objective could lead the incorrect use of information assets, which could cause generated information, were inaccurate, vulnerable or lacks of integrity.

 

Physical and Logical Security

Objective 1

Tools and security techniques are implemented and set up with the purpose of assuring a correct logical techniques level, narrowing the access to the programs, data and other information sources only for authorized persons.

Deficiencies in this objective could lead to unauthorized access and possible exposure, theft, modification, damage or loss of information, due to absence of proper policies, the lack of implementation of these measures on information systems and ignorance on the part of users of safety standards.

 

Objective 2

Tools and security logical techniques are implemented to monitor and control actions on information systems.

Deficiencies in this objective could lead to lack of control made actions on information systems, with possible impact in information confidentially, integrity and availability.

 

Objective 3

Information systems are correctly protected against external attacks and/or malicious codes.

Deficiencies in this objective could lead to unauthorized access and possible exposure, theft, modification, damage or loss of information.

 

Objective 4

Tools and security are implemented to allow access to information systems only to authorized users.

Deficiencies in this objective could lead to unauthorized access and possible exposure, theft, modification, damage or loss of information, due to an incorrect access profiles management.

 

Objective 5

All information resources are fixed by a correct security control, access to critical areas are restricted to authorized personnel.

Deficiencies in this objective could lead to unauthorized access and possible exposure, theft, modification, damage or loss of information, as well as failures or incidences in information systems working and other disaster or extraordinary accidents.

 

Objective 6

All company information resources are identified and managed.

Deficiencies in this objective could lead the incorrect of fraudulent use of equipment and/or data they have, leading in a possible exposure, theft, modification, damage or loss of information.

 

Applications Development and Maintenance

Objective 1

Development or maintenance applications of projects are consistent with the management’s intention.

Deficiencies in this objective could lead to the design, purchase/construction and systems development not responsive to the end users’ needs.

 

Objective 2

Migration process of replaced old applications is carried out accurately and completely.

Deficiencies in this objective could negatively impact information integrity and validity.

 

Infrastructures Operations and Maintenance

Objective 1

Infrastructure development or maintenance projects (database software, networks, equipment) are in consistent with the management’s intentions.

Deficiencies in this objective could lead to changes not responsive to the users’ needs.

 

Objective 2

Technological infrastructure are correctly identified and supported.

Deficiencies in this objective could lead to the changes not responses to the users’ needs, as well as a possible loss of knowledge in information assets.

 

Objective 3

Information systems levels of service providers are consistent with the management’s expectations.

Deficiencies in this objective could lead to the information systems not working correctly, resulting in potential risk to the availability of the information.

 

Objective 4

In disaster case, every essential business processes are recoverable in a defined time.

Deficiencies in this objective could lead to the information integrity and availability, due to incomplete, inaccurate or no recoverable data.

 

Objective 5

The information is kept in accordance to company laws, regulations and politics, could be recoverable, in case.

Deficiencies in this objective could lead to the information integrity and availability, be incomplete, inaccurate or not recoverable data.

CIO Blogs for July 2011

Reinvent Your Training Methods by Chris Curran

Available does not equal best by Eric D. Brown

Transitioning IT from a technical focus to a business focus by IT BS Watch

How to Kill Projects and Develop Agile Programs Part 1 by Isaac Sacolick

Free Answers From Google On How CIOs Can Be Better Managers  by Jim Anderson

ReBoot – 9 Career Lessons from Dilbert

From the Business Insider’s War Room here are “9 Career Lessons From Dilbert Comic Strips”

http://www.businessinsider.com/scott-adams-dilbert-2011-5#-1

CIO Blogs for January 2011

Better Communication: Technology Isn’t Always The Best Solution by Mike Schaffner

CIO as General Manager? by Mark Brewer

Can a CIO be successful without IT experience? Define your terms! by Peter Kretzman

Four Models for success for the CTO / CIO- CTOVision by Eric Brown

Why CIOs Need Management Power Maps To Get Anything Done by Jim Anderson

How To Cope When The Boss Is A Bully by Andy Blumenthal

CIO Blogs for December 2010

Lessons from Old Backups by Mark Brewer

Wikileaks Positive Side Effect for IT by Mike Schaffner

Predictions 2011 by Peter Birley

Holy Grail of IT, Operating Expense vs Capital Investment by Oh I See (CIO Inverted)

One CIO’s “lessons learned” in managing others by Peter Kretzman

Which IT project comes first – Legacy or Sexy? by Eric Brown

500 Meetings a Day by John D. Halamka

3 Skills That Most CIOs Are Missing by Jim Anderson

CIO Blogs for November 2010

Creating a vision by Don Lewis

One CIO’s “lessons learned” in managing others by Peter Kretzman

Is Project Management a skill or a technique? by Eric D. Brown

Selfishness and The Paradox of Emotional Intelligence by Andy Blumenthal

Creep

As the purveyor of everything IT, I am charged with making sure projects do not suffer from the dreaded scope creep.

As managers we know the productivity of the resources involved and how to allocate them, sometimes the requirements gathering fails and so does estimating costs and scheduling deliverables. This is often the case with application development. As the project moves through the software development life cycle (SDLC), requirement changes become increasingly more expensive and deliverable times become more protracted. This leads to project failure or cost/schedule overruns. Congratulations – your project has been diagnosed with “scope creep”.

What causes scope creep?

• Users make significant changes to the system after the requirements have been established.
• Users do not know what they want.
• Users do not know how to communicate what they need.
• Users realize what they need only after the demonstration of a prototype.
• Users do not want the system and use scope creep to perpetually stall the completion of the application.

How to prevent scope creep?

• Gather initial requirements definitions in a statement of work (SOW) and have users sign off.
• Properly maintain expectations to senior management and end-users.

An IT Steering Committee

Companies that have not emphasized IT in the business process suffer long-term issues where IT is not seen as a value driven department.

One way to overcome this fact it to create an IT Steering Committee. The purpose of this governing group is to look at strategic initiatives and align them with overall business direction.

It is important to comprise this group with business leaders that can help sell and obtain buy in from others in the organization. Without this support major initiatives are doomed to fail.

An example of a charter should be as follows:

Function of the Executive IT Steering Committee

This Charter establishes the Executive Information Technology Steering Committee as the group responsible for providing executive leadership in the development of standards, policies, and the prioritization of various initiatives.

The Executive IT Steering Committee will provide a stabilizing influence so organizational concepts and directions are established and maintained with a visionary global view. The Steering Committee provides direction on long-term strategies in support of the company’s mandates and business vision. Members of the Steering Committee ensure that the company’s Information Technology needs and objectives are being adequately addressed. In practice these responsibilities are carried out by performing the following functions:

• Identify and develop strategic initiatives
• Prioritization of initiatives
• Monitor and review initiatives at regular Steering Committee meetings
• Develop and review standards and policies
• Update standards and policies as emergent issues force changes to be considered, ensuring alignment with the Committee Charter as well as the objectives of the company
• Quality of deliverables
• Help to get buy-in across the organization
• Act as a sounding board

IT Steering Committee Membership

The membership of the Steering Committee was designed in order to provide representation across the organization, and to include managers of both Operational (“line”) and Support (“staff”) functions. 

CIO Blogs from June 2010

The 9 Best Project Management Techniques You’re Not Using by Chris Curran        

IT tall tales and why they’re told, or, why I stopped going to conferences by Peter Kretzman

Growing Pains by Don Lewis

First 100 Days as CIO by Isaac Sacolick

CIO Blogs from March 2010

Change Management by Mark Brewer

Licensing Challenges by Mark Brewer

Yes we can, yes we must: the ongoing case for IT/Business alignment by  Peter Kretzman

Outsourcing–When it works, when it doesn’t by Don Lewis

Is Creativity & Innovation enough? by Eric D. Brown

The VolksPad by Oliver Widder

Taking Control Of Your Technology by Mike Schaffner

What keeps CIOs awake at night by Oh I See (CIO Inverted)

10 Skills Every CIO Should Know How To Do

What skills does a CIO need to have to be able to be considered well rounded? Here’s my lineup of essential skills. Did I leave anything out? Let me know?

1. How to manage information
2. How to reboot a server
3. How to communicate in plain speak
4. How to manage their staff
5. How to negotiate with vendors
6. How to manage a budget
7. How to manage a project
8. How to ask for help
9. How to fight a battle
10. How to network