Strategic Plan

Chapter 13 IT Governance and Management

In this chapter we discuss an eclectic but important set of information technology (IT) management processes, structures, and issues. Developing, managing, and evolving IT management mechanisms is often a central topic for organizational leadership. In this chapter we will cover the following areas:

IT governance. IT governance is composed of the processes, reporting relationships, roles, and committees that an organization develops to make decisions about IT resources and activities and to manage the execution of those decisions. These decisions involve issues such as setting priorities, determining budgets, defining project management approaches, and addressing IT problems. IT budget. Developing the IT budget is a complex exercise. Organizations always have more IT proposals than can be funded. Some proposals are strategically important and others involve routine maintenance of existing infrastructure, making proposal comparison difficult. Although complex and difficult, the effective development of the IT budget is a critical management responsibility. Management role in major IT initiatives. Senior management has an extremely important role in ensuring that major IT initiatives succeed and result in desired organizational performance gains. In other chapters of this book, management process for system selection, implementation, and value realization were discussed. In this section we discuss risk factors facing major initiatives and steps management can take to mitigate those risks. IT effectiveness. Over the years several organizations have demonstrated exceptional effectiveness in applying IT: American Express, Bank of America, Uber, Amazon, Schwab, and American Airlines. This chapter discusses what the management of these organizations did that led to such effectiveness. It also examines the attributes of IT-savvy senior leadership. IT to improve an organization's competitive position. IT is often used as a means to improve an organization's ability to compete. In this section we will discuss lessons learned from other industries from their efforts to use IT as a competitive asset.

IT Governance IT governance refers to the principles, processes, and organizational structures that govern the IT resources (Drazen & Straisor, 1995). When solid governance exists, the organization is able to give a coherent answer to the following questions:

Which committees and processes are used to define the IT strategy? Who sets priorities for IT, and how are those priorities set? Who is responsible for implementing information system plans, and what principles will guide the implementation process? How are IT responsibilities distributed between IT and the rest of the organization and between centralized and decentralized (local) IT groups in an integrated delivery system?

How are IT budgets developed? At its core, governance involves the following functions:

Determining the distribution of the responsibility for making decisions, the scope of the decisions that can be made by different organizational functions, and the processes to be used for making decisions Defining the roles that various organizational members and committees fulfill for IT—for example, which committee should monitor progress in an EHR implementation and what is the role of a department head during the implementation of a new system for his or her department? Developing IT-centric organizational processes for making decisions in key areas such as these: IT strategy development IT prioritization and budgeting IT project management IT architecture and infrastructure management Defining policies and procedures that govern the use of IT—for example, if a user wants to buy a new network for use in his or her department, what policies and procedures govern that decision? Developing and maintaining an effective and efficient IT governance structure is a complex exercise. Moreover, governance is never static. Continuous refinements may be needed as the organization discovers imperfections in roles, responsibilities, and processes.

Perspective The Foundation of IT Governance Peter Weill and Jeanne Ross have identified five major areas that form the foundation of IT governance. The organization's governance mechanisms need to create structures and processes for these areas.

IT principles: high-level statements about how IT is used in the business IT architecture: an integrated set of technical choices to guide the organization in satisfying business needs. The architecture is a set of policies, procedures, and rules for the use of IT and for evolving IT in a direction that improves IT support for the organization. IT infrastructure strategies: strategies for the existing technical infrastructure (and IT support staff) that ensure the delivery of reliable secure and efficient services Business application needs: processes for identifying the needed applications IT investment and prioritization: mechanism for making decisions about project approvals and budgets Source: Weill and Ross (2004, p. 27).

Governance Characteristics Well-developed governance mechanisms have several characteristics.

They are perceived as objective and fair. No organizational decision-making mechanisms are free from politics, and some decisions will be made as part of side deals. It is exceptionally rare

for all managers of an organization to agree with any particular decision. Nonetheless, organizational participants should generally view governance as fair, objective, well-reasoned, and having integrity. The ability of governance to govern is highly dependent on the willingness of organizational participants to be governed. They are efficient and timely. Governance mechanisms should arrive at decisions quickly, and governance processes should be efficient, removing as much bureaucracy as possible. They make authority clear. Committees and individuals who have decision authority should have a clear understanding of the scope of their authority. Individuals who have IT roles should understand those roles. The organization's management must have a consistent understanding of its approach to IT governance. There always will be occasions when decision rights are murky, roles are confusing, or processes are unnecessarily complex, but these occasions should be few. They can change as the organization, its environment, and its understanding of technology changes. For example, efforts to implement regional interoperability between EHRs will require new governance mechanisms that bring representatives from the partnering organizations together to deal with inter-organizational IT issues such as the allowable uses of shared data. Governance mechanisms evolve as IT technology and the organization's use of that technology evolve.

IT, User, and Senior Management Responsibilities Effective application of IT involves the thoughtful distribution of IT responsibilities among the IT department, users of applications and IT services, and senior management. In general, these responsibilities address decision-making rights and roles. Although different organizations will arrive at different distributions of these responsibilities, and an organization's distribution may change over time, there is a fairly normative distribution (Applegate, Austin, & McFarlan, 2007).

IT Department Responsibilities The IT department should be responsible for the following:

Developing and managing the long-term architectural plan and ensuring that IT projects conform to that plan. Developing a process to establish, maintain, and evolve IT standards in several areas: Telecommunications protocols and platforms Client devices, such as workstations and mobile devices, and client software configurations Server technologies, middleware, and database management systems Programming languages IT documentation procedures, formats, and revision policies Data definitions (this responsibility is generally shared with the organization function, such as finance and health information management, that manages the integrity and meaning of the data) IT disaster and recovery plans IT security policies and incident response procedures

Developing procedures that enable the assessment of sourcing options for new initiatives, such as building versus buying new applications or leveraging existing vendor partner offerings versus utilizing a new vendor when making an application purchase Maintaining an inventory of installed and planned systems and services and developing plans for the maintenance of systems or the planned obsolescence of applications and platforms Managing the professional growth and development of the IT staff [members] Establishing communication mechanisms that help the organization understand the IT agenda, challenges, and services and new opportunities to apply IT Maintaining effective relationships with preferred IT suppliers of products and services (Applegate, Austin, & McFarlan, 2007, p. 429)1 The scope and depth of these responsibilities may vary. Some of the responsibilities of the IT group may be delegated to others. For example, some non-IT departments may be permitted to have their own IT staff members and manage their own systems. This should be done only with the approval of senior management. And the IT department should be asked to provide oversight of the departmental IT group to ensure that professional standards are maintained and that no activities that comprise the organization's systems are undertaken. For example, the IT department can ensure that virus control procedures and software are effectively applied.

In general, the IT department is responsible for making sure that individual and organizational information systems are reliable, secure, efficient, current, and supportable. IT is also usually responsible for managing the relationship with suppliers of IT products and services and ensuring that the processes that lead to new IT purchases are rigorous.

User Responsibilities IT users (primarily middle managers and supervisors) have several IT-related user responsibilities:

Understanding the scope and quality of IT activities that are supporting their area or function Ensuring that the goals of IT initiatives reflect an accurate assessment of the function's needs and challenges and that the estimates of the function's resources (personnel time, funds, and management attention) needed by IT initiatives—to support the implementation of a new system, for example—are realistic Developing and reviewing specifications for IT projects and ensuring that ongoing feedback is provided to the IT organization on implementation issues, application enhancements, and IT support, ensuring, for example, that the new application has the functionality needed by the user department Ensuring that the applications used by a department are functioning properly, such as by periodically testing the accuracy of system-generated reports and checking that passwords are deleted when staff [members] leave the organization Participating in developing and maintaining the IT agenda and priorities (Applegate, Austin, & McFarlan, 2007, p. 431)2 These responsibilities constitute a minimal set. In Chapters Six and Seven, we discussed an additional, and more significant, set of responsibilities during the selection and implementation of new applications.

Senior Management Responsibilities The primary IT senior management responsibilities are as follows:

Ensuring that the organization has a comprehensive, thoughtful, and flexible IT strategy Ensuring an appropriate balance between the perspectives and agendas of the IT organization and the users—for example, the IT organization may want a new application that has the most advanced technology, [and] the user department wants the application that has been used in the industry for a long time Establishing standard processes for budgeting, acquiring, implementing, and supporting IT applications and infrastructure Ensuring that IT purchases and supplier relationships conform to organizational policies and practices—for example, contracts with IT vendors need to use standard organizational contract language Developing, modifying, and enforcing the responsibilities and roles of the IT organization and users Ensuring that the IT applications and activities conform to all relevant regulations and required management controls and risk mitigation processes and procedures Encouraging the thoughtful review of new IT opportunities and appropriate IT experimentation (Applegate, Austin, & McFarlan, 2007, p. 432)3 Although organizations will vary in the ways they distribute decision-making responsibility and roles and the ways in which they implement them, problems may arise when the distribution between groups is markedly skewed (Applegate, Austin, & McFarlan, 2007).

Too much user responsibility can lead to a series of uncoordinated and undermanaged user investments in information technology. This can result in these problems:

An inability to achieve integration between highly heterogeneous systems Insufficient attention to infrastructure, resulting in application instability High IT costs because of insufficient economies of scale, significant levels of redundant activity, and the cost of supporting a high number of heterogeneous systems A lack of, or uneven, rigor applied to the assessment of the value of IT initiatives—for example, insufficient homework may be done and an application selected that has serious functional limitations Too much IT responsibility can lead to these problems:

Too much emphasis on technology, to the detriment of the fit of an application with the user function's need: for example, when a promising application does not completely satisfy the IT department's technical standards, IT will not allow its acquisition

Perspective Principles for IT Investments and Management

Charlie Feld and Donna Stoddard have identified three principles for effective IT investments and management. They note that the responsibility for developing and implementing these principles lies with the organization's senior leadership.

A long-term IT renewal plan linked to corporate strategy. Organizations need IT plans that are focused on achieving the organization's overall strategy and goals. The organization must develop this IT renewal plan and remain focused, often over the course of many years, on its execution. A simplified, unifying corporate technology platform. This IT platform must be well architected and be defined and developed from the perspective of the overall organization rather than the accumulation of the perspectives of multiple departments and functions. A highly functional, performance-oriented IT organization. The IT organization must be skilled, experienced, organized, goal-directed, responsive, and continuously work on establishing great working relationships with the rest of the organization. Source: Feld and Stoddard (2004, p. 73).

A failure to achieve the value of an application because of user resistance to a solution imposed by IT: “We in the IT department have decided that we know what you need. We don't trust your ability to make an intelligent decision.” Too much rigor applied to IT investment decisions; excessive bureaucracy can stifle innovation A very high proportion of the IT budget devoted to infrastructure to the detriment of application initiatives as the IT department seeks to achieve ever greater (though perhaps not necessary) levels of reliability, security, and agility Reduction in business innovation when IT is unwilling to experiment with new technologies that might have stability and supportability problems Either extreme can clearly create problems. And no compromise position will make the IT department and the IT users happy with all facets of the outcome. An outcome of “the best answer we can develop but not an answer that satisfies all” is an inevitable result of the leadership discussion of responsibility and role distribution.

Specific Governance Structures In any organization there may be a plethora of committees and a series of complex reporting relationships and accountabilities, all of which need to operate with a fair degree of harmony in order for governance to be effective. Among them should be five core structures for governing IT:

A board committee responsible for IT A senior leadership forum that guides the development of the IT agenda, finalizes the IT budget, develops major IT-centric policies, and addresses any significant IT issue that cannot be resolved elsewhere Initiative- and project-specific committees and roles (this was discussed in the chapters on implementation and value) IT liaison relationships A chief information officer (CIO) and other IT staff members (described in Chapter Eight)

The Board The health care organization's board holds the fundamental accountability for the performance of the organization, including the IT function. The board must decide how it will carry out its responsibility with respect to IT.

At a minimum this responsibility involves receiving a periodic update (perhaps annually) at a board meeting from the CIO about the status of the IT agenda and the issues confronting the effective use of IT. In addition, financial information system controls and IT risk mitigation are often identified and discussed by the board's audit committee, and the IT budget is discussed by the finance committee.

Some organizations create an IT committee on the board. Realizing that the usual board agenda might not always allow sufficient time for discussion of important IT issues and that not all board members have deep experience in IT, the board can appoint a committee of board members who are seasoned IT professionals (IT academics, CIOs of regional organizations, and leaders in the IT industry). The committee, chaired by a trustee, need not be composed entirely of board members. IT professionals who are not on the board may serve as members, too. This committee informs the board of its assessments of a wide range of IT challenges and initiatives and makes recommendations about these issues.

The charter for such a committee might charge the committee to do the following:

Review and critique IT application, technical, and organizational strategies. Review and critique overall IT tactical plans and budgets. Discuss and provide advice on major IT issues and challenges. Explore opportunities to leverage vendor partnerships.

Senior Leadership Organizational Forum Most health care organizations have a committee called something similar to the executive committee. Composed of the senior leadership of the organization, this committee is the forum in which strategy discussions occur and major decisions regarding operations, budgets, and initiatives are made. It is highly desirable to have the CIO be a member of this committee.

Major IT decisions should be made at the meetings of this committee. These decisions will cover a gamut of topics, such as approving the outcome of a major system selection process, defining changes in direction that may be needed during the course of significant implementations, setting IT budget targets, and ratifying the IT component of the strategic-planning efforts.

This role does not preclude the executive committee from assigning IT-related tasks or discussions to other committees. For example, a medical staff leadership committee may be asked to develop policies regarding physician documentation of the problem list. A committee of department heads may be asked to select a new application to support registration and

scheduling. A committee of human resource staff members may be charged with developing policies regarding organizational staff member use of social media sites.

The executive committee, major departments and functions, and several high-level committees will regularly be confronted with IT topics and issues that do not arise from the organization's IT plan and agenda. For example, a board member may ask if the organization should outsource its IT function. Several influential physicians may suggest that the organization assess a new information technology that seems to be getting a lot of hype. The CEO may ask how the organization should (or whether it should) respond to an external event: for example, a new Institute of Medicine report. The organization may need to address new regulations: for example, rules being issued by CMS.

Some organizations create an IT steering committee and charge this committee with addressing all IT issues and decisions. The use of such committees is uneven in health care organizations. Approximately half have such a committee.

IT Liaison Relationships All major functions and departments of the organization—for example, finance, human resources, member services, medical staff affairs, and nursing—should have an IT liaison. The IT liaison is responsible for the following:

Developing effective working relationships with the leadership of each major function Ensuring that the IT issues and needs of these functions are understood and communicated to the IT department and the executive committee Working with function leadership to ensure appropriate IT representation on function task forces and committees that are addressing initiatives that will require IT support Ensuring that the organization's IT strategy, plans and policies, and procedures are discussed with function leadership The IT liaison role is an invaluable one. It ensures that the IT department and the IT strategy receive needed feedback and that function leaders understand the directions and challenges of the IT agenda. It also promotes an effective collaboration between IT and the other functions and departments.

Variations The specific governance structures just described are typical in medium-sized and large provider or payer organizations. In other types of health care settings, these structures will be different.

A medium-sized physician group might not have a separate board. The physicians and the practice manager might make up the board and the senior leadership forum. The group might not need a CIO. Instead the practice administrator might manage contracts and relationships with companies that provide practice management systems and support workstations and printers. The practice administrator also might perform all user liaison functions.

Perspective Improving Coordination and Working Relationships Carol Brown and Vallabh Sambamurthy have identified five mechanisms used by IT groups to improve their coordination and working relationships with the rest of the organization.

Integrators are individuals who are responsible for linking a particular organization department or function with the IT department. An integrator might be a CIO who is a participant in senior management forums. An integrator might also be an IT person who is responsible for working with the finance department on IT initiatives that are centered on that function; such a person might have a title such as manager, financial information systems. Groups are committees and task forces that regularly bring IT staff [members] and organization staff [members] together to work collectively on IT issues. These groups could include, for example, the information systems steering committee or a standing joint meeting between IT and nursing to address current IT issues and review the status of ongoing IT initiatives. Processes are organizational approaches to management activity such as developing the IT budget, selecting new applications, and implementing new systems. These processes invariably involve both IT and non-IT staff [members]. Informal relationship building includes a series of activities such as one-on-one meetings, IT staff presentations at department head meetings, and co-location of IT staff [members] and user staff [members]. Human resource practices include training IT staff [members] on team building, offering user feedback to IT staff [members] during their reviews, and having IT staff [members] spend time in a user area observing work. Source: Brown and Sambamurthy (1999, p. 68).

A division within a state department of public health would not have a board, but it should have a forum where division leadership can discuss IT issues. IT decisions might be made there or at meetings of the leadership of the overall department. Similarly, the CIO for the department might not have organized IT in a way that results in a division CIO. And the staff members of the department CIO might provide user liaison functions for the division.

Despite these variations, effective management of IT still requires

A senior management forum where major IT decisions are made A person responsible for day-to-day management of the IT function and for ensuring that an IT strategy exists Mechanisms for ensuring that IT relationships have been established with major organizational functions In addition, although the structures will vary, the guidance for the respective roles of the IT group, users, and management remains the same. The desirable attributes of the person responsible for IT are unchanged. And the properties of good governance do not change.

IT Budget

Developing budgets is one of the most critical management undertakings; it is the process that makes strategy real because it involves the commitment of resources. The budget process forces management to make choices between initiatives and investments and requires analysis of the scope and impact of any initiative—for example, it forces answers to questions such as, do we really believe that this initiative enables us to reduce supply costs by 3 percent?

Developing the IT budget is challenging for several reasons:

The IT projects proposed at any one time are eclectic. In addition to the IT initiatives proposed as a result of the alignment and strategic planning process, other initiatives may be put forward by clinical or administrative departments that desire to improve some aspect of their performance. Also on the table may be IT projects designed to improve infrastructure—for example, a proposal to upgrade servers. These initiatives will all be different in character and in the return they offer, making them difficult to compare. Dozens, if not hundreds, of IT proposals may be made, making it challenging to fully understand all the requests. The aggregate request for capital and operating budgets can be too expensive. It is not unusual for requests to total three to four times more money than the organization can afford. Even if it wanted to fund all of the requests, the organization doesn't have enough money to do so. And yet the budget process requires that the organization grapple with these complexities and arrive at a budget answer.

Capital and Operating The first category distinguishes between capital and operating budgets. Financial management courses are the best place to learn about these two categories. In brief, however, capital budgets are the funds associated with purchasing and deploying an asset. Common capital items in IT budgets are hardware and applications. Operating budgets are the funds associated with using and maintaining the asset. Common operating items in IT budgets are hardware maintenance contracts and the salaries of IT analysts. In an analogous fashion, the purchase of a car is a capital expense. Gasoline and tune-ups are operating expenses. Both capital and operating budgets are prepared for IT initiatives.

Support, Ongoing, and New IT Support refers to those IT costs (staff members, hardware, and software licenses) necessary to support and maintain the applications and infrastructure that are in place now. Software maintenance contracts ensure that applications receive appropriate upgrades and bug fixes. Staff members are needed to run the computer room and perform minor enhancements. Disk drives may need to be replaced. Failure to fund support activities can make it much more difficult to ensure the reliability of systems or to evolve applications to accommodate ongoing needs—for example, adding a new test to the dictionary for a laboratory system or introducing a new plan type into the patient accounting system.

Ongoing projects are those application implementations begun in a prior year and still under way. The implementation of a patient accounting system or a care coordination application can

take several years. Hence a capital and operating budget is needed for several years to continue the implementation.

New projects are just that—there is a proposal for a new application or infrastructure application. The IT strategy may call for new systems to support nursing. Concerns over network security may lead to requests for new software to deter the efforts of hackers.

Improve Current Operations or Strategic Plan Proposals may be directed to improving current operations, perhaps by responding to new regulations or streamlining the workflow in a department. Proposals may also be explicitly linked to an aspect of the health care organization's strategic plan—they might call for applications to support a strategic emphasis on disease management, for example.

Budget Targets During the budget process, organizations define targets for the budget overall and for its components. For example, the organization might state that it would like to keep the overall growth in its operating budget to 2 percent but is willing to allow 5 percent growth in the IT operating budget. The organization might also direct that within that overall 5 percent growth, the budget for support should not grow by more than 3 percent, but the budget for new projects and ongoing projects combined can grow by 11 percent. Table 13.1 illustrates the application of overall and selective operating budget targets.

Table 13.1 Target increases in an IT operating budget

Support Operations Strategic Initiatives Overall Target Ongoing and new 9% 15% 11% Support 3% 3% 3% OVERALL TARGET 4% 7% 5% Similarly, targets can be set for the capital budget. For example, perhaps it will be decided that the capital budget for support should remain flat but that given the decision to invest in an EHR system, the overall capital budget will increase to accommodate the capital required by the EHR investment.

IT Budget Development In addition to formulating the categories just described, organizational leadership will need to develop the process through which the IT budget is discussed, prioritized, and approved. In other words, it must answer the governance question, what processes will we use to decide which projects will be approved subject to our targets? An example of a budget process is outlined in this section and illustrated in Figure 13.1.

This process example has five components.

First, the IT department submits an operating budget to support the applications and infrastructure that will be in place as of the beginning of the fiscal year (the support budget). This

budget might be targeted to a 3 percent increase over the support budget for the prior fiscal year. The 3 percent increase reflects inflation, salary increases, a recognition that new systems were implemented during the fiscal year and will require support, and an acknowledgment that infrastructure (workstations, remote locations, and storage) consumption will increase. A figure for capital to support applications and infrastructure is also submitted, and it might be targeted to be the same as that budgeted in the prior fiscal year. If the support operating and capital budgets achieve their targets, there is minimal management discussion of those budgets.

Second, IT leadership reviews the strategic IT initiatives (new and ongoing) with the senior leadership of the organization. This review may occur in a forum such as the executive committee. This committee, mindful of its targets, determines which strategic initiatives will be funded. If the budget being sought to support strategic IT initiatives is large or a major increase over the previous year, there may be discussions about the budget with the board.

Third, the organization must decide which new and ongoing initiatives that improve current operations—for example, a new clinical laboratory or contract management system—will be funded. These discussions must occur in the forum where the overall operations budget is discussed, generally organizational meetings that routinely discuss operations and that include among their members the managers of major departments and functions. Budget requests for new IT applications are reviewed in the same conversation that discusses budget requests for new clinical services or improvement of the organization's physical plant.

Fourth, the IT strategy budget discussion and the IT operations budget discussion follow a set of ground rules:

The IT budget is discussed in the same conversations that discuss non-IT budget requests. This will result in trade-offs between IT expenditures and other expenditures. This integration forces the organization to examine where it believes its monies are best spent, asking, for example, Should we invest in this IT proposal or should we invest in hiring staff members to expand a clinical service? Following this process also means that IT requests and other budget requests are treated no differently. The level of analytical rigor required of the IT projects is the same as that required of any other requested budget item. When appropriate, a sponsor—for example, a clinical vice president or a CFO—defends the IT requests that support his or her department in front of his or her colleagues. The IT staff members or CIO should be asked to defend infrastructure investments—for example, major changes to the network—but should not be asked to defend applications. The ground rule that sponsors should present their own IT requests deserves a bit more discussion, because the issue of who defends the request has several important ramifications, particularly for initiatives designed to improve current operations. Having this ground rule has the following results:

It forces assessment of trade-offs between IT and non-IT investments. The sponsor will determine whether to present the IT proposal or some other, perhaps non-IT, proposal. Sponsors are choosing which investments are the most important to them. It forces accountability for investment results. The sponsor and his or her colleagues know that if the IT proposal is approved, there will be less money available for other initiatives. The defender also knows that the value being promised must be delivered or his or her credibility in next year's budget discussion will be diminished. It improves management comfort when dealing with IT proposals. Managers can be more comfortable with the IT proposal if one of their operations colleagues is defending it. The defender also learns how to be comfortable when presenting IT proposals. It gets IT out of the role of defending other people's operation improvement initiatives. However, the IT function must still support the budget requests of others by providing data on the costs and capabilities of the proposed applications and the time frames and resources required to implement them. If the IT function believes that the proposed initiative lacks merit or is too risky, IT staff members need to ensure that this opinion is heard during the budget approval process. In the fifth and final step of the process, the operations and strategic budget recommendations are reviewed and discussed at an executive committee meeting. The executive committee can accept the recommendations, request further refinement (perhaps cuts) of the budget, or determine that a discussion of the budget is required at an upcoming board meeting.

Management Role in Major IT Initiatives The failure rate of IT initiatives is surprisingly high. Project failure occurs when a project is significantly over budget, takes much longer than the estimated timeline, or has to be terminated because so many problems have occurred that proceeding is no longer judged to be viable. Cook (2007) finds that 35 percent of IT projects were successful, whereas 19 percent failed. The remaining 46 percent delivered a useful product but suffered from budget overruns, prolonged timetables, and application feature shortfalls.

Cash, McFarlan, and McKenney (1992) note that two major categories of risk confront significant IT investments: strategy failures and implementation failures. The project failure rates suggest that management should be more worried about IT implementation than IT strategy. IT strategy is sexier and more visionary than implementation. However, a very large number of strategies and visions go nowhere or are diminished because the organization is unable to implement them.

It is rare that leaders plan to fail. And yet they often do things or don't do things that increase the likelihood that a major initiative will fail. At times they don't appreciate the myriad ways that projects can go south and hence they fail to take steps to mitigate those risk factors. In the sections that follow we discuss factors that imperil implementations, factors that can be managed.

Lack of Clarity of Purpose Any project or initiative is destined for trouble if its objectives and purpose are unclear. Sometimes the purpose of a project is only partially clear. For example, an organization may

have decided that it should implement an EHR in an effort to “improve the quality and efficiency of care.” However, it is not really clear to the leadership and staff members how the EHR will be used to improve care. Will problems associated with finding a patient's record be solved? Will the record be used to gather data about care quality? Will the record be used to support outpatient medication ordering and reduce medication error rates?

All these questions can be answered yes, but if the organization never gets beyond the slogan of “improve the quality and efficiency of care,” the scope of the project will be murky. The definition of care improvement is left up to the project participant to interpret. And the scope and timetable of the project cannot possibly be precise because project objectives are too fuzzy.

Lack of Belief in the Project At times the objectives are very clear, but the members of the organization are not convinced that the project is worth doing at all. Because the project will change the work life of many members and require that they participate in design and implementation, they need to be sufficiently convinced that the project will improve their lives or is necessary if the organization is to thrive. They will legitimately ask, what's in it for me? Unconvinced of the need for the project, they will resist it. A resistant organization will likely doom any project. Projects that are viewed as illegitimate by a large portion of the people in an organization rarely succeed.

Insufficient Leadership Support The organization's leaders may be committed to the undertaking yet not demonstrate that commitment. For example, leaders may not devote sufficient time to the project or may decide to send subordinates to meetings. This broadcasts a signal to the organization that the leaders have other, “more important” things to do. Tough project decisions may get made in a way that shows the leaders are not as serious as their rhetoric, because when push came to shove, they caved in.

Members of the leadership team may have voted yes to proceed with a project, but their votes may not have included their reservations about the utility of the project or the way it was put together. Once problems are encountered in the project (and all projects encounter problems), this qualified leadership support evaporates, and the silent reservations become public statements such as, “I knew that this would never work.”

Organizational Inertia Even when the organization is willing to engage in a project, inertia can hinder it. People are busy. They are stressed. They have jobs to do. Some of the changes are threatening. Staff members may believe these changes leave them less skilled or with reduced power. Or they may not have a good understanding of their work life after the change, and they may imagine that an uncertain outcome cannot be a good outcome.

Projects add work on top of the workload of often already overburdened people. Projects add stress for often already stressed people. As a result, despite the valiant efforts of leadership and the expenditure of significant resources, a project may slowly grind to a halt because too many

members find ways to avoid or not deal with the efforts and changes the initiative requires. Bringing significant change to a large portion of the organization is very hard because, if nothing else, there is so much inertia to overcome.

Organizational Baggage Organizations have baggage. Baggage comes in many forms. Some organizations have no history of competence in making significant organizational change. They have never learned how to mobilize the organization's members. They do not know how to handle conflict. They are unsure how to assemble and leverage multidisciplinary teams. They have never mastered staying the course over years during the execution of complex agendas. These organizations are “incompetent,” and this incompetence extends well beyond IT, although it clearly includes IT initiatives.

An organization may have tried initiatives “like this” before and failed. The proponents of the initiative may have failed at other initiatives. Organizations have very long memories, and their members may be thinking something like, “The same clowns who brought us that last fiasco are back with an even ‘better’ idea.” The odor from prior failures significantly taints the credibility of newly proposed initiatives and helps to ensure that organizational acceptance will be weak.

Lack of an Appropriate Reward System Aspects of organizational policies, incentives, and practices can hinder a project. The organization's incentive system may not be structured to reward multidisciplinary behavior—for example, physicians may be rewarded for research prowess or clinical excellence but not for sitting on committees to design new clinical processes. An integrated delivery system may have encouraged its member hospitals to be self-sufficient. As a result, management practices that involve working across hospitals never matured, and the organization does not know how (even if it is willing) to work across hospitals.

Lack of Candor Organizations can create environments that do not encourage healthy debate. Such environments can result when leadership is intolerant of being challenged or has an inflated sense of its worth and does not believe that it needs team effort to get things done. The lack of a climate that encourages conflict and can manage conflict means that initiative problems will not get resolved. Moreover, organizational members, not having had their voices heard, will tolerate the initiative only out of the hope that they will outlast the initiative and the leadership.

Sometimes the project team is uncomfortable delivering bad news. Project teams will screw up and make mistakes. Sometimes they really screw up and make really big mistakes. Because they may be embarrassed or worried that they will be admonished, they hide the mistakes from the leadership and attempt to fix the problems without “anyone having to know.” This attempt to hide bad news is a recipe for disaster. It is unrealistic to expect problems to go unnoticed; invariably the leadership team finds out about the problem and its trust in the project team erodes. At times leadership has to look in the mirror to see if its own intolerance for bad news in effect created the problem.

Project Complexity Project complexity is determined by many factors:

The number of people whose work will be changed by the project and the depth of those changes The number of organizational processes that will be changed and the depth of those changes The number of processes linking the organization and other organizations that will be changed and the depth of those changes The interval over which all this change will occur: for example, will it occur quickly or gradually? If the change is significant in scale, scope, and depth, then it becomes very difficult (often impossible) for the people managing the project to truly understand what the project needs to do. The design will be imperfect. The process changes will not integrate well. And many curves will be thrown in the project's way as the implementation unfolds and people realize their mistakes and understand what they failed to understand initially.

Sometimes complex projects disappear in an organizational mushroom cloud. The complexity overwhelms the organization and causes the project to crash suddenly. More common is “death by ants”—no single bite (or project problem) will kill the project, but a thousand will. The organization is overwhelmed by the thousand small problems and inefficiencies and terminates the undertaking.

Managers should remember that complexity is relative. Organizations generally have developed a competency to manage projects up to a certain level and type of complexity. Projects that require competency beyond that level are inherently risky. A project that is risky for one organization may not be risky for another. For example, an organization that typically manages projects that cost $2 million, take ten person-years of effort, and affect three hundred people will struggle with a project that costs $20 million and takes one hundred person-years of effort (Cash, McFarlan, & McKenney, 1992).

Failure to Respect Uncertainty Significant organizational change brings a great deal of uncertainty with it. The leadership may be correct in its understanding of where the organization needs to go and the scope of the changes needed. However, it is highly unlikely that anyone really understands the full impact of the change and how new processes, tasks, and roles will really work. At best, leadership has a good approximation of the new organization. The belief that a particular outcome is certain can be a problem in itself.

Agility and the ability to detect when a change is not working and to alter its direction are very important. Detection requires that the organization listens to the feedback of those who are waist-deep in the change and is able to discern the difference between the organizational noise that comes with any change and the organizational noise that reflects real problems. Altering direction requires that the leadership not cling to ideas that cannot work and also be willing to admit to the organization that it was wrong about some aspects of the change.

Initiative Undernourishment There may be a temptation, particularly as the leadership tries to accomplish as much as it can with a constrained budget, to tell a project team, “I know you asked for ten people, but we're going to push you to do it with five.” The leadership may believe that such bravado will make the team work extra hard and, through heroic efforts, complete the project in a grand fashion.

However, bravado may turn out to be bellicose stupidity. This approach may doom a project, despite the valiant efforts of the team to do the impossible. Another form of undernourishment involves placing staff members other than the best people on the initiative. If the initiative is very important, then it merits using the best people possible and freeing up their time so they can focus on the initiative. An organization's best staff members are always in demand, and there can be a temptation to say that it would be too difficult to pull them away from other pressing issues.

They are needed elsewhere and this decision is difficult. However, if the initiative is critical to the organization, then those other demands are less important and can be given to someone else. Critical organizational initiatives should not be staffed with the junior varsity.

Failure to Anticipate Short-Term Disruptions Any major change will lead to short-term problems and disruptions in operations. Even though current processes can be made better, they are working and staff members know how to make them work. When processes are changed, there is a shakeout period as staff members adjust and learn how to make the new processes work well. At times, adjusting to the new application system is the core of the disruption. A shakeout can go on for months and degrade organizational performance. Service will deteriorate. Days in accounts receivable will climb. Balls will be dropped in many areas. The organization can misinterpret these problems as a sign that the initiative is failing.

Listening closely to the issues and suggestions of the front line is essential during this time. These staff members need to know that their problems are being heard and that their ideas for fixing these problems are being acted on. People often know exactly what needs to be done to remove system disruptions. Listening to and acting on their advice also improves their buy-in to the change.

Although working hard to minimize the duration and depth of disruption, the organization also needs to be tolerant during this period and to appreciate the low-grade form of hell that staff members are enduring. It is critical that this period be kept as short and as pain free as possible. If the disruption lasts too long, staff members may conclude that the change is not working and abandon their support.

Lack of Technology Stability and Maturity Information technology may be obviously immature. New technologies are being introduced all the time, and it takes time for them to work through their kinks and achieve an acceptable level

of stability, supportability, and maturity. Some forms of social networking are current examples of information technologies that are in their youth.

Organizations can become involved in projects that require immature technology to play a critical role. This clearly elevates the risk of the project. The technology will suffer from performance problems, and the organization's IT staff members and the technology supplier may have a limited ability to identify and resolve technology problems. Organizational members, tired of the instability, become tired of the project and it fails.

In general, it is not common, nor should it often be necessary, for a project to hinge on the adequate performance of new technology. A thoughtful assessment that a new technology has potentially extraordinary promise and that the organization can achieve differential value by being an early adopter should precede any such decision. Even in these cases, pilot projects that provide experience with the new technology while limiting the scope of its implementation (which minimizes potential damage) are highly recommended.

Projects can also get into trouble when the amount of technology change is extensive. For example, the organization may be attempting to implement, over a short period of time, applications from several different vendors that involve different operating systems, network requirements, security models, and database management systems. This broad scope can overwhelm the IT department's ability to respond to technology misbehavior.

How to Avoid These Mistakes Major IT projects fail in many ways. However, a large number of these failures can be mitigated by management attention to risk factors. Few management teams and senior leaders start IT projects hoping that failure is the outcome. Summarizing our discussion in this section produces a set of recommendations that can help organizations reduce the risk of IT initiative failure:

Ensure that the objectives of the IT initiative are clear. Communicate the objectives and the initiative, and test the degree to which organizational members have bought into them. Publicly demonstrate conviction by “being there” and showing resolve during tough decisions. Respect organizational inertia, and keep hammering away at it. Distance the project from any organizational baggage, perhaps through a thoughtful choice of project sponsors and managers. Change the reward system if necessary to create incentives for participants to work toward project success. Accept and welcome the debate that surrounds projects, invite bad news, and do not hang those who make mistakes. Address complexity by breaking the project into manageable pieces, and test for evidence that the project might be at risk from trying to do too much all at once. Realize that there is much you do not know about how to change the organization or the form of new processes; be prepared to change direction and listen and respond to those who are on the front line.

Supply resources for the project appropriately, and assign the project to your best team. Try to limit the duration and depth of the short-term operational disruption, but accept that it will occur. Ensure and communicate regular, visible progress. Be wary of new technology and projects that involve a broad scope of information technology change. These steps, along with solid project management, can dramatically reduce the risk that an IT project will fail. However, these steps are not foolproof. Major IT projects, particularly those accompanied by major organizational change, will always have a nontrivial level of risk.

There will also be times when a review of the failure factors indicates that a project is too risky. The organization may not be ready; there may be too much baggage, too much inertia to overcome; the best team may not be available; the organization may not be good at handling conflict; or the project may require too much new information technology. Projects with considerable risk should not be undertaken until progress has been made in addressing the failure factors. Management of IT project risk is a critical contributor to IT success.

IT Effectiveness Several studies have examined organizations that have been particularly effective in the use of IT (McAfee & Brynjolfsson, 2008; McKenney, Copeland, & Mason, 1995; Ross, Beath, & Goodhue, 1996; Sambamurthy & Zmud, 1996; Weill & Broadbent, 1998). Determining effectiveness is difficult, and these studies have defined organizations that show effectiveness in IT in a variety of ways. Among them are organizations that have developed information systems that defined an industry (as Amazon has altered the retail industry, for example), organizations that have a reputation for being effective over decades (such as Bank of America), and organizations that have demonstrated exceptional IT innovation (Amazon.com for example).

The studies have attempted to identify those organizational factors or attributes that have led to or created the environment in which effectiveness has occurred. In other words, the studies have sought to answer the question, what are the organizational attributes that result in some organizations developing truly remarkable IT prowess?

If an organization understands these attributes and desires to be very effective in its use of IT, then it is in a position to develop strategies and approaches to create or modify its own attributes. For example, one attribute is having strong working relationships between the IT function and the rest of the organization. If an organization finds that its own relationships are weak or dysfunctional, strategies and plans can be created to improve them.

The studies suggest that organizations that aspire to high levels of effectiveness and innovation in their application of IT must take steps to ensure that the core capacity of the organization to achieve such effectiveness is developed. It is a critical IT responsibility of organizational leadership to continuously (year in and year out) identify and accomplish the steps needed to improve overall effectiveness in IT. The development of this capacity is a challenge different

from the challenge of identifying specific opportunities to use IT in the course of improving operations or enhancing management decision making. For an analogy, consider running. A runner's training, injury management, and diet are designed to ensure the core capacity to run a marathon. This capacity development is different from developing an approach to running a specific marathon, which must consider the nature of the course, the competing runners, and the weather.

Although having somewhat different conclusions (resulting in part from somewhat different study questions), the studies have much in common regarding capacity development.

Individuals and Leadership Matter It is critical that the organization possess talented, skilled, and experienced individuals. These individuals will occupy a variety of roles: CEO, CIO, IT staff members, and user middle managers. These individuals must be strong contributors.

Although such an observation may seem trite, too often organizations, dazzled by the technology or the glorified experiences of others, embark on technology crusades and substantive investments that they have insufficient talent or leadership to effect well. The studies found that leadership is essential. Leaders must understand the vision, communicate the vision, be able to recruit and motivate a team, and have the staying power to see large IT implementations through several years of work with disappointments, setbacks, and political problems along the way.

Relationships Are Critical Not only must the individual players be strong but also the team must be strong. There are critical senior executive, IT executive, and project team roles that must be filled by highly competent individuals, and great chemistry must exist between the individuals in these distinct roles. Substitutions among team members, even when involving a replacement by an equally strong individual, can diminish the team. This is as true in IT innovation as it is in sports. Political turbulence diminishes the ability to develop a healthy set of relationships among organizational players.

The Technology and the Technical Infrastructure Both Enable and Hinder New technologies can provide new opportunities for organizations to embark on major transformations of their activities. We have seen this in retail and music distribution. This implies that the health care CIO must have not only superior business and clinical understanding but also superior understanding of the technology. This does not imply that CIOs must be able to rewrite operating systems as well as the best system programmers, but it does mean that they must have superior understanding of the maturity, capabilities, and possible evolution of various information technologies. Several innovations have occurred because an IT group was able to identify and adopt an emerging technology that could make a significant contribution to addressing a current organizational challenge. The studies also stress the importance of well-developed technical architecture. Great architecture matters. Possessing state-of-the-art technology can be far less important than having a well-architected infrastructure.

The Organization Must Encourage Innovation The organization's (and the IT department's) culture and leadership must encourage innovation and experimentation. This encouragement needs to be practical and goal directed: a real business problem, crisis, or opportunity must exist, and the project must have budgets, political protection, and deliverables.

True Innovation Takes Time Creating visionary applications, making major organizational changes, or establishing an exceptional IT asset takes time and a lot of work. In the organizations studied it often took five to seven years for the innovation to fully mature and for the organization to recast itself. Innovation will proceed through phases that are as normative as the passage from being a child to being an adult. Innovation, similar to the maturation of a human being, will see some variations in timing, depth, and success in moving through phases.

Evaluation of IT Opportunities Must Be Thoughtful Visionary and even more pedestrian IT innovations should be analyzed and studied thoroughly. Nonetheless, organizations engaged in launching a major IT initiative should also understand that a large amount of vision, management instinct, and “feel” often guides the decision to initiate investment and continue investment. For example, what is the strategic and clinical value of an integrated EHR across the continuum? The organization that has had more experiences with IT, and more successful experiences, will be more effective in the evaluation (and execution) of IT initiatives.

Processes, Data, and Business Model Change Form the Basis of an IT Innovation All the strategic initiatives studied were launched from management's fundamental understanding of current organizational limitations. Strategic initiatives should focus on the core elements to be discussed following in this chapter as the basis for achieving an IT-based advantage: significant leveraging of processes, expanding and capitalizing on the ability to gather critical data, and enabling new business models. Often an organization can pursue all three simultaneously.

Alignment Must Be Mature and Strong The alignment between the IT activities and the business challenges or opportunities must be strong. It should also be mature in the sense that it depends on close working relationships rather than methodologies.

The IT Asset Is Critical Strong IT staff members, well-crafted architecture, and a superb CIO are critical contributors to success. There is substantial overlap between the factors identified in these studies and the components of the IT asset.

An overall critical factor in organizations being effective in using IT is the skills and orientation of senior leadership. Earl and Feeney (2000) assessed the characteristics and behaviors of senior

leaders (in this case CEOs) who were actively engaged and successful in the strategic use of IT. These leaders were convinced that IT could and would change the organization. They placed the IT discussion high on the strategic agenda. They looked to IT to identify opportunities to make significant improvements in organizational performance, rather than viewing the IT agenda as secondary to strategy development. They devoted personal time to understanding how their industry and their organization would evolve as IT evolved. And they encouraged other members of the leadership team to do the same.

Perspective Principles for Higher Performance Robert Dvorak, Endre Holen, David Mark, and William Meehan have identified six principles at work in a high-performance IT function:

IT is a business-driven line activity and not a technology-driven IT staff function. Non-IT managers are responsible for selecting, implementing, and realizing the benefits of new applications. IT managers are responsible for providing cost-effective infrastructure to enable the applications. IT funding decisions are made on the basis of value. Funding decisions require thorough business cases. IT decisions are based on business judgment and not technology judgment. The IT environment emphasizes simplicity and flexibility. IT standards are centrally determined and enforced. Technology choices are conservative, and packaged applications are used wherever possible. IT investments have to deliver near-term business results. The 80-20 rule is followed for applications, and projects are monitored relentlessly against milestones. The IT operation engages in year-to-year operation productivity improvements. A business-smart IT function and an IT-smart business organization are created. Senior leadership is involved in and conversant with IT decisions. IT managers spend time developing an understanding of the business. Source: Dvorak, Holen, Mark, and Meehan (1997, p. 166).

Earl and Feeney (2000) observed five management behaviors in these leaders:

They studied, rather than avoided, IT. They devoted time to learning about new technologies and, through discussion and introspection, developed an understanding of the ways in which new technologies might alter organizational strategies and operations. They incorporated IT into their vision of the future of the organization and discussed the role of IT when communicating that vision. They actively engaged in IT architecture discussions and high-level decisions. They took time to evaluate major new IT proposals and their implications. They were visibly supportive of architecture standards. They established funds for the exploration of promising new technologies. They made sure that IT was closely linked to core management processes:

They integrated the IT discussion tightly into the overall strategy development process. This often involved setting up teams to examine aspects of the strategy and having both IT and business leaders at the table. They made sure IT investments were evaluated as one component of the total investment needed by a strategy. The IT investments were not relegated to a separate discussion. They ensured strong business sponsorship for all IT investments. Business sponsors were accountable for managing the IT initiatives and ensuring the success of the undertaking. They continuously pressured the IT department to improve its efficiency and effectiveness and to be visionary in its thinking.

CEOs and other members of the leadership team have an extraordinary impact on the tone, values, and direction of an organization. Hence, their beliefs and daily behaviors have a significant impact on how effectively and strategically information technology is applied within an organization.

The Competitive Value of IT For many years organizations across many industries have attempted to use (and at times succeeded in using) IT to achieve a competitive advantage. Decades ago airlines used travel reservation systems as an advantage, listing their flights before those of a competitor. At one time banks used personal computer–based banking as an IT-based advantage, making it easier for customers to manage their assets from home and reducing the need to visit a branch bank. Amazon is a superb example of an organization that used IT to achieve an advantage over its retail rivals. Amazon was able to offer a very broad range of products without incurring the expense of setting up hundreds of retail stores.4

Sources of Advantage These efforts have shown that IT can enable a significant improvement in organizational performance and assist in achieving an advantage, especially when it is used to leverage core organizational processes, support the collection of critical data, or enable the development of new business models.

Leverage of Organizational Processes Information technology can be applied in an effort to improve organizational processes by making them faster, less error prone, less expensive, and more convenient. However, improved organizational competitive position through process gains is not an automatic result of IT implementation.

The right processes must be chosen. The leverage of processes is most effective when the processes being addressed are critical, core processes that customers use to judge the performance of the organization or to define the core business of the organization.

For example, patients are more likely to judge a provider organization on the basis of its ambulatory scheduling processes and billing processes than they are on its accounts payable

and human resources processes. Making diagnostic and therapeutic decisions is a core provider organization process that is the backbone of its business.

Organizations must also examine and redesign processes. If underlying problems with processes are not remedied, the IT investment can be wasted or diluted. IT applications can result in existing processes continuing to perform poorly, only faster. Moreover, it can be harder to fix flawed processes after the application of IT because the new IT-supported process now has an additional source of complexity, cost, and ossification to address: the new computer system.

IT can be applied to significant competitive advantage if processes are chosen wisely and are reengineered skillfully.

Rapid and Accurate Provision of Critical Data Organizations define critical elements of their plans, operations, and environment. These elements must be monitored to ensure the plan is working, service and care quality are high, the organization's fiscal situation is sound, and the environment is behaving as anticipated. Clearly data are required to perform such monitoring.

In addition to their utility in monitoring, data can be used to guide management actions. Internet-based retailers use purchase data to target their advertisements. Providers use data on care costs and quality to devise initiatives to improve outcomes. However, obtaining and reporting critical data is not easy.

Data quality may be limited and incomplete. For example, although physicians are using an EHR, they may not be recording all of a patient's problems, and many of their entries are unstructured free text. There may be confusion about which patients belong on specific physician panels. There can be significant disagreements about the definition of “a visit.”

Using IT to improve performance through the capture of critical data requires addressing process problems that hinder data capture, developing user incentives to record good data, and engaging in difficult conversations about data meaning.

Developing New Business Models A business model refers to an organization's plans about what it will do, how it will do it, and why that “what and how” will lead to revenue that will enable the organization to sustain itself. For example, a hospital will have a business model that looks something like this:

We will cure you of your disease or repair you if you experience trauma (the what). We will do so by hiring clinicians, providing acute care beds, developing ancillary services such as the laboratory, and implementing clinical protocols (the how). You will pay us for doing so (primarily through health insurance). When IT is used competitively to enable new business models, most of these efforts focus on the how. For example:

Telehealth visits can be conducted virtually rather than face-to-face, which improves convenience. Uber uses information technology to replace taxi cab employees with renting of driver capacity by independent contractors and providing a very easy way to order a ride and pay for it (which lowers Uber's costs and improves rider convenience). The Internet of Things enables manufacturers of equipment to monitor equipment performance to detect potential issues and dispatch repair staff members before the equipment breaks, which improves the how of maintaining equipment. At times IT can enable capabilities that were previously impractical. Gathering real-time physiological data from a patient at home was not practical until the advent of mobile devices and the Internet. eBay enabled the development of a global auction using the Internet.

Observations on IT Use for Competitive Advantage IT has been used competitively by hundreds of organizations across a range of industries over the course of multiple decades. These experiences have taught us several overall lessons.

Obtaining and Sustaining an Advantage It is very difficult to obtain a competitive advantage based solely on the implementation of a particular application or technology. Competitors, noting the advantage, are quick to attempt to copy the application, lure away the original developers, or obtain a version of the application from the same or different vendor. Moreover, the advantage rarely results from the acquisition of a system but from skilled process changes that thoughtfully understand how to differentiate an organization from its competitors.

The advantage does not come from the application system. In an industry in which most applications can be purchased from a vendor, it is almost impossible for the application to provide an advantage. If you can buy an EHR from vendor x, so can your competitor, and any advantage is short-lived.

Any IT-enabled advantage results from using the technology to improve processes, gather critical data, and define new business models. Advantage lies in the application of the technology and not the possession of the technology.

Technology Is a Tool Information technology can provide a competitive advantage. However, IT has no magic properties. In particular, technology cannot overcome poor strategies, inadequate management, inept execution, or major organizational limitations. IT implementation cannot overcome badly managed process change, insufficient political will to standardize data, or faulty business models.

The early experiences of Internet-based retailers have highlighted the problems created by sloppy inventory management, poor understanding of customer buying behaviors such as returning purchases, and insufficient knowledge of customer price tolerance.

Referring physicians will not find valuable and probably will not use a system that gives them access to hospital data if the consulting physicians at the hospital are remiss in getting their consult notes completed on time or at all.

McAfee and Brynjolfsson (2008) note a significant separation in the spread in the gross margin, over time, between those companies performing in the top 25 percent of their industry versus those performing in the bottom 25 percent as measured by variables such as return on capital (see Figure 13.2). Beginning in the late 1990s the gap between winners and losers was widening.

McAfee and Brynjolfsson (2008) made two major observations. First, IT had become sufficiently potent that its ability to advance organizational performance had become very significant. The personal computers of the 1980s were important but were not powerful enough to enable one organization to significantly outperform another. However, the Internet, which began to be used by business in the late 1990s, was powerful enough. Information technology had come of age. Second, although potent technologies had become available, they were available to all. So why did the separation in performance occur? Why didn't all organizations see improvement? The answer is simple—some organizations were very skilled at leveraging the technology to improve competitive performance and others were not.

As an analogy, a skilled carpenter and a novice will be similarly effective in constructing a house if both use crude tools. But if you give them sophisticated tools, the skilled carpenter will significantly outperform the novice.

When one looks back at organizations that have been effective in the strategic application of IT over a reasonably long time, one sees what looks like a series of singles punctuated by an occasional leap, a grand slam (McKenney, Copeland, & Mason, 1995). One doesn't see a progression of grand slams or, in the parlance of the industry, killer applications (Downes & Mui, 1998).

In the course of improving processes, changing business models, and gathering data, organizations carry out a series of initiatives that improve their performance. The vast majority of these initiatives do not by themselves fundamentally alter the competitive position of the organization, but in the aggregate they make a significant contribution, just as the difference between a great hotel and a mediocre hotel is not solely the presence of clean sheets or hot water but one thousand such things.

In addition, at various points in time, the organization may have an insight that leads to a major leap in its application of IT to its performance. For example, airlines, having developed their initial travel reservation systems, continued to improve them. At some point they realized that the data gathered by a reservation system had enormous potency and frequent flyer programs resulted. Google realized that it had a very large base of users that accessed the site often for searches. Google could capitalize on this base by introducing other, nonsearch offerings such as YouTube.

No organization has ever delivered a series of killer, or grand slam, applications in rapid succession.

Organizations must develop their IT asset in such a way that they can affect the types of continuous improvement that managers and medical staff members will see as possible, day in and day out. For example, in an ideal world an organization would be able to capitalize on the improvements in ambulatory scheduling that a middle manager thinks up and also be able to capitalize on a thousand other good ideas and opportunities. The organization must also develop antennae that sense the possibility of a leap and the ability to focus that enables it to bring about the systems needed to make the leap. Ensuring that these antennae are working is one of the key functions of the CIO. The resulting pattern may look like the graph line in Figure 13.3—continuous improvement (singles) in performance using IT punctuated by periodic leaps or grand slams.

It is also clear that organizations have a limited ability to see more than one leap at a time. Hence, they should be cautious about visions that are too visionary or that have a very long time horizon. Organizations have great difficulty understanding a world that is significantly different from the one they inhabit now or that can be only vaguely understood in the context of the next leap. We might understand frequent flyer programs now, but they were not well understood, nor was their competitive value well understood, at the time they were conceived. Moreover, the organizational changes required to support and capitalize on a leap can take years—five to seven years at times (McKenney, Copeland, & Mason, 1995).

Summary The management and leadership of an organization play significant roles in determining the effectiveness of information technology. This chapter discussed the role of developing and maintaining IT governance mechanisms—the processes, procedures, and roles that the organization uses to make IT decisions. These decisions cover diverse terrain: budgets, roles, and responsibility distribution and the process for resolution of IT issues.

The processes and structure of developing the IT budget were reviewed. Budgets are critical. They turn strategy into reality by providing (or not) the resources needed to carry out the strategy.

Management is a major contributor to the success or failure of IT initiatives. The chapter discusses factors, under management's control, that often derail IT initiatives and suggested steps that can be taken to mitigate those factors. The chapter also reviewed attributes of organizations that have been highly effective in their use of IT for many years.

Perpsective How Great Companies Use IT In his seminal book Good to Great, Jim Collins (2001) identified companies that made and sustained a transition from being a good company to being a great company. His research noted that these companies had several consistent orientations to IT:

They avoided IT fads but were pioneers in the application of carefully selected technologies. They became pioneers when the technology showed great promise in leveraging that which they were already good at doing (their core competency) and that which they were passionate about doing well. They used IT to accelerate their momentum toward being a great company but did not use IT to create that momentum. In other words, IT came after the vision had been set and the organization had begun to move toward that vision. IT was not used to create the vision and start the movement. They responded to technology change with great thoughtfulness and creativity driven by a burning desire to turn unrealized potential into results. Mediocre companies often reacted to technology out of fear, adopting it because they were worried about being left behind. They achieved dramatically better results with IT than did rival companies using the exact same technology. They rarely mentioned IT as being critical to their success. They “crawled, walked, and then ran” with new IT even when they were undergoing radical change.

Finally, the chapter reviewed lessons learned from the use of IT to improve an organization's competitive position. Increased competiveness can occur when IT issues are applied to leverage critical organizational processes, address information needs, and enable new business models. However, we are reminded that IT is a tool and its use requires skill.

References Applegate, L., Austin, R., & McFarlan, W. (2007). Corporate information strategy and management (7th ed.). Boston, MA: McGraw-Hill. Brown, C., & Sambamurthy, V. (1999). Repositioning the IT organization to enable business transformation. Chicago, IL: Society for Information Management. Cash, J., McFarlan, W., & McKenney, J. (1992) Corporate information systems management: The issues facing senior executives. Chicago, IL: Irwin. Collins, J. (2001). Good to great. New York, NY: HarperCollins. Cook (2007, July 20). How to spot a failing project. CIO. Retrieved November 2008 from http://www.cio.com/article/124309/How_to_Spot_a_Failing_Project Downes, L., & Mui, C. (1998). Unleashing the killer app. Boston, MA: Harvard Business School Press. Drazen, E., & Straisor, D. (1995). Information support in an integrated delivery system. Paper presented at the annual Healthcare Information and Management Systems (HIMSS) conference, Chicago. Dvorak, R., Holen, E., Mark, D., & Meehan, W., III. (1997). Six principles of high- performance IT. McKinsey Quarterly, 3, 164–177. Earl, M., & Feeney, D. (2000). How to be a CEO for the information age. MIT Sloan Management Review, 41(2), 11–23. Feld, C., & Stoddard, D. (2004). Getting IT right. Harvard Business Review, 82(2), 72–79.

McAfee, A., & Brynjolfsson, E. (2008). Investing in the IT that makes a competitive difference. Harvard Business Review, 86(7–8), 98–107. McKenney, J., Copeland, D., & Mason, R. (1995). Waves of change: Business evolution through information technology. Boston, MA: Harvard Business School Press. Ross, J., Beath, C., & Goodhue, D. (1996). Develop long-term competitiveness through IT assets. MIT Sloan Management Review, 38(1), 31–42. Sambamurthy, V., & Zmud, R. (1996). Information technology and innovation: Strategies for success. Morristown, NJ: Financial Executives Research Foundation. Weill, P., & Broadbent, M. (1998). Leveraging the new infrastructure. Boston, MA: Harvard Business School Press. Weill, P., & Ross, J. (2004). IT governance: How top performers manage IT decision rights for superior results. Boston, MA: Harvard Business School Press.