Our Blogs – For CIOs by CIOs

This is the first of a series of articles we will be writing on making sense of the excitement surrounding AI.

By Jeff Richards, Managing Partner

We are all familiar with the Gartner hype cycle that was introduced in 2004. Last summer Gartner released the hype cycle curve for artificial intelligence. In our experience, the industry seems to be tracking to it. So far we’ve seen many a proof of concept and small pilots, but have not seen much in the way of real results across industries.

This fast moving technology cycle has no doubt created anxiety for many execs who fear that their companies will be “left behind” if they don’t move quickly. Others have Boards and Leadership teams pressing for answers for what AI means for their companies. Some CIOs think they should know the answer but don’t. 

As the CIO, how do you deal with all of the buzz that has been created around AI?

How do you avoid falling from the peak of inflated expectations into the trough of disillusionment? 

You start by managing those expectations like you always have as a CIO. We hear senior IT executives getting pulled into the frenzied discussion of leading technologies and what works best. It is easy as technologists to engage in the details of a new technology. 

However, as executives that’s not really our job. We need to understand it well enough to ask insightful questions and understand how to use it to the company’s advantage. We need to focus on the bigger picture of governance and risk. This is what will allow our team to do what we hired them to. 

Our friends at Lumeos presented a Security Maturity Model for GenAI to a discussion amongst two dozen senior IT executives. They had been engaged in the pros and cons of different large language models and other technologies. This slide allowed me to lessen the anxiety and uplevel the conversation to say that AI is no different than introducing any new technology.  

1. Foundational –- You need to set the foundation by stating usage policy, training people and being vigilant for “shadow” initiatives.
    
2. Basic – This is followed by ensuring that data protections are in place for intellectual property, personally identifiable information and other sensitive data.
   
   
3. Advanced – Lastly, you need to secure your “software supply chain,” guard against bad actors sending things like prompt injections and model denial of service attacks. 

In the big picture these steps are the ones we have always followed. The technology in question requires adaptation to the tools, but the approach is not new. 

The conversation should be the same one we have always had as CIOs. What is the use case that the business would like us to explore?   The AI adoption curve is no different from any other new technology we have introduced in our careers – it is just moving a little faster. It is nothing you can’t handle. As the British say, “Keep calm and carry on.”

About Jeff Richards

Jeff leads our Professional Services team of CIOs, CTOs, CSOs and Big 4 consulting partners to deliver to “big picture” strategy and then drive it down to executable tactics for implementation for our clients. Clients benefit from Jeff’s 25+ years of experience developing and implementing transformative business strategies. 

Jeff’s experience spans both industry (including Materials, Operations and IT Management) and consulting. He developed a unique global perspective during his tenure in significant P&L management-level positions in both Asia and Europe. He has held the CIO title twice, once in the semiconductor industry and once in a large regional nonprofit.

About CIO Professional Services

Based in the San Francisco Bay area, CIO Professional Services LLC is a top-rated Information Technology (IT) consulting firm focused on integrating Business and Information Technology.  Our consultants are all hands-on executives who are veteran CIOs and Partners of Big 4 consulting firms. Companies come to us seeking assistance with their information technology strategy as well as for interim or fractional CIO / CTOs, and negotiation and program management/project rescue assistance.

By Colin Carmichael, Senior Consultant

There’s a cybersecurity problem brewing that many organizations are ignoring at their peril. Throughout the history of information technology, cybersecurity has always been thought of as a “security team problem.” “Let the CISO’s [Chief Information Security Officer’s] group and the network organization folks worry about cybersecurity,” the thinking goes. “This way the enterprise application owners can focus on their own core competencies.”

By Bhavin Shah, Senior Consultant

The cyber threat landscape

Cybersecurity incidents have rapidly increased in the last few years. In response, organizations have spent billions handling data breaches, ransomware and other cyberattacks in reactive mode. This trend will continue as the competitive business landscape, digital business strategy and technological advancements continuously change organizations’ attack surfaces. Tactics used by cybersecurity criminals – and, therefore, the threat vectors – will continue to evolve.

To address this ever-changing cyber threat landscape you must think out of the box and proactively develop the next generation of cybersecurity strategy. Just as importantly, to get buy-in for your cybersecurity and data security efforts, you must clearly articulate the measurable business outcomes associated with these efforts to your board of directors… and then back this up with data.

By Sean Hickey, Senior Consultant

Every company where I have done SOX (Sarbanes-Oxley Act) compliance testing has the same problem: Their over 90 days past due accounts receivable stunk. In fact, they all seemed to think that having 5% over 90 (and sometimes even close to 10%!) is normal. 

These same companies also had a sea of revenue recognition journal entries on the backend of their order-to-cash process, and saw this as a normal and acceptable practice as well. 

Most importantly, they failed to see the connection between these two things.

I’m here to tell you that all of those revenue recognition journal entries are neither normal nor acceptable … and if you change your order-to-cash business processes in a way that eliminates them, the percentage of your A/R that’s over 90 days will plummet. 

By Sean Hickey, Senior Consultant

A few weeks ago I was at a local business event, having a discussion with a couple of CFOs on ways to improve their company’s results. After discussing a variety of transformative business strategies that all relate to other functions within the business, they were surprised when I said, “What about your finance operations?” They had been so focused on ways to improve other company-wide horizontal processes – order to cash, procure to pay, etc., – that finance had taken a lower priority as a downstream process vs. being a horizontal process for the company as well. 

By Ken Norland, Associate and Lonnie Sanders III, Associate

Are you eager to sabotage your organization's Master Data Management (MDM) initiative, drive inefficiency and compromise data quality? While we hope this isn't your intention, there are certainly pitfalls that can lead to MDM failure, derailing the success of an otherwise well-conceived project. In this discussion, we'll explore five proven ways to ensure your MDM endeavor falls flat, providing valuable lessons on what not to do. Instead, you can avoid these common traps and chart a course to MDM success.

By Sean Hickey, Senior Consultant

Many corporate leaders are always looking to improve costs while improving organizational effectiveness. Many times they attempt to achieve this by reactively cutting headcount across the board by X%, with top-down mandated layoffs. In the process they usually harm organizational effectiveness, decrease service levels and increase finance process risk.

The good news is there are better ways to reduce corporate costs. Here are some ideas that, as a CFO partnering with your CIO, you should consider spearheading…

By Jon Bergman and Lonnie Sanders III, CIOPS Associates

You may not have realized it, but we are just weeks away from the annual celebration known as the “Festival of Enormous Changes at the Last Minute”! While you are contemplating how you plan to mark this exhilarating occasion, we’d like to point out something that should be obvious. When it comes to the Change Management aspect of IT Service Management (ITSM), your end users are never going to see “enormous changes at the last minute” as a cause for celebration. 

Although change is never easy, if you want to make IT changes easier for your end users, the best approach is to establish a regular cadence for change. Here are some of the things that we have seen are most helpful in this area…

By Jon Bergman and Lonnie Sanders III, CIOPS Associates

The store manager arrived at work at 9:30 am, just as she did every workday, and she immediately started readying the store to open at 10:00. She turned on the lights, straightened out the merchandise, powered up the computers, turned on the registers and addressed some paperwork. 

Everything seemed fine…until 45 minutes later when she went to ring up the day’s first customer and discovered that something was screwy with the register. While she vaguely remembered getting an email the week before saying that corporate was going to be downloading some new software, she was certain that email had appeared pretty routine. After all, if they had announced that on a specific day and time they were going to be downloading software to change how the registers worked, she certainly would have taken notice! 

By Walter Curd, Associate

About twelve years ago I was brought on as the CIO of a large semi-conductor company with an incredibly complex operation. The company manufactured and sold over $2.5 billion worth of units each year, had tens of thousands of quotes and orders each month, and—perhaps most importantly to me as the CIO—was using over 600 software applications to run their business! It seemed like everywhere I looked there were more software programs, and my IT group had to support all of them.

Needless to say, it was obvious to me that our IT organization, as well as the business as a whole, could benefit from some strategic planning. Others agreed, and the company brought in an outside expert to help with the strategic planning process. 

This expert took us through a very straightforward process that gave me the information I needed to completely transform my IT organization…and it was all built upon the concept of “winning.”