For whatever your organization does, what is the supply chain? From inputs to outputs? This is the engine that fuels the results of the organization. If you are non-profit taking care of babies, then what donations are coming from where, how is the organization processing those donations and then how are they being distributed? If you make something, then what parts and services are required to generate the output that you sell? All organizations have these processes and as a new CIO, one needs to get their arms around those processes and how IT is supporting the ‘chain’.
Related, the reverse supply chain also needs to be understood with the same questions asked and answered. The reverse supply chain is for items being returned for whatever reasons.
In some cases, the phrase Order to Cash(OTC) is used is relevant as it covers everything from orders being placed through receiving cash(or equivalent) back from your customer.
Questions that should be considered and reviewed:
- Prioritization of Projects: How are your business partners prioritizing what they need IT to do and how is the relationship with these partners? Does the business have a collaborative partnership with IT to get things done?
- Shadow IT: Is there an out of control shadow IT needed by the organization to be successful? If so, why? Are there IT components being sourced, paid for and installed by the business independent of IT? If so, why? In these cases, the IT leadership needs to work on better collaboration and partnership with the business. Typically these things are being done because either a) someone in the business wants to be in IT or b) the business is just trying to get their job done. In either case, a conversation and fresh start is needed.
- 3rd Party Collaboration with Suppliers and Customers: What is the strategy and what tools/processes are in place to tie your extended supply chain together? Are things like co-planning being done where customers are sharing their future needs with your organization and if so, how and what tools are involved and how healthy are they? Just as your organization might want better visibility with customers, you must do the same for suppliers. Be the customer you want your customers to be. How is IT facilitating the ease of doing business? Perhaps visit with some customer or suppliers directly. Here is a post from InformationWeek that addresses the collaborative supply chain strategy.
- Signaling and Metrics: Does the organization have the level of signaling and measures in place to have full and deep visibility of the supply chain? Visibility needs to range upstream in suppliers and downstream to customer warehouses. Are there dashboards in place? Are there analytics about the health of the supply chain that cover logistics, warehouse inventory levels, order status, etc.?
- Security of the Supply Chain: How are you securing the sharing of information between suppliers and customers? How are you securing plans, drawings, IP, etc. And don’t forget to think about the business continuity capabilities of your suppliers. Don’t assume anything.
- What else? Your business is unique and are you appropriately looking at those unique aspects too? For example, if you have sub-components that need very long lead times to produce, then how good is your forecasting processes and tools? Long lead times likely mean you have to order things before you might have real orders in place. Do you have those thoughts well underpinned?
Your organization is unique so don’t assume what others do or say is the right answer for you. And certainly don’t assume just because a big software vendor wants to sell you something because everyone is doing it doesn’t make it right for you. I’ve learned that lesson myself.
There are lots of topics in this area and those in IT have lots of stories to tell about their operations. I’ll list a few points here and perhaps do another list later or update this later with further points.
An IT shop begins and ends with how well it does basic operations. The services that are provided need to work reliably before one can begin discussions about adding new services or systems. One needs to have an honest assessment of how things are going and this should include both a qualitative understanding and a quantitative, metrics based understanding. When you talk to your peers, what did they tell you about how IT was doing? Did they give you any insights? On the metrics front, do you have real trend lines about uptime and costs and power consumption and outages? Can your team account for outages and talk about them to root cause? Is the team trying to fix problems at the root cause or just doing a ctrl-alt-del type fix?
Even if your ‘services’ are outsourced to a 3rd party, you still are accountable for it to the organization. You aren’t off the hook if the system runs in the Amazon cloud or Google Cloud or Salesforce, etc. Putting a service in the cloud doesn’t relieve you of this responsibility.
So here is a list of some ideas some of which are repeats from above:
- Power costs and consumption for your data centers.
- System/service uptime/downtime events (frequency) and duration (how long down). Note that these are different things and have different solutions. You need these for all your mission critical services and core or base level services. Remember that email is a mission critical system to your knowledge workers.
- Disaster Recovery testing data.
- Overall IT Operations costs and trends in a fashion where you can drill down to understand what is driving your costs.
- Equipment aging.
- Patch status on all levels of the stack. Network, server, OS, database, applications, clients, etc.
- Audit findings, testing and assurance practices.
- Accounts and in particular trusted account review process and frequency.
- Security monitoring and logging.
- Integrated monitoring across your whole stack where you can related events between systems and services. Security Information and Event Management (SIEM) tools and practices that are robust.
- And your help desks should be providing you a rich set of information about what services are providing the most grief to your workforce, suppliers and customers. Why are people calling in for help?
There are more ideas and I could probably keep writing. I must highlight a earlier post on Checklists that I think helps you assess the maturity of your operations. Are you using checklists; are your escalation rules followed and clear; is your team researching problems to root cause; are all indicators of maturity.
If I’ve left out some major thoughts or you want to add to this list, please let me know in the comments.
In earlier posts, I listed connecting with peers, understanding the portfolio, securing the enterprise, understanding your spending and meeting your people as your top priorities when starting a new CIO position. I’m not sure if any of those are higher priority than any others, but I think they are the top priorities to discuss in the opening days and weeks of the new assignment.
In the following posts, I’ll be talking about a series of tier-2 topics. They are not really less important, but they are areas that should be addressed after the first 5 are underway.
I’ll be posting these in the coming days and weeks.