Strategy and Planning

It’s Q4 and you’re fighting for 2012 budget. That’s why I am sharing with you the most effective and advanced methods for selling your IT/business projects.

Last week I introduced the Madison Avenue Presentation Technique. This week it will be the centerpiece of internal project sales success: The business case. How it typically looks, where it falls short, and most importantly …  how it should be presented.

Click here to read the entire article on CIO Insight.

For most Americans, it took the catastrophe of 9/11 to awaken them from their false sense of freedom and security. Unfortunately, we now know that there were many signs of the impending catastrophe along the way; we just chose to ignore them. My question today: How many more signs do we need before we start to take the issue of data security seriously, and I mean really seriously.

In the past few months, and on a nearly bi-weekly basis, we have learned of incredible breaches in data security at some of our most storied corporations and stewards of critical personal and financial data. Experian, Citibank, and Sony are but a few of the companies whose networks and servers were hacked and who are now paying the price. Not only is it costing them many tens of millions of dollars to repair the breaches and shore up their systems, they have experienced dramatic losses in customer and market confidence.

But given the size, scale and scope of these breaches, I believe the problem extends beyond a few of the headline-catching incidents. I can’t help but feel that there is a loud warning to be heard. A warning not dissimilar in nature to those that preceded the events of 9/11.

The warning I hear goes something like this:

“Hey America. Yes you. You tech-wielding, internet-loving, ecommerce-mad nation. You crazy kids that love doing everything on line and telling your friends about it the second it happens. Well, you and your children aren’t anywhere near as safe as you think. Bands of hackers assemble and disassemble on the web to take down nearly any target they wish. Visa, Paypal, US government offices, nothing is impenetrable. And along the way, your personal data is collateral damage. Your personal data is nothing more than electronic blood diamonds used to pay for the agenda-driven mischief making of the nameless and faceless Internet bandits and warlords.

And you corporate folk out there, you guys and gals that have staked your professional lives and livelihood on the expectation that there will be a secure free flow of bits across the web, you have got to be kidding me. Whatever security processes you have in place, clearly they are not enough. And while you may not be able to fend off a massive attack, you can at least make sure you are doing everything possible to minimize the damage when the attack does come. Because from what we are seeing on a pretty regular basis is that more attacks are on their way.”

OK, enough high-brow philosophy. Net, net what am I trying to say.

Now is the time to make the case for that data security project that has been sitting on the back burner. Now is the time to highlight to your senior executive committee the unique dangers your company faces. Now is the time to confess all of your data security weaknesses and to put together the very best plan to fix them.

Why do I say that now is the time? First and foremost because it is! Second, and unfortunately more importantly, because there has never been a time when CEOs around the world are more scared of what can happen to their businesses as the result of a data security breach. And as the saying goes: strike while the iron is hot. And there is no better time to sell a man an insurance policy than shortly after his best friend suddenly dies. All of which brings me to my key point: Go dust off that data security initiative and make it your crowning achievement for 2011 – 2012. Who knows, there may even be some genuine competitive advantage to be had in data security.

And at the risk of being thought of as too political on this day of national pride, let me suggest that the 4^th of July remind you that freedom ain’t free. Whether it’s to protect our nation or our data, we have to be willing to secure ourselves as best we can.

Today I want to share with you Brian G.’s story. He is the CIO of a mid-size financial services company with an IT budget of about $30 million.

Brian and his team were keen to deliver a top-notch IT strategy to support their company’s rapid growth. They did months of research; analyzed their industry, their customers and created a world-class vision. Then they interviewed their business community and consulted with a series of experts. In the end, they created a brilliant, focused and cost justified strategy.

Brian then scheduled a presentation of his brilliant strategy to the executive management team with the expectation of a standing ovation. When he was done with the presentation, instead of applause they started questioning him.

At first he was happy to field their questions; many of which he asked himself earlier in the process. But after a while it became exhausting. He started to wonder, “why don’t they trust me?” “Why don’t they respect my vision and wisdom?” Brian described it to me like this: “I felt like my strategy was under attack. I couldn’t believe it. How did this happen? I know I can get through this and win them over eventually but it wasn’t suppose to go down like this at all.”

Sound familiar? It should. Because it is a pretty common problem.

The reason for Brian’s problem, and the way he could have avoided it in the first place, was to use the famous ad agency “trick.” (It’s not really a trick but it’s often called that anyway.)

When ad agencies are hired to come up with a slogan they spend lots of time figuring out just the right slogan. But when they are done, they know they have to sell it to the client. Experience has shown that if you only give the client one slogan, they tend to reject it, find fault with it or worse, start making their own suggestions.

So what the agency does once they have a great slogan is they come up with one or two really bad slogans. Then, when the client comes in for the meeting, they present all three options. The client is then told that they have developed three slogans and they need the client’s “help” to figure out which one is best. Naturally, the client gets all excited to dig in and get creative. And sure enough, with the client’s help, the right slogan is chosen.

It’s pretty much the same thing with IT strategy, although perhaps not quite so cynical. If you want to avoid an executive attack on your IT strategy, in place of presenting a strategy, present instead a set of strategic options. With a set of options to review, discuss and choose between, your executive will feel:

• They are a partner in the IT strategy formulation and choice
• That you value their opinion and input
• That you have considered a wide range of possibilities and done a thorough job

It’s tough work to come up with a good IT strategy. It can be even harder to get it accepted by your key stakeholders. By presenting a set of strategic options, you position your strategy for the best possible reception.

By the way … In chapter 9 of my new book The 11 Secrets of Highly Influential IT Leaders, I explain exactly how the most influential IT leaders use the strategy development process to earn themselves a seat at the table. Check it out here. You won’t be disappointed.

I spend a lot of time talking with IT leaders about their strategy and I am often asked, “how long should the IT strategy be?” My answer is pretty simple and it never fails to provoke a big response at first, followed by a settled calm. So I figured I would share it with you and hear your thoughts on it.

My answer usually goes something like this. “The IT strategy, i.e., the articulation of IT group’s critical objectives, essential means of achievement, and the core focus and direction for the upcoming year, MUST fit nicely on to one singlepage.”

Then, after getting the look that says, what ???, I add, “but if often takes writing a complete strategy of many dozens of pages before you can distill it down to a single succinct and crisp one pager.”

My point: Developing a strategy and getting it on paper sometimes involves a fair amount of work. But once the development is done, the essence of the strategy MUST be able to come out very clearly in one page.

The reason why this is idea is so hard for so many people to accept at first, is that most IT strategies are little more than a high-level technical plan with a list of projects. That’s not a strategy, that’s a todo list.

What seems to help IT leaders focus on articulating the essential IT strategy is using the following template or outline.

Part I – Key challenges / opportunities (optional)

Part II – Goals

Part III – Strategy / Strategic themes

Part IV – Key implications

Here are a few important guidelines to really make this work for you:

1. Start with Part II – Goals. This is the most important section. It grounds the entire strategy and it’s usually what is absent in most IT strategies. And don’t even think about writing “supporting the needs of the business.” That’s the reason you have a job.

2. You may not have one crisp clear strategy for achieving your stated goals. In that case, use the heading strategic themes instead.

3. Restrict yourself to no more than three of four bullets for each part.

4. Leave out Part I unless you have a very targeted and clear strategy, otherwise itwill get in the way and confuse the reader. It’s Parts II – IV that really matter.

5. Write for the CEO. When you craft the words, consider that the CEO is the audience for your one-pager not a technically savvy audience. The value of the one pager is to communicate with senior management.

Give it a shot. You will be surprised what will come out.