Wednesday, September 21, 2016

Breakthrough or Buddy-up - Two Strategies for Chief Digital Officers

Growth of the Chief Digital Officer (CDO) role has been incredibly rapid over the last few year, reflecting the increasing importance of technology to organisational success and survival.

However not all CDO roles are created equal, with enormous variation in their responsibilities, resourcing and capability to generate change, in the form of digital transformation, in the organisations they serve. Some have direct responsibility for business lines and IT teams, others serve primarily as advocates and influencers in the C-suite, with little in the way of direct reports or operational responsibilities.

The candidates appointed as CDOs have also vary enormously in background, some from 'pure' IT careers, others from a mix of IT and business and still others from business-based disciplines.

 An additional complication is that due to there being so many new CDO roles emerging, in many cases both the organisation and candidate are new to the role. This means the definition of the role might not be as clear as for well-established and understood roles, organisations may be less clear on what characteristics they require.

 A new CDO must also find their way and negotiate their position in the C-suite in a game of reverse musical chairs, where other executives may be looking for ways to gain advantage from the new seat and player at the table.

(Graphic courtesy of CDO Club.
Keep an eye out for the Chief Digital Officers Worldwide update for 2016)

In many cases CDOs have been external hires, including from international sources. Some public sector organisations have brought in experience from the private sector, though I've not seen the reverse as yet.

This can add additional complexity to the role. An 'outsider' brings their own cultural and workplace practices, which is often an advantage in a CDO role, but can require a significant adaptive phase for both the Officer and organisation. New CDOs from different environments can require some time to build the relationships and alliances necessary to achieve results and to learn how to navigate an organisation's formal and informal decision-making processes.

When it comes to performing the role successful, there's a spectrum of strategies available to a new CDO.

At one end of the scale there's the 'breakthrough' approach, where the CDO mandates and forces change on an organisation.

At the other end is the 'buddy-up' approach, where the CDO functions as an expert adviser and councillor, supporting colleagues and staff to make change themselves.

I've been fortunate enough to observe both approaches in practice, witness the comparative successes and failures over time.

In this post I wanted to provide a little insight into how these strategies can, and are, applied, the potential outcomes for the choice a CDO makes and what organisations should look for when hiring the right CDO for them.

Looking at the 'breakthrough' approach first - in its purest form this is a 'no holds barred', even violent, way to stimulate organisational change by actively pushing through any barriers to digital transformation.

It requires a forceful and driven CDO with massive resilience who is prepared to take on personal consequences for their strategic approach. Within an organisation it often results in adversarial situations where a digital transformation is imposed on unwilling business and IT areas, ending careers and bruising many survivors.

Internationally many CDOs who have adopted this strategy to a significant extent have had quite short tenures, coming into an organisation and driving digital transformation relentlessly for a year or two, then either moving on to the next appointment or requiring a personal break to rebuild their resilience.

It is not a tactic for executives who wish a long-term career with a specific organisation, or even in a specific industry or country, as the crash through tactics are not congenial to building good long-term relationships and alliances.

Used strategically this approach can break down long-term barriers to change and innovation, squeeze out old-fashioned and outdated thinking and renew an organisation to move forward in a more cost-effective and digital way. Some organisations may require this 'shock treatment' to shift from their current track to a more sustainable one, whereas the buddy-up approach would not provide significant impetus for them to transform.

Used poorly, this strategy can alienate potential allies, damage competent individuals and generate a 'winners and losers' culture, where people feel forced to choose sides. Any resulting digital transformation can be short-lived, reliant on the CDO remaining in their role, with other executives and middle-managers rolling back to their comfort zone after the CDO is gone.

A common tactic for individuals who oppose this approach is to simply wait until the CDO moves on, although sometimes repairing the damage a breakthrough strategy does to trust and respect within an organisation can take years.

The buddy-up approach is far more collegiate and is built on alliances and expertise rather than direct power and force. This strategy is better attuned to patient executives who are willing and able to spend the time building trust and leading executives and staff to a place where they feel empowered to choose adopt digitally transformational changes, rather than having these changes forcefully imposed on them.

The approach builds good long term relations and suits executives who wish to build a long-term career in an organisation or across a sector. It works well in situations where a CDO has little direct power (direct responsibilities or budget) but is a respected key influencer, with peer-level access to others in the C-suite.

The speed of digital transformation achievable using this strategy tends to be far slower, particularly in the initial stages, than via the more aggressive breakthrough approach and may not suit organisations that require a rapid transformation. However, in the longer term, the pace of change can accelerate rapidly as it no longer must be solely driven by the CDO but has become embedded in how the organisation operates.

For organisations with firmly bedded down cultures, there's a risk that the buddy-up approach will get lost in the mix, with the CDO's efforts absorbed into the organisation rather than propagating change. We've seen this many times in the past, where the introduction of a new approach becomes so diluted within the existing culture that, like a drop of ink in a glass of water, it vanishes without a trace.

Used strategically the buddy-up approach is very effective at bringing the organisation with a CDO, generating a deep-rooted top-to-bottom change in culture over time. By avoiding adversarial and 'winner take all' situations, staff across the organisation retain their unity in being on the same team without aggressive competitive, or even bullying, behaviours.

Used poorly the buddy-up approach can be ineffective, with the CDO ignored, or their efforts co-opted and absorbed into business as usual without the level of digital transformation required by an organisation. Also, due to a slower ramp up as trust relations are built, the approach can be too slow for organisations facing imminent threats to their survival.

Fortunately many CDOs understand that their role involves using a blend of the strategies above, based on their resources, influence and environment. Knowing when to apply a breakthrough strategy rather than a buddy-up strategy is the real art of being a CDO, and organisations should be careful to select executives who have demonstrated a careful balance of both, even in situations where one strategy needs to be dominant.

The real danger for organisations - and CDOs - is when they rely too heavily on either the breakthrough or buddy-up strategy.

An over-reliance on breakthrough risks any digital transformation successes being short-term, poorly embedded in an organisation and leading to a 'pushback' that can damage digital initiatives in the organisation for years to come.

An over-reliance on buddy-up can conversely result in a failure to implement the digital transformation required, leaving an organisation in a worse position as its rivals and markets shift.

When hiring CDOs, it's important to not just look at their past short-term successes in transformation, but also their record of fostering enduring digital transformational change and strong relationships.

Those who rely too much on breakthrough tend to have shining successes to their credit, but poor senior relationships and a trail of past engagements where organisations cannot demonstrate significant lasting business value from the CDO's efforts.

CDOs who prefer buddy-up approaches can appear to have less spectacular careers, with most of their successes shared, but come well-recommended and respected. Again it is important to consider if their past engagements have resulted in lasting business value to the organisations they have served.

For those aspiring to be a Chief Digital Officer, it is important to develop the capability to apply both breakthrough and buddy-up strategies, and particularly the emotional intelligence to know which is appropriate to apply. Having experience using both strategies effectively is of enormous benefit when seeking a CDO role.

It's also critical for those stepping into a CDO role to understand and negotiate the use of breakthrough and buddy-up strategies, to ensure that the CEO, Board and other executives understand why the CDO is taking a particular course at a particular time.

A CDO more experienced with buddy-up strategies will need to communicate clearly why the alliance approach to collective change is being applied when working in an organisation that took on a CDO to aid in a rapid digital transformation.

Conversely a CDO selecting breakthrough tactics will need to make it clear why they are choosing an aggressive approach to digital transformation to avoid alienating other executives and staff who may feel trampled or excluded, and losing their mandate before the transformation is embedded.

Most importantly for any prospective or new CDO is the ability to know your own strengths and weaknesses, and seek opportunities where your personal attributes are beneficial to your role.

Using myself as an example, in my roles in large organisations I've often strayed too far into breakthrough territory, reflective of my past experience in business startups, where speed of outcomes is paramount over relationships or process. I've also had several roles where breakthrough was the only viable strategy due to the timeframe and environment.

I have learnt from others, who have mastered the approach, to apply more buddy-up tactics - particularly during my experience in government, where strategic alliances are essential to foster deeper and longer-term digital transformation.

However my natural inclination is more towards breakthrough, and I perform better in environments where, on balance, I can use this strategy more often.

Others may find they naturally prefer to apply buddy-up strategies, or are evenly balanced between the two.

Whatever your personal preferences, you'll likely do best in a role that reflects how you operate.

However regardless of whether you're applying breakthrough or buddy-up strategies, keep in mind the ultimate goal - to redesign organisations to be successful in a digital world.

Organisations live or die by their people, and selecting the right match of CDO and organisation, and the right blend of buddy-up and breakthrough strategies is essential for their digital transformation and success.

Read full post...

Thursday, September 15, 2016

Farewell to GovSpace.gov.au - a bold and successful government initiaitve

On the 25th August the Department of Finance in Canberra announced that its bold experiment in providing a central website infrastructure for agencies, Govspace, was coming to an end after almost seven years.

I still remember feeling excited at the original launch of Govspace.

At the time I was working in the Department of Health as Online Communications Director.

I was theoretically responsible for the department's entire web presence, although many of the 150+ websites operated by the department were directly controlled by the business area funding their development.

It was still a time when business areas wanted a new website for every new initiative and would pay through the nose for those sites.

Business areas would often spend tens or even hundreds of thousands of dollars to digital agencies, or our internal IT team, to have each new site built.

It was a frustrating time for me as there wasn't a simple way for the department to procure low cost sites. We didn't have the capability to easily build or buy websites based on open source web content management systems (WebCMSes), such as WordPress, that used free or cheap themes rather than hand-crafted custom-designed graphical interfaces.

Even Health's internal IT team had to charge six figure sums for simple websites due to the costs they had to incur and offset when using the department's mandated internal web content management platform (Lotus Notes) to deliver them. Each internally built site had to be custom coded and designed by experienced IT staff, making it a relatively slow, as well as expensive, process.

So when the Australian Government Information Management Office (AGIMO) in the Department of Finance unveiled Govspace in March 2010, the floodgates opened.

Suddenly every agency could access a low-cost open source webCMS on pre-approved secure government infrastructure. It could be used to deliver both small specialist websites as well as services such as blogs.

Finance were trusted, reliable, secure and a central government agency - one of 'us' (government) not one of 'them' (private sector companies).

Govspace launched with a single pilot site, the Department of Treasury’s Standard Business Reporting blog. The platform expanded quickly, reaching 25 sites using the platform in a year.

I was one of the first to leap on. I worked within Health to dissuade one of our Communications teams from paying a digital agency at least $40,000 for a new website for an information campaign and convinced them to trust me (and Finance) to make use of the Govspace infrastructure - which at the time came at the very attractive price of 'free'.

Finance was able to spin the site up in a matter of weeks, WordPress was easy to use, so the Comms team was able to directly put the content in place. We had the website live within six weeks - compared to a 3-6 month process with a digital agency.

In the end we did spend some public money, about $42 on a custom WordPress theme, but saved the department over $35,000.

At an internal planning day shortly after the site went live the Comms team proudly shared how easy it had been to get the website in place. This lead to a flood of interest from other area.

That one site raised the internal awareness that the Department had been paying too much for websites, leading to enormous savings over time.

Govspace wasn't designed to cater for every site - it was primarily a platform for simple Gov 2.0-style sites, with blogs and other interactive features. Even so my team helped put at least another half-dozen new websites onto the platform over the next few years.

Even when Finance had to bite the bullet and start charging agencies for the costs they incurred for the platform, Govspace remained one of the lowest cost website options for government.

You can read the posts from the first birthday of Govspace, from AGIMO's then Branch Manager, Peter Alexander (now COO for the Digital Transformation Office) and from AGIMO's Mike T (with my comment still below).

Govspace continued to grow in use over several years, with over 110 government sites using the platform at some stage. The chart below shows the traffic for periods I've been able to source data for.



Over the last few years the site has seen a natural decline as agencies shifted to GovCMS, Drupal or their own lower cost WebCMS frameworks.

Today Govspace hosts 26 live public sites - virtually the same number as the platform had after 12 months.

With Finance's decision to close the platform all those sites will have to move to their own infrastructure by the start of 2017. After that, Govspace will be no more.

While this makes me sad, I support the decision by Finance to close down the GovSpace platform. It had a good run. However Govspace is fast being replaced by more modern web platforms, particularly GovCMS.

I'd like to personally thank all the relevant staff at the Department of Finance for how diligently they ran and maintained the platform, even after AGIMO was disbanded and running a whole-of-government infrastructure stopped being an important role for the department.

While for many inside and outside government the closure of Govspace might be seen as just the termination of a 'surplus to needs' service, I believe this is the end of an era for government IT.


Govspace was instrumental in revolutionising many aspects of how Australian government viewed digital.

The platform helped transform how Australian government agencies looked at website development and costs.

The use of WordPress for a public whole-of-government platform also widened the door for open source software to be considered by agencies.

Govspace helped propel government web sites from a 20th century 'brochure-ware' approach to become more engaging and interactive.

The impact of Govspace has echoed across government, and will continue to echo for years to come as agencies continue on their digital transformation journeys.

Farewell Govspace and thank you to everyone involved with the platform. Your contribution to government's digital transformation has not been overlooked.

Read full post...

Monday, September 12, 2016

Confusing innovation with outcomes

I've been involved in an interesting Facebook chat around the definition of a startup, which has coalesced my thoughts on the approach of organisations towards innovation.

Innovation has become a buzzword in the last few years, with both corporations and governments focused on the notion that they need innovation to remain effective and relevant.

I've been fundamentally uneasy with a lot of the views expressed around this notion. From the Australian Government's '#ideasboom' to the notion that appointing an Innovation Director who in some way takes 'ownership' of innovation for an organisation, will solve an organisation's competitive and cost-efficiency challenges.

I also have my concerns about the ideation processes springing up across government and the private sector.

It's great to see the flood of ideas and the unclogging of the old-fashioned 'suggestions box'. However these processes need to be well-supported with training and capability to assess the ideas and then help people to realise them in practical trials, to really determine which really do solve problems or improve outcomes.

Don't get this wrong - I'm a big proponent of innovation.

The process of identifying a problem (that often others do not see), of finding a new solution (whether involving old or new technology) and of then testing and trialling that solution until it becomes clear whether it's an improvement or not is essential to every organisation who wishes to continue to exist.

However focusing on the ideas and innovation is a confusion of process and goal.

Ideas and innovation are tools to solve problems. They are not ends in themselves.

Ideas are a thousandth of a bitcoin a dozen and anyone who sets out to 'innovate' is starting with the wrong end of the stick - the process, not the desired outcome.

Instead organisations should focus on the other end, the problems, preferably invisible and painful ones. They can be considered 'big' or 'small', this doesn't matter - what matters is that there's significant pain caused by it, and significant benefit to solving it. Solving a problem that costs every employee only 5 minutes each day will save an organisation with 1,000 people 416 hours per week - the equivalent of ten staff, or 1% of their headcount.

Often the best problems are invisible to most people in the organisation, they simply work around the problem, using manual steps to bridge processes, walk the long way around an obstacle and eventually forget that it is there.

'Managing' the problem becomes part of the basic experience, the social norm, of working there, just like the example in the video below - and very few question it.


The real innovator is the person who both thinks - why is that obstacle there? AND then acts to remove it.

A simple test that can be performed in any organisation is to put a chair with a sign 'Please do not move' on it in the middle of a regular walkway.

Look at who walks around the chair, versus those who complains about the chair being there, versus those who actually take an action to remove the chair as an obstacle.

You want people who are prepared to address the obstacle on your problem-solving team. They are the people prepared to ask 'why is this so' (identifying the problem), then experiment with potential solutions to remove the problem from the equation.

For organisations that wish to set a higher bar, change the sign to read, ''Please do not move. By order of the CEO - this area is monitored by CCTV'.

Now you'll really find out who is willing to take a risk to achieve a better outcome.

Ideas and innovation remain critical tools for problem-solving, and fostering both within organisations is critical, but avoid the trap of confusing them with the improved outcomes that their use is designed to achieve.

Treat them as tools, not goals and avoid building complex systems and hierarchies around who is 'allowed' to use them within an organisation.

Everyone in your organisation has ideas. Everyone can innovate. Not everyone can identify the problem, visualise a better outcome and use ideas and innovation as tools to turn that visualisation into reality.

Use ideation processes and Innovation Directors to foster an environment where problem-identification and solving is the social norm for your organisation.

To foster an environment where the reaction to a new problem or inefficiency is to take action to address it, trying different approaches until the optimal solution is found, rather than to kick it upstairs, ignore it or simply 'walk around' it with more staff and expense.

The most successful organisations - public and private - will be those that foster active problem-solving, not nebulous 'ideas' or 'innovation'. Those that remain clear on what are the goals and what are the tools.

Read full post...

Wednesday, September 07, 2016

Don't ask for more information than you need (and make it clear why you're asking what you're asking)

I've just become aware of the ACT Government's consultation for a new license plate slogan.

Hosted at Your Say, the government is asking for ideas for a 30-character or less slogan, with the best ideas to be put to a public vote later this year.

I support this type of consultation approach - it provides for broad public input, with a screening step (via a panel of judges) to manage any inappropriate suggestions before a public vote.

The consultation also does a great job of explaining the process timeframe; when the decision will be made and when the license plate will be released.

One of the 'tricks of the trade' for consultations - and and engagements - is to ask the minimum number of questions required to meet the purpose of the process.

While there's often temptation to ask a few additional questions, where data might be interesting but is non-essential to the consultation's purpose, each additional question can reduce the response rate significantly.

These additional non-essential questions can also call into question what the consultation is actually designed to achieve. This can, at worst, lead to suspicion and loss of trust, but at minimum is likely to cut the honesty and number of responses, potentially damaging the ability of the consultation to achieve its purpose.

Sometimes, of course, there can be questions that appear non-essential but are necessary for the consultation to achieve its goals. In this case, the organisation engaging should make it as clear as possible why the questions are being asked, without damaging the engagement process itself.

Unfortunately it seems that the ACT government hasn't fully thought this through in its license plate slogan consultation.

Alongside asking for the slogan and where the respondent lives (important for getting ideas expressly from Canberra residents), the slogan also asks for the name and a contact number/email, as well as age and gender.

While the consultation does a good job of explaining why name and contact information might be useful, so that the finalists and winning respondent can be contacted, it's unclear why either age or gender are required in this process.

Age is a compulsory field while Gender is optional, but realistically neither is important information in the review process, nor is there an explanation as to why the ACT government would need this information.

Now this might seem a trivial thing to the agency involved in the process, after all age and gender aren't hugely personal information and, in the case of gender, is often determinable from name alone.

However by adding these fields - whether compulsory or not - the response form becomes that much more complex, and can discourage some people from responding.

That doesn't mean that this process won't get a good response rate, but it is likely to be less than it would otherwise be.

Of course it's hard to prove this in this case, as we don't have the luxury of an AB test to compare approaches - but from experience, overall responses go down when additional (and unnecessary) questions are asked.




Read full post...

Wednesday, August 31, 2016

Have you been pawned? What could Australian governments do to reduce the frequency of data breaches

Data breaches at major organisations have become a weekly event, but don't always make it into the public eye for months, or even years, after they happen.

This is both because it can take some time for an organisation to become aware it has been breached and because few organisations are forthcoming about security concerns.

This lack of willingness to communicate breaches can be because many fear a loss of respect or trust if they admit a breach has occurred, and in certain cases companies may even be liable for fines or damages in a class action.

Of course, not declaring breaches can also come with a sting in the tail. Individuals might find some of their other accounts become compromised, or experience monetary or identity theft - in extreme cases people can find themselves in debt, their property sold, or even be gaoled.

Governments in Australia have been slow to put measures in place to protect citizens in these circumstances - even forcing citizens to take them to court to rectify these situations, as a Canberra homeowner recently had to do.

Unfortunately in Australia it's not even mandatory for data breaches to be reported, so there's limited information about how widespread the threat or cost actually is, making the situation even harder to deal with.

I subscribe to a service (Have I Been Pawned?) that alerts me when a service I use is reported as hacked - but even this is largely limited to international online services and it remains very slow to discover when these hacks occurred.

The example below shows how Dropbox has only in the last few weeks acknowledged a hack in 2012 which exposed the details of over 60 million people - that's more than twice Australia's population. Their information (including mine) has been traded online by the hackers.
Dropbox breach

Now some people might consider this a normal part of living and doing business in the internet age - but should we?

There's a number of steps that both governments and commercial organisations can take to reduce the impact of these types of breaches and help ensure they occur far more rarely.

The first step is a mandatory requirement to publicly notify everyone who may be affected by a breach within a week of it being detected, with a mandatory public announcement of the breach within two weeks.

If the notification is made on a timely basis, organisations should not face a significant fine from the government, but if notification is late, they should face a fine equivalent to a significant portion of their gross income for the previous year.

Where organisations are breached, they should be legally required to, at their own cost, identify the cause and rectify it, putting in place appropriate security measures to prevent recurrence and fix any other identified security issues with their system.

Organisations should also be put on a three-year watch list, where if they suffer another breach and cannot demonstrate that they maintained their security infrastructure to a sufficient standard, are subject to that very significant fine detailed above.

This should apply across both private and public organisations - with government agencies held to the same high standard of conduct. In fact it could be argued that government should be held to an even higher standard due to being required to maintain public trust and how certain agencies may compel information from individuals and store it for their lifetime.

Governments should also set up positive security regimes, where people are rewarded for identifying and reporting security holes in government properties. Corporations could also be provided with incentives to do the same, such as subsidising rewarding and rectifying appropriate security issues in a similar way to R&D subsidies.

The government needs to work with governments around the world to ensure that laws punishing identity theft - fraud - are sufficiently strong to create a strong disincentive for anyone who might be caught either perpetrating a hack or benefiting from it. There's already a base in place for this, but there's ways to strengthen it and treat identity theft with the degree of severity it requires.

Finally governments need to ensure they are appropriately educating citizens through a variety of channels - providing educational content, ensuring that no government agency allows users to create weak passwords, training their own staff (essential for national security), training police forces to understand and engage appropriately with citizens who report identity theft and rewarding companies who educate their staff and customers for reducing the overall risk.

Now it is important to be realistic about the situation. Australians use a variety of foreign online services and it is impossible to secure them all, all of the time. Hackers will find ways in via mistakes in ICT configurations, slow maintenance, zero day exploits and social engineering.

However the incident and severity of the data breach risk can be greatly reduced if Australian governments stop turning a blind eye to the issue and begin seriously engaging with it.

At minimum governments need to broaden their cyber security policies to recognise that it's not just the government itself at risk. From here, there's many opportunities, such as those described above, for governments to be more proactive about protecting their citizens from the risk of data breaches, from enemies both domestic and foreign.

Read full post...

Bookmark and Share