Tag: DigitalTransformation

Enterprise IT Is Not Weird, But Misread

Why does the business find it so hard to work with Enterprise IT? Every change request feels like a battle. Mutual trust is often lacking, replaced by repeated walkthroughs and document signoffs. Seeking project approval across multiple levels feels like navigating a mountain of red tape. Systems that have worked for years are suddenly replaced. The business grows weary of excessive pre-production testing. Cyber risk is sometimes perceived as an excuse for slow turnaround times and escalating costs. And, oddly enough, IT often speaks in “geek” language as though the business can fully understand it.

These are not merely misunderstandings, they are misreadings. Left unaddressed, they can foster a toxic workplace culture and give rise to a “shadow IT” environment.

Enterprise IT Is Naturally Risk-Averse
Risk aversion in Enterprise IT is not arbitrary, it is necessary. IT is trained to anticipate and mitigate risk. Cyber threats are inherent, constantly evolving, and increasingly sophisticated. Even without any apparent fault, a zero-day exploit, a surge in user demand, or an error from a trusted vendor can disrupt operations.

The global outage caused by CrowdStrike’s configuration update in 2024 is a notable example. Similarly, the Clop ransomware attack exploiting a zero-day vulnerability in Oracle E-Business Suite in late 2025 caused significant economic damage. These risks may seem remote, but they are very real.

Effective risk mitigation requires a deep understanding of business processes, data flows, downstream impacts, and threat profiles. It also involves identifying any deviations from established cybersecurity safeguards. Much of this effort is invisible to the business, as IT quietly embeds protections throughout the project lifecycle-from design and development to testing and operations.

Meanwhile, the business is time-sensitive and outcome-driven. It prefers off-the-shelf, best-fit solutions with minimal concern for delivery models such as SaaS (Software as a Service), ERP (Enterprise Resource Planning), or bespoke systems. IT, however, must ensure compliance with enterprise safeguards such as 2FA (two-factor authentication) and privileged access controls. Achieving seamless integration with selected solutions is often complex.

Tension naturally arises when priorities differ and assumptions go unchallenged.

Simple Changes Are Not Really Simple
In an integrated technology landscape, even trivial changes can have far-reaching consequences. For example, adding a data field to a user interface may require database schema updates, cache refreshes, API (Application Programming Interfaces) changes, regression testing, and scheduled downtime. To the business, this can feel like unnecessary resistance.

Conversely, some seemingly complex changes, such as migrating from local credentials to enterprise-wide SSO (Single Sign-On) may be relatively straightforward if both the application and identity provider adhere to industry standards. Without proper communication, however, this can appear inconsistent or arbitrary.

Anecdotal evidence suggests that well-maintained systems rarely fail. It is precisely IT’s role to ensure that changes are implemented so smoothly that they appear uneventful.

Difficult by Design, Not by Attitude
It is fair to say that Enterprise IT can be difficult to work with but largely for reasons that are invisible or poorly communicated.

IT views the organization as an interconnected ecosystem. Business workflows rarely begin and end within a single function. For example, manpower planning may involve headcount data from Human Resources, budget inputs from Finance, and training considerations supported by IT. With a cross-functional perspective, IT seeks opportunities to enhance overall user experience across the enterprise.

In project development, effective IT teams avoid reinventing the wheel. They build reusable components, shared services, and abstracted data layers. This is not an overreach or a dilution of business ownership; it is a deliberate effort to reduce redundancy and improve efficiency in future initiatives.

Tightly coupled systems often involve fragmented ownership and competing stakeholder priorities, making consensus-building more complex. When projects seem to involve too many stakeholders or require lengthy discussions, it is not necessarily bureaucratic inertia. Rather, it can be a deliberate attempt to reduce prolonged back-and-forth communication later.

Certainty Prevails, Surprise Hurts
Enterprise IT works best with certainty, not surprises. The business understands its needs and priorities best. However, in an input–output relationship, vague specifications and frequent changes often produce suboptimal systems.

Ad hoc project work must be queued as there is rarely idle capacity within IT teams. Pre-go-live testing by the business typically validates documented logic, but not error paths or out-of-bound inputs that may occur in real-world scenarios. Technology obsolescence, vendor support, and spare-parts readiness are often overlooked when there are no immediate business issues. If the system isn’t broken, it is left untouched.

A sufficient level of certainty enables IT to pre-empt risks and maintain alignment with business objectives, avoiding re-work and conflicts.

Communication Gap Is Default, Not Personal
“We will decommission the EOL system soon. Kindly prepare for UAT, focusing on all CRUD functions, as we must uphold the SLA. Please avoid any PEBCAK errors.”

The overuse of acronyms may be perfectly clear within IT, but to the business, it can sound like a foreign language.

Similarly, a report stating, “The system stalled for 20 minutes due to 10,000 concurrent users exceeding the designed capacity of 5,000,” may fail to address root causes, accountability, or remediation plans. It may even mislead stakeholders into believing the issue is acceptable as long as usage stays within design limits.

Like oil and water, communication between technologists and business stakeholders does not naturally blend-it requires conscious effort.

Shared Fate, Shared Impact
Business and IT must recognize that they are closely interconnected; failures in one will inevitably impact the other, and ultimately the enterprise as a whole.

Responsible IT does not rigidly follow business requirements. Instead, it strives to enhance quality and deliver additional value by identifying opportunities across the enterprise.

IT functions most effectively in organizations with strong governance, clear ownership, and aligned accountability. In contrast, in environments with fragmented or idiosyncratic practices and impromptu requirements, IT may appear unnecessarily rigid, difficult, or even “weird” when in reality, it is simply misread.




Copyedit: ChatGPT

Just Too Many Digital Chiefs

Like a medical specialist providing in-depth and expert care in a specific area, the tech industry has seen a similar shake-up in recent times, resulting in a plethora of high-sounding titles such as Chief Analytics Officer (CAO), Chief Artificial Intelligence Officer (CAIO), Chief Data Officer (CDO), Chief Digital Transformation Officer (CDTO), Chief Information Officer (CIO), Chief Information Security Officer (CISO), Chief Knowledge Officer (CKO), Chief Machine Learning Officer (CMLO), and Chief Technology Officer (CTO). This trend is ongoing, as evidenced by the myriad of executive programs offered by Ivy League colleges and training schools for those keen to qualify.

The rapid tech advancement has caught many enterprises off guard. The surge of chief titles like CAIO and CMLO appears to be a knee-jerk reaction to the phenomenal growth of generative AI. In the past few years, many CISO appointments were fast-tracked to comply with regulatory mandates in some parts of the world, requiring a dedicated chief for cybersecurity amidst escalating cyber breaches and privacy invasions. On the other hand, the once in-demand CKO hiring of the late 1990s is fast-fading, likely ousted by the CDO and CAO amid a shifting focus to big data and analytics. Lastly, the de facto tech chief, the CIO, has seen its technology portfolio mostly taken over by the CTO, often to spare focus on technology.

Obviously, we do not need a management professor to tell us that too many chiefs without a chief of the chiefs would be a grave mistake in corporate governance. For instance, should the CISO be accountable for the security of an AI system? Intuitively, yes, provided the CISO has veto power over the AI because accountability requires control. From frivolous data to business insights and invaluable knowledge, should the CKO be rejuvenated and made responsible for all these seemingly discrete domains, thus offloading responsibilities from and right-sizing the CIO and CDO? Ironically, does the CDTO really fit the bill of a digital chief with goals to transform business? Realistically, must all the chiefs bear the same titles and compensations if their job sizes differ?

Nobody would argue if the Chief Executive Officer (CEO) were to be the overall digital chief, given how tech has been transforming industries and businesses. A level closer to the head of the organization allows for more direct communication, level brainstorming, and faster decision-making. However, this is impractical given the day-to-day management chores. For non-tech, non-profit, and end-user enterprises, IT is mostly a tool, not a strategy, and an expense rather than an investment that hardly creeps into the KPIs (Key Performance Indicators) of the CEO. Also, it takes more than a tech-savvy CEO to oversee the work among the digital chiefs, dealing with operational issues and personnel conflicts.

It is an opportune time to rehash the chiefs’ departments if you have close to a double numeric of digital chiefs, especially when some have no direct reports. The CIO debuted in 1980, and the CTO in 1990, when the first batch of CIOs had already been functioning well for a decade before relinquishing their tech function to the CTO. The CIO nomenclature has suffered from a birth defect with a missing specific – Technology – despite it being a substantial part of their roles. Given the continuous advancement and escalating reliance on technology, it makes perfect sense for a new chief function, the Chief Information Technology Officer (CITO), to take on both portfolios. In fact, the CITO role has emerged in recent years as a response to the increasing importance of technology in organizations, likely evolving from the CIO and CTO roles.

There are CISOs reporting to an independent entity, such as the Board, CEO, or a corporate chief on risk management, citing autonomy without being undermined by the CIO or any other chief. Unlike audits, the CISO is not an inspect-and-control function; it is the inherent cybersecurity knowledge and skills that are most valued. The CISO should be an integral part of the CIO department, incorporating security design and operating requirements into any tech development. The CISO should also be the party to endorse tech implementation and operational changes. Checks and balances can be achieved through independent audits, external consultancy, and certifications like ISO 27001 Information Security Management System.

Data does not lie but stops short of saying anything if it is not clean. Like clean water to humans, pristine data is the lifeline to AI, and the CAIO, CDO, CAO, and CMLO, despite each taking a different spin on it. The CDO should define relevant policies for data ownership, cleansing, protection, sharing, and retention, govern and coordinate efforts among the business units to ensure compliance and resolve disputes. Separately, the CAO focuses on data analytics, using tools like Excel, Python, SQL, and SPSS to justify business actions and decisions and subsequently measure performance. Raw data is akin to unrefined ore; it’s abundant and contains potential value, but in its unprocessed state, it lacks clarity and insights. Combining the CDO and CAO functions into a Chief Data and Analytics Officer (CDAO) provides oversight and management controls for transforming raw data into valuable insights.

The CMLO, equipped with strong mathematics, statistics, and coding knowledge, builds algorithmic models for applications such as generative AI, behavior analysis, and pattern recognition. The CAIO, with a similar background, spearheads AI direction, strategies, ethical use, and staff training across the entire enterprise. It is an ecosystem where the chiefs interact and work to embed AI seamlessly in all business functions.

In the context of the CDTO, the latest kid on the block, Tech and Digital are not interchangeable. As the name implies, digital transformation aims to modernize the business by leveraging progressive tech advancements. Transformation is disruptive, often requiring mindset changes, new learning, and critical thinking to debureaucratize the organization. Besides possessing necessary business acumen, having a clear mandate and authority to make decisions is crucial for effectively addressing and overcoming objections. The emergence of the CDTO is timely, fueled by attainable technologies such as Cloud, RPA (Robotic Process Automation), next-generation ERP (Enterprise Resource Planning), and the prevalence of BPO (Business Process Outsourcing) that enable businesses to own their transformation.

Except for the CDTO, all tech chiefs have either a share of operational duties or a high stake in them. In a unified approach, tech-related activities such as strategic planning, manpower forecasting, and budgeting should be integrated and coordinated across the enterprise, rather than being siloed among separate digital chiefs. This collaborative approach ensures alignment, efficiency, and effective resource allocation, enabling the organization to achieve its goals and business priorities cohesively and strategically. As the saying goes, “A house divided against itself cannot stand.” By working together, we can build a strong and resilient organization that thrives in today’s fast-paced and competitive landscape.

Merging the CIO and CTO functions into CITO and combining the CDO and CAO into CDAO are pivotal steps prior to integrating the CAIO, CMLO, and CISO functions into the same CITO office. Partnership hinges on individuals, but an integrated system, once built, will be long-lasting regardless of personnel changes and how technology evolves. Transformation is not a transient function, and the CDTO, primarily a business function, should stay abreast of technological changes and continue to lead the effort.

With the optimized hierarchy, the CITO, with combined functions of CIO, CTO, CAIO, CMLO, and CISO, will report to the CEO or their deputy, as will the CDTO and CDAO with combined functions of CDO and CAO. Knowledge will become on-the-fly with proper safeguards when generative AI becomes more intelligent and widespread, thus diminishing the CKO’s role further.

Organizational changes are risky. Dealing with potentially inflated titles, re-designation, and job resizing may unsettle many incumbents. It reminds one of those heated debates between centralizing and decentralizing tech functions in a large enterprise. Ultimately, organizations persevering through these changes will benefit from agility to cost savings, clarity of ownership, accountability, less politicking, a healthier workplace, and, finally, emerging as leaders in their industry.



*Copyedited by ChatGPT, https://chat.openai.com/chat