Weaving through the red tape

IT executives learn the ropes of working with IT oversight committees that examine their spending.

Belt-tightening in the public and private sectors is prompting creation of IT oversight committees, which comprise non-IT staff, to formally review IT expenses and help make better decisions for organizations. Whatever form these groups take – IT oversight committee, review board or internal auditing board – many IT executives find that a good relationship with these groups can boost the bottom line and make their IT business units more efficient.

Shrinking IT budgets have spurred more scrutiny over spending. IT spending dipped by 5.3% from 2001 to 2002, going from $387.8 billion to $366.8 billion. Technology buying got a slight 1.5% boost last year, with 2003 expenditures estimated at $372 billion, according to IDC. While spending might be on somewhat of a rebound, budgets remain tight – IDC expects spending to be flat this year in many of the economically hard-hit vertical markets such as manufacturing, state government, education and transportation.

The practice of setting up committees of non-technical executives to formally review IT expenditures seems to be taking hold in many companies. Last October at a conference of CIOs in New York, A&P, FedEx and Mellon Financial were among the firms that said they were in the process of establishing so-called IT oversight committees.

To CIOs at public institutions such as universities and hospitals, IT oversight is now a way of life. At Arizona State University (ASU), however, there was apprehension in the IT department about the establishment of a formal IT oversight committee, says William Lewis, vice provost and CIO at the Tempe institution. But the IT department did not have a choice because the state of Arizona passed legislation requiring that all government organizations have a formalized IT spending review process.

In spite of this apprehension, the state of Arizona’s Board of Regents – which oversees ASU; its cross-town sister, the University of Arizona; and Northern Arizona University in Flagstaff – established such a committee in 2000. The Board of Regents reviews IT purchases of more than $250,000. Internal review groups at the schools review lower-lever expenditures.

The committee wasn’t initially met with enthusiasm. “We went in kicking and screaming at first,” Lewis says. “There was talk that they’d be constantly looking over our shoulder, fear of more paperwork and red tape … typical things that come up when changes at this level are made. Then we settled down and realized that in the long run, our best interest was to have a good relationship with the board.”

Because of his good relationship with the committee, Lewis says, he has flexibility to operate his department and take care of unexpected costs without suffering from bureaucratic setbacks. For example, a recent disk array failure in the data center required an immediate replacement. The cost normally would have required a committee stamp, but he went ahead and purchased the needed equipment without consulting the group.

“They are willing to forgive us and accept when we occasionally do things out of policy,” Lewis says. “We know they’re not trying to be a roadblock. That’s due to a mutual respect and trust.”

He says that a beneficial side effect of having the IT oversight committee is that IT groups among the three universities now have a better picture of what’s going on at the other schools. Recently, ASU and the University of Arizona embarked on a joint upgrade of their accounting systems, a project that would have been harder to undertake before the formal IT oversight structure was established.

A key to managing the relationship between the ASU IT group and the Board of Regents’ oversight committee is communication, Lewis says. It was a challenge at first because committee members typically lack technical backgrounds. “Sometimes you have to be very careful of four-letter acronyms and jargon,” Lewis says of dealing with the board. “We try to boil the issues down and have a formal presentation format.”

This is an approach also taken by Dan Moreale, CIO for the North Bronx Healthcare Network (NBHN). “If I talk about our need for a Gigabit Ethernet upgrade or that we need more terabytes of storage for our imaging system, that means nothing to them,” Moreale says. “Our chief operating officer, for instance, is a big baseball guy . . . sometimes I put it into baseball terms.” When appealing for money for a recent network upgrade, Moreale sprinkled his presentation with such phrases as “bottom of the ninth” and “bring in the winning run.” While a bit hokey, the CIO admits, this gets results.

Because the city of New York’s Health and Human Services division governs NBHN, there is no shortage of red tape sticking to NBHN’s IT group, Moreale says. This equals several levels of IT spending oversight, including a hospital board for IT spending approvals and a “capital committee” for the higher-ticket IT purchases. Doing the homework and prepping individual board members before facing the whole group is crucial.

“I never go in and ask for money if I haven’t spent at least a few months building a case for a certain project,” Moreale says.

While working with board members and fine-tuning the message is important, Moreale says CIOs in his situation still have to resign themselves to the downside of heavy-handed IT oversight – waiting.

“Noting gets done around here in less than six months,” he adds. “That’s just the way it is.”

Another healthcare IT executive, Jim Olson, CIO at Waterbury Hospital in Waterbury, Conn., agrees that garnering support from IT oversight board members before meetings is important.

“If I go in there and have someone else saying we need a technology, and it’s not just coming from me, that can be helpful,” Olson says. “Getting people on your side before meetings will keep things from turning into a ‘let’s grill the CIO’ session – most of the time.”