IT

The New Strategic Imperative

By John O'Brien    //    Volume 26,  Number 2   //    March/April 2018

I registered for college classes so long ago that the most advanced technology I experienced amounted to state-of-the-art clipboards. Today, I occasionally look around in awe when I consider how nearly everything about the student experience at our colleges and universities has changed. For today’s students, technology is everywhere, involved in everything we do—and yet we are still in the early years of an inexorable digital transformation. Just as home appliances that communicate with one another on our behalf are reshaping our domestic lives, so too are emerging technologies such as predictive analytics, artificial intelligence, and the internet of things transforming the student experience.

This remarkable moment—when technology is strangely both emerging and ever-present—offers the perfect time for governing boards to reflect on the ways they are engaging in strategic conversations about technology. At EDUCAUSE, we believe that many boards and administrations may be missing opportunities to engage in more meaningful and frequent conversations about strategic technology, which is not only a key differentiator but also a necessity for meeting an institution’s strategic goals and mission.

Over the past decade or so, there is convincing reason to wonder how and how much boards should engage on this timely topic. For example, Richard Nolan and F. Nolan McFarlan, in the October 2005 issue of Harvard Business Review, acknowledged the growth in IT and concluded that most boards are “in the dark” about IT investments and strategy, noting that, while “dangerous,” it “may seem excusable” given the lack of IT governance standards in place at the time. Six years later, AGB’s November/ December 2011 Trusteeship article “What’s the Next Big Thing for Boards?” included a strong call to action relating to technology, concluding that “boards are often not sufficiently tuned in to the ‘technology tsunami’ that is rapidly threatening to engulf higher education … and we are not ready.”

The most recent AGB survey data from 2013 find that, although 71 percent of board members believe online education will be “important” or “essential” at their institutions, only 19 percent feel they are well-informed and demonstrate “appropriate strategic engagement” when it comes to educational technology. Twenty-eight percent “don’t know” or characterize their engagement as poor. Our EDUCAUSE data also find evidence of a strategic opportunity that may be missed. For example, even though information security has been at the very top of the EDUCAUSE Top 10 IT Issues for the past three years in a row, 8 in 10 campus strategic plans include no mention of IT risk.

Any disconnect is concerning since information security is such an institutionwide issue. This is true both in the way a security lapse can result in broad financial and reputational damage and in the degree to which cross-divisional collaboration is required to address information security risks. It is no surprise that when we consider where responsibility for information security practices lies, central IT comprises the largest group by far, but in literally every information security area, from network security to data privacy, responsibility is increasingly shared (and in the case of data privacy shared equally). Given that inviting catastrophe takes no more than a single lapse in judgment from only one person, institutionwide collaboration and shared urgency around information security is vital, requiring training, awareness, and action that extend across multiple stakeholders and all campus divisions.

The strategic scope of information technology is not expressed solely through the risks involved, but also through the important strategic contribution IT can and will increasingly make. In fact, some of the greatest institutional challenges that vex presidents and boards—such as the student success crisis (see related article on page 26) and the opportunity gaps that afflict our most vulnerable and underrepresented students— find their most promising remedies in technology innovations and emerging software systems. Student advising systems, graduation planning tools, and a host of other systems powered by predictive analytics will play a key role in helping institutions realize critical strategic goals.

If the governing board at your college or university has not yet engaged with technology as a strategic asset, no one should be blamed. After all, it wasn’t terribly long ago when IT was primary understood to be a utility—a remarkable, promising, and often inscrutable utility, but a utility nonetheless. And there is a long tradition of categorizing IT with other utilities, as something that magically works when you turn a tap handle or plug in an appliance. One CIO recently talked to me about this legacy perspective in which IT was expected to be “silently awesome,” a utility you didn’t really know was there until it broke. Needless to say, this view of IT is about as far from strategic as you can get.

In 2018, it’s hard to imagine anyone saying that IT is a utility that can be safely ignored until it breaks. However, if you total the number of board discussions about your campus finances, enrollment, or facilities, how would the number of technology discussions compare? And when technology is discussed, is it assumed that IT is a strategic asset? If the topics that bring technology to the board are responses to specific incidents or pro forma budget reviews, the answer is likely no. If proactive conversations about technology strategy, including the impact and potential impact on teaching and learning, are not recurring features on board agendas, the approach can’t be truly strategic, however well-intentioned everyone involved may be.

We should also recognize that at times, some legacy thinking may still exist within the IT department itself. “Many IT leaders are too focused on technology and not enough on the core business of the college or university they serve,” said Michael Kubit, vice president for information technology and CIO of Penn State University. “As IT leaders, we need to help executive leadership and governing boards better understand the strategic value of IT as it relates to our institutions. IT organizations should be strategically pivoting from a culture focused on providing services to one of enabling and empowering the use of technology. If IT is perceived as a utility, we have no one to blame but ourselves.”

When you are running a utility, protecting the operation and saying “no” may make sense, but as Joshua Singletary wrote in the February 2018 EDUCAUSE Review, “To be successful in the changing landscape of technologies and user needs, IT will need to become a partner rather than a gatekeeper.”

However, it’s also possible that even as campus IT functions as a strategic partner, its effectiveness will be stalled if the senior IT leader is not part of the strategic decision-making fabric of his or her institution. How can this be accomplished? How can a governing board best ensure that it is appropriately engaged with technology in a way that limits exposure to risk and unleashes technology innovation? Recognizing that every board and campus culture is unique and that no single solution is perfect for all college and university boards, here are a few suggestions to consider.

ASSESS YOUR CURRENT BOARD ENGAGEMENT AND STRUCTURE

Review how your governing board has taken up technology topics over the past few years. Is a technology committee or subcommittee involved, or are technology discussions ad hoc or subsumed in the context of other areas such as finance or facilities? Establish a structure that provides sufficient discussion and deliberation of the strategic implications of technology, aligned with institutional goals and strategies. If your board is among the 80 percent that are not fully engaged, it’s important to explore whether the current structure enables and encourages consideration of a different approach.

In a 2015 Trusteeship article, Angel Mendez, a member of the Lafayette College Board of Trustees and the AGB Board of Directors, suggested a number of diagnostic questions for boards, including:

  • Does the board regularly evaluate trends in higher education technologies as part of institutional strategy?
  • Are IT systems secure and are there up-to-date policies and practices in place to protect the privacy of data?
  • Does the institution have a master plan in place for information technology that is well-aligned with the strategic plan for the institution?
  • Is there a mature governance model in place, executed at the cabinet level, that regularly reviews requests for spending on IT projects and sets appropriate priorities among them in the context of all other requests for capital and operating funds?
  • Are the board committees aware of the return on investment in technology?
  • Can the board see clearly how the institution weighs investments in technology within the context of its entire budget?

Mendez writes that the decision to establish a short-term or ongoing technology committee hinges on whether the board has considered these (and other similar) questions and can answer “yes” to most of them.

IS TECHNOLOGY AT THE TABLE AT YOUR COLLEGE OR UNIVERSITY?

While boards explore their level of engagement with technology issues and opportunities, it also makes sense to consider the strategic placement of IT within the campus. AGB’s 2017 “Board of Directors’ Statement on Innovation in Higher Education” acknowledges that “the technology revolution has only begun,” innovation is crucial, and “boards should ensure that campus technology professionals are thoroughly involved in those projects that depend on technology for their success.” In addition, the statement argues that “presidents must also consider the strategic placement of technology within the organization,” concluding that “it will prove difficult for technology to serve as a strategic asset for innovation if the CIO is not at the table when key decisions are made at the cabinet level.”

There is no question that having the campus CIO reporting to the president or chancellor is a surefire way to ensure that IT is “at the table,” but reporting lines may not always be the instrument that ensures an appropriate degree of strategic influence. The essential need is for the CIO to serve on the president’s cabinet. EDUCAUSE research shows that when CIOs serve on the cabinet, they are far more likely to discuss the broader implications of IT with executives and shape institutional strategic directions, including those academic directions for which technology offers such promise.

EDUCAUSE Core Data Research maps out the opportunity, finding that less than a third of senior IT leaders currently report to the president/chancellor, and just over half (55 percent) sit on the cabinet, numbers that have not changed considerably over the past decade. In another EDUCAUSE survey, only 44 percent of CIOs say they experience “alignment among institutional leadership,” evidence that inclusion in the cabinet is likely the best way to strengthen strategic considerations of technology. The alternative is risky, as retired former EDUCAUSE presidential fellow and CIO Brian Voss recalls. At one campus, he was told that even though he wasn’t serving on the cabinet, he should rest assured that “if there are any IT issues, we’ll call you in.” Instead, he was left wondering how, without IT at the table, anyone would be able to know when or whether to make that call—or whether the call would come too late.

Invariably, information security risk is a powerful exclamation point when it comes to talking about IT’s strategic role because the stakes are simply so high. In a February 2018 report issued by EDUCAUSE and Deloitte’s Center for Higher Education Excellence, Phil Ventimiglia, Georgia State University’s chief innovation officer, is unmistakably clear: “If you really believe in cybersecurity and the importance of technology to the operation and future of the campus, then the CIO or whatever role is leading technology for the institution should be at the cabinet level.” This strategic placement within the campus cabinet is a two-way street, as Neil Kerwin, American University president emeritus, insists. “With a seat on the cabinet,” he said, “the vice president of information technology educates colleagues on the senior management team and is educated by them. That works its way ultimately up to the board of trustees.”

INCLUDE INFORMATION SECURITY IN RISK MANAGEMENT REVIEW

In 2014, AGB published a “wake-up call” report that lamented lack of governing board engagement on enterprise risk management (ERM) and issued a call to action, noting that ERM “offers an approach for assessing threats and seizing opportunities” that governing boards should adopt. At that time, fewer than four in ten boards actively used ERM processes, and among those that didn’t, half had no plans to do so. ERM demands that consideration of risk not be done on a reactive basis, and it’s easy to see how an established ERM approach by a campus governing board encourages the kind of proactive strategic approach to IT advocated here.

While board discussion about the risk of an information security breach may not be the most calming conversation for a CIO or chief information security officer (CISO), discussions about risk can easily give way to conversations about the strategic lynchpin that technology has and will increasingly become. A typical ERM chart, like the one from the University of Wisconsin’s 2010 Enterprise Risk Management Handbook, includes IT risks such as an “IT system failure.” On the one hand, this reinforces the potential danger of an IT system crisis; on the other hand, it also reinforces the strategic value and institution-wide criticality of IT. Handled with care by a forwardfacing governing board, a conversation that starts with the risk of an IT failure will evolve into a conversation about the potential, promise, and value of technology across the institution.

A CAUTIONARY NOTE: TAKE THE HIGH ROAD

When boards turn their attention to technology and deepen engagement in technology issues and opportunities, it’s important to settle into the right altitude. IT matters can sometimes pull even the most disciplined board down into the weeds of operations, a situation that benefits neither governance nor management. The strategic engagement I am recommending should never devolve into depriving campus leadership of the right and responsibility to manage and lead appropriately. Ultimately, board micromanagement and operational involvement risk delays, declining morale, and diminished organizational effectiveness, and distract the board from the effective execution of its fiduciary duties. Balanced and thoughtful engagement with an IT leader responsible for managing strategic assets brings out the best in everyone and builds a triangle of trust among the governing board, the president, and IT leaders.

A few years ago, my son was trying to call a friend, but the cellphone froze up. He was doing that thing where we push buttons harder in case that will help the software work better. Eventually, he let out an exasperated sigh and said, “I can’t dial any numbers on this stupid phone!” Then he froze and looked at me, intrigued. “Wait a minute,” he said, lifting up the offending device. “Why do we say dial a phone?” The reason is that technology moves faster than language—faster, in fact, than just about anything these days. As challenging as the race may be, college and university boards and leaders must commit themselves to keeping up—not only with the technologies, but also with the people, processes, polices, and governance. The sooner we give both the challenges and the opportunities our full strategic attention, the better.

The owner of this website has made a commitment to accessibility and inclusion, please report any problems that you encounter using the contact form on this website. This site uses the WP ADA Compliance Check plugin to enhance accessibility.