• Moderator: Jim Metzler, Vice President, Ashton, Metzler & Associates
• Rowan Snyder, CIO, KPMG
• David Michael, CIO, United Business Media Group
• Joanna Young, Chief Information Officer, Corporate Information Systems & Enterprise Services, Liberty Mutual

Jim: Is the CIO a technical job anymore? For example, inside Liberty there are business projects with an IT component.

Joanna: We are organized to partner with internal business clients or vendors who provide objectives and business requirements. We strive to figure out the smallest amount of an IT investment we can make to get this to work.

Rowan: We have both. Part of the dilemma is that the thing that sells the best is fear. I don’t want to use that to get business.

Joanna: One good example is security from an application perspective. It’s hard to talk about security investments in business terms. We put it into terms like “this is what it will cost us if we DON’T do this.” For example, a solution for spam required us to do research into what it was costing us overall. Once we put it together, the business was all for it. You have to put your business hat on and think “how can I make this important for a businessperson?” If you can’t, you may need to ask yourself why you’re pushing services on them that they may not need.

Jim: Can you give us insight into business-IT alignment? What about governance?

Rowan: Governance is the hardest part of IT. It’s not like the technology is easy. If it’s a business project with an IT component, I don’t usually get involved. It comes down to overall budget. The infrastructure we own and let people know exactly what it will cost to do it. We are a distributed IT firm, there are multiple groups. This is the most distributed and risk-prone organization I’ve worked in. It can be difficult for the business to exert control. It demonstrates risk, in security, compliance, methodologies, etc.

Joanna: Governance has become a word that nobody wants to use. It suddenly implies that IT is the holder of all the money and they are the ones that get to decide. We stopped using that word and position IT as a strategic business partner.

David: We have a highly decentralized IT set-up. We have about 600 globally and around 40 in the headquarters. We have 10 CIOs for each division, and within each division it is decentralized. We try to run each unit as autonomous. This is a close alignment with IT and business. However, then the problem of how do you have commonality between divisions and collaboration?

Jim: How can you minimize risk in distributed environment using standards and procedures?

David: The reality is it can be impractical for an organization. You end up with a patchwork of platforms and technologies. We have to accept that we’ll have multiple solutions. We can attempt to push a standard, but overall have a much more relaxed approach to manage everything. There is a lot of equality between divisions in what they can choose to purchase.

Joanna: Standards are easier to apply the further down the staff you are. The most important thing with any of this is to understand why you are making the decisions. If there is a process and pros and cons are identified, there is a clear record of why decisions were made.

Audience Poll: Everyone raised their hand that MORE standards were needed.

Audience Question: Are there inefficiencies in the data center in terms of energy and green IT? What are you doing about it?

Joanna: Everyone focuses on cars for carbon footprints. But, it’s really buildings…and then data centers. The data center has the same importance as any other efficiency. They need to be running as cheaply as possible. Corporations have a responsibility to make sure they are energy efficient.

Rowan: We recently did a carbon footprint analysis, and found that half of carbon comes from electricity, with half of that from the data center.

David: Every company does have a responsibility to look at its carbon emission globally. Consider international travel, flying, etc. As much as possible, we are not building data centers. We are using other people’s data centers in an effort to get out of the data center business.

Audience Question: How do you balance the good from standards with agile development and possible roadblocks?

Joanna: Luckily agile development is under the CIO’s control. You can see the lifecycle and savings that occur. When I look, I check what the standards are that I’m measuring by.

Jim: Does web 2.0 have any business meaning in your environment? If so, what are you doing about it?

Joanna: I’ve been in IT for 20 years. It’s another component to business IT investment, and has to be presented as such. As IT professionals we have a responsibility to identify what Web 2.0 is, and then translate to see if there is anything the company should be doing with it. Monitor it based on your current portfolio, and consider its impact.

David: It’s pretty important to our business as a media company. I don’t think it means one thing, it’s a term people use to talk about the web and what’s going on online. From mobile, to ajax, cloud computing or mashups - you can draw multiple conclusions. More and more business is being done online. We have a lot of growth opportunities online.

Rowan: Compliance, security, and privacy issues just explode with Web 2.0.

QUESTION: Some are raising that the privacy aspects of this thing, you know, sharing of that kind of data, very personal data, among four countries is quite a scary thing.

SECRETARY CHERTOFF: Well, first of all, a fingerprint is hardly personal data because you leave it on glasses and silverware and articles all over the world, they're like footprints. They're not particularly private.

Sounds like he's confusing "secret" data with "personal" data. Lots of personal data isn't particularly secret.