By Bob Coppedge, Owner & CEO, Simplex-IT
Increasingly, businesses of all sizes rely on their IT strategies for success. However, the cost of having a full-time, C-level individual oversee those strategies is often prohibitive. If that’s true for your business, then consider a virtual CIO (vCIO), also known as a fractional CIO.
The role of chief information officer (CIO) was first formally created in the early 1980s. The primary responsibility is to act as a formal bridge between the business needs of an organization and its IT resources. This means that ideal CIO candidates can discuss business processes, strategic issues and market trends, as well as issues pertaining to technology like cybersecurity, cloud vs. on-premises systems and performance monitoring.
Some startups may not feel an urgency around strategic planning if they have minimal competition, have stumbled onto some initial big wins or have highly-profitable product or service lines that make it easy to ignore vulnerabilities elsewhere in the organization. But in a time when every line of business within almost every company is reliant on some form of technology, few organizations can have that strategic conversation without IT permeating throughout.
Another common issue: With some exceptions, IT departments are often focused primarily on “keeping the blinking lights blinking.” Their roles and actions haven’t been integrated with the primary business goals of the organization. This means they have no frame of reference for discussing business outcomes, and the organization doesn’t perceive this lack as important. It’s time to change that.
No Full-Time CIO? The Right and Wrong Ways to Deal
CIOs with a proven track record are expensive, usually prohibitively so for most in the growing-business world. As a result, businesses often use one of three traditional strategies to meet their needs without a full-time, executive-level IT leader:
1. Faking it
Either someone in IT does their best to take part in business-strategy discussions and translate those into a technology strategy, or someone from the business side tries their best to dig into technology strategy.
2. Seagull CIO
When organizations feel they just need a push in the right direction, they’ll bring in a consultant to act as the CIO on a project-by-project basis. We use the term “seagull” because consultants in this role often “fly in out of nowhere, make a lot of noise, drop a lot of mess, and fly away.” It’s not a long-term solution by itself.
3. Virtual/fractional CIO
This is what we’re going to focus on in this article. It’s a sustainable strategy by which an organization has engaged a third party to be the CIO, but not as a full-time employee. This person or organization brings the tools and experience necessary to perform CIO responsibilities and works to understand the business’s technology needs.
vCIOs as Part of an Existing Service
Smaller businesses, or those whose operations aren’t technology-centric, often assign someone in-house to figure out IT — whether that’s the finance person, the office admin or someone who just “knows computers.” The next-most-popular IT support model is using a third-party expert or managed service provider (MSP).
The MSP is responsible for some or all of the IT operations of its clients. Services are delivered primarily remotely, proactively and on a subscription basis. The traditional MSP relationship comes in lieu of the client having dedicated IT employees.
A newer subset of this model is what I call co-managed IT services (CoMITs). In this model, the MSP and internal IT employees work together to support the organization. The combination controls costs while bringing business awareness to IT operations.
In furtherance of the business awareness goal, many MSPs are now including some form of vCIO service in their offerings. Some make it a cornerstone of the client relationship; others do little more than throw the term into the agreement. Be careful here: If your MSP and its vCIO services are truly in sync with your organization, then this is a great advantage. If not, then you’re doubling down on a disconnect.
Cost of a Fractional CIO
Like any senior leader, an experienced CIO is expensive. The average full-time CIO will run $100-175,000 plus benefits, and geography and industry will sway that number significantly. Since the vCIO isn’t a full-time employee, your cost will be less.
How much less depends on the scope of their involvement: If the vCIO is brought aboard simply to regularly verify and/or validate progress, such as with quarterly reviews, annual summits and occasional status calls, then costs could be 10% of the full-time employee cost. This vCIO is more of a coach or guide, with the rest of the management team doing the operational work. More operational involvement, of course, comes with a higher price tag. It’s not unusual for a vCIO relationship to start with operational involvement on a dedicated project, followed by an ongoing coaching relationship.
3 Steps to Take Before Engaging a vCIO
1. Define expectations.
Ensuring the success of a vCIO goes well beyond paying the bill. The vCIO has to engage with management to have a chance at success. If they’re only dealing with the IT resources, you’ve hired a glorified and expensive IT manager. You need to budget time for your management team to meet with the vCIO, especially in the beginning. It’ll help quickly determine whether you’ve got the right person in the seat and pay dividends in the end.
Management will have to understand this as a necessity, not an option or luxury. One of the clearest warning signs of an ineffective business-IT relationship is what I call “IT abdication.” This is when top management feels that since they’ve hired an employee/vCIO/MSP, they no longer have a responsibility to understand anything related to IT. That’s never true.
I’m also a firm believer in doing some self-discovery prior to interviewing vCIO candidates. You absolutely want them to be integral in determining the IT direction of your organization, but you don’t want them, an outsider, applying only their own cookie-cutter view of “how IT should be.”
Does your current planning strategy include any IT components? If so, dust them off and review, specifically regarding how your new vCIO can be directly useful and responsible. If not, then go through a simple “IT tabletop review.” It’s a two or three-hour meeting that involves your top management and top IT team member. Break it into five topics:
You don’t want or need to go into detail; that’s the vCIO’s job. But get an idea of where you think the organization currently stands. You’ll start to see a pattern develop in terms of your organization’s needs according to management. Then, you can see if your current IT team’s assessment aligns with that of other managers.
2. Determine scope.
At this point, you should have an understanding of the issues the vCIO will address at your business. Now, it’s time to translate that into the scope of the vCIO’s work.
Some critical decision points:
Abdication vs. immersion
Boy, this is critical. Are you looking for a vCIO because you or others in management are doing your best to avoid facing your IT issues? If so, are you looking for the vCIO to enable that behavior (easy, but very dangerous) or to help change it (harder, but best in the long run)?
Trainer/mentor vs. strategic partner
Is your goal to groom your current IT department head to become CIO or to bring in a leader for that team who will be a full partner with management?
Aspirational vs. operational
Are you looking for the vCIO to be more focused on taking the organization to the next level through the use of IT or just make the status quo more functional and efficient? There’s no wrong answer here, and the answer is likely a combination, with a primary focus on one or the other.
Long-term vs. short-term
Are you looking for this relationship to be part of a long-term strategy or only to get you past certain challenges? If the latter, what are those current challenges, and do they have well-defined success metrics?
Determine why you need a fractional CIO now, specifically. Consider the penalty of doing nothing. Finish this sentence: “We need a vCIO now because ...” If there isn’t a clear statement that deals with specific aspects of your organization, then you haven’t sufficiently thought this through.
3. Plan to measure productivity.
Once you define the vCIO’s role at your particular organization, it’s time to build your KPIs for accomplishing those objectives. Go beyond the standard IT-related KPIs, and develop metrics specific to your goals. (Hint: If they’re not related to the issues that drove you to bring the vCIO aboard, then you’re looking in the living room for something lost in the basement because “the light’s better.”)
Here are some generic goals for a vCIO that you can make your own.
Upgrade organizational appreciation of IT.
Non-technical management should understand the value of IT and how it helps them succeed. They should willingly participate in conversations aimed at improving and expanding the business as a whole through better use of IT.
Upgrade IT’s understanding of the business.
All internal IT staff should understand the core principles and operations of the organization, and they should likewise willingly participate in conversations aimed at improving and expanding the business.
Develop a 1–3-year IT operational budget.
Although certainly not finalized, IT budgets should be in place and understood, including equipment replacement cycles, licensing and other predictable costs.
Develop a 1–3-year IT project plan.
Similar to the budget, there should be an IT plan that is fully integrated with plans for the entire organization.
Develop specific project plans.
If you brought in the vCIO to make specific changes (e.g., project implementations), then create specific project plans for those changes, including schedules, assignments and milestones.
vCIOs and Cybersecurity
The skills you’ll need from your vCIO will vary depending on how you use IT in your business. One skill that’s not negotiable is a solid understanding of cybersecurity. Every organization needs a strategy, and the evolution of that strategy never stops.
Any organization with the same cybersecurity strategy six months from today will be more vulnerable than they are today, and more vulnerable still 12 months from today, and so on. And any organization that plans on incorporating IT into its business operations is at risk, period. Part of a fractional CIO’s role is to make sure that management is taking cybersecurity seriously and minimizing that risk through a multilayered security plan.
The Bottom Line
A man was walking by a barn one day and discovered it covered with bullseye targets. In the center of every target was an arrow, dead center. He then noticed a young lad leaning up against the barn with a bow, a can of paint and a brush. As an amateur archer, he wanted to meet this sharpshooter.
“Young man! How is it you’re able to hit dead center on every target on this barn?”
The young man laughed. “Easy. Shoot first, paint the target second.”
Some vCIOs will come in with predefined strategies and reporting. Some organizations will want the vCIO to play by their pre-established rules. In both cases, you’ll end up painting your target wherever the arrow lands.
IT is hard. Keeping tabs on an industry that completely reinvents itself every few years is a challenge. The realities of cybersecurity and evolving threats just adds to the complexity. Plus, there’s the ongoing evolution of your technology strategy as you evolve your business strategy. It’s easy to get it wrong, but getting it right is a great opportunity.
Be sure to paint your target first.
Bob Coppedge is owner and CEO of Ohio-based Simplex-IT. Author of multiple books on co-managed IT and outsourcing CIO functions, Bob is a prolific writer, speaker and thought leader in the IT channel.