Some organizations are creating new technology forums, building the expertise of corporate directors, and strengthening IT governance—all with the aim of allowing boards to guide management by asking the right questions about technology.1  But what are the right questions at a time when digital technologies are beginning to disrupt industries and mastering these technologies may be the key to long-term survival and success?June 2013 | byPaul Willmott

By Paul Willmott,  director in McKinsey’s London office.

The particulars of each enterprise’s situation will, of course, determine the focus of the discussion and the detailed questions to ask. However, across industries, every corporate director—IT savvy or not—will benefit from reviewing the following questions as a starting point for shaping a fruitful conversation with management about what the company needs to do to become a technology winner.

1. How will IT change the basis of competition in our industry?

Technology is making boundaries between industries more porous and providing opportunities for attacker models. For example, in the banking industry, online consumer-payment products such as Square—a mobile app and device that enables merchants to accept payments—are challenging traditional payment solutions. Free Mobile, a French telecommunications attacker, has captured significant market share by offering inexpensive mobile voice and data plans, in part by offloading some of its traffic onto the home Wi-Fi access points used by its broadband customers.

For incumbents in many sectors, technology is becoming an arms race. Companies are harnessing technologies such as social media and location-based services to reinvent the customer experience and capture market share.

Questions to ask:
•Who are our emerging competitors?
•How is technology helping us win against traditional and new competitors?
•How can we use technology to enter new markets?

2. What will it take to exceed our customers’ expectations in a digital world?

Customers are being educated by e-commerce leaders like Amazon and Apple to expect an ultraconvenient experience, personalized in real time. Attackers in many industries are differentiating themselves from incumbents through convenience and service. Digital finance company Wonga, for example, settles loans in 15 minutes.

As a result, customer expectations are rising quickly. Simply meeting these enhanced expectations can be a major effort for organizations that were not born digital. For instance, retailers may need to step up their development of digital channels. Banks, insurers, and telecommunications players may need to automate end-to-end sales and service processes so that customers can interact with the company in real time in an error-free digital environment. The bar is high for delighting customers in a digital world. Often, doing so requires investment in sophisticated big-data capabilities that use social, location, and other data, for example, to attract potential customers to product promotions at stores in their vicinity.

Questions to ask:
•How does our customer experience compare with that of leaders in other sectors?
•What will our customers expect in the future, and what will it take to delight them?
•Do we have clear plans for how to meet or exceed their expectations?

3. Do our business plans reflect the full potential of technology to improve our performance?

Technology expenses can be high, but they are relatively small compared with their potential to boost the operating performance of the business. Technology can improve business performance by driving revenues (for example, by using big data for cross-selling in digital channels), reducing overall costs (for instance, by automating end-to-end processes), and lowering risk costs (for example, in insurance, by using social-media data to aid risk calculations). Technology can also have a negative impact on performance (for instance, by reducing margins given increased transparency about pricing in the market).

By seizing the opportunities and mitigating the threats, companies can dramatically improve their performance. One retailer has doubled revenue growth by investing in the digital channel. A bank is targeting a 10 percent reduction of operating costs through automation of end-to-end processes. Ultimately, the strategy that emerges from an assessment of opportunities and threats should be an integrated plan that shows how the business will beat the competition using information over a multiyear horizon, not simply a revised annual IT budget. With the right agreement on the scale and scope of the opportunity and threat, the level of investment in IT becomes an outcome rather than a constraint.

Questions to ask:
•Has the P&L opportunity and threat from IT been quantified by business unit and by market?
•Will our current plans fully capture the opportunity and neutralize the threat?
•What is the time horizon of these plans, and have they been factored into future financial projections for both business and IT?

4. Is our portfolio of technology investments aligned with opportunities and threats?

The portfolio should clearly reflect the business opportunities and threats at stake. It also needs to be dynamic—executives must avoid the temptation to reuse the allocations from the previous year’s budget without a close review. Companies should balance short-term P&L opportunities (for example, upgrading digital channels), medium-term platform investments (such as customer databases), and carefully chosen longer-term bets (for instance, piloting new, digitally enabled business models).

Regular, often quarterly, portfolio rebalancing is needed, as assumptions can change quickly. Many companies, for instance, recently cut investment in the Internet channel, as customers have switched to mobile apps. The portfolio should also be managed to keep execution risk in an acceptable range. On average, large IT projects run 45 percent over budget and 7 percent over time, while delivering 56 percent less value than predicted. These risks can be managed by monitoring the portfolio carefully and deploying effective processes that assure value will be created.2

Questions to ask:
•How well is our IT-investment portfolio aligned with business value with regard to opportunities and threats?
•How well does the portfolio balance short-term and long-term needs?
•Do we have effective value-assurance processes in place to mitigate execution risk?

5. How will IT improve our operational and strategic agility?

IT has a significant effect on operational business agility (for example, time to market for new products), as well as on strategic business agility (for instance, the ability to extract synergies from an acquired business or the ability to connect systems to a distribution partner).

Leading businesses are continually using IT to improve business agility. For example, one logistics operator has created a control room where the location and condition of assets such as rolling stock can be viewed in real time, enabling a swift response in the case of equipment failure.

Business agility is underpinned by the agility of the IT function itself—its ability to design and implement changes to systems rapidly at low cost and risk. IT agility can be increased by changing the systems landscape (for example, by reducing the number of systems), improving data quality (for instance, by creating enterprise data standards), optimizing IT delivery processes (for example, by applying lean-management techniques), and building flexibility into sourcing arrangements (for instance, by buying processing capacity on demand in the cloud).

Leading businesses measure and manage both business and IT agility, ensuring that the business can respond competitively.

Questions to ask:
•How does our business and IT agility measure up with that of our competitors?
•How do our IT plans increase our business and IT agility?
•Are our sourcing relationships increasing or reducing our agility?

6. Do we have the capabilities required to deliver value from IT?

Technology alone delivers no value. It’s the combination of a clear strategy, the right technology, high-quality data, appropriate skills, and lean processes that adds up to create value. Any weak link in this chain will lead to poor value delivery from IT.

For example, one telecommunications company introduced a new IT system to support cross-selling in stores but found that revenues didn’t increase until the quality of customer data was improved, staff were trained in how to have the right conversations with customers, and sales processes and incentives were realigned.

Leading organizations actively assess their capabilities in these dimensions and target their weak spots. One bank, for example, recently created a group data-services team to improve the quality of data across the enterprise.

In many sectors, a shortage of IT-literate talent in the business is creating a bottleneck. Contrary to popular belief, the majority of executives can, with the appropriate training, learn how to manage value from IT. But capability building must start at the top. Some companies have put their top 200 managers through IT boot camp as a way to start the process.

Questions to ask:
• Do we have the capabilities needed to drive full value from our existing IT systems?
• What are the weakest links in our capabilities?
• Do we have enough IT-literate executives?
• What is our plan for upgrading capabilities?

7. Who is accountable for IT and how do we hold them to account?

In most organizations, accountability is clear for functions such as finance and human resources. In HR, for example, performance can be tracked using a scorecard of intuitive business metrics such as attrition. But accountability for IT is not always so well-defined. So-called shadow IT functions—such as IT developers hired into the marketing department to build social-media apps—can sometimes be out of reach of the core IT function. The emergence of roles such as the chief digital officer and chief data officer can further confuse the picture. Moreover, the IT function can’t be held solely accountable for delivering value from IT. Lower process costs, for example, benefit business units and functions other than IT.

IT can also prove hard to measure. All too often, volumes of technical data are presented instead of a limited set of intuitive, business-relevant metrics. Measures of IT productivity or the bottom-line value delivered by IT are seldom available.

Leading organizations define a clear IT operating model, which determines exactly who is accountable for IT activities such as developing apps, managing data quality, or implementing IT solutions in business processes. The operating model must be aligned with business priorities. Centralized models dominate when cost or control is a priority, whereas businesses seeking growth and agility often adopt federalized IT structures. Whatever the model, IT leaders should be held accountable through scorecards that measure value delivered to the business in the form of efficiency, agility, and risk levels. Scorecards should be intuitive for even the least IT-savvy board member, and they should be aligned with executives’ incentives.

Questions to ask:
• What is our operating model for IT, and is it aligned with our business priorities?
• Who is accountable for delivering business value from IT—both overall and by activity?
• Are those accountable being measured using business-friendly scorecards that create the right incentives?

8. Are we comfortable with our level of IT risk?

Cybersecurity is a significant and growing IT issue. Every large company’s security has been breached, and most executives have a poor understanding of the risks. But cyberattacks are just one category of IT risk. A failure of a small software component can cost a company a lot of money in customer compensation. IT systems can also cause business-conduct risk—for instance, if automated recommendations to cross-sell products conflict with regulatory requirements.

Companies need a comprehensive system for managing IT risk that assesses the full range of risks (for example, hacking attacks, vendor failure, and technical failure) and addresses the root causes, which include redundant technology, incorrect policies, poor processes, and insufficient oversight.

Questions to ask:
• Do we have a comprehensive understanding of the IT risks we face?
• How is our level of IT risk measured, and is it aligned with the company’s overall risk appetite?
• How are we reducing our IT risk on an ongoing basis?
• Who is responsible for overseeing the level of IT risk?

9. Are we making the most of our technology story?

IT is already on the minds of analysts, customers, regulators, and shareholders, and interest will rise as enterprises become increasingly digital. In many industries, digital is likely to become the predominant sales channel. Companies should therefore be ready to communicate their IT strategies externally.