Tips From an Interim CIO

With companies facing diverse challenges in this struggling economy, corporate leaders are looking to IT as an integral part of their overall performance-improvement strategy. The management of IT operations can have a dramatic impact?both positive and negative?on a business?s ability to overcome challenges, remain competitive and succeed.

In my experience, the following four points are vital to an enterprise?s IT operation, whether the organization is in a crisis or simply looking to be more efficient.

1. IT effectiveness and cost-management models

In troubled economies, as well as in robust economic times, companies should make IT effectiveness a top priority. Analyzing key IT areas?such as budgets, assets, projects and people?will often yield actionable and valuable insights. This is the first step toward creating a cost model of IT spending that highlights areas for improvement, shows where money is being spent, and aids in the management of budgets and forecasts.

At a minimum, the IT cost model should capture capital and operating costs, as well as IT headcount and transition services costs (when applicable). Cost-management plans can usually be completed quickly, depending on the size of the organization, degree of centralization and quality of record-keeping.

The cost-management process is even more important if a company is going through a transition, such as a transaction or restructuring. For example, in the case of a carve-out transaction, the elimination of transition-services costs (such as seller charges for e-mail, financial or payroll systems) is critical?especially in situations in which these costs overlap with infrastructure build-out costs for the new entity.

2. Transition of IT personnel

It?s essential to ensure that the right IT talent is in place to help execute a company?s technology strategy, especially when role redundancy is lacking and a limited number of people control the keys to the IT ?kingdom? (including security and asset management). To mitigate this business risk, companies must have a transition plan in place, especially when employees are in transition. Often, the legal department can be involved as an independent function to assist in the control of key system passwords.

3. The program-management triangle: scope, resources and time frame

The more complex IT project initiatives become, the more you should focus your executive management team on the following core elements of the program-management triangle: scope (business needs/functionality), resources (people and money) and time frame (project schedule and deadlines).

A change in any side of the triangle has an impact on at least one other side?and usually two. For example, if the business continues to add new scope (IT project requests) to the existing IT backlog list, then the resource requirements will need to increase or the project timelines will need to be adjusted, or both.

The triangle method can be helpful to the CIO, not only in managing projects, but also in engaging and educating other parts of the business (such as the executive suite) about the resources needed to meet business needs and deadlines. The triangle method is also helpful to the IT governance process and can optimize technology investment decisions with business owners.

4. Disaster recovery readiness testing

The lack of IT disaster recovery readiness is best exposed during a catastrophic event. A disaster has to happen only once for a company to realize that its disaster recovery plan wasn?t adequately tested. I experienced this firsthand as an interim CIO for a New Orleans public entity after Hurricane Katrina.

It is essential that companies have a game plan in place to keep the business operating should a hurricane, flood or other disaster occur. In addition, IT must regularly and adequately simulate tests to ensure its ability to recover, if ever needed. Ideally, systems should be tested once a year. The cost of investing in and testing a disaster recovery capability should outweigh the potential cost of a business interruption.

Disaster recovery plans will differ, depending on the size of the enterprise, but they are no less important for smaller companies than larger ones. For smaller companies, a disaster recovery plan may simply include off-site storage of business applications, operating systems and data. For larger companies with broad networks, branches and multiple offices, all core IT operations must be backed up and recovery must be tested annually via third-party contracts.

Anthony Treccapelli is a managing director with Alvarez & Marsal, a global professional services firm. He leads the firm?s National Information Technology Solution team in New York.