Core IS Capabilities for Exploiting Information Technology

As managers experience more volatile marketplaces, global competition, shortened product life cycles, customer pressures for tailored offerings and tighter performance standards, they increasingly depend on new information systems. The IS components in business solutions must be constructed rapidly and effectively despite the massive changes in IT (information technology) product capability, a restructured supply industry, potential shifts in system development approaches, and new ambiguities in terms of what should be regarded as a business-side versus a technical specialist task. Rockart et al. suggest that the IT organization must address “eight imperatives” that represent a combination of organizational arrangements and target achievements.1 And Ross et al. argue that companies must build and sustain three key IT assets: a strong IT staff, a reusable technology base, and a partnership between IT and business management.2

Our own analysis links the idea of a strong IT staff with two developments that have been prominent in the recent literature and in the thinking of managers with whom we have worked: the concept of core competencies and the potential for IT outsourcing. Consider first the rationale for core competencies. In an increasingly complex, fast-changing world, businesses succeed, it is claimed, through sustained commitment to excellence within a narrow domain. It is simply not possible for any organization to remain competitive, let alone world-class, if it dissipates managers’ attention across many diverse markets and activities when each is subject to potential transformation. Thus we see corporations divesting subsidiaries in order to focus on fewer businesses that exploit their core competencies.3 Phrases such as “virtual” and “hollow” corporations and examples such as Benetton and Nike capture the prescriptions of Quinn and others: successful businesses focus on creating advantage through a small number of core activities, while other activities are outsourced to world-class supplier-partners.4 Hence managers are debating whether IS is core or noncore and peripheral to the future of their business.

Next is the potential for IT outsourcing. The IS/IT domain arguably represents an extreme example of growing complexity and rapid change. Can any business, however rich in resources, manage IS/IT activity through this turbulence as well as third-party providers with wholly dedicated managers? Organizations such as General Dynamics, Xerox, and the UK’s Inland Revenue have concluded huge IS outsourcing deals. Yet, often, these deals are labeled “strategic partnerships,” recognizing that IT exploitation remains a critical (but noncore) element in the future of the business.5

We suggest that this uneasy juxtaposition of terminology indicates a need to apply the analysis quite differently. Instead of focusing on IS as core or non-core, the debate should really center on which IS capabilities are core to the business’s future capacity to exploit IT successfully. This has led us to look beyond the many dimensions of change to focus on the recurring, fundamental issues a company faces, whatever the contemporary specifics of business circumstance or IT product. Core IS capabilities are only those that a firm must possess to respond to these recurring issues over time.

Challenges in Exploiting IT

We see three enduring challenges in the exploitation of IT that a company must successfully address over time (see Figure 1). Companies must retain the capacity to regularly adjust their positioning in each area — and sometimes radically change their chosen business strategies, IT platforms, or arrangements for delivering IS services.

• The challenge of business and IT vision is to address the need (“imperative” in the words of Rockart et al.6) for two-way strategic alignment between business and technology. A company must consistently focus information system efforts to support business strategy. In addition, IT developments can enable new, superior business strategies. For example, Pine et al. have suggested that the operations function of many businesses may be transformed by using IT for mass customization — the simultaneous achievement of low unit costs and high customer specificity.7 Similarly, Rayport and Sviokla have argued that IT is transforming the focus of the marketing function from the “marketplace” to the “marketspace,” allowing new opportunities for distribution, product offerings, and brand exploitation.8 Business and IT vision requires insightful assessments of the myriad claims about what technology can do and how to use it.

• The challenge of delivery of IS services at low cost and high quality is being transformed by the emerging, vibrant services market. While McFarlan and Nolan, Lacity et al., and Earl have contrasting prescriptions, there seems little doubt that businesses will experience much change in the sourcing of IS services for many years.9 Rockart et al. see managing vendor partnerships as one of eight imperatives.10 The first aspect of the delivery challenge is to proactively devise and manage effective sourcing strategies. But the challenge is also more complex than this, involving the assessment and potential adoption of new IT management prescriptions and fundamentally different development methods. As both Rockart et al. and Ross et al. note, there are unprecedented pressures on the IS function to develop new systems faster and to achieve higher performance in the operation of existing services.11
• The challenge of design of IT architecture — the choices of technical platform on which to mount IS services — represents the first critical step in achieving what Ross et al. call the technology asset of the business.12 It is linked closely to changes in technology capability and supplier health. Do groupware products and intranets represent complementary propositions or alternative directions? What impact do low-cost/network-driven workstations have on existing client/server architecture and its providers? To the chagrin of organizations seeking stability over time in their technical platforms, product sectors are quite commonly dominated by companies that scarcely existed a few years ago. The business life cycle of IT companies seems to last years rather than decades. And IT architecture needs to remain open to the changing demands of the host business. With the blurring of organizational boundaries, there may be profound change required in what Keen has called the “reach” and “range” of the platform, with a wide selection of IS services being provided to users beyond the historic confines of the business.13

What the three challenges have in common is the need to continually reassess and reinterpret a basic remit within a turbulent context. A business that cannot update and alter its decisions in these areas will soon be severely handicapped, strategically and economically. We have been searching for the minimum capabilities that enable a business to consistently address the three challenges. Beyond this minimum, the organization may occasionally decide to operate in-house or to contract for services or resources to achieve its IS activities.

Three Research Strands

Our assessment of the core IS capabilities developed from three strands of research: The first strand concentrated on the CIO’s role, persona, and experiences. Based on face-to-face interviews in sixty-one organizations, Earl and Feeny profiled CIOs’ potential to add value to the business, and leading CIOs indicated the capabilities they believed were crucial to the IS function.14 In the second strand, Feeny et al. investigated four capabilities that CIOs consistently highlighted.15 The research showed how target capabilities were delivered and profiled the people who delivered them. An extensive third strand involved IS/IT outsourcing. Lacity et al. reported the findings on outsourcing practice from questionnaires and interviews.16 Most significantly for our purpose, many of the organizations studied directly addressed the scope of the “residual” in-house IS function.17

Looking across the research strands, we find organizations converging from two directions. In the first two research areas, most clearly positioned IS/IT as a strategic resource for the business. The CIOs in these companies focused on identifying and developing the capabilities most directly associated with creating business value through IT. They were less interested in the capabilities required to successfully engage the market of IS/IT service providers, and their views were less developed in this area.

However, the various stakeholders in the third research area generally showed the opposite tendency. Having made significant commitments to IS/IT outsourcing, they concentrated on managing external service providers and the new capabilities required. While they recognized the need to address future business and IT vision, it represented a long-term agenda. Furthermore, they knew that they would have to carefully justify and vigorously argue for the investment in IS capabilities required for the long-term challenge.

Nine Core IS Capabilities

By combining the different perspectives and emphases from the three research strands, we identified the nine core IS capabilities we describe next (see Figure 2). They are required both to underpin the pursuit of high-value-added applications of IT and to capitalize on the external market’s ability to deliver cost-effective IT services.

Leadership

Integrating IS/IT effort with business purpose and activity. Effective IS/IT leaders devise the organizational arrangements — structures, processes, staffing — to address each challenge area and to manage their interdependencies. They set goals and direction in each area. Leaders also influence the overall business perception of IT’s role and contribution and establish strong business/IT relationships at the executive level, and leverage those relationships to achieve a shared vision for IT. At the same time, leaders determine the values and culture of the IS function and instill the belief that an IS staff’s first duty is to contribute to achieving business solutions.

Leadership is, of course, the traditional role of the CIO or director of IT, although the future of that role is sometimes questioned. But our experience consistently reinforces Earl and Feeny’s view that the CIO is personally instrumental in organizational exploitation of IT. In one example, the incoming CEO of an energy utility believed that IT was critical to achieving his vision for the business but found that his predecessor had outsourced the company’s entire IS function. The new CEO recruited a high-caliber CIO and charged him with recreating sufficient in-house IS capability to safeguard the company’s ability to pursue future business directions (see the sidebar on East Midlands Electricity).

Business Systems Thinking

Envisioning the business process that technology makes possible. Managers in the case study companies were commonly concerned about the lack of progress in integrating business development with IT capability. Many were still making IS/IT investments to support aging and inefficient processes or adding to new processes that were designed without considering current IT capability. Experts in business systems thinking understand connections and interdependencies in business activity. They build and communicate holistic views of current organization and activity as a basis for envisioning potential new patterns. Companies that have the capability, such as a major retailer in our research, automatically include IS as an equal partner in every significant business development initiative. By contrast, in a large aerospace business, the CIO was frustrated at her inability to get IS representation in any of the business process reengineering task forces underway. The managers planned to involve IS later, after the primary thinking and design were complete, and the CIO couldn’t convince them that any of her staff could contribute at a more formative stage.

Relationship Building

Getting the business constructively engaged in IS/IT issues. While the business systems thinker is the individual embodiment of integrated business/IT thinking, relationship building facilitates the wider dialogue between business and IS communities.

Specifically, relationship building involves developing users’ understanding of IT’s potential, helping users and IT specialists work together, and ensuring users’ ownership and satisfaction. Researchers and commentators have pointed to the difficulty in achieving this dialogue and referred to the culture gap between “techies” and “users.” While this gap can occur in delivering IS services, we have found that relationship building’s most important contribution is in the creation of mutual confidence, harmony of purpose, and successful communication among those focused on the business and technical agendas. Through education (of both sides) and facilitation, the relationship builders bring together, in constructive dialogue, people who previously found it difficult to talk to each other. In many instances, a single individual has transformed the relationship between an area of the business and the IS function. As a departmental head at one retailer commented: “Things are quite different now; we feel our new contact point with IS is really one of us.”

Architecture Planning

Creating the coherent blueprint for a technical platform that responds to current and future business needs. The need for architecture planning and the challenge of achieving it may be self-evident. Through insight into technology, suppliers, and business directions, architecture planners develop the vision of an appropriate technical platform. They also formulate associated policies that ensure necessary integration and flexibility in IS services, the basis for shared IT services across the firm. Planners shape what Broadbent and Weill have called the IT infrastructure.18

Is architecture planning a core IS capability? The study organizations that had made recent commitments to a largely outsourced IS environment commonly assumed that the task of architecture planning was now one for their suppliers. We question that assumption. Without in-house expertise, a company cannot understand the viability of addressing new demands or the potential for meeting existing demands on a new technology platform with better economics. Nor will an external supplier place priority on moving to a lower-cost platform, unless it results in higher profits, rather than lower revenues, for the supplier.

An automotive manufacturer has, for many years, outsourced most of its IS/IT activity. Through its own significant investment in architecture planning, the company both protects its ability to exploit IT and can negotiate architecture evolution with its suppliers from a position of strength. Similarly, a multinational glass manufacturer that outsourced much of its IT activity retained the skills to identify and manage the common standards required to achieve interrelationships and efficiencies across its businesses.

Making Technology Work

Rapidly achieving technical progress — by one means or another. In the overlap between the challenges of IT architecture design and delivery of IS services is the core capability of making technology work, which requires much of the insight of an architecture planner, with a pragmatic, short-term orientation. In an environment of complex, networked, multisupplier systems, technical “fixers” make two critical contributions: they rapidly troubleshoot problems that are disowned by others across the technical supply chain, and they identify how to address business needs that cannot be properly satisfied by standard technical approaches. Fixers who excel are extraordinarily productive in programming and can work within a wide range of technical regimes because of their understanding of IT’s fundamentals (rather than specifics).

Even organizations that have totally outsourced recognize the need to retain this sort of capability. A leading U.K. retailer outsourced its mainframe operations in 1996. Learning from outsourcing experiences elsewhere in the group, the senior managers concluded that IT applications support amounted to a core IS capability and retained the technical skills to deliver it in-house (see the sidebar on The Kingfisher Group).

Informed Buying

Managing the IS/IT sourcing strategy that meets the interests of the business. A second core IS capability that overlaps all three challenge areas is informed buying, which involves analysis of the external market for IS/IT services, selection of a sourcing strategy to meet business needs and technology issues, and leading the tendering, contracting, and service management processes. In an organization that decides to outsource most of its IS/IT service, the informed buyer is the most important person after the CIO. As one interviewee described the role: “If you are a senior manager in the company and you want something done, you come to me and I will select the vendor and draw up the contract. If anything goes wrong, it’s my butt that gets kicked by you.” Similarly, the IT director of an electronics group commented: “Business-unit-based managers are now responsible for buying IT products and services from our preferred suppliers; they are absolutely critical in giving us control of IT.”

Even companies that retain 80 percent or more IS/IT activity in-house recognize the importance of informed buying. Typically, as spending on outside services gets closer to 20 percent of the IT budget, the informed buying capability develops and becomes separate from the CIO role. There are two trends here: First, business managers require reassurance that the in-house option is truly appropriate and competitive compared to external options. Second, as data centers and other operational activities are consolidated to achieve efficiencies, they provide in-house services on the basis of more explicit, quasi-contractual agreements.

Contract Facilitation

Ensuring the success of existing contracts for IS/IT services. Arrangements for delivery of IS services are complex. Typically, many users within the business receive various services from multiple supply points (external and internal) in detailed, lengthy service agreements. Contract facilitation provides a single point of contact through which the user can ensure that problems and conflicts are resolved fairly and promptly, within a framework of agreements and relationships. It is an action-oriented capability. If service agreements and suppliers were perfect, contract facilitation would not be a core IS capability. But as one interviewee noted: “The users have been bitten a few times when they have dealt directly with suppliers, and it’s a service we can provide, so now we do.” Although contract facilitation is sometimes set up to help manage excessive user demand and cost overruns with vendors, in general, it is a coordinating role that both users and vendors appreciate.

Contract Monitoring

Protecting the business’s contractual position, current and future. As organizations exploit the burgeoning external market for IS services, contract monitoring becomes a core IS capability. While the contract facilitator works to “make things happen” every day, the contract monitor ensures that the business position is protected at all times. Effective contract monitoring means holding suppliers to account on both existing service contracts and the developing performance standards of the services market. It enables production of a “report card” for each supplier that highlights their achievement against external benchmarks and the standards in the contract.

While all our outsourcing case study companies recognized contract monitoring as a core IS capability, we found that they underestimated the extent of the task if outsourcing resulted from executives making snap decisions. The more detailed development of a major outsourcing deal in the defense industry led a senior IT manager to comment: “We need a significant number of people in-house to monitor vendor service performance. In one business unit alone, we have sixteen people working on contracts, six exclusively on the monitoring side. Admittedly, we are still in the settling-in period, but I can’t see the work declining that much.”

Vendor Development

Identifying the potential added value of IS/IT service suppliers. The single most threatening aspect of IS/IT outsourcing is the substantial switching cost. To outsource successfully requires considerable effort over time. In one case, it took more than fifty man-years to arrive at a contract for a ten-year deal worth around $700 million. Sizable implementation requirements followed. To subsequently change suppliers may require equal effort. It is in the company’s interest to maximize the contribution of existing suppliers and also, when outsourcing, to guard against what we call “mid-contract sag.” A supplier may be meeting the contract after two or more years, but none of the much talked-about added value of outsourcing materializes. As the contract manager of a major U.S. bank commented after his firm consolidated and outsourced its data centers: “Sure, the suppliers deliver the contract, but to the letter. They’ve incurred only one penalty in more than two years. But trying to get them to identify the added value that we both talked about at the beginning, let alone deliver it, is very difficult. They’ve had changes in management staff, so they are driven by what is written down rather than some of our initial understandings.”

In vendor development, organizations look beyond existing contractual arrangements to explore the long-term potential for suppliers to create win-win situations in which the supplier increases its revenues by providing services that increase business benefits. A major retail multinational has many ways to achieve this, including an annual formal meeting. One manager remarked, “It’s in both our interests to keep these things going, and we have a formal meeting once a year with our biggest suppliers at very senior levels in both organizations. There are certain things we force on our suppliers, like understanding our business and growing the business together.”

Noncore IS Capabilities

Our analysis suggests that many traditional capabilities of IS functions should be regarded as noncore. Research evidence shows that outsourcing can successfully achieve much IS delivery and development. Lacity et al. provide frameworks for decision making on engaging the external market for IS services.19 Through the core IS capabilities we have described, organizations can exercise the frameworks to utilize a pragmatic blend of internal and external resources in noncore IS roles.

When we share our analysis in workshops with large organizations, participants sometimes suggest an additional core IS capability: project management. In support, they refer to the well-documented problems of large IS development projects. We suggest a more radical idea. If the IS function — through development and deployment of leadership, relationship building, and business systems thinking capabilities — successfully meets the challenge of business and IT vision, there are no large IS projects. Projects become business projects with IS and other dimensions, and project management responsibility passes to business managers. In Rockart’s phrase, “the line takes the leadership.”20 Furthermore, with IT investment concentrated into urgent, critical business projects, IS requirements are compressed. When the emphasis is on achieving an adequate system within a short time, rather than on a complete and state-of-the-art system, project management is considerably less demanding.

Our analysis does not therefore overlook the project management capability but identifies it as an enduring, core, and organizational requirement. However, it may be a transitory requirement in the IS domain, pending achievement of appropriate project management capability throughout the organization. Thus, in a major multinational insurance company, project managers were traditionally located in the IS services division. Several unsuccessful projects led to the analysis that business managers needed to own their new projects but lacked the necessary project management skills to execute them. The company continued to locate project managers in the IS services division but with joint management roles on projects, so they could develop experience. At the same time, the company recruited more people with project management experience into line positions (for a discussion and further examples, see the sidebar on Project Management).

Skills to Achieve Core IS Capabilities

Many IS functions are developing new frameworks for defining and developing the abilities of their IS professionals and managers. Often these frameworks are based on consultants’ “competency” models focused on human resource management and may be deployed more widely across the IS function’s host company. In such frameworks, each competency represents a generic unit of ability or characteristic such as “analytical thinking,” “self-control,” or “results orientation.” Each of our core IS capabilities could be represented as a combination of such competency units. However, in this emerging field, there is little general agreement on the labeling or definition of the building blocks, or even on the level at which a competency is appropriately identified.

Other analysis focuses on skill sets. Lee et al., Todd et al., and Earl have explored the implications of change in the IS function by referring to technical, business, and interpersonal skills.21 As with competencies, there are contrasting definitions of the terminology but general agreement that IS professionals and managers need to demonstrate a changing mix of skills in these three broad areas. Next we measure the core IS capabilities against these areas, adding two dimensions that we have consistently found important: time horizons and value orientations underpinning the delivery of each capability.

Technical Skills

While the need for technical skills is self-evident in two core capability areas — architecture planning and making technology work — our research evidence indicates that technical skills are important across the spectrum of core IS capabilities. Earl and Feeny refer to the requirement at the CIO level for “a profound knowledge of IT” and the “lengthy apprenticeship in the IS function” common to value-adding CIOs.22 Feeny et al. have found that high-performing relationship builders matched outstanding technical specialists in the length of their IS experience and their achievement in technical aptitude tests. Most business systems thinkers in the sample had a similar profile.23

Even supply management capabilities such as contract monitoring require technical skills and people with substantive IS experience. Closer analysis and interpretation suggests that the common requirement is best captured as “understanding IT capability.” Lengthy immersion in IS enables understanding of the fundamentals and provides a lasting base from which to interpret new developments. Even the technical specialists in our research seem to rely more on their mental models of technology than on formal training in the latest products. The critical step is to reach the equivalent of what Bohn calls the “know why” stage.24 Then someone who is confident of understanding IT capability over time, at whatever level required, can pursue delivery of a core capability.

Business Skills

Significant business skills are a prerequisite for delivering at least five of the core IS capabilities: leadership, business systems thinking, relationship building, informed buying, and vendor development. How then do we explain the predominantly IS people in our research sample who perform so well in these areas? To unravel the paradox, we distinguished between the accumulation of business experience and the capacity for business understanding. We found that building relationships between IS and, say, marketing is dependent not on marketing expertise that rivals that of marketing professionals, but rather on convincing those professionals that you understand their goals, concerns, language, and processes and are trying to help them achieve those goals. Similarly, business systems thinking that stimulates new ideas for managing the supply chain requires conceptualizing and envisioning business processes, not developing detailed command of current minutiae. In this analysis, supported by data from Feeny et al., IS professionals deliver core IS capabilities by exploiting assets that previously enabled their successful IS careers: rapidly absorbing new information, building mental models of how things work (in this case, the business and the organization rather than the technology), and using those models for exploration.25

Interpersonal Skills

In four areas of core IS capability — relationship building, contract facilitation, leadership, and informed buying — interpersonal skills are at a premium. In Figure 2, each of these capabilities appears in the overlap of two or three challenges and therefore represents the need to build bridges between the various communities. Thus contract facilitators must empathize with both business users and service providers and show that they understand and respect others’ concerns and values in facilitating problem solving. CIOs, leaders, and informed buyers have the ultimate challenge of guiding all three communities.

The one exception appears to be the technicians. Although positioned in an overlap, they are not recognized for interpersonal skills. People tolerate the technicians’ awkwardness and tactlessness because they are confident of their ability to make things work. One CIO referred to these people as his Michelangelos; perhaps difficult behavior is accepted and even expected when genius is recognized.

Time Horizons

Another facet is the time horizon appropriate to each capability. For those capabilities embedded in a single circle — business systems thinking, architecture planning, contract monitoring, and vendor development — the emphasis is on identifying and protecting the long-term position: the target business process, the technical architecture over time, and the lasting arrangements with service providers.

By contrast, relationship builders, technical fixers, and contract facilitators must be committed to short-term progress within the constraints imposed by the long-term interests of their colleagues. If technical fixers fail to make technology work quickly, they forfeit the confidence and respect of those they serve. Relationship builders and contract facilitators similarly need to keep things moving. The challenge for CIOs, leaders, and informed buyers is to constantly balance long-term interests against short-term imperatives. According to Earl, simultaneous attention to long-term vision and short-term performance is a matter of survival for CIOs.26

Motivating Values

When Feeny et al. studied a subset of core IS capabilities, they were surprised to find how many of fifty-three people in the study group were multitalented.27 Just under half were seen by their colleagues (managers, peers, subordinates) as excelling in at least two areas. Today’s business systems thinkers or relationship builders were often yesterday’s high performers in making technology work. What had changed over time was their motivation or value set, the challenges that captured their imagination.

The research team for MIT’s Management in the 1990s research organized their findings around a conceptual framework that depicted management processes addressing four elements:28

• Strategy: How does the business currently create value, and how might it create more?
• Structure: How does the organization work, and how should it proceed with the issue at hand?
• Individuals/roles: What are a person’s goals, values, or style, and how can the company ensure his or her support?
• Technology: How does the technology work, and what must the company do to achieve its target?

We see the values embedded in the nine core IS capabilities as various combinations of these elements. For example, successful business systems thinkers are dedicated to strategy and determined to add value. Relationship builders are absorbed by individuals and roles and the element of structure. Informed buyers are intrigued by the interactions of strategy and structure, including the extended structure of the organization’s suppliers.

Table 1 maps the nine capabilities against the skills and values, as they emerged from our research. Each capability requires distinctive skills and drivers. (For two examples, see the sidebars on IS/IT Leadership and Making Technology Work.)

The Domain of Core IS Capabilities

We have found that organizations benefit from relating the IS core capabilities model to their own particular circumstances, priorities, and plans. The companies in our originally distinct research strands have converged. Those concentrated on managing IT as a strategic resource have increasingly recognized that they can constructively engage suppliers from the burgeoning market for IT services without limiting their future ability to exploit IT. Others that have already extensively committed to IT outsourcing have identified the relatively small amount of IS resources required to master supply management and regain the ability to instigate new initiatives. (Figure 3 depicts the typical result of this convergence.)

In the target steady state in which a core IS capabilities model has been implemented, the in-house IS staff people are responsible for pursuing all aspects of policy over time — the overall articulation and promulgation of IT’s role in the business, the development and review of IS/IT sourcing strategies, and the identification and overseeing of best practices in IT management. They may be assisted in any or all these tasks by outsiders with special expertise, who work on the in-house team on an insourcing basis, with in-house management and control.29

This same combination of insiders with core IS capabilities and insourced supporters tackle the crucial first steps of application — the development and maintenance of good business/IT relationships and the vision of improved business strategies and processes that are enabled by technology. Whether they follow through to the resulting systems development, or contract to external providers or non-core resources, will be a function of the nature of those systems — their level of strategic impact and/or degrees of uncertainty in their specification. Finally, in the delivery dimension, there is a limited but crucial role for those with core IS capabilities. They develop and review the required scope and design of IT architecture, with the expectation that external providers will increasingly create the resulting infrastructure and operate the services provided it.

We envision an IS function in which a relatively small number of people with core capabilities protect and maintain the business’s ability to exploit new developments in information technologies (see Figure 3). These people lead the strategic end of the activity through capabilities such as IS/IT leadership, business systems thinking, relationship building, architecture planning, informed buying, and vendor development. They also ensure the effective day-to-day activity of external providers through contract facilitation, contract monitoring, and making technology work. Visually, of course, Figure 3 can be misleading since the majority of resources of the IS function have been engaged in the activities now assigned to external providers — systems development, IT platform construction, and operational services. The picture therefore is one of radical change over time. Whether to migrate the latter services to external providers gradually, or through a few large outsourcing contracts, is just one decision that organizations must make.

The Challenges Ahead

Core IS capabilities are those necessary and sufficient to ensure that an organization can exploit changing markets of technology and services — to achieve business advantage through IT over time. Companies need to do much to implement a core IS capability model.

The most obvious, pragmatic challenge is to understand how best to use the model in a particular context. How does a company translate core IS capabilities into organization structure, job specifications, management processes, and so on? How does it decide how many people are required to deliver each necessary capability? Clearly, the answers to these and other questions are very much a function of the size, shape, nature, and culture of each business, and the drivers of demand for each capability area. For example:

• Whenever there is strategic business leadership, there must be matching IS/IT leadership — a pattern of CIO-type positions in the business leadership structure of the corporation. Proper recognition of the distribution of business and IS/IT leadership is what Rockart et al. call the need to “redesign and manage the federal IT organization.”30
• The necessary number of business systems thinkers will be a function of the number of business development projects (business process reengineering initiatives and the like) active within the organization.
• Every operational unit will need a clearly identified relationship builder who has sufficient time to develop and maintain constructive business/IS relationships within that unit.
• Deployment of the various supply management capabilities must be proactively planned before the organization uses external service providers. Companies should avoid the painful experience of recognizing the substantive needs of supply management only after concluding major contracts.
• Architecture planning will be a central or dispersed function depending on the chosen IS governance policies and what standards are required to support the targeted level of coherence across its business units.

To what extent can a single person deliver multiple core IS capabilities? While some people are multi-talented, others are not. Some, like CIOs, can combine relationship building with business systems thinking. Combinations are particularly problematic if they consist of capabilities with conflicting time horizons or motivating values. A person might find it difficult to be simultaneously interested in both the potential for added value and the technology. Similarly, a contract facilitator’s interest in finding a timely solution to a service problem potentially conflicts with the contract monitor’s concern to avoid setting undesirable precedents. Equally, companies need to address the strategic and operational conflict inherent in the CIO/leadership role, either by outsourcing delivery activities or perhaps by creating a chief network officer, as suggested by Rockart et al.31

Must all core IS capabilities be delivered by an organization’s employees? Is this practical for a small business? It may be possible to achieve at least some of the capabilities by insourcing, in which the delivering individuals belong to external organizations (or other units of the host corporation) but work under the direction, and toward the goals, of in-house management. For example, a highly qualified individual who is neither from the host company nor from its outsourced IT service providers might do architecture planning.

Most critically in the long run, the core IS capability model implies migration to a relatively small IS function, staffed by highly able people. A company must address crucial questions to achieve the transition. What is the route from what may currently be a large IS function, populated mainly by individuals with less exceptional abilities? Having somehow achieved migration, how must the IS function’s culture, structure, career paths, and reward systems be changed if a small number of highly able people are to thrive and prosper rather than get frustrated and leave? And will these arrangements, despite the small size of the IS unit, provide each individual with the scope to properly retain and develop the capability for which he or she is valued?

We see the core IS capability model as a blueprint for sustaining an organization’s ability to exploit IT Despite the many challenges, we suggest that planning for a rather different IS function is a high-priority task. All too often in our case study organizations, we witnessed a reactive rather than an anticipatory approach to IS human resource issues Such a reactive approach becomes ever more deficient as the rates of change increase. If organizations are to contemplate the next decade of technological change with any equanimity, they must design flexible IS arrangements with change in mind.