Five IT Questions Presidents Should Ask Their CIOs

Amid an abundance of high-profile discussions about MOOCs, big data/analytics, the disruptive impact of technology on traditional educational models, and "The Next Big Thing," basic issues of campus information technology seem to be getting lost. Unless presidents have a fundamental understanding of such issues, they will find it difficult to collaborate with their CIOs and ensure that their institutions are taking full advantage of IT opportunities while avoiding costly pitfalls. To provide a framework that presidents and CIOs can use to discuss technology, we queried a number of presidents, CIOs, and other institutional leaders and identified the following five basic IT questions that presidents should ask their CIOs.

1. Do we have the right approach for IT decision-making?

As competition for financial resources increases, the importance of making wise investments in technology increases as well. Yet key strategic IT decision-making often flies below the radar of presidents, senior officers, and institutional governance processes. As Brian Hawkins and Diana Oblinger pointed out: "Hiring a CIO does not take technology off the plates of . . . senior leaders. . . . Senior campus officers must take responsibility for overseeing the systems that manage the information assets in their domains of responsibility and for working with each other and with the CIO to maximize the institutional effectiveness and efficiency in using technology."¹ The challenge for many institutional leaders is understanding how to work with CIOs and technical staff to distill the pros and cons of significant IT investments without becoming mired in technical jargon or distracted by media hype. Achieving effective shared governance for information technology requires regular communication about strategic impacts of technology, transparent cost-benefit analyses, and a clear sense of how technology can support (or impede) institutional priorities.

In recent years, CIOs have identified IT governance as one of their top concerns. Efforts to establish effective governance structures and to align IT initiatives with institutional objectives—as defined by senior officers, faculty, and others— frequently fall short. While board members would likely be uncomfortable leaving a decision about a building project in the hands of one individual, should they be any more comfortable leaving a decision about a critical IT strategy in the hands of the CIO alone? Some boards address this issue by including technology in their committee structures. More commonly, however, trustees monitor technology initiatives through periodic CIO briefings and discussions of reports from campus-wide technology planning committees.

2. Are we paying sufficient attention to technology risk?

News headlines about data breaches have become all too familiar.² In addition to the outright cost, such events can inflict damage on sensitive relationships with alumni, parents, donors, and others and can negatively affect the general reputation of the institution. In addition, data breaches are but one form of IT risk. Other risks include interruptions in business operations, loss of critical data, failure of curricular technologies, and ineffective electronic communications. Although colleges and universities have become increasingly sensitive to a wide variety of financial, legal, and reputational risks, those arising from technology are often overlooked. Given the pivotal role that technology plays in recruitment, financial operations, external communications, advancement, records management, instruction, research, safety, and other vital activities, higher education institutions must integrate IT risk management into their overall risk profile. Even a single incident of data loss, unauthorized access, or extended system downtime can trigger major problems.

Mitigating IT risk can be expensive and may interfere with efforts to be innovative and nimble. Balancing risk management with productive and cost-effective uses of technology poses a complex challenge, especially for small colleges. The following are some additional questions presidents should ask: Is IT risk included in overall risk management programs? How good are we at assessing IT risk, and how effective are our mitigation efforts? Do we have an agreed-upon list of critical systems and processes, and have we identified the risk associated with each? Do we have contingency plans in the event that critical systems become unavailable? Do we have explicit and regularly tested procedures for business continuity and disaster recovery? Do we have policies and practices to address sensitive, confidential, and legally protected data?

3. Are we being strategic in our use of technology?

IT innovation should always be considered within the context of institutional goals—as an integrated component, a facilitator, and in some cases, a catalyst. Evaluating the proper level of IT innovation for a college or university is really an exercise in determining specific ways in which technology can advance specific curricular or administrative efforts. Technology innovation outside of such contexts—whether prompted by peer pressure, media hype, or fear of "falling behind"—is nearly always a bad idea.

IT innovation can give a college or university a competitive advantage in many different areas. For example, an institution that uses powerful data analytics may gain an edge in student recruitment and retention, financial aid modeling, and budget planning. Similarly, an institution that makes sophisticated use of innovative data analysis and visualization technologies in the sciences and social sciences may be able to offer students a richer set of learning opportunities than one that relies on older, less-engaging methods.

The following are some additional questions presidents should ask: Where are we on the IT innovation spectrum, and where should we be? How can we enhance or accelerate our pursuit of institutional goals through innovative uses of technology? Are there specific curricular areas that can be strengthened with an emerging technology? How do we decide which innovative trends to avoid? Are there peer institutions, vendors, consortia, or other partners we can enlist to strengthen our adoption of innovative technologies? How nimble is our IT organization in helping us pursue technological innovation?

4. How do we know we are using our technology effectively?

The management guru Peter Drucker famously asserted: "You can't manage what you don't measure." This is certainly true in information technology. Deciding on acceptable metrics, benchmarks, and definitions of quality and reliability for core IT services creates a framework for understanding how well a technology is performing given the relative level of investment made by the institution.

There are many tools for measuring IT quality and many sources for benchmarking, such as the comprehensive Core Data Service that EDUCAUSE provides for its membership.³ Whether an institution uses these sorts of tools or devises its own methods for assessing the efficacy of its IT resources and services, it needs to undertake regular technology reviews and share this information with institutional leadership.

Good decisions about strategic uses of technology require solid data regarding IT resources and IT service delivery. Presidents and other institutional leaders should expect to see the results of IT assessments and should be briefed regularly about both current and upcoming IT projects. They should be advised about resource improvements and areas of concern, opportunities for exploiting new technologies, and the status of the institution's information technology in comparison to that of peer and aspirant institutions. Most importantly, they should expect to see evidence that the institution's investments in technology are contributing to teaching, learning, research, administration, and other activities.

5. How can we best support the teaching and research needs of our faculty?

Ultimately, the ability of higher education institutions to maintain the highest quality of practice in the face of unprecedented change depends on the ability of faculty to experiment with new pedagogical strategies (technological and otherwise) and to share with colleagues their insights into what they find most effective. Whether online, in the classroom, blended, or in some not-yet-imagined model, institutional leaders need to plan for and support faculty development in the use of technology. They should provide IT information and training in efficient ways to help faculty exploit technologies that may be useful and avoid wasting time grappling with technologies that may not be. They should encourage IT support staff—librarians, academic technologists, and research support staff—to discuss creative strategies and best practices with those both inside and outside the institution.

The following are some additional questions presidents should ask: How do we ensure that students are graduating with exposure to the IT skills, methods, and tools they will need in order to be successful in graduate school or their profession? Do we have the culture and structures (including funding) to support the development of new ideas and experimentation? Do our faculty and technology support staff have access to information about new and emerging technologies relevant to their disciplines? Can we achieve better collaboration, internally as well as externally, by making better use of technology? These questions need to be raised within a complicated faculty ecosystem, taking into account the challenges of faculty governance, the diverse needs of faculty along a spectrum of interests and expertise levels, and a landscape of growing demand for—and equally growing resistance to—outcomes-based assessment.

Conclusion

Our selection of these five questions—in the areas of decision-making, risk management, strategic value, effectiveness, and faculty development—is driven by core IT issues for all colleges and universities, whether public or private, large or small, focused on research, liberal arts, or vocational training. Just as there are no cookie-cutter strategies that will define the future of our institutions, there are no one-size-fits-all answers to these IT questions. One institution's best practice may be another's worst nightmare. But presidents and other senior leaders who actively discuss key IT issues with their CIOs will be in the best position to lead their institutions safely through the technological upheavals (and opportunities) that lie ahead.

1. Brian L. Hawkins and Diana G. Oblinger, "The Myth about CIOs," EDUCAUSE Review, vol. 40, no. 1 (January/February 2005), p. 12.
2. Dian Schaffhauser, "Higher Ed Data Breaches at Near-Record High in 2012," Campus Technology, March, 21, 2013.
3. See http://www.educause.edu/research-and-publications/research/core-data-service.