Anatomy of Reform
Anatomy of Reform
How did Heisen do it? (See "CIO Roadmap".) She spent most of her first year on the job traveling to J&J's dozens of businesses just to figure out what was wrong. What she found was that the IT organization she inheritedor more accurately, IT organizations, since 150 of the business units had their ownwas in no position to resolve CEO Larsen's complaints. Benchmarking revealed that Larsen had been right about the costly downside of J&J's fragmented approach to things: J&J had been spending more than the industry average of 30 percent to 40 percent of its IT budget on infrastructure. Cultural differences also created formidable barriers. Earlier attempts to standardize often backfired, says Richard Wasilius, vice president of corporate information management: "Each time someone tried it in the past, there was a sense that somehow there had been an unannounced power shift to corporate. Trying to jam it down people's throats doesn't work at J&J."
So Heisen knew she needed to move slowly. First, she phased out the most change-resistant staffers and hired more business-savvy recruits. She trained all of her IT staff to think more broadly about how their efforts could better serve corporate business interests. Through Leadership 21, a program she created, tech staffers were required to solve real-life business problemsunder the tutelage of several top business managers at J&J. "We'd work well into the night," says Curt Selquist, company group chairman for J&J's Medical Devices and Diagnostics Group, one of three J&J business divisions. "We worked hard to give honest assessment and feedback to those employees," he said, and to flag Heisen when some staffers weren't working out. To further underscore IT's new mission at J&J, Heisen began promoting only those people both skilled at IT and good at communicating with business managers.
Next, Heisen set out building cross-corporate support for change. Originally, she hoped to create a single, centralized strategy, but soon realized that only a federalized approach would work. "We were too complex and independent from one business unit to the next to devise one strategy," Heisen recallsand complicated, technology-wise, with thousands of applications and legacy systems. "We had a lot of history. We weren't like a Cisco or a Dell, which starts out with a green field," Heisen says.
It also became clear early on that long-standing relationships and turf battles would loom large unless she could get both business and IT behind common goals. So she began managing upand down. First, she convened a meeting of 70 of the most senior IT people representing most of J&J's global business units and asked them to talk, for the first time as a group, about what they wanted IT to look like two, three, five years down the roadand how they could help give a competitive advantage to J&J businesses. Simultaneously, she and her executive staff met with J&J board members, and the presidents and senior managers of J&J's business units to hear their complaints and wish lists for change. The key question she asked: "Tell us how you see your businesses going and how IT will enable that," Heisen says. "We made sure the business side knew from the start that what we were attempting was to create an IT strategy for the business. We didn't want a tech strategy for the techies."
During those early gripe sessions, Heisen got an earfulbut few surprises. "The business side felt that in the past, IT didn't understand the business," Heisen says. They wanted reassurance, she says, that a data standard would be driven by business needs"not simply because a technologist somewhere thought it was cool," Heisen says. Eventually, her team chose six bedrock "business imperatives" that relied critically on information technology. Included: the need for J&J to globally manage its "franchises" in areas such as wound care, where multiple J&J companies together had a significant market share and expertise. Additional goals included cutting duplication and waste, boosting customer service, speeding product time to market, improving ties with new business partners and igniting innovation. The next question: Which technology strategies would J&J need to support these six business imperatives?
After much negotiation with the business side, Heisen's problem-solving groups settled on 10 business-IT priorities: data-sharing, infrastructure, human resources, information security, technology applications, knowledge exchange, e-commerce, purchasing, governance and finance. Each now would be seen as a separate "chapter" in J&J's corporatewide strategy. But what should each of the "chapters" be able to deliver? Again, Heisen told her IT staff to get input from the business side.
Heisen then set up 10 task forces, one for each chapter, and put a senior IT executive in charge of eachwith all of the top 10 execs reporting directly to Heisen. Hundreds of senior IT staff from around the world were invited to participate in those early task force discussionsand did. The groups met repeatedly and, after a span of months, each urged specific changes.
The result? A management stew of centralized and decentralized approaches to managing change. The groups decided, for example, that security should be managed more centrally than, say, R&D.
Ditto for infrastructure, for the most part. There, standardization could occur without crippling its businesses, it was decided, so all of J&J was put on one desktop operating system, Windows 2000, and one organization, Network Computing Systems, was later put in charge not just of operating J&J's mainframes, networks and a few distributed computing functions, but of the company's entire IT infrastructure.
In each case, autonomy was consideredand granted, as long as the unit was able to prove that local control over a particular de-cision would best serve the corporation as a whole, either financially or creatively, or both.
But the task forces working on applications, data standards and governance had a tougher time negotiating a balance between centralization and decentralized control over technology and how it would be used at J&J. Questions abounded. How widely should a particular ERP system or a data definition be used? When should an individual business go its own way, and when must it adopt a standard application? And how broadly should that application be standardizedby group, franchise, geographic region? And who should be involved in making those decisions?
To help keep it all sorted out, Heisen created color-coded labels. Red, for example, means that all operating companies within a group, like pharmaceuticals, for example, must adopt a particular standard. Yellow means a standard must be adopted across each of J&J's 195 operating companies worldwide. Blue means it must be a standard for all J&J businesses in a given geographic region, and so forth.
And when arguments broke out? Committees made up of the heads of affected business units were formed to make the final calls. Jean Fowler, group CIO of J&J's medical devices and diagnostics unit, recalls that many hours of "very serious" discussions took place before the data task force decided that all of the businesses in her unit had to adopt common data codes. "There are very few mandates at J&J," Fowler says. But, she says, "this was a mandate."
Heisen's project is on track to be finished by late 2003, and insiders expect technology strategy will now be an ongoing, iterative process at J&Jwith no end in sight to new levels of business-IT initiatives and cooperation. Next year, for example, J&J managers are hoping to build a de facto "private trading exchange" for its data, a central point where different J&J business units and applications can share information.
The Role of Standards in Cloud Security
Security is often cited as a primary cause for concern...Watch Now
Ensuring Resources for Mission Critical Workloads
Application workloads can thrive in cloud environments,...Watch Now
Improving Security in the Public Cloud
One of the main concerns about moving data to a public...Watch Now