When J&J's CIO signed on in 1997, she was told by higher-ups that she had a single mission: "Fix it," Heisen recalls. "They told me, 'We can't tell you what's wrong; we just know it's wrong.' " Heisen accepted the challenge, and five years later, she's still problem-solving, using IT to stitch together a common view of the companyand a way to manage itthat centralizes some data and systems and keeps other technology local. Her mission: to cut J&J's IT costs by $50 million per year by 2003 and align the IT organization with business strategies while acknowledging the decentralized culture of the company's 195 business units in 51 countriesall against a backdrop of economic uncertainty. CIO Insight Executive Editor Allan Alter chatted with Heisen recently about her work at J&J.
CIO INSIGHT: You began as CIO with a tough mandate.
Heisen: They didn't tell me what I had to do. They simply said: 'It's broken.' Before I took the job, we often had network outages and e-mail going down for hours at a time. There was a general recognition that the IT department was not responsive to the businesses. Management also felt IT was costing them too much. The question that hit me immediately was, 'Okay, how much are we spending on IT?' But even that took a year to figure out. No one before had asked how much we were spending on each piece of our business.
How did you figure it out?
I asked each unit to prove the value of IT to the business. Then, I asked people inside J&J who depend on technologyand who implement itto tell me what they wanted and needed. I let them tell me what their business issues are, then began to see how we would develop the technology strategy to assist them. From the beginning, we wanted to make sure we were doing IT in support of the business. I was a business person before I became the CIO. I wasn't going to turn myself into a techie, but convert my IT people into business partners.
What did they tell you?
They didn't tell us what technology to use, but they did tell us what the problems were. I set up 10 task forces to come up with recommendations for change. Many of these groups are still working together.
The immediate goal was cost-cutting?
In some areas. Now, for example, requests for new applications must first be approved by a strategy group that oversees business process application strategy. Each operating company can no longer develop new apps without approval from this group first. In Europe, there were 11 different J&J companies working on 20 new technology applications, five of them for bar-coding alone. Do you know how costly it is to maintain five bar-code apps for five to seven years when one or two will do? We are moving aggressively to optimize our infrastructure assets around the world.
But aren't there some areas, like security, where you want more centralization?
Yes. You can't let groups, franchises and locals make decisions on security. We also decided to have corporatewide standards for servers and desktops and laptopsand for operating systems, depending on what businesses you are in. And there are some things you can suggest that everyone do, but realize that when it comes time to do them, they can be done in different ways by different businesses. How you run drug research is different from selling baby powder. You have to design for the right balance between corporate and local control.
Early on, there was fear among some company insiders that you'd attempt to completely centralize IT for all of J&Jimposing, in effect, a single way of doing things throughout the company. You didn't do that. Why?
When I gathered the facts and data, and recognized the decentralized culture of the organization and how complex J&J is, with its 195 operating units, I decided that J&J was really not in a position to have one system. Having been established more than 100 years ago, we are not like Cisco or Dell, for example. J&J had already invested significant dollars in IT. And after discussions with 70 of the company's most senior IT people, it became clear that one size would not fit all. So we decided to standardize what we could and make the businesses prove to us why some areas should be exceptions. We're still in the process of doing that.
The Role of Standards in Cloud Security
Security is often cited as a primary cause for concern...Watch Now
Ensuring Resources for Mission Critical Workloads
Application workloads can thrive in cloud environments,...Watch Now
Improving Security in the Public Cloud
One of the main concerns about moving data to a public...Watch Now