CIO Leadership, Cloud

5 secrets every CIO should know about being a successful broker of services

Blog-post by,

Several years ago, I had a discussion with David Cannon, the author of the ITIL Service Operation and ITIL Service Strategy books. “Myles,” he said to me, “everything we do now is about the business service.” For some time, those of us within the IT management industry have been suggesting that cloud and other disruptive technologies have fundamentally changed the CIO’s role into that of a services broker.

So, how do CIOs and their teams effectively manage services when they are no longer solely responsible for creating and delivering everything in their portfolio? I think it’s no different than a marketing department deciding to use channel partners in addition to its direct sales force. IT remains responsible for the quality of what’s delivered, and the buck still stops with the CIO (apologies to Harry S. Truman).

How should you judge management quality in a service broker era? COBIT 5 offers an overarching goal—to minimize the risk associated with internal or external suppliers and ensure competitive pricing throughout—as well as 5 secrets (process goals) for being a successful broker of services.

Goals for the Service Broker Era

Let’s explore each goal along with COBIT’s recommended metrics to understand how they can improve IT management.

1.                  Delivery of IT services in line with business requirements. Regardless of whom implements IT services, you and your operational leadership still own them. This means to mean that you need to actively measure the performance of services and you need to only pay for the quality of services delivered. COBIT recommends three metrics to measure success: number of business disruptions due to IT service incidents, percentage of business stakeholders satisfied that IT service delivery meets agreed-on service levels, and percentage of users satisfied with quality of IT service delivery. Simply put, how often are there business disruptions and what is the perception of quality of delivery? You do not want to experience what psychologists call cognitive dissonance, where reality and perception are at odds with each other. These are not only really good KPIs to measure your outside service providers against, but also to measure yourself against.

 2.                  IT agility. As mobility and social media have effectively changed how firms compete, agility is clearly becoming critical to effective IT management. Mobility and social media have effectively changed the way that firms compete. And if you buy Alvin Toffler’s The Third Wave, the pace of change is only going to accelerate. At first blush, this may not seem important to IT organizations, but if change is accelerating for the business as a whole and IT owns the keys to the enterprise’s capability system, then this means that IT needs to be able to operate faster than ever. This means, to paraphrase Geoffrey Moore in Dealing with Darwin, IT organizations need to determine what is core (supports their enterprise’s capability system) and what is context (all other processes). And for context, IT needs to get it managed effectively by outside service providers so IT can respond more effectively to the things that drive corporate differentiation and impede commoditization to the corporate capabilities system.


COBIT 5 recommends three metrics for IT agility: level of satisfaction of business executives with IT responsiveness to new requirements, number of critical business processes supported by up-to-date infrastructure and applications, and average time to turn IT an objective into an agreed-on and approved initiative. These, in my mind, are perfect metrics. If IT is relevant, business executives see it as responsive to new and evolving requirements. In addition, IT is managing to keep things running with the latest infrastructure and applications. There is a bathtub curve of performance—the older the infrastructure becomes, the more frequently it fails and the more expensive it becomes to maintain. And finally, the proof of responsiveness is the pace of initiative creation.

 3.                  Suppliers perform as agreed. Once again, IT does not lose responsibility for performance once suppliers have been selected. You continue to own responsibility. COBIT recommends two metrics to measure success here: percentage of suppliers meeting agreed-on requirements and number of service breaches to IT-related services caused by suppliers. Just as you should in your own department, you should actively measure performance against service agreements and track breaches caused by supplier-run services.

 4.                  Supplier risk is assessed and properly addressed. Obviously, potential suppliers should have their risk considered and addressed. Three metrics are recommended: number of risk-related events leading to service incidents, frequency of risk management sessions with a supplier, and percentage of risk-related incidents resolved acceptably (time and cost). These metrics should be measured monthly—weekly at the beginning of a relationship—and should be compared where possible among vendors and benchmarked.

 5.                  Supplier relationships are working effectively. This is an ongoing process that needs to be actively measured by IT. Three metrics are recommended to measure success against this: number of supplier review meetings, number of formal disputes with suppliers, and percentage of disputes resolved amicably in a reasonable time frame. As with a new car, you need to find out quickly if you have a lemon supplier and not hang on too long.

So where should you start?

As always, my suggestion is that you start where the most immediate value can be driven. If it were up to me, I would start with No. 1: delivering IT services in line with business requirements. Make sure that services are being delivered as expected first. I think of this as really the first level of control. What do you think? What would be first on your list? I would love to hear back from you.

 Related links:

Blog post: Making COBIT 5 part of your IT strategy

Solution page: IT Performance Management

Twitter: @MylesSuer

(2) (2)

Would you like to comment on this content? Log in or Register.
Myles Suer 154 Points | Tue, 03/05/2013 - 17:40

John and Warren,

I agree that channel partners are different. What I was trying to say is that when you trust your implemention to others, you are still responsible for the strategy and measuring and managing against it. Too few IT organizations active do this. With this said, I do need to discuss the points that Warren brings up. I agree that everything needs to start with corporate strategy. And there is more to corporate strategy than what COBIT suggests with the broker of services concept. At HP, we provide a balanced scorecard to enable across the board measurement of IT. With this said, I still believe that IT is among other things responsible for measuring and managing the quality of services and initiative delivery and this includes the quality of existing vendors. Does this make sense to you?

John Dodge 1535 Points | Tue, 03/05/2013 - 19:18

Yes, what you say makes sense. Where services have been deemed the best option in support of the corporate strategy, then all your points are right on...

John Dodge 1535 Points | Tue, 03/05/2013 - 15:18

I think there are substabntial differences between a company using channel partners and company using IT services. The biggest one is service providers - cloud vendors for example - are in charge of the quality and reliability of those services. Often channel partners with the exception of value added-resellers are passing through the same product as the company would sell directly. There are similarities, too, but IT service providers wield a lot more influence (and can do lot more damage) than the vast majority of channel partners.

The IT services company is integral partner. Channel partners can come and go without a whole lot of damage. 

Warren Burns 11 Points | Tue, 03/05/2013 - 13:45

Where is the concept of IT being a valuable contributor to business growth?  Why are all of these points so services oriented?

A CIO is a creator of business services, even the least of them should be a faciltator of new capability.

A CIO who knows that he can make an impact to a companies performance is a bigger secret than "You can provide IT services just like you were asked to".

Find your COBIT book and tear half the pages out of it.  It doesn't matter which half, you will still end up better for the experience.

You are never going to get a seat at grown ups table until you can be seen as a contributor to and influencer of business strategy.


ooh - I just noticed that Doug has leapt in on my behalf: Go doug go!



Doug Goddard 123 Points | Mon, 03/04/2013 - 15:00

I would start with a thorough assessment of corporate strategy and the Board's understanding of IT Governance. Is there a strategy? Does it consist of more than just a vision statement? Are there cobwebs on it? Does it identify desired customer outcomes and the metrics for measuring progress? Are the key patterns and business processes that define competitive positioning identified? With respect to Governance I would like to know if the Board believes IT Governance is their responsibility. How do they view IT, as a cost center or a strategic asset? Are they committed to making investments in better Governance and Transformation? Are they willing to be the face of change?


Depending on those 2 assessments I would either start to work on a Service Strategy or dust off my resume.

Myles Suer 154 Points | Mon, 03/04/2013 - 17:35

I agree completely. In a few weeks, I plan to cover what COBIT 5 suggests in the area of governance as well.