Defining the Chief Digital Officer Using COBIT 5

The digital revolution’s pace is rapidly increasing, causing numerous disruptions and transformation in more and more industries. A key sign of its growing importance is the rise of a new kind of executive: the chief digital officer (CDO).¹

Discussions around C-level roles are not new. In fact, there is quite a contentious issue around the CDO and the chief information officer (CIO) and plenty of diverging references on both roles.² However, some contend that the CDO can be considered the ultimate realization of a type of CIO—more connected to business, more innovative and able to build relationships across all levels and functions of the organization.

It is still not clear what CDOs are expected to achieve, what their responsibilities are and how they can collaborate with their CIOs.³ The current lack of clear responsibilities of the CDO role and profile also creates some space for eventual conflicts with the CIO when they coexist. Clarifying the two is urgent and required to prevent future problems from occurring.

The responsibilities of the CDO role in the enterprise context can be identified and correlated with the CIO’s responsibilities using the Responsible, Accountable, Consulted and Informed (RACI) matrix from COBIT 5. COBIT 5 provides benefit in this context because it is the only governance framework based in international governance standards (International Organization for Standardization [ISO]/International Electrotechnical Commission [IEC] ISO/IEC 38500) and it draws a clear divide between governance and management.

Context

The digital world is changing rapidly and profoundly. Now more than ever, digital transformation (DT) plays a critical role in corporate strategy. DT encompasses a wide range of tasks and activities that are complex, cross-functional and interdependent, making it increasingly difficult for the CIO.⁴

Because organizations need to assign and spread managerial responsibilities adequately across top managers to ensure successful DT, a new generation of C-suite executives has emerged, including the CDO. Researchers suggest the CDO and the CIO not only collaborate closely, but also have a symbiotic and interdependent relationship.⁵

However, the ambiguity and contention that surrounds the definition of the CDO’s role persist. In particular, there is controversy between the CDO and CIO roles, which leads to internal difficulties in the organization, with an obvious impact on its ability to adapt to an increasingly unpredictable and demanding world.

Analyzing the differences between these two roles based on COBIT 5 draws a new vision of the responsibilities assigned to each role. The evaluation conducted through a user opinion study not only provided a positive evaluation of the proposal, but also resulted in valuable input for further work.

Research shows that the CDO’s primary responsibilities are those related to ensuring value optimization and stakeholder communication.

CIO vs. CDO

In the mid to late 1990s, the CIO was a senior executive who was able to understand new technologies and how to apply them to the business strategy. They were the link that intermediated the relationship between business leaders and the IT department.⁶

Meanwhile, a phenomenon was emerging: globalization. IT managers were faced with new challenges and, though IT had become better aligned with the business, IT executives needed to conduct rigorous analyses of return on investment (ROI) and make complex decisions. Moreover, significant technology expenditures needed to be justified. Naturally, not all CIOs were at ease with this challenge; the IT function demanded a leader who was able to understand the increased complexity of business and how to interact with the IT strategy, business strategy, risk management and finance.⁷

At this point, the future of CIOs began to be questioned. “CIOs who do great things in leading IT soon gain extra responsibilities. By helping business leaders to improve their businesses, the CIO becomes an obvious candidate to fill any open role that involves technology, process, or strong governance.”⁸ However, many new challenges, such as brand synergy, were new for the CIO.

Consequently, a growing number of organizations have introduced an additional position into their managerial grid—the CDO. An initial conceptualization of the CDO’s position suggests that its primary responsibilities are the strategic and communication aspects of DT, and, if the CDO and CIO positions coexist, the CDO should closely collaborate with the CIO. The CIO, in turn, deals with the technical aspects of DT. This means that, although the roles/responsibilities of the CDO and CIO are different, their relationship can be symbiotic and interdependent.⁹

Researchers identified four distinct CDO role types (digital innovator, advocate, evangelist and coordinator) and assessed the implications for the CIO role in the context of DT. In this research, the four distinct CDO role types are primarily determined by the CIO’s role orientation and the perceived implications of digitalization.¹⁰

Proposal

Now that DT is sure to reach every organization, it is important to note that governance is essential for successful DT.¹¹ To differentiate between management and governance, one researcher associates governance to the context of change or transformation. Thus, governance guides developments that lead to a new (or partly new) organization that needs to be managed.¹²

A set of responsibilities is proposed for the emerging CDO role for the governance of DT and an adjustment of the CIO’s responsibilities in the new context. This proposal is based on two fundamental principles: simplicity and ease of use. Hence, it is relevant to use well-known and extensively accepted frameworks. This is made possible by using the RACI matrix from COBIT 5.

To identify the responsibilities of the CDO and CIO within the enterprise context, the RACI matrix is used. COBIT 5 already identifies responsibilities for the CIO in its 37 processes. COBIT 5 describes the responsibilities associated to the key practices that make up each process as a RACI matrix.

The COBIT 5 framework can be considered to be in line with the governance of DT since COBIT 5 was designed for IT governance with a specific goal of aligning IT with the business and, subsequently, to generate value to the organization. Moreover, COBIT 5 makes a very pragmatic distinction between governance processes and management processes—a positive aspect in change/transformation and, more specifically, in DT.

Considering the concept of the CDO as the manager of digital transformation enables a conclusion that this role should be grounded in governance principles. Governance provides direction. Management provides operations. This leads to a vision of the role of CDO as a bridge between IT and the business (figure 1).

As explained, the CIO’s responsibilities are reassessed should the role of the CDO be introduced in the organizational context.

Given the premise that derives from the concept of governance as the functional area that manages change and transformation, and considering that the CDO’s role is, by definition, DT management, only the governance processes under the COBIT 5 framework have been studied: EDM01 Ensure Governance Framework Setting and Maintenance, EDM02 Ensure Benefits Delivery, EDM03 Ensure Risk Optimization, EDM04 Ensure Resource Optimization, and EDM05 Ensure Stakeholder Transparency.

With the introduction of the new CDO role, the new proposed distribution is shown in figure 2.

This proposal is based on the following basic vectors:

• The CDO is responsible for the governance processes.
• The responsibilities of EDM04 are shared by the CDO and the CIO due to the direct link with the infrastructure management responsibilities of the CIO.
• Both roles are responsible for evaluating the benefits since this activity requires both perspectives, from the business and deep IT knowledge.
• Both roles share the responsibility of evaluating and monitoring risk management, owing to the wide scope of the source of risk.
• Although the CIO is no longer responsible in all remaining activities, the CIO should be consulted except for directing and monitoring the stakeholders’ communication. This is for two reasons: This is a CDO core activity, and the CIO should not duplicate efforts, instead concentrating on his or her core activities.

This proposal gives the CDO stronger responsibility on the three processes EDM01, EDM02 and EDM05. It further grants shared responsibility with the CIO on the remaining two processes: EDM03 and EDM04.

Evaluation

Given the controversy of this topic, the assessment of the proposal was gathered via a user opinion study.¹³ Not only was it important to obtain a proposal assessment, it was also critical to understand how the community closest to the topic sees the CDO and the CIO roles.

Fifteen people replied to the questionnaire, all senior professionals in their line of work, with an average career span of approximately 22 years. As for geographic diversity, 13 of the respondents are Portuguese, one is Brazilian and one is Dutch. It should be added that in the Portuguese group, three respondents work abroad in several countries at the same time. The organization types of the respondent group are also mixed: Five are in public service and 10 are in private institutions. In terms of area of job functions, the respondents include four chief executive officers (CEOs), three digital professionals, three academicians and five working in information and communication technology (ICT).

The questionnaire was designed to be self-explanatory and contained five sections: the respondent’s characteristics, views on the topic, general proposal assessment, detailed proposal assessment, and identification of three functions and three characteristics associated with the CDO and CIO.

The questionnaire had three types of questions: multiple choice, open ended and scaled (graded on a scale from 1 to 10, in which 1 = Completely disagree and 10 = Completely agree). This last group contains the most relevant component of the proposal assessment: the responsibilities assigned to each role (figure 3).

The analysis of the results shows some interesting conclusions.

Digital professionals are, in general, more supportive of the proposal, while those more connected to ICT are, in general, less supportive. The reason for this is the growing controversy that the role of the CDO is a threat to that of the CIO and the sense of rivalry between these two roles that transpires from the media.

In one of the questions, respondents were asked to list three characteristics for each profile. Although they are described differently, there is a convergence of opinions from which the following stand out:

• CDO profile—Business-oriented, leadership skills, visionary, higher risk profile, strategic thinking, strong relationship builder, problem-solving attitude, reward assessment capabilities, innate design/lean thinking
• CIO profile—IT-oriented, focused, detail-oriented, results-oriented, collaborative, tech savvy, business supporter, ability to execute on change, ability to translate strategy into execution, technical leadership

This shows how these two roles require substantially different characteristics.

Regarding the functions exercised by the CDO and the CIO, one of the questions was to list the main three functions. The following are worth noting:

• CDO functions—Define the digital strategy/vision, align/converge the digital strategy with the corporate strategy, create a digital culture in the enterprise, disrupt, transform to digital, change management
• CIO functions—Implement IT projects, build IT strategy, change management, establish a technologic landscape that incorporates future business needs with less impact, ensure time to market, ensure an adequate IT governance framework

Despite all the controversy that the proposal assessment raises, it is rather positive overall.

Figures 4 and 5 show the assessment average scores obtained for the CDO and the CIO, respectively.

The results in figure 6 show a higher agreement on the responsibilities of the CDO in the processes regarding value optimization, stakeholders’ communication and the governance system, in line with the previously stated conclusions about the CDO’s primary focus on strategic and communication aspects.¹⁴

In short, the results of the questionnaire show that the COBIT 5 RACI matrix can be a very important tool in defining/redefining both roles in the organizational context of DT. Indeed, its formulation can lead to a rethinking of the current situation. What is clear from figures 4 and 5 is that the agreement on the CIO’s responsibilities is lower when the responsibility shifts from R (responsible) to C (consulted) or I (informed). In the case of the CDO, which is responsible (R) for all processes, the clear disagreement falls on the EDM04 process. Interestingly, though, this process was proposed with shared responsibility by the CIO, and it was precisely in this process that the CIO achieved the most in-sync answers.

Conclusion

Clear roles at the C-level are essential to boost the enterprise’s capabilities in times of disruption.

The research described here, particularly the responses of practitioners who participated in the proposal assessment, shows that using the RACI matrix to define the CDO’s and the CIO’s responsibilities is quite feasible and, above all, very useful to clarify the boundaries between the two roles. The overall scores for both proposals were very positive: 7.62 for the CIO and 7.96 for the CDO, on a scale of 1-10 points.

This study focused solely on the CDO and CIO responsibilities in the context of the COBIT 5 governance processes. The first major proposal evaluation findings were that most people find it difficult to clearly distinguish between governance and management.

This difficulty implies that their functions/activities, objectives and required skills are not evident. It is, therefore, more difficult to understand the reason for the predominant connection between the CDO and the governance processes and the CIO and the management processes.

On the other hand, the responses to the study showed that it was easier to understand the connection between governance and transformation.

It was also clear that although the management processes were not the subject of this study, they should also be reviewed. Though the predominance of responsibilities of the CIO role at this level is more predictable, this is not to say that in some processes responsibilities could not be shared, in particular: APO02 Manage Strategy, APO04 Manage Innovation and APO08 Manage Relationships.

It is important to stress that this study is still taking its very first steps, and it takes more than qualitative studies to consolidate the findings on this topic. It will be useful to understand these findings if frameworks of digital enterprise governance emerge and determine how both roles will be addressed by the community of practitioners.

Authors’ Note

Opinions expressed in this article are the authors’ own and do not necessarily represent the views of any entity.

Endnotes

¹ Friedrich, R.; P. Peladeau; K. Mueller; “Adapt, Disrupt, Transform, Disappear: The 2015 Chief Digital Officer Study,” Strategy&, 13 December 2015, https://www.strategyand.pwc.com/reports/chief-digital-officer-study
² Rickards, T.; K. Smaje; V. Sohoni; “‘Transformer in Chief’: The New Chief Digital Officer,” McKinsey & Company, September 2015, https://www.mckinsey.com/business-functions/organization/our-insights/transformer-in-chief-the-new-chief-digital-officer
³ Horlacher, A.; T. Hess; “What Does a Chief Digital Officer Do? Managerial Tasks and Roles of a New C-Level Position in the Context of Digital Transformation,” Proceedings of the 49th Hawaii International Conference on System Sciences (HICSS), 2016, https://ieeexplore.ieee.org/document/7427821/
⁴ Ibid.
⁵ Ibid.
⁶ Groysberg, B.; L. K. Kelly; B. MacDonald, “The New Path to the C-Suite,” Harvard Business Review, March 2011, https://hbr.org/2011/03/the-new-path-to-the-c-suite
⁷ Ibid.
⁸ Westerman, G.; “Should your CIO Be Chief Digital Officer?” Harvard Business Review, 2 August 2013, https://hbr.org/2013/08/should-your-cio-be-chief-digit
⁹ Op cit Horlacher and Hess
¹⁰ Haffke, I.; B. Kalgovas; A. Benlian; “The Role of the CIO and the CDO in an Organization’s Digital Transformation,” 37^th International Conference on Information Systems, Dublin, Ireland, 2016, https://www.researchgate.net/publication/311653140_The_Role_of_the_CIO_
and_the_CDO_in_an_Organization’s_Digital_Transformation
¹¹ CapGemini Consulting, “Governance: A Central Component of Successful Digital Transformation,” 2012, https://www.capgemini.com/wp-content/uploads/2017/07/Governance__
A_Central_Component_of_Successful_Digital_Transformation.pdf
¹² Hoogervorst, J.; “On the Realization of Strategic Success—A Paradigm Shift Needed: Enterprise Governance and Enterprise Engineering as Essential Concepts,” 2012, www.ciaonetwork.org/uploads/eewc2012/industry_track/Jan%20Hoogervorst%20-%20On%20the%20Realization%20of%20Strategic%20Success.pdf
¹³ Pries-Heje, J.; R. Baskerville; J. Venable; “Strategies for Design Science Research Evaluation,” European Conference on Information Systems, 2008, https://pdfs.semanticscholar.org/e203/0059956910d434e634e43271543dbc98da28.pdf
¹⁴ Op cit Horlacher and Hess