“I think in our business, meeting higher customer expectations and staying focused on that all of the time will ultimately serve your shareholders.”
The CIO Forum: The Changing Face of Energy I.T.
Budgets are expected to increase, even as new IT challenges present themselves.
to serve the business better and invest more.
A good example is nuclear. That’s an area where we weren’t doing a lot in IT, but now, certainly with the incentives in the nuclear industry, we’re more bullish and are starting to invest more in IT as well, in anticipation of growing that business. Wind is the same way. If we didn’t extend the credits for the wind business, we wouldn’t be putting in any ERP.
Fortnightly: How has your role as CIO changed in the past year, and how might it evolve in 2006?
JS: Mine has changed drastically with the cross-business synergies, to be multi-business. The global nature of the business has changed my role drastically. Everything we do, we have to think of the rest of the world, versus just the [United States]. Tax implications, printing—anything has to be multilingual, multicurrency.
Everything’s measured more in terms of the output than the input. We’re measuring things in terms of processes. It doesn’t matter that we put in the ERP. The go-live date is not important anymore. It’s not the metric. My metric is when the business process changes and cycle time is changed in the business.
So, pick a cycle time: order to delivery. When that metric changes, that’s when we claim victory. It’s not when the ERP goes in. The process has to catch up to it, and that takes time.
So my job has changed more to measure process metrics than IT metrics.
Fortnightly: How have you tightened up security?
JS: The two areas that have really changed are [Sarbanes-Oxley] and IT security. We were doing a good job on both, but when Sarbanes-Oxley was passed, the bar was raised. GE raised the bar again internally. Our standards are even tougher, we believe, than the public standards are for Sarbanes-Oxley.
Our audit staff picked Energy as the place to audit our new standards, and we felt it. We had to increase our level of documentation. We had to secure more systems. We had to make sure access rights to applications were fully digitized, not just a manual process. We’re struggling to keep up with that, but we’re hitting our deadlines.
Number two, with security we’re all learning as we go. It seems like every couple of weeks we get a new virus or worm that attacks a different element of the network or the technology stack. Because of that, we have to move faster in a different direction. We’re putting more scanning, analytics, and reporting in our systems to make sure we stay ahead of the next potential threat. We’re also building a lot of processes for when something does come that’s unanticipated, so we can isolate it and shut it down very quickly.
Nobody wins the security game and can say, “I’m done.” It’s ongoing and is more and more demanding every week.