Expert's Corner

5 Questions PE Execs Should Ask CIOs

Private equity firms should meet with CIOs of portfolio companies to improve IT understanding

Private equity firms routinely interact with their portfolio companies' chief executive, chief financial and chief operating officers, but many don't spend as much time - or any time - with the chief information officer (CIO).

Here are five questions that will shed light on the health and direction of a company's information technology organization.

1. Is your IT organization doing things right or doing the right things?

Let's face it. IT teams often complain that they are understaffed and overworked - that they do not have enough resources to meet business demand or keep the lights on. This may be the result of poor project and portfolio management (PPM) processes.

PPM is a prioritization method used to analyze, prioritize, select and manage an organization's projects. The goal is to determine optimal project prioritization to achieve overarching business goals. There is a big difference between doing things right and doing the right things. PPM ensures that you are doing the right things by having a defined process for ensuring that IT is working on the most important initiatives. A poor PPM process indicates that the IT organization is immature and the cusomter is unsatisfied.

Implementing effective PPM processes does not need to be complicated or expensive. Ask your CIO about the portfolio company's PPM and how he or she knows that the IT function is working on the most critical business projects. If the process is informal, improving PPM could make a difference.

2. When it comes to cybersecurity, is the portfolio company good, bad or ugly?

Technical security breaches are a scary and serious topic, but they are no longer limited to governments and Fortune 500 companies. This is one topic that should be on the boardroom agenda at each quarterly meeting for companies of any size.

Security attacks are becoming more sophisticated and imperceptible. In the past 12 months, many attacks have been carried out in the random access memory (RAM) of computers, so traditional defensive software, such as an anti-virus program, has limited ability to detect them.

The comprehensiveness of a company's security measures will vary based on its size, industry and business's type. Industries such as banking and retail require considerable technologies and processes, while others may require less. Even for a less technical business, it is important to protect the business' intellectual property.

Essentially, there are three types of companies: those that have not been attacked (the good); those that have been attacked (the bad); and those that have been attacked but have not realized it yet (the ugly). When visiting a portfolio company, ask the CIO about the measures in place to prevent security attacks. Aside from investing in the right technology and processes, such as backing up critical files off site, does the company have defined disaster recovery and business continuity plans?

3. How are you using mobility to advance your company's business strategy and customer experience?

Stock valuation analysts argue that most of Facebook's valuation is contingent upon the success of its mobile advertising. Your portfolio company may not be the size of Facebook or in the business of social media, but that does not mean it should be without a mobile strategy.

Last month, I received a text message from my dentist reminding me of my upcoming appointment. It prompted me to reply "YES" or "NO" to indicate whether I would still be able to make my appointment. The mobile environment is here, and it is changing the face of every business, from global corporations to local service providers, such as small dentists.

A sound mobile strategy begins by acknowledging the business strategy and describing how mobile advancement enables it. It should articulate how mobility impacts a business' stakeholders - from the internal sales team to customers. Finally, it should include a documented plan for capitalizing on this evolving medium, highlighting customer expectations and competitive capabilities.

Be sure to ask the CIO about the company's mobile strategy, its key initiatives and how it supports the business strategy.

4. Which IT services are becoming commoditized, and what have you done as a result?