Another key strategic project for Phillips in 2010 was the design and creation of a consumer-like e-commerce site to expand Avnet's base of smaller-volume and specialty customers such as engineers and prototyping firms -- a key but previously untapped market for the distributor of electronic components and computer products. As the economic news worsened throughout the year, Phillips says, executives looked at expenses and considered where to continue investing and where to cut.
Ultimately, Avnet decided to preserve the e-commerce project. "We could see the need was still there, and it was an investment that would pay out beyond the economic cycle," Phillips says.
It was the right decision. "So far, we've seen a 75% annual increase in e-commerce revenue and a 50% annual increase in site visitors," says Phillips.
Delivering Return on Risk
Regardless of the economic climate, a key component of every IT leader's job is keeping the rest of the executive team apprised of the range of alternatives -- and their associated risks -- for meeting strategic business goals, according to Bruce Jones, head of global IT security and risk at Eastman Kodak (EK) Co. in Rochester, N.Y.
"At the end of the day, business managers are in charge of bringing in profits, so they're going to take risks," Jones says matter-of-factly. "Whether they are technology, security or business risks, there's a need to understand and manage [them]." As IT leaders, he says, "we have to be the educators, helping them to understand the risks and giving them alternatives that can reduce the risk but not cost more."
In 2010, Jones saw a reduction in both his budget and staff, yet "we still haven't found that it's been disabling," he says. "We've held true to our values and our process to work with the business" while keeping costs down.
This is largely the result of following a robust risk management program that Jones and his team developed as a way to map all security and compliance goals to specific business goals. As an added bonus, the program, which capitalizes on lean principles, has shaved costs by $500,000 a year. All risks are documented in terms of impact to the business, giving IT a way to demonstrate potential consequences, costs, effect on brand, legal and regulatory ramifications, downtime and liability.
Before the risk management program was established, "security was seen in terms of black vs. white and them vs. us and was not aligned with the business well," says Jones. "This risk management program is highly focused on actions that map back to specific business goals, objectives and potential impact to the business -- financially, legally and operationally. This has helped to consistently drive the right decisions as well as sales and revenues, brand value, customer and brand loyalty, and other business posture measures."
Sign up for CIO Asia eNewsletters.