The enormous shifts in technology and its increasing importance to business have increased attention and pressure on the chief information officer (CIO). Managing the technology estate is now table stakes, with businesses relying on CIOs and tech officers to guide strategies and generate value. Technology on its own isn’t enough. Value comes from how well technology is harnessed to power the company’s goals, which requires the CIO to become more deeply connected with the business—from laying out the technical possibilities to building a collaborative culture.
In this interview, Costco chief information and digital officer (CIDO) Javier Polit speaks with McKinsey’s Rob Cain and Barr Seitz about what he’s learned from his journey (including time as CIO of the Bottling Investments Group and Coca-Cola North America at the Coca-Cola Company, president and CIO at Procter & Gamble, and CIDO and Global Shared Services leader at Mondelēz International). In this conversation, Polit discusses what matters most for effective collaboration with the business, from the leaders to the working teams that execute the vision. What follows is an edited version of that conversation.
Building for value and change
McKinsey: How has your journey as CIO evolved over the time you’ve held that position across multiple companies?
Javier Polit: Just as technology has changed immensely in the last 30 years, so too has the role of the CIO. As I think about the CIO role today and the evolution of my career, it’s clear that all companies need to be tech companies. And to make that happen, IT cannot just be the organization that “manages a utility”—as it has often been perceived—but it must now run the business of the business. That has become more complex with the rapid changes in technology and the globally integrated digital world we operate in today. For me, delivering on this goal means focusing on a few things.
One is prioritizing the platforms and functionality that generate revenue for the business while maintaining high satisfaction levels for customers, members, and our own business employees as well.
Two is positioning the company for technology-driven growth through digital transformation. Adapting quickly is at the core of that transformation, which is why I have put a lot of emphasis as a CIO on accepting that technological change is inevitable and trying to anticipate such changes.
What do I mean by that? For one thing, it’s important to understand that many solutions and platforms, which you might have used for several years in the recent past, have a much shorter life span now. New and better solutions come to market every two to four years, requiring us to reassess existing solutions based on new value propositions. And then you have business requirements that vary in global enterprises from region to region and country to country, while regulations frequently change, both locally and globally. All this change and complexity means it is essential to be digitally dynamic and build an organization that can learn new things quickly.
And three is that you can’t just wait for everything to become clearer or for a unified global solution to appear. You have to move forward—the business cannot wait. You take your best understanding of industry developments and select a solution that begins to address your needs—including compliance requirements—knowing that it will likely need to be changed in a short time frame.
This is where it’s so important to maintain a strong partnership with, and create awareness about, technology among the executive team. Because things move so fast, the cost of doing business in technology is not the same as in other functions of the business.
Understanding the business to collaborate with the business
McKinsey: When you talk about your role in helping the business run the business, can you tell us a bit more about what that looks like?
Javier Polit: Since technology is in every corner of the business, the CIO needs to understand all aspects of the business: what it is, how it works, how it makes money, and what the key levers are.
In my current role, I have been to several Costco facilities in Europe, Mexico, and the US, including last-mile facilities and warehouses. I have seen how the trucks come in and are off-loaded. I have even been on the boats that catch the seafood that we sell.
Without understanding the business, you cannot hope to be a true collaborator or business partner. That collaboration and trust are crucial because the business looks to the CIO for digital guidance to understand what’s possible with technology and for digitizing business processes.
I have worked in enterprises, for example, to deeply understand what the customer wants. We used machine learning capabilities to analyze data from customer interactions on our online platform. In one case, this allowed us to discover that customers wanted to personalize the packaging (by adding their name on it, for example, or having a specific message). Partnering with the business, we built this capability so we could scale it and apply it to our other products and packaging as well. Our digital transactions and revenues increased materially when we rolled out the capability globally.
Building for shared accountability and success
McKinsey: How do you work with nontech leaders in the business, and what are some of the most important lessons you’ve learned about how to build effective working relationships with these leaders?
Javier Polit: As a CIO, you have to help educate leadership on technology. Teaching and learning are an important part of the culture at Costco, so every moment I have with my colleagues is a teaching moment.
This education process helps to create a common vocabulary, but to really work together, you need a willing partner. So when sitting in executive meetings at the companies where I have served as the CIO, for example, I would listen closely and observe to understand which leaders in the business had favorable views about how digital could help their business. Those were the leaders and colleagues I would approach to partner with and develop a program that created value for them. Then those leaders would share how the digital partnership with the technology teams led to business improvements. From there, you start to experience a pull from the business wanting to work with our tech teams on digital solutions.
At the working-team level, you have to invest the time to set up the operating model. Joint accountability really works well. For product development work, for example, I will develop a charter with my counterpart on the business side that articulates what our product pods need to deliver, what the specific outcomes are, what the cost and benefits are for the business, and what metrics we’ll use to measure them. Then both the tech and business leads on the product team sign the charter. This approach creates a clear understanding of joint accountability for, and ownership over, the outcomes.
This charter is just the starting point, though. Over the course of the product team’s work, you must stay actively engaged and intervene as needed. We use regular meetings, for example, with our global technology leaders to understand how we are working with the business and what progress we’re making. In addition, I have touch points with my peers on the business side to understand how well our teams are collaborating from their perspective.
A business focus on cyber
McKinsey: How have issues around resiliency and cybersecurity evolved recently, and what has that meant in terms of how you approach those issues?
Javier Polit: Cyber and resiliency are huge business topics. They are top of mind with the board, the CEO, shareholders, and investors. In my career, investment funds have brought in their cyber experts to discuss how our cyber leadership is safeguarding the enterprise.
This means that it’s not enough to just meet industry standards. Many people obsess about elevating NIST [National Institute of Standards and Technology] scores, for example. But the goal isn’t to just get a good score. The goal is to protect the business. This requires a proactive business approach and a different mindset.
In my career, for example, we have invested in intrusion detection, regular tests of the network and infrastructure, working with white hat hackers, and instituting a software-defined network, which allows us to isolate a breach in a matter of minutes. Continuous monitoring and analysis are essential.
While we’re starting to see some good AI tools that help us with cyberdefense, you have to be careful not to rely too much on them because then you diminish your own expertise. If your tech fails, you need experts who know what to do.
For the foreseeable future, we will continue to make the necessary investments in cyber to protect the business. No matter how much progress you make in this area, it is never enough. The level of sophistication in cyberattacks rises every day.