Every CIO I know has had some version of this conversation: their CEO comes back from a golf trip with their buddy, or a conference with peers, and is told AI is about to automate everything at their company, from HR to marketing and finance. No humans in the loop, just AI. The CEO then calls an all-hands Monday morning, and the CIO is suddenly on the hook to make it all happen.

The instinct for CEOs to chase unsubstantiated claims is understandable since they’re responding to competitive pressure. But that leaves CIOs responsible to close the gap between ambition and reality. Making AI work in an organization with decades of accumulated process, permission frameworks, and cultural inertia is very different from deploying it in a demo.

The best response isn’t to push back on the ambition, but redirect it. Translate the CEOs vision into an honest map of what has to happen for the organization to get there, including the infrastructure, governance, and training. That helps to convert the kneejerk compulsion to move faster into a concrete plan that leadership can get behind.

Here’s what CIOs should actually be focused on to get where their CEOs want them to go, regardless of what’s discussed on the links.

1. Start where AI can build its own credibility

The hype machine wants you to climb Everest on day one. Instead, identify the repetitive tasks where AI can prove itself on familiar ground — the workflows your team already knows well, where results are easy to verify and the bar for trust is attainable.

The goal is the Eureka moment when a skeptic on your team sees a real result and becomes a believer. Those moments compound. When someone has seen AI make their work easier in a context they understand, they’re more likely to help you move things forward. You can’t force that change, but you can engineer the conditions for it.

2. Models will commoditize. Context will not.

Every few months, a new model claims to be smarter, faster, and cheaper than the last one. Don’t be distracted by that race. The lasting advantage in enterprise AI doesn’t just come from which model you’re running, it’s in the quality, governance, and semantic clarity of the data feeding it. Enterprises that invest in consistent business definitions, well-structured data, and clear lineage will outperform those that don’t, regardless of which model is in fashion. Context is your competitive moat. Focus on building that.

3. Nail down the permissions

In a world of dashboards, you know exactly what data will appear on a given page, so you can set permissions in advance for who can access it. In an AI world, the system can generate outputs that were never pre-designed. So how do you determine who has the right to see a result that was never anticipated?

Before deploying any agent that acts on someone’s behalf, such as filing a request, surfacing payroll data, or populating a record, first determine whether your existing permissions and access control frameworks can handle outputs that were never planned for. Most can’t. This is a prerequisite of what your CEO is asking for: the unglamorous infrastructure work that determines whether your AI is trustworthy in production. It needs to happen before you scale, not after.

4. Build an editing culture, not a writing one

For decades, engineers, analysts, and operations teams have been trained to write code, build reports, and define new processes. AI upends that. The skill now is editing — auditing what the system produces, catching what it got wrong, and knowing where to push back.

The truth is most people aren’t naturally good at editing because they’ve never had to be. That’s a skills gap that needs to be closed early on. Invest in helping engineers, analysts, and managers develop the judgment to evaluate AI outputs, not just generate them. Editing must become a core enterprise competency.

5. Measure behavior change, not tool adoption

Login data is a vanity metric. If your engineers are accessing AI coding tools but aren’t changing how they build, you haven’t adopted anything. The metric that makes more sense is productivity output. In agile terms, a team that completes 20 story points per sprint should hit about 28 with AI, not because the tools are magic, but because the repetitive work gets faster. If you’re not seeing that, you’re measuring the wrong thing. Pay attention to output, not usage metrics.

6. Reframe your organization’s relationship with failure

The instinct to de-risk everything made sense when software deployments were expensive and slow to reverse. AI works differently. The outputs are probabilistic, the iteration cycles are fast, and being overly cautious can cost valuable time. CIOs need to give teams permission to experiment in ways that feel uncomfortable by traditional enterprise standards, all while building the feedback loops that make fast failure safe. That culture shift has to be modeled from the top.

FOMO isn’t going away

CEOs will keep getting pulled into cycles of urgency and FOMO, and that pressure will keep landing on CIOs. The organizations that make real progress will be the ones that redirect that energy into infrastructure that makes AI trustworthy, measurement systems that show what’s working, and cultural changes that make adoption stick. That’s the agenda that’ll move your organization forward.

I have sat with three CIOs in the last two years who wanted to leave their seat and could not. One was being recruited into a larger enterprise role. One was ready to retire. One had been offered a board seat that required stepping down. In every case, the same thing stopped them. When the CEO asked who could step in, the CIO could not give a credible name. The person they had been calling their number two was technically brilliant and operationally reliable, and every one of them had been groomed into an architect, not a leader. The board would not approve an external hire during an active transformation. So the CIO stayed. One of them is still stuck.

The CIO role has the weakest succession bench in the C-suite, and most CIOs discover it the same way those three did. Not during a quarterly talent review. Not during a board retreat. They discover it the moment they try to leave. By then, the decision is already made for them. This is a leadership design problem CIOs build into their own orgs, and they inherit it when it is too late to fix quickly.

The architect trap

I have watched the same pattern form in almost every IT organization I have worked in. The people who rise to the top of the CIO’s direct reports are the ones who can hold the most architectural complexity in their heads. They are the ones the CIO trusts with the platform decisions, the vendor consolidations, the integration maps. They earn that trust legitimately. They are excellent at what they do.

But architectural trust is a different currency than leadership trust. When a CIO promotes based on architectural depth, what they get is a deputy who can design the org but cannot run it. I have seen deputies who have never owned a P&L conversation with a CFO. Deputies who have never delivered hard news to a business unit president. Deputies who have never had to defend a budget line item in a room full of people trying to take it from them. They were not hiding from those conversations. The CIO was holding the conversations for them because the CIO was good at those conversations and the deputy was good at the architecture.

The result is a bench that looks deep from inside the IT org and looks empty from the boardroom. I have watched a CEO walk out of a succession conversation saying, “I like your people, but I cannot see any of them in your chair.” That is not a compliment to the CIO. That is a verdict on how the CIO built the team.

Three moves I make before I need them

After watching this happen enough times, I stopped treating succession as something I would address later and started treating it as a design choice I had to make inside my first year. I changed how I build the bench in three ways, and I make each move early enough that the person has time to grow into it or fail out of it.

First, I give them a standing decision domain, not a “next in line” title. A deputy who is told they are being groomed for the CIO seat will manage their career instead of their work. A deputy who is given full authority over, say, all vendor escalations above a defined threshold will start making real decisions in real rooms with real consequences. That is where judgment gets built. The domain has to be something I would otherwise own myself. If I am still approving everything inside it, I am building a forwarder, not a successor.

Second, I put them in rooms where they have to lose something. One of the most damaging things a CIO can do is protect a high-potential deputy from conflict. I used to do this without realizing it. I would pull the hard conversations back to my level because I wanted to spare the deputy the political damage. The deputy came out looking clean and came out completely unprepared. Now I deliberately put deputies into conversations where they have to defend a position against a peer executive who will push back hard. Sometimes they hold the line. Sometimes they fold. Either outcome tells me something I needed to know before anyone was counting on them.

Third, I make the bench visible to the board before I have to. If the board does not know my top two or three deputies by name and track record, I do not have a succession plan. I have private notes. The CIOs I described at the beginning of this article all had deputies they believed in. None of those deputies had ever presented to the board on anything substantive. The board had no reference point. So when the succession question came up, the deputies did not exist in the board’s imagination, and the CIO’s personal endorsement was not enough to create them.

The first time I put a deputy in front of the board, they came back different. The board did not go easy on them. They came back knowing what a board conversation actually feels like, which meant the next one would not be a first impression. The board needs reps with my deputies before the seat is vacant. Once it is vacant, the reps are a job interview and a job interview is not where anyone does their best work.

What the gap actually costs

The cost of a shallow bench is not abstract. I have seen CIOs delay their own career moves by eighteen months or longer because they could not produce a credible successor. I have seen organizations pay two and a half times market to hire externally because the internal candidate did not survive a board interview. I have seen transformations stall because the CIO could not delegate enough to step back and think, because there was no one qualified to hold what they put down.

The cost to the deputies is also real. The architect-track deputy who spends six or seven years being the CIO’s most trusted technical lieutenant, and then gets passed over for the CIO role because the board does not see a leader, rarely recovers that momentum. Some of them leave. Some of them stay and quietly disengage. A few of them become the reason the new CIO’s first ninety days are harder than they should be. None of that is the deputy’s fault. It is the consequence of a design choice the previous CIO made years earlier, usually without knowing they were making it.

CIO.com has published strong guidance on this, including work on grow your own CIO strategies that treat succession as a deliberate pipeline rather than an accident of tenure.

The test is simple. If you had to leave in ninety days, could you hand the CEO a name and get a nod? If you cannot picture that nod, you do not have a successor. You have a list of people you like and trust, which is not the same thing. The successor you can actually name is the one you built on purpose, not the one who happened to look ready when the chair emptied. I have learned this by watching peers run out of time to build what they meant to build. I am trying not to be one of them.

This article is published as part of the Foundry Expert Contributor Network.
Want to join?

数年おきに、CIOは同じ問いに直面する。「今話題の技術について、わが社は何をしているのか」。今日、その問いはAIに向けられている。プレッシャーは本物だ。競争環境は厳しく、取締役会が進捗を求めるのも当然だ。

問題は、そのプレッシャーがどう吸収されているかだ。多くの組織で、取締役会の要求への対応が一種の「演技」になっているのではないか。パイロットが積み上がり、ベンダーとの関係が増え、進捗報告が社内を回る。外から見ると、AIに真剣に投資している組織に見える。しかし実態はというと、ビジネスの動き方はほとんど変わっていない。AIが依存するインフラ整備、ワークフローの再設計、データの準備は手つかずのままだ。

取締役会向けの準備で、AIのスライドに15のアクティブなパイロットが載っているようなケースを複数目にしてきた。3つは「有望」と説明され、1つはデータアクセスの問題で保留中。どれも測定可能なビジネス成果には結びついていない。これが「AI戦略シアター（AI戦略という名の演技）」だ。取締役会の問いを表面上は満たすが、本質的には答えていない。

パイロットがポートフォリオになるとき

本来パイロットとは、「この技術は特定の用途でスケールさせるに値するか」という一つの問いに答えるためのものだ。時間を区切り、用途を定義し、二択の結論を出す——それがパイロットの役割だ。しかし今多くの組織で起きていることはそれとは異なる。

取締役会からのプレッシャーが高いとき、最も抵抗の少ない道は「何かを始めること」だ。用途を特定し、ベンダーと交渉し、概念実証を立ち上げて報告する。目に見える活動が生まれ、次の四半期のガバナンス上の問いが満たされる。一方、ワークフローの統合、データインフラ、変更管理という難しい仕事は先送りされ続ける。

McKinseyの2025年版「State of AI」では、88%の企業が少なくとも一つの領域でAIを活用しているが、スケーリングフェーズにあるのはわずか32%であることがわかった。実験と価値創出の間のギャップは広く、ほとんどの組織はその中に止まっている。この状況に対し、McKinsey、ワークフローが再設計されていないことを主な理由と指摘する。AIはある。しかしその周りのビジネスプロセスは変わっていない。

個別に立ち上げたパイロットは、互いに連携しない。AIを拡張するために必要となるデータインフラや統合アーキテクチャも生まれない。結果として、維持コストだけがかかるポートフォリオと、実態の伴わないAI投資の物語が残る。ベンダー側にも新しいパイロットを次々と立ち上げる動機がある。概念実証は限られた環境では印象的な結果を出すが、それが本番環境で機能するかどうかは顧客側の問題だ。契約が取れれば、ベンダーの役割は終わる。

ガバナンスの欠如がCIOの信頼性を損なう

プレッシャーが生む第二の問題は、ガバナンスのないAI意思決定が組織内に広がることだ。取締役会からのAI推進の指令が事業部門に届くと、各部門は独自の判断で動き出す。財務部門がITアーキテクチャの審査を通過していないツールの契約を結ぶ。業務部門が本番データに触れる自動化パイロットを走らせる。マーケティング部門がコンプライアンス審査を受けていない顧客情報で実験する。

いわばAIの速度で拡大するシャドーITだ。通常の大きなソフトウェア投資なら調達審査やアーキテクチャレビューを経るはずが、午後に導入できて数日で結果が出るツールにはそのプロセスが適用されない。IT部門が全体像を把握する頃には、事業部門はすでに「AIは使える」「使えない」という結論を出している——エンタープライズ向けに設計されていないツールをもとに。

小さな失敗が積み重なるうちに、信頼は静かに失われていく。成果の出ないAI投資、後から発覚するガバナンスの問題、ITを避け始めた事業部門——こうしたパターンが積み重なれば、取締役会はいずれ問題を直視する。実験フェーズから価値創出への移行を自らリードし、そのプロセスを積極的に管理しているCIOが、差をつけ始めている。

規律ある実行に必要なもの

概念実証から本番環境へ、AIを移行させることに成功した組織には共通点がある。どこに投資するかについて明示的で文書化された決断を下し、パイロットを追加するプレッシャーが高いときもその方針を守り通したことだ。

具体的には、開始前に一定の基準を満たすイニシアティブだけを選ぶ短いリストを維持する。ワークフローが十分に理解され、変更管理権限を持つビジネスリーダーが担っていること。データがアクセス可能で整備されていること。展開後ではなく前に成功の定義が決まっていること。この基準を満たさない提案はスタートさせない。取締役会が進捗を求め、ベンダーが有利な条件を提示している状況で目に見える活動を控えることは、言うは易く行うは難しだ。

内部ケイパビリティの構築も重要だ。ツールは増え続ける。戦略的な問いは、組織がAIを評価・統合・ガバナンスする真のケイパビリティを培っているか、それともベンダー依存に留まるかだ。前者は時間をかけて組織的な優位性を積み上げる。後者は外から見るとケイパビリティのように見えるが、内実は依存だ。

AIリーダーシップを測るたった一つの指標

取締役会向けのプレゼンでは見栄えがよく、業務上の価値はほとんど生まないAIリーダーシップの形がある。パイロットは走り、進捗報告が回る。「実際にビジネスに何をもたらしているのか」という問いは、答えることがナラティブを複雑にするため、問われないままになりがちだ。

AIリーダーシップは最終的に一つのことで測られる。何個のパイロットが、ビジネスの実際の動き方を変えるまで生き残ったか。今構築されているもののほとんどは、そこまで届かないかもしれない。

Our world is spinning so fast that getting off course from intended outcomes can happen quickly. And it isn’t just technology that’s catalyzing change. The business climate, economic conditions, rules of engagement, and even people’s belief systems and behaviors are rapidly shifting to the point that trying to keep up is like chasing a cheetah on roller skates.

To lead in this climate, you have to hone your ability to pivot, pull the plug, or pounce on a new opportunity with little lead time. You can’t make a decision, install a system, or set a team to work on a project, then move on, even as you might have done a few short years ago. You have to be able to change your mind, admit you no longer stand behind a decision, aren’t confident in a particular project and set a new course toward a better destination.

Having an agile mind and a flexible worldview is vital to IT leadership today. But how do you achieve that?

I spoke to IT experts and leaders who have struggled with and mastered this skill. Here are the agility tricks they employ to stay flexible.

Keep asking questions

“Historically, CIOs come into an organization, assess, then try to add value,” says Sathish Muthukrishnan, chief information, data, and digital officer at Ally Financial. “That could take a year. Then they spend another six months developing strategy. From year three onwards, they might implement strategy. That was the traditional playbook.”

So, the current pace of change is, in itself, an enormous pivot for a role so complex, Muthukrishnan says.

The first step to becoming an agile leader then is to accept that the old playbook won’t work. The second step, he says, is to keep asking questions.

“I ask questions so I can deepen my understanding, orient myself,” he says. “Has the context changed? Has technology changed? Have people changed? If so, why are we doing what we were doing three, four, or five months ago?”

There are some things that have not changed, he says. Learning is the same, though what you learn and the way you apply it is different. And the need for your leadership has only increased.

“The human qualities that set you apart as a leader are becoming even more relevant in an AI-first world,” he says. “It’s no longer, ‘I’m the expert. I know. I’ve done this, I’ve seen this,’ that sets you apart. The thing that sets you apart is having the courage to say I am not tied to my previous beliefs. I’m changing them because of this reason. I’m making a pivot because of these reasons. Courage and conviction go together.”

Trust the navigation — and your teams

“You have to lead with purpose and clarity. That’s important for the organization. But you need a lot of flexibility when it comes to the execution,” says Manny Rivelo, CEO of ConnectWise.

Like a ship on a wild sea, you have a destination in mind. Getting there, though, requires navigating through a lot of tumult.

“You have to be able to respond quickly to change,” Rivelo says. “It can be anything from a market shift, the technology, or internal organizational challenges. You don’t want to lose sight of that long-term strategy, but you may have to pivot along the way. It’s not only about moving with speed, but with flexibility.”

Just like that ship navigating rough seas, you have to get accurate readings and trust your navigators to know how to steer through the chaos.

“How you collect information is important,” he says. “I look at it as a signal-to-noise ratio. What is the signal that’s driving you to go someplace, and what is just noise? How do you remove the noise so you can focus on what the signal is telling you.”

Rivelo believes in facts and data. But you also need to be able to test your own assumptions and, to do that, you have to trust your team, he says.

“You have to build diverse teams that are willing to challenge your thinking,” he advises. “In my experience, you can’t train for that. You have to hire for it.”

Rivelo digs deep when hiring to find people who have a history of being opinionated and, especially, curious.

“Curiosity is one of the greatest gifts you can have as a leader. You need to be curious enough to disrupt yourself and not assume that, because we are doing things a certain way, we have to continue. The best idea should win — wherever it comes from,” he says.

Empty your cup

According to one Zen parable, you have to empty your cup before you can fill it. To learn, you have to accept that you don’t already know.

“For me, being agile means seeing the truth and not making assumptions,” says Dr. Akvile Ignotaite, founder and data scientist at System Akvile. “I go into new projects thinking, ‘Let’s see what we can learn.’ And I learn from the data.”

It sounds simple. But when you have achieved a leadership role, you likely got there because of your expertise. You have become accustomed to people expecting you to know what to do. Letting go of that expert role is, Ignotaite admits, a process.

“I try to keep a very open mind,” she says. “I make assumptions, then measure those assumptions against real user data and behavior. I can’t know everything. The speed we live in is too fast.”

Use the ‘hot-shot rule’

Every day is full of decisions and responsibilities. It’s easy to get caught up in that and keep navigating toward a goal without stopping to check whether you are headed in the right direction. To stay flexible, Ingrid Curtis, CEO at Sparq, likes to test wind direction frequently with what she calls the “hot-shot rule.”

“This is not a concept I created,” she says. It is a mental exercise that helps people to let go of a decision, path, or progress that is no longer serving their purposes.

“Imagine you’ve been fired,” she says. “Who’s the hot shot that’s coming in to take over. What do you think they will do that you aren’t doing?”

The hot shot can be fictional or a real-life leader from the tech or business world.

“There are plenty of big, wild entrepreneurs to choose from,” she says. “They come with this huge persona. And we’ve seen that it has gotten some of them — the WeWork founder, Elizabeth Holmes, and others — in serious trouble. But there is also admiration for this flagrant, ‘I’m willing to do whatever it takes’ kind of leadership.”

It’s surprising, she says, how much this game allows people to disconnect from minutia and look at their job with fresh perspective. It’s fascinating to watch it unlock ideas.

“We all allow ourselves to be hamstrung,” she says. “Yet you imagine someone else would disregard those self-imposed restrictions and be able to get the thing done. Suddenly, with that perspective, you are able to do that, too.”

Rethink your approach to decision-making

“Everyone frames agility as a personality trait — be flexible, stay curious, embrace change,” says Nik Kale, principal engineer at Cisco Systems. “All of that is fine, but personality does not scale.”

Agility, he says, is less about mindset and more about structure.

“Adaptable leaders aren’t the ones with the most flexible temperament,” he says. “They’re the ones who build decision-making systems to absorb change without breaking.”

One big part of this structure, he says, is sorting decisions by weight. Some decisions are reversable. Others are not. Therefore, those two types of decisions should be sorted into different piles. Slow down and ponder non-reversable decisions. Decide fast and iterate on those that are reversible.

“Many leaders do the opposite,” he says. “They agonize over things that don’t matter and rush through things that do.”

For reversible decisions, schedule a point where you will stop to reevaluate them.

“I put reassessment dates on the calendar,” he says. That way changing your mind is part of the process. “It won’t hurt anybody’s ego if we planned to reevaluate that decision.”

This structure, he believes, overcomes the risk decision-makers face when they change their mind.

“Admitting you were wrong, in most corporate cultures, is expensive — reputationally, career-wise, politically. People double down on failing strategies because the cost of admitting they were wrong feels higher than the cost of failure,” Kale says. “Courage shouldn’t be a prerequisite for good decisions.”

Factor in the fact that permanence is a thing of the past

According to Ram Palaniappan, CTO at TEKsystems Global Services, when the software you use every day changes almost that often, clinging to the idea that anything you decide today won’t change tomorrow is holding on to a world that no longer exists.

This is especially true when working with AI, he says. When you make a decision about something repeatable, and offload the work to AI, verifying the results is essential because an AI will amplify mistakes. This also helps you learn to trust the AI.

This kind of mental agility, he says — making decisions that you are willing to unmake if the output doesn’t match expectations — requires that people to stay alert and keep learning. That goes not just for leaders but entire teams, he adds.

“We ask our teams to spend a percentage of time upskilling,” he says. “We set goals. We provide a learning path. Then we allow them to apply what they learn in a lab facility.”

The idea is, he says, to learn to let go of the way it was.

“Tech companies change their products, sometimes daily,” he says. “We all have to be able to move like that.”

Let go of the idea that anything you decide is permanent. Decide quickly. Then check how that decision is doing.

Exercise your emotional muscles

According to Sarah Noll Wilson, founder of The Noll Wilson Group and author of Don’t Feed the Elephants, many technical leaders believe that emotion has nothing to do with their decisions. But that can make you blind to the power emotion has over them.

“When you build your emotional skillset, it gives you access to a higher level of self-awareness and intellectual humility,” she says.

Curiosity is one emotional skill. “Instead of making you fear discovering a bad decision, curiosity can make it fun to wonder — with interest and even excitement — where you might be wrong,” she explains.

Another emotional skill is to let go of the idea that it is your expertise that’s needed.

“Some problems are technical,” she says. “Those are clear and typically solved with expertise. But some are adaptive challenges. In that case, the problem might not be clear and solving it requires learning, not expertise.”

Fear is another emotion that drives resistance to change. People don’t fear change, they fear loss, she says. “Ask yourself, ‘What am I losing?’ or ‘What am I afraid I’m going to lose?’”

One of the practices her team uses to increase emotional self-awareness, she says, is a courageous audit. This is a process where leaders examine what they want to be — an agile leader, for example — and interrogate behaviors that conflict with that goal.

“A question you can ask is, ‘What do I do or not do that’s in conflict with being an agile leader?” she says. “Do I protect my ideas or my team’s ideas? Do I dismiss ideas from people who aren’t in my field or ‘in’ group? Who gets to submit ideas? Who doesn’t?”

These exercises are designed to raise your awareness of the emotional reactions that affect your decisions and to help you develop the ability to be comfortable with uncertainty.

Change how you measure and build

According to Shahrzad Rafati, founder and CEO of RHEI, keeping a plastic viewpoint requires you to fundamentally change how you build technology and measure success.

“When you spend two years building an enterprise tool, your ego becomes tied to its deployment. You lose agility because you are financially and emotionally invested in the solution, rather than the problem,” she says.

“Instead of measuring success with metrics like uptime or deployment milestones, measure workforce elevation. When your metric is ‘Did it elevate human output and strategic thinking?’ you won’t hesitate to kill a failing project.”

The second step, she says, is to find a way to experiment quickly and cheaply. “We no longer live in a world where prototyping costs millions of dollars. You can ‘vibe code’ an idea, stand up a specialized agent, and test its capabilities almost instantly.”

“Use this to your advantage,” she says, “by lowering the stakes of your experiments. If testing a hypothesis costs nothing, your willingness to abandon a bad idea and admit you were wrong goes up exponentially.”

美馬のゆり（みまのゆり）
学習環境デザイナー／学習科学者、公立はこだて未来大学　名誉教授。日本学術会議　第26期・第27期会員、電気通信大学　監事。電気通信大学（計算機科学）、ハーバード大学大学院（教育学）、東京大学大学院（認知心理学）で学ぶ。コンピュータと教育、認知科学の幅広い視点から、コミュニケーションや人材育成、ネットワーク形成などを促進する活動を行っている。その他、マサチューセッツ工科大学メディアラボ客員研究員、NHK経営委員会委員、カリフォルニア大学バークレー校人工知能研究所および人間互換人工知能センター客員研究員などを歴任。元日本科学未来館副館長。

日本でAI導入が進まない本当の理由

生成AIの活用が世界規模で進む中、日本企業の多くはいまだ本格的な導入に至っていない。ChatGPTを業務で試した経験はあっても、組織全体への定着には達していない企業が大多数だ。

一方、米国では状況が異なる。米国心理学会が2025年に発表した「Work in America」調査によると、47%の労働者が月1回以上業務でAIを使用していることがわかった。30%が「使わないと取り残される」と感じ、38%が「自分の職務が不要になる可能性」を懸念している。AIはすでに日常業務に深く浸透し、効率向上への期待と同時に、不安や組織内格差といった心理的・組織的影響をもたらしていることを示す調査結果だ。「AI導入は、人の不安と期待を前提にした制度設計と不可分である」という結論をレポートは導き出している。

では、日本でAI導入が進まない背景には何があるのか。美馬氏が講演や企業との対話を通じて見えてきたのは、能力や技術力ではなく、構造的な問題だという。第一に、（AI導入前に）DXの目的が組織内で十分に共有されていないこと。第二に、業務ルーチンの変更を望まない現場の意識と、それに引きずられる形で「クライアントが望まないものは提案しない」というベンダー側の行動原理。そして現状維持を合理的選択にしてしまう評価制度がそれを後押しする。

統計データをPDFで公開する、カルテを電子化するといった「本質ではないこと」で止まってしまう例は枚挙にいとまがない。このような状況を招く根本原因として、美馬氏が指摘するのは「設計思想」だ。例えば、EV専業の自動車メーカーTesla。頻繁にソフトウェアアップデートがかかり、一晩で画面表示が刷新されることも珍しくない。美馬氏はUCバークレーAI研究機関に在籍時にTeslaに乗っていた経験から、「日本では容易に受け入れられない仕様」と話す。日本の自動車産業の設計思想が確実さ、安全性、高い完成度であるとすれば、進化のスピード、継続的改善、実装後の修正といった設計思想を持つTeslaは正反対と言えるからだ。「これはどちらが良い・悪いの優劣ではなく、設計思想の違い」と美馬氏は説明する。

これを踏まえてみると、AIの技術的性質と日本とは相性が良くない。「AIは本質的に不完全。どんどん更新され、試すたびに精度が上がるという技術です。これは、”完成してから導入する”という日本の発想とは合わない」と美馬氏。日本にはAI導入が進みにくい構造がある、と続けた。

AI時代の技術判断は価値判断―ーCIOは「価値設計者」に

そのような状況でCIOはAIを導入しなければならない。そしてAIの導入では、CIOに新しい役割が加わると美馬氏は見る。

これまでCIOの重要な役割の1つに技術判断があった。だが、AI導入をめぐっては何を自動化するか、どの役割を再定義するか、どのスキルを価値とみなすかなどの判断も入ってくる。そしてこれらは、純粋な技術の判断ではなく価値の判断だ。

価値判断が重要であることを示した象徴的な事例がAmazonだ。採用選考にAIを導入しようとした際、過去の採用実績（男性が多数）を学習データとしたため、女性を不当に低く評価する結果となった（結局、導入は中止）。「どういう学習データを選ぶのか自体が、AI導入の判断にかかってくる」と美馬氏。技術的に可能であることと、組織として妥当であることは一致しない——そうした判断の前提を決めているのは、突き詰めればIT技術者であり、経営判断を下すCIOだ。

美馬氏はこう言い切る。「CIOは技術管理者であると同時に、組織の価値設計者でもある」。

価値を考えるにあたって美馬氏がまずスポットを当てるのが、「最適化と望ましさは一致しない」という視点だ。効率やコスト削減といった数値化できる指標が優先される一方、「数値化できるものを指標にした途端、そうじゃない優秀さは漏れていく」と美馬氏。

何を価値とみなすかを決めること自体が問われている。だからこそ美馬氏は倫理を中核に置く必要性を説く。倫理とは守るべき規則ではなく、価値が衝突し正解が定まらない状況において判断の拠り所となる枠組みだ。「何を良しとするか」という問いを組織の基盤に据えること——それがCIOに求められると美馬氏は言う。

技術者倫理3層モデル

このようなことから、AI導入にあたって価値設計者としてのCIOが考えるべき枠組みとして、美馬氏は「技術者倫理3層モデル」を提示する。第1層は「予見責任」——導入前に職務への影響をマッピングし、移行計画を可視化すること。第2層は「説明責任」——導入目的・影響範囲・限界を組織内で共有すること。そして第3層が「組織的ケア責任」だ。

特に第3層について、「ケア責任とは、情緒的配慮ではなく、人的資本の毀損を防ぐ経営責任」だと美馬氏は言う。AI導入で影響を受ける人材の能力移行を制度として保証すること——それは「優しさ」ではなく、人材という経営資源を守るための責務だ。「少子高齢化が進み、人材不足が深刻化する中、AI導入で影響を受ける人材を他の業務へ移行させることは、組織が果たすべき経営上の責務だ」と美馬氏。自分の仕事がなくなるかもしれないという不安を抱えた社員に対し、トップダウンで導入を命じるだけでは反発を招く。影響を受ける人材の不安に向き合い、移行の道筋を組織として明示すること——それが制度設計としてのケア責任の本質だ。この視点は人事部門との緊密な連携なしには実現しない。

さらに美馬氏は、技術者が担うべき倫理にもう一つの視点を加える必要があると説く。従来、技術者の倫理は「技術が社会に与える影響」「組織人としての責任」「専門職としての説明責任」という3つの観点で論じられてきた。しかしAI時代においては、「生活者倫理」の視点が必要だ、と美馬氏。AIコンパニオンと結婚する人が世界中に現れ、亡くなった家族とサブスクリプションで「会える」サービスまで登場している現在、技術を開発・導入する側もまた、その影響を受ける生活者の一人だ。「使う側・影響を受ける側としての判断が、今や4つ目の倫理として必要になっている」。

AI時代の人材育成を設計する

AI時代は人材面でも見直しが不可欠だ。先述の米国の調査で明らかになったように、AI導入に社員は不安を感じている。雇用そのものに対する不安ももちろんだが、業務のやり方や内容が変わることはキャリアの断絶を伴う。人材育成もまた、倫理を基盤に設計される必要がある。

「従来の『作業効率』『コスト削減』という指標だけでは、人材への影響を捉えることはできない」と美馬氏。AI時代に必要な指標として、スキル転換完了率、再配置成功率、組織内AI成熟度、そして心理的安全性——「導入しても大丈夫」と社員が感じられるかどうか——を挙げる。効率から持続可能性へ。その転換が、人材育成KPI再設計の核心だ。

「AI時代の人材育成とは、ツール操作を教えることではなく、変化を前提に学び続ける構造を設計することだ」と美馬氏は言う。加えて、変化を引き受ける倫理を育てることも重要になるという。そのような考えから、美馬氏は「リスキリング（学び直し）」よりも、新しいスキルを足す「学び足し（アップスキリング）」の視点が重要と話す。

WHYを問い続ける

冒頭のように、日本のAI導入が進まない背景には文化・制度・設計思想という構造的な問題がある。だが、AIを導入しないという選択肢はない。落とし所をどうするかーー「ここは肝になる」と美馬氏。悲観しているのではなく、「紙一重のところに希望がある」と言う。

「空気を読む」「場を整える」「察する」——日本社会に根付く関係性を重んじる感性は、美馬氏が提唱する「Humane Learning Design（HLD）」の考え方と深く響き合う。HLDとは、問いを立て、対話し、文脈と関係性に応じて責任ある判断を行うという学びの思想だ。humaneという言葉には、humanよりも人道的・思いやりという意味が込められている。個人の最適化ではなく「間」を整える倫理的な感性——これはケアの倫理の核心とも重なる。

ただし、関係性を重んじる感性は忖度と「紙一重」だと美馬氏は注意を促す。「空気を読みすぎて、失敗を許されない文化になると、何も変えないということになってしまう」。現場が課題を最もよく把握しているにもかかわらず、声が届かない——この構造はあらゆる組織に共通する病理だ。関係性を重んじる感性を活かしながら、変化を許容しオープンであること。「変化していくことを許すとか、関係が変わっていくことをよしとするとか、そういう意味での開かれた文化が必要だ」と美馬氏は言う。

その両立が実現できれば、日本はAI時代において独自の強みを発揮できると美馬氏は考える。「日本の『関係性の知』を、日本オリジナルとして世界に発信できるのではないか」。

最後に美馬氏がCIOに向けて強調するのは、「なぜ使うのか」という問いだ。「AIをどう使うかというHowやWhatの議論は進んでいる。でも、なぜ使うのか、何は使わない方がいいのか、何を人間の側に残しておくべきかというWHYの議論はされていない」。

美馬氏はこの問いに向き合う力を「AI Readiness」と呼ぶ。「使いこなす能力ではなく、判断に向き合う準備状態」——それを組織に根付かせることが、価値設計者としてのCIOに求められる最も重要な役割だと美馬氏は言う。「使うことの意味と影響、そして使わない判断。そこの判断が、人を生かしていく社会を作ることにつながる」と美馬氏は述べた。

On a holiday weekend, when most of a company is offline, a critical system fails. An AI-driven workflow stalls, or worse, produces flawed decisions at scale that misprice products or expose sensitive data. In that moment, organizational theory disappears and the question of who’s responsible is immediately raised.

As AI moves from experimentation into production, accountability is no longer a technical concern, it’s an executive one. And while governance frameworks suggest responsibility is shared across legal, risk, IT, and business teams, courts may ultimately find it far less evenly distributed when something goes wrong.

AI, after all, may diffuse decision-making, but not legal liability.

AI doesn’t show up in court — people do

Jessica Eaves Mathews, an AI and intellectual property attorney and founder of Leverage Legal Group, understands that when an AI system influences a consequential decision, the algorithm isn’t what will show up in court. “It’ll be the humans who developed it, deployed it, or used it,” she says. For now, however, the deeper uncertainty is there’s very little case law to guide those decisions.

“We’re still in a phase where a lot of this is speculative,” says Mathews, comparing the moment to the early days of the internet, when courts were still figuring out how existing legal frameworks applied to new technologies. Regulators have signaled that responsibility can’t be outsourced to algorithms. But how liability will be apportioned across vendors, deployers, and executives remains unsettled — an uncertainty that’s unlikely to persist for long.

“There are going to be companies that become the poster children for how not to do this,” she says. “The cases working their way through the system now are going to define how this plays out.”

In most scenarios, responsibility will attach first and foremost to the deploying organization, the enterprise that chose to implement the system. “Saying that we bought it from a vendor isn’t likely to be a defense,” she adds.

The underlying legal principle is familiar, even if the technology isn’t: liability follows the party best positioned to prevent harm. In an AI context, that tends to be the organization integrating the system into real-world decision-making, so what changes isn’t who’s accountable but how difficult it becomes to demonstrate appropriate safeguards were in place.

CIO as the system’s last line of defense

If legal accountability points to the enterprise, operational accountability often converges on the CIO. While CIOs don’t formally own AI in most organizations, they do own the systems, infrastructure, and data pipelines through which AI operates.

“Whether they like it or not, CIOs are now in the AI governance and risk oversight business,” says Chris Drumgoole, president of global infrastructure services at DXC Technology and former global CIO and CTO of GE.

The pattern is becoming familiar, and increasingly predictable. Business teams experiment with AI tools, often outside formal processes, and early results are promising. Adoption accelerates but controls lag. Then something breaks. “At that moment,” Drumgoole says, “everyone looks to the CIO first to fix it, then to explain how it happened.”

The dynamic is intensified by the rise of shadow AI. Unlike earlier forms of shadow IT, the risks here aren’t limited to cost or inefficiency. They extend to things like data leakage, regulatory exposure, and reputational damage.

“Everyone is an expert now,” Drumgoole says. “The tools are accessible, and the speed to proof of concept is measured in minutes.” For CIOs, this creates a structural asymmetry. They’re accountable for systems they don’t fully control, and increasingly for decisions they didn’t directly authorize.

In practice, that makes the CIO the enterprise’s last line of defense, not because governance models assign that role, but because operational reality does.

The illusion of distributed accountability

Most organizations, however, aren’t building governance structures around a single accountable executive. Instead, they’re constructing distributed models that reflect the cross-functional nature of AI.

Ojas Rege, SVP and GM of privacy and data governance at OneTrust, sees this distribution as unavoidable, but also potentially misleading. “AI governance spans legal, compliance, risk, IT, and the business,” he says. “No single function can manage it end to end.”

But that doesn’t mean accountability is shared in the same way. In Rege’s view, responsibility for outcomes remains firmly with the business. “You still keep the owners of the business accountable for the outcomes,” he says. “If those outcomes rely on AI systems, they have to figure out how to own that.”

In practice, however, governance is fragmented. Legal teams interpret regulatory exposure, risk and compliance define frameworks, and IT secures and operates systems. The result is a model in which responsibility appears distributed while accountability, when tested, is not — and it often compresses to a single point of failure. “AI doesn’t replace responsibility,” says Simon Elcham, co-founder and CAIO at payment fraud platform Trustpair. “It increases the number of points where things can go wrong.”

And those points are multiplying. Beyond traditional concerns such as security and privacy, enterprises must now manage algorithmic bias and discrimination, intellectual property infringement, trade secret exposure, and limited explainability of model outputs.

Each risk category may fall under a different function, but when they intersect, as they often do in AI systems, ownership becomes blurred. Mathews frames the issue more starkly in that accountability ultimately rests with whoever could have prevented the harm. The difficulty in AI systems is that multiple actors may plausibly claim, or deny, that role. So the result is a governance model that’s distributed by design, but not always coherent in execution.

The emergence and limits of the CAIO

To address this ambiguity, some organizations are beginning to formalize AI accountability through new leadership roles. The CAIO is one attempt to centralize oversight without constraining innovation.

At Hi Marley, the conversational platform for the P&C insurance industry, CTO Jonathan Tushman recently expanded his role to include CAIO responsibilities, formalizing what he describes as executive accountability for AI infrastructure and governance. In his view, effective AI governance depends on structured separation. “AI Ops owns how we build and run AI internally,” he says. “But AI in the product belongs to the CTO and product leadership, and compliance and legal act as independent checks and balances.”

The intention isn’t to eliminate tension, but to institutionalize it. “You need people pushing AI forward and people holding it back,” says Tushman. “The value is in that tension.”

This reflects a broader shift in enterprise governance away from centralized control and toward managed friction between competing priorities — speed versus safety, innovation versus compliance. Yet even this model has limits.

When disagreements inevitably arise, someone must decide whether to proceed, pause, or reverse course. “In most organizations, that decision escalates often to the CEO or CFO,” says Tushman.

The CAIO, in other words, may coordinate accountability. But ultimate responsibility still sits at the top and can’t be delegated.

The widening gap between deployment and governance

If organizational models for AI accountability are still evolving, the gap between deployment and governance is already widening. “Companies are deploying AI at production speed, but governing at committee speed,” Mathews says. “That’s where the risk lives.”

Consequences are beginning to surface as a result. Many organizations lack even a basic inventory of AI systems in use across the enterprise. Shadow AI further complicates visibility, as employees adopt tools independently, often without understanding the implications.

The risks are both immediate and systemic. Employees may input sensitive corporate data into public AI platforms, inadvertently exposing trade secrets. AI-generated content may infringe on copyrighted material, and decision systems may produce biased or discriminatory outcomes that trigger regulatory scrutiny.

At the same time, regulatory expectations are rising, even in the absence of clear legal precedent. That combination — rapid deployment, limited governance, and legal uncertainty — makes it likely that a small number of high-profile cases will shape the future of AI accountability, as Mathews describes.

Where the buck stops

For all the complexity surrounding AI governance, one pattern is becoming clear. Responsibility may be distributed, authority may be shared, and new roles may emerge to coordinate oversight, but accountability doesn’t remain diffused indefinitely.

When systems fail, or when regulators intervene, it often points at enterprise leadership, and, in operational terms, to the executives closest to the systems in question. AI may decentralize how decisions are made, obscure the pathways through which those decisions emerge, and challenge traditional notions of control, but what it doesn’t do is eliminate responsibility. If anything, it magnifies it.

AI accountability is a familiar problem, refracted through a more complex system. The difference is the system is moving faster, and the cost of getting it wrong is increasing.

As organizations rebrand themselves as AI companies, most of the conversation is focused on knowledge workers rather than the people in retail, manufacturing, and healthcare who can benefit from AI just as much. Prakash Kota, CIO of UKG, one of the largest HR tech platforms in the market, which delivers a workforce operating platform utilized by 80,000 organizations in 150 countries, explains how his company uses agentic AI, voice agents, and a democratized innovation framework to transform the frontline worker experience, and why the CIO-CHRO partnership is critical to making it stick.

How do you leverage AI for growth and transformation at UKG?

UKG is one of the largest HR, pay, and workforce management tech platforms in the market, and our expertise is in creating solutions for frontline workers, which account for 80% of the world’s workforce. This is important because when companies rebrand themselves as AI for knowledge workers, they’re not talking about frontline workers. But people in retail, manufacturing, healthcare, and so on also benefit from AI capabilities.

So the richness of our data sets, and our long history with the frontline workforce, positions us well for AI driven workforce transformation. 

What are some examples?

We use agentic AI for dynamic workforce operations, which shows us real-time labor demand. Our customers employ thousands of frontline workers, and the timely market insights and suggested actions we give them are new and valuable.

We also provide voice agents. Traditionally, when a frontline worker requests a shift, managers would review availability, fill out paperwork or update scheduling software, and eventually offer an appropriate job. With voice agents, AI works directly with the frontline worker, going through background and skills validation, communication, and even workflow execution. The worker can also ask if they can swap shifts or even get advice on how to make more money in a particular month. This is where AI changes the entire frontline worker experience.

We also launched People Assist, an autonomous employee support agent. Typically, when an employee is onboarded, IT and HR need to trigger and approve workflows. People Assist  not only tracks workflows, but also performs those necessary IT and HR onboarding activities so new employees are productive from day one.

What framework do you use to create these new capabilities?

For internal AI usage for our own employee experience, we use an idea-to-implementation framework, which involves a community of UKG power users who are subject matter experts in their area. Ideas can come from anybody, and since we started nine months ago, more than 800 ideas have been submitted. The power users set our priorities by choosing the ideas that will make the most impact.

Rather than funneling ideas through a small central team — a linear process that kills momentum — we’ve democratized innovation across the business. We give teams the governance frameworks, change models, and risk guardrails they need to move quickly.  With AI, the most important thing isn’t to launch, but to land.

But before we adopted the framework, we defined internal personas so we could collaborate with different employee groups across the company, from sales to finance.

With the personas and the framework, we can prioritize ideas by persona, which also facilitates crowd sourcing. You’re asking an entire persona which of these 10 ideas will make their lives better, rather than senior leaders making those decisions for them.

Why do so many CIOs focus on personas for their AI engine?

Across the enterprise, every function has a role to play. We hire marketing, sales, and finance for a particular purpose. Before AI, we gave generic packaged tools to everyone. AI allows us to build capabilities to make a specific job more effective. Even our generic AI tools are delivered by persona. Its impact on specific roles is the reason personas are so important right now. Our focus is on the actual jobs, the people who do them, the skills and tasks needed, and the outcomes they want to achieve.

We know our framework and persona focus work from employee data. In our most recent global employee engagement survey, 90% said they’re getting the right AI tools to be effective. For the AI tools we’ve launched broadly across the company, eight out of 10 employees use them. For me, AI isn’t about launching 10,000 tools, because if no one uses them, it’s just additional cost for the CIO and the company.

Is the build or buy question more challenging in this nascent stage of AI?

The lifecycle of technology has moved from three years to three hours, so whenever we build at UKG, we use an open architecture, which allows us to build with a commercial product if one comes on the market.

Given the speed of innovation, we lean toward augmentation rather than build. There are areas, like our own native products, where a dedicated engineering team makes sense. But for most of our AI capabilities — customer support and voice agents, for example — we work with our vendor partners. We test and learn with multiple vendors, and decide on one usually within two weeks.

This is what AI is giving all CIOs: flexibility, rapid adoption, interoperability, and the ability to quickly switch vendors. It’s IT that’s very different from what it used to be.

Given the shift to augmentation, how will the role of the software engineer change?

For software builders, business acumen — the ability to understand context — is no longer optional. In the past, the business user would own the business context, and the developer, who owns the technology, brings that business idea to life. Going forward, the builder has the business context to create the right prompts to let AI do the building, and the human in the loop is no longer the technology builder, but the provider of context, prompts, and validation of the work. So the engineer doesn’t go away, however they now finish a three-week scope of work in hours. With AI, engineers operate at a different altitude. The SDLC stays, but agility increases where a two-week concept compresses into two days.

At UKG, you’re directly connected to the CHRO community. What should they be thinking about how the workforce is changing with AI?

The best CHROs are thinking about the skills they’ll need for the future, and how to train existing talent to be ready. They’re not questioning whether we’ll need people, but how to sharpen our teams for new roles. The runbooks for both IT and HR are evolving, which is why the CIO-CHRO partnership has never been more critical to create the right culture for AI transformation.

CIOs can deliver a wealth of employee data like roles, skillsets, and how people spend their time. And as HR leaders help business leaders think through their roadmap for talent —  both human and AI — IT leaders can equip them with exactly that intelligence.

What advice would you give to CIOs driving AI adoption?

Invest in AI fluency, not just AI tools. Your people don’t need to become data scientists, but they do need a new kind of literacy — the ability to work alongside AI, question its outputs, and know when to override it. That’s a training and culture investment, not a software investment.

And redesign work before you redeploy people. Don’t just drop AI into existing workflows. Use this moment to ask what work really matters. AI is forcing us to have the job design conversations we should’ve had years ago, so it’s important to be transparent about the journey. What’s killing workforce trust now is ambiguity. Your people can handle hard truths but not silence. Leaders who communicate openly about where AI is taking the organization will retain the talent they need to get there.

CIOs of B2B SaaS companies are just as responsible to represent technology as they are to run it. In an environment where the buyer is often another CIO, however, the role becomes something fundamentally different. It’s no longer confined to internal execution. It extends into the market, customer conversations, and the moments that ultimately shape revenue, trust, and long-term relationships. So the modern SaaS CIO operates as a true double agent, running the business from within while representing it to the market.

Box CIO Ravi Malick sits squarely in that duality. After serving as CIO of Vistra Energy, a company defined by legacy systems and industrial scale, he stepped into a digitally native, founder-led SaaS business in 2021 where technology is inseparable from the business itself. He now leads internal tech while engaging directly with CIOs of companies evaluating Box, bringing a perspective shaped by both worlds. What stands out in Malick’s perspective isn’t how different the role is, but how much more expansive it’s become.

What stays the same, what evolves

The core tension of the CIO role hasn’t changed. “There’s always more demand than you have the capacity or funding for,” Malick says. Prioritization, alignment to business strategy, and the constant need to modernize while operating at scale still define the job. The difference, however, is the environment in which those challenges now exist.

At Box, Malick operates inside a workforce where technology fluency is high and expectations are even higher. “I partner with 3,000 technologists who love to solve problems with technology,” he says. That creates a powerful advantage, but also a new kind of pressure. Demand for tools, platforms, and innovation is constant, and AI has only accelerated it.

That dynamic is further shaped by Box’s leadership. As a founder-led company, technology conversations extend well beyond the CIO’s organization. “It’s a different dynamic when your CEO is a founder and a technologist,” Malick says. “You’re as much a steward of incoming ideas as you are a generator of them.” That relationship creates both pace and perspective, requiring the CIO to operate as both orchestrator and partner in shaping how technology evolves across the business.

In that context, the CIO is leading within a highly informed, highly engaged organization where expectations for speed and innovation are constant. The challenge isn’t modernization as a one-time effort, but ensuring the tech stack continuously evolves and scales with the business.

Balancing the internal mandate with external pull

What truly differentiates the role in SaaS is what happens outside the enterprise, and the pressure that comes with it. The CIO is still accountable for running IT, ensuring security, and maintaining operational excellence. At the same time, there’s growing expectation to show up externally, engage customers, and directly support revenue.

Malick doesn’t present that balance as seamless. “It’s a daily challenge,” he says. “But sometimes not balanced so well.” There’s a constant push and pull between internal priorities and external demands, and in many cases, revenue pulls hard. The opportunity to influence deals, build relationships, and contribute to growth elevates the strategic importance of the role, but it doesn’t remove the responsibility for the day job.

What allows Malick to operate effectively in both worlds is the strength of the foundation behind him. He points to the maturity of his leadership team, operating model, and internal processes as critical enablers. With clear structures, strong leaders, and disciplined execution in place, he has the bandwidth to spend meaningful time externally. It isn’t always a perfect balance, but it’s a deliberate one.

From operator to peer in the market

Through Box’s customer zero program, Box on Box, Malick operates as both CIO and practitioner, bringing firsthand experience into customer conversations. “I can take how we build at Box to customer conversations,” he says. That perspective shifts the dialogue away from product positioning, and toward the realities of execution.

In a market where CIOs are constantly being pitched, that distinction carries weight. “They want to know how it works from the perspective of someone managing it,” he says, adding he leans into that by being transparent about both successes and missteps. “We share the challenges and false starts we’ve managed through.”

That candor builds credibility, and credibility builds trust. After all, people buy from people they trust, and in enterprise technology, says Malick, peer-to-peer conversations are a faster path to trust than demos. 

The external dimension of the role also holds a symbiotic relationship with internal responsibilities. Malick brings customer conversations back into Box, using them to inform how he thinks about technology decisions and broader strategy. He describes the CIO community as uniquely open, even therapeutic, where leaders candidly share challenges and exchange ideas. That openness creates a feedback loop where external insights sharpen internal execution, and internal experience strengthens external credibility.

What this means for the CIO role

What makes Malick’s perspective especially relevant is that the lesson isn’t limited to SaaS. As technology becomes more central to growth, customer experience, and business model change, CIOs in every industry are being pulled closer to the front office. The shift is about becoming more fluent in how technology translates into trust, speed, and commercial impact, not just becoming more visible.

For Malick, one of the biggest lessons is the role now demands a different kind of leadership than many CIOs were originally trained for. “Don’t make assumptions, and don’t assume something’s easy or intuitive,” Malick says. In a world where technology is reshaping how people work in real time, communication becomes a strategic discipline. CIOs have to explain change, absorb feedback, and keep translating between technical possibility and business reality.

The rise of AI adds another dimension to the double agent role. CIOs are building the content foundation that AI needs to be effective, and ensuring the organization can experiment with AI without sacrificing compliance or control. In a fast-paced technology company, ideas, opinions, and new technologies come from every direction. So the CIO isn’t simply the expert with the answers but often the one managing velocity itself, deciding where to push and where to hold.

“You have to figure out when you need to be in the fast lane and when you don’t,” Malick says. That kind of judgment is becoming more critical as technology moves to the center of the business, and it’s another reason CIOs are stepping into CEO and COO roles.

As AI accelerates the pace of change and creates the potential to decouple revenue growth from headcount growth, that ability to manage speed, scale, and tradeoffs becomes a defining leadership capability. That’s why the SaaS CIO should matter to leaders far beyond software. With AI transforming every industry, the role is becoming a preview of where the profession is headed — not just to run technology, but help shape how the company grows, how it shows up in the market, and how it earns trust. The double agent CIO may sound like a SaaS phenomenon. Increasingly, though, it looks more like the future of the job.

For decades, the industrial sector has operated on the simple mantra to live by automation, die by automation. In the oil and gas industry, where precision is measured in millimeters and safety in lives, automation is a necessity, not just nice to have. But as gen AI sweeps through the enterprise, a new challenge has emerged in how a global leader in energy services should transition from experimental chatbots to industrial-grade AI without compromising safety or security.

Here, Alex Philips, CIO of NOV, formerly National Oilwell Varco, discusses implementing OpenAI and securing it with zero trust for 25,000 employees, and why the next phase of agentic AI requires a fundamental shift in how to view human expertise and digital safeguards.

From FOMO to ROI

Like many global companies, NOV’s initial move into gen AI was driven by executive pressure fueled by fear of missing out. Philips remembers the early talks with his CEO about the investment.

“I said we have this opportunity, and it costs this much,” he says. “He asked about the ROI and I replied that’s something I couldn’t calculate, nor what it’d replace or what it’d displace in cost, but I couldn’t say any of that for email either.”

Just as no modern business can function without email, even without a direct line-item ROI, Philips argues that LLMs will soon become the standard for employee productivity. Currently, NOV reports about 50% of its workforce actively use the tool to enhance productivity.

The results, though qualitative, are profound. Philips says that response times for urgent customer requests, for instance, have plummeted, language barriers are crumbling, and employees are tackling complex analyses once considered out of reach.

The six-month validation lesson

One example Philips details involves an engineer who spent six months mastering a highly specialized skill. With ChatGPT, the engineer was able to replicate that six-month learning process in just 10 minutes.

And while his initial response was to think he wasted six months of his life, the response was to show him he spent six months to validate what the AI told him. “This is a great example of why humans are still needed in the AI loop,” says Philips. “AI execution without human validation can lead to errors that cost companies significant time and money.”

This underscores the crucial pillar of NOV’s AI strategy of human accountability because in an industrial setting, AI dictating terms is never an acceptable excuse. Whether designing a drill bit or automating a workflow, the end user remains responsible for the output.

Securing the Wild West of shadow AI

As AI becomes more widespread, shadow AI poses a significant security risk. To address this, NOV uses Zscaler to route all traffic, and ensure visibility and control. And by doing so, the company can:

• Redirect users: If an employee tries to use a non-approved LLM, they’re redirected to a page that explains NOV’s policy, and directed to the approved enterprise OpenAI instance.
• Monitor SaaS evolution: Many authorized SaaS applications are now adding agentic features during contract periods. Zscaler provides the visibility needed to identify these changes before sensitive IP is fed into an unvetted model.
• Enforce data privacy: Preventing intellectual property from leaking into public training sets is the first step in any industrial AI deployment.

The shift to agentic AI

In software development, NOV already benefits from AI-assisted coding, where AI works alongside developers who accept about 32% of AI suggestions. “We’re now beginning to explore the next evolution of full agentic coding,” says Philips, adding that this next stage truly supercharges teams, enabling them to move faster and better meet customer demand for innovation.

However, this efficiency feeds the dilemma of a widening talent gap. The challenge moving forward is if all the low-level, entry-level tasks can be automated, and what’s the best way to develop skilled workers. “I don’t know how we’ll adapt to it, but we’ll figure it out,” he says.

Safety first

In the oil field, some processes are too critical to be left entirely to a black-box algorithm. Philips is adamant that for safety issues, AI remains an advisor, not a decider. NOV uses AI-powered vision to monitor red zones, or dangerous areas on a drilling rig. If the AI detects a person in a restricted area, it can trigger an emergency stop. However, for actual drilling operations, the final call remains with an onsite human operator. “You can’t have a hallucination,” he says. “You can’t say it’s right 90% of the time. It has to be all the time.”

NOV’s journey shows that transitioning to industrial-grade AI isn’t just about choosing the best model but building a framework of trust, transparency, and responsibility. By using Zscaler for governance and GitHub Advanced Security for code validation, NOV is moving toward a future where AI becomes more essential to the oil industry.

“Development teams should produce twice the output with half the people in half the time,” he says. “The only remaining question is how do we train the next generation of developer experts to control the machines that do the work.”

物流業界を揺さぶる構造変化──なぜ今「DX人材育成」なのか

物流業界はいま、これまでの延長線上では立ち行かない局面に差しかかっている。2024年問題に代表される労働時間規制の強化、慢性的な人手不足、EC市場の拡大による取扱量の増加。これらの要因が重なり合い、従来の「現場の頑張り」に依存した物流モデルは、明確な限界を迎えつつある。

かつて日本の物流は、現場の熟練した判断力や柔軟な対応力によって支えられてきた。しかし、属人的な業務プロセスは人材不足が深刻化する中で大きなリスクとなり、業務の標準化や可視化が急務となっている。現場の負荷は増大し、改善に取り組む余力は削られ、変革のスピードは鈍化する。こうした悪循環を断ち切らなければ、持続可能な物流体制は構築できない。

SGHグループも、この現実と正面から向き合ってきた。同社グループは早くからDXに取り組み、配送ルートの最適化、配送伝票のフルデジタル化、倉庫の自動化など、現場の生産性向上につながる施策を次々と導入してきた。技術導入そのものは一定の成果を上げてきたが、その過程で浮かび上がったのが、別の課題である。

それは、「DX人材」の不足だ。システムを導入しても、現場で使われなければ、改革は定着しない。現場の課題を正確に捉え、デジタルを活用した解決策を描き、現場に即した実装までを導く人材が決定的に足りていなかったのである。技術だけでは現場は変わらず、現場の知見だけでもDXは進まない。その両者をつなぐ存在の重要性が、次第に明確になっていった。

こうした背景から、SGHグループはDX推進には、人材育成も必要不可欠だと判断し、グループ横断で取り組むことにした。DXの成否を左右するのはテクノロジーではなく、現場を理解し、デジタルで事業の変革を推進する人である──その認識が、同社グループのDX人材育成の出発点となった。

戦略・企画・構築が連動する──SGHグループ独自の「三位一体DX推進体制」

SGHグループのDXが現場で実効性を持って進んできた背景には、同グループ独自の「三位一体のDX推進体制」がある。DXを掲げる企業は多いが、戦略と現場、企画とシステムが分断され、構想倒れに終わるケースは少なくない。SGグループはその課題を回避するため、DXを最初から“組織横断の取り組み”として設計してきた。

三位一体の体制を構成するのは、SGHD、事業会社、そしてSGシステムの三者である。まず、グループ全体のDX戦略を描くのがSGHDだ。社会課題や顧客ニーズ、事業環境の変化を踏まえ、DXの方向性を示す司令塔として、全体最適の視点から舵取りを行う役割を担っている。

その戦略を受け、具体的な改革テーマを企画するのが各事業会社だ。宅配、ロジスティクス、国際輸送など、事業ごとに現場の課題は異なる。現場を熟知する事業会社が主体となることで、DXは机上の理想論ではなく、日々の業務に根差した改革として立ち上がる。現場起点で課題を定義し、改善の方向性を描くことが、実効性のあるDXにつながる。

そして、その企画を実際のシステムとして具現化するのがSGシステムである。約1000名のIT人材を擁する同社は、アプリケーション開発やデータ基盤構築、AI実装などを担う中核的存在だ。特徴的なのは、企画が固まってから呼ばれるのではなく、グループ各社に出向やローテーションし、初期段階からプロジェクトに参画している点にある。技術的な制約や可能性を踏まえながら構想を磨き上げることで、「現場視点のDX」を実現してきた。

この三者が縦割りではなく一体となることで、企画と構築の距離は大きく縮まった。現場の声がダイレクトにシステムへ反映され、改善のサイクルも加速する。さらに、グーグル・クラウド・ジャパン（以下GCJ）をはじめとする外部パートナーとの協業も積極的に進め、自前主義に陥ることなく、最適な技術を柔軟に取り込んでいる。

こうした体制のもと、AI‐OCR開発による配達伝票のフルデジタル化や、デジタル化されたデータを活用したAIによるルート最適化など、現場と経営の双方で可視性が高まった。SGHグループのDXが外部から高い評価を受けている背景には、この三位一体の推進体制がある。

「業務×デジタル」を往復できる人材へ──DXコア人材育成の全体像

三位一体のDX推進体制が機能し始めるにつれ、SGHグループでは次なる課題が明確になった。それは、この仕組みを実際に動かし続ける「人材」の問題である。戦略があり、現場課題が整理され、技術基盤が整っていても、それらをつなぎ、プロジェクトを前に進める人がいなければDXは加速しない。現場とデジタルを理解するハイブリッド人材の不足が、成長のボトルネックとなり始めていた。

SGHグループは、競争優位性を担う人的資本を「コア事業推進人材」、「ソリューション人材」、「グループ経営人材」と大きく３つに分類している。その中で、トータルロジスティクスの高度化など、成長エンジンを担う人材として定義されているのが「ソリューション人材」だ。DX人材は、このソリューション人材のひとつに位置づけられ、テクノロジーを活用して生産性向上やサービス高度化を実現する役割を担っている。

DX人材はさらに、「DX企画人材」と「DX構築人材」に分けて育成されている。DX企画人材は主に事業会社から選出され、現場課題の整理、顧客ニーズの把握、DXテーマの立案を担う。一方、DX構築人材はSGシステムを中心に育成され、アプリケーション開発やデータ基盤、AI活用など、技術面から改革を支える。両者が密接に連携することで、ビジネスとデジタルが分断されないDXが成立する。

「まだDX企画人材は2桁程度で手薄なので、2027年までの3か年で、150人体制にしていきたいと思っています。またDX構築人材を構成するSGシステム1000人のうち100人程度が、スペシャリストとして認定されています。最終的にはDX企画人材やDX構築人材からビジネスとデジタル双方の深い知識を持つDXコア人材を育成していきたいと考えています」

SGHD経営企画部長の南部一貴氏(所属・役職は取材当時)はこう説明する。

育成施策は段階的かつ多層的に設計されている。まず全従業員を対象としたDX基礎研修で、デジタルリテラシーを底上げする。続くDX応用研修では、立候補・推薦制で選抜された人材が、顧客ヒアリングや課題設定、企画立案をワークショップ形式で学ぶ。単なる座学ではなく、自社の業務を題材にすることで、学びを即実践につなげる点が特徴だ。

さらに、アクセラレータープログラムや社内ビジネスコンテストといった施策を通じ、研修で生まれたアイデアを事業化へとつなげる仕組みも整えられている。育成を研修で終わらせず、実際の業務や成果につなげることを重視している点に、SGHグループのDX人材育成の思想が表れている。

現場に蓄積された知見とデジタルを掛け合わせて初めて、物流DXは価値を生む。そのために必要なのは、一般論としてのDX人材ではなく、SGHグループの事業構造に根ざしたDXコア人材なのである。

人が動けばDXは加速する──人材ローテーションが切り開く次のステージ

DXコア人材の育成は、すでに着実な成果を生み始めている。DX応用研修の参加者アンケートでは、多くの社員が「研修で学んだ内容を業務で活用できている」と回答しており、顧客ヒアリングや課題設定の精度が高まったという声も多い。現場では、データを根拠にした改善提案や、部門をまたいだ議論が増え、DXが日常業務の延長線上に位置づけられつつある。

一方で、課題も明確だ。最大の課題は、ビジネスとデジタルの双方に深い知見を持つ人材の輩出には時間がかかるという点である。現場理解とデジタルスキルは、それぞれ習得に時間を要し、一朝一夕に身につくものではない。また、従来のやり方に慣れた現場では、変化に対する心理的な抵抗が生まれることもある。こうした壁を乗り越えるには、制度だけでなく、継続的な意識改革が欠かせない。

そこでSGHグループが次の一手として打ち出したのが、戦略的な人材ローテーションである。これまでも、SGシステムの社員が事業会社に出向し、現場業務を理解したうえでデジタル実装に戻るといった動きはあった。しかし今後は、この流れをより体系的に拡大し、事業会社とデジタル部門を往復できる仕組みとして定着させていく構想だ。

このローテーションの狙いは明確である。現場で得た知見をDX企画に生かし、デジタル部門で得た視点を現場改善に還元する。その循環を生み出すことで、“業務×デジタル”の両輪を自走させる人材を育てることにある。単なる人事異動ではなく、DXを加速させるための戦略的な育成施策として位置づけられている点が特徴だ。

南部部長（同上）は「人が動けば、組織も変わります。“業務 × デジタル”の両輪を回せる人材を育て、グループ全体のDXを加速させたい」と語る。

ガートナージャパン バイスプレジデント チーム マネージャーの一志達也氏は、次のように述べている。

「人間の社員がいなくても、AIエージェントが代わりに仕事をしてくれる、そんな未来を描く人もいる。たしかに、AIによって置き換えられる仕事もあるが、人間にしかできない仕事もたくさんある。AIを活かし、生産性を高め、より多くの価値の高い成果を出せる、そんな拡張型の人材をどれだけ確保できるのか、それがこの先の企業競争力を左右する。企業は、社員がAIを学び、活かすことのできる環境を整え、AIと協働する拡張型の人材を育成する必要がある」

DXは最終的に、人が動かしてこそ意味を持つ。人が育ち、人が動き、組織が変わる。その積み重ねが、物流の未来を形づくる力となる。SGHグループのDX人材育成は、自社の競争力強化にとどまらず、物流業界全体に示唆を与える取り組みと言えるだろう。

벤더가 프로그램을 스스로 바로잡아주기를 기다리는 것은 전략이 아니다. 이는 조용히 누적되는 비용일 뿐이며, 회의실 안의 모두가 프로세스가 정상적으로 작동하고 있다는 착각을 유지하는 동안 그 부담은 계속 커진다.

필자는 두 가지 상황을 모두 경험했다. 하나는 고객이 이미 문제가 있음을 인지하고 행동에 나설 근거와 표현을 필요로 하는 경우, 다른 하나는 아직 문제를 인식하지 못한 상태다. 후자의 경우 프로그램은 관리 가능한 수준으로 보이고, 벤더는 전문적으로 보이며, 운영위원회 회의도 제시간에 진행된다. 그러나 경고 신호는 이미 곳곳에 드러나 있으며, 누군가 이를 짚어내기만을 기다리고 있다.

이 두 번째 상황이 더 중요하다. 아직 대응할 수 있는 시간이 남아 있기 때문이다. 하지만 대부분의 기업은 그 기회가 줄어들기 시작할 때까지 움직이지 않는다.

대부분의 기업이 놓치는 경고 신호는 설계 단계에서 나타난다

초기의 신호는 일정 지연이나 산출물 실패가 아니다. 오히려 ‘언어’에서 드러난다. 상태 보고서나 운영위원회 자료에 ‘프로젝트 정상화 방안(path to green)’이라는 표현이 등장하기 시작하면, 이는 이미 프로젝트가 정상 상태가 아님을 스스로 인정한 것이다. 실행을 관리하는 단계에서 ‘서사를 관리하는 단계’로 전환된 셈이다.

운영위원회가 실제로 무엇을 하고 있는지도 살펴봐야 한다. 회의가 다음 달 전망이 아닌 지난달 결과 보고에 집중된다면, 리더십은 의사결정 주체가 아니라 단순한 청중으로 전락한 것이다. 이 경우 벤더가 의제 설정, 메시지 구성, 정보 공개 주기를 사실상 통제하게 된다.

가장 심각한 신호는 프로그램 스폰서가 벤더가 아닌 내부 보고를 통해 주요 문제를 인지하는 경우다. 이는 단순한 커뮤니케이션 문제를 넘어, 어떤 정보를 공유할지에 대한 의도적인 선택이다. 이러한 패턴이 SAP, 오라클, 세일즈포스 기반 프로젝트에서 나타난다면, 거버넌스의 핵심인 신뢰는 이미 무너진 상태다.

이러한 신호가 보이면 다음 운영위원회를 기다릴 이유가 없다. 독립적으로 검증 가능한 데이터를 요구해야 하며, 벤더에게 ‘보고’가 아닌 ‘예측’을 요구해야 한다. 만약 60일 후 프로젝트 상태를 설명하지 못한다면, 벤더는 프로젝트가 아니라 고객의 인식을 관리하고 있는 것이다.

총괄 조정자 역할, 해결되지 않은 이해충돌 문제

액센추어, 딜로이트, PwC 등 다수의 글로벌 컨설팅 기업이 참여하는 멀티 벤더 프로젝트에서 반복적으로 나타나는 패턴이 있다. 총괄 조정자, 즉 프로그램 통합 코디네이터는 고객의 문제, 다른 벤더의 한계, 외부 의존성 지연 등을 빠르게 지적한다. 그러나 정작 자사 문제에 대해서는 같은 수준의 직설적인 언급을 거의 하지 않는다.

이는 개인의 성향 문제가 아니라 구조적인 이해충돌이다. 총괄 조정 역할을 맡은 기업은 소위 업무 범위 정의서로 불리는 자체 업무 범위(Statement Of Work, SOW)를 수행 책임도 동시에 지고 있다. 이 과정에서 거버넌스 권한으로 확보한 정보 접근성과 보고 권한을 바탕으로, 자사 리스크를 방어하는 방향으로 움직일 가능성이 크다.

이 때문에 총괄 조정자 역할은 반드시 벤더의 수행 역할과 구조적으로 분리해야 한다. 가장 이상적인 방식은 결과에 이해관계가 없는 독립적인 통합 관리 조직을 두는 것이다. 현실적으로는 기존 벤더 내에서 별도 조직이나 인력을 지정하되, 해당 조직이 자사 리더십이 아닌 고객에게 직접 보고하고 운영위원회에 책임을 지도록 해야 한다.

이 구조에는 완벽한 방화벽이 존재하지 않는다. 대신 행동으로 판단할 수 있는 기준이 있다. 해당 역할이나 팀이 자사에 불리한 정보를 어떻게 다루는지 살펴보는 것이다. 고객의 문제를 제기할 때와 동일한 긴급도로 이를 공유하거나 상향 보고하는지, 혹은 자사 이슈는 숨기고 타 조직의 문제만 부각하는지를 확인해야 한다.

자사 전달 조직의 실패까지도 적극적으로 공개하고 에스컬레이션하는 총괄 조정자라면 제 역할을 수행하고 있는 것이다. 반대로 고객과 타 벤더의 문제만 지적한다면, 이는 프로젝트가 아니라 자사 계약을 방어하고 있는 것에 가깝다.

다음 SOW 체결 이전에 이러한 구조를 명확히 해야 한다. 총괄 조정자 역할을 수행 역할과 분리해 정의하고, 담당 인력이나 조직을 명확히 지정해야 한다. 또한 보고 체계를 고객 직속으로 설정하고, 실제로 해당 역할이 수행되고 있는지 행동 기준을 통해 검증해야 한다.

기다림은 중립이 아니다

대응을 미루는 데 따른 비용은 많은 기업이 생각하는 것보다 훨씬 구체적이다. 여러 시스템 통합업체가 동시에 참여하는 멀티 벤더 환경에서는 일정이 한 달만 지연돼도 기업별로 수백만 달러에서 수천만 달러에 이르는 비용이 발생할 수 있다. 이는 범위 확장이 아니라, 거버넌스가 일정 관리를 제대로 하지 못한 결과다.

상업적 리스크는 더 이른 시점부터 나타난다. 범위가 명확하지 않고 통합 계획이 불안정하면, 벤더는 가격 산정의 기준점을 확보할 수 없다. 그 결과 동일 범위에도 시간·자재 기반 견적과 고정가 견적 간 큰 차이가 발생한다. 이는 단순한 가격 차이가 아니라, 거버넌스 불확실성을 계약 조건으로 전가한 것이다. 결국 그 부담은 고객이 떠안게 된다.

문제가 쉽게 드러나지 않는 이유는 현장 팀이 대체로 전문적이고 성실하게 일하고 있기 때문이다. 하지만 핵심은 노력의 문제가 아니라 권한과 인센티브 구조에 있다. 프로젝트를 운영하는 프로그램 매니저는 추가 자원 투입이나 조직 간 비용 집행을 승인할 권한이 없다. 이들의 역할은 관계를 유지하고 수익성을 관리하는 것이며, 고객 프로젝트를 근본적으로 해결하는 것과는 다르다.

효과적인 개입은 ‘리더십’에서 시작된다

문제가 명확해지고 고객이 대응을 결정했다면, 실제 변화를 이끄는 것은 거버넌스 문서나 정기 회의가 아니라 고객과 벤더 최고 경영진 간의 직접적인 대화다. 이는 일상 운영을 담당하지 않지만, 결과에 책임을 지는 임원들이 참여해야 한다.

이러한 대화가 효과적인 이유는 인센티브 구조를 바꾸기 때문이다. 벤더의 산업 책임자나 파트너는 해당 프로젝트를 성공 사례로 만들어야 하며, 실패는 조직 내 부담으로 이어진다. 이들은 실행 조직이 갖지 못한 권한을 보유하고 있다. 최우수 인력 투입, 계약 범위를 넘어선 비용 부담, 신속한 인력 재배치 등 프로젝트의 방향을 바꿀 수 있는 결정이 가능하다.

또한 개입은 구조적으로 설계돼야 한다. 양측 고위 임원이 참여하고, 신규 인력 투입을 통해 벤더의 투자 의지를 명확히 보여야 한다. 동시에 프로젝트가 정상 궤도에 오를 때까지 일정 주기로 점검을 이어가고, 양측 모두에 시간 기반 책임을 부여해야 한다. 이 과정에서 단순히 프로젝트뿐 아니라 파트너십 자체도 평가 대상임을 명확히 해야 한다.

이는 일회성 회의가 아니라 지속적인 리더십 개입이며, 기존 거버넌스를 대체하는 것이 아니라 이를 실제로 작동하게 만드는 역할을 한다.

신뢰할 수 있는 유일한 회복 신호

리더십 간 논의가 효과를 발휘했다면, 그 결과는 벤더의 대응 방식에서 드러난다. 단순한 낙관적 계획이나 약속이 아니라, 실패 지점과 개선 방안, 그리고 고객 측의 성과 격차까지 구체적으로 제시해야 한다.

자사 책임만 인정하는 벤더는 여전히 관계 관리에 머무른다. 반면 자사 실패와 고객의 개선 필요사항을 동시에 명확히 제시하는 벤더는 공동 책임 구조를 구축하고 있는 것이다. 이것이 진정한 신뢰의 기준이다.

프로젝트 실패는 대부분 양측 요인이 결합해 발생한다. 지연된 의사결정, 부족한 내부 자원, 설계 이후 변경된 요구사항 등이 대표적이다. 이러한 요소를 자사 문제와 함께 제시하는 벤더는 책임을 회피하는 것이 아니라 결과 개선에 투자하고 있는 것이다.

만약 경영진 회의 결과가 단순한 약속과 형식적인 의지 표명에 그친다면, 지속적으로 압박을 유지해야 한다. 실제 개입은 구체적인 문제 인정, 명확한 자원 배정, 그리고 양측 모두를 향한 냉정한 평가에서 드러난다.

최종 책임은 고객에게 있다…‘중간에서 판단하는 역할’ 필요

모든 과정에서 최종 책임은 고객에게 있다. 총괄 조정자는 실행과 통합을 책임지지만, 판단 자체를 외부에 맡길 수는 없다. 이는 단순한 역할 구분이 아니라, 거버넌스의 본질이다.

벤더의 상태 보고서는 중립적인 데이터가 아니다. 이는 보상, 향후 계약, 개인의 평판이 걸린 사람들이 구성한 ‘의도된 서사’다. 보고서에 담긴 내용도 중요하지만, 빠져 있는 내용이 더 많은 것을 말해준다.

따라서 고객은 ‘중간에서 판단하는 역할’을 수행해야 한다. 데이터를 검증하고, 교차 확인하며, 보고서가 답하지 않은 질문을 던져야 한다. 무엇이 포함됐는지뿐 아니라 무엇이 빠졌는지도 살펴야 한다.

운영위원회가 좋은 소식만 듣고 있다면, 이는 프로젝트가 잘 진행되고 있다는 의미가 아니라, 누군가 리더십이 듣고 싶어 하는 내용만 선택하고 있다는 신호일 수 있다.

고객은 상태 보고가 아닌 예측을 요구해야 한다. 독립적으로 검증 가능한 근거를 확보하고, 벤더가 자사 문제와 고객 문제를 함께 제시할 때 이를 गंभीर하게 받아들여야 한다. 이는 책임 회피가 아니라, 거버넌스가 제대로 작동하고 있다는 신호다.

경고 신호는 항상 명확하지 않을 수 있다. 그러나 대응할 수 있는 시간은 제한적이다. 기다림은 결코 전략이 아니다.
dl-ciokorea@foundryco.com

エンジニアから経営視点へ──三十代半ばで訪れたキャリアの転換点

ソフトウェアエンジニアとして社会人生活をスタートし、長く携わったのはICカードOSの開発でした。この経験を通じて、システムにおける品質とセキュリティの重要性を徹底的に学びました。

三十代半ばまではエンジニアとして経験を積み、その後、徐々にマネジメントへと軸足を移していきました。グループ内の関連会社で、IT領域の経営層に近い役割を2社ほど経験し、2023年に現職であるコーポレート部門の情報システム本部長に着任しました。

着任後、最優先で取り組んできたのがDX基盤の整備です。当社ではP&Iイノベーション──印刷（Printing）技術と情報（Information）技術を掛け合わせ、新しい価値を生み出す取り組みを進めています。ITが事業に不可欠となる中で、DXを支える基盤を確かなものにすることが重要だと考え、整備を推進してきました。

柱は大きく3つです。第1にデータ利活用、第2にAI活用、第3にモダナイゼーションです。基盤の構築自体はひと通り完了し、現在は社員一人ひとりがストレスなくITとテクノロジーを使いこなし、自律的にDXを進められる「民主化の状態」を目指して取り組んでいます。

研究開発から事業化へ──ICカードビジネス拡大への貢献

キャリアを振り返って、特に印象に残っているのは、MULTOS OSとSIM OSの開発です。いずれも初期プロトタイプの開発に携わり、リリースまで経験できたことは大きな財産になっています。

私が携わったのは初期段階ではありますが、リリースに関わった経験は、その後の事業発展を考える上でも大きな意味がありました。

「人の可能性は無限大」──現在のマネジメント観の原点となった経験

最大のチャレンジとして強く印象に残っているのは、クレジット決済における本人確認のWebサービスをローンチした経験です。

このサービスは、高セキュリティであることに加え、コンシューマー向けで大規模、しかもミッションクリティカルなWebサービスでした。当時、当社はB2Bが中心で、社会実装はされていても、開発の現場としてはB2B型のソフトウェア開発が大半でした。私の組織でも全社的にも経験が乏しく、率直に言えば当初はリスクが高すぎると考え、反対の立場でした。

事業部門の責任者と直接お話しし、「難しいので見送るべきではないか」と説得を試みたのですが、逆にサービスにかける熱い思いと事業としての展開構想を聞くことになり、結果として「やりましょう」と私が背中を押される形になりました。

セキュリティの知見自体は組織に蓄積がありましたが、ミッションクリティカルなWebサービスとして、どの水準でどう品質を担保するかは手探りでした。それでも当時のチームは、粘り強くトライアンドエラーを重ね、一つひとつ課題を潰して前に進んでくれました。

最終的には無事にローンチにこぎ着け、サービスとして黒字化したと聞いています。この経験を通じて、目の前では不可能に見えることでも、人の力は決してそれだけでは測れない──そのことを深く心に刻みました。「人の可能性は無限にある」という感覚は、いまも私のマネジメントの土台になっていますし、それを教えてくれた当時のメンバーのことは、いまでも誇りに思っています。

技術者としての情熱と管理職としての視座の狭間で

印象に残っているキャリアのアドバイスは2つあります。

1つは「戦う土俵を変える」、もう1つは「貢献への誇り」です。

「戦う土俵を変える」というのは、部長を拝命した際に、ICカード研究開発部門の責任者の方からいただいた言葉です。

「これからは、一人の技術者として部員と同じ土俵で戦ってはいけない」。その言葉は、私にとって非常に重いものでした。

管理職の役割は、個人として前に出て戦うことではなく、部員が最大限に力を発揮できる環境を整え、組織として成果を出すことにあります。いまでも時折、反省すべき局面はありますが、そのたびにこの言葉を思い出して自分を正し、次に臨んでいます。

「貢献への誇り」は、部課長研修で同席した企画営業部長の方から伺った話がきっかけです。

懇親の場で、「自分が担当する得意先の業界の発展に、どれだけ貢献できているか」という強い自覚と誇りを、熱を込めて語ってくださいました。その言葉を聞いたとき、私の中で大きく腹落ちしました。

ITであっても、私たちは価値を生み、それを社会や産業の発展にどう結びつけるのかを自覚しなければなりません。そして、部員が誇りを持って仕事に向き合えるよう、組織を方向づけることも、リーダーの重要な役割だと強く感じました。

この2つの言葉は、現場の思いと経営層としての視点、そして果たすべき責任の狭間で判断するとき、いまでも私の軸になっています。

経営と現場をつなぎ、未来を設計する役割の醍醐味

現職のやりがいは、テクノロジーを武器として、会社の未来を設計し、実行に移せる点にあります。数年前までは、「こうあるべきだ」「こうしたい」と構想しても、技術や環境が追いつかず、結果として構想が構想のままで終わることが少なくありませんでした。

ところが近年、特にAIを中心とした技術進展によって、かつては実現が難しかったことが、現実的な選択肢として見え始めています。不確実性が高まり、外部環境が急速に変化する中で、経営戦略、事業戦略、現場の革新のすべてにおいて、ITとテクノロジーへの期待は確実に高まっています。

その中で、現場から経営まで会社全体を視野に入れ、ITを武器に変革を牽引できる立場にいることは、非常に大きな責任であると同時に、何よりのやりがいでもあります。未来を描き、実行し、実装として根づかせていく──その一連のプロセスに関われることが、この仕事の魅力だと感じています。

多様なマネジメントスタイルが機会を捉え、新たな価値を生む時代へ

成功するマネジメントに必要なことをITの文脈で申し上げるなら、まず「変革への覚悟」を持つことだと思います。

同時に、いまの時代は不確実で、環境の変化も激しい。だからこそ、画一的なリーダーを量産するのではなく、「自分らしいリーダー」が数多く生まれるようにしていくことが重要だと思います。自分の強みを生かし、自分に合ったリーダーシップを発揮する。その多様性こそが、機会を捉え、新しい価値創出につながるはずです。

強みに気づきにくい方へのアドバイスとしては、「弱みの克服」ではなく、いま主流になりつつある「強みを伸ばすこと」を軸にした関わり方が一つの鍵になると思います。

誰かに「あなたはここが強い」と言われても、本人が実感できなければ行動につながりません。自分の中で「これが好きだ」「この領域なら自然に力が出る」と感じるものが、価値観の核になっていくことがあります。そこを言葉にできると、強みの自覚につながりやすくなるのではないでしょうか。

時間が経って初めて見えてくる「挑戦の価値」もある

若手のITリーダーにお伝えしたいのは、ITテクノロジーはあくまで手段であり、道具だということです。手段は、ともすると目的化しやすい。だからこそ、「誰のために何を変えたいのか」「なぜそれをやるのか」という軸を固めてほしいと思います。

また、プロジェクトは終わった瞬間に成功か失敗かを断定できないことも多いものです。一定の時間が経って振り返ったときに、初めて「あの挑戦はこういう価値につながっていた」と見えてくることがあります。その瞬間の評価だけで自分の挑戦を閉じてしまわず、粘り強く続けてほしいと思います。

挑戦を続けること自体が、未来を切り開く力になると信じています。

ITを武器にするのは現場──社員一人ひとりを変革の主体に

今後の展望として、私の担当領域では引き続きDX基盤の民主化に注力します。社員一人ひとりがストレスなくテクノロジーを使いこなし、自律的にDXを実践し、成果が循環する状態を目指します。

当社は事業が多角化しており、事業ごとに状況が大きく異なります。外部環境の変化にスピード感をもって追従し、変革や価値創出につなげるためには、社員一人ひとりがテクノロジーを「自分の武器」にしていくことが最も有効だと考えています。

中長期では、3〜5年を見据え、特にAIの状況を見定めながら、基幹系業務システムを新しい形で再構築したいと思っています。現在の業務プロセスは、人の存在を前提に設計され、その上にシステムがつくられてきました。今後AIがさらに進展する中で、人を排除するのではなく、AIを中心に据えた新しい視点で業務プロセスを再構築していきたいのです。

生成AIの3万人展開から始まる、ガバナンスと変革の両立

DNPでは2023年5月31日、生成AIを社員3万人が利用できる環境としてリリースしました。AI活用の鍵は、「ガバナンス」と「変革への活用」を両立させることにあると考えています。

本格的にエージェント化を進めるためには、環境整備が前提となり、業務プロセス自体も一から再設計し踏みながら進めている最中です。

Waiting for your vendor to fix a program isn’t a strategy. It’s a cost, accumulating quietly while everyone in the room maintains the fiction that the process is working.

I’ve been in both rooms. The room where the client already knows something is wrong and needs the language and the evidence to act, and the room where the client doesn’t know yet. The program feels manageable, the vendor is professional, the steering committee meetings run on time, and the warning signs are sitting in plain sight waiting for someone to name them.

That second room is the more important one. Because the window to act is still open. And most clients don’t move until it’s started to close.

Warning signs most clients miss appear in design

The earliest signal is rarely a missed milestone or a failed deliverable. It appears in language. When the phrase “path to green” starts appearing in status reports and steering committee decks, the program has already accepted it’s not green. It’s shifted from managing execution to managing the narrative.

Watch what the steering committee is actually doing. If it’s consistently hearing about what happened last month rather than what’s forecast for next month, leadership has been converted from a decision-making body into an audience. The vendor controls the agenda, the framing, and the cadence of what gets surfaced.

The most serious signal is when a program sponsor hears about material issues from their own direct reports that the vendor hasn’t raised in the room. That’s not a communication gap but a calculated decision about what leadership is ready to hear. When that pattern appears in SAP, Oracle, or Salesforce programs, the trust that makes the governance model function has already eroded.

When you see these signals, don’t wait for the next steering committee. Start demanding data that can be independently corroborated. Ask the vendor to forecast, not report. If they can’t tell you where the program will be in 60 days, they’re managing your perception, not your program.

Your master conductor has a conflict of interest you’re not addressing

A pattern I’ve seen consistently across multi-vendor programs involving Accenture, Deloitte, PwC, and others is the master conductor, or program integration coordinator, is quick to name client’s gaps, other vendors’ shortcomings, and third-party dependencies running behind. What they almost never do is name their own firm’s failures with the same directness in the same room.

That’s not a personality issue but a structural conflict. The firm serving as master conductor is delivering against its own statement of work (SOW), and the governance position gives them access to information, reporting authority, and narrative control they’ll use to, consciously or not, protect their own delivery track.

This is why I advise clients to treat the master conductor and program integration coordinator role as structurally separate from the vendor delivery role. That means a, entirely separate firm, an independent integrator with no delivery stake in the outcome. In practice, it’s more often a designated individual or a group within the project management or transformation office carved from one of the existing vendors, reporting directly to the client and accountable to the steering committee, not to their own firm’s engagement leadership.

There’s no true firewall in that model, but there’s a behavioral test. Watch what that role or team does with information that reflects badly on their own firm. Do they surface it or escalate it with the same urgency they bring to client gaps? Do they forecast problems on their own track, or only on everyone else’s?

A master conductor who’ll escalate failures that implicate their own delivery team is doing the job. One who only calls out the client and the other vendors is protecting the engagement.

Before the next SOW is signed, make it structural. Define the master conductor role separately from the delivery role, name the individual or team, set the reporting line directly to the client, and use the behavioral test to determine whether the role is being performed or merely filled.

Waiting isn’t neutral

The financial cost of waiting is more specific than most clients realize. In a multi-vendor environment where two or three system integrators are billing against active SOWs, every month of schedule extension carries a material cost, potentially millions to tens of millions of dollars per firm, not because scope expanded, but because governance didn’t hold the timeline.

The commercial exposure appears even earlier. When scope boundaries are unclear and the integrated plan is unstable, vendors have no reliable baseline to price against. The result is predictable: a significant spread between a time-and-materials estimate and a fixed fee quote for the same scope. That spread is not a pricing difference. It’s the vendor converting your governance uncertainty into their contract protection. The client absorbs it either way.

What makes the waiting feel reasonable is the vendor’s day-to-day team is usually professional and working hard. So the problem is authority and incentive, not effort. The program manager running the engagement can’t authorize additional resources nor commit spend across organizational lines. Their job is to manage the relationship, protect their firm’s margin, and keep the engagement profitable. Fixing your program isn’t the same job.

The window to act is real and short. A senior executive at the vendor can absorb costs, bring new talent, and make commitments the delivery team has no authority to make. But that authority diminishes as the program ages. The more that’s been billed and the more scope has shifted, the harder it is for even a motivated senior executive to make the client whole. Clients who act in design or early build have options that clients who wait until three months before go-live don’t.

The intervention that works is a leadership one

When the signals are clear and the client is ready to act, the intervention that moves the needle isn’t a governance document or a scorecard meeting but a top-to-top conversation between client and vendor senior leadership. This includes execs who aren’t running the day-to-day program but have something personal at stake in the outcome.

That conversation works because it activates a different set of incentives. The vendor’s senior executive, the sector partner and industry leader whose name is on the relationship, needs your program to be referenceable. They don’t want a PR failure on a flagship engagement, nor do they want to explain to their firm’s leadership why a major client program collapsed. They have authority their delivery team doesn’t: power to assign their best resources, ability to absorb costs the SOW or change order doesn’t cover, and they can accelerate staffing decisions and make commitments that change what the program can do. They have skin in the game their team doesn’t.

Also, structure the engagement deliberately. Have senior executives on both sides and new talent brought in as a visible signal of vendor investment. And have a cadence that continues until the data shows the program is back on track, with time-bound accountability on both sides. And have explicit understanding that the relationship itself is under review, not just the program.

This is sustained leadership engagement, not a one-time meeting, and it doesn’t replace the governance model. It enforces it.

The only recovery signal worth trusting

When the top-to-top works, you’ll know it by what the vendor brings back to the table. Not reassurances or a revised plan with optimistic milestone dates, but facts about where they failed, what they’re changing, and, most critically, where the client has performance gaps that also need to close.

A vendor who comes back and accepts blame still manages the relationship. A vendor who says we failed here and here, these are the specific changes we’re making, and you have a gap here we need you to address, that vendor is engaged and mutually accountable. That’s the integrity test.

It runs both ways because program failure almost always does. Slow client decisions. Unavailable business resources. Requirements that shifted after design was locked. A vendor who names those things alongside their own failures isn’t deflecting, they’re investing in an outcome. That’s the signal the recovery is real.

If the executive meeting produces only promises and general commitment, keep the pressure on. Real engagement looks like specific admissions, named resources, and a willingness to hold the mirror up to both sides of the table.

You hold the accountability. Be the human in the middle.

Through all of it, the client holds the ultimate accountability. The master conductor holds the responsibility for execution and integration across the vendor ecosystem. That distinction isn’t administrative. It means the client can’t outsource their judgment, regardless of how rigorous the governance model looks on paper.

Think of it like the vendor can hallucinate. Not out of malice, but because every status report is a curated narrative produced by people whose compensation, future work, and professional reputation depend on how that narrative lands. The program deck isn’t neutral data, it’s information filtered through interests. What’s present tells you something. What’s absent, however, tells you more.

Be the human in the middle. Verify, cross-reference, ask questions the deck didn’t answer, and notice what’s missing as much as what’s there. If the steering committee is only hearing good news, that’s a sign someone is deciding what leadership is ready to hear, not that the program is running well.

Demand forecasts, not status reports. Look for hard evidence that can be independently corroborated. When the vendor names a client performance gap alongside their own, take it seriously. That’s the accountability model working the way it’s supposed to, not a deflection.

The warning signs may not always be apparent, though. The window is open, but won’t stay that way, so waiting isn’t a strategy.

Workdayの調査によれば、AIで節約できた時間の約40%が、AI生成コンテンツの修正作業によって相殺されている。AIツールで10時間の効率化を達成できたとしても、約4時間がアウトプットの修正に消えていることになる。

「会議のメモのような単純なものならAIの要約は機能する。しかし複雑なポリシー文書やアナリストレポートになると、専門家が自分で書いた方が早かった、というケースが多い。AIがどこで本当に価値を生み、どこで手直しを増やしているかを、もっと細かく見極めることが重要だ」とiTech AGのエグゼクティブバイスプレジデント、Laura Stash氏は言う。

見えない生産性の損失をどう発見するか

Diceのプレジデント、Paul Farnsworth氏は、AIが価値を生んでいる場所とそうでない場所を評価するためにまず現場の声を聞くことを勧める。「特定のワークフローで手直しが繰り返されていないか、ハイパフォーマーが何かを作るより編集に多くの時間を使っていないかを確認してほしい。AIはアウトプットを速くするだけでなく、最終的には摩擦を減らすべきだ。逆になっているなら、使い方を見直す必要がある」。

Workdayによれば、リーダーが「表面上の効率」にフォーカスしすぎると、AIによる生産性損失は盲点になりやすい。AIが節約した時間の量を測る指標は、AIツールの「純粋な価値」を見失いがちだ。スピードは上がっていても、品質や成果が改善していない可能性がある。

最も意欲的な社員が、最も手直しの負担を強いられている

Workdayの調査では、AIを最も積極的に活用している社員ほど、手直し作業の負担を多く担っていることが判明した。日常的にAIを使う社員の77%が「AIの成果物を人間の成果物と同じかそれ以上の厳しさで検証している」と答えており、この追加作業は意欲の高い社員1人あたり年間1.5週間分の時間的損失につながっているという。

「優秀な社員がセーフティネットになりがちだ——ミスを捕まえ、問題を修正し、何も見落とさないようにする。時間が経つと、それはインパクトのある仕事ではなく、延々と続く後片付けに感じられてしまう。長続きしない」とFarnsworth氏は言う。Stash氏は「AIを低付加価値の反復作業に使うのは良い。しかし適切なトレーニングや検証なしに、専門性が高いタスクに同じアプローチを適用すると、解決より多くの問題を生む」と指摘する。

トレーニングへの投資が追いついていない

Workdayのレポートでは、リーダーの66%がAIスキルトレーニングをトップの投資優先事項として挙げているが、AIを日常的に使う社員のうちトレーニングへのアクセスが増えたと感じているのは37%にとどまる。AIで高品質な成果物を出すことへの期待と、実際のトレーニング機会には大きなギャップがある。

Farnsworth氏はAIへの期待とトレーニングの取り組みを一致させることが重要だと言う。「AIの使い方だけでなく、うまく使う方法を教えること。アウトプットの信頼性を確保するガードレールを設けること。そしてスピードが上がったことを成果と混同せず、継続的に影響を評価することだ」。

Workdayの調査では、AIを使いこなすのに苦労している社員の54%が、必要なスキルが更新されておらず、何から学べばいいかわからないと答えている。組織としての期待と、個人への支援が、まだ噛み合っていない。

Keeping up with new technologies, and recalibrating existing ones, can seem almost impossible as they seem to appear every month. But innovation breeds necessity, so knowledge updates within the enterprise are essential to successful reskilling, and CIOs are the pacesetters.

“In our profession, training is a given, like courage in soldiers,” says Gracia Sánchez-Vizcaíno, CIO of Securitas for Iberia and Latin America. “Without continuous training, teams become obsolete.

Disruption is also proportionate to the speed of change, leaving organizations usually a step behind technology. But speed isn’t the only challenge facing IT departments. The range of people themselves who need training has also changed. New technologies have become so intricate in corporate activity that staff training, as well as training of external teams, need to be more targeted.

So seeing which key knowledge areas dominate the concerns of CIOs and training experts helps visualize the scope of this challenge. Sánchez-Vizcaíno is focused on the particular speed of agentic AI. “We need a change in mindset, but also in knowledge,” she says.

Gen AI and cybersecurity are equally front of mind in developing new skills and knowledge, as are data analytics and automation. But the list also includes soft skills like communication, negotiation, and leadership since having critical thinking skills is equally important, says David González, business director of IT permanent recruitment at Hays Spain.

Develop or hire?

The need for staff to be adroit in emerging tech also raises another the question of upskilling internally or hiring externally those already skilled. While the latter can bring benefits, the general consensus among IT leaders is strengthening an established team is more advantageous to yield significant returns.

“Within the technology market, reskilling shouldn’t be an option but an advantage,” González says, adding that it’s not so much about pitting one model against the other, but seeing what each one offers and valuing it on findings. The IT job market is no longer dominated by a kind of recruitment race, however. “Attracting talent is very difficult,” Sánchez-Vizcaíno says, whereas training is another form of compensation that increases commitment, broadens the staff skill base, and reduces dependence on external resources that can be expensive and noncommittal.

“The cost of hiring a new employee can be three times that of a proper reskilling program,” says Magalí Riera, director of the master’s degree in people management, talent, and digital transformation at UNIE University. “Skills development isn’t just a simple corporate wellness option, it’s a vital strategy for staying competitive.”

Similarly, when there’s already a well-oiled, functioning team in place with diverse profiles and talents, it may be more worthwhile to update rather than try to fit new people in. 

“The team gives you something that goes beyond the technological aspect,” adds Álvaro Ontañón, CIO of Merlin Properties. But he, in turn, needs a team to deliver. “For me, within that context, trust is very important,” he says. “Once you have that, if the limitation is technology — unless it’s something very disruptive, requiring starting from scratch, or is expensive and requires hiring — we dedicate time to it.”

What reskilling should look like

Reskilling must be approached from a business perspective, says González, not just a technological one or with generic certifications. And a successful process must begin by understanding what will happen in the short, medium, and long term, promoting key market areas, and providing continuous but applied training.

And while industry experts acknowledge that video-based courses can be useful for routine tasks like safety training, they’re ineffective when it comes to developing new skills. Riera recommends project-based learning and avoiding purely passive learning methods.

Sánchez-Vizcaíno sees it firsthand as well. “The way we share and process information has also changed, and for all of this to work, it’s about moving from theoretical knowledge to adaptable, practical skills,” she says. Learning happens by sharing in Teams channels, talking with colleagues, and even listening to other companies. These are more multidirectional processes, compared to the unidirectional or bidirectional training of the past. “More than ever, it’s about learning by doing,” she adds.

Above all, it’s about creating a supportive and motivating environment, and fostering a fertile ground for learning and acquiring new skills. “If you want to benefit from learning, you must have an affinity for the training you’re going to receive,” Ontañón says. In his team, staff are involved in the preliminary process since if there aren’t interested people, there’s no training. It’s a pragmatic decision that avoids the feeling of seeing a course as a burden, and reinforces the desire to participate. But that’s almost the default state in the IT world, being constantly on the cusp of change, even outside of work hours, and needing to learn. 

Similarly, working with interests and needs in mind helps foster flexibility. “We dedicate a lot of time to this, because it’s what can guarantee its effectiveness,” says Ontañón, adding that it’s not about training for the sake of training, but responding to those concerns.

In a world where information is much more accessible than in the past, there are many more sources of knowledge. “The downside is because there’s so much, you have to find what really interests you and adapt to it,” he says.

Reskilling incorporated in the corporate vision

Equally important in the reskilling processes is monitoring its impact on the workforce. When change occurs, González says, productivity will initially drop before it rises. “Companies that fail are those that demand senior-level performance from the outset,” he says.

An adjustment period has to be factored in, which may even involve temporarily supplementing the workforce with external or temporary staff. “This learning process is a necessity,” Riera adds. “It’s not extra training or a reward for the employee, so it must be part of the work schedule.” She recommends not filling the entire workday with courses, but rather dedicate a small portion of the day to them so as not to hinder daily operations. Also, maintain clear communication with the team about what’s being done, why it’s being done, and what will be gained.

모든 유능한 IT 리더가 CIO 후보로 인정받는 것은 아니다. 그러나 CIO로 도약에 성공한 이들은 대체로 자신의 역할을 ‘비즈니스 요구사항을 수행하는 것’에서 ‘비즈니스의 방향과 미래를 만들어가는 것’으로 재정의했다.

비즈니스 컨설팅 기업 웨스트 먼로(West Monroe)의 CIO 케빈 루니는 “강한 IT 리더는 IT 운영을 잘하는 데 집중하지만, CIO 준비가 된 리더는 IT를 통해 비즈니스가 어떻게 개선되는지에 초점을 맞춘다”라며 “이는 실행에서 영향력으로 이동하는 가장 큰 변화”라고 설명했다.

이 같은 차이는 그 어느 때보다 중요해지고 있다. 기술의 전략적 중요성이 커지면서 CIO 역할의 위상도 높아졌다. 딜로이트(Deloitte)의 ‘2025 테크 임원 설문조사’에 따르면 CIO의 65%가 CEO에게 직접 보고하고 있으며, 이는 10년 전 41%에서 크게 증가한 수치다. 또한 CIO의 67%는 CEO를 목표로 하고 있어, 조사 대상 기술 임원 중 가장 높은 비율을 기록했다.

하지만 기대 수준이 높아진 만큼 요구되는 기준 역시 한층 엄격해졌다.

CIO 승진에서 여러 차례 탈락했다면 단순한 운의 문제가 아닐 가능성이 크다. 일정한 패턴이 작용하고 있을 수 있다. 다만 이러한 패턴은 충분히 바꿀 수 있다.

임원급 채용 전문가들은 반복적으로 같은 실수를 목격한다고 지적한다. 반면 실제로 CIO 자리에 오른 IT 리더들은 자신의 사고방식이 전환된 시점을 명확히 인식하고 있으며, 이것이 다음 단계로 도약하는 계기가 됐다고 설명한다.

다음은 CIO를 목표로 하는 리더들이 흔히 겪는 7가지 한계와, 이를 인식하고 극복하는 방법이다.

한계 1 여전히 ‘지시 수행자’ 역할에 머무른다

유능한 IT 리더와 CIO로 채용될 수 있는 후보 사이의 가장 큰 차이는 ‘영향력’이다. 많은 부사장(VP)과 디렉터들은 요청을 받아 처리하고, 백로그를 관리하며, 복잡한 상황을 해결하는 실행 능력에서는 뛰어난 성과를 보인다. 그러나 이러한 실행 중심의 접근은 오히려 한발 물러나 전체 그림을 판단하는 능력을 제한하는 요인이 되기도 한다.

웨스트 먼로의 루니는 “CIO 준비가 된 리더는 비즈니스 전략 수립에 관여한다”라며 “조직이 어디에 투자해야 하는지, 어떤 선택과 균형이 중요한지, 때로는 무엇을 하지 말아야 하는지에 대한 명확한 관점을 제시한다”고 설명했다.

기술 임원 특화 헤드헌팅 기업 헬러 서치 어소시에이츠(Heller Search Associates)의 총괄 켈리 도일 역시 이 같은 격차를 자주 목격한다고 말했다. 도일은 “CIO 역할로 성장하려면 단순한 지시 수행자에서 벗어나 비즈니스에 영향력을 미치는 리더로 전환해야 한다”고 강조했다.

이러한 변화는 단순한 사고방식 전환만으로는 부족하며, 실제 행동으로 이어져야 한다. CIO 후보를 코칭해 온 IT 임원 겸 자문가 에두아르드 드 브리스 샌즈는 실행 능력이 뛰어난 한 디렉터와의 사례를 소개했다. 드 브리스 샌즈가 해당 디렉터에게 성장 아이디어를 직접 제안하고 현장에 나갈 것을 권했고, 이후 인식이 달라졌다는 것이다.

그는 “해당 디렉터는 영업 회의에서 발표를 맡게 됐고, ‘2주 전 영업 현장에서’라는 표현을 사용한 순간 더 이상 IT 디렉터가 아니라 경영진으로 인식되기 시작했다”고 설명했다.

한계 2 기술이 아니라 ‘성과’로 말하지 못한다

IT 리더는 단순히 프로젝트를 수행한다고 해서 최고 자리로 올라가는 것이 아니다. 비즈니스 자체를 변화시킬 때 비로소 CIO에 도달할 수 있다.

대표적인 한계는 손익(P&L) 관점에서 통역 없이 대화를 이어가지 못하는 점이다. IT 임원 겸 자문가 에두아르드 드 브리스 샌즈는 “강한 IT 리더는 기술이 무엇을 하는지 설명할 수 있지만, CIO 준비가 된 리더는 그것이 얼마의 가치를 만드는지 설명할 수 있다”라며 “이들은 이사회에 들어가 기술이 아니라 수익성 개선, 고객 유지율, 매출 성장에 대해 이야기한다”고 말했다.

헬러 서치 어소시에이츠의 도일은 준비되지 않은 후보의 가장 명확한 신호로 ‘비즈니스 가치와의 연결 부족’을 꼽았다. 도일은 “많은 후보자가 결과가 아닌 활동에 집중한다”라며 “프로젝트, 도구, 기술 성과를 나열하면서도 그것이 실제로 비즈니스에 어떤 변화를 가져왔는지는 설명하지 못한다”고 지적했다.

이 같은 문제는 수치로도 확인된다. 가트너의 2026년 CIO 및 기술 임원 설문조사에 따르면 디지털 프로젝트 중 비즈니스 목표를 달성하거나 초과한 비율은 48%에 그친다. 조직에는 시스템을 구축하는 데 그치지 않고, 실제 성과로 이어지도록 만드는 리더가 필요하다는 의미다.

드 브리스 샌즈는 “후보자가 기술을 중심으로 말하면 CEO는 비용과 리스크, 복잡성을 떠올린다”라며 “반대로 성과 중심으로 말하면 CEO는 ‘파트너’를 떠올린다”고 설명했다.

한계 3 IT 조직 밖 관계를 구축하지 못한다

CIO는 개인 역량이 아니라 협력 네트워크를 통해 성과를 내는 자리다. 그러나 많은 CIO 후보들은 여전히 ‘IT 내부에서는 유명하지만 외부에서는 보이지 않는 존재’에 머무른다.

켈리 도일은 “많은 IT 리더가 조직 전반의 이해관계자 관점과 우선순위를 이해하는 데 충분한 시간을 투자하지 않는다”고 지적했다. 이어 “기술 자체에는 정통하지만, 이를 비즈니스 성과로 연결하고 수요를 예측하는 비즈니스 감각은 부족한 경우가 많다”고 설명했다.

IT 솔루션 및 서비스 기업 밸컴 테크놀로지스(Valcom Technologies)의 필드 CTO 닐 니콜라이센은 “CIO로서 업무 시간의 60~70%는 IT 외부 관계에 쓰인다”며 “경영진, CEO, 이사회와의 신뢰 관계 구축이 CIO 자리를 확보하는 핵심 요소”라고 말했다.

도일은 내부 후보가 외부 인재에게 밀리는 이유도 여기에 있다고 분석했다. 그는 “많은 내부 후보가 더 넓은 기회에 손을 들지 않거나, 팀 밖 관계를 구축하지 못해 기회를 놓친다”라며 “조직 전반에서 영향력과 존재감을 보여주지 못하면, 공석이 생겼을 때 해당 역할을 맡길 수 있다는 신뢰를 얻기 어렵다”고 말했다.

한계 4 확실성이 있어야만 움직인다

CIO는 불확실성 속에서 의사결정을 내려야 하는 자리다. 이사회와 CEO는 완벽한 정보가 없어도 진전을 만들어낼 수 있는 기술 리더를 원한다. 요구사항이 완전히 정리될 때까지 기다리는 대신, 다양한 시나리오와 범위를 바탕으로 결정을 내릴 수 있어야 한다.

웨스트 먼로의 루니는 준비되지 않은 리더의 신호 중 하나로 ‘단순화 능력 부족’을 꼽았다. 그는 “의사결정을 설명하는 데 40장의 슬라이드가 필요하다면 사고가 아직 정리되지 않은 것”이라며 “경영진 수준에서는 복잡한 내용을 비즈니스가 실행할 수 있는 명확한 방향으로 압축해야 한다”고 말했다.

CIO 준비가 된 리더는 기다리기보다 제안한다. IT 임원 겸 자문가 에두아르드 드 브리스 샌즈는 “모든 대화와 보고, CEO와의 1대1 미팅은 하나의 질문에 답해야 한다”라며 “‘우리가 한 일로 인해 비즈니스에 어떤 변화가 있었는가’가 핵심”이라고 강조했다.

한계 5 ‘내가 꼭 있어야 하는 상태’에 머물러 있다

직관에 반하는 이야기지만, 승진으로 가는 가장 확실한 방법 중 하나는 ‘자신 없이도 돌아가는 팀’을 만드는 것이다.

니콜라이센은 “상위 역할로 이동하려면 조직이 당신을 이동시킬 수 있을 만큼 팀의 역량과 규모를 키워야 한다”라며 “결국 스스로를 대체 가능하게 만들어야 한다”고 말했다.

루니는 이를 ‘히어로형 리더’와 ‘진정한 리더십’의 차이로 설명했다. 그는 “CIO는 모든 문제를 직접 해결하는 사람이 아니다”라며 “지속적으로 성과를 만들어내는 팀과 시스템을 구축하는 것이 핵심이며, 이는 반복 가능한 영향력을 만드는 것”이라고 강조했다.

도일은 “CIO 준비가 된 리더는 팀원들의 신뢰를 얻고, 아이디어를 끌어내며, 꾸준히 성과를 내는 조직을 만든다”며 “이러한 역량이 유능한 IT 리더를 실제 CIO 후보로 전환시키는 요소”라고 설명했다.

한계 6 산업 이해는 중요하지 않다고 생각한다

최고 자리를 준비하는 과정에서 IT 리더들이 흔히 저지르는 실수는 자신의 기술 전문성이 어느 산업에서나 그대로 통할 것이라고 가정하는 것이다. 특히 AI 시대에는 산업별 프로세스에 대한 깊은 이해가 점점 더 중요해지고 있다.

도일은 “CEO는 자사의 비즈니스 특성을 이미 이해하고 즉각적으로 가치를 더할 수 있는 기술 리더를 원한다”고 말했다. 이어 “CIO를 목표로 한다면 어떤 CEO와의 대화가 의미 있는지 전략적으로 판단하고, 그 대상과 적극적으로 접점을 만들어야 한다”고 조언했다.

핵심은 특정 산업의 과제와 우선순위, 시장 환경 전반에 대한 이해를 보여주는 것이다. 단순히 과거 성과를 나열하는 것만으로는 부족하다. 도일은 “비즈니스 맥락을 이해하고, 경영진의 언어로 소통하며, 자신의 경험을 해당 조직의 실질적인 성과로 연결할 수 있어야 한다”고 강조했다.

이는 산업 간 이동이 불가능하다는 의미는 아니다. 다만 충분한 사전 준비가 필요하다는 뜻이다. 자신의 경험이 해당 기업의 구체적인 과제에 어떻게 적용될 수 있는지 명확하게 설명해야 한다. 이사회가 AI 전환에 투자하는 상황에서는 단순한 리더십 이력만으로는 부족하며, 운영 모델에 대한 이해가 필수적이다.

한계 7 스토리를 전달하지 못한다

기술 전문성은 기본 요건에 불과하다. CIO로 선발되는 사람과 그렇지 못한 사람을 가르는 핵심 요소는 이를 비기술 이해관계자에게 전달하는 능력이다.

도일은 “CIO는 복잡한 기술을 맥락 속에서 풀어 설명하고, 전문 용어 없이도 공감할 수 있는 방식으로 전달해야 한다”며 “오늘날 CIO는 비즈니스 전략가이자 스토리텔러, 그리고 가치 전달자로서 서로 다른 영역을 연결하는 역할을 수행해야 한다”고 말했다.

드 브리스 샌즈는 많은 후보자가 ‘무엇을 했는지’에 집중하는 점을 문제로 지적했다. 그는 “이력서에 구현, 배포, 구축 경험만 나열하는 것은 모두 ‘활동’일 뿐”이라며 “CEO가 궁금해하는 것은 ‘그 결과로 비즈니스가 실제로 개선됐는가’라는 점”이라고 말했다.

그는 표현 방식의 전환을 제안했다. 단순히 “SAP S/4HANA를 도입했다”가 아니라, “연간 1,200만 달러(약 160억 원)의 성과를 창출한 전사적 전환을 이끌었고, 일정과 예산을 모두 준수해 완료했다”와 같이 설명해야 한다는 것이다.

스토리텔링 역량은 자기 홍보를 넘어선다. CIO는 AI가 조직 구성원에게 어떤 의미인지, 플랫폼 투자로 무엇이 가능해지는지, 특정 선택이 왜 타당한지까지 설명해야 한다.

도일은 “AI 확산과 함께 CIO 역할은 점점 더 소통과 인간적인 요소에 중심을 두고 있다”며 “조직 전반의 신뢰와 지지를 얻기 위해서는 경영진으로서의 존재감, 겸손함, 그리고 팀의 성공에 대한 투자 의지가 필요하다”고 강조했다.

지금 당장 CIO처럼 행동하라

전문가들이 공통적으로 강조하는 점은 하나다. 직함보다 행동이 먼저라는 것이다.

웨스트 먼로의 CIO 케빈 루니는 “CIO라는 역할이 영향을 만들어내는 것이 아니라, 이미 영향을 만들어내고 있는 사람을 인정하는 것”이라며 “유망한 차세대 CIO들은 조직 전반에 성과를 만들어내는 구조를 구축하고, 이를 팀을 통해 실행한다”고 설명했다. 이어 “단 한 번의 성공은 우연일 수 있지만, 반복 가능한 성공 구조는 리더십을 증명한다”고 덧붙였다.

에두아르드 드 브리스 샌즈는 이를 더욱 직설적으로 표현했다. 그는 “이미 모든 면에서 CIO처럼 일하고 있는 VP급 기술 리더들을 많이 봤다”며 “이들은 관계, 신뢰, 비즈니스 이해도를 모두 갖추고 있었고, 직함은 형식적인 문제에 불과했다”고 말했다. 이어 “직함을 얻은 뒤에야 CIO처럼 행동하려는 사람은 결국 그 자리에 오르지 못한다”고 지적했다.

그렇다면 실제로 ‘준비된 상태’는 어떻게 드러날까. 헬러 서치 어소시에이츠의 도일은 “기술이 아니라 가치 중심으로 말하고, IT 언어만큼이나 비즈니스 언어에도 능숙해야 한다”고 강조했다. 이어 “모든 대화에 들어가기 전, 비즈니스 파트너가 직면한 KPI와 목표, 압박 요인을 충분히 이해하고 있어야 한다”며 “조직 전반을 아우르는 사고는 선택이 아니라 필수”라고 말했다.

또한 멘토나 코치를 찾고, 자신의 역할 범위를 확장할 수 있는 기회를 적극적으로 모색하는 것도 도움이 된다. 도일은 “CIO를 목표로 한다면 역량을 확장하고, 다양한 조직과 협업하며, 현대 CIO에게 요구되는 역량을 고루 갖출 수 있는 역할을 스스로 찾아야 한다”고 조언했다.

루니는 준비 상태를 판단하는 가장 명확한 신호로 ‘조직의 태도 변화’를 꼽았다. 그는 “기업이 이미 당신을 CIO처럼 대하기 시작할 때 가장 빠르게 그 자리에 오를 수 있다”며 “조직 전반의 리더들이 당신의 관점을 신뢰해 주요 의사결정에 자연스럽게 참여시키기 시작한다”고 설명했다.
dl-ciokorea@foundryco.com

MicrosoftのCEO Satya Nadella氏がエージェンティックAI時代に従来のビジネスアプリケーションは「崩壊する」と予測し、物議を醸した。2月初めにAnthropicが「Microsoft Copilot」に対抗する「Claude Cowark」をリリースしたところ、米国のソフトウェア株が大幅に下落した。SaaSの終焉は本当なのか、それとも過剰反応なのか。

1, 既存大手が当面は優位を維持する

業界見通し：既存の市場リーダーは当分の間、プラットフォームにエージェントを組み込むことでシェアを維持する可能性が高い。

Forresterのアナリスト Kate Leggett氏は次のように語る。「コアアプリケーションがすぐになくなることはない。ワークロードがAIエージェントに完全に移行するには、数十年かかる可能性がある」。業界コンサルタントのWilliam Flaiz氏も「CRMシステムを丸ごと入れ替えようという経営判断はまだ起きていない」と指摘する。CIOは既存への多額の投資を無駄にしたくないからこそ、今あるプラットフォームにエージェンティックAIを追加して価値を引き出そうとしている。

Technology Business Review（TBRI）のシニアアナリスト Alex Demeule氏も同様の意見だ。「大企業においては、エージェンティックシステムへの自律性の委譲リスクはまだ現実的ではない」と同氏、「株価が示す混乱の大きさとは裏腹に、既存の大手ベンダーは5〜10年のスパンで見ると、AIの時代への転換において有利なポジションにある」との見解を示した。

2, 価格モデルは根本から変わる

業界見通し：サブスクリプション型から消費量・成果ベースの価格モデルへの大きな転換が起きる。

Interarbor SolutionsのプリンシパルアナリストDana Gardner氏は、「中短期的な懸念は既存システムの入れ替えよりも、現在のベンダーの価格支配力の終焉だ」と言う。AIエージェントがビジネスアプリケーションの利用パターンを把握できるようになれば、CIOはその知見を活かしてより有利な契約条件を交渉できるようになる。

Bain & Coのレポートは「エージェントが人間のタスクを代替するなら、顧客はログイン数ではなく成果に対して支払うことを望む」と記す。IntercomやSalesforceなどはすでにこの方向に動いている。IDCの予測では2028年までに純粋なシート数ベースの価格設定は時代遅れになり、ソフトウェアベンダーの70%が消費量や成果を軸にした新しい価格モデルに移行するという。

3, ソフトウェアプラットフォームの融合と新たな競争

業界見通し：AIエージェントはデータの所在を選ばないため、CRMとERPなど従来のカテゴリーの境界が曖昧になる。

AIエージェントが効果を発揮するには、データがどこにあってもアクセスできる必要がある。SaaSベンダーはCRM、ERP、ITサービス管理などのカテゴリーの垣根を取り払う方向に動いている。Oracle、Microsoft、SAP、SalesforceはそれぞれAI統合プラットフォームの構築を進めており、ServiceNowはエージェンティックAIプラットフォームベンダーのMoveworksを買収し、CRM分野でSalesforceに挑んでいる。

4, 勝者と敗者——汎用ツールは苦戦、専門特化型は有利

業界見通し：汎用的なポイント製品は淘汰されやすく、深い業種特化型ツールは生き残りやすい。

Leggett氏はエンタープライズソフトウェア市場を3つに分類する。ワークフロー、スプレッドシート、軽量なプロジェクト管理ツールなどシンプルなポイント製品は「比較的早期に消えていく」という。差別化要素が少なく、複製しやすいからだ。一方、医療記録管理のEpicやCerner、製薬・ライフサイエンスのIQVIA、建設のProcoreなど深い業種特化型アプリは、専門知識と周辺システムとの統合によって守られている。大手CRMプレーヤーは自社データの囲い込み、業種別ナレッジ、パートナーネットワーク、規制対応の専門知識などで優位を持つ。

Demeule氏は「既存の大手ベンダーがここまで生き残ってきたのは、オンプレミスからクラウドへ、永続ライセンスからサブスクリプションへと、変曲点ごとにうまく転換できたからだ」と指摘する。

5, バイブコーディングが一部セグメントを揺るがす

業界見通し：バイブコーディングにより、エンドユーザーが独自のエージェントを構築できるようになり、SaaS市場の一部が揺らぐ。

バイブコーディング（自然言語のプロンプトをもとにAIエージェントがソフトウェアを書く手法）は、ローコード・ノーコードの動きをさらに一歩進める。従来のCRMやERPプラットフォームの枠の外で、エンドユーザーが生産性ツールを構築できるようになる。

Leggett氏はバイブコーディングを「本物の脅威」と見る。「煩雑で複雑すぎると感じているエンドユーザーが多い従来型エンタープライズソフトウェアを迂回して、生産性を高める可能性がある」。

ただし技術的に成熟していない組織には、ミッションクリティカルなワークフローに影響するエージェントを自力で構築・展開するスキルが不足していたり、リスクが高いと感じるかもしれない。

このようなことから、Demeule氏は「バイブコーディングで脅かされるのは単機能の小さなツールだ。顧客データベースやサプライチェーン全体を管理するような基幹システムは別の話だ」と言う。

6, エージェンティックなオーケストレーション層が生まれる

業界見通し：従来のSaaSアプリケーションは存続するが、エージェンティックなオーケストレーション層の裏側に隠れる形になる。

未来のユーザーインターフェースは従来のSaaSプラットフォームではなく、エージェンティックなものになる——アナリストたちはこの点で一致している。ただしCRMやERPがなくなるわけではなく、見えなくなるだけだ。

IDCのアナリストBo Lykkegaard氏は「SaaSモデルの弱点は複雑さだ。各SaaSアプリケーションは独自の学習曲線とUIを持ち、しばしば散発的かつ非効率に使われる。AIはこれに対する解決策を提供する。複数のダッシュボードを行き来する代わりに、システムをまたいでタスクをこなす会話型エージェントとやり取りできる。AIが新しいインターフェース層となり、複雑さを抽象化し、反復プロセスを自動化する」と言う。

Demeule氏は、効率性やコスト、エネルギー使用などを考慮しながら、LLM、SLM、RPAツールにタスクを割り振るオーケストレーションエージェントの登場を想定している。

今後数年間の焦点は、CIOがこの機能を既存のプロバイダーから調達するのか、OpenAI、Anthropic、Palantir、UiPathといった新興プレーヤーから調達するのか、という問いになりそうだ。

There’s been a wake-up call for CIOs. All the talk about perceived productivity boosts that have previously dominated conversations about AI has been replaced with a demand for measurable value from investments in emerging tech.

As MIT states that project failure rates are as high as 95%, executive boards are starting to question when AI will pay dividends. PWC’s Global CEO Survey shows that more than half of companies have seen neither higher revenues nor lower costs from AI, and only one in eight have achieved positive outcomes.

While Gartner predicts significant growth in AI spending this year, John-David Lovelock, distinguished VP analyst at the research firm, says the lack of tangible returns means digital leaders are changing tack. Rather than hoping their AI explorations will produce returns, CIOs are switching to more targeted initiatives.

“The projects growing quickly are the ones doing business, and those initiatives include AI,” he says. “CIOs are starting to de-emphasize AI and re-emphasize business. These projects are about AI enhancing existing work and moving away from moonshot transformational projects.”

Lenovo’s CIO Playbook for 2026, produced with tech analyst IDC, also suggests enterprises will get serious about AI deployments this year, with explorations replaced by production-level services that drive business transformation. With boards exerting pressure for measurable returns, Ewa Zborowska, research director at IDC, says more digital leaders want to use AI to enhance, innovate, and reinvent their organizations.

“CIOs aren’t just considering AI out of curiosity, they want to see what they can get out of it to grow the business,” she says. “AI adoption is much more about doing new things or taking a fresh approach to creating value rather than becoming more efficient at cost-cutting.”

Such is the clamor for value that Richard Corbridge, CIO at property specialist Segro, suggests that returns from AI are a main digital leadership priority: “If you discover, for example, that everyone in the organization used Copilot 10 times today, that might mean they’ve been more efficient,” he says. “But what have they actually done with the time they saved? How has saving time created value?”

CIOs will grapple with these questions during the next 12 months. With CEOs and boards becoming impatient for returns, digital leaders are working more with their bosses to define value. Successful CIOs fine-tune their arguments to ensure their projects are backed, and then demonstrate the value of their AI initiatives to the board.

Defining a valuable AI project

What’s clear is CIOs can’t deliver outputs from AI projects without input from their enterprise peers. IDC’s Zborowska says tighter cooperation across project ownership and KPIs ensure emerging technology investments are targeted at the right places.

This increased interaction between digital and business leaders also changes project aims. As stakeholders work closely together to generate value from AI, Zborowska expects executives to seek KPIs that stretch across operational concerns.

“I’d bet we see more non-financial aims over the next few years,” she says. “Executives will consider things such as are employees more engaged, has their work improved in any way, are AI implementations impacting customer experiences, and are internal decisions being made more efficiently.”

Martin Hardy, cyber portfolio and architecture director at the UK’s Royal Mail, agrees that defining valuable AI projects is all about finding the right focus. Effective deployments target processes in distinct areas, and business stakeholders must be part of the value-defining process.

“If we’re making decisions about legal documentation, AI is probably not there yet,” he says. “But if we can use AI to approve holidays, for instance, that might be something because if you have rules that say no more than two people off at a time, you could use AI to check about booking holidays without having to ask everyone in the office.”

For CIOs seeking value-generating use cases, Gartner’s Lovelock suggests AI can deliver results in key business areas such as boosting revenue, supporting decision-making, engaging staff, and improving experiences. He says the right path to AI exploitation correlates with Gartner’s enterprise technology adoption profiles, which group companies into a range of categories.

“The folks who are furthest forward, what we call the agile leaders in technology, are much more likely to drive AI to change the business,” he says. “The laggards on the other side are more likely to take on the technology that’s given to them by incumbent software providers, and use it in a prescriptive manner.”

Fine-tuning the use case

The challenge now is for digital leaders to work with their business peers to determine a more refined approach to AI deployment. For some CIOs, the value of AI is clear but the potential risks must be considered.

Take Dan Keyworth, executive director of performance technology and systems at McLaren Racing, whose focus is operational stability and race-day reliability. While he says being aware of developments in generative and agentic AI is crucial, the priority is tried-and-tested technologies rather than innovations that put performance at risk.

“Formula One is grounded in traditional machine learning and simulation,” he says. “Developing models has been a big part of our performance journey, and since the engine already existed, gen AI is the turbo that’s bolted on with more investment in AI.”

For other digital leaders, like Barry Panayi, group chief data officer at insurance firm Howden, success depends on keeping the human in the loop. Yes, automation can improve customer service, but rather than replacing staff, he wants to use AI to ensure Howden’s professionals have the right insight when they interact with clients.

“There’s absolutely no desire to use data to drive productivity by automating what we do with our customers,” he says. “This is a business where people speak to people. Our brokers need information that can give them an edge, and prove to their clients they understand the risks and can give them the best deals.”

Nick Pearson, CIO at technology specialist Ricoh Europe, adds that the use case for AI at his firm is two-fold: boosting operational productivity and improving customer processes. So he’s established a tri-party AI council with the head of service operations and the commercial manager in Spain. This council explores opportunities to buy, build, and reuse emerging tech.

“We’ve got a strategy that looks at where AI matters, which means exploring the technology we already have to boost internal productivity,” he says. “We’ve got a lot of people who know how to code and build things in Copilot Studio and other platforms, so let’s use that to increase productivity.”

Showing returns to the board

For Gartner’s Lovelock, the key lesson for CIOs eager to generate value from AI is to work with their peers and set desired outcomes before investing. “Most people start with the idea that more is more, and if you do that, you won’t get to the idea of quality,” he says.

That sentiment resonates with Segro’s Corbridge, who encourages digital leaders to start conversations with other professionals by focusing on value. Ask people how investing in an AI implementation will create value for them personally, for the wider business, and the customers the organization serves.

He says CIOs shouldn’t try to prove that AI works, but rather concentrate on how emerging tech adds value. That definition is so critical to Segro’s way of working that the organization uses the phrase proof of value rather than proof of concept.

“Most things work, but they might be more expensive,” he says. “For example, you might be able to use AI to transform how the organization uses spreadsheets, but that project might cost you $300,000. And if you’re currently paying someone $40,000 to do that work, and they’re happy doing it, then you have to question the value.”

Lessons are being learned, says IDC’s Zborowska, whose firm’s research suggests that half of AI POCs now transition into production. While some people might think this success rate isn’t impressive, the quantity a year ago was 10%. After several years of AI exploration, it appears CIOs and their businesses are now firmly focused on real returns.

“These numbers speak to the fact that companies are being more mature and mindful in how they allocate budgets,” she says. “They also support the main theme that we’re on a journey to transformation and a maturing market for AI adoption.”

The recent new regulations for climbing Mount Everest give us some surprising parallels, lessons learned, and best practices between the physical risks of mountaineering and the governance risks of high-stakes AI.

The new and stringent regulations related to Everest center around mandatory use of local guides and prior experience, electronic tracking, strict health certifications, and waste management — a clear focus on experience, real-time observability, safety, and sustainability.

High-risk AI systems, those defined as so by the EU AI Act regarding their potential impact on health, safety, or fundamental rights, are classified this way if they either fall under EU product safety legislation or used in sensitive areas such as biometrics, critical infrastructure, education, employment, essential services, law enforcement, or justice.

So to help CIOs deal with high-risk AI implementations, here are five lessons from the top of the world.

Proof of acclimatization

In recent seasons, Everest experienced a surge in aspirational climbers who lacked basic high-altitude skills and equipment knowledge. Those factors, and refusals to turn around at hard time stops, resulted in several deaths.

So under the 2025/2026 Tourism Bill, climbers must now provide a verified certificate proving they’ve summited at least one peak above 7,000 meters in Nepal before they can apply for an Everest permit. Why 7,000? Because this altitude represents the transition from high to extreme altitude and presents a critical physiological and technical threshold.

For CIOs, this situation mirrors shadow AI and AI sprawl, where teams may lack the experience to mitigate the underlying risks of their implementations. To resolve it, it’s important teams working on high-risk AI projects have proven experience with at least moderate risk implementations, and understand the governance requirements of the higher-risk projects they’re about to tackle.

This experience rule should apply to the technologies involved as well. Teams working on projects and tech involved all need to be fit for task. For example, CIOs may decide to prohibit the deployment of autonomous systems in core financial or customer-facing workflows unless the underlying model and its orchestration layer have successfully passed a pilot with documented safety metrics. According to KPMG’s Q1 2026 AI Pulse Survey, these types of restrictions are well underway with 43% of organizations identifying high-risk use cases where autonomous agent decision-making isn’t allowed.

Mandatory black box and tracking

On Everest, all climbers are now required to rent some kind of GPS tracking chip that’s sewn into their jackets to expedite search and rescue operations, if needed.

“On Everest, tracking isn’t optional, it’s survival,” says Steven Pivnik, an entrepreneur and advisor who utilizes an endurance mindset built from years of Ironman racing and mountaineering, including Mt. Everest. “In high-risk AI, if you can’t see how decisions are made or trace outcomes. You don’t have control, you have exposure.”

In the AI world, this tracking requirement translates to real-time agentic observability. Every high-risk AI project should include a dedicated observability budget typically 10 to 15% of total project cost. Teams should also implement trust verification frameworks that provide a real-time heartbeat of agent intent, ensuring that if an agent drifts into a non-compliant decision path, it’s located and paused before it can execute.

Certified local guides — the Sherpa requirement

On Everest, solo climbing is now strictly prohibited. Every climber must be accompanied by at least one certified Nepali guide or high-altitude worker. This ensures local knowledge and safety are prioritized.

The business lesson is to move away from generalist AI teams and toward specialist, hybrid ones with necessary technical, contextual, and compliance-related expertise. This includes team members with deep, industry- specific domain knowledge, dedicated compliance or ethics officers, cybersecurity specialists, and external partners as needed.

“Enterprises considering the implementation of complex AI projects should integrate cybersecurity early in their planning process,” says Jude Sunderbruch, MD at cybersecurity consulting firm OakTruss Group. “Some organizations have the necessary skills in house but in other cases, it’s advisable to leverage outside partners with relevant experience.”

The KPMG AI Pulse Survey also found that when it comes to managing agent risk in the next six to 12 months, 48% of organizations are looking to deploy AI agents developed by trusted tech providers versus going it alone.

Strict health certification

Climbers must submit a medical fitness certificate issued within 30 days of an expedition start date. And for those over 50, tests like an ECG and stress test may be required too.

In the AI world, there’s an expansive number of vendor and tool-specific certifications available to validate expertise. Organizations such as Thinkers360 offer holistic ones that cover an expert’s lifetime body of work in specific domains by examining their authored content and experience. In a world exploding with self-proclaimed AI experts, reviewing third-party credentials can be a useful way for CIOs and their teams to review vendor and practitioner capabilities.  

An additional way to conduct the medical check-up for your AI project is to run a formal impact assessment to identify potential health risks to the organization or the public before a single line of code is deployed. Having a pre-defined incident response and liability plan can also help establish the requisite financial and legal insurance for added protection.

Sustainability and waste management

Climbers are now mandated to use government-sanctioned biodegradable waste, alleviation, and gelling (WAG) bags to carry their waste down from higher camps to base camp for proper disposal.

In the AI world, this translates to a similar environmental focus as boards and executives increasingly turn their attention to the sustainability impact of AI data centers. With global data center investment projected to exceed $3 trillion over the next five years to meet AI-driven demand, some organizations are already reporting AI-related infrastructure costs and emissions doubling month-over-month as experimentation and pilots expand. 

To manage this aggregate energy consumption, CIOs need to work better with their sustainability teams to set goals for the environmental footprint of their sovereign data centers, as well as those of their partners. They can achieve this by looking for technologies designed to address this challenge at the architectural level.

By paying attention to lessons learned from Everest, and new regulations focused on quality over quantity, you’ll be in a stronger position to mitigate risk in your next high-stakes AI project.  

IT系の仕事を志すきっかけになった「Web 2.0」の思想

——これまでの経歴は？

楽天グループに2013年の新卒入社以来、「楽天トラベル」一筋で13年ほど歩んできました。担当してきたサービスは変わっていませんが、働くフェーズや業務領域のレイヤーは幅広く変化してきたと感じています。

入社当初、社内公用語がすでに英語になっていたこともあり、TOEICで800点を取る必要があったため、必死に勉強したことは今でも良い思い出です。ちょうどグローバル化が本格的に動き始めたフェーズで仕事を始めることができたのは、とても幸運だったと思っています。

楽天でのキャリアは一人のソフトウェアエンジニア、いわゆるインディビジュアルコントリビューターとして始まりました。開発領域においては、グリーンフィールドでのゼロからの立ち上げから、稼働中のシステムの改修や廃棄に至るまで、アプリケーションのライフサイクル全体を一通り経験してきました。現在はTravel Service Reliability課のシニアマネージャーとして仕事をしています。

——ITの道を志すようになったきっかけは？

きっかけは大学時代、Web 2.0の世界に触れた体験でした。2007年に筑波大学へ入学した当時、ちょうどWeb 2.0が世間を席巻していた時代でした。私は図書館情報学という、人や技術、社会を学際的に研究する学問を専攻していたのですが、「個人が技術によってエンパワーメントされ、社会にインパクトを与えることができる」Web 2.0の思想に強く魅力を感じたのです。

特に印象に残っているのは、学生時代に参加したWikiに関する勉強会です。当時は草の根の勉強会が盛んで、右も左もわからないまま職業人の方が主催するコミュニティに飛び込んでいきました。

Wikipediaに代表されるWikiというソフトウェアには、「草の根で情報を集積し、みんなで編集と校閲を行い、人の役に立つ形にしてパブリッシュする」という思想があり、そうした思想を技術的に実装できるところに大きな魅力を感じました。社会をエンパワーメントする思想をインターネットサービスという形で実装していくことの可能性に惹かれたのが、この道を選ぶ動機になったと思います。

楽天でのこれまでのキャリアを振り返ると、特定の大きな仕事を手がけたというよりは、2〜3年ごとに役割やポジション、担当プロジェクトが変わる中で少しずつ貢献してきたという感覚があります。その中でも、新卒5年目にインディビジュアルコントリビューターからマネージャーへ転じたことは自分の中ではとても大きな変化で、「自分が手を動かして早く正しく作ること」から、「チームとしての再現性と正確性を担保して成果を出すこと」へと、考え方そのものが変わりました。

仕事の軸となっている3つの価値観

——仕事をする上で大切にしていることは？

大きく分けて3つあります。

1つ目は、「顧客視点でニーズに応えること」です。私自身が外部のお客様と直接やりとりする機会は限られていますが、上司や経営層を内部顧客として捉えた時に、「自分がやりたいこと」を先走らせるのではなく、「会社やお客様に向けて何を提供したいのか」を正しく理解した上で、自分の価値をそれにどうフィットさせるかを考えるようにしています。

2つ目は、「安心・安全を守ること」です。AIをはじめとする新技術の進展によって、さまざまなサービスやDXの取り組みが生まれていることは素晴らしいことですが、一方で、いつの時代においても安心・安全は揺るぎない価値だと信じています。品質や安心・安全を守るというのは目立たない取り組みではありますが、私自身はとても大切にしています。

3つ目は、「作り手と使い手の相互理解を深めること」です。エンジニアとビジネス部門、楽天という会社とお客様——といったように「作り手」と「使い手」は相似形の関係にあると思っているのですが、どこかで認識のズレが生じることがあります。例えば「この機能を作るのにはこれだけ時間がかかる」とエンジニアが感じていても、ビジネス側は「早く作ってほしい」というような状況はよく起こります。

同じゴールを目指しているのに、目の前の行動や考え方が噛み合わない時、いかに「共通認識」を作れるか——。安心・安全の領域でも同様で、「これだけのリスクがあるから今、投資しておくべき」という説明が届かないと、コストや納期の齟齬が生じてしまいます。作り手と使い手が共通言語を持って「ゴールは同じですよね」とすり合わせられる状態を、社内外を問わず広げていきたいと思っています。

技術の本質は歴史から読み解く

——日々変化する技術トレンドをどのように学んでいますか。

大前提として、「技術トレンドそのものを目的として追わないこと」を強く意識しており、「トレンドの奥にある技術の本質は何か」を考えるようにしています。

20〜30年前に流行った技術の思想は本質的には変わっておらず、当時は組織力や技術力、ハードウェアの制約から実現できなかったものが、時を経てようやく実装されるというケースがよくあります。たとえばマイクロサービス化は最近始まった話ではなく、UNIXの思想として語られた30〜40年前の思想の再来だと私は捉えています。「なぜ当時は実装できなかったのか、なぜ今はできるようになったのか」と、歴史の文脈で現在の技術を位置づけることを意識しています。

具体的なテクニックとして活用しているのが、図書館情報学で学んだ分類の発想です。本を読む時に、日本十進分類法（本を分類する仕組みの一つ）の「何番の本を最近、よく読んでいるか」を意識して、偏りに気づいたら全く別の分類の本を手に取るようにしています。技術の流行りすたりに引きずられることなく、バランスよく知識を習得することを大切にしています。

情報収集においては、最近では生成AIに聞くことも多くなりました。10年前は本やWeb、あるいは人に聞くことでしか得られなかった情報が、生成AIによって即座に概要を得られるようになり、情報の入口のハードルは格段に下がりました。ただ、それはあくまで表層的な情報なので、その知識が時代や歴史の中でどう位置づけられるのかを体系化するには、多くの本をじっくり読んで時間をかけていく他はない、とも感じています。AIを入口に、図書館情報学的な思考法で深める——という学びのコンビネーションが、自分の中では自然な学び方になっています。

また、月に一度、家族で旅行に行くことも学習の一環だと考えています。尊敬するライフネット生命創業者の出口治明さんが「学ぶ方法は人と本と旅の3つ」とおっしゃっていたこともあって、「現地現物で経験する機会」を仕事以外でも増やしたいと思い、目標に設定しました。

自分が「楽天トラベル」の開発に携わっているからこそ、旅行予約サービスやホテル、移動手段に一顧客として向き合うという経験には特別な意味があります。SNSやホテルのホームページで見ていたデータと現地の体験では、情報の密度が全く違うことを実感できます。DXが叫ばれる今もなお、デジタル化されていない情報が実に多いと肌で感じることで、仕事の解像度が上がります。

例えば私は子どもが3人いるのですが、日本のホテルで5人部屋を探すことには今でも苦労します。そうした一顧客としてのペインポイントが、「もしかしたら他のお客様も同じ思いをしているかもしれない」という想像力につながっています。AIがあれば答えはすぐ出ますが、AIは「デジタル化されていない情報」を拾うことはできません。現地に行き、経験し、実物を見ることの価値は、AI時代の今こそ一層重要になっていると感じます。

理想のリーダー像は「自分に嘘をつかない人」

——理想とするリーダー像と、そのために実践していることをお教えください。

社外の方でロールモデルとしているのは、ライフネット生命の創業者で、現代の知の巨人として知られる出口治明さんです。数字、ファクト、ロジック、そして世界と歴史の視点で、「地球の大統領」のような俯瞰でものごとを語る方で、彼の著作を組織作りやビジネスの考え方などの参考にしています。

自分が理想とするリーダー像を一言で表すなら、「自分に嘘をつかず、正しいと思ったことを品性高潔にやっていくリーダー」です。立場によって、正しさの定義が変わるようなこともあるとは思いますが、大局的に考えれば、ゴールはそれほど人によってずれていないと思うのです。地球は平和な方がいい、毎日食事ができた方がいい——そう考えると、社内政治的な動きや小手先のハックに頼るより、真面目に素直に正攻法で進めることが、結局は最も近道になると感じています。

現場で直面するプロジェクトや技術的な課題の多くは、いわゆる「ロケットサイエンス」のようなものではありません。難解な数式を解いたり、これまで存在しなかった技術を生み出したりしなければならないケースは、実際にはそれほど多くないと思うのです。

むしろ現場で頻繁に起きているのは、ゴールも課題も見えているはずなのに、メンバーがそれぞれ違う方向に進んでしまい、問題が解決されないという状況だと感じています。

そのため私はまず、チーム内で「課題の認識をそろえること」を意識しています。たとえば、「今私たちが解こうとしている課題はこれですよね。目指しているゴールも同じですよね。そのうえで、解決方法としてはA案とB案がありますが、それぞれが別のやり方で進めてしまうと前に進めないので、まずはここだけはB案で進めてみませんか」といった形で共通認識をつくることを大事にしています。

その実践の中で私が大切にしているのが、「まず30分集まって話す」ということです。対面で話したことがない、あるいはお互いの業務について一度も聞いたことがないという、たったそれだけの理由で、ちょっとした思い込みが生まれ、知らないうちに壁ができてしまうことは少なくありません。

しかし、30分でも膝を突き合わせて話してみると、「そういうことだったのか」と理解が進み、メンバーの表情が晴れやかになる場面を何度も見てきました。実際には、それだけで解決する問題も少なくないのです。だからこそ、こうした対話が組織のあちこちで自然に生まれ、多発的に起きるような仕組みや人材育成を進めていきたいと考えています。

——リーダーとしての覚悟が試された出来事はありますか。

エンジニアからマネージャーへの道を選んだときにはとても悩みました。この判断を下す際に大きかった要因は3つです。図書館情報学を出発点に人や社会、組織のダイナミズムに興味を持っていたこと、昇進のチャンスが巡ってきたこと、そして「管理職はハードルが高いという周囲の声が多かった中で「自分が貢献できることがあるかもしれない」と思えたことです。

棚からぼた餅（昇進の機会）が落ちたときに、それを取るかどうかはけっこう重要だと思いましたし、一エンジニアでいるよりもマネージャーになったほうが、組織や社会へより戦略的なインパクトを与えられるかもしれないと思ったのです。

マネージャーになった時、当時の上司からかけられた「メンバーとマネージャーの違いは、その人やその家族の人生に責任を持つことだ」という言葉は、今でもリーダーの覚悟として心に刻んでいます。「マネージャーが行った評価がメンバーの給与に影響し、その家族の生活にも影響しうることを忘れてはならない」という大事なことを教えていただきました。

全てに正解を出せるわけではありませんが、その重みを理解した上で覚悟を持ってマネージャー職を務めたいと思っています。だからこそ、ローパフォーマーに耳の痛いことを伝える際にも、「ゴールはここですよね」という共通認識を作った上で、数字やデータ、ファクトを示し、相手に自ら気づいてもらえるようなコミュニケーションを心がけています。

一方で、「人は一番輝ける場所で働くことが幸せ」とも思っているので、場合によっては別のチームや部署の方が合っているかもしれないという選択肢も、リスペクトを持って率直に伝えるようにしています。

競争と協調の新しい関係──AI社会を支える産業横断のルールづくり

——IT部門の役割はこの数年でどう変わったと感じていますか。

AIの進化と普及によって、開発部門の役割は大きく変化しつつあることを、日々実感しています。かつてプログラミングはエンジニアだけのものでしたが、今やビジネス部門の方でもPythonを書いたり、Webアプリを作ったりできる時代です。それ自体はとてもポジティブなことだと思っています。

一方で、エンジニアの価値がシフトしていく領域があるとすれば、それは機能やUIを作る先にある「安心・安全の担保」だと思っています。AIが生成したアウトプットを人間がチェックすること、24時間365日稼働し続けるサービスの信頼性を守ること、システムの先にある実際に人や物が動くところで残念な体験を生まないこと——。技術がより多くの人に開放されていく中で、その安心・安全と倫理性、具体的にはSRE（Site Reliability Engineering）やガバナンス、セキュリティを担保することが、IT部門や開発部門の今後の使命だと感じています。

——先が読めない時代に、意思決定の拠り所にしている判断軸は何ですか。

意思決定の拠り所にしているのは、「一貫性」と「変わるものと変わらないものの識別」です。技術も社会も振り子のように変動しますが、振り子の中心には変わらない軸があります。たとえば人間の脳の基本構造は1万年ほど変わっていない、人間は動物である——といったように、変わらない部分をしっかり理解し、変動する部分には柔軟に追随していくという、バランス感覚が判断の基準になっています。

AIについても同じ視点で捉えています。表計算ソフトが出た時も、パーソナルコンピューターが普及した時も、人々は「なくなる仕事」を恐れましたが、最終的に最も具体的なレイヤーである「モノが実際に誰かに届き、人が実際に動くところ」はなくなりませんでした。

AIも同様で、「トランザクションを包む抽象レイヤーが一つ増えた」と現時点では捉えており、その最も具体的な部分、なくならない領域でビジネスや技術のオーナーシップを持てるようにしておくことが重要だと考えています。

——生成AIや自動化が進む中で、IT部門の「人の価値」はどこにシフトすると見ていますか。

人の価値は、AIでもできるのかもしれないけれど「人がやらないとなぜか納得できない領域」へと、徐々にシフトしていくのではないでしょうか。安心・安全の領域や、グレーで泥臭いと言われるようなところがそれにあたります。

例えばチーム内で意見が合わないときに、AIが技術的に人と人をマッチングして「話しなさい」と指示することはできるかもしれませんが、メンバーそれぞれの思いを汲んで、思いが一致するところを探るべくファシリテーションをするような場作りは、人の仕事として意外と淘汰されないのではないかと思います。

——理想とするIT部門のあり方についてはどのように考えていますか。

一言で言えば、「安心・安全の公共財化」です。

たとえば航空業界では、航空会社同士は競合関係にありますが、インシデントやエラーの情報は業界全体で共有し、より安全に飛行できるよう共通の標準づくりを協調して進めています。

ITの世界でも同じことが言えると思っています。企業やサービスはそれぞれ競争していますが、AIが社会に広く普及していく中で、誰もが安心・安全に利用できる基準は、一社の取り組みに閉じるのではなく、産業全体でルールや標準として整備していく必要があると思うのです。

作り手と使い手の顔が見える関係を築きながら、誰もが安心してデジタルやAIを活用できる社会を実現するためにITでどのように貢献していくのか。それこそが、これからのIT部門に求められる役割だと考えています。

後藤祥子

フリーランスの記者、編集者。前職のアイティメディアではITmedia エンタープライズの担当編集長としてメディア運営のほか、特集企画、記事執筆、タイアップ企画、セミナー企画、情シス コミュニティー「俺たちの情シス」の運営などを担当。2020年に独立し、IT系メディアやビジネス系メディア、オウンドメディアなどでイベント企画や取材活動を行っている。信条は、「変化の時代に正しい選択をするのに役立つ情報を提供すること」と「実務者が真に知りたいことを実務者の視点で伝えること」。