by Elizabeth M. Ferrarini

With annual revenues exceeding $21 billion and 80,000 employees worldwide, Raytheon Company ranks as an industry leader in defense and government electronics, space, information technology, technical services, and business and special mission aircraft.

With more than 27 years of experience in the defense industry, Rebecca R. Rhoads, Raytheon's chief information officer, oversees the development and implementation of company-wide information systems, as well as the company's technical direction in IT. Because of the nature of Raytheon's business, Rhoads also has the daunting responsibility of managing  risk not only domestically, but in all of the international facilities where the company does business. She recently talked to Enterpriseleadership.org about governance, best practices, and risk management. Here's what she had to say:

EL: How is the IT organization structured at Raytheon?

RR: The IT organization has 3,000 professionals, comprised of infrastructure and data center, engineering automation, and engineering computing.

We have three different organizational models for IT. Each of the seven divisional CIOs oversees specific business units, and each business unit has IT employees who report to the divisional CIO. These employees provide unique services to their respective business unit. We have a shared service environment for functions that need to be managed across the enterprise, such as data centers, and we have IT executives who function like a ship's rudder. They make sure we have a solid strategy, a robust architecture, and an air-tight risk management.

EL: What is your governance model for how you gauge the effectiveness  of it?

RR: The IT governance model mirrors the company's overall governance model for making decisions and managing investments. As a result, our decision model and our vocabulary are consistent with how we run the business and how we run the company.

This governance model has proven to be a big advantage for us. It's one that's easy to teach, and one people are familiar with. It provides a good way to make sure we're aligned with the business and the company, and they can engage in the decisions more effectively. They understand what their role is when we get to certain gate reviews or certain decision steps. We use this for our major investments.

The other IT governance we have in place consists of a CIO cabinet of the seven divisional CIOs and me. The cabinet enables us to manage across very different businesses.

EL: What are some of the best practices you use?

RR: Our Raytheon Six Sigma program provides us with important capabilities we've used to develop IT. In fact, Six Sigma is inherent in every new system, in every new process, and in every process improvement opportunity we take on. When the company first rolled out Six Sigma, we made sure everyone in IT had some type of Six Sigma training. Some people got qualified as specialists, while others became certified experts.

EL: Given that Raytheon is a global defense contractor, how is IT  making the company more competitive?

RR: First of all, we had to figure out what the role of IT was. We've grown as a merger of different legacy companies. From an IT perspective, we had one of each type of system connected to each other. We've done a lot of work to simplify our complex environment. Mission assurance is our way of removing all doubts about the quality or the performance we deliver to our customers.

We've created an environment that makes it easier for not only the company to work quickly and with agility, but also for the businesses to collaborate and work together. Because we have so many varied capabilities in the businesses, we had to integrate the different functions through common processes and through common systems. Now, things work together seamlessly. Bringing these capabilities together enables us to have the most competitive offering.

EL: A 2003 CIO magazine article talks about the high number  of IT project failures you were having. How did you improve things?

RR: The success of project management depends on how well you succeed with risk management. Getting risk management under control helped us to lower our project failure rate and helped us to achieve our cost-performance targets.

For IT, we used two risk management tools well established at the company -- decision tree analysis and, what we call, failure reporting and corrective action. We learned that many of our IT risks were self-imposed because our processes weren't very mature and weren't common processes. Once we got these things taken care of, we were able to manage risk in a more balanced way.

EL: Can you talk about some of the risks you've taken as CIO and what  you learned from each one?

RR: A big risk consisted of moving our IT structure and organization to mirror the company's structure and processes. Because we must keep everything running around the clock, I was concerned that we might run into a snag, such as a significant degradation in performance, if we were perceived as an operating model. In other words, a lot of people might not see the value of what we did until after we did it.

In 2005, we took another risk by creating a common control environment to manage Sarbanes-Oxley risk and compliance requirements. Because we didn't have common systems, our internal auditors and our external auditors didn't understand the value of having common controls.

We now have a common set of controls as you move from business to business. These controls have improved our overall risk management model significantly. At the front end, it took a lot of managing to get that done.

EL: What risk or risks are you now facing?

RR: We're facing a very big financial risk with our commitment to SAP. Instead of having each business unit carry out SAP, we've put together a strategy to carry out one SAP environment for all financials. This type of arrangement will tightly knit the company and the businesses. This initative took longer and was harder to carry out. Now that we're at the end of the deployment, we're seeing the advantages it will provide us.

--

Elizabeth M.  Ferrarini is a freelance technology writer based in Boston,  Massachusetts.