Mark Iwanowski has taken several major risks in his professional career, as well as helped to prevent IT risks. During his four years as chief information officer for Oracle, the world's largest enterprise software company, Iwanowski spearheaded the integration of Oracle's global IT with Oracle's global product support. The end result was the transition to an IT services model, resulting in $1 billion in cost savings.

He left Oracle to become an executive-in-residence at Trident Capital, where he serves as CEO of KSR, a provider of risk management services. Iwanowski has been responsible for helping KSR acquire several companies. He also serves on the board of directors for several Trident portfolio companies. Prior to Oracle, Iwanowski managed an outsourcing operation for SAIC, the world's largest private systems integrator; and previously oversaw a $200 million sales and research and development budget for Raytheon Corp.'s Submarine Signal Division.

Mark Iwanowski recently spoke with Enterpriseleadership.org about the cultural and management risks he faced in consolidating IT at Oracle, and the career risks he has taken. He also gives some advice to other CIOs who want to venture in his footsteps. Here's what he had to say:

EL: Larry Ellison, Oracle founder and CEO, moved to transition Oracle from a software product company to a service company. How did that affect you as CIO?

MI: The IT challenges included how to consolidate a lot of decentralized IT operations and Oracle software redundancy, how to get local managers to give up control of their IT operations, and how to get the local corporate managers and the development staff to support a consolidated global IT service model.

We pulled it off because Larry Ellison, who I reported to, gave me 100 percent of his support. Local managers eventually accepted the economic benefit of having one global incident of Oracle software. For example, prior to this move, we had 50 incidences of Oracle email running worldwide. I'll admit that the move was painful and risky for IT. Despite Ellison's backing, we still had to convince these people that the move was in their best interest. At the same time, we had to make them a satisfied service user.

EL: Can you go into more detail about some of the data integrity issues a  CIO of a global company has to deal with daily?

MI: You can lump all of the data integrity issues under the umbrella of how you manage risks that involve the company's operations. Keep in mind, the CIO ends up touching just about every level of the company -- from dealing with the board of directors about Sarbanes-Oxley to fixing a failed fiber link for managers in countries affected by an earthquake. Unlike any other part of the organization, IT, and especially the CIO, has to deal minute by minute with managing risks. To this end, the CIO has to build risk management into every aspect of the IT organization.

EL: Can you describe some of the key challenges you encountered as CIO of  Oracle?

MI: Because we were a major software company, the IT organization became the first beta test site for Oracle products. Another challenge IT faced included managing a 24-by-7 business that exists in 150 countries around the world, and keeping up with the data integrity requirements relevant to each country. For example, a privacy law in one country might directly conflict with the tax retention laws in another country.

EL: You've gone from being a CIO to an executive-in-residence of a venture capital firm to being CEO of one of the firm's funded companies. Should the CIO role be rotational among executives in a company?

MI: First of all, professionals from all types of backgrounds -- ranging from finance to engineering -- fill the CIO role in global companies. You can group CIO backgrounds into two camps: those who've come from the business side of the house where they rely on others to make technology decisions, versus those who've come up the IT ladder and have had to learn on the job how to run a business.

Each camp offers its own downside. The professional from the business side of the house might not be able effectively to communicate how IT can help the business units. Conversely, the career IT professional could find him or herself feeling uncomfortable about answering regulatory questions (such as Sarbanes-Oxley) posed by the board of directors. Because of the Bernie Ebbers's trial, board members have become more and more accountable to compliance issues. No one wants to see their company featured on the front page of The Wall  Street Journal.

Rotation in and out of the CIO role could help professionals from either camp minimize their respective shortcomings. The IT professional could get some experience managing a business unit, and the business professional could get more hands-on experience with a technology-intensive operational unit, such as manufacturing. The bottom line here is that the CIO needs to be able to answer the ABC questions -- asset management, brand protection and compliance-related management issues.

EL: What were some of the best IT practices you introduced at Oracle?

MI: Because IT operated in a beta mode and we went through a global consolidation, I brought in and deployed a team of Six Sigma blackbelt professionals throughout the organization. They helped us to find and correct weak IT links. Once we consolidated and standardized IT globally, I worked closely with the software development side to adopt the Capability Maturity Model Integration. Several years ago, Oracle received a lot of negative press about releasing buggy software. The CMMI best practice helped the company to carry out a more rigorous quality assurance process for testing software.

EL: Why did you leave Oracle and go to a VC firm?

MI: Early in my career, I was involved with two startups. Before Oracle, I ran an outsourcing business at SEIC, which had its own venture capital firm. Business unit managers, like me, participated in decisions about what companies the VC firm acquired or funded. In time, the success of one of those acquisitions became my charter. SAIC gave me the chance to help other entrepreneurs build their business.

Although it is a major corporation, Oracle offers a culture of entrepreneurship. That's Larry Ellison's mantra. The company's software supports every aspect of the enterprise. It's is a good training ground for dealing with innovative products and technologies that mid- to large organizations want to deploy.

I always wanted to leverage investing in startups with overseeing one. Trident gave me the opportunity to wear both of these hats.

EL: What advice would you give to a CIO who wants to move out of this role completely, and, say, become a venture capitalist or CEO?

MI: A lot depends on the person's aspirations. I know many CIOs  who want to stay put. They like being tied to the technology ladder. A CIO of a technology-based company should have no trouble moving into a CEO role or even a spot in a venture capital firm. That's what happened at MCI. However, this role change might be hard to accomplish if you're working for a major healthcare organization.

In 2005, I was at a conference panelist with three other former CIOs  who were now at venture capital firms. We were asked how we made the transition into our new role. In summary, I offer the following: "If you like being in an entrepreneurial space and building a business, then consider the CEO role. On the other hand, if you like being absorbed in the latest technologies, and you can step back from daily management duties, then consider becoming an executive-in-residence at a VC firm."

EL: What is your game plan for the next few years?

MI: I want to continue in the role I have. Eventually, we will find a COO who could step into the CEO role. When that happens, I can move into the chairman role and also help KSR acquire new companies and or help Trident to fund new ventures.

--

Elizabeth M. Ferrarini is a free-lance technology writer from Boston,  Massachusetts. Contact her at elizabethferrarini@yahoo.com.