CIO, CTO, and COO: Who Does What? (and Why It Matters When They Don’t)
What’s the difference between a CIO, CTO and COO — and where do their responsibilities overlap? This post explains how these roles work together (or clash) in digital transformation, and how to create alignment across technology, operations and delivery.
Signal Boost: “Three Days”, Jane’s Addiction
Because sometimes it only takes three days (or three execs) to move mountains, as long as they're pulling in the same direction.
Three Roles, One Outcome
Every digital transformation has three key players making it real:
- The CIO, who owns the IT strategy and portfolio
- The CTO, who builds the tech platforms
- The COO, who delivers the operational outcomes
But in the real world, the lines blur. Who owns a transformation backlog? Who defines platform requirements? Who’s accountable to the regulator when things go wrong?
This post unpacks the difference between the roles and what it looks like when they work as a team.
The Core Focus of Each Role
| Role | Focus | What They Deliver |
|---|---|---|
| CIO | Aligning tech to business goals | Resilient platforms, secure systems, strategic IT change |
| CTO | Engineering and architecture | Scalable, extensible technology with velocity and integrity |
| COO | Business execution and resilience | Efficient processes, service performance, risk-managed operations |
Where They Overlap
Modern change programmes don’t fit neatly into org charts, and that’s why these three roles often overlap.
| Shared Area | CIO | CTO | COO |
|---|---|---|---|
| Digital Transformation | ✅ Sponsors delivery | ✅ Builds enabling platforms | ✅ Owns service process and outcomes |
| Operational Resilience | ✅ Owns IT controls and vendors | ✅ Delivers technical resilience | ✅ Owns business continuity and incident response |
| Customer Journeys | ✅ Funds and supports CX tooling | ✅ Enables digital flow through systems | ✅ Runs the operational process behind the journey |
Overlap isn’t bad. But without clarity, it creates conflict, confusion and delays.
Typical Tensions (and How to Resolve Them)
| Tension | What’s Really Going On | How to Fix It |
|---|---|---|
| CIO vs CTO | Strategy vs implementation; delivery vs quality | Joint roadmap governance, shared architecture principles |
| CTO vs COO | Innovation vs stability; agile vs risk | Cross-functional teams with shared OKRs on outcomes and uptime |
| CIO vs COO | IT-led vs business-led change | End-to-end service mapping and co-ownership of platforms |
The fix is rarely structural. It’s usually cultural — and comes down to mutual respect and a clear RACI.
Why a RACI Model Matters
Without a shared understanding of who is Responsible, Accountable, Consulted and Informed, you get:
- Endless steering groups with no decisions
- Tech debt caused by unclear ownership
- Delivery plans that stall because no one knows who’s accountable
A shared RACI to manage major change programmes, define platform ownership, and lead on incident responses, amongst other areas, is one of the cheapest, fastest alignment tools you’ll ever use.
When It Works Well
When these roles are aligned, you get transformation that delivers:
- Fast, without being reckless
- Secure, without being rigid
- Business-led, but tech-empowered
Example:
A financial services firm migrates to the cloud:
- CIO sets the roadmap, owns the business case
- CTO delivers the migration, upskills the team, refactors where needed
- COO ensures continuity of customer service, regulatory reporting, and control testing
No duplication. No drama. Just aligned, accountable delivery.
Where They Report (and Why It Matters)
Org structure varies but what matters more is peer-to-peer collaboration.
| Role | Typical Reporting Line |
|---|---|
| CIO | CEO or COO |
| CTO | CIO, or directly to CEO in tech-first orgs |
| COO | CEO |
When these leaders see each other as partners and not competitors, then that's when transformation accelerates.
Career Paths: Where They Come From and Go Next
| Role | Typical Background | Career Progression |
|---|---|---|
| CIO | Consulting, IT strategy, programme leadership | COO, CEO, NED |
| CTO | Engineering, architecture, infrastructure | CIO, startup founder, CPO |
| COO | Ops, finance, customer service | CEO, business unit MD |
Who to Talk To About What
| If you're… | Speak to… |
|---|---|
| Building a new digital platform | CTO |
| Making a business case for tech investment | CIO |
| Redesigning a customer or back-office process | COO |
| Unlocking AI or insight from enterprise data | Chief Data Officer |
| Creating a new digital journey or channel | Chief Digital Officer |
How To Engage With CIOs, CTOs, and COOs
In my experience, people who reach the C-suite often share two things: a mindset geared toward impact and a low-level fear they’re about to be found out.
Behind the title is a constant pressure to have the answers: for the CEO, the board, the regulators, and their peers. And when reporting lines are unclear, or data is patchy, that pressure turns into insecurity.
So if you want to influence a CIO, CTO or COO, bring data-led insight rather than personal opinion. They don’t want your feeling. They want to know:
- What’s happening
- What’s at risk
- What needs a decision
As part of their role, they’re reading dozens of board papers each week. Not skimming them, but analysing, understanding, and preparing feedback for the next CEO or board session. They don’t have time for waffle.
The inherent job insecurity doesn’t come from incompetence, but a lack of clear reporting, or weak internal structures can leave them flying blind, fueling their feeling of insecurity. If they’re spread too thin or unclear on their remit, they’ll struggle to implement a coherent strategy underneath them.
Your job? Build trust by being useful. Be precise. Be honest. Be the person they don’t have to second-guess.
Regulatory Responsibilities
I've spent the majority of my career working in and around the Financial Services sector. In the UK, both the Financial Conduct Authority (FCA) and the Prudential Regulation Authority (PRA) expect firms to demonstrate clear ownership of operational resilience, third-party risk, and systems governance. Here’s how that lands across these roles:
CIO
- Leads compliance with PRA’s SS2/21 on Operational Resilience
- Oversees IT general controls, cyber posture, and third-party vendor management
- Represents IT in regulatory reporting, remediation, and assurance reviews
CTO
- Delivers resilient, scalable technical architecture
- Ensures infrastructure meets business service recovery standards
- Provides technical detail during incident root cause investigations for the FCA/PRA
COO
- Owns operational continuity, BCP, customer service performance
- Manages first-line control testing, process failure handling, and remediation - May be designated as a Senior Manager Function (SMF) under the SMCR regime
Regulators expect evidence of role clarity, control ownership, and real-world operational resilience.
A Great Career Move: Embedded CIOs, CTOs & COOs
In larger organisations, there are often multiple CIOs, CTOs, and COOs aligned to value streams or divisions.
These roles report into a group-level exec and are responsible for:
- Delivering business-aligned change
- Shaping local capability and team culture
- Driving transformation in specific customer or product domains
This is a brilliant career step: you gain the scope and accountability of a C-level role, without the pressure of being on the board. It’s the proving ground for future execs.
What It All Comes Down To
Digital transformation relies on a trio of leaders (e.g., CIO, CTO and COO) each with distinct roles but deeply connected outcomes. When they’re aligned, you get pace, resilience and business value. When they’re not? You get churn, rework, and a very long year. The key is clarity: shared purpose, shared language, and the humility to stay in sync.
Coming Up Next…
In the next post, we’ll explore the different responsibilities of the two CDO roles, (Chief Data Officer, Chief Digital Officer) and how these roles work together and are aligned to the CTO, CIO, and COO roles discussed in this post.
