Archives
Readership Profile    |    AD Rates   |    Feedback
Home | Editorial | Cover Story | Focus I Perspective I Tribute I Feature I Events
 
Current Issue
 
Outsourcing
Bi-Monthly
Issue: Jul-Aug 2006
 
 
 
   
 


Da Technology Code

Technology has been accused of creating hype, and often rightly so. One of the new buzzwords is 'IT Governance'. Is it hype or is it real? Banking Frontiers Editor Manoj Agrawal investigates:
Is IT Governance hype or is it real? Says C.N. Ram, Head - IT, HDFC Bank: “IT Governance is not hype. At HDFC Bank, this is very oft discussed, though it is not mentioned as IT Governance. We discuss the roles and responsibilities of IT. We assist business and operations to ensure that customer service is inferior to none and the ability to create products is second to none. IT works with business and operations to ensure that the objectives are met. IT is as important as breathing.” In short, IT Governance helps bring about an alignment between business and IT.
Responds V.K. Ramani, President - IT, UTI Bank: “IT Governance is being looked at seriously. Corporate Governance assumes IT Governance as a policy. The board may not be in a position to assess the effectiveness of IT in the organization, but it must know what is happening and what are the risks. The board must look at how IT helps meet the objectives of corporate governance.” In short, no board today can shut its eye to IT Governance.

Aligning IT with Business
Aligning IT with business is an age-old objective. But the fact is that this is an art rather than a science. This alignment has been achieved, but in most cases it is through a combination of assumptions, trial and error, and often, sheer luck. So what is new today? At least three things. First is the a collaborative approach…the client server approach has been replaced by a peer to peer approach. Second is a focus on minimizing the risks of IT failure, based on the realization that IT failure often means business failure. Third is the realization that competitive pressures have shifted the decision making from return on investment (ROI) to customer service and satisfaction. Asserts Ramani: “Today IT strategy is a vital part of business strategy. Today, IT dictates how the organization responds to business.”



At HDFC Bank, IT is proactive in pushing business applications. It is IT that asked the questions: why not used the internet as a transaction medium for retail and wholesale banking; why not give customer the account aggregation facility; and so forth. It is IT that initiated the NetSafe Card, for one time purchase on the internet. IT also initiated imaging for account opening and form processing. Says Ram: “I am after my business guys as to why they are not using IT for this or for that. I am not waiting for business to ask for IT. Of course business is always making demands on IT. One of the major things that business asked for was straight through processing. Marriage between business and technology is a two-way street. Customers keep pushing the business and therefore business keeps coming to IT.” From the IT Governance point of view, because of nearness to business and operations, it is important to be on time and within budget. It is important to keep all stakeholders informed, says Ram. With so many people in the IT department, is it only the CIO who is responsible for IT Governance. Says Ram: “At HDFC Bank, we have a group called the Business Solutions Group (BSG). This group acts as the interface between the business groups and the core IT team.”

IT Governance Framework
Says Ram: “I don't think that IT Governance has been misused or abused. There are a whole variety of management philosophies from people like Drucker, Ghoshal, Prahlad, etc. In comparison, IT Governance is much more precise. It does not deal with management, finance, etc. IT Governance deals more with facts and figures.” HDFC Bank has been looking at IT Governance according to COBIT and ITIL, and how it can be implemented. The bank has engaged KPMG for the entire enterprise processes, as a part of its SOX compliance objective.


Are IT Governance and ISO 9000 related? Ram says that the difference between the two is that ISO is on a much smaller scale. ISO is about documenting what you do and doing what you document. IT Governance is about how do you translate IT into deliverables. If there is a change, how is it communicated to everyone concerned? The issue is how to ensure that every thing runs 24x7, ie everything is tested and everything is monitored. The issue is not only about handing and fixing every incident. IT Governance is about identifying the root problem that caused the incident and then solving the root problem so that the incident does not occur. If this is not done, then the solution keeps getting applied repeatedly, without any improvement.

Risk Management
How does one reduce the risk associated with IT? Ram says that the objective of IT Governance is to move from people dependence to process dependence, and hence one of the most important roles of IT is to monitor all processes throughout the organization. “So we have to document, we have to show that we monitor and this document has to be audited,” he says.
Ramani says that most boards do not know what is the real return on IT. He believes that one question that all boards should ask if IT has actually reduced operational risk. One way to do that is to questioning IT practices, as a part of IT Governance. He says that IT Governance is still a small noise today, and believes that RBI should actually drive IT Governance in banks.
Miscommunication has often been a big risk factor for IT projects. Does the IT head face communication challenges within the organization? In the cast of HDFC Bank, Ram says: “We do not face much communication challenges for the IT department. I report to the managing director and so do other business heads. All of us face the same governance issues. Our roles are clarified and hence here is no dissonance, no turf wards. Our business is to be in every situation. We have a say in terms of the ability to use technology for what the user wants to do. We try to understand the business pain. New ideas go through some kind of filters, so that we don't do hare brained things. Nor do we do technology for publicity sake or for technology sake.” Ramani adds an interesting angle. IT heads have often been observed to be overly keen to meet the stated business objectives. He says that this has inherent risks as business people do not understand the risks associated with IT. He said: “An IT person can loose face if he focuses only on appeasing management and adhering to all their demands.”



Innovation
IT Governance channelizes human creativity - you can do creativity and do in it a structured manner. IT Governance also minimizes financial jugglery. Says Ram: “In terms of R&D, we don't get taken in by flights of fancy. Our R&D is not about new technology. Rather, it is about taking mature technologies and see how they fit into our goals of cost reduction and revenue increase and improvement in customer service.”
George Wang, chief information and security officer at Reuters Asia, says that IT governance within the organization provides a formal structure that makes innovation 'safe'. Governance provides the framework for making relevant decisions in IT according to an organization's business strategy. Such a framework would include risk tracking and management, incentives to shape governance culture, policies that define which employees have the right to make decisions and be held accountable, and a reporting and scorecard system. Some employees may be deft at coming up with good ideas but may not be able to implement ideas well. Organizations can assign a separate team to manage the implementation of new ideas, and therefore, encourage greater innovation among employees. In addition, governance establishes a clear chain of accountability and command within the organizations, making it easier to spot and address mistakes at the appropriate levels.
One of the innovations at HDFC Bank was introduction of imaging in various processes. Says Ram: “Imaging reduced turnaround time by a couple of days and helped close two back offices - Kolkata and Delhi. We retained the ones in Mumbai and Chennai, resulting in substantial savings.”



Vendor Partnership
When it comes to selecting packaged software, CIOs have two choices. On one hand are packages from MNC companies that, though expensive, have a long history of been proven. Says Ram: "Such products are very mature and rarely fail. But mature products have an architecture problem. However, most of the times we are not using the products to the fullest and hence architecture problem is not a constraint." On the other hand are packages from Indian companies, that though relatively inexpensive, don't have a sufficiently long history of being proven. Comments Ram: “Indian products are less mature, but the features and the architecture keeps changing. Many Indian IT companies have been accused of using Indian customers as testing and training ground. But when it comes to relationship with us, our vendors see us as a learning opportunity and therefore value the relationship with us.” Historically IT buyers did their vendor selection based on cost. Then this moved up to total cost of ownership over a period of three to five years. What will be the next step? Will the IT vendor selection increasingly be based on long term relationship? What will be the basis of the relationship? At what point will a bank change its vendor? Perhaps IT Governance will evolve to provide the answers.

Conclusion
IT Governance, or shall we say, Da Technology Code, seems to be for real. The two stalwarts of banking technology that we interviewed for this story, stand solidly behind it. This is also substantiated by numerous comments that we came across when we ‘googled’ the internet. To be fair, IT Governance has its roots in Corporate Governance, and the latter has been proven beyond any doubt. Da Vinci Code may have its share of controversies, but Da Technology Code stands uncontested.