by Elizabeth Ferrarini

Each week about a million IT professionals take courses either online or onsite through one of New Horizons Learning Centers. In fact, since 1982, New Horizons has grown to become the largest publicly held IT training company in the world. The company has 255 sites in 50 countries and offers courses in every aspect of IT, ranging from Oracle databases to certification in Linux. New Horizons Worldwide, which had revenues of $500 million in 2004, owns the Learning Centers.

Shoukry Tiab, the Learning Centers's CIO, has the daily responsible of making sure that the network infrastructure enables students and the 3,000 instructors to collaborate with each other. Prior to joining the company, he spent 15 years as CIO of a post-secondary education company with 28 nationwide locations.

Enterpriseleadership.org sat down with Tiab to discuss the Learning Centers technology initiatives, best practices, and trends in corporate IT training.

EL: Can you describe your organization in terms of people, systems,  data centers, and so on.

ST: The IT organization consists of 30 employees working in categories such as desktop support, help desk, security, infrastructure and telecommunications, project management, and quality assurance.

One of our data centers runs the corporate office, while the other data center houses our enterprise applications for the entire network. Our network supports about one million students and 3,000 instructors and other staff employees. These folks log onto a backoffice application housed at that data center. We can track, book, and deliver our training through the Web. Our platforms include Cisco, Microsoft, and Hewlett Packard (Compaq).

EL: What is your IT vision for your organization's  success?

ST: Since we support a lot of enterprise applications, the organization's success depends on many factors, such as our workforce efficiency. Our vision focuses on how well we harness advancements in new technologies in areas such as telecommunications, bandwidth, and collaboration tools. Our success also depends on our ability to provide decision makers and the executive team with timely and accurate information.

EL: Can you talk about the types of collaboration tools you  use?

ST: Centra provides our training platforms. We use some WebEx and a combination of Microsoft products for internal communications and training. For the past four years, we've been using voice over IP (VoIP) for training, but not for our infrastructure. In fact, we've seen a double digit increase in our own training revenues as a result of VoIP.

EL: When are you going to move VoIP to the business side of the  house?

ST: It's going to blend in without anyone forcing it. Our infrastructure allows us to move to VoIP. The cost of adding equipment and interrupting the normal business process at this time outweigh the benefits we can get from VoIP.

EL: Any more innovative technologies you have deployed, either in  your business or in your training programs?

ST: Service-oriented architecture will help us to break the gap between the different units in our organization. It all depends on communication and how we do that. We finished a project to roll out Microsoft's SharePoint, a Web portal that allows people to communicate in a non-expansive method. This platform will provide a push-pull technology to allow our data centers and our people in the field to get the information they need when they need it.

EL: Your Web site has information on your corporate governance  policies. What forms of governance do you have in place for IT?

ST: We just completed our Sarbanes-Oxley audit, which was a roller coaster ride. However, we learned a lot from the experience. It forces organizations to look back at their process and controls, and manage them in a better way. We haven't used software to track the management of internal controls, although we have used some of the common industry standards such as COBIT (Control Objectives for Information and Related Technology) and COSO (Committee of Sponsoring Organizations). They both offer the open standard that is published by the IT Governance Institute.

EL: Do you use any quality initiatives such as Six  Sigma?

ST: We haven't instituted a complete Six Sigma process, but  we have learned a lot of lessons that are carried out internally.

EL: Like what?

ST: From a quality assurance perspective, the non-conforming process will definitely yield an off-the-chart negative result for internal operations. One of the Six Sigma lessons we learned is how to bring back a non-conforming process into a framework that can be measured and has expected outcomes you can improve.

EL: Where are you seeing demand for corporate technology  training?

ST: The need for security training keeps growing. Recently we've seen an added demand for software skills in the healthcare industry. Networking and security training uses a lot of IT resources. Business productivity is our most popular application for training.

Companies no longer look at how training shows employees how to use an application. They want to know how to improve their productivity by using a specific applications.

EL: What kinds of proprietary applications have you developed for  training that you use in house?

ST: We've worked on providing or customizing a learning management system. We also worked on providing the platform for delivering online training by tailoring applications ranging from Centra down to e-labs, which provides students with a live machine over the Web. In other words, we combined all of these things into one point of entry, which tracks where and what students do online, and provides a progress report to both students and their managers.

EL: Can students use a thin client on your network?

ST: Our system is more about Web access than thin client access. However, our 3,000 employees use thin client access daily. They do have badges they can use to plug in and get to their desktop, as long as they can get to a network that allows a secure connection.

EL: How does your job differ from that of CIOs in the corporate  environment?

ST: It encompasses enabling business process as well as providing the basic tools for these activities. Service is a big piece. Our business, at any one time, has more customers than most organizations, and the quality of the customer's experience depends on what we do in IT daily. So, unlike some other CIOs, I to know about and handle need the slightest problem the customer has with the network.

EL: How do you handle vendor relations?

ST: The greatest challenge of acquiring hardware, software, or services is accomplishing the many steps in the process. We want to use vendors who make it easy for us to acquire products. By standardizing on a couple of key vendors -- Microsoft and Cisco -- we've been able to leverage our large company buying power and get what we want from these vendors.

EL: Describe a risk you've taken and what was the  outcome?

ST: Every day we make decisions that have risk factors. For example, we took a big risk by providing an ASP model to offer all of our services to our franchisees. The outcome has been good. However, since we are hosting the backoffice databases, some franchisees didn't immediately warm up to accessing their daily business tools from us.

EL: Where are your cost-cutting, or cost-saving, efforts coming  from?

ST: We derive cost savings through process flow automation, as opposed to the application of hardware deployment. Each day, we can get a request, such as, "Can I get an application or a tool that can help me?" Often, the tool doesn't cover the big picture. We need to take the process from A to Z and find how can we make technologies integrate to simplify people's lives. That's where we see the cost savings.

Process automation and process-flow automation will become the IT buzzwords by the end of this year. We're no longer trying to hire someone who knows how to install hardware or software. We want a business analyst who understands how we can make the process more effective.

--

Elizabeth  Ferrarini is a freelance writer and an IT consultant from Boston,  Massachusetts.

by Elizabeth M. Ferrarini

For the past 30 years, Howard Schmidt has been at the forefront in the battle against computer crime, especially cybercrime. In fact, President George W. Bush appointed Schmidt as the vice chair of the president's Critical Infrastructure Protection Board in December 2001. The board reported to Governor Tom Ridge, then director of the Dept. of Homeland Security. Schmidt played a key role in developing the "National Strategy in Cyberspace," released in February 2003.

Prior to joining the White House staff, Schmidt was chief security officer for Microsoft Corp., where he oversaw the Security Strategies Group. It was responsible for ensuring the development of a trusted computing environment via auditing, policy, best practices, and incubation of security products and practices. Schmidt has also held key-level management positions in security for EBay.com, the Air Force Office of Special Investigations, and the Federal Bureau of Intelligence's National Drug Intelligence Center.

Schmidt is the co-author, along with Tom Ridge, of a book, called  Patrolling Cyberspace: Lessons Learned from a Lifetime in Data  Security. Enterpriseleadership.org recently spoke with Schmidt about his book, and the things C-level executives should know about managing enterprise risks, including security.

EL: What are some of the cutting-edge security methods described in  your book?

HS: There isn't anything "cutting edge." Tom and I wrote this book because people look at security and think that identity theft, hacking, and phishing began a couple of years ago. These things have been going on for more than 20 years. To this end, we take non-technical readers through a historical look at cybercrime and technology crime.

EL: Front-page news seems to occur when major companies have a security breach. What data security challenges do C-level executives face today and how can they best deal with them?

HS: For the past 10 years, companies have utilized distributed data systems, and data resides in many places. First, executives need to worry about where their most business-critical data lives. Is it at a third-party data center or on employees' laptops? Second, they need to know all of the different ways their data is being secured. They also need to know the third-party's data-retention policy. Third, executives need to examine the effectiveness level of their compliance with regulations, such as Sarbanes-Oxley, as well as how a third party handles compliance issues.

EL: How would you rate how major organizations are handling  cybersecurity or data security?

HS: Everyone is struggling with having data that resides all over the place. It's impossible for any organization to know where all of the data lives. Erasing something from the Internet is difficult. On the other hand, when a company's data breach becomes front-page news, the C-level executives at major companies say, "That could've been us! How would we handle this situation so we wouldn't loose customer confidence?" C-level executives are spending a lot of time looking at the quality of controls for complying with regulations.

EL: Physical security doesn't seem to get as much airtime as data  security. Shouldn't the two be treated as equally important?

HS: A lot of companies have some aspect of their data housed at a third-party location. Many hosted data centers do a good job of segregating each company's server cages from access from unauthorized people. If a business partner houses your data, you need to clarify the terms and conditions of the arrangement. You can use a service-level agreement, a legal contract, or some type of a compliance audit.

EL: Does it make sense for company executives, academics, and government professionals to come together to solve security problems?

HS: Yes. In the forward to the Black Book on Government  Security, I talk about being a contributor to the Black Book on  Corporate Security. The content of each book might be different, but the goals are the same. For example, the government is concerned about issues such as national security and public safety. Companies are concerned about business continuity. Both government agencies and companies use the same technologies, the same processing, and the same training methods to solve security problems.

Sharing best practices between government agencies, academic institutions, and major corporations is mandatory. No one needs to re-invent how to make security better.

EL: How do you determine how well security is doing in an enterprise?  Are there such things as security metrics?

HS: There's always been a lot of discussion about how to apply metrics to security. Take the two sides of the Y2K debate. Some people said they spent millions on the process, but nothing happened. Another group of people said if we hadn't have spent any money, then bad things might have occurred.

The same type of debate takes place with security. Some metrics look at how many viruses you might have prevented, or the number of vulnerabilities that might have existed versus the ones that have been patched. These metrics are customized to a particular environment.

Right after I left the Dept. of Homeland Security, I worked on a private-sector project to develop a model for ranking security issues. The Common Vulnerability Scoring System enables an organization to tailor the model to its own environment, and its appetite for developing metrics on what's acceptable and what's not acceptable.

EL: Since you left office, how well has the Dept. of Homeland  Security been handling cybersecurity?

HS: The government has been focusing on making systems better, as well as encouraging the private sector to do more. However, the private sector has done a better job of becoming more responsive to national security and public safety issues.

When I was at the White House, we worked hard to get the private sector to realize that national security is more about the business at home. The private sector responded by forming the Information Sharing and Analysis Center, which enables IT folks from the private sector to get together to further the goals set by the National Security Strategy.

EL: How effective is the chief security officer role in Fortune 1000  corporations?

HS: A few large organizations view the CSO role as a cost center or just an extension of the IT organization. However, the executive management team and its board at many major corporations count on the CSO to make the business run more efficiently and more trusted. There is a greater partnership with the CSO than ever before. At both EBay and Microsoft, both the CIO and I, as CSO, were peers. Having security outside of the IT organization reinforces the attitude that security serves a broader function than IT.

EL: If security is now perceived as a business issue, then how are  organizations helping a CSO deal with operational issues?

HS: As a result of this new perception of security, more and more companies have adopted a business risk or business continuity group council model to put all of the major stakeholders on the same page about issues that affect the integrity of business operations. The model brings together the CSO, the CIO, the CTO, the chief counsel, the head of human resources, as well as representatives from the audit and risk management teams. The council works on setting policies, examining new technologies for security, resolving compliance issues, and handling business continuity.

EL: For 2007, on what things do C-level executives need to  focus?

HS: The market for anti-virus and anti-phishing software has started to mature. As a result, executives need to look at emerging technologies, such as wireless. How can they protect remote workers who use their wireless laptops at airports, hotels, or coffee shops? Executives also need to look at making application vulnerabilities less of an issue.

--

Elizabeth M. Ferrarini is a technology freelance writer and  IT consultant from Boston, Massachusetts. Reach her at elizabethferrarini@yahoo.com.

by Elizabeth M. Ferrarini

When a major corporation files for bankruptcy, senior executives can take one of two paths: stay and help build the company to be better than ever, or bail out in search of greener pastures. Dan Wagner, the CIO of Global Crossing, the fourth top U.S. telecom company, as ranked by InformationWeek, is a  builder, a survivor, and a you-can-achieve-anything optimist.

Two months before Wagner was appointed to the CIO role at Global Crossing in 2002 , the company filed for bankruptcy. John Legere, Global Crossing's CEO, immediately enlisted Wagner, who had been running the company's European operation, to be part of the turnaround team. Global Crossing, a darling of the dot.com days, had racked up $12.4 billion in debt as a result of building a 100,000-mile fiber optic network.

Today, Global Crossing, which sells telecommunications products and services to organizations in 50 countries, is a leaner, more efficient and customer-oriented machine with improved IT business processes. In fact, the company's headcount has gone from 16,000 employees to 3,400 employees.

During the past four years, Wagner has diligently rebuilt IT, reducing spending from $300 million a year to $60 million a year, and cutting the IT workforce from 1,600 to 350 employees. He is involved in integrating the company's recent acquisition of Impsat, a Latin American-based telecom company, which will give Global Crossing, 1,200 new employees and 4,500 new customers.

Enterpriseleadership.org recently spoke with Wagner about some of the things he did to help turn the company around, especially in IT operations.

EL: Can you sum up some of the initial things you had to do as part  of your turnaround work?

DW: It has taken a massive, five-year effort to get to where we are today. We had no choice but to change and improve operations. Initially, we focused on reducing costs. For example, we reduced our IT cost by 80 percent from what it was in 2001. We also realized we had to increase our IT capabilities to the business.

We reduced our IT spending from $300 million to $60 million. Our operational expenditures were reduced by 50 percent or more. Our cash burden in 2001 was $400 million a month, and we are now cash-flow positive. This is a better place to be than the place we were in before.

EL: Can you talk about some of the key restructuring actions you  took?

DW: Before the restructuring, we had dozens of competing projects and lots of capital going out of the door. The first phase of restructuring included consolidating applications, servers, data centers and infrastructure, as well as closing down millions of square feet of real estate. We focused on the key applications that were good for our customers, good for our products, and good for revenue growth. For example, we reduced 17 billing systems to two, and took provisioning and order management systems from 25 to seven.

The next phase consisted of building an intelligent front office to make all of our employees more productive. Built on the Microsoft.net platform, the intelligent front office, for example, enables our sales force and our customers to see, and to manage, their services directly. This platform powers our external portals, enabling us to focus today on what's important to Global Crossing -- customers!

EL: Can you go into more detail about how the intelligent front  office works?

DW: We incorporated many things into our intelligent front office to improve the way our employees collaborate with each other as they do their work. We deployed a pretty extensive next-generation platform based on Microsoft Communicator. In fact, we built some of these capabilities into many of our applications, as well.

Take the org chart: you can look at it and see whether people are online or not. You can immediately click and talk to them, click and send them email, or chat with them. This presence-enabled infrastructure and functionality carries over to most of our applications. You can click and communicate in real time, while you're in a corporate application, such as order entry.

More than 90 percent of our employees use IP telephony, which is part of this integrated intelligent front office. Wherever I am in the world, I can pop on calls that have been flowed into my laptop and can communicate with anyone on our network or outside of our network.

EL: What have you learned from the traumatic experience of Global  Crossing's bankruptcy?

DW: I've learned that you can do anything you want if you set your mind to it. Of course, you need to have the right people with the right attitude. I have an irritating go, go, go model. However, it exemplifies what Global Crossing is about. Because of what we've gone through, we've created a culture of people hungry to serve customers passionately.

EL: What does your IT governance model look like?

DW: Reporting to the president, we have an executive team  that sets strategies and priorities. I'm part of this team.

Below that, we have a portfolio action committee consisting of the IT executives in the company, along with members of product marketing and finance. This committee manages all of the major projects and capital expenditures. Every two weeks, we look at the status of the priorities for product development, for operational efficiencies, and for IT spending.

We also have a steering committee made up of people who represent different functions in the company. They meet weekly to look at the progress being made in about 55 active projects. The goal here is to make sure everything is on track. If there is an issue, they come back to our action committee for resolution.

The good news is that there are no disconnects between these groups.

EL: You have 350 IT people reporting to you today. How have you  allocated these resources?

DW: About half of them include operations people who man the data center or the help desk. The other half of the workforce resides in strategic product development. We've decided to increase the number of people doing this software development. Our IP products, along with the intelligent front office, require a lot of software development. On occasion, we'll hire a team of developers -- perhaps a dozen -- to work on specific projects.

EL: What are you doing to keep customers excited about Global  Crossing's future?

DW: We're a huge carrier of VoIP, providing more than 5 billion minutes of it each month to about 600 carriers. We're also a big consumer of VoIP services internally, It's important for an IT shop to sell what it consumes, especially since it has saved us huge amounts of money. I spend about 50 percent of my time selling to customers.

In 2006, I went on 100 sales calls. Members on my IT team made 500 sales calls in 2006. Making sales close differentiates us from our competitors. Customers like that we pay attention to them and provide the products and services they're looking for.

The IT team has a lot of credibility because we can talk about our experience using our products. I go out as a testimonial to our product capabilities and technology know how. When I talk to a customer's CIO, I know there is an innate trust between us. We've become our own success story about why customers should do business with us.

At the start of 2006, I said, let's go from restructuring to revenue growth by helping the sales force as much as we can. IT people know more about the business than anyone else, especially how everything works across functional areas.

We've put IT at the center of our company's strategy, and it's been working for us. Perhaps the passion in our IT team's voice while talking to customers helped to drive revenue growth by 17 percent in 2005.

--

Elizabeth M. Ferrarini is a freelance technology writer  based outside of Boston, Massachusetts. Reach her at elizabethferrarini@yahoo.com.

by Mary Nugent

Internal IT organizations are frequently viewed as cost centers. While most business units assume that the cost of IT is too high, and that they can get better value by outsourcing, they should consider the undocumented services performed by IT. At the same time, IT must prove its business value by demonstrating its understanding of customer needs.

As the Internet enables enterprises to become "virtual," organizations must be able to share business systems with partners and customers. This trend is putting more pressure on IT departments. In fact, IT is no longer just focused on LAN or WAN; now it must deal with remotely dispersed servers, disconnected clients and public Internet connections. IT assets must be managed with guaranteed and reliable service levels. To cope with the new demands of service level management, many enterprises will look at outsourcing.

Is outsourcing less expensive than internal IT?

While many enterprises believe that using external service providers will automatically lower costs, analysts caution them to look closely at the breakdown of services offered by providers. According to M. Nicolett of Gartner, "Good business decisions can only be made with a clear understanding of current services and costs, the impact of change and the risk associated with IT services that do not meet business requirements."

Internal IT organizations must provide their business units with a complete list of services they offer. If this documentation is not provided, enterprises may pay more for outsourcing in the long run as they request services that were once standard with IT but were missing from the external service provider's initial quote.

What if outsourcing is not an option?

For some enterprises, outsourcing IT resources is not a viable option. For example, while security is a paramount concern, outsourcing IT may create rigid security precautions that do not allow for the same level of productivity. Also, some organizations may choose not to outsource because they do not want to give up control of their technology infrastructure, their applications or their information. If any of these concerns are present, the internal IT organization must adopt the practices of outsourcers to become a service provider to its own enterprise.

How is IT affected?

As a result of this new enterprise-internal service provider relationship, IT departments will be held responsible for providing business services in addition to IT services. For example, rather than monitoring just the performance and availability of each component (server, database, etc.), IT will need to ensure that the service levels meet the strategic goals and needs of individual business units and departments.

How does IT become a service provider?

Think like an external service provider

For starters, IT organizations must replace the term "end user" with "client." Referring to individuals as "users" is a thing of the past -- now everyone is a "client" or "customer." This change in thinking leads to the biggest hurdle the IT organization faces -- becoming an effective communicator. The entire IT staff must improve its communication skills and business acumen. Becoming a good communicator means learning how to sell the IT value proposition. "Selling" does not come naturally to a technical person so IT staff must be trained to understand their customers' businesses and to effectively communicate with the business units.

Define good service levels

The basics of "who, what, when and where" apply to any service levels that are agreed upon with the customer. Who is responsible for what, how often it will be reviewed (when) and where the review process will occur.

Also, IT must define services within the context of business strategy and customer needs. According to Kris Brittain and Richard Matlus of Gartner, "…defined services are an amalgamation of the internal and external elements from a business and IT perspective."

Clearly communicate the value proposition of IT services

IT organizations are used to focusing inward on technology. Now they need to focus outward on communications with the business units. According to D. Curtis of Garter, "To optimize its contribution to corporate profitability, [IT] must also focus outwardly on regularly communicating with business stakeholders."

IT must proactively demonstrate that it understands its customers' needs. If not, the business units may turn to outsourcers because they think external service providers -- who use the same business terms as business units -- are more familiar with business needs and have better processes than internal IT. However, Nicolett points out: "The internal IT operations group can solidify its position as the preferred service provider by defining current services, developing granular cost information and leveraging its potential for customer intimacy."

Also, according to Martin Rosenberg of META Group, "… IT executives and [business unit] managers should jointly assess IT investments by regularly running tactical and strategic services planning meetings." IT can achieve this by identifying business "gurus" who will agree to act as the IT organization liaison to the business group. Getting these experts to feel as if they are a part of the "team" is important. IT should work at this relationship through frequent, personal contact, such as lunch dates. Otherwise, as B. Gomolski and J. Grigg, of Gartner, write: "If personal contact is limited to the office, it will be difficult -- if not impossible -- for the [IT] outsider to become a management insider."

At the same time, Curtis says, "This communications path must be a two-way street, meaning that the [IT] organization is not the only stakeholder. The business units must also identify the parties responsible for their end of the negotiations."

Curtis goes on to say that communicating with business units about service levels on a continuous basis will help IT to better meet service levels. "A defined process to renegotiate SLAs because of changes in the business environment will ensure that the IT infrastructure continues to perform as needed by the business units."

Assigning a value to and charging for services

Rosenberg says that IT organizations should offer variable pricing linked to availability options, similar to those of external service providers. Different levels of services should be offered at different costs so the amounts charged back to business units are based on specific requirements. This "…enhances the enterprise's ability to better compare "apples to apples" in services that are internally sourced to those offered by external service providers," say Matlus and Brittain.

Defining SLAs that govern services

Often when business units ask for SLAs, they receive raw data, which is not relevant to what they want to know. Business units require business-focused metrics. These metrics must be clearly defined and understood before SLAs can proceed. IT and business units must agree on key performance indicators, such as what is being measured, what form it will be in and the types of reports that will be provided.

According to Brittain and Matlus, the IT organization determines the terms and metrics of these SLAs, which are documented as service commitments and communicated to the business units. They go on to say that often times SLAs are not met because lack of communication and failure to set expectations. They suggest that IT and business units need to agree on service levels to be measured and on each other's roles. Internal IT must be willing to accept SLAs as performance to work against and define penalties for when SLAs are not met need to be defined. Also, IT should evaluate current service levels so that it is aware of what is realistic before guaranteeing SLAs to business units.

In addition, a well-defined SLA has a language common to both IT and business units, which reduces the cost of having to explain reports, according to B. Gassman of Gartner. Accuracy of metrics is important to their value, and the value should be determined by what the customer requires so that only relevant metrics are published.

Adopt new tools to address the unique requirements of a one-to-many  model

IT needs a solution with a multi-tenancy architecture that enables it to deliver a highly scalable and reliable application with low administrative costs. Then IT can easily, reliably and seamlessly support large numbers of customers (business units).

Continually review practices and look for industry-adopted templates for IT  service

IT should examine current operations to identify ways of improvement. Nicolett suggests that to be proactive in its marketing to business units, "the IT operations group should implement best practices independent of any outsourcing evaluation."

To better position themselves against external service providers, internal IT organizations should have both a detailed service description and well-defined process. A formalized approach to supporting business initiatives is best. To do this, IT needs to get formal acknowledgement from business units that certain levels of service are necessary.

Summary

IT organizations must continually communicate with their business unit customers to ensure a good working relationship and long-term success. Changing the language used and focusing on how service levels relate to business needs will help demonstrate IT's value to the business units.

--

Mary Nugent is an accomplished software technology executive with expertise and in-depth knowledge of information technology. She is responsible for the development of projects around Business Service Management (BSM) for BMC Software.

by Dana Farver

The Internet has come of age, and organizations continue to find ways to leverage the power of the Web to build, and improve, relationships with customers, vendors, partners, and employees. Even that bastion of tradition and stability, the banking industry, has come to appreciate Internet resources that far-thinking IT groups are utilizing to become more customer-centric than ever. Witness Wells Fargo, whose executive vice president for wholesale Internet solutions, Danny Peltz, was chosen as a Bold 100 Winner for Commercial Electronic Office by CIO magazine. Enterpriseleadership.org caught up with this banking exec recently to talk about how his group adds value to his business, keeping morale and productivity high (free food is part of the answer!), and the greatest risk he's taken so far in his career. Here's what he said:

EL: Can you tell us a bit about yourself, about the Wholesale Internet and Treasury Solutions Group at Wells Fargo, and how you came to head up this group?

DP: I've been with the bank for about 16 years and have worked in a variety of different capacities, including finance, project management, marketing, and incentive compensation project management. In 1999, Wells Fargo decided to make a big investment in the Internet. You've got to remember that at that time, the thought was that all banks were going to "become dinosaurs," and we were going to be "dot.com'ed" to death! Each and every line of business was leveraging, or hoping to leverage, the Internet as an avenue for growth at the bank. And if you know anything about Wells Fargo, you know that our focus is on topline revenue growth. So utilizing the Internet was a pretty key issue, going all the way up to the CEO of our company, Mr. Dick Kovosovich. He decided to form a centralized group that focused exclusively on the Internet, and it was at that time that the Wholesale Internet and Solutions team was born. I would've been Employee #2 in that group, along with a gentleman named Steve Ellis. The two of us built out a variety of different services focused on our customers, of which the flagship product was the Commercial Electronic Office (CEO), and that just grew like wildfire at the company. As it grew, its importance to our customers and to our relationship managers within our company also grew, and our responsibilities increased. Eventually, Steve got promoted and I got promoted, and that's how I wound up heading the Wholesale Internet and Treasury Solutions Group.

EL: What is "CEO"?

DP: CEO is our Commercial Electronic Office. It is a single-sign-on, financial-services portal that enables our larger, business customers, through a single interface, to access all the products and services that we offer them. And I define "larger business customers" as customers with essentially $10 million in annual sales, all the way up to the largest companies on the planet. The CEO has had spectacular growth. Since 2000, we have gotten about 70 percent of our commercial customers to actively use the CEO on a daily basis. And we process trillions of dollars worth of payments on an annual basis through that platform. It enables us to access products and services such as treasury management, brokerage services, credit services, trust services, foreign exchange services, letters of credit, 401k services, etc., all through a single interface.

EL: That probably reduces a tremendous amount of confusion and  duplication of effort.

DP: It made it much simpler. Most other banks at the time really delivered Internet functionality through each one of those lines of business, and we decided to take a holistic approach to our customers. Our business model stood true over time, and most of the other companies are now continuing to play catch-up with us.

EL: That was probably quite a challenge for the IT  group.

DP: I don't know if it was as much of a challenge to the IT group as it is the convergence of business and IT. It changed the way that we approached business. My philosophy about IT is that when my business people are confused for my IT people, and my IT people are confused for my business people, I know that I'm successful. And all of them need to be incessantly focused on what the customer wants and needs as opposed to what the bank needs, and that makes us super successful.

EL: We are curious about the demographics or trends for Wells Fargo's online commercial business these days. Has it become dominated by a small number of major players, or is there still a lot going on with small businesses online?

DP: Well, obviously the bank has had successful penetration rates for the small business line; in fact I think 53 percent of our small businesses actively bank with us online, but not on the Commercial Electronic Office platform. The CEO has 70 percent of our commercial customers, so it's not small businesses, its all businesses. And what we found is that the more control and products and services that you can give to a customer, the happier they are, because they're able to manage their own finances as opposed to waiting for the bank to support their needs.

EL: We've interviewed a number of CIOs since we launched a year ago, in many different industries -- hospitals, government, academia, as well as the retail sector -- You're the head of a group that provides products and services for the 5^th largest bank in the U.S. What is it you need to do to add  value, to keep your business competitive, in your particular  area?

DP: Probably the most important thing is to focus on is the end user, the customer, and to keep things as simple as possible. And then, to provide them with the right workflow tool, so they can accomplish what they need to. The interesting thing for me in terms of how the industry has evolved is as clear as the difference between a client-server application and a Web-based application. In the old days, there was an extreme divide between where the bank ended and the customer began. The workflows that happened in the customer's office were distinct from the workflows that happened in the bank. But the Web has allowed us to create a greater interconnection, and those boundaries no longer exist. So, we're now an extension of our customers' workflow, as opposed to an extra step, and by focusing on what our customers need and the ease of use of our products, this has enabled us to be successful. I usually frame things in three different ways when building out new functionality: 1) How is what I'm building going to make it easier for my customers to do business with their customers, partners, vendors, employees; 2) How is what I'm building going to make it easier for our customers to do business with us; and 3) How is what I'm building going to make it easier for my relationship managers, sales force, and staff to do business with my customers. If you can frame everything you do within those three questions, you're probably on the right track.

EL: What quality initiatives do you find most effective for your  organization?

DP: I'm a big believer in organic growth and organic ideas and innovative thinking, and we don't use an "off the shelf" industry standard quality initiative like ITIL or Six Sigma. We basically create Pillars of Truth, and we try to focus all of our development and efforts around them. Those are: We want to be 99.9 percent available for our customers, we want customers to be one click away from where they want to get to, we want to make sure that everything we do is centered around the customer, and focused on what they want to do, and we test out our ideas with our customers first, and we never do anything like a "Big Bang" type of migration; we're always doing progressive rollouts and migrations. It's a slightly more costly way to do business, but it's a better way to do business because you have a better service delivery model.

EL: We've read that you and your group are constantly upgrading your commercial Web portal to be more customer-friendly, and thus encourage more revenue per customer. Can you talk about some of the ways you've done this, and your philosophy in general about customer service in an age of depersonalizing customer contact?

DP: That is an excellent question, because our business is all built on relationships. And so, I am in the business of creating more contact because it allows us to strengthen our relationship with that customer. So, when we went out on the Internet, it became quite clear to us that this was a channel, and not the channel, and that it was not a cost-cutting play, but a revenue growth and customer experience play. And by focusing on it that way, we enabled those existing customer service people who were already servicing those customers to have access to more tools, to be able to service them online. And so, if our customers always called Judy down in the call center, we wanted them to continue to do that, but to also enable the access to the tools to support the channel within that call center. And that's been extremely important because -- and this is what's interesting to us -- the more a customer calls us, the more satisfied they typically are.

EL: We understand that your group has also made strides in cleaning up your internal systems architecture. Based on what you've learned and implemented for your external customers, can you talk more about that?

DP: What we learned pretty easily was that people like single sign-on. They don't like to remember all these passwords and usernames. So, it was obvious that, once we understood the technology, by creating a single sign-on portal for our employees to be able to access their tools was a pretty important initiative. And so we built out what we call the ICEO, or Internal Commercial Electronic Office, which allows our employees, through the single sign-on interface, to access the tools that they need to support our customers. And really, this was an effort to simplify their day-to-day business line so they could spend more time on the street and less time focusing on how to manage the bank.

EL: So Danny, what do you think has been the greatest risk you've  taken so far at Wells Fargo?

DP: I think the greatest risk is the incessant focus on doing things as simply as possible for the customers, because this sometimes means taking technology risks. I'll give you an example: We offer our commercial customers a desktop deposit solution that is an Internet-based, remote deposit capture solution that enables them to take their checks, run them through a scanner, and deposit those items online When we went about building that out, we took a different tack than the rest of the industry. The rest of the industry decided that they could not do this without having software loaded on the customer's location. And for us at the bank, that required software maintenance, software distribution, interfacing with the customer's IT organization, and not a lot of flexibility in terms of changes over a long period of time. And I basically put my foot down and said no, we're going to figure out how to do this on the Internet; I don't care how complicated we think it is, that's the easiest way for our customers to be able to do business with us. While the rest of the industry was going one way, we went another, so we were the first bank, or vendor for that matter, to roll out an Internet-based tool. It has shown that we were right going in this direction -- while it was a risk that we may have some execution problems, if you put huge challenges in front of people, they'll step up, provided they're smart and have the right resources. And in a little over a year since our launch, we have over 10 percent of our commercial customers depositing electronically with us, and all told, I think we have somewhere close to about $71 billion in deposits going through our Check 21 service.

EL: How do you maximize productivity within the group while keeping  up morale?

DP: I buy them food! No, I think that's the great question: How do you keep a "crusade mentality" as you grow and mature within a large organization? The good news is that success begets success, so as we've been successful, we've been asked to do more things, and so we've gotten more people involved. And those who started out originally with us have gotten more responsibility and have grown within the organization. We realized early on that this was a marathon, not a sprint, and while we run really hard, we also have fun together. And so, it's not just about working people hard; we have company picnics and end-of-the-year celebrations, routine parties, and celebrations of milestones and accomplishments, because without that, I think people would feel there was something missing in their day-to-day lives. And we also do buy food, and, we allow people to dress how they want. We look much more like a dot.com of 2000 than we do a financial institution of 2006.

EL: They probably feel more relaxed and more creative as a  result.

DP: Yeah, and you know, the other thing that I do is I have what is called a "fishnet organization." That fishnet organization allows me the flexibility to move people around to new things, so that the power of the organization doesn't rest within the hierarchy, it rests within what people are doing and the projects that they're on. And as they complete those projects, we move those people around in the organization. That allows them to get their head around new ideas and new activities. In the first 100 days of a new initiative, I've found that the best ideas come from people from other projects with different perspectives.

EL: That's really smart, because when people get so overly focused on the hierarchy, they sometimes lose focus on getting the job done.

DP: Exactly, and people lose sight of the fact that it's  what they're doing, not where they sit.

EL: We know that your group's infrastructure at Wells Fargo has become service-oriented architecture, or at least you're moving in that direction, but you believe that not every project should be opened up as a service. Could you talk about that, and tell us what are your criteria when you're deciding whether or not to make a function a service?

DP: When you start making functions services, if you continue to do that, you all of a sudden increase the management of those services. And I believe that there are not that many services that we want to be able to share across many different applications. And so I really want to make sure that at least three, four, five applications that we know of today would want to consume that service before I'm willing to actually make it a shareable, callable service. It requires somewhat of a change in philosophy of development. I think the great hope was that everything would become services and that you'd be able to compile applications on the fly. And I think the reality is that life is not that simple, and that you need to be very measured in how you're using these Web services. Having said that, SOA a great tool for the right uses.

EL: What cost saving initiatives do you use to keep  competitive?

DP: Well, again, I focus a lot on the topline growth and the customer, and improving the quality of service. Because I think in banking -- and let's be honest here, nobody actually wants to do banking -- the easier you can make it for your customers, the more satisfied they are, and we're in a business where the average delivery is very average. We happen to be in a position where our delivery is considered by the vast majority of our customers to be either very good or excellent. So, I'd rather spend a penny than save a penny, but make people happier, because they're going to stay with me and buy more products.

by Elizabeth Ferrarini

By combining two different service quality methodologies, Xerox Corporation realized more than $150 million in economic profit during 2004. Dave Rowlands, the vice president of Lean Six Sigma for Xerox North America, says that a good chunk of this profit came from reducing IT costs in areas such as application development and network infrastructure. Rowland's recent book -- What  is Lean Six Sigma? -- explains how the marriage of the two service quality methodologies can help midsize to large organizations cut costs in most operational areas, while improving service to either internal or external customers, or both.

Rowlands recently took time to talk about the concepts in his book, and to provide plenty of examples of how Xerox used Lean Six Sigma to cut IT costs. Here's what this 14-year veteran of Xerox had to say:

EL: Can you provide a quick overview of the key differences between Lean and Six Sigma and what do you get when you combine them?

DR: Six Sigma focuses on reducing variations, capturing the voice of the customer, and reducing the cost of delivering customer requirements. On the other hand, "Lean" is a methodology that came out of manufacturing. It focuses on creating value flow to the customer and not creating any type of cost associated with non-value add. The combination of the two can result in making work better (using Six Sigma) and making work faster (using Lean principles). This quality improvement method provides you with tools to identify quality problems and to eliminate waste in your work area.

EL: Did Xerox develop the concept of Lean Six Sigma?

DR: We're one of the early adopters of putting both concepts together. In the early 1990s, we started using Lean in our manufacturing operations. We got very good at producing things better at less cost. As 2000 approached, I talked to our quality team about doing both Lean and Six Sigma. At first, the team was hesitant about the move for two reasons: few companies were doing it, and no one had a good understanding of how the two methodologies could work together.

EL: Are there any differences in the way you apply Lean Six Sigma to  IT initiatives than to sales or marketing areas?

DR: No. You use the same methodology for IT as you would for other areas. For IT, a lot of the voice of the customer area focused -- at least for us -- on internal customers, the people who use these systems within the company.

EL: Can you talk about the specific IT areas in which you've applied  Lean Six Sigma?

DR: We've used it to reduce infrastructure costs resulting from our outsourcing agreement with EDS. Specifically, we've looked at how we could get a higher level of Help Desk service at a lower cost and with faster turnaround. We applied it to storage by examining how we could reduce the amount of storage required and the number of servers. We also looked at how we could do a better job of predicting when to consolidate servers, and purging and archiving what we do.

The basic Lean Six Sigma tools enable you to collect data, and then structure that data so you can make rational decisions. To this end, you'll be able to either elevate your level of service or reduce your cost for the same level of service.

When it came to applications development, we looked at how we could get faster adoption rates for the things we developed, how we could test things more efficiently, and how we could predict earlier in the process when something was going to reach maturity.

EL: Looking at infrastructure areas, can you discuss some specific projects to which you applied Lean Six Sigma successfully to reduce costs?

DR: One project consisted of looking at the infrastructure cost per telephone and the level of service our sales group in Canada was providing to customers. Our research showed that we were paying a certain price for all of these internal phone and voicemail systems. By mapping out the different source of phone services and the cost for each, we were able to devise a new model for telephone service for our sales force. We migrated these folks onto a consolidated plan that provided a remote voice mail link which could loop back to the main Xerox phone system. So we offered them the benefits of a cellphone at the reduced cost of a standard, high-volume plan. At the same time, we got rid of the unnecessary telephone infrastructure and the support.

As the applications development projects get larger, the business requirements documents get more complex, and the variation in our estimates of how many errors there are gets even larger. As a result, we get worse at predicting when a project will be released and the level of maturity. We use Lean Six Sigma to study the correlations between the size of the project and the estimation for what it will take us to finish it.

We've also used Lean Six Sigma to study the role throughput yield of developers. Yield is the one-stop process of looking for defects. Role throughput looks at how many of the steps in a multi-step process you can get through without defects. It's a good indicator of how much rework and how much cost is involved. For example, poor role throughput yield means there is a lot of hidden waste in rework and inspection. In turn, you'll have poor predictability of release.

EL: What improvements have you made in application development as a  result of your Lean Six Sigma findings?

DR: We changed the way we set up large projects teams to avoid unnecessary manpower costs. For example, we found that you'll get better cycle time if you use more developers on a project. However, the marginal yield -- the amount of additional testing needed -- drops off dramatically with just three developers. So, we now assign three or four developers to a sub-section of a project.

EL: Can you give me an example of a non-IT area in which you  successfully used Lean Six Sigma?

DR: Another example was our spare parts usage throughout our 14 different service districts. We looked at the usage of parts for identical pieces of equipment. We had a 200 percent variation from best to worse. For example, the best in the country could create a level of service with half the parts budget of the worse in the country. Mapping helped us to find out the differences in the process and move everyone to the best. Then we looked at how we automate these into our ERP system.

EL: What kinds of analytical tools or software packages do you use to  carry out your Lean Six Sigma analysis?

DR: We use a lot of basic analytical tools such as process maps, and praetors. When it comes to the next step of understanding the real differences between different processes, we use statistical tools, such as hypothesis testing. Minitab is an industry standard for doing control charts and hypothesis testing. Our approach is to get results by using the simplest tools possible.

EL: Are you doing a lot of Lean Six Sigma projects with your external  customers?

DR: We've taken the approach that we aren't trying to sell you copiers; we want to provide you with document management solutions for problems you have and find opportunities for you. We might talk to a customer about doing a workflow assessment in their office. In this case, we'll use Lean Six Sigma to find ways to reduce the time it takes them to do work, to improve the quality of work, or to reduce the cost, all at the same time. For example, we used Lean Six Sigma to study a large bank with 3,000 copiers and printers located in various offices. Just by understanding who was using the information, how they were printing their information, and what their costs were, we cut their number of machines to 400 and cut their costs by one third, while continually improving the quality of service.

EL: How has Lean Six Sigma initiatives contributed to Xerox's bottom  line?

DR: The ultimate measure we use is called economic process. It's a net operating profit after tax and after cost of capital. It directly benefits our shareholders. If you generate economic profit, you're generating bottom profit for the shareholders. It helps us to decide which projects to go after. You can do a cost-saving project, revenue producing project, or an inventory reduction project.

Internally, we've generated more than $150 million in economic profit during 2004. These are reductions in our operational costs and driving our revenue.

--

Elizabeth M. Ferrarini is an IT consultant from Boston,  Massachusetts.

by Elizabeth M. Ferrarini

The CIO role at organizations with more than a $1 billion in annual revenues has changed. That's the finding in Ellen Kitzis's, book, The New CIO  Leader. A group vice president at Gartner's Executive Programs -- a membership-only program for more than 2,000 CIOs -- Kitzis says that many large corporations have one corporate CIO, who is responsible for the overall strategic direction of IT, and dozens of other CIOs, who are responsible for keeping systems up and running. However, that CIO model doesn't quite fit The Hartford Financial Services Group, one of the largest and the oldest financial investment and insurance companies based in the U.S.

With annual revenues of $2.3 billion, The Hartford has a corporate CIO and senior vice president (Ken Auman) and five regional CIOs, each directly aligned with a specific business division. Together, this team of six IT senior executives oversees the leadership of 1,800 IT professionals. The role of a divisional CIO at The Hartford, however, can make or break how competitive a division's product will be in the marketplace.

Andrew MacDonald functions as the CIO for the personal lines division, overseeing a staff of 250 IT professionals and about 150 contractors, depending on the projects at hand. He, along with the other divisional four CIOs, reports directly to Auman and indirectly to the president of the personal lines division. MacDonald's role does consist of developing and maintaining systems support of the personal lines operation. Moreover, his role has two strategy components: ensuring that the IT team can provide products and solutions to meet the division's ongoing needs, and providing defined business value through key investments to meet future needs. Prior to joining The Hartford in 2002, MacDonald worked as a vice president for strategic alliances for a worldwide product vendor, where he gained experience delivering complementary products to support the mission of international organizations.

Enterpriseleadership.org recently spoke with Andrew MacDonald about his role  as a divisional CIO. Here's what he had to say:

EL: What does your governance model look like?

AM: The company has several governance boards -- one board covers the needs of the property and casualty business, and the second board governs all of the business strategies. The latter looks at how we're going to drive business value for The Hartford. A portfolio management team governs corporate business strategy execution within each division.

EL: At a recent Computer Science Corp. conference, you told the audience they need to take a hint from the fast-food industry and adopt a pilot approach to developing new products. Can you talk a little more about this concept?

AM: Traditionally, the insurance business has not taken advantage of IT. That attitude has started to change. We're now seeing a lot of new players getting their products faster to market than some well-established companies.

At the conference, we talked about how companies can approach new ways of doing business by deploying IT systems. For example, the fast food industry tends to identify a market, tests the product in a specific market, and then decides if the test results justify rolling out the product to other markets. We also tend to identify pilot opportunities, test the market with the new product, and weigh our market share opportunities. We use new techniques, such as speed to market, to gauge their effectiveness. For example, the configurable engines in our rating systems and our underwriting systems enable us to make product changes very quickly.

EL: Computer Sciences Corp. is a big Six Sigma company. What kinds of  best practices do you use at The Hartford?

AM: Many years ago, we started using Six Sigma methods to make business operations more efficient. The large-call customers that support our customers have benefited greatly from Six Sigma.

We've started to look at how IT can leverage Six Sigma alongside of our mainstay best practice, Capacity Maturity Model Integration (CMMI). These two best practices can help us to measure our IT transformation and to help us make better use our of IT talent across the five divisions.

We use CMMI to measure the effectiveness of our applications development process. We also use the IT Infrastructure Library in support of our actual products.

We recently created a shared service that is deploying both CCMI and ITIL across our five divisions. This shared service enables my group to focus on the applications suite used in the personal lines division.

EL: You mentioned an IT transformation at The Hartford. Can you go  into more details about this?

AM: We began this transformation in 2003 to look at how well we get things done. We needed to drive more capabilities into IT. Where it made sense, we decided to leverage outsourcing to maintain some of our legacy applications. This structure has enabled us to have our talented IT people work on new products.

EL: How is the transformation helping to drive cost out of  IT?

AM: Each division's portfolio management group is helping its respective IT organization make better business decisions. For example, we want to create full transparency about where we spend our money. This goes for both on-going maintenance and the investment in new products. What does and what doesn't provide a competitive advantage to The Hartford are important business decisions. That's the whole idea behind the transformation. The process has created a much-needed dialog between IT and the divisions. It has allowed that transparency to be leveraged.

EL: Do you have any CIO rotation program going on where you spend  some time running a business unit?

AM: No, we don't have any such rotation program. The model is to have each CIO linked to the respective divisional organization. We try to sit with the division folks, attend their leadership meetings, as well as meetings with the corporate CIO and the president.

EL: As part of the transformation, what types of IT talented are you  seeking?

AM: We're focused on how we can hire the best talent possible and to continue to nurture talented professionals. We're hiring a lot of MBAs to be business analysts. We're also looking for professionals in project management and software architecture. We're heavily developing both of these areas.

EL: What is the role of business intelligence in your  organization?

AM: We're tracking other IT shops to determine what capabilities they have to support their business units. Specifically, we want to look at how some of our competitors are leveraging IT to deploy new solutions. We're constantly looking around to see if they are using best practices or are there better things we should be doing.

--

Elizabeth M. Ferrarini is a freelance technology writer and  IT consultant from Boston, Massachusetts. Reach her at elizabethferrarini@yahoo.com.

by Elizabeth Ferrarini

Staying on stop of best business practices in IT -- especially for privacy, security, and new technologies -- has become a hallmark for the CIO at one of the largest teaching hospital organizations in the United States. Dr. John Halamka has managed to combine his training as a medical doctor with an innate ability to understand all aspects of computer networking.

Dr. Halamka oversees the IT needs for CareGroup Health Systems' three major Boston-area hospitals -- Beth Israel Deaconess Hospital, Mount Auburn Hospital, and New England Baptist Hospital -- and three community hospitals. Together, the six CareGroup facilities have about 12,000 employees, including 3,000 doctors who see about one million patients per year. Halamka is also an associate dean of Harvard Medical School where he spearheads all of the technology programs.

Halamka got a jumpstart on EDI long before HIPAA came along, and his security and privacy practices at CareGroup appear as a case study in a book by the National Academy of Sciences. He took a minute to answer some questions about what he has been doing in EDI, security and privacy, how he keeps up with technology, what he learned from an outage that plagued two hospitals for almost two days, and what types of technology he uses every day.

EL: Can you summarize the high points of your entire network  infrastructure?

JH: About 225 employees maintain the IT infrastructure consisting of 8,000 desktops, 32 terabytes of storage, and 25,000 network ports throughout the 45 miles of wide area network (WAN). A 155MB per second SONET backbone connects the WAN. Most of the networking gear -- firewalls, virtual private network (VPN), routers, and switches -- comes from Cisco. Either Hewlett Packard UNIX servers or Compaq Windows 2000 servers front end several EMC Symmetrix storage area networks. A StorageTek tape library handles all enterprise backups.

EL: Once you were finished planning for Y2K, you had to start worrying about HIPAA. How did you lay the preliminary foundation for HIPAA requirements such as electronic data interchange (EDI)?

JH: Back in 1998, even before Y2K, the CIOs of our provider organizations formed a consortium to enable the entire New England payer provider community to create EDI transactions among ourselves for free. The New England Health EDI Network went live in 1999 before HIPAA EDI transactions for benefits and eligibility.

Since that time, we've used a common infrastructure -- basically Napster for healthcare -- or point-to-point interaction using a VPN between payer and provider. The VPN sends encrypted transactions through a common gateway we've built for referral authorization and our claims, and Web status inquiries. In October 2002, we completed all of the EDI HIPAA transactions for New England.

EL: Privacy is a challenging area for all types of organizations. How would you rate your privacy best practices for the past few years?

JH: I'd rate them as excellent! We're one of the test cases  featured in the leading book about healthcare privacy. For The Record --  Protecting Electronic Healthcare Information, published by the National Academy of Sciences, covers best practices in authentications and access control, auditing, physical security, and disaster recovery.

EL: What kinds of initiatives do you have in place for  privacy?

JH: Since the early 1980s, we've been auditing every transaction that goes through any one of our clinical systems. We've got a Web site called PatientSite where any one of our patients who has received the appropriate authentication credentials can review his or her security audit online. We can also give a patient a printout of the security audit.

We've got a strict no-tolerance policy for confidentiality violations. About three or four employees get terminated every year because of these violations.

EL: What have you been doing to increase privacy?

JH: Each employee needs to be completely trained in all aspects of privacy. For example, every patient needs to be notified about our privacy policy and to sign off on it. A patient needs the opportunity to opt out of certain things, such as automatic enrollment in fundraising activities. We require a great deal of manpower to train our 12,000 employees. So we've selected individuals from key departments, such as IT, human resources, and medical records, to work together to conduct training sessions.

EL: You can't have privacy unless you have security. Unfortunately, HIPAA still doesn't have a hard and fast security rule right now. How did you decide what best practices to use?

JH: You need to sort of make one up. In other words, ask yourself, what are those security elements that are absolutely required to meet the privacy regulations, effective April 2003.

We've had some very good security best practices for many years. For example, every Internet transaction always has 128-bit secure sockets. All strong authentication passwords must have a minimum of six characters, consisting of alphanumeric characters; these passwords expire in 90 days.

Based on the information in For The Record, we created a grid to rank the security provisions for each one of 400 different IT systems. Because there is no security rule, we're not sure if 128-bit secure sockets are good enough. What about Triple DES? We looked at all of those things that didn't meet the spirit of best practices. We've begun to remediate, for example, systems that didn't have passwords or didn't have audit trails.

EL: What are your feelings about security technologies such as PKI  and biometrics?

JH: We tried PKI about four years ago. It didn't work for us. Maintaining 12,000 certificates for that many employees can became an administrative nightmare. We use PKI, in one sense, to do secure email between our trading partners. A company we use offers a secure, SMTP gateway for certification exchange between organizations. Each transaction remains encrypted as it travels over the public Internet from payer to provider or between two large provider organizations. These aren't personal certifications, but organizational ones.

Biometrics doesn't work very well in healthcare. You can't have false negatives. Imagine you're attending to a critical patient. You can't get the patient's chart because the patient has a sweaty thumb print.

EL: Is there any special device you use to handle  authentication?

JH: We use a device from BlueSocket on both our wireless and our wired networks. The device hits the LDAP directory. We think WEP or the wired equivalent privacy protocol isn't sufficient. It uses a single key for all clients. Once someone cracks the key, your security is compromised. With the BlueSocket device, you need to specify your user name password in order to access an application.

EL: Shifting gears from security and privacy, what types of new technologies are you considering that will enhance the quality of care physicians provide to patients?

JH: We're carrying out RFID to track critical medical equipment in the emergency department using devices from Pango Networks. Over the next year, we'll be using bar-coded wrist bands, bar-coded medications, and bar-coded employee badges to track medication administration.

We have two million square feet of wireless to ensure our clinicians have all of the information they need to deliver quality care.

EL: Several years ago, The Boston Globe and all of the computer trade press publications carried the story about a network outage at two of the CareGroup hospitals. Can you briefly tell what happened and what you learned from the experience?

JH: On Wednesday, November 13, 2002, the network experienced a major slowdown for three days. The CISCO technical support team found the Layer 2 structure of the network to be unstable and out of specification with 802.1d standards. The management VLAN in some locations had 10 Layer 2 hops from root. The Spanning Tree Protocol (STP)  imposes a maximum network diameter default of seven. Thus, two distinct bridges in the network should not be more than seven hops away from one to the other.

A major contributor to this STP issue was the network and  Picture Archive Communication System (PACS) network, for sharing high-bandwidth visual files and other clinical data; this was 10 hops away from the closest core network switch, three too many for the spanning tree to handle. To eliminate its influence on the CareGroup network, we isolated it with a Layer 3 boundary. All redundancy in the network was removed to ensure no STP loops were possible.

I learned that infrastructure must be lifecycle-managed per a multi-year strategic plan and not simply replaced at end of life. You need to retire legacy network. You also need to demand review and testing of network changes before you carry them out. Good downtime procedures must accompany each application we carry out. Another lesson is that a disaster recovery plan addresses all the details of a disaster. You need to plan employee logistics, communicate realistically, prepare baseline backups, and focus disaster plans on the network, not just the integrity of the data.

EL: One of your colleagues said that you're really a bionic CIO. What  types of devices do you carry with you at all times.

JH: I'm connected at all times and on call at all times. I have a Blackberry 7290 (Bluetooth enabled GSM/GPRS phone), which I use to answer 500 daily emails. It's also fully integrated via Bluetooth into my 2005 Toyota Prius so I'm completely connected when I drive. I also carry a nationwide pager for redundancy. My medical information is implanted in my right triceps, should I ever need medical care.

--

Elizabeth Ferrarini is a free-lance writer from Boston,  Massachusetts. Reach her at iswive@aol.com.

by Elizabeth M. Ferrarini

Can an organization's IT infrastructure helped to differentiate the organization strategically in the eyes of its competitors? In the infamous Harvard Business Review article, IT Doesn't Matter (May 2002), author  Nicholas G. Carr provides a gloomy prognosis of this happening today.

FedEx, however, has managed to create an IT infrastructure that has glowed brightly in the eyes of competitors since it started in 1971. In 2002, about $22 billion worth of business passed through FedEx's extensive package delivery networks.

Rob Carter, executive vice president and chief information officer of FedEx, says that his company's IT component "is the competitive glue that holds all of our businesses units together." While Carter refers to himself as a classic CIO overseeing applications development, the network infrastructure, and five data centers, he sets the technology direction for FedEx's global IT organization which has 6,000 employees and operates on a $1.5 billion annual budget.

Carter, who joined the company in 1993 and has received many industry recognitions, such as InformationWeek's Chiefs of the Year. He talks about FedEx's technology that built the package delivery business, FedEx's educational initiative to devise a major technological center in the South, best practices and cost models used by FedEx's IT organization, and, of course, Carr's article.

EL: In David Kirkpatrick's Fortune magazine opinion piece (May 28, 2003) about Nicholas G. Carr's Harvard Business Review article, IT Doesn't Matter, you say, "Everything in the company has IT inputs. It's the software stupid!" Can you explain what you meant?

RC: Carr's basic premise in the article is since the infrastructure is built out, you don't need to pay attention to technology anymore. To some extent that's true. We have a broad set of technology infrastructure in place. My comment, it's the software stupid, refers to the applications within the infrastructure as the key elements that differentiate you in customers' eyes. These applications will drive your internal productivity.

The battleground continues to be the application of that technology not the fact that you happen to have a computer system that runs payroll.

Everything we do at FedEx has a technology underpinning that supports not just our internal operations but the information we're able to provide our customers about shipments in the FedEx networks. We built the FedEx brand with a set of capabilities including, not only the operational excellence of FedEx, but the technology that allowed us to achieve this excellence.

EL: Can you summarize the technology that built your company and changed the competitive climate for well-established companies such as United Parcel Service?

RC: Our package tracking system was a unique offering at FedEx. It really built the industry of express transportation and information about the shipment. In 1978, Fred Smith, the chairman and founder of Federal Express (incorporated in 1998 as FedEx), said this great quote which is worth repeating: "The information about the shipment is as important as the shipment itself." Moving packages reliability was a key component of our initial success, but we were then, as well as now, about making customers aware of what was happening with their packages until they reached their final destination. We created that visibility to go along with the industry philosophy of reliable delivery.

Our package tracking system kept us ahead of the competition for about two decades. It wasn't until the 1990's that our competitors started to understand the value of the information and began to build their technology and information networks.

EL: If you apply what Carr says in his article, you're going to have shorter competitive windows for new, innovative technologies. What's your feeling about that?

RC: We don't know what yet-to-emerge killer applications will enable us to change the way we do business. It's like this: In 1899 when Charles Duell, the commissioner of the U.S. Patent Office was leaving his post, he remarked that we didn't need the Patent Office any more because everything that can be invented has already been invented. There are endless things yet to come; there's no question in my mind where we are with the application of information and technology.

Today, competition is more active and fierce than it was when we started the business. Everyone wants to provide the best possible information about every shipment moving through their systems.

I don't think any technology innovation will have a two decade advantage anymore. Some may have a couple years advantage as you get new technologies out there and customers adopt them. A certain first move advantage occurs. These customers get so hooked on your technology and your pricing they become so overwhelmed at the thought of switching to another competitor's offering.

EL: You have a gigantic IT organization. How is it organized?

RC: The majority of our IT organization lives inside of a shared services called FedEx Services. It provides applications support, and infrastructure support to all of the operating companies at FedEx Corp.

FedEx Services has a hierarchy of boards of governance, including an executive committee and strategic management level. All of the various lines of business report to the latter.

Our internal business partners work with various IT project management teams to launch new product offerings and or new business initiatives and strategies. The different tiers of governance bodies set priorities and plan the resources for IT for the upcoming months and years.

EL: Have you been looking at new businesses such as outsourcing transportation logistics for your customers, such as Ryder does?

RC: FedEx Supply Chain Services competes with Ryder on that kind of transportation management function. We go in and run sets of transportation services for companies.

EL: Have you adopted certain best practices models such as Six Sigma or  the IT Infrastructure Library (ITIL)?

RC: We know about ITIL. However, we've based most of our governance process on a component of Six Sigma. We've internally developed program methodology and governance structure that supports the IT component of our ISO 9000 certification. We've used a lot of the best practices out of the Capability Maturity Model, Six Sigma, and some IT Infrastructure Library.

I became quite enamored with the ITIL. In fact, the ITIL set of books are quite good and their content has provided basic reference points for a lot of our IT practices. Many of our groups use specific areas of ITIL, such as change management, but we don't use it end to end.

EL: What costs models do you use for IT?

RC: For the most part, we allocate costs back to the business units based on usage. This method isn't as fine grained as charging back for transactional services.

EL: A lot of companies got hit by the dot.com bust because they built out their infrastructure. How well did you folks weather this event?

RC: We continued to support huge growth in our Internet-based customers throughout the dot.com boom. Since the inception of FedEx.com in 1994, we've experienced at least 100 percent growth in all areas of our services. This site has provided us with massive customer interaction and customer service. We had no down side to that. We built our infrastructure as fast as we could and customers have continued to adopt it at an incredibly fast rate globally.

EL: You announced FedEx Institute of Technology. What will be its  focus?

RC: FedEx Institute of Technology, based at the University of Memphis, consists of a broad array of technology research and practical deployment. The Institute is a hub for applied IT in all different types of domains, such as bioinformatics, supply chain research, artificial intelligence, Internet-based computing, and telecommunications.

The Institute is a public/private partnership with the University of Memphis, FedEx, local government agencies, and area businesses throughout the South. We've used schools in the Boston area, such as Massachusetts Institute of Technology, as examples of how to grow a center for technological innovations and spin them off to support the local economy.

EL: To really be competitive, economist Lester Thurow, in his new book,  Fortune Favors the Bold: What We Must Do to Build a New and Lasting Global  Prosperity (HarperCollins), says that major companies need to have a chief knowledge officer (CKO) who functions like the Central Intelligence Agency. Do you have such a person?

RC: While we don't have a CKO, we abundantly serve this area. For the past 10 years, we've made a big investment in gathering intelligence. In fact, we've one of the world's largest information warehouses. We also have groups of brilliant PhD's who are excellent at applying customer-related information to how the business can be optimized and how customers can best be served.

EL: What strategic projects are you putting a lot of effort into for  2004?

RC: One particular project is the next generation in handheld computing, called the PowerPad, which we'll be rolling out throughout the summer. This revolutionary device takes the edge of computing all the way out to the customer. Its active communications capabilities enable it to be on the network. Embedded technology enables it to communicate with the truck, the printer, and the network components the courier has with him or her. Use of the device will change the information access the courier has when he or she is face to face with the customer. The device will also make the courier more productive while enroute to each destination.

--

Elizabeth M. Ferrarini is a free-lance technology writer based in  Boston, Massachusetts, and is the author of two computer trade books.

by Elizabeth M. Ferrarini

David Thompson, Symantec Corp.'s chief information officer, has a good track record for providing great value to both internal and external IT customers. During his tenure as CIO at PeopleSoft, he lead an enterprise transformation initiative that enabled the company to realize more than $100 million in savings and to increase the company's earnings per share. Prior to joining Symantec, Thompson was CIO at Oracle Corp. , where he oversaw the information technology group, and before that, he served as CIO for PeopleSoft.

At Symantec Corp., he oversees 1,300 employees located in three major worldwide global centers. His department runs all of the data centers around the world, the telephone network, all network operations, desktop support, and all the internal systems and operations, such as financial, human resources, customer relations management, and some of the line-of-business systems used to support renewals.

Thompson recently sat down with Enterpriseleadership.org to talk about his IT leadership efforts at both Symantec and PeopleSoft. Here's what he had to say:

EL: Can you tell me how you align IT with the goals of the business  so the company is more competitive?

DT: My role is to be the business leader of IT for my peers. I want to find out their pain and their objectives for the year. To this end, I need to make sure that my IT strategy aligns with what they're trying to accomplish and to put the appropriate infrastructure and resources behind the initiatives. We have multiple lines of business: consumer, enterprise security, and enterprise data availability. The IT organization supports all of these. For the consumer line, IT has provided an architecture and infrastructure to help customers renew their products, most of which are purchased via our Web site. Because we want our customers to extend their product subscriptions for a long period of time, we've spent a lot of time analyzing the renewals to find ways to retain our customers.

EL: Do you have a business intelligence system in place for the  renewals?

DT: Our enterprise data warehouse has analytics on top of it. At any time, we can look at our renewals customer base from a variety of ways, such as geography or demographics. The IT department has some business analysts who sit near the people responsible for querying the data warehouse for their business unit.

EL: What does your governance model look like?

DT: We have a centralized model using an IT portfolio management strategy for overseeing the intake of IT projects and the control and distribution of those projects. We use the CobIT framework for some of the major controls of IT. I chair the committee that sets the IT strategy and direction. I involve all of the key business leaders and executives of the company in this committee.

EL: How do you gauge the effectiveness of the governance  model?

DT: We measure the business value of every project that comes through our portfolio. The assigned business value metric is what we expect to achieve. Because IT is expensive, we want to maximize our investments. We go into every project knowing the costs, revenues to be generated, and the metrics we're going to have. Once the project goes live, we continue to measure our ROI.

EL: What is the biggest risk you've taken as a CIO and what did you  learn from it?

DT: It was the enterprise transformation process the CEO of PeopleSoft asked me to lead. We weren't leveraging the available products that could help us to automate a lot of our manual processes. By deploying a lot of self-service transactions, I helped the business remove intermediaries. In addition, by effectively leveraging automation, we were able to reduce headcount in IT. We realized more than $109 million in savings. This amount had a direct affect on PeopleSoft's earnings per share. The earnings conference call to investment analysts mentioned this transformation cost savings.

The CEO put me in a risky position. Realizing that the business leaders could gun me down at any moment, I worked carefully to understand what each one did and what their pain was. I aligned with them as a partner in this initiative. I got them to step up to the plate. I functioned as the lead project manager and the person the CEO held accountable for this initiative. In the end, I learned that if you're going to have a seat at the table, you're going to have to provide value to your internal customers.

EL: What innovative technologies are you considering for IT?

DT: We're looking at tools to help our data centers become more efficient. We have the luxury of drawing from the rich Symantec product family. For example, our Relicore acquisition provides us with some great enterprise vault technology.

I worked for an enterprise software company that didn't have very effective tools for doing discovery for lawsuits. In fact, I found the discovery process overwhelming. This isn't the case at Symantec. Our enterprise vault tools put e-mail in a vault by categories. When a discovery situation occurs, you can give the attorneys access to secure locations so they can back in time and find what they need for the courts. A new ruling has eliminated a lot of previous loopholes to get out of producing data for the courts.

EL: Do you have any comments on Nicholas Carr's book, Does IT  Matter?

DT: When I started to read it, I thought it was kind of controversial. The more I got into it, the more I started to understand Carr's premise -- business is the one in the driver's seat, and IT is its steering wheel. A lot of IT people put themselves on a pedestal, and then wonder why they loose credibility with the business units.

EL: Since IT uses a lot of Symantec products, do you still have a  vendor management program?

DT: I've just added a vendor management office. It's important to stay abreast of your contracts, and have governance in place so you can make sure you are getting the service the vendors have promised you. Also, a vendor management office enables you to maximize the strategic relationship you have with key infrastructure vendors.

EL: Do you think that IT is becoming more conservative these  days?

DT: It has become more rational, as well as conservative. The days of "Big-Bang," multimillion-dollar projects are gone. IT has realized that projects need to be carried out in more manageable chunks. You need to show regular delivery of business value to the entire company. IT has had to become more conservative because we're under more compliance pressure, as well as under pressure to mitigate risks.

--

Elizabeth M. Ferrarini is a free-lance technology writer  based in Boston, Massachusetts, and is the author of two computer trade books.

by Elizabeth Ferrarini

What has been the number one organization to work for in IT for the past two years? It's the University of Miami, according to an annual ranking done by Computerworld. Dr. M. Lewis Temares, the University's CIO and Dean of the College of Engineering, deserves the credit for shaping an outstanding work environment. CIO magazine named him a CIO 100 Award winner in 2003.

As the first official CIO among the nation's 4,000 colleges and university, Dr. Temares oversees the university's $35 million IT budget for the following areas: computing, telecommunications, university planning, institutional research, and testing center. His academic role consists of managing a $12 million budget in the University of Miami’s sixth largest academic unit.

Recently, EnterpriseLeadership.org spoke with Dr. Temares about everything from quality practices to employee retention. Here's what he had to say.

EL: Several years ago, you completed a $31 million telecom project on  plan and below budget. How did you accomplish this?

LT: We used a scope diagram to organize what our personnel resources were going to do. Our methodology consisted of Arthur Andersen's Method One. We tried to get everyone involved from the start. We told everyone, including business analysts, beforehand what they had to do to complete the project on time.

EL: Do you use Six Sigma or any other best practices for  IT?

LT: We use quality practices such as Six Sigma and the IT Infrastructure Library (ITIL) throughout our organization. In fact, our Center for Excellence in Information Technology Center program trains executives in these areas. We offer an entire suite of training for IT professionals who plan to move into the CIO role.

EL: Are you seeing a lot of demand for ITIL training?

LT: We don't know about the rest of the country, but demand for IT training and certification has certainly hit Southern Florida hard. We're seeing more and more companies sending people to get certified in ITIL. In fact, our proposals to train IT personnel for companies often include ITIL.

Our Six Sigma faculty includes Howard Gitlow who was a disciple of Dr. Deming who developed quality standards such as Six Sigma. Gitlow has written extensively on the subject.

EL: I read that you never make yourself the prime sponsor of a  project. Why not?

LT: The IT organization supports the business process. If the people in the business units don't need any technology, then we're wasting our time forcing change down their throat. Instead we need to introduce technology to people and explain how they can use it, and then get them to buy in and support projects. Thus, the project sponsor is always the end user.

EL: Do you have a governance board?

LT: We've an IT advisory council for the entire university. Every school and every department has a representative on the council. The dean of the Marine School, who has a background in computing, heads up the Council. It also consists of a variety of subgroups that guide IT policy and procedures. For example, the student advisory subgroup suggested we sign contracts with Napster and Microsoft. The latter contract provides us with campus wide support for all Microsoft products. This subgroup also advised us on specifics which needed to be written into these contracts.

EL: Since you've been with the school, the turnover in IT has gone from 50 percent to an average stay of 12 years. What's your secret for retaining employees?

LT: People stay because of the friendly work atmosphere and the rewarding work environment. I try to make working here both challenging and exciting. I allow my staff to try new things. We're willing to work with employees and provide them whatever training they need.

Following the dot.com bust, we hired a lot of good IT people to handle the expansion of our facilities. Unfortunately, we don't have as many openings now as we would like. We've an open hiring policy where we look both inside and outside for the best candidates.

The University also has the good fortune to have a president who is very visionary and can make decisions rapidly. She has a wonderful way of dealing with people.

EL: Are you working on any cost savings or cost avoidance projects  right now?

LT: We do continuous improvement projects on both the end user and IT sides regularly. These projects have two goals -- saving money and doing things better. Currently, we're looking at how we can use data warehousing and document management to help the business units save money. We're also consolidating our servers to reduce our telecommunications costs.

We've an on-going wireless project all over the campus. For example, the new student housing units will have a hardwired network, which we'll add secure wireless connectivity to. This technique provides students with the convenience of wireless from any place on campus at any time.

EL: Customer service is really important to you. How have you  improved it since you've been on the job?

LT: We're constantly doing surveys. Every time we do a telecom repair or an installation, we drop off a sheet and ask the user to tell us how we did. We analyze all of the findings and report on the results. Based on recommendations, we try to make things better.

We also have a 'listen to the customer' initiative where we go to each department and ask how we're doing. We complete a form that shows them how they can save money. We helped some departments realize they were spending extra for phones they didn't need. This effort helped us to save about $230,000 a year in telecommunications costs.

EL: What can a CIO in the private sector learn from you?

LT: Talk to the internal and external customers. They need to know what you're doing, what you're capable of doing, and how you're truly willing to help. Market what you do. Be nimble, quick, and visible.

EL: How did the Center for Excellence in IT come about?

LT: It came about because of some of our other initiatives to provide IT services to the private sector. For example, I just finished a grant proposal for a biosciences business virtual incubator. It would provide our resources, such as our network, to start-up biosciences businesses, enabling them to do research. As for the IT Leadership Center, we're going to have to train people in these companies to use our resources. They typically can't afford what they need for IT support. The grant will cover all of these costs.

EL: Are you considering any new or disruptive technologies for the  next three years?

LT: We're always looking at new things. We need to keep on top of how we're going to maintain a high speed network and the related services to maintain it. For example, we're changing our voice mail system because the vendor is no longer supporting it. We're changing to an integrated message system that will allow access to voice mail, e-mail, and fax in one place.

EL: Are you doing anything with open source software, such as  Linux?

LT: We do have some Linux. We're watching how well the University of Indiana uses open source software for some business applications, such as finance.

EL: Any comments about Nicholas Carr's book, IT Doesn't  Matter?

LT: He's right when he says IT is so ubiquitous and not a key differentiator unto itself. I agree with this conclusion. Anyone can buy Cisco equipment. The differentiator will always be how people deploy that technology. How do you negotiate to get the right type and amount of equipment on time and on budget? What makes Fedex, UPS, and DHL work is how they use the technology to provide good customer service.

Today a CIO needs to know about the technology, but doesn't have to be a hands-on expert in every aspect of it. To this end, a CIO needs to be able to bring people together to make the technology work.

EL: How you do divide your time between being a CIO and being head of  the engineering department?

LT: I spend half of my time in each place. I can only do so much in an 18-hour day. I try to give everyone my attention. I hire good people and empower them to do their job. I'm available to handle the big picture and any emergency situations.

--

Elizabeth Ferrarini is a free-lance writer and IT consultant  from Boston, Massachusetts. She can be reached at elizabethferrarini@yahoo.com.

by Elizabeth M. Ferrarini

With annual sales approaching $14 billion, and 47,000 employees worldwide, Office Depot, incorporated in 1986, has emerged as an office products and services leader in every distribution channel -- from retail stores and contract delivery to catalogs and e-commerce. (The Company operates under the Office Depot Products, Viking Direct, Guilbert, and Tech Depot brand names.) Office Depot 's $3.1 billion in online sales in 2004 made it the third largest online retailer in the world, behind amazon.com and Dell.

Office Depot's IT department supports United States operations at 1,000 retail stores, 22 delivery centers, and 60 sales offices. Internationally, the IT department supports 220 stores and 76 distribution centers.

Enterpriseleadership.org recently sat down with Tim Toews, senior vice president and chief information officer for Office Depot, to discuss some of the highlights about how a global retailer manages IT. Toews, who joined the company as an applications developer in 1994, was appointed CIO in April 2005. Here is what he had to say:

EL: Office Depot isn't as visible in the press as other companies  your size. Why?

TT: We don't have a rock start culture where we're vying for opportunities to boast about ourselves. Instead, we look for chances to talk about what we've learned from our successes.

EL: Can you give me an overview of some of your key  applications?

TT: We have all the normal applications you'd expect to find at a multi-channel company. Our order management system supports multiple front-ends such as Web sites and EDI. We have moved IT to sort of a shared services model.

For the past several years, our stores have provided wireless access for things such as receiving and product lookup, and we use wireless in our warehouses for some of the same functions. Our extensive corporate wireless infrastructure enables our employees to be mobile in the confines of the campus. Any employee who travels for business -- either in the U.S. or abroad -- has a wireless-enabled laptop that can access any public wireless network.

EL: What is your vision for IT?

TT: IT professionals need to be global leaders who embrace a culture of thrift. They also need to simplify the environment while maintaining service levels and a high-performance culture that is fast, flexible, and responsive.

EL: What innovative technologies are you considering?

TT: We're taking a serious look at RFID and VoIP, but haven't deployed either one yet. We're also looking at outsourcing in a variety of new areas. It's something we do under the banner of selective intelligence. The cost savings have to be compelling and the service metrics must be as good, if not better, than what we have right now.

EL: What application helps you to drive revenue or to have a better  customer relationship?

TT: Our data warehouse system, called TCRM, supports our catalog sales marketing efforts, a very important part of our business in the U.S. and Europe. The intelligence we get by segmenting customers allows us to understand what types of offers to provide, what type of catalogues to send out, and what type of products would be useful for our customers and would ultimately entice them to purchase from us.

Our TCRM system provides our call center with a well established workflow for handling repetitive calls from the same customers. Each call center representative always has access to the same context about each customer.

EL: In what other ways has IT helped the business innovate or drive  revenues?

TT: A large-scale merchandising system that we installed in 2005 has been significant in driving down our supply chain costs. You can't have an industry-leading e-commerce presence without some sophisticated IT technology.

EL: Have you gone through any cost-cutting measures?

TT: In 2005, we focused on creating a new management organization and a framework that would allow us to control costs; we need to support key operating priorities, as well as the basic block-and-tackle moves. This entire effort should better position us to continue to reduce the cost of IT, while providing the company with a nimble and responsive IT organization.

EL: What kind of governance do you have in place for your IT  organization?

TT: IT has several governance bodies. The IT leadership team, which consists of my direct reports with dotted lines to finance and human resources, provides overall governance for the department and for all of our compliance areas, such as security, Sarbanes-Oxley, and Visa. A project management team oversees governance of IT projects that will cost more than a certain amount. In 2005, we introduced a single source for all IT status reporting, which is linked to our timekeeping systems and our project tracking systems. Our executive committee oversees governance for IT, as well as other operational areas.

EL: What best practices or quality programs do you use?

TT: We don't have a formal Six Sigma program, although we've  had some ad hoc efforts in this area. We've also dabbled with the IT infrastructure library, but haven't deployed it to handle a specific task such as the Service Desk.

EL: Are you managing IT more conservatively today versus 10 years  ago?

TT: We've never been "wild eyed." For example, even though we considered e-commerce a compelling business opportunity, during the dot.com frenzy, we didn't hire developers on the West Coast to build our e-commerce systems, nor did we want to create a separate organization to deal with e-commerce. Instead, we did a great job of building our systems in-house within the overall corporate framework. From Day One, our systems were integrated with all of our customer-facing systems. On January 18, 1998, when we took our first order, it appeared in the cost center. If the customer placed an order through our call center, he or she could've verified that order on the Web.

EL: Are you familiar with Nicholas Carr's Harvard Business School  Press book, Does IT Matter?

TT: I read his Harvard Business Review article, "IT Doesn't Matter." The article had a rather stark premise, which I presume was intended to bring about some good conversation. It's heavy handed to say that IT doesn't matter, but there's a lot of truth in what he says. You need to look at some parts of IT as a utility and not go overboard emphasizing its importance to the overall business. I'd probably tip toward the "IT doesn't matter" side of the scale, but, of course, I think IT is important. If you were without electricity for two weeks, then you'd come to appreciate the important of having it. The article helps you to think about how you spend money, what you prioritize, and how you do projects.

EL: What was the biggest risk you've taken as an IT  executive?

TT: My biggest risk has to be committing to large cost savings with the help of a new management team. When I became CIO in April 2005, the company had begun its major transformation effort. As a result, the company's future looks amazing. We were asked to take a hard look at our cost framework and see what we could do to reduce the cost of IT for the corporation. During my first month, my team and I had to commit to some pretty aggressive goals, which weren't fiats from management. We really believed in these goals, and had signed up to carry them out. We committed to some very aggressive things, and we made and exceeded our numbers.

--

Elizabeth M.  Ferrarini is a free-lance technology writer from Boston,  Massachusetts.

by Elizabeth M. Ferrarini

No one can deny that Jerry McElhatton has mastered many successful IT moments. During his 10 years as CIO with MasterCard International, McElhatton spearheaded a five-year, $160 million upgrade of the company's global processing system into one unified, single messaging standard. Even more impressively, he delivered this enormous undertaking on time and within the budget. The systems support more than 15,000 customers worldwide, handle more than 40 million transactions daily worth more than $1 trillion annually, and are linked to 800,000 ATMs globally. Also during his tenure, McElhatton oversaw the building of a $135 million, 52-acre campus for MasterCard's primary IT team.

In March 2005, McElhatton retired from MasterCard, where he had anywhere from 1,600 to 3,200 IT professionals under his leadership. Enterpriseleadership.org recently spoke with McElhatton about what his experiences managing an IT organization that could make or break MasterCard's success.

EL: What are you doing now?

JM: After 10 years with MasterCard, I retired to start Virtual Resources, a company that does consulting for organizations in the payments area, and for some architectural engineering firms. I also sit on the boards of directors for several technology companies, where I set up advisory committees to provide feedback on the company's products and examine what competitors are doing. I spend my free time tinkering with a massive model training collection, which my four grandchildren love. I almost forgot: I write articles for business publications, such as CIO Decisions.

EL: Now that you've retired from MasterCard, would you advise other  near-retirement CIO's to go off and keep their hands in IT?

JM: Why not? I'm enjoying helping companies understand the cost benefits of technology. I've successfully gotten people to look at their cost structures, to put some best practices in place, to help them evaluate some future cost-effective architectures, and to get them to be more responsive to business needs.

EL: Looking back at the technology overhaul you implemented at  MasterCard, what things really made it happen?

JM: The credit goes to my great team. The company had some very mature systems that did a nice job, but it took too long to bring new products to market. New and better technology could simplify things and reduce our infrastructure costs. My assignment included restructuring, rewriting, and redeveloping the core systems. It took five years of changes to give those systems the scalability and flexibility they needed to meet best business practices. We completed that project within the assigned budget and ahead of schedule.

EL: What were some of the best practices that were put into  place?

JM: We put reusable systems code and architectures in place. When it came to databases and data warehousing, we made sure we captured the data correctly and could easily segment it. Our key members had to analyze this data to help them build their marketshare.

At MasterCard, I had the unique position of being responsible for all technology, all IT operations, and both IT security and physical security. Fraud is a big problem in the credit card business. For example, I oversaw all of the risk systems that enabled our members to report fraud to us so we could stop it. We gave them information to make them aware of certain types of fraud that were taking place or had the potential to take place. We spent a lot of time reworking those systems. We put together things that would give us an advantage in identifying some characteristics and traits of fraud.

JM: Yes, the entire security team reported to me. I was also responsible for the access control side of physical security. The entire team that guarded our campus buildings reported to me. These folks did a lot of investigations internally to make sure employees did not access unauthorized areas.

EL: What was the business model for MasterCard when you were  there?

JM: Simply, we worked very closely with the business units to help them define priorities, to help them move marketshare and generate income, and to help them reduce operational expenses. As a member of the operations and policy committee, I looked at how we could leverage technology to get the biggest payback.

EL: What was your IT model at MasterCard?

JM: MasterCard's technology generates a significant amount of revenue on what's called a "quick charge." We have charges for authorization, clearing, settlement, and also charges on our risk systems. On some of the systems, we had profit and loss residing with the operations and technology group. And on the others, we had direct chargeback to the marketing group for the cost and expense of generating that revenue.

EL: Did you folks use anything like Six Sigma?

JM: It's an interesting concept that has to do with the definition of root cause analysis and definition of quality standards. Eighty-five percent of the program we used consisted of Six Sigma and the benefits associated with it.

We measured everything, and we drove staffing and quality off those numbers. In our system, we posted implementation reviews, and whenever we had a problem, we did a root cause analysis to determine where to patch the problem. So, our systems got stronger over time. The performance of MasterCard as a company became outstanding because of the work we'd done to engineer the system.

EL: How successful were you in combating fraud?

JM: It was very good. We did a lot of proactive things to put people on notice. In the credit card business, fraud often happens at the merchant location and at some of the processors. If someone doesn't follow the rules, you might do routine audits, but an IT security audit is only good for the day you do it. Someone can make a change the next day, and thus, put a hole in the system. You might not catch it until you do another audit, or you might not catch it until you have a problem. We did a lot of proactive work to identify potential fraud. We not only used our systems, but we had cooperative efforts with others, and we used their systems, so we had a significant reduction in fraud.

EL: Do you have any comments on Oracle's recent buying  spree?

JM: On the one hand, Oracle will have a strong product offering. On the other hand, as with all technology mergers/acquisitions, IT departments no longer have a lot of product choice; they'll lose their ability to negotiate on price, and service levels.

EL: Are you writing a book?

JM: I've thought about it. My working title is, 101 Easy  Lessons Learned the Hard Way. IT folks today have similar sets of issues and problems as their counterparts five or 10 years ago. Yes, there might be more flexible ways to solve these problems, but every generation seems to have to touch the top of the stove to see if it's hot. I have a lot of advice to give about how to avoid some of the mistakes other IT people have made in the past.

EL: What's the biggest mistake people make in climbing the career  ladder?

JM: IT people are smart people, but they don't often have a sense of how to budget for projects and how to meet the deliverables. IT people often make things harder than they really are.

At MasterCard, we learned how to eat a big marshmallow without getting sick. The answer is a bite at a time. We broke down projects into very significant deliverables that we measured and monitored.

IT people have to first learn to commit to a project, and then stick to the  schedule, the budget, and the deliverables.

EL: Do you think the CIO role should be rotational?

JM: Some companies might be better off if they went in that direction. If someone has been a CIO for 10 or more years, then that person might be stuck in that role. Let me tell you what helped me at MasterCard. For example, at one time I was assigned to run the process change team. We took more than $100 million out of the systems by leveraging technology, and leveraging people's skillsets. This experience helped me to grow closer to the business units. I had some other great business opportunities.

If you want to cultivate stronger IT professionals, then assign them both business problems and technology problems. This process enables IT professionals to gain a more realistic view of how the business uses technology, and how they should use it to solve problems.

EL: Have you read Nicholas Carr's book, Does IT Matter, or  his Harvard Business Review article, "IT Doesn't Matter?"

JM: I've read the book. I've been in businesses where technology has made a big difference. At MasterCard, we leveraged a lot of technology to get good business results. Carr perceives technology as a commodity -- spending a lot of money on IT doesn't necessarily translate to creating competitive differential. For example, if an IT department is late with deliverables, then the company can loose its competitive edge. At MasterCard, we won a lot of new business by being the first to deliver new, working systems, and to continue to enhance those systems. The other guys had a hard time catching up with us.

--

Elizabeth M. Ferrarini is an IT consultant from Boston,  Massachusetts. Reach her at elizabethferrarini@yahoo.com.

by Elizabeth Ferrarini

These days, you can't pick up a computer trade publication without reading about how CIOs need to align the role of IT with the needs of the company's business units. But Robert Herbold says this isn't an appropriate strategy for IT to follow, and given his IT credentials, people are listening to his bold conclusion. For almost seven years, he ran IT, marketing, and other departments at Microsoft while Gates ran engineering and Ballmer ran sales.

Since 2001, Herbold has been a member of President Bush's Council of Advisors on Science and Technology. In 2004, Herbold authored The Fiefdom Syndrome: The Turf Battles that Undermine Careers and Companies -- And How to Overcome Them. His consulting firm, the Herbold Group, helps Fortune 1000 companies that have lost control of their profit margins return to profitability.

Enterpriseleadership.org recently sat down with Herbold to discuss his book; the alignment strategy CIOs should utilize; the role of IT in a company and how to measure its effectiveness; and his work on the Presidential council. Here's what he had to say.

EL: Your Harvard Business Review article talks about the plethora of incompatible systems and the lack of discipline in IT practices at Microsoft. How did you solve this problem?

RH: Everyone realized that things had to get better. It became embarrassing when Fortune 1000 customers would come to the Microsoft campus for a new product update and ask to see how we handled some of the problems they might be having, such as procurement. We'd have to change the subject very quickly.

Systems had grown out of control. We couldn't seem to get anything done. We put in a global ERP system based on SAP. We did it as fast, and as inexpensively as we could. When I was at Procter & Gamble, I put in a similar system the slowest, most expensive way. My article in Harvard Business Review talks about how well we disciplined ourselves to put in the system, and how easy it was to use because of the menus we created. We told all employees we were getting rid of tons of IT personnel, 70 percent of the existing IT systems, and were getting back to basics. Our goal was to make Microsoft a showcase for how large corporations should do finance, procurement, and other operational functions.

How you carry out systems, such as SAP or Oracle, is what counts. Some large corporations spend millions of dollars and years to put in an ERP system. The reasons why corporations find these systems expensive and time consuming to install reside with unrealistic expectations from customers. Some corporations spend too much time listening to their customers.

EL: Do "IT fiefdoms" differ from other key departments in a large company?

RH: Not really! People tend to become set in their ways because of being in a job too long. They often wind up defending the legacy systems and legacy practices, and they become legacy beings. Things become fragmented, and the necessary changes aren't made. More and more IT people begin building their own systems, and integrating these systems becomes impossible. Redundant systems emerge as IT becomes pervasive in areas where it's not needed, and this scenario continues to repeat itself.

EL: Is the shared services model for IT and other professional services, such as human resources, kind of a fiefdom?

RH: It can be. Any of these departments can become very independent and build a moat around itself. A shared-service group, unfortunately, can become the group with which it's hard to work. You want the shared services group to be disciplined in the way it carries out basic functions that serve those individual business units. The shared services group also needs to be flexible enough to spell out the ground rules for what business units can do on their own. To this end, the shared services group needs to monitor what business units do so they don't become too independent and not well integrated into the organization.

EL: Does a lot of IT governance help to keep fiefdoms from spreading?

RH: Most large corporations could use a good conscience. Take human resources: Companies should have one way to do performance appraisals, and the corporate officers should be the keepers of this. Each division should carry out the nuances for how their industry works and incorporate these things appropriately. Instead, departments go off and do what they want. You get HR people all over the place, and none of them want to work together. This dilemma can prove expensive for a company, as well as a paperwork nightmare.

EL: Trade publications talk a lot about aligning IT with goals of individual business units. Since some departments might own their systems, how do you keep power struggles from emerging?

RH: I don't like the word "alignment." It sounds like you need to make all of these business units happy. The objective is to make shareholders happy. The way to accomplish this is to know what things you do as a corporation, and what things you do as a business unit.

CIOs need to align themselves with top management exclusively, not with individual departments. They also need to know that their programs will be backed by their CEOs. And, both CIOs and CEOs need to come to a consensus about what they are going to do as one unit, and what they are going to do about individual business units.

The company also needs to have one chart of cost accounts for the way the global organization handles the finances. If particular divisions need other ways to make the business successful, CEOs have to drive these initiatives, too; divisions and business units need to have some flexibility. Strong people need to run functional areas such as IT. To this end, the executives in charge of these functional areas need to be evaluated first in how well they perform for the corporation, and then how well their organization performs for the business units they serve.

EL: Can you tell me exactly what the Council of Advisors on Science and Technology does?

RH: President Bush established the Council following September 11, 2001. Three times a year, 20 of us meet with the President to discuss technology issues pertinent to the country. He usually breaks the group into task forces. For one year, my group looked at what should the country be doing about broadband, how aggressively should the government be pursuing it, and what practices are needed from federal agencies, such as the Federal Communications Commission, around these issues.

Our work has enabled the President to become better educated on this subject. He followed our recommendation that the government needs to show good examples of broadband applications, but it's not the role of government to fund nationwide applications.

EL: In your book, you give the scenario of an $8 billion chemical company spending seven percent of revenue against IT, which was twice the industry average. Can you summarize how this company solved the problem?

RH: The organization asked a couple of senior IT staff members to define what the IT system should look like and how the organization would run if it were reorganized this way. Many corporations make the mistake of forming IT committees and task forces to ask business managers what they want. This is the last thing CIOs want to do; they need to select people who know what they're doing, then let them design the system.

The chemical company replaced hundreds of IT professionals with several teams of 10 or 12 professionals. And, the CIO and CEO explained what they were doing, and why they were doing it. This is leadership at work.

EL: Do many IT organizations have a lot of redundant systems?

RH: Yes! The people who develop the systems also wind up supporting them. Soon, these people become an appendage to their systems, become fearful about any changes to them, and the organization becomes paralyzed as everyone fights to hold on to their systems. CIOs need to break through this and say, "Here's the design we think is 98 percent correct. We don't need your input on this."

EL: Are some CIOs or CEOs afraid to confront the troops?

RH: Yes. Even aggressive CIOs will come up with a great idea and start to carry out projects without having their CEOs on the same page. Often cranky customers will push back about the change and complain to the CEO. Then, the CIOs get into trouble and are labeled as renegades. On the other hand, you have CIOs who listen to what all the fiefdom business units want. These CIOs don't have a prayer if their objective is to please all of these people. These CIOs, instead, should be improving the overall performance of the IT organization. They also need to have a contract with their CEOs that spells out how they're going to improve the place, and how the CEO is going to support major changes to improve the company's competitive edge.

IT doesn't exist to serve the business units. Its role is to serve the corporation. And through the corporation, IT serves the business units. Some parts of the IT organization should be achieving excellence for the corporation.

EL: Can you cite an example of a top executive who cleaned house?

RH: When Lou Gerstner arrived at IBM, he saw that it had 200 charts of accounts. It took forever to get a clear financial picture. He immediately cleaned house because the business units had become too independent. This is not the way to run the railroad.

EL: How should you measure the effectiveness of IT? Service level agreements? Driving down overhead costs?

RH: It varies by industry. First, you need to state what role IT plays in the success of the corporation. Does it have any strategic value, or should it have strategic value? Second, you need to look at how IT is doing in relation to the business's overall execution. You look at this from a cost and service level (you can use a variety of metrics).

The effectiveness of IT really has to be focused on the company's performance. You need to look at whether IT is affecting the services, the products, or the efficiency of how the place runs. In some industries, IT affects all of these areas. It might be important in other industries. However, each industry needs to ask the same questions.

EL: Any comments about Nicholas Carr's book, Does IT Matter?

RH: It's a provocative statement. I don't agree with him. Carr hasn't earned enough IT battle scars to come to his conclusions. He assumes that some things like product supply and logistics are some sort of a utility. The IT approach use by WalMart in the logistics area for product distribution made this store chain a national success story. Sam Walton, the store's founder, designed the logistics system. Certain companies have built their entire success around excellence in IT. Dell and FedEx are other examples. Dell has grown because of its supply-chain practices.

Companies in the consumer products area went through a period when IT was considered to be a utility, and you wanted to utilize it well. Sam Walton reminded large companies with huge inventories, such as Procter & Gamble, that they, too, could use logistics to gain a competitive advantage. Carr needs to get closer to some of these companies that excel because of using IT effectively.

--

Additional Reading - Sponsor Links:
Understanding ITIL® Service Portfolio Management and the Service Catalog
Managing the Business of IT: Maximizing the Power of Service Resource Planning, the Next Step in Business Service Management

Elizabeth M. Ferrarini is a technology writer based in  Boston, Massachusetts. Contact her at elizabethferrarini@yahoo.com.

by Elizabeth M. Ferrarini

When Tom Durkin became senior vice president and head of North American Solutions Management for ABN AMRO, one of the largest banks in the world, he quickly realized that the transaction banking industry was moving toward more sophisticated metrics focusing on increased productivity and return on investment.

The North American division of ABN AMRO, which has $171 billion in assets and more than 18,000 employees, had a good growth rate compared to the rest of the industry, according to Durkin. "Our costs and our efficiency ratio, based on how we measured our revenue versus costs, needed improvement."

Durkin, who oversees the development of products and services used by ABN AMRO's commercial clients, turned to a new best practice, called the Productivity Maturity Ladder, to track and to manage employee efficiency, resulting in lower costs, higher customer satisfaction, and better employee retention.

Enterpriseleadership.org recently spoke with Tom Durkin to discuss how the Productivity Maturity Ladder works, and what other steps he has taken to improve commercial client relationships. Here is what he had to say:

EL: How did you learn about the Productivity Maturity  Ladder?

TD: We learned about it after we brought in Witness Systems to look at one of our client-facing functions. We asked the company to tell us how to move and how to create an environment that would focus on our core productivity approach.

The banking organization we were looking at didn't have clear, actionable success criteria for dealing with external clients. We looked at the overall business, including all of the functions, to determine how we could go from status quo productivity to optimized productivity. We defined a top-level strategy, along with prioritized goals and objectives that could be pushed down throughout the organization.

Both the strategy and the priorities have metrics-driven performance management objectives that tie to financial results and also tie to individual performance objectives.  It was also a mindset change about how we do business.

EL: Can you describe the steps in the Productivity Maturity  Ladder?

TD: There are four steps going up the ladder. Each step consists of processes that each, in turn, consist of individual steps. The ad-hoc first step measures the impact and the effectiveness of status quo process. During this step, managers down through analysts aren't working cohesively together, but independently. To this end, there isn't a coordinated effort for accountability, nor is there a strong appraisal focus. When we started, we were just above the ad hoc stage.

The second step consists of moving to the repeatable stage. Here, you integrate your data and make your processes more uniform. You begin to do a periodic metrics review.

The third step consists of managing.  It's where you move to more of a common approach. You want to enable your stakeholders to be in sync and to understand what your results are, and what your performance indicators are. You focus more on metrics through a monthly or weekly review. You have created an enterprise database, and you've also defined the data sources that come in. You're using the data to focus more on capacity management and resource planning.

The final step up to the top of the ladder consists of optimization, where productivity management becomes a core component of your business.  A daily review of the metrics is key here. This step also focuses more on where you are and how to get to a certain point.

EL:  Besides the steps, what other things go along with the  Productivity Maturity Ladder?

TD: You have more enterprise tools, such as formal score carding for measuring employee performance. You also need to focus on where you're going to be three months from now, and six months from now; how you're going to be in sync with the organization's financial objectives, such as lowering costs; and you increase effectiveness and productivity so you can do more business and reduce costs.

EL: Does the Productivity Maturity Ladder come close to other best  practices like Six Sigma?

TD: It's close to Six Sigma. In fact, I've had discussions with colleagues who are Black Belt certified in Six Sigma. The Productivity Maturity Ladder enhances and focuses on increasing the sense of transparency in the business. It enables managers to understand where they are today tactically, and then to get them to think more strategically.

EL: What types of leading indicators do you have?

TD: We've develop leading indicators for measuring each specific business. We have individual product line measurements for how we're doing with revenue, with transactions, and with products that measure the pulse of the business.  We also have leading indicators that get expanded as you go down to what each individual has to focus on. We measure the effectiveness of each person's performance daily. This information helps us to do a better job of focusing, scheduling, and compiling data analytics.

EL: Can these indicators be used with IT professionals?
  
TD: They can be used with IT people, especially if they're doing repeatable managed processes, such as application support and product development. Whether or not an organization gets to the optimized state depends on how committed they are to the process.

EL: Are managers' annual reviews tied to these metrics?

TD: Yes. There is one thing that is important about metrics: you can use a number of different metrics with any line of business. We focused on one key indicator called "time to revenue," which anyone can understand. It's the time from when a sales person sells the individual product, to when it gets put into production, to when revenue for the service to the client comes in. You really want to measure the gap between when you get the mandate and when you move into production. This is the time to revenue. You can squeeze that time to revenue through processes, such as people, operational, technology, or through metrics. Our line managers needed to understand time to revenue and to convey it daily down to the analyst level.

EL: At an industry conference, you talked about creating a strategic treasury services partnership with clients. How did you do that?

TD: Commercial client feedback drives our product development efforts and determines the success of our products. The more information we can get from our customers, the better off we will be.

That concerns our advisory service, which reports to me. Developing client relationships is key to the way we operate across all of our lines of business.  We need to understand more about the business process on the client side, so we established a client advisory board  to feed information to clients.

We also do ethnographic research, which consists of sending  representatives from our business line to client offices to look at their accounts receivable process and their payments process, understand what they do, and question certain parts of their processes. We videotape certain parts of this discussion and share this information with the different business units.

The feedback we get from this helps our product managers to better understand how clients use our products. We've been able to tie our products and services to a sticking factor with our clients. We thus have a better understanding of how our products work for clients, and how important each product is to the end client. This understanding is what differentiates us from our competitors.

EL: What technology do you use for client relationship  management?

TD: We built a Web-based application portal to drive where our clients interact and conduct their payments, and their reporting. This high-touch approach enables us to deliver the information they require to manage their business.

Our first step consisted of getting our clients to do more on their own. We've focused on enabling a 24/7, self-service client support concept through a Web-based portal.

We also worked on an online "university" to provide clients with textual information about how our products work, and with videos about how the applications work. This portal complements our existing relationship-driven approach to services.

--

Elizabeth M. Ferrarini is a technology writer based in  Boston, Massachusetts. Contact her at elizabethferrarini@yahoo.com.