While major automobile manufacturers might be chalking up significant losses this year, one auto finance company has learned how to operate a successful business in a volatile and risky niche. Drive Financial Services, one of the fastest growing automotive finance companies in the U.S., makes new car loans to sub-prime borrowers throughout the U.S.  The company has a current $6 billion portfolio of loans originated from more than 8,000 U.S. franchise auto dealers. In fact, Tom Dundon, Drive Financial Service's CEO, said the company is continuing to enroll new auto dealers.

Unlike some auto financial companies, Drive Financial Services has a strong financial backer. In 2006, Banco Santandar Central Hispano, one of the seventh largest-for-profit banks in the world, brought Drive Financial Services from the Bank of Scotland. Drive Financial Service is Santandar's first privately held North American venture. This company holds a minority interest in Sovereign Bank in the U.S.

What keeps Drive Financial Services successfully on the move? Dundon says that he bases his company's ability to stay profitable during economic downturns on three things: a significant investment in a solid technology infrastructure, a contrarian view of what competitors are doing, and a well-thought out set of business practices emphasizing profitability. Enterpriseleadership.org recently sat down with Dundon to learn more about these things. Here he what he had to say:

EL. What is your business model?

TD. Santandar, our parent, provides us with liquidity to make car loans to sub-prime borrowers throughout the U.S.   We originate the loans for dealerships, mostly franchise dealerships. We also originate auto loans direct to consumers via the Internet.  We do both direct and indirect leading of only car loans exclusively to sub-prime borrowers.

EL. Three years ago, your predecessor decided to hold back on company expansion while other competitors wanted to grow rapidly. How has that strategy paid off for Drive given the state of the economy today?

TD. The decision we made three years ago is characteristic of the way we run our business. Many of our competitors have used the availability of leverage and of liquidity to justify pricing loans and taking risks that aren’t sustainable in an economy that isn’t growing. When you’re in a boom economy, low-margins and lots of risks are easy. If you don't have the margins to handle the losses that come from change in the environment, then you’re going to loose money when the economy stops growing. We have always had very conservative growth plans to make sure that we have the proper margins to handle downturn. The economy has softened up in the past 18 months. Although our profits are slightly impaired, we’re still profitable because of our conservative nature when things are good.

EL. How do you gauge your revenues?

TD. We do it by dollar amount. . The average life of the loan is about two years. We wouldn't do a $1,000 car loan. Our minimum car loan is about $7,500 and our average is about $15,000. We’re going to do $3.5 billion in loans this year.  If were to do the same amount next year, we’d have a $7 billion portfolio.

EL. Where in the company do you assess marketing opportunities and threats in the marketplace?

TD. We have a risk management group that does data modeling or decision science. This process enables us to keep up what our competitors do. We determine what we’re going to do based on what we see in our numbers. We look at our margins for the risks we're taking. We also look at our closure rate for the number of applications we’ve received. That ratio kind of tells us if we’re under priced or over priced relative to the market. If we look at our margin and find out that it’s too high or too low, then between those factors, we decide what to do. We try not to worry about what everyone else does. Just because many of our competitors are doing similar things, doesn’t mean they’re all good things to do.  If you look at what the mortgage companies have done and what some of our competitors have done, they didn't have the margin to sustain their business and unless the economy was growing. We don’t have that problem.

EL. Is change a permanent part of your business?

TD. Yes! Over the years, we’ve seen cycles in the economic environment. If we try to ride the wave up, we’ll invariably crash on the way down. We try to do good things for the stability and profitability of our business. We’re willing to let other people grow their business by going for volume. We make sure that we keep our margins wide enough so we can deal with an economic downturn. We do the same volume in bad times as we do in good times. 

EL. What capital investments, including technology, have you made to enable the company to grow and to become profitable?

TD. We’ve done a couple of things. Good data capture is the most important thing for us.  We make sure that we capture all of our data so we can make educated decisions.  We’ve invested heavily in our infrastructure to make sure our ability to grow or to shrink was based on most of our transactions are incremental costs. We have a base system that has a fixed cost. We then built out our systems to handle incremental volume and to make sure we’re only paying for what we use so opposed to having a huge fixed cost.

EL. What types of data are you capturing?

TD. We receive applications from certain dealerships. We capture everything from where the application comes from to the customer data to the data on what kind of loan they want. Once we book the loan, then we capture how long it took from the time we received the application to when we booked it. We capture the standard type of data having to do with the loan, such as the type of vehicle, and type of payments. We also capture all of the peripheral data around the customer's credit, around the dealer's behavior, and around our internal behaviors as they relate to how we book the loans. We made a commitment years ago to store every piece of data.

Many companies get into trouble because they don't properly label their data warehouse. You have to properly label all of the data and then you have to keep it and use it. We’ve made this task a priority. Historically, companies have purged data to free up resources. We always felt that we should spend the money and store data. As data storage has gotten less expensive, it has become easier to store massive amounts of data. If you ever need, you’ll have it. And we do have that data.

EL. One of your innovations is a scorecard program that enables an auto dealer to know if a customer fits into one of your programs. What makes this scorecard unique?

TD. We use credit bureau data, other third-party data sources, and our own experience to figure out if a customer can fit into our program, and if we should give them a car loan and at what price or structure should we do the loan. The innovation we have done is the value we add to the process. We include some other data sources, and we tightly couple the deal structure and the underwriting to the credit. Many of our competitors will only focus on credit. We believe that credit and underwriting together will lead us to the best decisions.

EL. Can you link capital investments to new customers, new dealers, and new improved business processes?

TD. We ran our business without growing while we invested in our infrastructure several years ago. We don't get benefit from it anymore. We’ve built our systems in such a way that the incremental enhancements don't require much capital investment. We’ve shifted from mostly capital investments and a little bit of maintenance to mostly maintenance, and not needing a many of new systems.  As technology has matured, we’ve been able to integrate our new systems easily in our infrastructure. When we first started building our infrastructure, we found it difficult to integrate a mainframe with other technologies. We built our enterprise architecture so that we can isolate any system with a problem, and keep it from affecting other systems. No one system can bring down the entire enterprise system. 

EL. Do you leverage technology resources from our parent?

TD. We don't do much of that. Santandar has a global IT initiative for its offices around the world to leverage technology. We’re so specialized that we only do auto loans. The technology investments we made before Santandar bought us put us in good shape to run our business. Because Santardar is so large and has so many countries that need its technology help through the world, the company decided that our systems are efficient and scalable enough so that we don’t need the same level of technology as the other business units do. 

EL.Have you built other things into your systems that your competitors don’t have? 

TD. We’ve a strong culture of making sure we’re efficient and not wasting money on costs. Because we're efficient and can make good credit decisions, we don’t have to sacrifice our margins. Many of our competitors focus on volume rather than profitability. In contrast, we emphasize profitability first and then volume. What’s happening in the U.S. economy rather proves this view.  People chase deals and chase volumes because they have an incentive to gain market share and volume. We’ve never looked at it like that.  Every one of our loans has to make a risk adjusted return. The number of loans we’ll book, and the amount of volume we’ll do will result from hard we work and from how well sell our product. Price is a determining factor in what good or service people decide to buy. If someone wants to beat you on price, no matter how good your service is, you’re going to find it difficult to get the get same marketplace and volume as someone who competes solely on price. We’ll never compete solely on price.

EL. How are you dealing with setbacks in the auto industry?  

TD. In July 2007, we decided that because consumers were under so much stress with high unemployment, with liquidity becoming more difficult to maintain, and with credit card companies and mortgage lenders operating under tight margins, we decided to cut out volume and to raise our margins. We felt that anymore undue stress on consumers would have a pretty big ripple effect on consumer finance in general. We got very conservative last year, raised our margins and tightened our credit. Now as other companies took a too long to react to these things in the economy, they’re now faced with heavy losses. We’re still profitable. In fact, we’re very profitable. We more prepared than ever to take advantage of less liquidity and less competitors in the marketplace. We can generate profits to liquidity we need to continue to operate our business.

EL. Do you have a governance process for capital investment decisions?

TD. Santardar wants us to run our business and unless we are trying to do something that makes no sense, it would never be an issue for us. Above a certain level, we have to go to our parent; otherwise, we’re on our own to run our business.  Our board of director’s provides the check and balances for our  key decisions. There are certain governance limits where yes we’d to get certain approval from the board. We haven't run into that as a business problem for us.

Right now the systems that we have are as good as better than anything in the industry. They are very cost effective. We don't have a glaring need that we can see today. Our philosophy has always been if we need to spend the money to make ourselves better, we will.

EL. Why did Santandar acquire Drive?

TD. Santandar is one of the top 10 banks in the world. It focuses on retail and commercial banking. It doesn’t do investment banking. It has strong consumer ties through a group called Santander Consumer, which does auto loans in Spain, Germany, Italy, Portugal, the Nordics, Eastern Europe, and South American. It’s one, if not, the largest non-captive auto finance company in the world. Auto finance is a core business for Santandar. Drive was the best auto finance franchise available for this company to buy.
 
Elizabeth M. Ferrarini - She is a technology writer from Boston, MA. Reach her at elizabethferrarini@yahoo.com

During John Thompson's decade as CEO of Symantec, a $6 billion enterprise security company, he transformed the company from a consumer-based software publisher to a leader in Internet security, data protection and storage management. Thompson led an effort to diversity Symantec's product portfolio through more than 20 strategic acquisitions, especially the controversial $11 billion purchase of Veritas. Revenues during Thompson's tenure increased tenfold to more than $6 billion. In October 2008, Thompson announced his early 2009 retirement from Symantec. Enterpriseleadership.org recently sat down with Thompson to discuss the strategy for growing Symantec, the challenges of executing on that strategy, and the future growth prospects for the company.

Here's what he had to say:

EL. How has the downtown in the economy affected Symantec?

JT. No company can hide from customers that must deal with challenging economic times. We aren't different in that regard. With that said, we have technologies that companies need to have now. With data volumes growing at more than 50 percent a year for the average large company, they have to secure and to manage that information. If you look at the nature of our product portfolio, we have a certain level of insulation during difficult economic times.

Our primary products include security management, storage management, and backup and recovery. We target the largest companies in the world. More than 70 percent of our business comes from corporate and government customers. The rest of our business comes from consumers around the world.

EL. In 2005, Symantec began a diversification strategy with the acquisition of Veritas. Why did you decide to acquire a storage management company?

JT. We were interested in the backup and recovery components of the Veritas portfolio. A security company tries to keep bad things from affecting an organization's network or its systems environment. Because we had seen so many attacks in 2003 and 2004, we knew we wouldn't be able to stop all of these attacks. We, however, looked at how we could help customers recover to the appropriate level of operational control when an attack did occur. As a result, recovery tools and storage management tools became an important part of our realization that our job wasn't to just keep bad traffic out, but it was to keep an organization's systems up and running. The recovery capability became a critical component of that process.

EL. What is the company's mergers and acquisition strategy?

JT. Mergers and acquisition are an integral part of our business model. We have said to investors that we'd like to spend about half of the free cash flow from operations on mergers and acquisitions. That would translate into about $800 million per year. We want to focus it around two or three important elements. One focus is to look at enhancing the effectiveness of our core businesses, such as our core anti-virus business and our core backup business. These businesses tend to grow in the mid- to high-single-digit range. The second focus is on enhancing elements around the core that would provide higher growth.

While backup and recovery are an important part of what we do, email archiving, for example, is a similar function, but offers growth. While backup is an important element of what we do, disk space backup and data duplication are areas of very high growth. Can we acquire our way into related or adjacent areas that act as catalysts for growth?

Our third focus is to look for areas that three or five years from now have the potential to be high growth engines for us, but also would provide high volume. We recently acquired MessageLabs, a UK company that will complement our on-premise software appliance business, but it will give us a new marketing path or route.

EL. When you talk about high growth, what figures are you aiming for?

JT. We typically look for anything that is above 20-percent growth. We said to Wall Street that we expect to grow as a company at between eight and 12 percent per year. Ten percent is the midpoint of that. We consider anything twice that or greater to be high growth.

EL. Why hasn't Symantec adopted more of a build versus a buy strategy?

JT. We've built much of our technology. In fact, we spend about 15 percent of our revenue on research and development. While we acquire much of our stuff, the nature of the security business has been that the threats change constantly. From 1998 to 2002, venture capitalists in Silicon Valley and in Israel funded more security startups than any other type of company in the technology industry. Each of them had a unique twist on how to solve a particular problem. We aren't so smart that we have a foundry on every great idea. To that end, we want to continue to innovate on our own, but, at the same time, we also want to be open to external forces coming in. We use a model similar to open innovation. We innovate ourselves, but we're open to outside ideas, and we're also open to investing in companies where we might be able to help them move the security spectrum along.

EL. Can you describe the business process for updating the corporate strategy?

JT. It's an on-going process. I have a direct report who runs corporate strategy and business development. We go through a quarterly review of what our portfolio looks like, what things in the portfolio we should eliminate and what things we should acquire. We're looking for acquisitions that will enhance our core, that will represent high growth, or that will reposition us for large market opportunities with healthy growth for five to 10 years. At the annual board retreat, we share our detailed views on these subjects with the board members. Each quarter, we talk to them about the performance of the organizations we've acquiring during the past 12 months, and the prospects of organizations we might consider for the next couple of quarters. We have a healthy dialog about the long-term view of what we're trying to accomplish, the performance of what we've done, and the prospects of things that could be on the horizon during the next six months.

EL. Are you looking at technologies that relate to security?

JT. Yes! We acquired Altiris, a company that does device management. The technology relates to security. For example, before you distribute software to desktops in a corporation, you need to make sure that the software has all of the appropriate patches, that the hardware reflects all of the appropriate changes, and that a process exists for cataloguing everything so you can keep track of it. When a network attack occurred in 2003, we discovered that the vector of the attack had been present in the Windows operating environment for more than six months. If we had systems management tools to update the configuration and to update the software, we could've eliminated that attack vector. Having management tools tied to our security tools represents the opposite side of the same coin. Security resides on one side, while device management, on the other side.

EL. Do you have a particular methodology you use for measuring the success of technology investments?

JT. We look at several key metrics. Is the technology relevant to what we do today? Does it fit into our core business? Can our sales team move it? Do we have synergy with either the go-to-market side or the engineering side? We look at the transaction based on revenue synergies and a growth play or cost synergies, such as consolidation. If it's a revenue play, we want to make sure that the investment enables Symantec to grow at its projected rate or better. Altiris is a good example of a high-growth company. Its growth is in the high teens. We've acquired other companies that are growing at 30 percent per year. We have been able to sustain those growth rates and to accelerate them.

EL. Have any of the companies you've acquired turned out to be bad choices?

JT. Yes! Mergers and acquisitions are a little like internal development. We've built several products that didn't work quite as we had anticipated, and we had to fix them. Likewise, we've bought one or two things that didn't work for us. This is truly an exploration. If you assume that 100 percent of your mergers and acquisitions transactions will work as planned, then, as a leader, you put yourself in a very naive position. The challenge comes when you recognize that something isn't working as you planned, and you have to decide what actions to take to correct the course that it's on. We have experience going down this road.

EL. Five years from now, will Symantec be largely a services-based company?

JT. I envision software as a service, or cloud-based services being a larger percentage of our revenue mix, but I don't expect it would be the predominant base of our revenues. We haven't disclosed what our internal cloud-based services represent. For example, last year, MessageLabs had $125 million in revenue. That's a small amount.

Having been in the industry for many years, I'm a bit critical of my colleagues who would argue that cloud computing is the next great thing that's going to change the world. Nothing changes as fast as the soothsayers would suggest. While I think cloud-based services or software as a service will take on a greater proportion of how customers avail themselves of software, it won't eliminate the need for software companies in general.

EL. How are you helping organizations carry out their IT Infrastructure Library (ITIL) framework?

JT. All of our enterprise products comply with ITIL. In fact, our Altiris product will help you determine how well your enterprise complies with the ITIL framework. ITIL has capabilities around service delivery and service management. Likewise, our Altiris suite has an IT service management component.

EL. How is the piece of the managed service business doing for Symantec?

JT. It's has had good growth in the mid-teens to low 20s. It's an area that will get more focus over the next year or two as corporations decide it's too taxing for them to handle managing their firewalls, managing their intrusion sensors, and managing their email security infrastructure for spam and anti-fraud. It makes sense to outsource these things to a delivery expert such as us. Tough economic times like this force customers to evaluate whether or not they should managing these things themselves or they should rely on trusted experts.

EL. Does your Symantec's stock price still fluctuate whenever the media reports a major security breach?

JT. Not at all! A few years ago, chatter on the nightly news about the latest virus attack would have a corresponding impact on our consumer-installed business revenue. We've seen less visibility about broad-based attacks of late, and thus our consumer business hasn't had that external catalyst. An incident like TJ Maxx or some of the other data breaches that have occurred provide to remind our sales team, and in turn, our customers, with the importance of our data loss prevention technologies. The growth in data breaches prompted us to acquire a leading solution in that space by a factor or two or three. It also has great momentum.

Interview conducted by Elizabeth Ferrarini at elizabethferrarini@yahoo.com

When Gary Cantrell became chief information officer at Textron in early 2006, the company was almost three-quarters of the way through a six-year transformation of the information technology organization. Over the years, Textron had become an $11 billion global, multi-industry organization by acquiring aircraft companies and industrial firms. Some of the Textron brand companies include Cessna Aircraft, Lycoming Engines, and Bell Helicopter.

By leveraging formal best practices and governance, Cantrell and his team have continued to streamline the IT infrastructure across all of the Textron companies. He says, "We're doing things faster, better, cheaper."

Recently, enterpriseleadership.org spoke with Cantrell about how the IT organization is structured, what initiatives were key to the transformation, and what were some of the lessons learned from this process. Here's what he had to say:

EL: You've taken a kind of matrix approach to your IT organization. Can you describe it? 

GC: We have a federated model with nine divisional CIOs. They focus on delivering application services and support, but are also accountable for the infrastructure. Our shared services model for IT comprises six Centers of Expertise (COEs) including infrastructure, security, enterprise initiatives and strategic planning, collaboration, SAP, and PeopleSoft. Each COE has a leader. For example, the CTO who reports to me oversees the infrastructure COE. The collaboration COE is working on how we handle virtual teaming across all 400 Textron locations.

EL: How does your governance structure work?

GC: We have two ways to manage the governance process. Our information management council comprises the nine CIOs, all of the COE leaders, and me. This group provides our strategic direction, the corporate business unit alignment, and then our integrated planning activities. Below this group, we have started to organize tactical review boards staffed by people who report to the COE leaders. For example, we have an architecture review board.

The Textron executive management committee has five members, including the CEO. Below that, there is the Textron Transformation Leadership Team, which consists of all the business unit presidents. All IT capital issues, such as deploying SAP, would go through the TLT. If something affects the business, I might go to the executive management committee. I don't have to go to either committee for everything that happens in IT. Neither one of these committees works on IT issues independent of my involvement.

EL: Textron has undergone a six-year transformation in process improvements. Can you talk about some of the key IT process improvements?

GC: We call our transformation process "systems modernization." Like a lot of companies, we've acquired several companies over the years, nine in our case. SAP has been a big part of our IT modernization.

We're trying to clean up the portfolio of acquisitions. Six Sigma has helped us to reduce the variation in our environment, and Lean has helped us to move a little faster. That's where Lean fits in. You still have to deliver high quality and value, but you have to find innovative ways to do it.

EL: Can you describe the specific areas of IT modernization where these best practices have helped you improve processes?

GC: Using Lean processes and with the help of an outsourcer, CSC, we restructured nine different infrastructures and architectures where we took out dozens of data centers. We also restructured our email service from 150 servers in 70 locations to 40 servers in six locations. Now we have the redundancy and backup capabilities we need on the network backbone.

We also put in a new manufacturing system across the enterprise. However, some of our business units use specific applications that complement the manufacturing system. We leverage these applications across the enterprise also.

EL: Do you use the IT Infrastructure Library, CobIT, or the Balanced Scorecard?

GC: We've tied use of the Balanced Scorecards in with our Six Sigma gold deployment that we used in the beginning of the IT modernization. We're now working on integrating CobIT into some of our process maturity initiatives with Six Sigma. We've pretty much standardized on a plan for using CobIT for the next few years. We have a little bit more work to do on our tactical action plan.

Some of the business units have become very advanced CobIT users. We used the Lean manufacturing philosophy of Shigeo Shingo for one assessment we went through. In some cases, we've gone from silver to gold; in other areas, we're at the basic level moving to bronze. We're working aggressively on having a standard implementation methodology and assessment methodology for driving our maturity. Over the next 24 months, we will get the horses all lined up and get the enterprise on the same level footing.

EL: What kind of certification levels do you have in place?

GC: Right now we have two Six Sigma black belts for every 100 people on our IT staff and on the CSC staff. The ratio of Six Sigma black belts is higher on the corporate side. This year, we're pushing to have 60 percent of the first two levels of IT professionals green-belt certified in Six Sigma. The goal for 2008 is to have 100 percent of these folks green-belt certified.

EL: You have been quoted in the trade press saying that Textron's IT strategy resembles General Electric's IT strategy. How are they similar?

GC: When I was CIO of Honeywell, I had some first-hand exposure to GE. That company has a core corporate IT function similar to our COEs. GE's IT organization also has a fairly strong presence in their business units similar to us.

On the other hand, GE is larger than us and its business units have more scale that ours. We have a more standardized, rigid infrastructure, which provides us speed and efficiency and a lot of leverage. Also, our architecture review process is more rigorous that GE's. We try to do as much enterprise standardization as we can.

EL: Do you think IT can be run as a business?

GC: We had these conversations at both Honeywell and Bank of America. As far as I'm concerned, IT is a support function, enabling the business units to generate revenue and generate support for their customer. If you're an IT provider such as CSC or IBM, then you can argue about running IT as a business. Internally, IT is a cost center. It might not be a core competency in each business unit, but it's critical to support the work of each business unit. To this end, my charter is very simple -- help give each business unit a competitive edge and to achieve customer satisfaction.

EL: What do you get out of venues such as the CIO Executive Summit?

GC: Venues such as the by-invitation-only CIO Executive Summit give me tremendous network opportunities. That's the most important thing that comes out of it. Second, I get to discuss common challenges or technologies or industry threats. The most common discussion among peers deals with the latest virus threat on the horizon. These venues also expose you to lot of new IT talent or new suppliers. If you select your venues wisely, you can spend several days looking at a lot of new technologies. This process eliminates the need to have vendors parade through your office.

EL: You spoke at the Hackett Group's 17th Annual Best Practices Conference. What did you have to tell attendees?

GC: We've used the Hackett Group to benchmark some of the processes we are doing, as well as to assess how well we are doing with some of our best practices. This year I spoke about Textron's IT transformation and the best practices we deployed. The group of 100 really wanted to know what best practices worked and what best practices didn't work in our environment and why.

EL: So what things didn't work?

GC: We had a strong business case for many of the things we planned to do. Communication seems to be fairly robust. On the other hand, we grossly underestimated employees'

resistance to change. We had to do a lot of front-end work on change management. If I had to do things over again, I would've put more emphasis on this.

EL: What best practices did you find to be ineffective?

GC: Our change management process, which is based on Six Sigma, worked very well. This seven-phase-gate approach requires you to define everything from business case to stakeholder involvement. It worked well for the high-risk, high-changes areas. When it came to routine activities, it didn't hold up for us. That's where we could've done a better job of selecting a better methodology.

EL: One of your IT teams is looking at virtual teaming. What are your thoughts about 3D virtual worlds such as Second Life?

GC: I'm not sure what to do with it. It's not based on reality in the first place. If someone can help me understand the applications for Second Life, I'd be glad to listen.

EL: You were one of the nominees for the Information Security Executive Award from this year’s Northeast division of the ISE. What initiative did you get nominated for?

GC: We've had a comprehensive push on consolidating perimeter security, along with improving other areas of security. The nine acquisitions Textron made presented IT with the challenge of how to handle disparate approaches to security. We also focused on how to extend secure wireless connectivity to all of our Textron locations. Here, we sewed up all of the areas for possible data loss. Next, we overwhelmed our disaster recovery and business continuity programs to focus on our consolidated data centers. We also carried out a program to educate employees about security.

--

Additional Reading - Sponsor Links:
Unlock the Hidden IT Opportunities in Troubled Economic Times
Pink Elephant and BMC Software Survey Results: ITIL® Best Practices in SAP Environments

Elizabeth M. Ferrarini is a writer from Boston, Massachusetts. Reach her at elizabethferrarini@yahoo.com.

As gas prices slowly crept up to the $4.00 mark this year, sales of new trucks and SUVs hit a record low sending some automobile makers on a hunt for ways to keep the bottom line from taking a nose drive. Three years ago, the $64 billion Chrysler LLC took take steps to deal with an impending downturn in the market by launching a recovery and transformation plan. In early 2007, the company began the corporate journey toward financial health and operational well-being. The plan includes changes throughout the entire enterprise and throughout all of the organizations with IT being one of them.

Jan Bertsch, Chrysler's senior vice president, and global CIO, says, "Our IT goal is operate more efficiently and more effectively. The business case specifically for IT was very clear. Because the competition continues to get stronger, IT really needed to focus on several things, one of them being the need to leverage global resources to support our growth initiatives."

Enterpriseleadership.org recently sat down with Bertsch, who is a also Chrysler's treasurer, to talk about the strategic changes and partnerships that will make IT more responsive to the global needs of all its constituents. Here is what she had to say:

EL. What can briefly describe your key responsibilities as CIO  at Chrysler?

JB. I'm responsible for the direction of our global systems' hardware strategy and planning. This comprises all of the company's systems application development, our data center operations, telecommunications, and network operations on a global basis. IT has the dual role of keeping our global operations running, but also being a key partner with our business. We try to use IT to help the enterprise respond to changing customer and business partner needs, as well as to help fuel our international growth. Our structure today combines centralized services as well as shared services.

EL. Can you describe how the current  structure of IT supports all of global business operations?

JB. Our applications group aligns with the main businesses of Chrysler, which includes our sales and our marketing systems, our after sales systems, our product development, our procurement and quality systems, as well as manufacturing and supply systems, and human resources, finance, tax, and legal. Our shared services group provides these standardized services and support to all of our applications across the organization. These applications include our applications architecture, and our IT compliance of our processes, such as Sarbanes Oxley. Databases and business intelligence belong to our shared services organization.

Our infrastructure group provides the foundation for all of the work, the hardware, the software, the data center, and the networks across the company. We operate and support all of our partners across the business, in all of the plants across the countries with all of our data centers. We interface with all of our suppliers and parts depots as well and our dealerships. That's our organization today.

EL. How is  the structure of your IT organization going to change because of the IT  transformation?

JB. Going forward, we want to focus on continuing to support the design, and the manufacturer, and the sales and the service of our vehicles. At the same time, we want to improve the business intelligence and operational excellence that goes along with that. We'll continue to focus on critical company initiatives. For example, we'll support the strategies of our business partners by carrying out the following strategic initiatives: determining the prioritization and the source of funding to speed delivery, and to enhance the quality of our services across the company; and also helping the company to improve its efficiencies, and to achieve its revenue goals through more innovative and more efficient use of technology.

EL. What's your enterprise architecture and does it  align with the overall business model?

JB. Our technology architecture goal is to provide the capability for the interoperability between our diverse platforms we have. We achieve this with a number of efforts, including a common development in infrastructure platform, a product strategy that includes simplification and a drive towards common IT services. Our applications architecture focuses on a consistent consistency of design.

We want to enable common processes and common business services, which span all of the areas, with a service oriented architecture approach to the development. We'll focus on service enabling many of our legacy systems, which have coding for a significant amount of business processes. We have the goal to improve upon the simplification of that and work with some of external service providers that we recently announced. These external partners will help us to combine those solutions in divergent areas to become agile solutions. There's a big focus on that aspect.

EL. What were some of the  signs that prompted the IT transformation?

JB. Because of the rapidly changing industry, changing marketing demand, and changing customer demand, we thought the need for IT capability could flex better with business demand if we had an alternative solution to how we work today. Of course, we all need the ever-increasing demand for innovation and technology improvement. Our IT transformation was one part of the corporate plan, but I see it as the next step in our continuous efforts to operate more efficiently and effectively. An IT transformation gave us the tools and the flexibility to drive business growth, not just to react to the situation.

EL. Who are the IT partners and what do they bring to the  table?

JB. We decided to look at those areas within IT that had the biggest opportunity for improvement. We took time to assess where we felt we were market leaders and where we weren't. For example, we've operated our mainframe and server support areas efficiently with third-party resources. However, we manufacture automobiles, not provide IT services to major corporations. We knew that other technology companies in the industry could probably service us better in those areas because of their scale of business.

We first identified some areas where we felt we could drive improvement in the organization. We went out and market tested those areas. We also market tested some global players that had the capability to handle a company Chrysler's size, and that we felt would be good business partners with us. Based on our market test, we found that where we thought we had opportunities, we did have opportunities. At that point in time, we did due diligence and settled on suppliers. We awarded business on the applications side of our services to Tata Consultancy Services, and also to Covancys, a part of Computer Sciences Corp. We awarded our infrastructure business to Computer Sciences Corp. We're now in the process of transferring our internal business processes to our new business partners.

EL. What is involved in  the handoff of business processes from IT to the partners?

JB. For example, Tata will handle some of the applications maintenance work. We identified what work will go to them, and then we'll work with them on transferring business processes and the know-how. Because we're in the middle of this, I don't want to go into too much detail. On the applications side, some of the work will take place in other locations and might not require as many people. Tata might provide offers to some people to work locally. On the infrastructure side, Computer Sciences Corp. has provided interviews to our on-roll people and has made offers to some of those people to work either on the Chrysler account and perhaps later on to work on another account. We also have contract houses who've elected to work with our business partners.

EL. How will the transformation change your governance  process?

JB. There will be a reasonably large change in that area when we transfer the business. This transformation allows us to better focus on identifying internally the strategic business processes we could benefit from, and we could improve some of our innovative solutions. We'll be less involved with the day-to-day operations, and we'll be more involved in the strategic processes going forward. We'll further collaborate with our business partners. We'll gain a better understanding of their pain points, their desires, and the way the business moves. As a result, we'll be able to better leverage our global service providers' wealth of experiences in these new technologies, and to identify quickly projects that will have the greatest payback and the surest ROI. We'll have more time and more ability to improve our governance process, to improve the prioritization of our projects, and to improve the quality of the innovative solutions we can bring to our business partners.

EL. Do you have any strategic business processes where  IT can make big improvements?

JB. Sales and marketing is an area where there is some capability to improve our volume planning operations. This is area also works very closely with our logistics and purchasing operations to improve our forecasting techniques for what we should be building and, therefore, what we should be buying. We always seem to have many good ideas. However, we're somewhat precluded from being able to participate all of them because of capital requirements. Because we're going to be working with partners that have the capacity to invest in those new technologies, our revised governance structure will enable us to better prioritize these business processes.

EL. Does your financial  background enable you to see things differently than a CIO who has grown up in  IT?

JB. Having a finance background helps me to dive into the business case to analyze each of the improvements or projects we're looking at. I've always professed that changing IT or anything for the sake of changing it doesn't make any sense. You need to have a sound business case to justify it or else we shouldn't be doing it.

I don't imagine that being in finance really differs from the experiences of most CIOs today. I see more CIOs with a strategic background, usually in finance or in business management. To be successful in a CIO role, you have to know the entire business, and you can't be a successful CIO just being a good technology person. You have to understand the strategy. You have to have a good financial sense about you. I see more people with those some skills taking on this role in many industries.

EL. What process improvements you are making to  become more responsive to customers' needs?

JB. We're in the process redefining our IT landscape for the new delivery model we're talking about in the future. Both IT facing and the customer facing processes will focus more on becoming customer friendly. At Chrysler, we know that the perception of the customer is everything. We spend a lot of time with our dealers, with our systems, and with our processes to try to enhance the customer's experience with the dealership -- either online or in person. I think one of the key changes will be in the level of participation that we to target in the alignment of our IT strategy with the business strategy. We don't like reacting to business requests. Instead, we like to be an integral part of the solution to our issues and our goals. We'll measure our contribution in the future, not only in terms of our IT delivery metrics, but also as an innovative and cross-functional partner of our business.

EL. Have done any previous outsourcing?

JB. In the past, we told the partner what we wanted them to do. Now we're saying: 'Listen, we have something to deliver. Let's work with you to figure out the best way to deliver it. We're open to suggestions.' We're doing this a much larger scale now. We're also looking at doing that with certain functions within our organization. However, we're still maintaining relationships with the suppliers, and maintaining the governance, the compliance, and much of product planning up front in house. I know that many people who outsourced in the past might've outsourced too much and now they're bringing a portion of it inside. We tried to be cautious about that as we go to our next steps -- making sure that we transfer those parts of the business that our partner is best at and maintaining those parts we know we are the best at managing.

EL. What is your timeline for the IT  transformation?

JB. Last year we started in earnest right after the separation of Daimler and Chrysler. We determined what we were going to do to by year end. We selected our partners early in 2008. We should be completely done with this portion of the transformation by late summer. It's a quick timeline, but we felt it was important both for the respect of the people and to maintain our business knowledge transfer as much as possible. Our new business partners agreed with that.

It's not going to stop there. We're relying on our relationship with our new business partners to continue to identify opportunities. Already in the process, our partners are now coming to us, identifying some things that we had either not thought of, or hoped would happen shortly after the transformation. Some of those are based on best practices that the business partners see. Other ones may be based on pure scale -- where we might be able to reduce the requirements for hardware because we're now dealing with companies that have a larger base that we had. Together we'll pursue more good opportunities as we continue down this path.

Author: Elizabeth M. Ferrarini - She is a technology writer  from Boston, Massachusetts. Reach her at elizabethferrarini@yahoo.com.

In 2003, Zurich Financial Services, one of the world's largest insurance companies, decided to transform its highly centralized IT organization to a highly decentralized managed by a small internal staff and a major outsourcing partner. After evaluating several global outsourcing companies, Zurich Financial signed a $1.3 billion outsourcing agreement with Computer Sciences Corporation or CSC.

Many large, global companies, such as Zurich Financial and Chrysler, have turned to CSC for innovation IT services in one of these areas: outsourcing, systems integration, and consulting. Founded in 1960, CSC has more than 90,000 employees in 80 countries and annual revenues exceeding $16 billion. CSC's service span most vertical industry segments and many horizontal lines of IT services, such as outsourcing and supply chain.

Recently, David McCue, CSCs's CIO and vice president, got named to Computerworld's 2008 Premier 200 IT leaders list, a carefully selected group of IT executives selected for their leadership capabilities in managing and executing IT strategies. enterpriseleadership.org recently said down with McCue to learn more about how he makes technology decisions that affect both the internal IT organization but also customers. Here's what he had to say:

EL. Can you provide an  overview of your IT organization, especially what makes it unique?

DM. Our IT organization combines a blend of a federated model and a centralized model to achieve the best results for the business. Each of the main revenue areas has an embedded technology staff CIO. These staff CIOs represent the requirements of that particular area, such as a vertical like manufacturing or a horizontal like applications. The aspects of our business that fall into a central shared services type of model include, email, security, content for repositories, and portals. We use SAP to handle all of our financials.

I treat things that we do for ourselves, such as payroll, messaging, collaboration, customer relations management, financials, and business analytics, as if we were an outsourcer account with CSC global. We have about 1,250 people assigned to the CSC IT account. We're one of the largest IT customers of CSC global, the vendor.

Our CIO council comprises the embedded CIOs, along with some individuals. For example, I've appointed people to global HR, supply chain, and financial functions. Each area of the business has an advocate. The council does planning, strategy, and final review of policies. Some of the subcommittees will review policies in certain areas and report any changes to the CIO council.

EL. Does the company's  outsourcing model complement your IT business model?

DM. We think of the CSC IT account as having several serious buckets of activities. The account needs these items. For example, we use SAP instead of Oracle. If I need Oracle expertise, then I'll leverage the capabilities of CSC, the outsourcing vendor. I'm the 800 gorilla customer. We have buckets of activities or commodities, which the entire business equally shared. I have a leverage capability that wouldn't be available if we didn't have our business model for IT. Every time we win an outsourcing deal, we gain a certain amount of infrastructure. We then rationalize and normalize it through the outsourcing process. We can re-deploy this excess infrastructure to other accounts that can use it. My cash expenditure doesn't actually represent the actual value of total services that I own, control, and direct. Leveraging what we've acquired changes our cash expenditure in terms of where it shows up on the balance sheet.

EL. Can you describe how your governance process  goes works for getting projects and investments approved?

DM. I sit on two sides of the tables. I report to the chairman and attend his staff meetings. My peers include group revenue-unit presidents and the corporate vice presidents for each of the major functions. Our program governance board comprises the group president and me. We decide the research and development investments for the business. We take a blended approach toward governance.

From an axiom viewpoint, I put forward the business case, the strategic direction, and evaluation. Our go-to-market revenue decisions don't, in themselves, dictate internal choice and direction. A decision that we make for ourselves, such as a business case to go in a certain direction, has to make sense and pass hard dollar and soft benefits hurdles on its own, independent of alliances, partnerships, and go to market revenues. If selling something is the only reason for the business case, then it fails. If I have multiple choice business case decisions to make, I'll select the ones that can stand on their own, that have good relationships, and that have revenue potential. At the end of the day, we go to market, given the nature of our business, with all of the major players.

EL. How do you decide  what technologies would be good fit for IT?

DM. Just because I run SAP, doesn't mean that I don't have a robust Oracle practice. I have to do what makes sense for our IT our account and the best practices. I can't possibly run everything. I can't run SAP for financials and Oracle for payroll. The same thing happens when we go to market. We might have multiple solutions within similar areas based upon the intellectual property needs, and the unique requirements and specifics of different verticals. For example, processing insurance claims has some similarities to handling returns in a manufacturing environment. However, the products used in each of these areas have some practical differences. Everyone would like to run every solution. That's not practical! Because we'd incur additional excessive expenses, it wouldn't be in the best interests of our stockholders to run every solution.

EL. How much of a say do  stakeholders have in how you make technology investment decisions?

DM. Stakeholders always have had the ability to voice their views. We have command and control and there's direction. Any time we make a decision between choices, we can't always achieve a win-win scenario for everyone. Having a hybrid or central and federated model helps us to ensure a dialog to talk about all of the cards on the table. Our common services have to scale globally to provide attractive economies.

We do the traditional set of roadmaps for a specific number of years, and we review those roadmaps routinely to look at different technologies, best practices, or changes in functional requirements.

Those embedded individuals represent their stakeholders' internal needs, as they're appropriate to the larger revenue customer base. We don't do business in isolation. We know what we're doing in the market. I sit on the research and development governance board. I look at the business cases for things we're developing as potential go-to-market solutions. I work closely with our general counsel and with the president of our global marketing organization. We take all of that into account and bring that into the mix.

EL. Have you automated your governance and your  portfolio process for investments?

DM. I don't run a single portfolio project management dashboard type of product. We've automated the reporting of variety aspects of that through different schedules. One schedule lists projects for each fiscal year. Each project goes through a multiple cycle process. If a project passes the business case review, we then release the funds to start that project. Each project has various reporting milestones. These milestones differ in their degree of specificity, timeliness and risk tolerance. The sponsoring business units do quarterly reviews and reporting of the overall portfolio of the projects. Monthly monitoring and reporting at the application or infrastructure level also supplement these quarterly project reviews.

EL. How does CSC handle  innovation?

DM. We have a corporate office of innovation, which expands all aspects of CSC's environment, including go-to-market strategies. It has a concentrated, managed set of projects, programs, and strategies. It runs a leading-edge forum, conducts various conferences, give innovation awards to employees, and operates centers of excellence. I belong to the office of innovation steering committee. We leverage this organization as an approach to innovation for IT.

EL. What  automated processes have you put in place to handle emergency communications  with your customers?

DM. Our emergency crisis notation system can quickly mobilize key people from around the world to act on a critical situation. They get notified through SMS, text messaging, or whatever other media they use for critical situations. As a global outsourcer, we have formal processes if a situation arises, such as a data center going off the grid or an application fails. Once we assemble the restoration team, we establish multiple audio bridges which the customer and the technical people. Our management people review these audio bridges every one or two hours for updates. Once the customer's problem has been resolved, such as data center brought online, we go through a mandatory root-cause analysis process, which my staff reviews.

EL. Can you provide examples of some of your converged  platforms to get closer to your customers?

DM. Our CSC account and our customers use some of the same applications, such as GCARS, a controlled release to production review-type application. We all use it whether the item released to production relates to the customer account's own equipment, or will run on a customer's account on our leveraged equipment. We have a variety of converged platforms like that one. Both our employees and our main customers have access to our global portals. Of course, it has areas restricted to specific accounts and customers.

Author: Elizabeth M. Ferrarini - She is a technology writer  from Boston, Massachusetts. Reach her at elizabethferrarini@yahoo.com.

Scott Griffin enjoyed every minute of his 28-year career at The Boeing Company, the world's leading aerospace company with capabilities in both commercial jetliners and military aircraft. From 1999 until he retired in June 2007, Griffin was the global CIO and vice president of Boeing IT.  His responsibilities included overseeing a staff of more than 5,000 people, and spearheading all of the IT strategy, systems, infrastructure, and architecture, The collaboration between his team and Boeing engineers around the world played an integral part in the design and the manufacture of the first Boeing's 787 Dreamliner.  In fact, a chapter in Evan Rosen's book, the Culture of Collaboration, chronicles Griffin's real-time interactions with other Boeing executives.

While Griffin retired from Boeing, he has no desire to retire from IT. In fact, he is pursuing a master's degree program in not-for-profit leadership at Seattle University.  He plans to start a not-for-profit company to do pro bono IT strategy consulting for other not-for-profit organizations.  He has served on the board of the Greater Seattle Chamber of Commerce, and the Chicago Shakespeare Theater.

Recently, enterpriseleadership.org sat down with Scott Griffin to discuss his IT career at Boeing and his plans for the future. Here's what he had to say.

EL. When you talk to MBA students about IT, what leadership  qualities to your emphasize to them?

SG. I have a regular presentation about preparing MBA students to run organizations and to understand the power of IT to transform a business model. You can use a cookie cutter to stamp out CIOs who understand technology. They need to know how IT works and how to talk to business leaders about things that are important to the business.  That's number one. It made me successful at Boeing.

EL. How do  you acquire the skills that made you successful in your long career at  Boeing?

SG. I had three careers at Boeing. When I worked in customer service, we moved from paper to electronic media. Today Boeing delivers digital content to airlines around the world every day, as well as to the U.S. military. My second career was in avionics where I worked on classified software. When I joined the IT department, my third career, I understood the business process, the IT systems, and the data. I had the great fortune to be a business leader before I became an IT leader. I talked to people in the airlines, in the military and inside of Boeing.  I talked to each audience in language they understood. If the CIO doesn't have this, he or she is just a technical leader.

EL. Why did you decide to spend your retirement  years pursuing IT in the not-for-profit sector?

SG. Before I went to work for Boeing, my wife and I, both fresh out of Fresno State, moved to Seattle to work as house parents for a home for troubled teenage girls. This was my first experience dealing with a not-for-profit.  It was a truly rewarding one. The hill the home was on run down to the Boeing 747 plant. In fact, the home benefited from a Boeing fund.

I picked up Peter Drucker's book, Managing the Not-for-Profit Organization.  In it, Drucker talks about how not-for-profits have become the distinguished feature of American society. The book talks about how to get the most performance out an organization. The book ends with this profound question: What do you want to be remembered for?  That drew me back to my experience working at the not-for-profit.

EL.  How did you IT team react to your decision to retire and to go in this  direction?

SG. My staff wasn't surprised by my decision, just the timing of it. Recruiting a new CIO takes time.  We started the process five months before we announced my replacement, John Hinshaw. I still get a lot of questions about the initiatives my team started while I was CIO.  I left a well-run organization that had great people.

EL. What, if any,  reporting changes did you make to your IT organization?

SG. Before 2005, IT had a shared services model for the infrastructure group. The rest of the IT folks resided in various business across the company. In 2005, we brought everyone in IT together under one organization.  We even pulled the functional analysts in, engineers who sat on the boundary between being a design engineer and being an IT person. We needed those people because we build IT solutions for our customers. This move gave us a fresh start to figure out what was important to us. It was one of the strategies for Boeing IT.

EL. What challenges did you place driving innovation in  IT?

SG. When we looked at innovation, we always benchmarked against the top companies in the world, especially Toyota.  Concurrent design has a lot of complexity. You had people working on the same assembly, regardless if they are in Moscow or in Everett, Washington. We had these great pockets of innovation. Our money didn't match our strategy of innovation. Two- thirds of IT budget went to support the things already in place and one-third went to innovation. We created a strategy to fill this gap. We looked at how to have two-thirds go to the future and, one-third go to support the business. We were just embarking on that when I retired. .

We looked at how IT could help transform the business and innovate there, not where we thought IT was going.  This posed an interesting challenge. You need to have people thinking about how to do the business process differently. If you don't, they will become adverse to change. Unfortunately, even the best IT leaders over time can find themselves spending most of resources on improving the things already in place, not trying to create a breakthrough change the company. Collaboration became that breakthrough at Boeing.

We looked at the places where we had innovation. For example, we worked with our global suppliers as if they were part of the same company.  Cisco did this before Boeing.

We set out to work on those  areas we had ignored. I really don't want to elaborate on them. 

EL. Can you discuss the your philosophy behind your mantra to  innovate and to inspire?

SG. Inspire deals with who are the people looking for the change.  Is it the IT team?  No CIO is smart enough to know which inflection points are real, which are flash in the pan, and which IT company has the next great thing. You have to energize your entire team to work on these issues. When you inspire, you begin to remove the obstacles for the experts to do innovation. My leadership team spent a lot of time thinking about what people can really inspire other. We looked for a certain leadership style, which focuses on breaking down walls for your team so they can be most effective rather than leading the charge.

EL. What did you do to inspire  future IT leaders?

SG. This's one of the top roles of the CIO. It's the reason I was able to retire and to shift in providing IT to the nonprofit sector. You can judge the effectiveness of the former CIO by looking at the future leaders that CIO groomed. I can tell you the list of potential CIOs and why I selected them.
We had some great programs.  Every week the entire IT team, people located in about 60 countries, attended a virtual IT staff meeting. Our executive skills team met every week. We asked staff managers to ponder these questions: Who are our future leaders? What does the pipeline look like?  How diverse is it?

EL. How did you select candidates  for Boeing IT University?

SG. To look for candidates to attend the Boeing IT University, we would comb the pipeline for managers who had the potential to be executives, and staff people who had the potential to technical leaders. The program doesn't use university professors, but IT leaders teaching potential leaders. The curriculum consists of spending eight, 24-hour days discussing what  challenges face Boeing, how do these challenges translate to Boeing IT, and how these future leaders can contribute to the strategies of innovate and inspire. We give the participants a graduate-level case study, which we created. It presents the what if scenario about Boeing acquiring a company.  The participants must work through migrating the company into the existing IT structure. Using actual data and strategies from Boeing, participants, at the end of the week, have to give a present their findings to a board of directors comprised of the IT leader instructors. This experience has changed the way we relate the people in that pipeline. We get to know these future leaders. In turn, they have a safe place where they can present their ideas. They also write a business case. to do an ERP implementation.

EL. Do you use the center for excellence concept to fuel new  ideas?

SG. It's not a strategy for us. Most of my colleagues with centers of excellence didn't have a consolidated IT organization. We had the center for excellence strategy when IT was decentralized throughout the company. At that time, we said let's create and fund centrally a center of excellence for manufacturing engineering. Once we got all of the IT folks together, we still called them centers of excellence. I don't want to say that concept isn't a good strategy. Now the people who do manufacturing engineering systems now work on the same team as Boeing IT. Together, we begin to create the future process, systems, and data for those functions.

EL. Can  you describe how the Investment Board came about at Boeing?

SG. After the merger with McDonnell Douglas, we started to think about how we could move Boeing to common processes and where it makes sense for common systems. We couldn't do that if every cubicle had its own IT leader.  We had a shared services model where all of the transactional activities existed. The systems resided in the business unit.  If we wanted to move to common processes, we didn't have the right governance model. We didn't have our hands on the people that were learning today's systems and planning for tomorrow.

Our first move was to pull the IT people together. That was a lot of work. It presented all sorts of cultural challenges. We had shadow organizations all over the place. We had to change people's budgets so they couldn't create shadow organizations.

The 2B model was the IT investment portfolio. I made the decision that I shouldn't chair that. The CTO for Boeing assumed this responsibility We invited all of those businesses who owned their own IT, such as a design engineer on the 787 program on the 787 project had his/her own IT department. We pulled those people away. We offered to make the leader sit on the Investment Board.  Once we got the IT people and the functional leaders together, we could decide what investments we would make with Boeing's IT dollars. We were in the third year of it when I retired.

EL. What  changes did you make to the governance model because of the Investment Board.

SG. The governance model was slow to change. The functional leaders would come together on the front end and say, 'My program is totally unique from everyone's.' We weren't interested in having a discussion about building one ERP system. We rejected more than a $100 million dollars worth of good projects not aimed at the entire Boeing Company. When I left, that model had completely changed. We were still having an Investment Board meeting once a quarter. When people came to us, they knew that their project wouldn't be approved unless they had taken into account the entire Boeing Company.

Author: Elizabeth M. Ferrarini - She is a technology writer  from Boston, Massachusetts. Reach her at elizabethferrarini@yahoo.com.

If you want to work for a top company that rewards entrepreneurship and innovation in IT, be prepared to learn all you can about the retail mortgage business. For the past three years, Computerworld has honored Quicken Loans, the largest online retail mortgage lender in the U.S, with the top spot on the 100 Best Companies to Work in Information Technology list. Meanwhile, Fortune Magazine, for the past four years, has ranked Quicken Loans in the top 20 on the 100 Best Companies to Work for in America list.

Recently, enterpriseleadership.org sat down with Frank Laura, the chief information officer, to learn how a unique corporate culture has shaped an outstanding IT organization, and what it takes to work in IT at Quicken Loans.

EL: Apparently, you have a team-oriented  structure for IT?  Can you elaborate on  it?

FL: First of all, I report to Bill Emerson, the CEO, and have a number of IT directors reporting to me. That top layer is the extent of the traditional structure.  The rest of our structure evolves around our culture, so we can be more creative and innovative. We assemble teams for specific projects. A project team might not report directly to an IT leader but to a team leader or team captain. A project team could also have one or two sub teams, headed by a team leader who acts as a mentor for one or more individuals.

Our teams often include people from outside of IT.  For example, a team to redesign our Web site could include an IT director, staff IT professionals, and representatives from marketing. We've had other teams comprised of IT staff members and people from mortgage banking.

Some teams create their own name and identify. For example, the Jedi Council is a team of software engineers who happen to like Star Wars.

EL: How does an IT employee balance going the extra mile and  still doing their day-to-day assignments?

EL: Does it take a special-sort of person to work in IT at  Quicken Loans?

EL: If I'm a new IT person, how do I get absorbed in the  Quicken culture?

EL: How do you reward people who've taken a  risk?

EL: When you interview IT people, how do you evaluate their  passion and desire to extend themselves to solve problems?

FL: You can usually tell by their body language, the words they select, and their enthusiasm. A really passionate person can't stop talking about what they do.  The signs are pretty  obvious.

EL: Given your matrix structure, how do you review IT  professionals?

EL: What kind of an IT governance model do you  have?

Certain team members meet weekly depending on where they live  in.  If it's a highly regulated project, then people will meet with legal every day to talk about the project and to make sure the guidelines are meet according to the way they are laid out.

IT also gets examined by auditors from all of the states where we do business. They make sure our IT processes are up to snuff. Do we have access to all of the data we need? What are our source code retention policies? Our security teams work very closely with us to make sure we're meeting the gold standard.

EL: What types of best IT practices do you have in  place?

FL: We don't use formal best practices such as Six Sigma and CMMI. Our process improvement, which has the nickname the mousetrap team, makes sure we provide our customers with faster, simpler, and more accurate customer service. This team digs deep in to every aspect of what our business, ranging from IT to mortgage banking. They use a common sense approach to best practices and process improvement.

EL: You've developed a lot of technology to change your industry. What are some of the things that make you stand out from the crowd?

FL: We're really a technology company, creating some unique mortgage industry applications. We're a build versus buy kind of shop. We're constantly investing in automating the mortgage process so we can write loans faster. By building our applications we can own our destiny. Buying applications doesn't provide an organization with a completive advantage. Everyone has access to the same application. We rely heavily on our knowledge of the business to customize things extensively. That's unique in the mortgage industry.

We're best known for the work we've down with e-signatures. In fact, we  pioneered the concept.

We're piloting security mechanisms that would protect the  confidentiality of clients' data.

EL: .  Everyone talks about aligning IT with the  needs of the business. How do you accomplish this?

FL: We tell IT people to learn all they can about the business. They have the freedom to chat with a banker or shadow an operations business, or someone in our capital markets group. They can learn a lot from the people who are using the tools they build. You can then start to ask key questions, such as why does this process take so long? Once you understand both the business and the technology, you can solve many problems important to the business.

FL: Our culture can scale. A lot of people focus too much on things that don't matter to the business. Yes, you need organizational charts and spreadsheets.  However, you can spent a lot of time working and reworking them. On the other hand, you should encourage people to get as close as possible to the business and to empower them to bring about change.We tend to be on the lookout for anything that looks like a corporate silo. If we see signs of one, we get rid of it immediately. 

Elizabeth M. Ferrarini is a writer from Boston,  Massachusetts. Reach her at elizabethferrarini@yahoo.com.

by Deb Radcliff

Part 1  |  Part 2  |  Part  3

Smart devices have become the latest attack vector for online criminals, putting intellectual property, regulated and personal financial information stored on them at risk. In this first of a three-part article, author Deb Radcliff explores these new attack vectors into the enterprise.

Dozens of viruses, worms, and Trojans have been written against smart phones and pocket PCs since 2004. And even though most of these are proof-of-concept and nuisance malware, experts are warning of more serious crimes to come.

More criminal elements are already stealing identities and other personal and private information of value in countries where Symbian-based mobile phones are being used as money, in business collaboration, and in other valuable e-commerce applications, says Danny de Temmerman, head of cybercrime and security for the European Commission's Directorate General for Justice, Freedom, and Security. While speaking on a cybercrime panel at the RSA Security Conference in February, he also said that crimes over cellular phones have now become a top law enforcement priority in Europe.

"We're seeing fraud, phishing, spam, spyware, and adware all over these smart phones in countries where phones hold information that could be monetized," adds Vincent Weafer, director of operations at Symantec's Security Response Center, which sifts millions of spam messages per day through its global content scanning systems. "And in India, they're real concerned about pedophiles getting to their kids through their smart devices."

Even in the U.S., today's smart phone malware poses more than just a nuisance. For example, there are real costs to enterprises that issue smart, and feature-rich devices being targeted by malware. For example, skyrocketing phone bills when Mosquitos malware enter company-issued smart devices through games and start messaging expensive toll numbers. Other malware, such as the RedBrowser Trojan, repetitively ring up $5 - $6 SMS calls. And Commwarrior blasts millions of MMS text-based spam messages, also wracking up huge telecommunications bills.

Indirect costs also abound. Consider the lost revenues when productive road warriors lose their customer data and contact lists because a worm turned their phones into useless "bricks". Such worms can already kill reboot (Fontal.A), crash the operating system (Locknut), and drop the operating system and other critical applications altogether (Skulls). There's also the cost of cleaning up the network when an infected smart phone synchs to a PC or connects to the network through the VPN.

Fortunately, there's also more security around U.S.-based smart phones, particularly in closed carrier networks where phones are issued and maintained by the network operators. But there's much room for improvement, particularly in developing standards around device authentication, application integrity, and data protection on the handset. And, as with PCs, users -- including the enterprise customers -- must do their part to avoid malware, spam, and fraudsters in the first place.

A Safer Gateway

Ask Verizon Wireless, and you'll get an earful about how the risks are blown out of proportion by vendors wanting to sell security on the handset. It's all in the network, says Jeffrey Nelson, Verizon Wireless Spokesman, echoing Verizon's marketing message.

His biggest beef with such dire portrayal of crimes to come to the U.S., he says, is that carrier networks have more control over their phones than they do in the U.S., where most phones are sold through closed-carrier networks, meaning carriers sell the phone and the service bundled together. This way, network operators can control the phones and the applications allowed on them.

"There's a huge difference in risk between the U.S. and Europe and Asia," Nelson adds. "In the United States, people buy wireless service from a company, while in Europe and Asia, you buy a phone you like, and then get service for it, then buy a carrier service. Then you slip in a SIM card, and walk into this dangerous, unprotected world."

With more control, carriers can lock down vulnerable applications like Bluetooth and manage downloads somewhat by, at the very least, working off a whitelist of approved vendors, and denying the rest.

In addition, any carrier network worth its salt is already filtering out malicious code and unwanted spam entering through their messaging and e-mail gateways, he continues. They should also be filtering content from loading directly off the Internet. For example, Nortel Networks is using Websense to block damaging and unwanted content from getting onto browsers from malicious Web sites.

There are other reasons we've not seen as much malicious activity in the U.S. as we have overseas, say experts. For starters, the U.S. has been slow to standardize on a single operating system; whereas Europe, Asia, and other heavy-use regions have standardized on Symbian. So, by defaut, Symbian has become the operating system to attack, says Thomas Longstaff, deputy director of technology, Network Systems Survivability for Carnegie Mellon's Software Engineering Institute.

Another reason is slower adoption of smart O/S-, and browser-enabled phones in the U.S., which currently make up12 percent of North America's cellular phone user base, according to the Yankee Group. But, by 2009, that number will rise to 46 percent. And, 87 percent of all U.S. cellular phones in circulation are already feature rich, according to Yankee. Where there are new features, there are also new vulnerabilities.

--

Deb Radcliff is an award-winning freelance writer, educator and speaker based in Northern California. She's been covering online crime and security ever since working as researcher on a book about infamous hacker, Kevin Mitnick back in 1995.