by Elizabeth Ferrarini

By combining two different service quality methodologies, Xerox Corporation realized more than $150 million in economic profit during 2004. Dave Rowlands, the vice president of Lean Six Sigma for Xerox North America, says that a good chunk of this profit came from reducing IT costs in areas such as application development and network infrastructure. Rowland's recent book -- What  is Lean Six Sigma? -- explains how the marriage of the two service quality methodologies can help midsize to large organizations cut costs in most operational areas, while improving service to either internal or external customers, or both.

Rowlands recently took time to talk about the concepts in his book, and to provide plenty of examples of how Xerox used Lean Six Sigma to cut IT costs. Here's what this 14-year veteran of Xerox had to say:

EL: Can you provide a quick overview of the key differences between Lean and Six Sigma and what do you get when you combine them?

DR: Six Sigma focuses on reducing variations, capturing the voice of the customer, and reducing the cost of delivering customer requirements. On the other hand, "Lean" is a methodology that came out of manufacturing. It focuses on creating value flow to the customer and not creating any type of cost associated with non-value add. The combination of the two can result in making work better (using Six Sigma) and making work faster (using Lean principles). This quality improvement method provides you with tools to identify quality problems and to eliminate waste in your work area.

EL: Did Xerox develop the concept of Lean Six Sigma?

DR: We're one of the early adopters of putting both concepts together. In the early 1990s, we started using Lean in our manufacturing operations. We got very good at producing things better at less cost. As 2000 approached, I talked to our quality team about doing both Lean and Six Sigma. At first, the team was hesitant about the move for two reasons: few companies were doing it, and no one had a good understanding of how the two methodologies could work together.

EL: Are there any differences in the way you apply Lean Six Sigma to  IT initiatives than to sales or marketing areas?

DR: No. You use the same methodology for IT as you would for other areas. For IT, a lot of the voice of the customer area focused -- at least for us -- on internal customers, the people who use these systems within the company.

EL: Can you talk about the specific IT areas in which you've applied  Lean Six Sigma?

DR: We've used it to reduce infrastructure costs resulting from our outsourcing agreement with EDS. Specifically, we've looked at how we could get a higher level of Help Desk service at a lower cost and with faster turnaround. We applied it to storage by examining how we could reduce the amount of storage required and the number of servers. We also looked at how we could do a better job of predicting when to consolidate servers, and purging and archiving what we do.

The basic Lean Six Sigma tools enable you to collect data, and then structure that data so you can make rational decisions. To this end, you'll be able to either elevate your level of service or reduce your cost for the same level of service.

When it came to applications development, we looked at how we could get faster adoption rates for the things we developed, how we could test things more efficiently, and how we could predict earlier in the process when something was going to reach maturity.

EL: Looking at infrastructure areas, can you discuss some specific projects to which you applied Lean Six Sigma successfully to reduce costs?

DR: One project consisted of looking at the infrastructure cost per telephone and the level of service our sales group in Canada was providing to customers. Our research showed that we were paying a certain price for all of these internal phone and voicemail systems. By mapping out the different source of phone services and the cost for each, we were able to devise a new model for telephone service for our sales force. We migrated these folks onto a consolidated plan that provided a remote voice mail link which could loop back to the main Xerox phone system. So we offered them the benefits of a cellphone at the reduced cost of a standard, high-volume plan. At the same time, we got rid of the unnecessary telephone infrastructure and the support.

As the applications development projects get larger, the business requirements documents get more complex, and the variation in our estimates of how many errors there are gets even larger. As a result, we get worse at predicting when a project will be released and the level of maturity. We use Lean Six Sigma to study the correlations between the size of the project and the estimation for what it will take us to finish it.

We've also used Lean Six Sigma to study the role throughput yield of developers. Yield is the one-stop process of looking for defects. Role throughput looks at how many of the steps in a multi-step process you can get through without defects. It's a good indicator of how much rework and how much cost is involved. For example, poor role throughput yield means there is a lot of hidden waste in rework and inspection. In turn, you'll have poor predictability of release.

EL: What improvements have you made in application development as a  result of your Lean Six Sigma findings?

DR: We changed the way we set up large projects teams to avoid unnecessary manpower costs. For example, we found that you'll get better cycle time if you use more developers on a project. However, the marginal yield -- the amount of additional testing needed -- drops off dramatically with just three developers. So, we now assign three or four developers to a sub-section of a project.

EL: Can you give me an example of a non-IT area in which you  successfully used Lean Six Sigma?

DR: Another example was our spare parts usage throughout our 14 different service districts. We looked at the usage of parts for identical pieces of equipment. We had a 200 percent variation from best to worse. For example, the best in the country could create a level of service with half the parts budget of the worse in the country. Mapping helped us to find out the differences in the process and move everyone to the best. Then we looked at how we automate these into our ERP system.

EL: What kinds of analytical tools or software packages do you use to  carry out your Lean Six Sigma analysis?

DR: We use a lot of basic analytical tools such as process maps, and praetors. When it comes to the next step of understanding the real differences between different processes, we use statistical tools, such as hypothesis testing. Minitab is an industry standard for doing control charts and hypothesis testing. Our approach is to get results by using the simplest tools possible.

EL: Are you doing a lot of Lean Six Sigma projects with your external  customers?

DR: We've taken the approach that we aren't trying to sell you copiers; we want to provide you with document management solutions for problems you have and find opportunities for you. We might talk to a customer about doing a workflow assessment in their office. In this case, we'll use Lean Six Sigma to find ways to reduce the time it takes them to do work, to improve the quality of work, or to reduce the cost, all at the same time. For example, we used Lean Six Sigma to study a large bank with 3,000 copiers and printers located in various offices. Just by understanding who was using the information, how they were printing their information, and what their costs were, we cut their number of machines to 400 and cut their costs by one third, while continually improving the quality of service.

EL: How has Lean Six Sigma initiatives contributed to Xerox's bottom  line?

DR: The ultimate measure we use is called economic process. It's a net operating profit after tax and after cost of capital. It directly benefits our shareholders. If you generate economic profit, you're generating bottom profit for the shareholders. It helps us to decide which projects to go after. You can do a cost-saving project, revenue producing project, or an inventory reduction project.

Internally, we've generated more than $150 million in economic profit during 2004. These are reductions in our operational costs and driving our revenue.

--

Elizabeth M. Ferrarini is an IT consultant from Boston,  Massachusetts.

by Elizabeth M. Ferrarini

The CIO role at organizations with more than a $1 billion in annual revenues has changed. That's the finding in Ellen Kitzis's, book, The New CIO  Leader. A group vice president at Gartner's Executive Programs -- a membership-only program for more than 2,000 CIOs -- Kitzis says that many large corporations have one corporate CIO, who is responsible for the overall strategic direction of IT, and dozens of other CIOs, who are responsible for keeping systems up and running. However, that CIO model doesn't quite fit The Hartford Financial Services Group, one of the largest and the oldest financial investment and insurance companies based in the U.S.

With annual revenues of $2.3 billion, The Hartford has a corporate CIO and senior vice president (Ken Auman) and five regional CIOs, each directly aligned with a specific business division. Together, this team of six IT senior executives oversees the leadership of 1,800 IT professionals. The role of a divisional CIO at The Hartford, however, can make or break how competitive a division's product will be in the marketplace.

Andrew MacDonald functions as the CIO for the personal lines division, overseeing a staff of 250 IT professionals and about 150 contractors, depending on the projects at hand. He, along with the other divisional four CIOs, reports directly to Auman and indirectly to the president of the personal lines division. MacDonald's role does consist of developing and maintaining systems support of the personal lines operation. Moreover, his role has two strategy components: ensuring that the IT team can provide products and solutions to meet the division's ongoing needs, and providing defined business value through key investments to meet future needs. Prior to joining The Hartford in 2002, MacDonald worked as a vice president for strategic alliances for a worldwide product vendor, where he gained experience delivering complementary products to support the mission of international organizations.

Enterpriseleadership.org recently spoke with Andrew MacDonald about his role  as a divisional CIO. Here's what he had to say:

EL: What does your governance model look like?

AM: The company has several governance boards -- one board covers the needs of the property and casualty business, and the second board governs all of the business strategies. The latter looks at how we're going to drive business value for The Hartford. A portfolio management team governs corporate business strategy execution within each division.

EL: At a recent Computer Science Corp. conference, you told the audience they need to take a hint from the fast-food industry and adopt a pilot approach to developing new products. Can you talk a little more about this concept?

AM: Traditionally, the insurance business has not taken advantage of IT. That attitude has started to change. We're now seeing a lot of new players getting their products faster to market than some well-established companies.

At the conference, we talked about how companies can approach new ways of doing business by deploying IT systems. For example, the fast food industry tends to identify a market, tests the product in a specific market, and then decides if the test results justify rolling out the product to other markets. We also tend to identify pilot opportunities, test the market with the new product, and weigh our market share opportunities. We use new techniques, such as speed to market, to gauge their effectiveness. For example, the configurable engines in our rating systems and our underwriting systems enable us to make product changes very quickly.

EL: Computer Sciences Corp. is a big Six Sigma company. What kinds of  best practices do you use at The Hartford?

AM: Many years ago, we started using Six Sigma methods to make business operations more efficient. The large-call customers that support our customers have benefited greatly from Six Sigma.

We've started to look at how IT can leverage Six Sigma alongside of our mainstay best practice, Capacity Maturity Model Integration (CMMI). These two best practices can help us to measure our IT transformation and to help us make better use our of IT talent across the five divisions.

We use CMMI to measure the effectiveness of our applications development process. We also use the IT Infrastructure Library in support of our actual products.

We recently created a shared service that is deploying both CCMI and ITIL across our five divisions. This shared service enables my group to focus on the applications suite used in the personal lines division.

EL: You mentioned an IT transformation at The Hartford. Can you go  into more details about this?

AM: We began this transformation in 2003 to look at how well we get things done. We needed to drive more capabilities into IT. Where it made sense, we decided to leverage outsourcing to maintain some of our legacy applications. This structure has enabled us to have our talented IT people work on new products.

EL: How is the transformation helping to drive cost out of  IT?

AM: Each division's portfolio management group is helping its respective IT organization make better business decisions. For example, we want to create full transparency about where we spend our money. This goes for both on-going maintenance and the investment in new products. What does and what doesn't provide a competitive advantage to The Hartford are important business decisions. That's the whole idea behind the transformation. The process has created a much-needed dialog between IT and the divisions. It has allowed that transparency to be leveraged.

EL: Do you have any CIO rotation program going on where you spend  some time running a business unit?

AM: No, we don't have any such rotation program. The model is to have each CIO linked to the respective divisional organization. We try to sit with the division folks, attend their leadership meetings, as well as meetings with the corporate CIO and the president.

EL: As part of the transformation, what types of IT talented are you  seeking?

AM: We're focused on how we can hire the best talent possible and to continue to nurture talented professionals. We're hiring a lot of MBAs to be business analysts. We're also looking for professionals in project management and software architecture. We're heavily developing both of these areas.

EL: What is the role of business intelligence in your  organization?

AM: We're tracking other IT shops to determine what capabilities they have to support their business units. Specifically, we want to look at how some of our competitors are leveraging IT to deploy new solutions. We're constantly looking around to see if they are using best practices or are there better things we should be doing.

--

Elizabeth M. Ferrarini is a freelance technology writer and  IT consultant from Boston, Massachusetts. Reach her at elizabethferrarini@yahoo.com.

by Elizabeth Ferrarini

Staying on stop of best business practices in IT -- especially for privacy, security, and new technologies -- has become a hallmark for the CIO at one of the largest teaching hospital organizations in the United States. Dr. John Halamka has managed to combine his training as a medical doctor with an innate ability to understand all aspects of computer networking.

Dr. Halamka oversees the IT needs for CareGroup Health Systems' three major Boston-area hospitals -- Beth Israel Deaconess Hospital, Mount Auburn Hospital, and New England Baptist Hospital -- and three community hospitals. Together, the six CareGroup facilities have about 12,000 employees, including 3,000 doctors who see about one million patients per year. Halamka is also an associate dean of Harvard Medical School where he spearheads all of the technology programs.

Halamka got a jumpstart on EDI long before HIPAA came along, and his security and privacy practices at CareGroup appear as a case study in a book by the National Academy of Sciences. He took a minute to answer some questions about what he has been doing in EDI, security and privacy, how he keeps up with technology, what he learned from an outage that plagued two hospitals for almost two days, and what types of technology he uses every day.

EL: Can you summarize the high points of your entire network  infrastructure?

JH: About 225 employees maintain the IT infrastructure consisting of 8,000 desktops, 32 terabytes of storage, and 25,000 network ports throughout the 45 miles of wide area network (WAN). A 155MB per second SONET backbone connects the WAN. Most of the networking gear -- firewalls, virtual private network (VPN), routers, and switches -- comes from Cisco. Either Hewlett Packard UNIX servers or Compaq Windows 2000 servers front end several EMC Symmetrix storage area networks. A StorageTek tape library handles all enterprise backups.

EL: Once you were finished planning for Y2K, you had to start worrying about HIPAA. How did you lay the preliminary foundation for HIPAA requirements such as electronic data interchange (EDI)?

JH: Back in 1998, even before Y2K, the CIOs of our provider organizations formed a consortium to enable the entire New England payer provider community to create EDI transactions among ourselves for free. The New England Health EDI Network went live in 1999 before HIPAA EDI transactions for benefits and eligibility.

Since that time, we've used a common infrastructure -- basically Napster for healthcare -- or point-to-point interaction using a VPN between payer and provider. The VPN sends encrypted transactions through a common gateway we've built for referral authorization and our claims, and Web status inquiries. In October 2002, we completed all of the EDI HIPAA transactions for New England.

EL: Privacy is a challenging area for all types of organizations. How would you rate your privacy best practices for the past few years?

JH: I'd rate them as excellent! We're one of the test cases  featured in the leading book about healthcare privacy. For The Record --  Protecting Electronic Healthcare Information, published by the National Academy of Sciences, covers best practices in authentications and access control, auditing, physical security, and disaster recovery.

EL: What kinds of initiatives do you have in place for  privacy?

JH: Since the early 1980s, we've been auditing every transaction that goes through any one of our clinical systems. We've got a Web site called PatientSite where any one of our patients who has received the appropriate authentication credentials can review his or her security audit online. We can also give a patient a printout of the security audit.

We've got a strict no-tolerance policy for confidentiality violations. About three or four employees get terminated every year because of these violations.

EL: What have you been doing to increase privacy?

JH: Each employee needs to be completely trained in all aspects of privacy. For example, every patient needs to be notified about our privacy policy and to sign off on it. A patient needs the opportunity to opt out of certain things, such as automatic enrollment in fundraising activities. We require a great deal of manpower to train our 12,000 employees. So we've selected individuals from key departments, such as IT, human resources, and medical records, to work together to conduct training sessions.

EL: You can't have privacy unless you have security. Unfortunately, HIPAA still doesn't have a hard and fast security rule right now. How did you decide what best practices to use?

JH: You need to sort of make one up. In other words, ask yourself, what are those security elements that are absolutely required to meet the privacy regulations, effective April 2003.

We've had some very good security best practices for many years. For example, every Internet transaction always has 128-bit secure sockets. All strong authentication passwords must have a minimum of six characters, consisting of alphanumeric characters; these passwords expire in 90 days.

Based on the information in For The Record, we created a grid to rank the security provisions for each one of 400 different IT systems. Because there is no security rule, we're not sure if 128-bit secure sockets are good enough. What about Triple DES? We looked at all of those things that didn't meet the spirit of best practices. We've begun to remediate, for example, systems that didn't have passwords or didn't have audit trails.

EL: What are your feelings about security technologies such as PKI  and biometrics?

JH: We tried PKI about four years ago. It didn't work for us. Maintaining 12,000 certificates for that many employees can became an administrative nightmare. We use PKI, in one sense, to do secure email between our trading partners. A company we use offers a secure, SMTP gateway for certification exchange between organizations. Each transaction remains encrypted as it travels over the public Internet from payer to provider or between two large provider organizations. These aren't personal certifications, but organizational ones.

Biometrics doesn't work very well in healthcare. You can't have false negatives. Imagine you're attending to a critical patient. You can't get the patient's chart because the patient has a sweaty thumb print.

EL: Is there any special device you use to handle  authentication?

JH: We use a device from BlueSocket on both our wireless and our wired networks. The device hits the LDAP directory. We think WEP or the wired equivalent privacy protocol isn't sufficient. It uses a single key for all clients. Once someone cracks the key, your security is compromised. With the BlueSocket device, you need to specify your user name password in order to access an application.

EL: Shifting gears from security and privacy, what types of new technologies are you considering that will enhance the quality of care physicians provide to patients?

JH: We're carrying out RFID to track critical medical equipment in the emergency department using devices from Pango Networks. Over the next year, we'll be using bar-coded wrist bands, bar-coded medications, and bar-coded employee badges to track medication administration.

We have two million square feet of wireless to ensure our clinicians have all of the information they need to deliver quality care.

EL: Several years ago, The Boston Globe and all of the computer trade press publications carried the story about a network outage at two of the CareGroup hospitals. Can you briefly tell what happened and what you learned from the experience?

JH: On Wednesday, November 13, 2002, the network experienced a major slowdown for three days. The CISCO technical support team found the Layer 2 structure of the network to be unstable and out of specification with 802.1d standards. The management VLAN in some locations had 10 Layer 2 hops from root. The Spanning Tree Protocol (STP)  imposes a maximum network diameter default of seven. Thus, two distinct bridges in the network should not be more than seven hops away from one to the other.

A major contributor to this STP issue was the network and  Picture Archive Communication System (PACS) network, for sharing high-bandwidth visual files and other clinical data; this was 10 hops away from the closest core network switch, three too many for the spanning tree to handle. To eliminate its influence on the CareGroup network, we isolated it with a Layer 3 boundary. All redundancy in the network was removed to ensure no STP loops were possible.

I learned that infrastructure must be lifecycle-managed per a multi-year strategic plan and not simply replaced at end of life. You need to retire legacy network. You also need to demand review and testing of network changes before you carry them out. Good downtime procedures must accompany each application we carry out. Another lesson is that a disaster recovery plan addresses all the details of a disaster. You need to plan employee logistics, communicate realistically, prepare baseline backups, and focus disaster plans on the network, not just the integrity of the data.

EL: One of your colleagues said that you're really a bionic CIO. What  types of devices do you carry with you at all times.

JH: I'm connected at all times and on call at all times. I have a Blackberry 7290 (Bluetooth enabled GSM/GPRS phone), which I use to answer 500 daily emails. It's also fully integrated via Bluetooth into my 2005 Toyota Prius so I'm completely connected when I drive. I also carry a nationwide pager for redundancy. My medical information is implanted in my right triceps, should I ever need medical care.

--

Elizabeth Ferrarini is a free-lance writer from Boston,  Massachusetts. Reach her at iswive@aol.com.

by Elizabeth M. Ferrarini

Can an organization's IT infrastructure helped to differentiate the organization strategically in the eyes of its competitors? In the infamous Harvard Business Review article, IT Doesn't Matter (May 2002), author  Nicholas G. Carr provides a gloomy prognosis of this happening today.

FedEx, however, has managed to create an IT infrastructure that has glowed brightly in the eyes of competitors since it started in 1971. In 2002, about $22 billion worth of business passed through FedEx's extensive package delivery networks.

Rob Carter, executive vice president and chief information officer of FedEx, says that his company's IT component "is the competitive glue that holds all of our businesses units together." While Carter refers to himself as a classic CIO overseeing applications development, the network infrastructure, and five data centers, he sets the technology direction for FedEx's global IT organization which has 6,000 employees and operates on a $1.5 billion annual budget.

Carter, who joined the company in 1993 and has received many industry recognitions, such as InformationWeek's Chiefs of the Year. He talks about FedEx's technology that built the package delivery business, FedEx's educational initiative to devise a major technological center in the South, best practices and cost models used by FedEx's IT organization, and, of course, Carr's article.

EL: In David Kirkpatrick's Fortune magazine opinion piece (May 28, 2003) about Nicholas G. Carr's Harvard Business Review article, IT Doesn't Matter, you say, "Everything in the company has IT inputs. It's the software stupid!" Can you explain what you meant?

RC: Carr's basic premise in the article is since the infrastructure is built out, you don't need to pay attention to technology anymore. To some extent that's true. We have a broad set of technology infrastructure in place. My comment, it's the software stupid, refers to the applications within the infrastructure as the key elements that differentiate you in customers' eyes. These applications will drive your internal productivity.

The battleground continues to be the application of that technology not the fact that you happen to have a computer system that runs payroll.

Everything we do at FedEx has a technology underpinning that supports not just our internal operations but the information we're able to provide our customers about shipments in the FedEx networks. We built the FedEx brand with a set of capabilities including, not only the operational excellence of FedEx, but the technology that allowed us to achieve this excellence.

EL: Can you summarize the technology that built your company and changed the competitive climate for well-established companies such as United Parcel Service?

RC: Our package tracking system was a unique offering at FedEx. It really built the industry of express transportation and information about the shipment. In 1978, Fred Smith, the chairman and founder of Federal Express (incorporated in 1998 as FedEx), said this great quote which is worth repeating: "The information about the shipment is as important as the shipment itself." Moving packages reliability was a key component of our initial success, but we were then, as well as now, about making customers aware of what was happening with their packages until they reached their final destination. We created that visibility to go along with the industry philosophy of reliable delivery.

Our package tracking system kept us ahead of the competition for about two decades. It wasn't until the 1990's that our competitors started to understand the value of the information and began to build their technology and information networks.

EL: If you apply what Carr says in his article, you're going to have shorter competitive windows for new, innovative technologies. What's your feeling about that?

RC: We don't know what yet-to-emerge killer applications will enable us to change the way we do business. It's like this: In 1899 when Charles Duell, the commissioner of the U.S. Patent Office was leaving his post, he remarked that we didn't need the Patent Office any more because everything that can be invented has already been invented. There are endless things yet to come; there's no question in my mind where we are with the application of information and technology.

Today, competition is more active and fierce than it was when we started the business. Everyone wants to provide the best possible information about every shipment moving through their systems.

I don't think any technology innovation will have a two decade advantage anymore. Some may have a couple years advantage as you get new technologies out there and customers adopt them. A certain first move advantage occurs. These customers get so hooked on your technology and your pricing they become so overwhelmed at the thought of switching to another competitor's offering.

EL: You have a gigantic IT organization. How is it organized?

RC: The majority of our IT organization lives inside of a shared services called FedEx Services. It provides applications support, and infrastructure support to all of the operating companies at FedEx Corp.

FedEx Services has a hierarchy of boards of governance, including an executive committee and strategic management level. All of the various lines of business report to the latter.

Our internal business partners work with various IT project management teams to launch new product offerings and or new business initiatives and strategies. The different tiers of governance bodies set priorities and plan the resources for IT for the upcoming months and years.

EL: Have you been looking at new businesses such as outsourcing transportation logistics for your customers, such as Ryder does?

RC: FedEx Supply Chain Services competes with Ryder on that kind of transportation management function. We go in and run sets of transportation services for companies.

EL: Have you adopted certain best practices models such as Six Sigma or  the IT Infrastructure Library (ITIL)?

RC: We know about ITIL. However, we've based most of our governance process on a component of Six Sigma. We've internally developed program methodology and governance structure that supports the IT component of our ISO 9000 certification. We've used a lot of the best practices out of the Capability Maturity Model, Six Sigma, and some IT Infrastructure Library.

I became quite enamored with the ITIL. In fact, the ITIL set of books are quite good and their content has provided basic reference points for a lot of our IT practices. Many of our groups use specific areas of ITIL, such as change management, but we don't use it end to end.

EL: What costs models do you use for IT?

RC: For the most part, we allocate costs back to the business units based on usage. This method isn't as fine grained as charging back for transactional services.

EL: A lot of companies got hit by the dot.com bust because they built out their infrastructure. How well did you folks weather this event?

RC: We continued to support huge growth in our Internet-based customers throughout the dot.com boom. Since the inception of FedEx.com in 1994, we've experienced at least 100 percent growth in all areas of our services. This site has provided us with massive customer interaction and customer service. We had no down side to that. We built our infrastructure as fast as we could and customers have continued to adopt it at an incredibly fast rate globally.

EL: You announced FedEx Institute of Technology. What will be its  focus?

RC: FedEx Institute of Technology, based at the University of Memphis, consists of a broad array of technology research and practical deployment. The Institute is a hub for applied IT in all different types of domains, such as bioinformatics, supply chain research, artificial intelligence, Internet-based computing, and telecommunications.

The Institute is a public/private partnership with the University of Memphis, FedEx, local government agencies, and area businesses throughout the South. We've used schools in the Boston area, such as Massachusetts Institute of Technology, as examples of how to grow a center for technological innovations and spin them off to support the local economy.

EL: To really be competitive, economist Lester Thurow, in his new book,  Fortune Favors the Bold: What We Must Do to Build a New and Lasting Global  Prosperity (HarperCollins), says that major companies need to have a chief knowledge officer (CKO) who functions like the Central Intelligence Agency. Do you have such a person?

RC: While we don't have a CKO, we abundantly serve this area. For the past 10 years, we've made a big investment in gathering intelligence. In fact, we've one of the world's largest information warehouses. We also have groups of brilliant PhD's who are excellent at applying customer-related information to how the business can be optimized and how customers can best be served.

EL: What strategic projects are you putting a lot of effort into for  2004?

RC: One particular project is the next generation in handheld computing, called the PowerPad, which we'll be rolling out throughout the summer. This revolutionary device takes the edge of computing all the way out to the customer. Its active communications capabilities enable it to be on the network. Embedded technology enables it to communicate with the truck, the printer, and the network components the courier has with him or her. Use of the device will change the information access the courier has when he or she is face to face with the customer. The device will also make the courier more productive while enroute to each destination.

--

Elizabeth M. Ferrarini is a free-lance technology writer based in  Boston, Massachusetts, and is the author of two computer trade books.

by Elizabeth M. Ferrarini

David Thompson, Symantec Corp.'s chief information officer, has a good track record for providing great value to both internal and external IT customers. During his tenure as CIO at PeopleSoft, he lead an enterprise transformation initiative that enabled the company to realize more than $100 million in savings and to increase the company's earnings per share. Prior to joining Symantec, Thompson was CIO at Oracle Corp. , where he oversaw the information technology group, and before that, he served as CIO for PeopleSoft.

At Symantec Corp., he oversees 1,300 employees located in three major worldwide global centers. His department runs all of the data centers around the world, the telephone network, all network operations, desktop support, and all the internal systems and operations, such as financial, human resources, customer relations management, and some of the line-of-business systems used to support renewals.

Thompson recently sat down with Enterpriseleadership.org to talk about his IT leadership efforts at both Symantec and PeopleSoft. Here's what he had to say:

EL: Can you tell me how you align IT with the goals of the business  so the company is more competitive?

DT: My role is to be the business leader of IT for my peers. I want to find out their pain and their objectives for the year. To this end, I need to make sure that my IT strategy aligns with what they're trying to accomplish and to put the appropriate infrastructure and resources behind the initiatives. We have multiple lines of business: consumer, enterprise security, and enterprise data availability. The IT organization supports all of these. For the consumer line, IT has provided an architecture and infrastructure to help customers renew their products, most of which are purchased via our Web site. Because we want our customers to extend their product subscriptions for a long period of time, we've spent a lot of time analyzing the renewals to find ways to retain our customers.

EL: Do you have a business intelligence system in place for the  renewals?

DT: Our enterprise data warehouse has analytics on top of it. At any time, we can look at our renewals customer base from a variety of ways, such as geography or demographics. The IT department has some business analysts who sit near the people responsible for querying the data warehouse for their business unit.

EL: What does your governance model look like?

DT: We have a centralized model using an IT portfolio management strategy for overseeing the intake of IT projects and the control and distribution of those projects. We use the CobIT framework for some of the major controls of IT. I chair the committee that sets the IT strategy and direction. I involve all of the key business leaders and executives of the company in this committee.

EL: How do you gauge the effectiveness of the governance  model?

DT: We measure the business value of every project that comes through our portfolio. The assigned business value metric is what we expect to achieve. Because IT is expensive, we want to maximize our investments. We go into every project knowing the costs, revenues to be generated, and the metrics we're going to have. Once the project goes live, we continue to measure our ROI.

EL: What is the biggest risk you've taken as a CIO and what did you  learn from it?

DT: It was the enterprise transformation process the CEO of PeopleSoft asked me to lead. We weren't leveraging the available products that could help us to automate a lot of our manual processes. By deploying a lot of self-service transactions, I helped the business remove intermediaries. In addition, by effectively leveraging automation, we were able to reduce headcount in IT. We realized more than $109 million in savings. This amount had a direct affect on PeopleSoft's earnings per share. The earnings conference call to investment analysts mentioned this transformation cost savings.

The CEO put me in a risky position. Realizing that the business leaders could gun me down at any moment, I worked carefully to understand what each one did and what their pain was. I aligned with them as a partner in this initiative. I got them to step up to the plate. I functioned as the lead project manager and the person the CEO held accountable for this initiative. In the end, I learned that if you're going to have a seat at the table, you're going to have to provide value to your internal customers.

EL: What innovative technologies are you considering for IT?

DT: We're looking at tools to help our data centers become more efficient. We have the luxury of drawing from the rich Symantec product family. For example, our Relicore acquisition provides us with some great enterprise vault technology.

I worked for an enterprise software company that didn't have very effective tools for doing discovery for lawsuits. In fact, I found the discovery process overwhelming. This isn't the case at Symantec. Our enterprise vault tools put e-mail in a vault by categories. When a discovery situation occurs, you can give the attorneys access to secure locations so they can back in time and find what they need for the courts. A new ruling has eliminated a lot of previous loopholes to get out of producing data for the courts.

EL: Do you have any comments on Nicholas Carr's book, Does IT  Matter?

DT: When I started to read it, I thought it was kind of controversial. The more I got into it, the more I started to understand Carr's premise -- business is the one in the driver's seat, and IT is its steering wheel. A lot of IT people put themselves on a pedestal, and then wonder why they loose credibility with the business units.

EL: Since IT uses a lot of Symantec products, do you still have a  vendor management program?

DT: I've just added a vendor management office. It's important to stay abreast of your contracts, and have governance in place so you can make sure you are getting the service the vendors have promised you. Also, a vendor management office enables you to maximize the strategic relationship you have with key infrastructure vendors.

EL: Do you think that IT is becoming more conservative these  days?

DT: It has become more rational, as well as conservative. The days of "Big-Bang," multimillion-dollar projects are gone. IT has realized that projects need to be carried out in more manageable chunks. You need to show regular delivery of business value to the entire company. IT has had to become more conservative because we're under more compliance pressure, as well as under pressure to mitigate risks.

--

Elizabeth M. Ferrarini is a free-lance technology writer  based in Boston, Massachusetts, and is the author of two computer trade books.

by Elizabeth Ferrarini

What has been the number one organization to work for in IT for the past two years? It's the University of Miami, according to an annual ranking done by Computerworld. Dr. M. Lewis Temares, the University's CIO and Dean of the College of Engineering, deserves the credit for shaping an outstanding work environment. CIO magazine named him a CIO 100 Award winner in 2003.

As the first official CIO among the nation's 4,000 colleges and university, Dr. Temares oversees the university's $35 million IT budget for the following areas: computing, telecommunications, university planning, institutional research, and testing center. His academic role consists of managing a $12 million budget in the University of Miami’s sixth largest academic unit.

Recently, EnterpriseLeadership.org spoke with Dr. Temares about everything from quality practices to employee retention. Here's what he had to say.

EL: Several years ago, you completed a $31 million telecom project on  plan and below budget. How did you accomplish this?

LT: We used a scope diagram to organize what our personnel resources were going to do. Our methodology consisted of Arthur Andersen's Method One. We tried to get everyone involved from the start. We told everyone, including business analysts, beforehand what they had to do to complete the project on time.

EL: Do you use Six Sigma or any other best practices for  IT?

LT: We use quality practices such as Six Sigma and the IT Infrastructure Library (ITIL) throughout our organization. In fact, our Center for Excellence in Information Technology Center program trains executives in these areas. We offer an entire suite of training for IT professionals who plan to move into the CIO role.

EL: Are you seeing a lot of demand for ITIL training?

LT: We don't know about the rest of the country, but demand for IT training and certification has certainly hit Southern Florida hard. We're seeing more and more companies sending people to get certified in ITIL. In fact, our proposals to train IT personnel for companies often include ITIL.

Our Six Sigma faculty includes Howard Gitlow who was a disciple of Dr. Deming who developed quality standards such as Six Sigma. Gitlow has written extensively on the subject.

EL: I read that you never make yourself the prime sponsor of a  project. Why not?

LT: The IT organization supports the business process. If the people in the business units don't need any technology, then we're wasting our time forcing change down their throat. Instead we need to introduce technology to people and explain how they can use it, and then get them to buy in and support projects. Thus, the project sponsor is always the end user.

EL: Do you have a governance board?

LT: We've an IT advisory council for the entire university. Every school and every department has a representative on the council. The dean of the Marine School, who has a background in computing, heads up the Council. It also consists of a variety of subgroups that guide IT policy and procedures. For example, the student advisory subgroup suggested we sign contracts with Napster and Microsoft. The latter contract provides us with campus wide support for all Microsoft products. This subgroup also advised us on specifics which needed to be written into these contracts.

EL: Since you've been with the school, the turnover in IT has gone from 50 percent to an average stay of 12 years. What's your secret for retaining employees?

LT: People stay because of the friendly work atmosphere and the rewarding work environment. I try to make working here both challenging and exciting. I allow my staff to try new things. We're willing to work with employees and provide them whatever training they need.

Following the dot.com bust, we hired a lot of good IT people to handle the expansion of our facilities. Unfortunately, we don't have as many openings now as we would like. We've an open hiring policy where we look both inside and outside for the best candidates.

The University also has the good fortune to have a president who is very visionary and can make decisions rapidly. She has a wonderful way of dealing with people.

EL: Are you working on any cost savings or cost avoidance projects  right now?

LT: We do continuous improvement projects on both the end user and IT sides regularly. These projects have two goals -- saving money and doing things better. Currently, we're looking at how we can use data warehousing and document management to help the business units save money. We're also consolidating our servers to reduce our telecommunications costs.

We've an on-going wireless project all over the campus. For example, the new student housing units will have a hardwired network, which we'll add secure wireless connectivity to. This technique provides students with the convenience of wireless from any place on campus at any time.

EL: Customer service is really important to you. How have you  improved it since you've been on the job?

LT: We're constantly doing surveys. Every time we do a telecom repair or an installation, we drop off a sheet and ask the user to tell us how we did. We analyze all of the findings and report on the results. Based on recommendations, we try to make things better.

We also have a 'listen to the customer' initiative where we go to each department and ask how we're doing. We complete a form that shows them how they can save money. We helped some departments realize they were spending extra for phones they didn't need. This effort helped us to save about $230,000 a year in telecommunications costs.

EL: What can a CIO in the private sector learn from you?

LT: Talk to the internal and external customers. They need to know what you're doing, what you're capable of doing, and how you're truly willing to help. Market what you do. Be nimble, quick, and visible.

EL: How did the Center for Excellence in IT come about?

LT: It came about because of some of our other initiatives to provide IT services to the private sector. For example, I just finished a grant proposal for a biosciences business virtual incubator. It would provide our resources, such as our network, to start-up biosciences businesses, enabling them to do research. As for the IT Leadership Center, we're going to have to train people in these companies to use our resources. They typically can't afford what they need for IT support. The grant will cover all of these costs.

EL: Are you considering any new or disruptive technologies for the  next three years?

LT: We're always looking at new things. We need to keep on top of how we're going to maintain a high speed network and the related services to maintain it. For example, we're changing our voice mail system because the vendor is no longer supporting it. We're changing to an integrated message system that will allow access to voice mail, e-mail, and fax in one place.

EL: Are you doing anything with open source software, such as  Linux?

LT: We do have some Linux. We're watching how well the University of Indiana uses open source software for some business applications, such as finance.

EL: Any comments about Nicholas Carr's book, IT Doesn't  Matter?

LT: He's right when he says IT is so ubiquitous and not a key differentiator unto itself. I agree with this conclusion. Anyone can buy Cisco equipment. The differentiator will always be how people deploy that technology. How do you negotiate to get the right type and amount of equipment on time and on budget? What makes Fedex, UPS, and DHL work is how they use the technology to provide good customer service.

Today a CIO needs to know about the technology, but doesn't have to be a hands-on expert in every aspect of it. To this end, a CIO needs to be able to bring people together to make the technology work.

EL: How you do divide your time between being a CIO and being head of  the engineering department?

LT: I spend half of my time in each place. I can only do so much in an 18-hour day. I try to give everyone my attention. I hire good people and empower them to do their job. I'm available to handle the big picture and any emergency situations.

--

Elizabeth Ferrarini is a free-lance writer and IT consultant  from Boston, Massachusetts. She can be reached at elizabethferrarini@yahoo.com.