Direct benefit transfer (DBT) is the talk of the day, a manifesto for the 2014 elections. Government is hinting at it being a game changer. What remains to be seen is whether it is a game changer for the public or for the government itself. It is an open secret that financial inclusion has not been achieved as envisaged. Then how can DBT be successful when rural population or those in remote areas do not fit the basic eligibility criteria of having a bank account. Progressing a little deeper, if we look at the so-called ‘financially included sectors’, another obstacle crops up: the absence of essential products like micro-insurance, micro-pension, remittances, and so on. The primary aim of financial inclusion should undoubtedly be timely access to credit. Adequacy as an included adjunct goes without saying.
While corporate governance is the methodology by which a corporation is directed, administered and controlled, IT governance supports achieving corporate objectives, strategy, direction, administration and control, using appropriate information and communication technology (ICT) investment and resource management. It underlines the need for organisations to protect their information assets and increase productivity levels. It is the defense mechanism to prevent hacking, check cyber-crime and limit the scope of disruption to operations in case of a human error or natural disaster. As a business decision, it adds value to the organisation, increases monitoring and scrutiny within, sets rigorous quality standards, augments profitability and promotes shareholder interests.
Companies that want to build and sustain higher levels of business impact, effectiveness and compliance will implement continuous improvement programmes based on current and emerging best practices, standards and guidelines and endorse individual and organisational certifications.
In the West, corporate governance guidelines are governed by strict laws. The Sarbanes-Oxley Act in the US and the Combined Code in the UK, for instance, demand an effective IT governance framework to minimise corporate fraud or reckless behaviour on the part of directors and auditors. It is understood without IT governance, adherence to these laws will not be possible.
As IT governance is an integral part of corporate governance, how have Indian companies gone about it? Have they established IT governance structures and defined the processes? What are the goals and metrics? Has there been a proper devolution of tasks from the top level to the bottom?
There is an increasing awareness in India now that organisations that seek to be globally competitive, those who care for shareholder value and understand the risk and reward of corporate governance and are of a critical size in revenue and human assets must practice IT governance. Successful IT governance is built on three pillars. One, leadership that defines the organisation structure, roles and responsibilities, decision rights, a shared vision and meaningful metrics. Second, flexible and scalable processes. Third, enabling technology, which offers tools that support key IT governance components.
Indian businesses are very innovative and quite a large portion of customers belonging to the enterprise set have already put strict IT governance frameworks in place. However, public service organisations and some of the SME customers need to focus more on this subject area to remain competitive and meaningful. “IT governance also extends to project delivery, especially for Indian IT companies. Here the same discipline and fervour are not adhered to when dealing with projects delivered for Indian clients often resulting in mismatched project outcomes. The same companies however seem to follow a strict regimen when dealing with overseas clients,” says Mathew Thomas, Vice President-Strategic Industries, SAP Indian Subcontinent.
“Organisations that seek to be globally competitive, those who care of shareholder value and understand the risk and reward of corporate governance and are of a critical size in revenue and human assets must practice IT governance,” he says.
According to Sandeep Mathur, Managing Director, Oracle India, any organisation that views IT infrastructure as a strategic asset to be deployed for achieving its business goals cannot afford to miss out on designing and implementing an effective and organisation-wide IT governance system. “As IT governance gains ground across organisations, the whole industry ecosystem is evolving to support CIOs in their IT governance programs. For example, our approach at Oracle is termed simplified IT that aids governance. Oracle delivers on the simplified IT promise with pre-integrated and fully engineered systems that are easily deployed and generate quick return on investment (RoI). We believe simplified IT enables the IT managers show clear and measurable results from their IT spends,” he notes.
Alignment of Business Objectives
In a large, decentralised, federated organisation, alignment of all business functions to the corporate objectives is a hard goal to achieve. Individual line of businesses, departments and diverse corporate entities often tend to operate in silos, creating distinct organisational cultures, which pose a serious challenge to corporate integration and consolidation. “However, a common thread that runs through all these is the underlying IT architecture, which forms a unifying thread across the organisation creating the unique identity and corporate alignment,” says Subrata Das, Industry Director-Public Services, SAP India.
“With the proliferation of IT across all functions, IT governance is emerging as a discipline that needs to be adhered to strictly. Several frameworks have emerged over the years with varying degrees of adoption such as BCG, COBIT, COSO, ITIM, Six Sigma, PMBOK, Prince2, Porter, Hamel, Weill, ITGI, PMMM, CMMI, ITIL, KANO, IAOP, ITsqc, select ISO standards and others. With the maturity of universally accepted standards as in frameworks such as COBIT and ITIL, IT governance is on the road to standardisation. With the chief technology officer now represented on the corporate board and governance risk and compliance being pursued very seriously, IT governance is here to stay,” Thomas adds.
Some of the major key performance indicators (KPIs) of IT governance are (i) effective strategic alignment of IT with the business; (ii) ensuring the successful planning, deployment and integration of IT initiatives and services in collaboration with the business; (iii) establishing and/or improving the accountability of all constituents/entities in the business and outside; (iv) ensuring value delivery of IT; and, (vi) measuring the contributions of IT to the business by linking critical success factors to KPIs.
Milind Mungale, Senior Vice President, NSDL, characterises IT governance as alignment of information technology with business. “A good IT governance structure contributes immensely to the bottomline. IT takes a holistic view as it affects all aspects of business. We talk about standards, certification, frameworks, regulation and security. Even though India has made tremendous progress in IT, most of our companies have not made the kind of investments to make IT governance in an enabling factor in scaling up business,” he says.
State of IT Governance PSUS
A most welcoming trend is that public sector companies have strengthened their IT governance structures. “Indian Oil Corporation is a major example. As it runs a strategically important business for the country, IOC needs to ensure three major things in its IT system: best management practices, business continuity strategies and information security,” says S Ramasamy, Executive Director-IT, Indian Oil Corporation.
At Indian Oil, the IT system ensures that the entire business process, from supply chain management, sales, marketing, human resources, quality control, investment to treasury management, is integrated and closely monitored for delivering best results. A multi-level server fallback system prevents network failures affecting business continuity. An excellent data governance mechanism checks business failures due to data loss due to human error or natural disasters, or data theft through hacking.
BHEL is another example. “Having achieved that level of maturity in the company, we are now maturing into a completely integrated process across the company so that we have a proactive management and a clear long-term business visibility. Through this, we optimise our resource management and inventories. Right now that is the big initiative in which we are rolling out an integrated standardised process across the organisation so that we migrate all the units onto this platform of a single database,” says Anjan Dasgupta, Executive Director- Corporate Systems & IT, BHEL. For business growth and sustainability, e-governance is an imperative, not an option. “No e-governance means no IT pain and if there is no IT pain there is no gain. It is a super collaborative environment which synergises processes, people and technology,” says he.
In IT governance, there is a demand side and a supply side. Demand side governance talks about what IT should do. Supply-side IT governance says how IT should do what it does.
R C Thakkar, Director, Technical, of the Rural Electrification Corporation says awareness about IT governance has increased in the public sector. “Today, the time has come when you have to adopt the latest techniques for management and e-governance. I think all the organisations be it private or public sector, have to go for IT-enabled activities and e-governance. Then only they will be able to survive,” says Thakkar.
E-Governance in corporate governance can be described as the grand umbrella of systems and processes to govern the organisation in keeping with the interests of all the stakeholders. It should be implemented in such a way that it helps in creating the synergy instead of creating hurdles and bottlenecks in the organisation.
Challenges in IT Governance
In IT governance, change management is a problem area. “More and more business managers have to start believing that ICT tools can enable you to do better. Through IT governance we obtain complete transparency: people, systems and processes become so visible that sometimes people might feel threatened. And also, sometimes, there is disconnect between domain business managers and IT managers. So, today organisations are reversing that entire process by bringing in experienced domain managers into IT because those professionals have gone through the entire business pains and problems so they can understand what IT can do,” Dasgupta says.
Sanjay Bobde, Director, Microsoft Consulting Services feels that identifying the project and process indicators is important in IT governance. He also calls for improved data standards IT governance. “The whole architecture is based on getting the objectives correctly, align the business strategy with it and measuring the outcome.”
“Cloud computing is a necessary area. This can dramatically reduce the risks and costs for companies in doing business, and for the government when it implements e-governance projects,” says Rajesh Narang, Principal Consultant, NeGD, Department of Electronics and IT (DeitY) while stressing on data and safety standards.
Mahesh Chandra, Deputy Director General, National Informatics Centre (NIC) believes the main goal is to maximise the revenue. He says, “In IT governance, project management and implementation is vital, and that is where flexible and scalable processes to accelerate implementation and improvement of the governance norms have a central role.”
When rethinking IT governance in India, according to experts there are seven challenges. First, total cost of ownership & IT value proposition. Secondly, building a compliance model that de-risks the organisation. Thirdly, architecture & applications, that involve implementing scalable, secure, open and standardised solutions. Fourthly, how to build an impenetrable, scalable and cost-effective security policies, processes & controls. Fifthly, asset optimisation, thereby building an optimal infrastructure and other asset utilisation such as physical assets, human capital and strategic sourcing. Sixthly, articulating demand management. And finally, building a data strategy, through which companies can transform raw data to knowledge and intelligence.
IOC’s Six Pillar Approach to IT Governance
As organisations get deeper and more mature in their IT and business enhancement process, one thing that they can’t do without is IT governance. Indian Oil Corporation’s (IOC) vision is to become one of the globally admired energy companies. Naturally, then, its entire IT governance policy is built on six major pillars — customers, employees, environment, technology, innovation, ethics and governance. S Ramasamy writes
IT governance takes care of performance as well as risks associated with business continuity and business failure. As it runs a strategically important business for the country, the IOC needs to ensure three major things in its IT system: best management practices, business continuity strategies and information security. A large ERP system ensures that the business processes, from supply chain management, sales, marketing, human resources, quality control, investment to treasury management, are integrated and closely monitored for delivering best results. A multi-level server fallback system prevents network failures affecting business continuity. An excellent data governance mechanism checks business failures due to data loss due to human error or natural disasters, or data theft through hacking.
There are two aspects of IT governance. One is IT operations/governance and the other, performance monitoring/maintenance. We follow a framework related to large ERP operation and maintenance. The major one is related to operation and governance. We have standard operating procedures and monitoring devices. We have ERP tools such as early watch report, operating systems, file systems, database systems, applications and the end-user human interface layer. All will have to be monitored for better performance and agility. Through these tools, we avoid failures and enhance productivity. Ultimately what is important is the end-user experience in terms of response time. When you have a larger ERP involving more than 12,000 users, 700 locations and more than 10 TB database, monitoring each layer is very important.
This is very important to companies like us because most of our customers are mission critical-ones. Almost 90 per cent of our business is with defense, state government undertakings, the railways, etc. We are the first public sector company with business continuity certification called BS25999. The certification defines certain guidelines, processes, procedures, auditing and confirmation and we abide them. This way, all functions are aligned and perform like clockwork.
User management is another essential thing of our business process. User authorisation and strict access controls are issues that have to be tackled through technology devices like two-factor authentication, remote monitoring and password management maintenance system.
IT governance is an evolving area. We need to create an environment in such a way that employees will voluntarily embrace certain best practices. That will come by more of awareness and continuous mentoring and coaching. Today, all our data centers have been certified. For example, we are also having a group related to software development. We are yet to get certified on CIM maturity level certifications which we are trying to get in the future. Though our business is more or less IT operations but whatever the development we do, we follow certain IT governance requirements in terms of software development and maturity models.
We have a primary data center which takes care of our day-to-day operations which have a redundancy and fault tolerance at every level like hardware application servers, network, storage and backup devices. In the event of any human failures, this system will not work. So we have gone for something known as near-site data center where we will have a lag of four hours between the two data synchronising systems. So within four hours, if somebody makes a mistake or error, we can come back to the original data immediately. In the event of the entire site failure due to natural disaster, we will change over to our data center in Bangalore. Mock drills are an integral part of our IT governance that frequently test the data system preparedness should a disaster actually strikes.
‘All Stakeholders Benefit from IT Governance’
Only those companies with mature IT-enabled systems and processes will survive and thrive in the long-term, argues R C Thakkar
Governance in general is basically to improve efficiency, transparency and accountability. India has, I would say, gone through in a gradual manner for the adoption of information technology in corporate governance. Now all the tenders are carried through electronically, tender notifications are issued through web; shareholders agenda, annual reports are electronically sent, and we have robust IT interfaces with employees, all these are possible because the technology is matured now. When you adopt e-governance it helps all the stakeholders, be it management, be it the administrative ministry, be it employees or be it investors. All the stakeholders get benefited from e-governance.
E-Governance in corporate governance can be described as the grand umbrella of systems and processes to govern the organisation keeping in with the interests of all the stakeholders. It should be implemented in such a way that it helps in creating the synergy instead of creating hurdles and bottlenecks in the organisation. Today we have very successfully implemented ERP and all the accounts are met on ERP.
You have to first deal with the hurdle of the change management and then implement e-governance so that the hurdles are reduced to the minimum. I would give credit to the people involved in IT profession in private as well as in public sector, because they were able to break that hurdle and could generate interest in those people they were thinking that they will not be able to learn computers today. Surprisingly, people who did not have basic knowledge about computers are now able to operate computers. Computers have also become user-friendly, too.
So, you have to first create an atmosphere that all are talking at the same frequency, all are at the same learning curve. Effective communication and awareness campaign have to be there so that the objectives are understood and the practices are complied with.
Today, the time has come when you have to have adopt the latest techniques for management, e-governance, and I think all the organisations be it private or public sector, they have to go for IT enabled activities. Then only they will be able to survive and compete with others.
‘IT Governance is an Imperative Need’
Successful e-governance or IT governance ensures ICT to deliver effective, efficient and timely solutions adding to business, says Anjan Dasgupta
For business growth and sustainability, e-governance is an imperative, not an option. No e-governance means no IT pain and if there is no IT pain there is no gain. It is a super collaborative environment which synergises processes, people and technology. In IT governance, there is a demand side and a supply side. Demand side governance talks about what IT should do. Supply-side IT governance says how IT should deliver. On both sides, IT governance requires a very efficient, effective, integrated enterprise solution delivery and creation of business value. It is also a major tool to give the company regulatory compliances.
So, as far as BHEL is concerned, we have strategic business units spread across the country. We have 14 manufacturing plants, more than 150 sites, many regional offices, employ 47,000 people and make 150 products. The challenge is to bring our employees and business processes together on one platform. Every manufacturing unit has created an integrated collaborative system for what they need. Our Haridwar unit, for instance, has a commercial management system which kickstarts from the issue of a work-order, an integrated engineering information management system which has an integrated materials management system and B2B portals with their vendors, transporters, customers.
Running on legacy systems and work in silos becomes characteristic of a mature organisation like BHEL. So, part of the business intelligence, part of getting qualitative information right and clear visibility of operations becomes a challenge. IT has helped. We have ERPs running, we have SAP HR and we have legacies running somewhere else. But BHEL’s IT governance is a continuous process of improvements and maturing. Having achieved that level of maturity in the company, we are now maturing into a completely integrated process across the company so that we have a proactive management and a clear long-term business visibility. Through this, we optimise our resource management and inventories. Right now that is the big initiative in which we are rolling out an integrated standardised process across the organisation so that we migrate all the units onto this platform of a single database.
We are working on another important aspect: knowledge-based integration where we find our engineering is the key strength of knowledge. And every unit will work on a central platform and that will be the heart of the application. So, engineering is centralised on an integrated system and I am bringing a complete integration of 47,000 employees throughout the company, getting visibility and receiving reliable information on demand.
The key challenge in IT governance is the change management. More and more business managers have to start believing that ICT tools can enable you to do better. Through IT governance we obtain complete transparency: people, systems and processes become so visible that sometimes people might feel threatened. And also, sometimes, there is disconnect between domain business managers and IT managers. Many organisations today are reversing that entire process by bringing in experienced domain managers into IT because those professionals have gone through the entire business pains and lifecycle of problems. Of course, successful IT governance depends on what type of ICT solutions are envisaged, but taking people along is crucial.
At BHEL, we are moving very fast on security management. We are audited by the CERT-In of government of India on our security compliances. Most of our units are certified for that. Recently CERT-In included BHEL in a mock-drill in which they created an artificial cyber attack and evaluated our preparedness to identify, defend and recover. We are right now working on some further higher level of security obviously targeting that once BHEL migrates into a single database, there are no risks.