Outsourcing Monitor                                                                            March  2003

IT Expenditure: it's time for a new mindset

It took me a few years to realize that something was very wrong in the way corporate IT expenditure is managed by top management. As this feeling grew on me, more as more examples of the same problem popped up  time after time.

 It started in the first half of the 90's when IT was still emerging as a corporate resource and I was struggling in my first CIO job.

In these early years, two feelings emerged:

• Does the executive board really understand or care about IT ?

• Any extent of questioning of IT costs was always stopped at some point because top management was not willing to be held responsible for a major IT failure due to a decrease in expenditure.

 My first feeling was that the CIO lacked transparency and the CEO lacked involvement.

 I used to think that this situation could only last as long as companies had enough money to fuel the ever increasing IT budget. I was sure that it must have changed .

 Maybe, maybe not . the following story that a CIO told me may surprise you .

 When the economic downturn started to hit mid 2001, as CIO of a large bank, he sensed that he needed to increase IT expenditure transparency and make some difficult choices due to cutbacks. Therefore he approached his main outsourcer in order to plan together how they were going to manage the new situation.

 With one of his outsourcer's board members, he spent weeks listing end user projects, compulsory application updates and infrastructure requirements. Together they managed to agree, for the first time, on how money was going to be spent. They even agreed on a minimum set of infrastructure projects that yielded no immediate end user value.

 Painfully, they squeezed an optimum set of projects into a reduced IT budget. He was not only proud of the result but also he felt that a new dialogue had been setup

When he presented the result to his executive board he was devastated. Strangely, this new way of working with his supplier was not viewed by the board members in the same way, quite to the contrary . most of the directors felt very uneasy. By laying out a precise plan of how the IT would be used, they could now be held accountable for precise results . They also may have to justify choices instead of just blaming the outsourcer.

 At the same time, his partner in the outsourcing firm also ran into trouble, he found it difficult to convince his fellow board members. The new level of transparency brought on increased pressure to deliver and removed many possibilities of disguising bad results or missed deliverables.

 As I heard him tell me this story, the feeling came back again .

 Not wanting to understand on one side, unwilling to explain on the other one, IT decision making still seems to be stuck in the same old rut .

 So what can be done ?

 Changing the way people behave takes a lot of time and effort. Nevertheless here are some ways of speeding up such a change :

•   CEOs and CFOs can be trained to understand the main issues of IT decision making. In a two day course all of the main issues can be covered, they realize how important their involvement is and we have found that they even enjoy being able to ask the right questions

• IT investment should be clearly explained and split up into two blocks: Infrastructure and end-user projects

• Infrastructure should be part of a 3 year strategic plan and should be presented to the board of directors for approval. We feel that it should also be presented to share holders in the company annual report. Each project must be followed by a steering committee, lead by an executive board member

• End-user projects should grow out of the companies divisions, they must provide Return on Investment (ROI) and be approved by the executive board. Each end- project must be followed by a steering committee lead by the department head involved. (if the project involves several departments it's an Infrastructure project !). 

• All Indirect running costs must be split between applications and re-billed to end-users (see article below on SERONO). For each application, the cost of a business transaction should be provided (for example how much does it cost for a bank to open a new account ?).

Finally, as always, the boss must lead the way. By showing extra interest in IT, a CEO can teach all of his/her board that understanding IT decision making is the new mindset.

  In such a case, the CIO could find the right setting to open up and explain his/her difficulties or main issues. 

A seven point action plan to drop IT Costs without reducing service level

Over the last 7 years, we have watched IT costs grow. Until the year 2000, the situation did not worry most executives. Some genuinely believed that it was the price to pay in order to be a member or friend of the "new economy".

Now things are very very different. Companies just simply can no longer pay their impressive IT costs. It's important that the mechanisms  that have driven up these very costs should be understood, controlled and maybe eradicated.

Quite frankly, there is not much proof of such a course of action being taken. Admittedly, IT budgets have been cut. However, anyone can run IT at a lower cost : take on less projects, replace infrastructure less often and gradually lower service levels.

 We recommend another way of dealing with the issue, it's a more difficult but it will produce savings while improving IT output quality.

1. Understand how new applications generate running costs : Build a simulation for all IT costs

 Operating costs can add up to between 4 and 6 times the cost of a new application. We have proved this to several of our clients using their data.

Build a simulation of all indirect and recurring costs due to the arrival of a new application. You will be amazed to see how all of these operating costs add up.

Use the model to:

• Decide if a new system should be developed and put into operation (based on it's real cost)

• Understand which kind of indirect operating costs your company generates the most and take action to control them tightly.

• Educate Finance people into understanding the essential questions they should be asking the CIO when projects are presented.

 Such a model can be built in just a few weeks .

2. Control application developments: all end-user projects must deliver usable results at least twice a year.

Application development can be costly, especially when it does not deliver on time and in budget.

Set down a rule:  for every project, there must be a delivery of user functionalities at least twice a year.

 You will gain the following

• Runaway developments will be identified as such and can be stopped sooner

• Packages will be preferred to tailored developments

• System usage and acceptance will increase

• A project can be stopped before it's totally finished and there will still a useful application.

Use this rule to align IT results with your fast moving business objectives !

3. Supplier certification for your IT personnel: just say NO !

  Microsoft, CISCO, COMPAQ (HP) and other major suppliers have found a very convenient way of dropping their local technical support costs : they have managed to get their clients to pay them in order to train the client's employees to do the job instead ...

If you have ever heard of a Microsoft Certified Systems Engineer (MCSE), then you may know what we mean..

By allowing your technical people to be supplier-certified you are

• Increasing your IT people's job market value

• Going to have to give them a big salary rise

• Decreasing your IT people's flexibility and willingness to do other types of work

• Becoming more dependant on your existing supplier, you will have a weaker bargaining position and he knows it ..

 Why not certify your IT people on their understanding of your business processes ?

4. Take IT decisions at the right level : trust the right people for the right decisions

  It very often happens the same way. The CEO decides that, in order to fight IT expenditure, all new IT investments will have to be approved by the executive board. What happens then is a great classic : hours are spent discussing the brand of a printer or even a mouse and the executive's secretaries all get new PCs .

In some cases we have actually been able to match such a move to a definite increase in IT spending. Worse still, in many cases high indirect recurring costs have been generated by such a blunt way of "solving" the problem.

Successful IT cost control can only be obtained by matching the type of decision criteria to the level of the decision makers. The board should concentrate on high level objectives giving a framework to middle management (for example, SERONO's IT Funnel). In turn, CIO's or IT managers should be given a framework with objectives and budgets to be kept. This may seem straightforward common sense, but it is rarely applied in hard times .

 By applying this structure you will

• Make sure key people all the way along the process understand and feel responsible for IT cost 

• Reduce overspending in privileged areas of your company

• Spread throughout your company the underlying strategy supported by IT

• Commit key users to explain the benefits of IT investments

Effective cost control requires commitment from all levels of your company !

5. Outsourcing : get the scope right  

One of the key factors in the success of outsourcing is defining the scope of what you trust the supplier with.

• If it is too narrow : Your supplier will be bouncing many incidents back to your internal IT team and will therefore not be supplying a cost effective solution

• If it is too wide: you will be trusting a independent supplier with part of your core business. You will loose switchover power and will also not be in a position to negotiate his fees in a comfortable way.

Scoping should be correctly performed before outsourcing, however if your contract is loose enough (and they quite often are ...) you can trade in and out services while under contract.

Audit your outsourced solution along two lines

• Actual benefits for the end users (not just SLA compliance

• Independence towards your supplier

Incorrect scope will cost the client a lot and could give the supplier a bad reputation .

 6.       Do you really use all that data and all of those applications ? Kill underused systems, cleanup code and delete old data.

 Cleaning up systems means 

• deleting unused code from major applications 

• removing underused applications 

• sifting through large databases to remove unused data 

• merging duplicated files

This can be a risky task, that is precisely why nobody has done it before in your company. However, whether it is to prevent buying a more powerful server or needing to buy extra storage again or prior to outsourcing IT infrastructure, cleaning up is the hot subject.

 Innovative IT code analysis tools were developed initially for getting legacy systems over the year 2000. They can now be used to analyze "dead" code and data on major applications.

For example, in northern Italy, a medium sized Bank managed to reduce the size of it's central application from 55 million lines of code to 26 million !

 By cleaning up you will:

• Decrease the cost of some very expensive software licenses

• Be able to defer replacing existing servers and storage

• Drop the cost of periodic software maintenance development (euro, swiftnet, STP, .

• Get a more cost effective outsourcing solution

 Cleaning up drops IT costs and improves IT service levels, start now !

7.       Business continuity : does your insurance cost more than the risk ?  

Since the 11th of September 2001, disaster recovery and business continuity has become a very central issue.

 However, how many companies can answer yes to all of these questions ? 

• Is switchover time to your backup facility/system's lined up with your acceptable business risk ? 

• Are all switchover procedures documented ? 

• Are all switchback procedures documented ? 

• Have you run a full scale test ?

 As far as IT costs are concerned it is important to understand that no technical solution will ever work without operational procedures. These must be defined and tested with users.

Judging from our experience, it is much cheaper and important to document procedures and train users to work on a recovery system, than it is to technically shorten the switchover time. As illustrated in the figure above, the cost of backup sites is inversely proportional to the switchover time.

Complex online mirror sites cost a terrific amount! In addition, we have seen one that failed and triggered of a total system failure that lasted over an hour !

 By choosing the right solution you will:

• Realize that no amount of technology can replace well documented and tested procedures

• Save money on not opting for the most expensive technical solution

• Get key users involved in defining and testing a global business continuity concept

Remember, in an emergency, things never go according to plan .

IT Cost management in action:

an interview with SERONO's CIO, Frederic Wohlwend

Just behind the United Nations building in Geneva, lies a surprisingly derelict area still bearing signs of Switzerland's glorious industrial past. At one end, a set of new buildings are emerging, in a few years time they will have erased all signs of the engineering works that once stood there. This is the headquarters of SERONO, Europe's no. 1 Biotech. No great signs, no flashy driveways, no big flags, just a set of modern white buildings.

Nicolas Hayek's Swatch Group and Ernesto Bertarelli's SERONO are the two remarkable Swiss powerhouses. Over the last 15 years, SERONO was transformed from a classical Pharmaceutical to the no. 1 European Biotech.

In 2002, their net income rose by 15 per cent to $333.8m from $291.3m. SERONO is not only good at generating revenue, but they also seem good at controlling their operating costs.

So we wondered:

• Just how can IT costs be contained, controlled and monitored in such a challenging and moving environment ?  

• How did IT infrastructure and organization evolve from supporting a classical Pharma to fueling a multinational Biotech ?

Frederic Wohlwend, SERONO's CIO answered these questions and many others as he walked us through a list of complex IT cost issues.

IT at SERONO

Until 7 years ago, apart from an AS400 in Rome, SERONO had virtually no corporate IS systems, not even a corporate email system. In retrospect, they were actually quite lucky.

Corporate IS was then gradually introduced and used as driver to standardize financial reporting procedures. At the time, there was growing evidence in other companies that distributed IT was creating extra complexity and therefore inducing high operating costs. On the other hand, the drawback of centralized architecture is the high network load and therefore at the time, it would have induced a big telecom bill.

An important decision was taken, SERONO decided to implement a centralized architecture and bear the telecom costs. It proved to be a very wise decision: over the next 6 years, the cost of managing distributed operations increased sharply and telecoms became much cheaper due to market liberalization.

Now SERONO is present in more than 45 countries at 60 locations. To fit into the local markets, business is carried out in 7 languages, 24 hours a day, 7 days a week. IT usage is widespread, the scope of business requirements is large and user acceptance is very high. SERONO's growth is backed by an IT. The past 5 years have been a growth phase for IT and now the pace of new systems is slowing down.

Frederic Wohlwend SERONO's CIO,

"What counts here is that every dollar spent on IT is really going towards supporting Innovation "

Legal requirements

 All sectors have their legal requirements: IT must comply to these and it can be a costly business. Worldwide Banking, for example, has many legal requirements ranging from laws on money laundering, to US tax on capital gains.

 In the Pharmaceutical field, the powerful US Food and Drug Administration (FDA) has issued legal requirements for IS systems that support clinical trials or laboratory experiments. Just as for Banking systems, the FDA audits the way applications are managed, data is accessed and code is changed.

 To meet such requirements, SERONO has implemented tight Quality Assurance (QA) and Quality Control (QC) for all IS systems used in, or connected to clinical trials. Frederic Wohlwend estimates that, in some cases, the additional overhead cost can be as high as 30% of the development effort.

 In addition the FDA have issued a Code of Federal Regulations (21 CFR Part 11) to specify how electronic records and electronic signatures can replace paper documents. It means that every document on a computer has to be authenticated, protected and securely stored. Otherwise there has to be a paper copy of it and manually signed and stored in a unique location.

Outsourcing

Scope

Like many companies, from a very early stage, SERONO decided to outsource application development. It's a none core activity, outside skills are easily available and the work load involved is far from constant over time.

SERONO design the desktop/laptop configuration. Given the large number of worldwide locations, SERONO decided to outsource the PC setup work along with helpdesk and onsite support. All three being part of the same process, it makes sense to farm them out to the same company. IBM Global services was awarded the job, they manage level 1 support, PC replacement every 2 years worldwide and onsite support at several key locations.

 Finally and logically, SERONO outsources Worldwide IT network management and support to a global player: INFONET.

In-house IT and outsourcing at SERONO

Outsourcing has yielded mixed feelings. Mr Wohlwend feels, as CIO's do, that cost reduction through outsourcing can not be shown in a significant way. He also notes that internal governance efforts are often underestimated.

 In addition, he has some very interesting comments on outsourcing :

Service Levels (SLAs)

 Mr Wohlwend states : "Service levels cope difficultly with subjective quality, especially as far as the attitude of a helpdesk employee is concerned. Metrics can all be green, but internal users can still be unsatisfied with the way they are being dealt with."

Mr Wohlwend also noted that he was satisfied with the work delivered by his outsourcing suppliers.

 We have actually noticed this very feeling in other sectors, banking for example. Our opinion is that an SLA should not be used as a metric to measure or justify customer satisfaction. This may shock some suppliers or even CIO's, but it is unfortunately true. 

Too many high level meetings, between disappointed customers and unhappy suppliers, fail to improve the situation because at one point, the supplier pulls out a 30 page SLA that is actually being met !

Can someone please manage the whole chain ?

 SERONO run IBM servers, the ORACLE Financial Suite and a very standard network infrastructure.

Frederic Wohlwend dreams of the day IBM, ORACLE and his network supplier will partner together and start offering a packaged solution. He is even prepared to outsource non-strategic Pharma applications to such a partnership and let them provide such services to other Pharmas. For the time being there has been little move in this direction from these suppliers. Lets hope that this will evolve.

IT Costs

Rebilling IT Costs: it all starts with ABC

 At the heart of Frederic Wohlwend's IT expenditure management lies rebilling. Business pressure is the number one factor that drives IT costs. Obviously, the IT organization must be efficient, lean and cost effective. Nevertheless, as long as people get the technology free there is no reason for them to not ask for more and more.

Direct IT costs such as project management, development work, Desktop hardware etc, are quite easy to bill back to users. The only difficulty is the effort to reach some form of standardization, but this can be backed by management and enforced as a corporate policy.

Where things get more difficult is with indirect costs. Network management, systems monitoring, data center infrastructure and so on. They key to rebilling correctly all of these cost stems from a simple observation that Mr Wohlwend has made and that we can endorse for having also successfully build cost models on the same basis:

Ř       As far as the user is concerned, the only real value is the Application.

Not matter how you look at IT organization, expenditure etc, it must contribute to an Application in the most direct way.

Mr Wohlwend has introduced Activity Based Costing (ABC). He uses hard data to split all indirect costs between SERONO's top 20 applications. Each application has a total cost that is divided by the number of users.

For each user, IT rebilling is made up of Desktop hardware and services as well the costs of the applications that they use.

Another piece of good news:  this way of rebilling fits precisely into the cost simulation model described in our article above. Factors derived from it can be used to benchmark indirect IT cost generation and constantly align cost prediction with real data.  

Control Strategy

Rebilling is not enough. As we have all experienced, most rebilling policies fail at one particular point. The real test is for such techniques is quite simple:

Ř       When the user declines a service or an application, what happens to the cost for the remaining users ?

In the case of SERONO, the answer is straightforward, there is no impact on cost for remaining users. Quite obviously, mathematically there must be an incidence on cost coverage. In fact, this is only true over a short term. If all indirect costs are linked to applications, over the medium term there will be no incidence for other users.  

Let's take the example of network capacity to illustrate how this works. Suppose a department head decides that there are too many of their employees using an application. She/he then decides to drop the number of accounts. For a short while costs re-billed to other users will not cover the total bill. However, in the medium term as network usage increases (and it always does), the extra capacity will be absorbed by the remaining users and only then it will justified to re-bill it back the them.

Over a longer time-frame, if total demand for network does not increase, new contracts will be drawn up with suppliers and the total cost will drop. Add to this the fact that most IT related services or commodities are becoming cheaper every year and one realizes that in such a model, all one needs is quite a small budget to fill in the gaps. It's size is much smaller that the one required if there had been no decentralized control mechanism.

Limitations

 Obviously such a model has limitations. The main one is strategic.

As Frederic Wohlwend noted: "One of our main strategic objectives when deploying a worldwide IS platform was to improve the quality of our financial rep