Adding Value to Business

Direct benefit transfer (DBT) is the talk of the day, a manifesto for the 2014 elections. Government is hinting at it being a game changer. What remains to be seen is whether it is a game changer for the public or for the government itself. It is an open secret that financial inclusion has not been achieved as envisaged. Then how can DBT be successful when rural population or those in remote areas do not fit the basic eligibility criteria of having a bank account. Progressing a little deeper, if we look at the so-called ‘financially included sectors’, another obstacle crops up: the absence of essential products like micro-insurance, micro-pension, remittances, and so on. The primary aim of financial inclusion should undoubtedly be timely access to credit. Adequacy as an included adjunct goes without saying.

While corporate governance is the methodology by which a corporation is directed, administered and controlled, IT governance supports achieving corporate objectives, strategy, direction, administration and control, using appropriate information and communication technology (ICT) investment and resource management. It underlines the need for organisations to protect their information assets and increase productivity levels. It is the defense mechanism to prevent hacking, check cyber-crime and limit the scope of disruption to operations in case of a human error or natural disaster. As a business decision, it adds value to the organisation, increases monitoring and scrutiny within, sets rigorous quality standards, augments profitability and promotes shareholder interests.

“A good IT governance structure contributes immensely to the bottomline. Even though India has made tremendous progress in IT, most of our companies have not made the kind of investments to make IT governance in an enabling factor in scaling up business.”
— Milind Mungale, Senior Vice President, NSDL
“In IT governance, project management and implementation is vital, and that is where flexible and scalable processes to accelerate implementation and improvement of the governance norms have a central role.”
— Mahesh Chandra, Deputy Director General, National Informatics Centre
“Cloud computing is a necessary area. This can dramatically reduce the risks and costs for companies in doing business, and for the government when it implements e-governance projects.” 
— Rajesh Narang, Principal Consultant, NeGD, Department of Electronics

Companies that want to build and sustain higher levels of business impact, effectiveness and compliance will implement continuous improvement programmes based on current and emerging best practices, standards and guidelines and endorse individual and organisational certifications. 

IOC’s Six Pillar Approach to IT Governance

As organisations get deeper and more mature in their IT and business enhancement process, one thing that they can’t do without is IT governance. Indian Oil Corporation’s (IOC) vision is to become one of the globally admired energy companies. Naturally, then, its entire IT governance policy is built on six major pillars — customers, employees, environment, technology, innovation, ethics and governance. S Ramasamy writes

IT governance takes care of performance as well as risks associated with business continuity and business failure. As it runs a strategically important business for the country, the IOC needs to ensure three major things in its IT system: best management practices, business continuity strategies and information security. A large ERP system ensures that the business processes, from supply chain management, sales, marketing, human resources, quality control, investment to treasury management, are integrated and closely monitored for delivering best results. A multi-level server fallback system prevents network failures affecting business continuity. An excellent data governance mechanism checks business failures due to data loss due to human error or natural disasters, or data theft through hacking.

There are two aspects of IT governance. One is IT operations/governance and the other, performance monitoring/maintenance. We follow a framework related to large ERP operation and maintenance. The major one is related to operation and governance. We have standard operating procedures and monitoring devices. We have ERP tools such as early watch report, operating systems, file systems, database systems, applications and the end-user human interface layer. All will have to be monitored for better performance and agility. Through these tools, we avoid failures and enhance productivity. Ultimately what is important is the end-user experience in terms of response time. When you have a larger ERP involving more than 12,000 users, 700 locations and more than 10 TB database, monitoring each layer is very important. 

This is very important to companies like us because most of our customers are mission critical-ones. Almost 90 per cent of our business is with defense, state government undertakings, the railways, etc. We are the first public sector company with business continuity certification called BS25999. The certification defines certain guidelines, processes, procedures, auditing and confirmation and we abide them. This way, all functions are aligned and perform like clockwork.

User management is another essential thing of our business process. User authorisation and strict access controls are issues that have to be tackled through technology devices like two-factor authentication, remote monitoring and password management maintenance system. 

IT governance is an evolving area. We need to create an environment in such a way that employees will voluntarily embrace certain best practices. That will come by more of awareness and continuous mentoring and coaching. Today, all our data centers have been certified. For example, we are also having a group related to software development. We are yet to get certified on CIM maturity level certifications which we are trying to get in the future. Though our business is more or less IT operations but whatever the development we do, we follow certain IT governance requirements in terms of software development and maturity models.

We have a primary data center which takes care of our day-to-day operations which have a redundancy and fault tolerance at every level like hardware application servers, network, storage and backup devices. In the event of any human failures, this system will not work. So we have gone for something known as near-site data center where we will have a lag of four hours between the two data synchronising systems. So within four hours, if somebody makes a mistake or error, we can come back to the original data immediately. In the event of the entire site failure due to natural disaster, we will change over to our data center in Bangalore. Mock drills are an integral part of our IT governance that frequently test the data system preparedness should a disaster actually strikes. 

S Ramasamy is Executive Director – IT, Indian Oil Corporation


In the West, corporate governance guidelines are governed by strict laws. The Sarbanes-Oxley Act in the US and the Combined Code in the UK, for instance, demand an effective IT governance framework to minimise corporate fraud or reckless behaviour on the part of directors and auditors. It is understood without IT governance, adherence to these laws will not be possible.

As IT governance is an integral part of corporate governance, how have Indian companies gone about it? Have they established IT governance structures and defined the processes? What are the goals and metrics? Has there been a proper devolution of tasks from the top level to the bottom?

There is an increasing awareness in India now that organisations that seek to be globally competitive, those who care for shareholder value and understand the risk and reward of corporate governance and are of a critical size in revenue and human assets must practice IT governance. Successful IT governance is built on three pillars. One, leadership that defines the organisation structure, roles and responsibilities, decision rights, a shared vision and meaningful metrics. Second, flexible and scalable processes. Third, enabling technology, which offers tools that support key IT governance components. 

Indian businesses are very innovative and quite a large portion of customers belonging to the enterprise set have already put strict IT governance frameworks in place. However, public service organisations and some of the SME customers need to focus more on this subject area to remain competitive and meaningful. “IT governance also extends to project delivery, especially for Indian IT companies. Here the same discipline and fervour are not adhered to when dealing with projects delivered for Indian clients often resulting in mismatched project outcomes. The same companies however seem to follow a strict regimen when dealing with overseas clients,” says Mathew Thomas, Vice President-Strategic Industries, SAP Indian Subcontinent. 
“Organisations that seek to be globally competitive, those who care of shareholder value and understand the risk and reward of corporate governance and are of a critical size in revenue and human assets must practice IT governance,” he says.

According to Sandeep Mathur, Managing Director, Oracle India, any organisation that views IT infrastructure as a strategic asset to be deployed for achieving its business goals cannot afford to miss out on designing and implementing an effective and organisation-wide IT governance system. “As IT governance gains ground across organisations, the whole industry ecosystem is evolving to support CIOs in their IT governance programs. For example, our approach at Oracle is termed simplified IT that aids governance. Oracle delivers on the simplified IT promise with pre-integrated and fully engineered systems that are easily deployed and generate quick return on investment (RoI). We believe simplified IT enables the IT managers show clear and measurable results from their IT spends,” he notes.

Alignment Of Buiness Objectives
In a large, decentralised, federated organisation, alignment of all business functions to the corporate objectives is a hard goal to achieve. Individual line of businesses, departments and diverse corporate entities often tend to operate in silos, creating distinct organisational cultures, which pose a serious challenge to corporate integration and consolidation. “However, a common thread that runs through all these is the underlying IT architecture, which forms a unifying thread across the organisation creating the unique identity and corporate alignment,” says Subrata Das, Industry Director-Public Services, SAP India.

“With the proliferation of IT across all functions, IT governance is emerging as a discipline that needs to be adhered to strictly. Several frameworks have emerged over the years with varying degrees of adoption such as BCG, COBIT, COSO, ITIM, Six Sigma, PMBOK, Prince2, Porter, Hamel, Weill, ITGI, PMMM, CMMI, ITIL, KANO, IAOP, ITsqc, select ISO standards and others. With the maturity of universally accepted standards as in frameworks such as COBIT and ITIL, IT governance is on the road to standardisation. With the chief technology officer now represented on the corporate board and governance risk and compliance being pursued very seriously, IT governance is here to stay,” Thomas adds.

Some of the major key performance indicators (KPIs) of IT governance are (i) effective strategic alignment of IT with the business; (ii) ensuring the successful planning, deployment and integration of IT initiatives and services in collaboration with the business; (iii) establishing and/or improving the accountability of all constituents/entities in the business and outside; (iv) ensuring value delivery of IT; and, (vi) measuring the contributions of IT to the business by linking critical success factors to KPIs.

Milind Mungale, Senior Vice President, NSDL, characterises IT governance as alignment of information technology with business. “A good IT governance structure contributes immensely to the bottomline. IT takes a holistic view as it affects all aspects of business. We talk about standards, certification, frameworks, regulation and security. Even though India has made tremendous progress in IT, most of our companies have not made the kind of investments to make IT governance in an enabling factor in scaling up business,” he says.

( )

comments powered by Disqus