The November 2002 issue of Optimize Magazine, a sister publication of Insurance & Technology, analyzed the growing trend among businesses to create a new, hybrid position, the CFO of IT, with the goal of tightening control over IT spending. New York-based Guardian Life Insurance Co. of America ($32 billion in assets) was one company on the edge of this trend. Since then, the idea of CIO/CFO alliances has gained traction, but it also has generated controversy. In this follow-up article, Guardian's CIO and CFO of IT explain their new corporate structure, how it works on a daily basis and the results they've seen. They run a tight ship, but even skeptics may be impressed with the strategic alignment they've attained.
At The Guardian Life Insurance Co. of America, IT change is a business reality. Our executives want to make sure it all goes smoothly.
The changes began about three years ago, when Guardian recognized the need to restructure its IT department to benefit the company. Since then, we've created a new IT department, with a new management team. We've introduced strong financial controls and powerful organizational links to business managers and top executives. Our primary targets are the same as those of many businesses today: to reduce total IT spending, exercise control over vendors and align IT projects with the business.
We still have plenty of work ahead, but in a relatively short time we've made significant progress toward these goals. Between 2000 and 2003, Guardian, the country's fourth-largest mutual insurer, reduced total IT spending by over 30 percent, while increasing the value delivered to the business. We've greatly scaled back the number of vendors we use and we've established a long list of processes and rules that help our IT organization work more efficiently with the business. The savings resulted from the financial disciplines we put into place, as well as from consolidating servers, renegotiating contracts and using new, offshore vendors.
Of our total IT spending, our business units spent nearly $40 million, leaving a budget just shy of $108 million. A big part of that, of course, went to salaries for the IT staff of roughly 400 people and 200 consultants. Another 50 people work outside IT but have dotted-line responsibility to me, Dennis Callahan, as CIO. The IT organization also reports to me.
I joined Guardian in 2001 as a senior VP and the company's CIO. I report directly to Guardian's president and CEO, Dennis Manning. Reporting to me, in turn, are eight functional IT heads, including IT CFO Rick Omartian (co-author of this article), who runs IT Finance Control & Administration. He joined Guardian two months after me as part of the new team. The others are the VP of IT operations, the chief security officer, the director of electronic channels, the chief architect and the heads of our three Business Technology Service development areas.
Prior to our arrival, Guardian's IT finances were the responsibility of each of the different areas reporting to the CIO. One of the first things we did was consolidate these functions under the newly created position of CFO within the IT department. We brought in three finance people to report to Rick and work directly with our business-unit managers. We have since instituted formal IT-financial processes, including forecasting, monthly reviews of actuals, variance reports and monthly full-year reforecasts.
Rick has also moved us away from charging IT work as overhead. Instead, we view our functions as products and services that we sell to other areas of the corporation. To support this, Rick created charge-back mechanisms for most of our IT products and services, based on rates and volumes of usage. He now creates a consolidated monthly bill for each of our major internal customers, and we conduct quarterly reviews with internal users to go over charges and the level of service we've provided.
Next we created a vendor-management function for better vendor control. All companywide IT acquisitions-whether of consultants, hardware or software-now must be made through the vendor-management team. Additionally, both Rick and I must approve in writing any IT invoice of $10,000 or more. We've also expanded our bidding process: All IT purchases of more than $50,000 must get three bids, a formal request for quotation and the CIO's sign-off, while all purchases of more than $500,000 must receive a formal request for proposal/request for information and the CIO's written approval.
We've cut the number of IT consultants we use from about 60 to just five preferred vendors and two offshore partners. We're also developing strategic partnerships with our key vendors. In quarterly surveys, we ask the IT managers to evaluate our top 25 IT vendors by spend, using a list of qualities and capabilities. We then discuss the results, including areas in need of improvement, with our suppliers. We also solicit feedback on how Guardian can improve its relationship with them.
Like many companies, we've found that offshore suppliers help us control IT costs, especially in application development. We now have a steering committee that meets monthly with these vendors to review their productivity and other metrics, as well as the status of major projects.
Making a Project of Projects
We have roughly 170 development projects under way at any given time. To bring them under control, we hired a seasoned process manager to head our new Project Management Office (PMO) and develop and implement project-management tools and processes. We have piloted and rolled out Project Planner from Primavera Systems, Inc., as the standard project-management tool across IT and the business.
We now hold monthly meetings on all projects exceeding $100,000 in costs. For these projects, we've implemented a business-case process that requires a formal ROI and a three-year payback. After a project launches, the PMO reviews its progress against the plan every month. After the project is completed, the PMO reviews the benefits achieved. The results are discussed at weekly staff meetings of the CIO's team.
In a related effort, we've created a business-planning area to ensure that our IT plan is aligned with our profit centers. Low-priority projects may wait until the next year or we may change their scope to fit the current year.
As another way to foster continuous operational improvement, we've developed an organizational development and training program. We train staff in areas of need, whether that's our Java, J2EE or XML software platforms, or tools introduced via a new enterprise architecture. We offer both online and formal classroom training sessions.
We're developing our senior IT team, too, in three main ways: first, an annual two-day, off-site meeting for senior managers; second, quarterly one-day, off-site meetings to discuss strategy, issues and areas that need improvement; and third, monthly dinner meetings, where the senior team can build relationships in a relaxed setting.
Feeling More Secure
Another important area for us is security. Late last year, we hired an industry veteran to join us as chief security officer (CSO), reporting to me. He has established Guardian's Corporate Security Office (GCSO), responsible for developing a corporatewide security and information risk-management vision, strategy and program, as well as corporate-governance policies and standards. The GCSO is also responsible for information assurance, physical security, business continuity and disaster recovery. It works closely with the law department to maintain compliance with federal and state regulations, as well as privacy and protection laws.
We also carefully watch the use of our IT assets. We can't afford to have unused hardware and software sitting on the shelves, so we recently created an asset-management function to centralize our hardware and software inventory.
Finally, we recognize that technical standards are critical to success. Our chief architect and senior manager for enterprise architecture spent about 19 months implementing a technical architecture that sets standards for how we'll develop and maintain systems. It's based on Java, J2EE and XML. We've brought on reusable components for content management; database extraction, transformation, and loading; document management; portals; and security. After code is developed for a specific application, it can be reused for future applications. Our goal, after this architecture is fully implemented early in 2004, is to cut our maintenance and development costs by 30 percent.
With this formal organization, we expect to control costs, carefully manage vendors and ensure that all IT projects mesh with business goals and deliver a payback. We believe we've laid the foundation for many years of success.
Dennis Callahan is CIO of The Guardian Life Insurance Co. of America. Rick Omartian is Guardian's IT CFO and chief of staff. This article originally appeared in Optimize magazine.