/dq/media/agency_attachments/UPxQAOdkwhCk8EYzqyvs.png)
Follow UsAs the dust settles on the unprecedented financial and economic turmoil, we can see a paradigm shift in global sourcing and client expectations. From being a piece placed by the client in the jigsaw puzzle, the over-stretched client is looking at the provider for help in solving the puzzle. This is a game-changing opportunity for Indian IT companies, stung by rising costs at home and increasing competition from lower cost countries, to re-affirm their leadership by moving to the next level as Provider 2.0.
/dq/media/post_attachments/e157d297b8ed48ad06b9224762335c4eb6946f3b10d5bf22e995aaa39e0991f7.jpg)
As global sourcing shows signs of recovery, providers will see an uptick, but it will not be an easy ride as tough new challenges await. The changes in environment will prod the client to partner with mature, well-governed organizations, not just good technologists. Small and medium providers will need to invest in good governance in order to succeed in the new global sourcing marketplace and you cannot decide what governance model suits you best until you analyze your clients as well as your own organization. Let us look at these 2 aspects before delving deeper into governance.
Have You Mapped Your Clients Lately?
The events of past 3 years have changed the business landscape (especially in the west) beyond recognition. Who could have predicted Lehman Brothers would cease to exist; Wyeth would be gobbled up by Pfizer; Jaguar, and Land Rover would be owned by Tata Motors; Merrill Lynch would be a part of Bank of America; Kraft Foods would eat a big, nice chunk of Cadburys; and Ireland would almost enitrely nationalize its banking industry? Investment banks are doing more brokerage than investment banking these days. The early plungers like GM and AIG are coming out on the other end of the tunnel and seem to be in good health, capable of regaining their old glory (but hopefully not the hubris!) Very complex and puzzling events indeed and if you are a global service provider, you will need to know what it means for your business. To use an old adage, this will differentiate those who make things happen from those who see things happening and those who wonder what happened.
Provider Challenges
The first is a mid-sized IT services provider serving many large corporations. Their CEO is a scrappy fighter who does not take no for an answer. Their biggest client, a behemoth that is beset by woes on all possible fronts (and hence, depending more and more on partners to deliver), went through a vendor consolidation round recently. Against very heavy odds, this CEO managed to keep himself in the new vendor list. One way to understand his feat is to know that his revenue is less than 1/20th of the revenue of the next smallest vendor. After this tremendous fight and victory, one would think it must be champagne time there but unfortunately, it is gloom time as they cannot figure out their entry point in the continually morphing client environment.
/dq/media/post_attachments/c9542b1258181bfd4af9678b68665e051fc9498bdeb325795837ba75921a4b19.jpg)
Another is a case of an accounting BPO provider that serviced a US company that has been recently gobbled up by a very large payroll processor. This payroll provider has multiple offshore relationships in India and other countries around the world. The top executives of the acquired company are still on the transition team and vouch by this Indian BPO providers capabilities and quality, but the Indian company has not been able to figure out what their value proposition is to the new company. Time is running out fast as the transition executives will be gone by the spring of 2011.
Yet another mid-sized company used its cash to acquire many specialist boutique firms in the US to build a high-tech and high-touch front-end that knew the local clients and lingo. But, things are frustrating for both parties as the entrepreneurs are steeped in project consulting and solution delivery, and the parent is focused on headcount of placements. At least half of the acquisitions have gone at a substantial loss and heartburn, and the other half is languishing.
The ownership, regulatory and marketplace pressures do not leave any room for clients to nurture or mentor the providers anymore. They have no bandwidth to even manage the provider or his delivery. They need mature (or demonstrably maturing) organizations that manage their security and risks well, have demonstrable standards for all aspects of its work, understand the clients business and align with it, and can be depended on to not only deliver with minimal supervision but productionize the deliverables in a safe and secure manner. Mapping the themes important to a client will enable the provider to weave them into his value proposition.
Where are You in the Delivery Pyramid?
/dq/media/post_attachments/7563a12872cf06db2496d0b5d7eff728e46f8ad319404393ee5232bf769949f4.jpg)
Global clients have used Indian technical talent over the past 25 years to get their software and business processes up and running. These clients used the providers to acquire some predictable pieces at a reasonable cost and thus, freed their own bandwidth to focus on the more complex IT management tasks. This can be articulated in the form of a pyramid given here.
The bottom-half of the pyramid is about performing the IT function; making sure the networks, applications, and transaction-processing engines are all well lubricated and performing at required levels at a known cost and comply with required controls. This part of the pyramid also ensures that when something breaks, it is fixed and as a business process changes, IT responds as necessary.
The upper-half of the pyramid is about confirming to internal and external stakeholders expectations. These stakeholders include the board of directors and CEO, business sponsors, the compliance, legal and audit groups, the financial control group and even the external auditors, regulators, government authorities and the society at large.
/dq/media/post_attachments/76a1d6e32a07ee3f048ac44ad30580a405cf6412e8fd58c5e5a141097ea5d7be.jpg)
A good governance framework empowers the provider to straddle both the halves and develop the right message to transmit consistently to clients. All members of the organization, be it your website, or your executives at a dinner or your account managers in front of a client, articulate the same value proposition and make the same promises to an external party (be it an employee, partner or client).
We Have All Done Governance
A quick sidenotethe term IT governance may be new, but we have developed or implemented parts of it over the past 25 years in response to specific challenges and issues we faced. For example,
- Structuredprogramming, analysis, design and so forth
- Project management and PMO, and program & portfolios
- IT security, internal controls and risk management
- Regulatory compliance
- Financial return on IT investment
IT professionals understand IT governance intuitively and come up the curve quickly with the right tone at the top. Formal governance is simply the keystone that rests at the top of the structure holding all the pieces in their place.
Laying a Foundation for Governance
COBIT (the governance & controls framework developed by ISACA) is a great way to start this effort. Its 4 domains and 34 processes encompass the people, process and technology aspects of IT comprehensively and allows you to create a unified message for your employees, partners (whether casual vendors or strategic partners or acquired companies) as well as clients. This broadcasts to the whole world the tone at the top of your organization and that is what your clients will want to hear about.
/dq/media/post_attachments/ed54544527b45e74254a5aca04d7461cc1038ead2775607ea355e2680cafad0d.jpg)
Having laid out the roadmap and priorities, you can find a whole host of subject-specific frameworks in respective IT domains. Multiple best practices and frameworks can be architected in an integrated governance platform.
Using this framework, you can focus on your priorities, know the desired state and then proceed systematically till you achieve a desired governance state. As an example, you may be a BPO provider and may decide to use OWASP to achieve a high degree of security in your web infrastructure and demonstrate it to the world. This can be a step on the way to achieving and/or maintaining your SAS 70 attestation that is sure to differentiate you from the rest. You may then aspire for a full-fledged security management program using ISO 27001 frameworks (or NIST, if you have a lot of US government clients). Without this framework, your client does not see the big picture of what you are doing and you run the risk of running in different directions in a reactive mode.
Demonstrate Governance in Your Engagement Model
Most clients understand, from their own experience, governance is work-in-progress and do not expect a provider to present a fully backed model. A client is looking for a vision, action on the ground and a roadmap of 3 to 5 years to develop a comfort factor for all stakeholders. Your governance platform is the best way to communicate all of these in an unified and coherent manner.
An often ignored but significant benefit of the governance framework is that it gives you the ability to demand specific behaviors from the client as well. The big providers are already using this capability to their great advantage in acquiring as well as maintaining clients. You are able to ensure that the client also lives up to his end of the bargain so the work is executed smoothly. But perhaps more importantly, the client benefits from getting a ready-made model that will guide his organization to derive the most benefit from your relationship. The engagement model should cover all events from the time a business request is received right through to release to production and subsequent warranties and support commitments. Make sure the workflow, hand-offs, stages, templates are clearly identified, agreed and signed off. Make sure that it is used everyday to drive projects forward, is used to update senior and executive management of the client periodically and is constantly refined to develop more predictive and pre-emptive capabilities so you solve problems before they occur and not just report them as post-mortem.
With the increasing maturity of the sourcing industry, the days of experimenting, mutual-learning and learn-as-you-go are behind us. The clients management needs a far greater degree of assurance that things will work as promised on both sides and a clear, succinct engagement model will be the key to providing this assurance.
Conclusion
Indian providers, in general, have shown exceptional commitment and talent that endears them to their global clients. In spite of this, many of them are not able to take those relationships to the next level and some are even at risk of losing some existing relationships. As volumes return to the global sourcing industry, providers who demonstrate good governance can position themselves for a significant growth.
Buck Kulkarni
The author is CISA, PgMP, CGEIT
is Principal with GRCBUS
maildqindia@cybermedia.co.in