The IT governance journey at Reliance Life

S S Prabhudesai, chief of IT governance at Reliance Life Insurance, describes in brief the company's IT governance practices.

Most organizations focus their energies on growth during early stages of the business-building exercise. Over a period of time, when the business reaches a critical mass, the tiny leakages start looking fatal. The overall extent of such inefficiencies and lack of control results in major erosion in the company's capital asset value as well as a leap in operational expenses. If this phase coincides with an economic slump, the company's leadership comes under the scanner. Therefore, right from the beginning, we at Reliance Life Insurance built a mechanism to ensure an in-built IT governance track which remains invisible irrespective of the business' dynamic nature.

The deployment of quality IT governance is a long process, hence the earlier you start, the better. It's neither an instant software to be deployed overnight, nor an easy to run antivirus pack. Rather, it controls the organization's workflow in a systematic manner, with significant behavioral doctoring of employees. The role of your chief IT governance officer is to understand the business' dynamics, workflows, quality parameters, and the elements of measurable success and failure.

Reliance Life, which took over AMP Sanmar during 2005-2006, had the formidable task of growing with 200 branches in the first year, then adding 500 in the second year and another 600 in the third. This was a challenging task in terms of IT infrastructure challenges as well as IT governance, considering the difficulty of penetrating remote geographic locations.

With [customers and] revenues soaring, our data centers had to get resized to nearly twice [the area] to accommodate the surge in transaction volumes. When you pump in assets worth several millions of dollars at this pace, among the first questions that strike you are, 'How do I govern this pace?' and 'What do I do to continually keep the ROI under control?' These things are possible only with conscious and timely efforts in the direction of implementing IT governance practices at the right time.

Prabhudesai's pointers for good IT governance
1. Understand the business and its workflows.
2. Identify junctures with potential for success and failure. 3. Identify factors which matter for these elements, and rope in their actions with a timed controlling mechanism.
4. Calibrate such controls with the value they generate for the business.
5. Restart this cycle from Step 2.

At Reliance Life, the conceptualization process was spread over multiple parallel execution stages. First, we had to get the IT dashboard under IT governance purview. Second, we had to deploy systems to ensure seamless tracking of IT governance parameters. Third was to extend the reach of IT governance to encompass various distinct workflows and processes, independent of departmental barriers.

The IT governance execution and deployment process also consisted of phases. The first phase had a granularity of projects, activities and people. In this stage of IT governance we attained a crystallized tree of authorities, responsibilities, timeframes, deliverables and utility and quality benchmarks. The second phase covered measurement parameters and controlling benchmarks. The third phase involved acquiring a thorough understanding of the business processes. In this phase we also deployed controlling systems and success parameters across the organization.

We first focused on asset governance, followed by commercial governance; thereafter, the stage was set for business process governance. On the asset governance front, the priority has been to devise accountability toward responsible use and deployment of resources at branches. Commercial governance takes into account a much wider spectrum of activities. This process requires an in-depth understanding of optimal process workflows, which then get incorporated into the control parameters.

Every control parameter should be seen as a success or failure probability. So a quality MIS and reporting tool to measure the effectiveness of activities is critical. However, every lapse need not be subject to disciplinary committees; leave enough space to allow people to get themselves adjusted. Governance of IT should not become a nuisance which erodes the occupational freedom of employees.

If a control does not give value to the business, do not think of deploying it as part of your IT governance strategy. Continually align the processes and controls by judging them against this simple criterion: What value do they generate for the stakeholder?

Read more on IT governance