Provider 2.

0 Winning & growing global clients in 2011 As the dust settles on the unprecedented financial and economic turmoil, we can see a paradigm shift in global sourcing and client expectations. From being a piece placed by the client in the jigsaw puzzle, the over-stretched client is looking to the provider for help in solving the puzzle. This is a game-changing opportunity for Indian IT companies, stung by rising costs at home and increasing competition from lower-cost countries, to re-affirm their leadership by moving to the next level as Provider 2.0. As global sourcing shows signs of recovery, providers will see an uptick but it will not be an easy ride as tough new challenges await. The changes in environment will prod the client to partner with mature, well-governed organizations, not just good technologists. Small and medium providers will need to invest in good governance in order to succeed in the new global sourcing marketplace and you cannot decide what governance model suits you best until you analyze your clients as well as your own organization. Let us look at these two aspects before delving deeper into governance. Have you mapped your clients lately? The events of past three years have changed the business landscape (especially in the west) beyond recognition. Who could have predicted Lehman Brothers would cease to exist, Wyeth would be gobbled up by Pfizer, Jaguar and Land rover would be owned by Tata Motors, Merrill Lynch would be a part of Bank of America, Kraft Foods would eat a big, nice chunk of Cadburys and Ireland would almost enitrely nationalize its banking industry? Investment banks are doing more brokerage than investment banking these days. The early plungers like GM and AIG are coming out on the other end of the tunnel and seem to be in good health, capable of regaining their old glory (but hopefully not the hubris!) Very complex and puzzling events indeed and if you are a global service provider, you will need to know what it means for your business. To use an old adage, this will differentiate those who make things happen from those who see things happening and those who wonder what happened. Some examples of provider challenges The first is a mid-sized IT services provider serving many large corporations. Their CEO is a scrappy fighter who does not take no for an answer. Their biggest client, a behemoth that is beset by woes on all possible fronts (& hence, depending more and more on partners to deliver), went thru a vendor consolidation round recently. Against very heavy odds, this CEO managed to keep himself in the new vendor list. One way to understand his feat is to know that his revenue is less than 1/20th of the revenue of the next smallest vendor. After this tremendous fight and victory, one would think it must be champagne time there but unfortunately, it is gloom time as they cannot figure out their entry point in the continually morphing client environment. Another is a case of an accounting BPO provider that serviced a US company that has been recently gobbled up by a very large payroll processor. This payroll provider has multiple offshore relationships in

India and other countries around the world. The top executives of the acquired company are still on the transition team and vouch by this Indian BPO providers capabilities and quality but the Indian company has not been able to figure out what is their value proposition to the new company. Time is running out fast as the transition executives will be gone by spring of 2011. Yet another mid-sized company used its cash to acquire many specialist boutique firms in the US to build high-tech and high-touch front-end that knew the local clients and lingo. But things are frustrating for both parties as the entrepreneurs are steeped in project consulting and solution delivery and the parent is focused on head-count of placements and at least half of the acquisitions have been let go at a substantial loss and heartburn and the other half languish. The ownership, regulatory and marketplace pressures do not leave any room for clients to nurture or mentor the providers anymore. They have no band-width to even manage the provider or his delivery. They need mature (or demonstrably maturing) organizations that manage their security and risks well, have demonstrable standards for all aspects of its work, understand clients business and align with it and can be depended on to not only deliver with minimal supervision but productionize the deliverables in a safe and secure manner. Mapping the themes important to client will enable the provider to weave them into his value proposition. Where are you in the delivery pyramid? Global clients have used Indian technical talent over the past 25 years to get their software and business processes up and running, These clients used the providers to acquire some predictable pieces at a reasonable cost and thus freed their own bandwidth to focus on the more complex IT management tasks. This can be articulated in the form of a Pyramid given below:

The bottom-half of the pyramid is about performing the IT function. Making sure the networks, applications, and transaction-processing engines are all well lubricated and performing at required levels, at a known cost and comply with required controls. This part of the pyramid also ensures that when something breaks, it is fixed and as a business process changes, IT responds as necessary. The upper-half of the pyramid is about conforming to internal and external stakeholders expectations. These stakeholders include the Board of Directors and CEO, the business sponsors, the compliance, legal and audit groups, the financial control group and even the external auditors, regulators, government authorities and society-at-large. A good governance framework empowers the provider to straddle both the halves and develop the right message to transmit consistently to clients. All members of the organization, be it your website, or your executives at a dinner or your account managers in front of a client, articulate the same value proposition and make the same promises to an external party (be it an employee, partner or client). We have all done governance A quick side note, the term IT governance may be new but we have developed or implemented parts of it over the past 25 years in response to specific challenges and issues we faced. E.g. Structured programming, analysis, design and so forth Project Management and PMO and Program & Portfolios IT Security, Internal Controls & Risk Management Regulatory Compliance Financial return on IT Investment

IT professionals understand IT governance intuitively and come up the curve quickly with the right toneat-the-top. Formal governance is simply the key-stone that rests at the top of the structure holding all the pieces in their place. Laying a foundation for governance COBIT (the governance & controls framework developed by ISACA) is a great way to start this effort. Its 4 domains and 34 processes encompass the people, process and technology aspects of IT comprehensively and allows you to create a unified message for your employees, partners (whether casual vendors or strategic partners or acquired companies) as well as clients. This broadcasts to the whole world the tone-at-the-top of your organization and that is what your clients will want to hear increasingly more of. Having laid out the road-map and priorities, you can find a whole host of subject-specific frameworks in respective IT domains. Multiple best-practices and frameworks can be architected in an integrated governance platform as follows:

Using the above framework, you can focus on your priorities, know the desired state and then proceed systematically till you achieve a desired governance state. As an example, you may be a BPO provider and may decide to use OWASP to achieve a high degree of security in your web infrastructure and demonstrate it to the world. This can be a step on the way to achieving and/or maintaining your SAS 70 attestation that is sure to differentiate you from the rest. You may then aspire for a full-fledged security management program using ISO 27001 frameworks (or NIST, if you have a lot of US government clients). Without this framework, your client does not see the big picture of what you are doing and you run the risk of running in different directions in a reactive mode. Demonstrate governance in your engagement model Most clients understand, from their own experience, governance is work-in-progress and do not expect a provider to present a fully baked model. He is looking for a vision, the action on the ground and the roadmap 3 to 5 years out to develop a comfort factor for all stakeholders. Your governance platform is the best way to communicate all of these in a unified and coherent manner. An often ignored but significant benefit of the governance framework is that it gives you the ability to demand specific behaviors from the client as well. The big providers are already using this capability to their great advantage in acquiring as well as maintaining clients. You are able to ensure that the client also lives up to his end of the bargain so the work is executed smoothly. But perhaps more importantly,

the client benefits from getting a ready-made model that will guide his organization to derive the most benefit from your relationship. The engagement model should cover all events from the time a business request is received right thru to release to production and subsequent warranties and support commitments. Make sure the workflow, hand-offs, stages, templates are clearly identified, agreed and signed off. Make sure it is used every day to drive projects forward, is used to update senior and executive management of the client periodically and is constantly refined to develop more predictive and pre-emptive capabilities so you solve problems before they occur and not just report as postmortem. With the increasing maturity of the sourcing industry, the days of experimenting, mutual-learning & learn-as-you-go are behind us. The clients management needs a far greater degree of assurance that things will work as promised on both sides and a clear, succinct engagement model will be the key to providing this assurance. In conclusion Indian providers, in general, have shown exceptional commitment and talent that endears them to their global clients. In spite of this, many of them are not able to take those relationships to the next level and some are even at risk of losing some existing relationships. As volumes return to global sourcing industry, providers who demonstrate good governance can position themselves for significant growth.

Author: Buck Kulkarni, CISA, PgMP, CGEIT Principal GRCBUS, Inc buckk@grcbus.com 914.512.7923