In 2003, BMC Software Inc. unveiled its Business Service Management (BSM) strategy, which provides solutions that
enable customers to link their IT resources tightly to business objectives.
More on IT leadership
Building on the success of this initiative, BMC CIO Jay Gardner launched an IT governance council to align his internal organization with the goals of the business. Gardner told us how moving to a business-funded IT model helped streamline the IT approval process and ultimately saved the company millions.
You recently created an IT governance council at BMC. Can you tell us a little about it?
Gardner: We call it our IT Executive Board. It came into existence last June when we had a little shortfall in our numbers and were asked to adjust our expense plan for the rest of the year. We went through how to cut $8 million to $10 million for the rest of the year. It's hard for it to affect that much of the budget without basically walking everyone out the door. So I went to the senior team and said here's how we make this number. We turn off all of these projects. They said we can't do that; we need to keep these [certain projects]. And that's when they decided to fund these [those projects] out of the business operations.
So in the middle of the year, we went to a business-funded IT model. It [this model] shows a real statement of accountability to deliver because the business units were now paying for it all. The question was, how do we go forward and manage new projects and initiatives? We realized top senior executives didn't want to get involved in that level of operational detail. We found that the next level down was a good level. This included each senior person from the group -- one level down from the top. The group consisted of the vice president of R&D, sales, customer support, HR, the CFO and me. We figured they they'd pay it the right attention and give it enough strength to get things done.
How often do you meet, and what have you achieved so far?
Gardner: Initially, we met monthly. Then weekly during budget time, which was basically February through April. April 1 is the start of our budget year.
When we started, we had 155 projects that were on the table for fiscal 2005. We did a value proposition for each project, based on cost, resources and scope. This narrowed that list down to 23 projects; it has now grown to 27. We've only had about 10 projects brought back to the table. The other 120 just weren't that important. It was a great exercise. If a project needs to get done, they [the business units] have to come before our IT Executive Board. That's still the model. Although we've switched to a business-funded IT model, we [IT] still do manage and budget for "keeping the lights on" -- general maintenance.
Does your IT Executive Board have a formal ROI process for approving IT projects?
Gardner: Yes, we have a template. We try to keep it fairly simple, and we recognize any numbers can be made up. When evaluating a project, we consider some of the following: What is the business impact or ROI? Is there an increase in revenue for this project? If there's a decrease in expenses, where will that close the loop in the budget process? Soft dollars are not accepted. We're looking for real hard dollars in our ROI process. Your IT organization must spend a lot of time and resources addressing SOX regulations.
Do you have a specific compliance manager or officer on staff? Do you think it's a good idea for all big companies to have a designated person in charge of compliance?
Gardner: I think it's important. We have a project manager for SOX [Sarbanes-Oxley Act]; that reports to the CFO. And within each functional organization, we have a project manager. I have a manager for all governance issues, with SOX being one of them. Yes, I think it's important for companies to have a person in charge of compliance. Everyone views that it [compliance] is part of their job. But the manager in charge of compliance -- it's his job to raise the flag, bug people and hold them accountable.
Do you expect to be SOX compliant by the November deadline?
Gardner: That is the plan. I couldn't tell you how many auditors we've had meetings with already. We've done the pre-audits and had preparation. We're now looking at aligning IT support for these audit requirements.
Do you think it's easier for bigger corporations to meet compliance regulations because they have more time and resources than SMBs?
Gardner: I think there are different pressure points. We may have more resources, but we have more things to deal with. I don't think it [managing compliance] is any less or more [easy] because of the size of the business. It's more about how well you have your act together at managing your processes and assets to support those processes.
If I'm a CIO, and I'm having trouble making a business case for regulatory spending, what should I do?
Gardner: I just had a conversation with a vendor and he was selling his project saying you can always write things off to SOX. It's kind of like the Y2K of 2004. But you can lose your credibility if you put it all in that bucket. It's important that you can show what the contribution is to compliance. I think it's a matter of putting the right degree of focus. Everything is not related to compliance.
Do you think spending on SOX and other regulatory standards will continue to grow?
Gardner: I think right now it's [SOX] getting huge attention. That will change once it gets defined on what we're really required to be audited on. We'll still have to pay attention to it. However, the attention will lighten, once they [companies] pass a few audits. Several other CIOs have told us that their greatest challenge today is to focus their investments in the RIGHT places.
Is this a challenge for you, too? How do you make sure that your IT budget is being allocated to the right spots?
Gardner: Absolutely -- the No. 1 job today for CIOs is good fiscal management. We are much more accountable for our dollars. It's important that projects are successful and show ROI. It's the most important job we have.
Our organization achieves this [good fiscal management] in two ways. One is through the process of IT governance -- determining where our project money goes, prioritizing that [money] and ensuring that the return is happening. Second, is on the day-to-day operational aspects of those investments. Once a project is in place, the day-in and day-out of performance, availability and expected return of that project is more critical to the operation of your business.
BSM helps us manage the operational success of projects. We first sorted out all the business we do. Then we identified 54 key processes that run our businesses day in and out. We found as we did our sort, the No. 1 process in BMC is customer support. That [customer support] operates in the middle of critical operations. It's our No. 1 priority. If a customer support call is coming in, it has to be a great experience. We've used our own stuff -- BSM -- to focus on the right things on a day-in and day-out operational basis.