When you talk to UnumProvident Corp.'s CIO, you're talking to the Best in the business. Bob Best, a 20-year CIO and 32-year insurance veteran, oversees IT for the largest disability insurance provider in North America and the United Kingdom. The Fortune 200 firm has 13,000 employees worlwide and is based in Chattanooga, Tenn.
More on IT leadership
One of the defining moments for Best was the 1999 merger of Portland, Maine-based Unum Corp. with Chattanooga-based Provident Companies Inc. IT had a chance to step up and be a significant part of the merger's success. And, from all indications, that's exactly what happened.
What do you like most about your job?
Best: Every day is a little different. I am also the head of the customer services area, so I get to see a broad brush of the enterprise and the different things going on in the company. If you manage IT correctly, you can have a great impact on the company.
Is there any great failure that you've learned from?
Best: Trying to build a lot of different customer systems from scratch doesn't work anymore. In the '70s, '80s and early '90s, a lot of companies were building huge software engines. They were miserable failures, and they don't work. Retrofitting worked. We have enough risk in our company to go out on a lot of risky adventures. Take one platform and constantly upgrade and fold things in.
One of the great challenges for CIOs this year is to anticipate where the business is going and know what the business people want from IT before they even ask. Do you find that to be a big challenge?
Best: Yes -- the time frame to anticipate where the business is going is shorter. You see quarterly plans now. The good thing is that I get involved with a lot of customers and vendors -- being there and having that link to customers and producers kind of helps me stay abreast of things. It's not impossible [to anticipate where the business is going], but the marketing and return cycle gets shorter and shorter. That puts pressure on IT folks to deliver more quickly. That's been the biggest change in the last 10 years.
Do you think it's more important for a CIO to be a tech person or a businessperson?
Best: At an executive level, a strong business background is a must. In one of these executive education classes I took at Duke, the professor said that the time it takes to become an effective business exec is a lot longer than the time it takes to become a doctor or lawyer. There's an immense amount of things you have to learn [and master]. IT offers a twist to that and makes it more difficult. People don't gravitate toward IT, and other execs don't understand it. It's one reason for the high turnover rate of CIOs.
You read how things are looking up for IT budgets this year. Is your IT budget looking a little more robust?
Best: I gave a presentation to the board a couple of months ago on how we compare to our peer companies. Right now, we're on par with rest of industry. We've done a good job working with vendors and taking advantage of different things in the marketplace. We've increased the number of people, but we're beyond the big investment period and in a more mature period.
Are there any particular technologies you're looking into?
Best: We've built up a nice competency around imaging and workflow tools. We're a big .NET company. We're on the edge there and work closely with Microsoft. We use NCR data warehousing -- we needed some strong data management. And we're entering the CRM world this year. We're thinking big and starting small. Electronic signature technology is also important for our customers who enroll and make benefits choices over the Web. A fair amount of our business is over the Web.
How do you go about getting big IT projects approved? What kind of role does ROI play?
Best: We go through an intense ROI analysis between the IT, user and business areas, and we categorize projects. There's a strategic category for long-term projects. There's a discretionary category for quick returns. There's an infrastructure category that's set aside for either upgrading or doing what you have to do from a regulatory standpoint. Then there's a maintenance mode for older systems.
How about Linux?
Best: No Linux. We're pretty much in lock step with Microsoft. They've been very supportive of our venturing into the .NET world. From a security standpoint, it can be brutal. We've had few virus problems, but that's [because of] our own initiatives.
So MyDoom didn't doom you?
Best: No. We shut down some external e-mail traffic -- it didn't get into our environment. IBM is in charge of our operating infrastructure -- having them in place helps from a security and antivirus standpoint. They're quick to react. They've been very good with all the attacks the last few years. I give them a lot of credit -- they're our early warning system.
A study came out last week that said most corporations don't have a strategic IT plan. Why is that?
Best: It probably starts with the governance model that's in place at different companies and how it's used to manage IT resources. Many executives don't spend time with it because they're not interested, or they see it as operational or tactical and don't worry about it. Now, [since the tech bubble burst], more firms are looking at IT from an expense standpoint. One year you have [a] blank check, the next you have to manage costs; -- that can drive IT people nuts and make IT lose its effectiveness.
Everything has ROI attached to it. Going through a merger forces you to put governance in place. It all starts at the top, one way or another. Mergers are tough, but they make you rethink your business. IT is an important part of that and has created a nice strategic place in the company.
How has the company been dealing with Sarbanes-Oxley regulations?
Best: We have a dedicated team working closely with external auditors, similar to what we did with HIPAA. Sarbanes is more of a documentation piece for us. Generally right now, we've got more folks cleaning up documents than implementing new controls. We're in good shape. Other companies that have been more static over the years [are spending more money on compliance] -- mergers clean up things like that. We spent some for a software system that improves how we capture corporate documents, but our Sarbanes-Oxley investment is significantly less than our HIPAA investment.
We're HIPAA-compliant and spent a good amount of time getting there. We found that even companies that don't have to be 100% HIPAA-compliant are forced to standardize around it anyway. The dynamic of customers is drawing us into the standard, and the world has forced us to become compliant.
Do you do much offshore outsourcing?
Best: We had an offshore agreement in place before the merger; so we're one of the first insurance companies to go with the offshore approach. We've got 45 to 50 people [in India] maintaining a big operating system for us. It's purely a maintenance contract. One of the tricks with offshore is you need to have a fair amount of a vendor's employees on U.S. soil. It's one of the success factors we discovered early on. We haven't had a need to leverage that any more. We have outsourced some things to IBM.
I do think it's pretty sad that one of the drivers of outsourcing is [the fact that] fewer people [are] coming into the IT world -- a lot less today than five or 10 years ago. If that continues, it will force companies to look where the market is. We've noticed a natural aging of the IT pro -- the average age is going up. I do worry about the lack of younger people coming into the IT business. What it will mean to the industry and the economy seven to eight years from now?
Do you find yourself more involved in making business decisions these days? Do other execs look to IT for leadership?
Best: Yes on both parts. I report directly to the CEO. I had 10 years of operational experience before I entered the technology world. Blending the two together was my value. I'm generally in two board meetings a year, doing anything from giving updates and integration objectives to process controls. I'm very much partnered with other execs in the company and do some strong collaboration with the other business units.
We have an IT steering committee in which we go through different aspects of IT. We discuss four or five disciplines each month -- things like outsourcing deals. We engage execs and keep close alignment with the business, but we also keep things efficient to avoid duplication of infrastructure items.
Do you work with the CFO mostly?
Best: I work more with head of underwriting and the head of the benefits center -- they're two of the biggest users of IT.
How big of a role does IT play in UnumProvident's business plan? Is IT a key business driver?
Best: It plays a very large role. IT is managed here as a business enabler and like any other large unit in the company. We submit five to six large operating business plans per year, and IT is one of those. All the business plans that are submitted generally have a large component of IT involved in them. It's a very strategic application for company -- not just an order taker in the background. Viewing IT strategically was critical to the success of the merger.