On the Soapbox

The past year has been good for insurance carriers, but one lesson seasoned insurance IT leaders have learned is not to expect the good times to keep rolling without hitting some hurdles along the way. For many insurers, those challenges include fulfilling regulatory requirements, finding ways to keep aging systems online, and making sure the projects they embrace offer true business value. Wise IT leaders are looking beyond the next six months, though, and find the future holds many uncertainties.

Nearing the end of 2006, Tech Decisions contacted IT leaders from six major insurance carriers–Nationwide, The Hartford, CNA, Chubb, St. Paul Travelers, and Principal–asking them to offer their assessment of the insurance IT environment and for their views on a dozen issues facing the industry now and in years to come.

This prestigious group includes John Golden, CIO at CNA, who in addition to overseeing the IT department, is responsible for the insurer's worldwide operations organizations, leading the effort to integrate technology and business processing. Srinivas Koushik, senior vice president of Nationwide Mutual Insurance Company, is accountable for enterprise IT infrastructure. As CIO of the Nationwide Services Company, his responsibilities encompass data centers, network, help desk, and desktop services. Charles Brooks is senior vice president, operations, and CIO for personal insurance at Travelers. He is in charge of operations and systems for the portion of the company that markets auto, home, watercraft, and other insurance to individuals. Louise Billmeyer is vice president and CIO for The Principal Financial Group Health Division. June Drewry is the CIO for the Chubb Group of Insurance Companies. John Chu is senior vice president, e-business and technology, for The Hartford's property/casualty operations.

o What challenges do you see coming in the next year or five years, and how will you address them?

Koushik: The war for talent already is under way. One of the biggest challenges is, for every year after the Internet bubble burst in 2001, most universities saw a dramatic drop in enrollments in computer science and related fields. The result is four years later, we have fewer computer science graduates entering the marketplace just as the demand for IT has grown stronger. Even in 2005, most universities did not see the number of enrollments take a turn for the good. When you combine this with an increased global need for talent, we are fighting an uphill battle. I plan to address this by helping prioritize the demand so we are using the scarce resources on appropriate projects that add the most value to the business.

Billmeyer: Next year we will be looking at increasing demand for IT services and grappling with the growing amount of unstructured data being stored. Longer term, the increasing demand for IT services as companies are in growth mode will need to be balanced against expense pressures and a pending IT work force shortage. To deal with the work force issues, we are putting more [emphasis] on deepening relationships with key colleges and universities–including an extensive internship program and focusing on employee development, succession planning, and making The Principal a great place for IT professionals to do great work.

Brooks: In the next year, we will be challenged to maintain the level of value created in the previous years. As budget pressure increases, we are considering several efficiency efforts to extract more value without more investment across the board. In the next five to 10 years, there is a looming challenge with an aging work force that built our aging systems. Who will be around to support these systems after the boomers retire? Among the several steps we are taking to address this concern is teaching other people about the existing systems through a process called Knowledge Acquisition Process, or KAP. We are building/rebuilding other systems on strategic platforms and using development languages that should be familiar to at least a few generations of professionals for the foreseeable future.

Golden: A big challenge that concerns me is the whole area of security. I'm struggling to stay on top of everything that is going on in that space. How do you protect yourself? What's the standard of care? You used to know as a leader of a technology organization you had to provide a certain basic protection. Now, we enable Web mail so employees can access the Internet at home. What are they doing with that? How far do I have to go to protect that? You want to enable people to use the technology, but you don't want to put so many hard-and-fast rules on things they feel they don't want to use it. We're trying to ease up the rules to allow this commingling.

The other big challenge we're facing is the ability to get the right staff to deliver this technology. The technology is changing, so our ability to find people who know the industry, are of high value in design and architecture, and have the communication and project management skills is important. We need to spend more time with the colleges, making sure they understand what we need from them. Our employees have to play more of an integrator role, not just a pure developer role. If you have SOA and you are relying on key vendors to provide components, the staff's job is more around project management, communication, and knowing the technology and the business and less about laying the code.

Chu: One of the biggest challenges is the evolution of the work force–from a domestic orientation to a global work force. That involves very different approaches to management, including the need to understand and bridge cultural and linguistic differences. Another challenge is to provide enough flexibility in architectural systems. Systems keep changing, and we can't get overly committed to a specific system. It took 30 years for our original legacy systems to become legacy systems, but today's systems will be viewed as legacy systems in only five years. If we've learned nothing else, it's flexibility and maneuverability are critical requirements in business and IT–and will become even more so in the future.

o How has IT governance improved the operation of your department and IT's standing within the enterprise?

Chu: Governance has helped us identify the right priorities on which to focus, provides the mechanism with which to screen projects, and facilitates the right conversation on which to make decisions. We documented projects to compare those that were pre- and post-governance and found 40 percent of pre-governance projects ran into cost overrun. Since we put our governance process in place, less than 10 percent of projects exceed budget. We're currently working on Governance 2.0, which moves us from the original investment governance into project maintenance. It is vital to have the right type of maintenance governance to support a sourcing environment so we can manage which projects go out for maintenance.

Billmeyer: Business direction and growth initiatives at The Principal increasingly are cross-business unit in nature. This drove a need to implement an IT governance framework to position us to deal successfully with this shift. Our IT governance formalized our approach to project portfolio management, architecture standards, IT service portfolio management, infrastructure investments, IT policies, and IT research and development. An IT strategy that is tightly linked with our business strategy is executed via our IT governance, which has helped business executives to see the tight linkage between business and IT as well as to highlight our business' dependence upon IT.

Koushik: We have a very strong IT governance model within Nationwide. In a large enterprise with a distributed IT function such as ours, the governance model helps to ensure a shared vision, strategy, operating plans, objectives, and priorities while assisting us in effectively supporting the needs of our business partners. Nationwide's CEO has recognized IT publicly and privately for being a role model in implementing a shared business model, which is at the core of our enterprise strategy.

Drewry: Immensely. It has created a true partnership status in picking and deploying technology.

Brooks: Over the last couple of years, as we have increased our investment in our applications and IT infrastructure,we have seen substantial improvement in governance and are realizing substantial benefit. Some of the improvements include: Business sponsorship is no longer implicit, and a business executive is accountable for not only project cost but benefit realization; change control goes through formal escalation processes where certain changes in scope receive higher levels of review based on budget and delivery and business case impact; issue and risk identification and management is done jointly and formally; and capital oversight is an ongoing management practice throughout the year, instead of receiving focus primarily during budget season. This improved governance is supported with pure process improvements, home-grown technology, and vendor tools/solutions.

o More regulatory issues seem to be coming across the desks of IT leaders. How concerned are you more federal regulations will be coming to insurance?

Koushik: While I'm sure we will have more regulation in our industry, I don't have a concern. As an enterprise, we have embraced Sarbanes-Oxley and the added rigor it brings to our environment. Today, we are leaders in this space, and I believe this will help us deal with the increased amount of scrutiny we will get with increased regulations.

Chu: We don't anticipate additional regulatory issues coming, but we already are handling a lot more requirements around disclosure, including Sarbanes-Oxley requirements for transparency. We've done projects involving privacy requirements, including e-mail encryption, and we have a better audit trail in everything we do. However, we aren't overly concerned about additional federal regulations.

Golden: The biggest challenge for me in that space is understanding where [the regulations] come from. The concern is they are coming from different places. The new regulations that concern me are the regulations of the popular culture–can you pass the red-face test around security, document management, encryption? What are the expectations today for protecting yourself and doing proper business? Our company sits down once a year with the senior people and reviews the latest trends in this space because it is downright scary. I'm not so much worried about the volume of work. Between SOX compliance and other insurance expectations, we certainly spend more in this space than we have in the past. It's not the dollars that concern me, it's more of will I know everything I should be aware of?

Drewry: I'm not concerned [with federal regulation]. I expect it.

Billmeyer: Federal regulations such as SOX, GLB, and HIPAA certainly have created more IT work over the past few years. However, federal regulation is preferred by a national company to multiple state regulations–such as the current privacy environment. While some regulation is needed–and we have utilized it to justify infrastructure improvements–compliance with recent regulation has consumed a percentage of our IT capacity we don't expect to get back.

o In what ways is your company addressing alignment issues? How will this evolve in the coming years?

Koushik: At Nationwide, our CEO and business leaders speak with one voice–IT is not just a necessity in financial services but a source of competitive advantage. This approach has allowed us to break down traditional barriers that existed between the business and IT. As the financial services industry becomes more dependent on information and IT, it will be important for IT leaders to learn more about the business and help their business partners innovate and lead in the marketplace.

Chu: The Hartford's IT-business alignment never has been better. We created a CIO system with complete oversight and integration into the business. As we retrain and recalibrate, we're giving project managers and business analysts from the business side the same competencies and tools the IT project managers and business analysts are given so they work better together. They are following the same processes and the same approach to estimation, using the same process tools in developing products and technology, so the alignment is very tight.

Billmeyer: In order for us to maintain the advantage we feel we've received from our investment in technology, we need to be aligned from the CIO level with our peer business executives throughout the organization. Our first wave of alignment is in our IT strategy work, which ensures IT's strategic plans are absolutely aligned with our business strategy. Changes in our business environment and in technology require frequent revisiting of our approach. One example is adapting to the increasingly cross-business-unit nature of our business direction, which requires IT to evolve to maintain alignment.

Brooks: When I joined Travelers as CIO of personal lines, my number-one priority was to improve business and IT alignment. One key step we have taken is to organize both operations and systems under the same leadership. The primary users of our systems are aligned under the same leadership that builds and manages the systems. This also puts IT at the business table when discussing strategy and priority and increases collaboration earlier. We have created several forums to set and validate investment priorities (mostly but not exclusively for IT investments) as well as manage execution. These and other steps taken have increased the visibility and understanding of IT investments and increased the probability of success. Moreover, when business partners feel included–and the results of their investments and projects come in on time and within budget and scope–they are happier. We have focused a lot on process and people. In the coming years, we will continue this focus and will increase our investment in tools to help with governance and collaboration, which in turn will help in alignment.

Drewry: We use the federated model at Chubb. Our strategic business units own their application areas and alignment.

Golden: I've been fortunate here at CNA to sit at the chairman's table. I'm not just a witness at the table; I'm an equal participant. Beyond being the CIO, I also own the back-room operations–collections, policy administration, premium audit–just to name a few functions. We have strong alignment from that standpoint. My biggest challenge is keeping my team up on the skills needed to play at the table. Do they have the communication, negotiation, persuasion skills needed?

o Are you satisfied with the amount of strategic planning you are able to conduct?

Brooks: Yes and no. Satisfied we have a forward-thinking, externally focused strategy? Yes. Can we do more? Absolutely. We continue to do more to be innovative and influence the outcome in the marketplace through our strategy and execution of that strategy. But we are not so na?ve to think all innovation comes from within, so we strive to increase flexibility and adaptability to respond aggressively to our competitors. This illustrates how IT is helping with strategy–by understanding it and executing with speed and nimbleness. Finally, being at the table and having a voice in where the business goes helps in the strategic planning of the company and in IT.

Koushik: Over the past few years, Nationwide has made dramatic improvements in establishing our strategy. Today, we have a strategy that is more than PowerPoint and flowery words. Our strategy has an intent, competitive analysis, tactics, key measures, and metrics for success. This more rigorous approach to strategy at times takes longer than we want. As an IT leader, I can help accelerate the process by staying ahead of this process through anticipating and evaluating multiple options for how technology can enable business strategy.

Drewry: It is hard to look out too far forward. Change is constant and fast.

Golden: From a budget standpoint, an area where my team has done a strong job has been to move dollars from the maintenance and support side of the house to the new-program side. Our budget generally has stayed flat, but we've moved dollars from enhancing the support side to the new-business side. The area where I wish we could spend more time is with our vendor community–our partners–to do a little more R&D, not for new technology but to take better advantage of the technology that is out there. Where is the technology going, and where can I better integrate?

o How big a factor is outsourcing in your operation, and what areas is it focused on?

Billmeyer: Since a common customer and marketer experience across our business lines is a strong business driver for us, internal integration of our systems is a key technology requirement. This leads us to utilize outsourcing less than some of our peer companies. Regarding global sourcing, we feel the projected IT work force shortage will be a strong driver for more financial service companies to utilize offshore IT sourcing strategies. However, the need for regulatory compliance (such as privacy regulation) will cause many to consider alternatives to outsourcing in their approach to global sourcing.

Koushik: Outsourcing has not been a major factor in our operations. However, as we implement an aggressive business strategy, the demand for IT services outstrips our ability to meet it with our IT staff. To handle this increased demand, we are using offshore firms to augment our IT function with specific skills.

Drewry: Infrastructure in the U.S. for Chubb is outsourced, some projects are outsourced, and some application development management functions are outsourced. As IT resource availability dries up in the U.S., more work will go offshore.

Brooks: We source in a variety of ways, but broad or major operational outsourcing in the purest sense is something we are only considering right now. Certain strategic activities, such as application development, are liable to remain sourced internally. But at the same time, in parts of our company, we have hundreds of IT professionals from our global partners working with us, both onshore and offshore. While working with our global partners can give us a cost advantage through wage arbitrage, the most compelling reason to use partners is to tap into a highly skilled, motivated, and scalable work force that frequently brings skills and experience to the table our employees don't possess. As technology continues to evolve, the utility of nonlocal resources will only improve. It will become easier to develop and manage applications. Also, as we acclimate to each other's culture, it will become easier to overcome current obstacles of language/accent and cultural differences.

Golden: Most of our outsourcing is offshore with Indian companies. We have two key partners we've had a strong relationship with for about three years. We've historically done software maintenance and sunset applications. We've moved those applications to our offshore partners and moved our employees to new programs. That's been our mode of operation. We have about 300 jobs in the offshore outsource space [compared with] about 1,100 employees. I would expect that [outsourcing] number to grow over the next three years or so. We're starting to utilize these existing partners to help us with project delivery and staff supplementation. We're looking to grow that relationship but not at the expense of our employees. Where we are with our application road map, from 2006 to beginning of 2010, we have a substantial increase in investments going on, and instead of growing the size of our team, that's where we're looking for these offshore partners to help us.

Chu: We use outsourcing primarily in our maintenance arena. It's a big lever that helps us document our systems and improve our cost base. As part of our variable cost model, outsourcing lowers certain costs and allows us to invest more in innovation.

o Do you see service-oriented architecture as a panacea for IT departments, or will it extend dependency on multiple systems?

Koushik: SOA, as an approach, provides us with a good model for reducing the complexity in organizations that have a large legacy IT environment. However, many IT vendors and consulting firms are touting it as a silver bullet, and I believe we are beginning to see the hype bubble burst. I expect to see some realistic (and more modest) solutions emerge in the coming months.

Brooks: Panaceas for anything are extremely rare. SOA is a new and improved way to communicate development paradigms we should have been using for years. Components of services orientation have been around for years but were not fully utilized or leveraged. Unless you're a startup, most businesses are stuck with systems of different vintages and generations. SOA will extend dependency on multiple systems. It also helps them interact, since it is the rare company that has one system that does everything.

Chu: SOA is a means to an end and not an end in itself. We use service-oriented architecture as a core part of our architectural strategy, and we're both an early adopter and a proponent, but we use this type of architectural strategy only with the right level of guidance. It is not a one-size-fits-all solution to every problem. We use SOA where appropriate, according to our rigid SOA governance process, and look to it to enable the speed to market and flexibility we need to be successful. It's an important strategy for us, but it is not our only strategy.

Billmeyer: SOA is heavily in hype mode right now–many companies are doing very different things and calling them SOA. Like most technologies that come on to the scene, this will be neither a silver bullet nor a flash in the pan. We feel SOA, being based on development techniques such as component-based design and Web services, is on a solid foundation. This, coupled with increasing maturity of supporting tools and improved security techniques, will make it an important approach utilized by The Principal.

Drewry: Nothing is a panacea. It is a worthwhile "journey."

o How much is wireless technology on your radar screen? Are there concerns with its long-term value for insurers?

Golden: This receives more hype than it probably deserves. It's certainly a promising technology for us. People working in the field–risk control, claims adjusters, premium audit folks–have found the benefits of being wireless, mostly with their PDAs or laptops. For us, there just hasn't been a compelling reason to make that level of investment [beyond that]. We've really used it as an adjunct to existing technology as opposed to some revolutionary technology. Our expectation is the underwriting platform and the claims platforms we are rolling out can be used on a wireless device when that makes sense. Another way to look at that is we have such productivity in our existing inside operations, why take the risk with wireless?

Billmeyer: Security tools and approaches in recent years have made it possible to leverage wireless technologies. As with all technologies, we look at business drivers when considering wireless. For The Principal, our work-site initiatives and well-ness services are the strongest business drivers for using wireless technology, and we are leveraging it for those purposes.

Koushik: We were one of the first carriers to adopt wireless WAN, LAN, and broadband technologies. As these technologies continue to be more pervasive and cost-effective, we are seeing very few concerns about the broad adoption of these technologies across the enterprise.

Brooks: For our mobile professionals, particularly in claims and sales, we explore and deploy anything we can to make them more productive in delivering value to our agents and customers. Although it's hard to quantify precisely, the value of wireless is in its speed and creation of new capabilities. Why shouldn't we consider technology consumers have for personal utility and find professional utility for it?

o Are you satisfied with your company's data? What have you done to ensure its quality, and what are you planning to do to improve it?

Koushik: In the financial area we went through an 18-month transformation that has made us much better at managing data. In this space, we have moved beyond data to information to true decision-support information. We have implemented a data-governance model for financial information that has won awards in the industry and has allowed us to manage the consistency and quality of financial data across the enterprise. We currently have another major undertaking that will allow us to do the same with customer information across the enterprise.

Drewry: Data architecture is part of our foundation. We never are satisfied, but we are well along in comparison with others.

Billmeyer: Data–and its management–is a critical component within the company. We utilize standards, policies, and tools to safeguard data quality and utilization. Governance bodies oversee the standards, policies, and tools to ensure data is effectively maintained and appropriately utilized. We plan to continue to improve the management of data retention along with managing unstructured data.

Chu: Data is the lifeblood of an insurance company. We are making a big investment in a data optimization strategy that will enable us to manage our data holistically and to leverage it as an asset. Our goal is to simplify data retrieval so our businesses can fully explore and use it.

Brooks: Again, yes and no. Do we have more data for decision support than we had years, even months, ago? Do we make better informed decisions because of that data? Yes and yes. But data increases the appetite–the more you provide to users, the more they want. Do we have all the data we want? Not by a long shot. New data sources emerge all the time. Integrating them into our current data is a huge priority. But our focus shouldn't be on the data. It should be on the information the data provides and the decisions it supports. We should be focused on the accessibility of our data and our ability to analyze it. We should focus on providing tools to analyze and organize data better and faster, on having an infrastructure that can integrate new sources faster, and on delivering tools to identify data-quality issues and anomalies.

Golden: I work in partnership with our chief actuary and our CFO, and the three of us have created a centralized team across CNA that is responsible for the stewardship of data standards and data definitions. We've cleaned up a lot of old data issues. One area that has been helpful has been where we're virtually changing our entire systems platform. We started with claims, we're doing underwriting as we speak as well as financials, HR; we're changing all of them from the ground up. All that starts with a brand-new data model. We've been careful about making sure the source systems are producing the right data with consistent definitions all across CNA–not within a department, a system, or a process. That's an enormous undertaking and takes years to execute fully. When we make these huge investments in these platforms, we are making sure we've got the data right upfront. If you asked our chairman what one of the key things on my agenda is, he would tell you it's getting the data right.

o How focused is the IT department on risk management, and what areas concern you?

Drewry: We have an IT risk management organization responsible for assessing and driving all efforts involving IT risk.

Golden: In the IT space, one of the biggest risks we face is portfolio risk management. We'll have going on at once three $100 million projects here at CNA in addition to another five or six that are in the tens of millions of dollars, and we're building a new data center. So, having risk management as part of the portfolio management function is really crucial. When you try to build the integrated environment of tomorrow, having that risk management is critical.

Billmeyer: IT is involved in all aspects of risk management–from tooling our actuaries, accountants, and auditors to refining our IT compliance-related processes and metrics. Some challenges include the increasing amount of IT resources devoted to compliance/security activities, providing data/tools to deal with increasingly complex and flexible insurance products, and dealing with increasing/changing security threats with tools that are relatively immature.

o How involved is your company with standards? Are there any benefits or problems that have come from your involvement or lack of involvement?

Koushik: We have been a proponent of standards for the past four years. We were one of the first financial services members that joined the WS-I standards forum that helps drive standards for Web services and SOA. We also have been an active participant in industry standards bodies such as ACORD. Most of the benefits we have seen to date have been within our enterprise. The widespread adoption of these standards will be critical for us to see benefits that span enterprise and geographical boundaries.

Golden: I believe one of the greatest efficiencies we can gain in the P&C insurance space starts with having standards. Most of us in this space deal with independent agents who use two primary agency management systems–AMS and Applied. To the extent we can get those independent agents on a standard way of doing business–data models, information exchange–it will provide us all enormous benefit in our productivity and our ability to service those agents.

o Are there any particular areas where you see technology lacking in this industry?

Billmeyer: There always are opportunities that can be found when advancing business capabilities within our company. Many of the technology gaps can be niche in nature, such as document composition and management. We have to control the level of customization with specific affiliates or manage the format of the document for specific constituent needs. Overall, there are many technology capabilities with varying levels of maturity. The key is to determine the appropriate timing to implement the newer technologies.

Koushik: The IT industry has evolved rapidly, and we have been able to provide a lot of value-added solutions to various industries. However, in my opinion, one gaping hole is we don't have a very good model and technologies that support the "business of IT." In other words, when it comes to managing our own business, we have a set of very limited choices.

Chu: Solution sets are a challenge. There are a lot of excellent technology products and solutions out there, but they lack the refinement that would allow them to be pieced together easily. CIOs have no difficulty figuring out how to use products, but it is a puzzle for them to put [the products] together. The big unmet technology need is compatibility and interoperability.

Drewry: No, a lack of technology is never our critical shortcoming.

Golden: We'd certainly rather buy applications and tools. We've been pretty satisfied with what's out there. From an insurance industry perspective, the tools for the property/casualty industry are significantly behind. To be a multiline carrier and find competitive underwriting or claims tools is very difficult. The pickings are slim. There's a big opportunity there. We, as insurance carriers, drove most of that because we didn't want to go outside [for solutions]. The vendors will create products where there is a market. If you go to banking or telecom or manufacturing, there are a lot of standard packages you could buy because [those industries] found they needed that efficiency, and they had more standards. We're just learning about standards and welcoming in vendors, which hopefully should create better products.