Thursday, March 12, 2009
While it was amusing to watch the show, it set me thinking on some deeper issues around the meltdown that didn’t seem to have received the attention they deserved – the entire idea of ‘Governability’. The hundreds of billions in bail-out have gone largely into salvaging troubled mega corporations, with their toxic assets, and not to the smaller banks and other financial institutions. In fact, the smaller banks seem to be wooing away business from the big banks because of their stability and proximity to customers.
The question is: has the growing diversity of business under a single umbrella since the repeal of the Glass-Steagall Act in 1999 made governance difficult? Has the complexity of the various financial and derivative products made it impossible for executives and the board to manage the inherent risks in the business? Is there a size beyond which no company can be governed or managed effectively?
Expectations from the board and management
It is expected (and justifiably so) that the CEO and the executive leadership team are in complete control of all aspects of the operating and financial performance of a company. It is also expected that the board has the ability to oversee and govern the company at a sufficient level of depth to assure itself that it is well managed, that the business and financial risks are attended to and that the organization is legally and ethically above board. I would look at this as the basic fiduciary responsibilities of the executive team and the independent board members.
However, as a company becomes large and more complex, there is bound to be a point where the board and management are unable to provide the requisite executive attention and governance oversight to all critical aspects of the business. It is at that point that the company becomes too big to be governable.
How big is too big?
As always, there is no universal definition of appropriate size. It is for the board and the management to determine the point at which they feel they’ve lost control of all critical aspects of the business.
Just imagine the plight of independent board members at any large bank with hundreds of different lines of business, countries of operations, products, exposures and risks. Are they really capable of understanding and overseeing the various aspects of the business they have undertaken a fiduciary responsibility to govern?
Clearly, a Bear Sterns and Lehman, which could not predict their own fall a few weeks ahead of the actual occurrence, were too big. The management and the board were clearly not in control of the business. It is likely that a Bank of America, which looked solid but had to seek a government fund injection soon after its Merrill acquisition, may also be too large to be governed.
There are many factors that have contributed to the meltdown. The pursuit of growth and market dominance at any cost have led companies to bite off more than they can chew.; This has led not just to indigestion, but death or near death. To maintain the integrity and health of our financial systems, it is critical for the regulators to apply themselves to the aspect of governability.
Bringing governability into sharp focus
To bring governability and manageability into focus, we must clearly define the accountabilities of the CEO, his leadership team and the independent board members. We need to clearly distinguish between the corporation, as a distinct legal entity, from its management and board.
When someone is appointed as a CEO or as a senior executive in a corporation, there is an implicit understanding that he would perform his function with diligence. Similarly, it is expected that every independent board member will discharge his or her role with the same level of diligence and professionalism.
It is the responsibility of the management and the board to ensure that the company does not become unmanageable and ungovernable in any way – either in terms of size and / or complexity. This can be enforced by making the executives and board members personally accountable for negligence and misconduct in the discharge of their responsibilities. This is similar to the professional liability carried by any other professional, like a doctor, lawyer or accountant.
While Sarbanes-Oxley brought a level of individual accountability at the executive and board level to the accuracy of financial reporting, it could not prevent the failure of these mega corporations. The need, therefore, is for regulations to go beyond reporting accuracy to adequacy of management supervision and board oversight to the critical aspects of a corporation’s functioning.
The meltdown has brought out the shocking realization that the current form of capitalism is far from perfect and that free market mechanisms can create global havoc. While the economic repercussions have been quite severe for employees and investors, one of the few positive outcomes could have been to take a fundamental relook at the current financial system and subject it to a major overhaul. We have lost a significant part of this opportunity because of government interventions and bail-outs. It is now imperative for regulators and corporations to do what it takes to avoid a repeat of this fiasco. Ensuring manageability and governability is one necessary step in this direction.
CMD Mastek Ltd
Wednesday, March 4, 2009
We need concerted efforts along two broad streams to buck the trend and make the most of the downturn – increasing agility and discovering new opportunities.
One of the unique trends over the past year or two has been the increased variability of the external environment in both directions. As an example, gas prices went from $60 per barrel to $140 and back to $40 all in a matter of two years. The dollar, which had weakened considerably against the rupee, suddenly gained 28% against the rupee in under 12 months. In our own case, we saw a growth of 34% last year and we are now looking at less than half that number.
The level of variability is likely to continue in the future. The challenge for companies like us, then, is to respond to a downturn with the same speed and poise as taking advantage of an upturn or a special market opportunity. To illustrate, suppose we expect to make $16 of profits on a planned revenue of $100, we should be equally able to maintain that $16 profit if the revenue drops to $85 or take advantage of some sudden market opportunity and raise revenues to $115. Such variability of demand requires a lot more variability on our delivery and support side than we have today. I’d like ideas from all of you on how we can become far more agile as an enterprise – since this could be a significant competitive advantage for us in the future.
Discovering new opportunities
We know that the opportunities for new solutions and new platforms will grow exponentially as the markets revive. However, we still need to grow in the interim. We have made substantial investments in bringing in new leadership, in UK and US.
Our hypothesis is that there will always be visionaries and early adopters who will embrace new platforms ahead of the curve, and we need the leadership bandwidth to identify and capitalize on these opportunities. We are also expanding into Canada and parts of Europe to discover new opportunities within our existing verticals. I must mention that John and the North American team had a great turn out of prospective customers and partners when we did our Canada launch early February.
We need more ideas from all of you on new approaches to discover these opportunities. For instance, when I addressed Mastekeers in Pune, one person came up with the idea that we could leverage the virtual bench by training them in highly specialized, niche technologies / applications so that we can go after these market opportunities. I’d like our sales teams to figure out whether we have such possibilities within the insurance, wealth management or healthcare vertical – where we can bring in special expertise in some rare technologies / applications. Many more such ideas are required for us to buck the trend and grow faster than the industry in the next year.
These are uncertain times for businesses as well as individuals. Just as enterprises need to go the extra mile to emerge stronger from crises, so do professionals. This is the time for all of us to -- individually and collectively -- reflect on what we can do to make ourselves more relevant in the current context. This is the time for us to go beyond our existing skill sets and acquire new capabilities and knowledge to grow as individuals and professionals.
I invite suggestions and ideas from all of you on one can do to stay relevant and make a difference to themselves, their company and its customers.
In our internal discussions it came out that as a company we had no systematic process to deal with a terrorist attack. It became clear that we need a larger plan to cover the Business Parks that we operate in. At our SEEPZ facility, therefore, we called a meeting of all the companies operating from there along with the Commissioner. We were glad to note that the Commissioner had already received a directive from the Ministry of Commerce to beef up security within the zone.
However, we realized that this was important but inadequate. We require a Level 1 plan that involves not just the SEEPZ security personnel but also the security officers of each company. The plan would have to address various possible attack scenarios and how each company would be alerted, what response measures they would need to take and so on.
Further, we need to work out a Level 2 plan with the local police station, fire brigade, ambulance services etc. to handle situations that escalate beyond the ability of the SEEPZ security forces. Similarly, we need higher levels of escalation to the appropriate forces. We are planning to involve these agencies in our future meetings.
We are looking for NASSCOM and other industry groups to contribute to this process, even involving specialists from India and abroad who can advise us. It is important that every company, industrial park or zone, or residential colony gets together to formulate its own plan of response.
The events in Mumbai have clearly brought out a lack of preparedness in responding to terror in a systematic fashion. It would be pragmatic to have systematic approaches to responding to these attacks.
I envisage that a systematic response plan will involve the following:
- Classification of locations / building based on potential risk – high-risk buildings to low-risk buildings
- Prescribing different levels of security preparedness based on the nature of risk
- Coherent response strategies for different risk scenarios
- Close coordination with the security personnel in the location as well as proximate security forces
- Clear definitions of escalation levels, response times and processes, and handing over charge to forces of higher caliber at appropriate junctures
It will definitely be worthwhile to collaborate with the security agencies of other countries to learn and share best practices. It’s only with sustained, concerted efforts between governments and the public that humanity will discover the means not just to thwart terrorism but to eliminate it from the face of the earth.
Looking forward to other ideas from all of you.
Monday, January 5, 2009
The subprime crisis and the subsequent meltdown have had a mind-boggling impact across the globe. In this article, I would like to focus on their impact on the Indian IT services industry and the opportunities it is likely to throw up for companies operating in the ‘third wave’.
Three waves of evolution
When we look at globalization, specific industries in emerging economies typically go through three waves of evolution. The electronics industry, first in Japan, then in South-East Asia and now in China, are good examples of this. In the first wave, companies in emerging economies typically act as component suppliers to developed countries that manufacture the complete product. In the second wave, the local industry gains enough expertise to provide cost-effective contract manufacturing services—of either the entire product or major sub-assemblies. The third wave is when a set of firms start marketing these products under their own brand—initially within their own countries, and then going international.
We can trace the evolution of the software services industry in India using a similar paradigm.
Wave 1 (proving capability through people) started in the 70s and 80s and peaked in the mid-90s; it established the competence of the Indian software professional and the industry got results largely through staff augmentation.
Wave 2 (offshore development) established India as a destination for low-cost, high-quality programming services. The catalyst was the Y2K bug and Indian companies’ success in delivering these projects cost-effectively. Many Fortune 1000 companies discovered that moving their application maintenance and ongoing development activities to India was viable and attractive. The second wave of Indian IT started in the mid to the late 90s, and is at its mainstream phase today.
Wave 3 (strategic value delivery), which is emerging, will be characterized by Indian companies moving to high-value, IP-led services that are strategic to the customer and hence command premium, value-based pricing. The industry is already facing a severe shortage of talent, rising attrition levels and increasing salary costs. All indications are that the linear relationship between growth and headcount will not be sustainable. The future is in creating strong brands out of India that command the respect and trust of large global customers and hence the appropriate value.
Orders of short-term impact
The first order impact of the crisis is related to the banks that have either been unable to survive as stand-alone entities (like Bear Sterns and Lehman) or have taken a deep hit and are trying to recover on their own. These institutions may cancel some contracts, and downsize others. This will have an immediate impact as most of them are large customers of Indian services firms.
The second order impact will be on firms with large investment portfolios that have been exposed to subprime lending. A prime example is AIG. In such cases, the firms may get more conservative on new initiatives and discretionary projects, thereby impacting the revenues of Indian firms that service them.
The third order impact is based on fears of recession and the general conservatism that it is likely to bring in discretionary spending.
Given that 30% or 40% of Indian IT services revenues come from the BFSI segment, Nasscom has brought down its growth estimates from 30% to between 21% and 24% for the year.
The longer-term opportunities
While we can blame blind optimism and greed for the present crisis, at a more fundamental level it is a failure of systems. The quality of underwriting at the point of loan origination has failed. Systemic controls that ensure uniform and consistent application of underwriting rules would have done much to avoid bad loans. Credit scoring that took into account not just the propensity to pay but also the quantum of debt that a person had any hope of repaying would have brought these issues to light much earlier.
Better transparency and visibility of the underlying asset portfolio, and a more balanced approach while packaging a set of mortgages into bonds, would have helped monitor the health of the assets and the loans in real-time.
Better controls and risk management systems governing individual firms as well as the entire financial system would have helped to track the quantum of leverage and the risks associated with it—both from the perspective of board governance and regulatory oversight.
For too long, large institutions have been trying to get away with spending 80% of IT dollars on maintenance and only 20% on new initiatives. In a recent Information Week article, Rob Preston argues strongly against the 80-20 rule, and says that IT’s top priority is to release money for new projects.
The financial crisis is forcing mergers of huge, complex institutions that were individually ungovernable in the first place. The only possible way these institutions can be managed is with substantial investments in new IT applications that can track all the nuances of the underlying operations and provide meaningful online, real-time controls.
Implications for Indian IT
Clearly, the need is to reduce maintenance budgets and increase transformation budgets. Reduction in maintenance budgets will force companies to send more work offshore, which is good news for the Wave 2 services players in India. However, customers will force the vendors to bring in new efficiencies, and expect aggressive cost improvements year on year.
There are tremendous opportunities for the Wave 3 companies that have the expertise and intellectual property assets to bring better governability and manageability to these large enterprises. Indian companies will probably have to partner with local firms that have this expertise or hire these experts in-house (easier now). This is the time for these companies to make the investment so that they will be able to reap the benefits in the years to come.
We had several internal calls at Mastek, with our leadership teams in India and globally, trying to find out whether any of our employees or their families had been affected in any way (thankfully not), and how we should handle the impact of these attacks on our global clients, employees and partners.
During the past week, besides news reports, I have been watching the email trails, with hundreds of people expressing their anger and frustration at our inability as a city and a country to prevent such an attack or deal with it quickly and effectively. I’ve been a Mumbaikar for most of my adult life, so I can understand these reactions to terror striking so close to home.
However, while engaging our own teams in how we should respond to this situation in a pragmatic manner, I realize that we need a bottom up approach just as much as we need a top down approach. I also realize that we can have an effective mechanism to thwart terrorism, or at least contain the damage, only when all of us as responsible citizens and corporations plan for and demand a coherent response from the various security forces.
In our internal discussions it came out, quite obviously, that as a company we had no systematic process to deal with a terrorist attack. While we had fire drills, disaster recovery plans and business continuity plans as an essential part of serving a global clientele, we had somehow ignored a terrorist attack as a possibility. We have now set out to have this as part of our disaster response and recovery plan as a company.
In doing so, it became clear that we need a larger plan to cover the Business Parks that we operate in. At our SEEPZ facility, therefore, we called a meeting of all the companies operating from there along with the Commissioner. We were glad to note that the Commissioner had already received a directive from the Ministry of Commerce to beef up security within the zone.
However, we realized that this was important but inadequate to deal with a terrorist situation. What was required was a Level 1 plan that involved not just the SEEPZ security personnel but also the security officers of each company. They had to address various possible attack scenarios and a systematic response plan in terms of how each company would be alerted, what response measures they would need to take and so on. To ensure that people know how to respond to an attack, each company needs to have a core security task force with adequate training as well as drills.
As an example, while our fire drill expects people to leave office in an orderly fashion and assemble at a specified point a few meters from the building, a terrorist attack response will obviously need a very different strategy.
Further, we need to work out a Level 2 plan with the local police station, fire brigade, ambulance services etc. to handle situations that escalate beyond the ability of the SEEPZ security forces. Similarly, we need higher levels of escalation to the appropriate forces should the need arise. We are planning to involve these agencies in our future meetings.
As we walked through this process, we found that this was not just an issue of adding security people and giving them better ammunition; it was also a more planned approach to addressing these threats that involved all the stakeholders. In fact, a good parallel is the safety procedure in an aircraft. It begins by informing every passenger on every flight about the safety procedure. The cabin crew gets more training on how to handle a safety incident. The ground staff at the airport brings different areas of expertise in handling a safety incident. We need a similar approach in responding to terror attacks, albeit on a much wider scale.
Since five-star hotels were a target, we need to think about where to put up our own people as well as our clients. We have decided to solicit written responses from various hotels on their security plans and select a few hotels after a clear analysis.
I am going through some of our own experiences to serve as an example of the kind of ground-up response we would need. These are by no means comprehensive, and we are looking for NASSCOM and other industry groups to contribute to this process, even involving specialists from India and abroad who can advise us. It is important that every company, industrial park or zone, or residential colony gets together to formulate its own plan of response for us to have an effective approach as a city and nation.
The events in Mumbai have clearly brought out a lack of preparedness in responding to terror in a systematic fashion. It would be naïve for any of us to assume that terrorist attacks of these kinds are one-off. In today’s world, it would be safer to assume that terrorist attacks are as much a part of reality as natural disasters. Hence it would be pragmatic to have systematic approaches to responding to these attacks.
Although I have no expertise in the field of security, I can envisage that a systematic response plan will involve a classification of locations / building based on potential risk – high-risk buildings to low-risk buildings. It would involve prescribing different levels of security preparedness given the nature of risk. It would involve coherent response strategies for different risk scenarios, working closely with the security personnel in the location as well as proximate security forces. It would involve clear definitions of escalation levels, response times and processes, handing over charge to forces of higher caliber at appropriate junctures. Since the terrorists are well-trained and at Level 4 or 5 in terms of their competencies, we have to ensure that the security forces at the lower levels are trained to be at least at Level 3 while the high-caliber forces like NSG have to be clearly at Level 5.
Further, given that any such incidence becomes a television spectacle that the entire world watches in real time, it is important that media briefings are taken up as a specialist role and handled in a professional manner. There should be a clear brief to the media on what can be covered and what needs to be kept off the air for security reasons.
Clearly, prevention through better intelligence as well as quick post-attack closure are more important and effective, but are not the subject of this article.
While anger and recrimination are ways of responding to these recent events, we need to realize that the world is still trying to discover and learn how to respond to terrorist attacks of this nature. We may be behind the curve in India and need the political will and determination to educate ourselves, get our act together and set up the response systems. It will definitely be worthwhile to collaborate with the security agencies of other countries to learn and share best practices – since this is a global problem and not just restricted to India. It’s only with sustained, concerted efforts between governments and the public that humanity will discover the means not just to thwart terrorism but to eliminate it from the face of the earth.
Friday, December 7, 2007
Just last week, one of our senior executives used the break at our business session to bring up an enormously funny video spoof about Mr Bush and Ms Rice – again on YouTube. It had all of us in splits for the three or four minutes that it ran – a welcome break from the serious sessions. My own favourites, on YouTube, are the video clips of discourses by Paramahamsa Nithyananda, the young and articulate Master who brings tremendous clarity to matters of the soul, with such simplicity and lightness.
As many of you may be aware, YouTube is just one of the many applications of the next generation of web sites – collectively labeled Web 2.0. In this article, my attempt is to build a context around the emergence of this powerful new paradigm, which goes beyond IT and the Internet to change the way people will communicate, collaborate and create in the years to come.
Early Web (1989-95): The World Wide Web began in 1989 as an initiative of the European Council for Nuclear Research, as a way for researchers to share information electronically. It quickly evolved into a global information system based on the Internet. With browser technology gaining momentum, mainly due to Netscape, many business organizations started putting up their own web sites, mainly to disseminate information about themselves to the world – sophisticated ‘brochureware’. The first generation Web, therefore, was largely to facilitate unidirectional, one-to-many type communication.
Dot Com Era (1995-2002): With the emergence of HTML 2.0 and CGI, technologies that enabled two-way interaction, e-commerce became a possibility on the Web. New companies emerged, which threatened to fundamentally change the way business was done. ‘Brick and mortar’ companies found themselves caught off-guard and quickly scrambled to set up their own e-commerce sites.
Over time, this exuberance led up to a frenzy, with venture money chasing the flimsiest of ideas -- while the mainstream companies were desperately trying to catch up -- sinking money in several failed e-commerce initiatives. The crash of 2001 ensured that new funding virtually dried up, unviable ventures downed shutters, corporations did a major re-evaluation of new initiatives resulting in drastically reduced budgets, and the entire world slowed down a bit (post 9/11)! The focus shifted from innovation to viability and efficiency.
This level of exuberance and ensuing excess is not uncommon in any exciting new technology development. In the early 1900s, when automobile technology was looking promising, there were more than 100 automobile companies in the US. Within a decade or two, the figure was whittled down to a handful, with most companies going out of business. The only difference during the Dot Com boom was that this phenomenon led to thousands of startups, not tens; it was global and not restricted only to the US and the bust and clean-up happened in just a few years and did not need decades – as a result of the ‘Flatter World’.
Only a few companies that emerged during the Dot Com days could survive and cross the chasm to becoming large, mainstream enterprises – notably, companies like Amazon, Yahoo and eBay. However, the Web had a bigger impact than throwing up a few new players. Inspired by the Dot Com start-ups, all mainstream organizations evolved their own e-commerce applications. These Web 1.0 applications (as we can now label them) changed the way organizations, commercial or otherwise, interacted with their customers and suppliers. It improved service levels by making self-service available. It empowered customers by enabling them to transact business 24 / 7, from anywhere in the world. It brought down transaction costs and lead times on activities like travel, banking and shopping. It brought elements of Adam Smith’s ‘Perfect Market’ into reality by enabling quick, online price and feature comparisons. It started to increase the bargaining power of consumers.
Web 1.0 was characterized by bi-directional communication and interaction – a distinct improvement over the earlier generation of static web sites. The interactions, however, were still hub and spoke – with the web application interacting with many people and they, in turn, interacting with the application. While applications like Amazon brought some level of community and sharing of interests, it was under centralized control. The resounding success of sites like Google bears testimony to the continued relevance of Web 1.0 applications.
The Emergence of Web 2.0
I attribute the emergence of the Web 2.0 paradigm to three main influences – the evolution of interaction and community-building tools, the open source movement and peer-to-peer networking.
The rising popularity of instant messaging (in the US context) and SMS (in the rest of the world), chat rooms, bulletin boards and social networking sites have all pointed to an increasing need for people to form communities around their friends, their hobbies and their professional interests. It was only natural that these should evolve into more sophisticated interaction and community building-sites as the bandwidth availability increased and technology became more sophisticated. The result was the class of Web 2.0 sites like Second Life, MySpace and FaceBook. Sites that support Weblogs – blogs for short – provide a mechanism for every netizen to create news or share his views within his own interest group, as well as with anyone who is interested in it.
The open source movement, popularized by Linux, demonstrated that with strong leadership, simple rules for collaboration, and community-enforced participation disciplines, hundreds of programmers could come together to create and evolve world-class operating systems and tools, built in record time, leveraging just the labor of love! In contrast, organizations like Microsoft spend billions of dollars and many years to create the next generations of their base platforms and tools.
In my own experience, at Mastek, we have handled several large and complex IT programs and I know how difficult it is to get tens of programmers, let alone hundreds, to work in a synchronized fashion to create new applications. Therefore, I am always amazed at the sheer elegance and effectiveness of the open source movement.
The open source movement inspired Web 2.0 sites like Wikipedia, demonstrating the sheer magnitude of outcomes that could be achieved with true global collaboration. With a handful of employees, Wikipedia harnesses the efforts of tens of thousands of volunteers across several continents to produce an encyclopedia that is 15 times bigger than Encyclopedia Brittanica and almost as accurate.
Napster, on the other hand, proved that a simple site, with an efficient format for storing and sharing music (MP3) could be a boon for young people to swap music and thus save on their allowances. Unfortunately, this violated the copyrights owned by several music companies, who forced it to shut down. It took a Steve Jobs to capitalize on this opportunity, sign up deals with some of the major music companies and launch iTunes and the iPod, a multi-billion dollar market opportunity that brought Apple back into the limelight.
Although Napster died, the concept of peer sharing remained, leading to Web 2.0 sites like YouTube for sharing videos, Flickr for photographs and Digg for news stories. These sites tend to be minimalistic, extremely easy to use for the purpose they serve and provide more of a template that suggests best use rather than a rigid interface. They let users manage the tagging and classification and allow them to ‘vote’ by promoting positioning of items by popularity.
While I have cited examples under each of the influencing forces, it is obvious that each of these examples shares facets of the other influencing forces too. As Web 2.0 evolves, the tools will evolve, making global collaboration as easy as working with your own team next door.
At a deeper level, I see the emergence of Web 2.0 as a platform to support an individual’s quest for meaning. Many people are unable to find opportunities just within their personal and work lives to use their talents and are looking for new platforms to make a contribution and be noticed. People have an inherent need to collaborate and create something much larger than themselves. Some people use organizations like the Rotary Club and Lions Club to fulfill this need. Some others use industry associations to make a larger contribution. Web 2.0 is a global canvas where people find their unique niches in life, to make a larger-than-life contribution. Web 2.0 to me, therefore, is much more than an IT or computing paradigm – it’s the way people will communicate, collaborate and contribute to expanding our own knowledge and understanding of the world around us and to improve the possibility of living in synergy with our world.