Software can be obscure, and its direct impact on the business is not always seen. However, with critical business operations relying more on software systems, it is essential for senior business executives to understand software risk and its implications.
I recently had a conversation with Christophe Duthoit, Senior Partner and Managing Director at Boston Consulting Group, to talk about the business value of software. Below is a recap of our thought-provoking discussion.
Software is becoming the DNA of any business, predominantly in banking, ecommerce, healthcare, insurance, logistics and others. How do you see this evolving in the coming years?
I want to steal the formula from Chris Dixon, "software is eating the world" which we can adapt to "software is eating business". Software is becoming the critical factor in the success or failure of a growing number of businesses today. And what was until recently considered as the poster child activity in many companies is now becoming central to success.
Take financial services, for example. Banking is moving away from being just a transaction processing and relationship business to an information business. Fintechs are fully capturing the opportunity and are riding that wave. With world-class innovation and technology capabilities, Fintechs are re-imagining the financial services customer experience and bringing it to the best digital standards.
There is a clear correlation between wise spending in technology and good business. In a recent BCG report, The Power of Technology Economics, we demonstrate that sustained and wise technology investments (of which software constitutes the most part) delivers superior business performance including more competitive cost base as well as better growth over the long run. Having said that, Information technology and Software have been around for more than 50 years and it has not yet reached the stage of a mature business yet.
Good software is good business! The flip side is the ever increasing number of IT systems outages - RBS, SWIFT, Three Mobile and Tesco Bank to name a few - that have a direct impact on top and bottom line, brand reputation, CxO jobs and even stock prices and shareholder value. How would you explain these 'bad surprises" to a shareholder who lost 20% in one day following a massive crash?
I don't think you can explain to shareholder at that point, it is too late! You want to do everything possible to not find yourself in that position. You want to explain to your Board and Shareholders why it is so important to invest in cyber security and good software practices ahead of any major IT systems outage. You need to work smarter and harder to prevent IT systems outages. And in order to ensure your hard and smart work is worth it, you need a plan and the metrics to measure progress. Software needs to be run as a business, and as a business you need the metrics to measure progress against objectives.
Digging into the risk factors of annual reports, beyond the traditional data it's all about "market acceptance," "dependence on suppliers" and "unexpected disruptive competition." There is not a single word about the critical software skeleton that supports the business. If shareholders knew how much software risk a company may have in its IT system, they might think differently before investing their life savings. Why don't regulations require companies to be fully transparent in this regard?
Theresa May is spearheading a plan to further regulate company behaviour, and part of her plan is to strengthen stakeholder voices in the boardroom. It is clearly a good start, but so far for technology infrastructure has been largely left out of the process and it's all about "you must do your best."
CISQ, a consortium backed by the Software Engineering Institute at Carnegie Mellon University, has established global standards on IT system reliability, but this is early days and adoption is slowly growing.
In the future, I imagine that rating agencies would include explicit risks related to IT systems in their evaluation of companies and ratings and even potentially produce specific IT risk ratings. However, we have a long way to go, and there is much to be done at the "smart" regulatory and individual company level.
Do you think Boards, CEOs and CFOs would push back hard against such mandatory exposure?
If you asked them tomorrow, yes. However, IT transparency is rapidly becoming a must for executives. Once it becomes a standard and a common practice, software risk reporting will become another part of doing business and no one will question it. There are multiple reasons why exposure is becoming mandatory. When you're exposing critical APIs to third-party developers, startups and software providers, software reliability becoming a vital concern given a broad range of emerging applications (for example, self-driving cars).
Christophe Duthoit is Senior Partner and Managing Director at Boston Consulting Group. He leads BCG's global Digital & Tech in banking business. He holds an MSC from Berkeley and a PhD in Mechanical Engineering from the University of California. Learn more about Christophe's work here.