Determining the Value of IT

I recently had the opportunity to listen to a Center for CIO Leadership webinar where Mark Ernest from IBM presented his model for determining IT Value. It was quite interesting but also underlined one of IT’s greatest inferiority complexes. Does IT add value to the organization?

As CIO’s we need to put this canard to bed and I’ve been asked to start this discussion on whether or not this inferiority complex is real and if so how it should be “put to bed”. Obviously I believe it is real and have heard the question raised by both IT and non-IT executives and many others over the course of my 30+ year career.

My premise is that the value of IT is embedded within organizations whether public or private. Incremental investments in IT over the past approximately 40+ years have vastly changed and enhanced the productivity, quality and speed of practically all business processes. Moreover, the current international scope and volume of business transactions could not conceivably be performed today without the incremental investments in IT that have been made in the past.

But how best to demonstrate the enormous value that we’ve experienced over so many years? I’m suggesting a seminal study that will document this embedded value of IT.

Let me begin by asking a few simple questions. First, what would business operations look like today without the investments made in IT? Second, what would be the cost of these operations? Finally, what would be the level of business activity if IT was completely removed from the equation? If we can encourage a think tank to do this analysis, it would end the debate about the “Value of IT”.

An interesting element of Mark Ernest’s IT Value Model is the Component Business Map (CBM). Essentially, and I’m sure I oversimplify, the CBM breaks the business down into major business functions such as Marketing, Sales, Operations, Logistics, etc… and key support functions such as Finance, Human Resources, Procurement and IT. The maps are further decomposed into sub functions such as Accounts Payable, Receivable, Fixed Assets, General Ledger, Reporting, etc…for Finance.

Using Mark’s CBM for Finance, how many clerks and accountants would be needed to capture transactions in sales, billings, receivables, payables, fixed assets, etc… without IT? Would it be possible to close the books to a P&L and Balance Sheet monthly or even quarterly for that matter without today’s financial systems including something as simple as spreadsheets or even QuickBooks? Would regulators like the SEC be able to implement 10Q’s or even 10K’s? How long would it take to produce these reports manually? Moreover the accuracy of this accounting information would be highly suspect and almost impossible to demonstrate.

I believe the conclusion of such an analysis would be that the cost of just accounting for today’s level of business would be gigantic and in many cases not even possible without IT. While this conclusion seems obvious it needs to be documented and proven, once and for all, to end the debate about the Value of IT. The Value of IT is inherently embedded in the value of the business and it’s ability to operate at the scale and volumes it does today. Let’s undertake this analysis for even a hypothetical business or governmental operation and put this canard (a groundless rumor or belief) to bed forever.

The real challenge the CIO faces should not be addressing the “value of IT” within his/her organization but instead how can “incremental” investments in IT further enhance the value of the business by supporting revenue growth, reducing the costs of operations, increasing the scale of operations, handling increased transaction volumes and yes lowering the costs of IT in supporting the business.

We should also understand that many IT services evolve without an ROI calculation. Prime historical example is e-mail. Who ever did an ROI on e-mail? It was simply a more efficient communication medium and over time with greater adoption the memo and all of those who typed and retyped them disappeared and moved on to better jobs. IT created this evolution and incremental ROI based investments continue to find cheaper and better ways to provide electronic communications.

I encourage your comments and participation in this discussion. My simple proposition is that business and IT management need to put to rest the topic of the value of IT through the seminal analysis I’ve suggested. Second, we need to add the adjective “incremental” to any discussion of the value of IT going forward.

CIO Perspective – Progressive Elaboration

I’ve had some free time recently and feeling like a real nerd I decided to join the Project Management Institute and read through their “Guide to the Project Management Body of Knowledge or PMBOK Guide for short. I wouldn’t say it’s the most exciting read, James Patterson is better, but it’s an interesting document.

In the first chapter of the PMBOK and the last paragraph of Section 1.3 – What is Project Management is the following:

“Because of the potential for change, the project management plan is iterative and goes through progressive elaboration throughout the project’s life cycle. Progressive elaboration involves continuously improving and detailing a plan as more-detailed and specific information and more accurate estimates become available. Progressive elaboration allows a project management team to manage to a greater level of detail as the project evolves.” (underlining added for emphasis)

With the exception of being referenced in Figure 1.1 of the PMBOK and brief references under prototyping and rolling wave planning, the concept of progressive elaboration is not covered in any more detail.

Progressive elaboration is real and a tremendously important topic that deserves much greater attention in the project management literature. It’s critically important that senior management/executives understand this concept and consider it when evaluating on-going projects and especially when contracting for any form of IT services.

If it’s true that “during the course of any project more detailed and specific information and more accurate estimates become available”, and I know after 30+ years in IT that progressive elaboration is a reality, how should this concept be applied? My answer to this question is that there is a need to have a project review process in place that periodically requires the project managers to determine if progressive elaboration has identified any specific information impacting the project plan that would require adjustments to the project’s estimates. This is particularly important relative to schedule, costs and project deliverables.

This review would need to be fact based and supported by analysis that clearly demonstrated the factors leading to the conclusion of progressive elaboration. All of the stakeholders should be able to support the conclusions of this analysis. It should be noted that progressive elaboration can lead to expansion or contractions of the schedule, budget or project deliverables.

One of the biggest barriers to implementing a progressive elaboration review will be the practice of fixed price contracting. This practice seldom assumes the reality of progressive elaboration but instead assumes that the requirements identified through a Request For Proposal (RFP) are fixed and that contractors should fully understood these requirements when they submitted their responses. Battles then ensue between the client and contractor around “change requests”.

I believe if a progressive elaboration review process was incorporated within the contracting vehicle many of these battles could be avoided. Both parties would have the opportunity, through this process, to present the facts and analysis that supports their contention that progressive elaboration has lead to changed requirements that need to be reflected in the project schedule and budget.

Some will argue that this would simply be a contracting loop hole to be exploited by the contractor. This view simply ignores the reality of progressive elaboration without testing this assumption through a structured review process. If the contractor is simply trying to use the progressive elaboration review process to game the contracting process, this would become obvious during the review. Such a conclusion would not be in the contractors long term interests.

My hope is that this blog will start a discussion about how best to acknowledge the reality of progressive elaboration into the project management and contract management process. Recognizing this reality will, I believe, lead to many more projects being considered successful when progressive elaboration is considered in this evaluation.

CIO Perspective – Strategy Gone Wrong

Sometimes it’s the little things that trip up a new business strategy and we all know the devil is always in the details. I experienced this on a personal level just this week. Some background:

When we moved to our new condo it was wired for Verizon’s FIOS service and we signed up. The phone, TV and Internet services are terrific, although it turns out that up load speeds on the Internet are far slower than downloads. Since I mainly download information, this was no big deal.

A few weeks later we switched our wireless services to Verizon. Better coverage and having a single supplier made good sense, although I’m sure there will be minor cost savings. Maybe a few dollars. I also decided to receive electronic monthly bills for both services and to pay for the services through an electronic debit option that Verizon offered. I noted at the time that the FIOS services and the wireless services had independent web sites that were only loosely coupled. This was a premiere of things to come.

Every thing was going well and I received a promotion from Verizon to receive one integrated bill for both my FIOS and wireless services. Great, I signed up and then the problems emerged. I received my first integrated bill and the combined costs exceeded $300 for one month. I had already paid separate bills from FIOS and wireless, so I was shocked at the bill. I called Verizon to figure out what had happened.

The FIOS customer service representative was terrific and went to work trying to get things straighten out. Here is what we discovered. The way the consolidated bill works is that the wireless company bills the FIOS company for their services and a consolidated bill is then generated by FIOS. As an aside, the combined bill was 15 pages long and quite confusing. Sounds OK so far.

Using round numbers, the wireless company sent FIOS their first bill for around $300. After doing so the wireless company received my first payment for $300. So their systems, which are not integrated, showed that I owed FIOS $300 and had a credit of $300 with the wireless company. The simple solution seemed to be for the wireless company to send the credit to FIOS.

No way! In turned out there wasn’t a “Verizon” company but in fact FIOS and wireless operate as completely separate companies. With both parties now on the phone call, wireless said there was nothing they could do because I still had an active wireless account. They couldn’t and wouldn’t transfer my credit balance with them to FIOS. I was told the next billing cycle would reflect the credit but it was unclear that it wouldn’t take several months to work off the credit with the wireless company. In the mean time my only option was to pay in full the FIOS bill (i.e., overpay my FIOS bill by $300).

We explored many options to correct the problem. FIOS was willing to acknowledge the dispute in their system but their system would still show the $300 as past due. This created another wrinkle. FIOS had a promotion for a free computer if your account was current for two months. So this strategy, while saving me the overpayment, would cause me to forfeit my free computer. The wireless company offered that I could cancel my service and get my credit refunded immediately. Not a great option and an incredible suggest from the customer’s perspective.

In the end the only solution that worked was to pay my FIOS bill and hope that my credit would appear in the next month’s bill???

What this story surfaces are clear disconnects within Verizon. They want to present themselves to their customers as an integrated company but in fact they are not. The friction between FIOS and the wireless company was obvious during the call and the simple solution of immediately transferring my credit balance with wireless to FIOS was not a possibility. The business rule that wireless can’t issue a credit as long as you have active cell phone services is ridiculous. Most discouraging to me was that my interests as a customer were not important.

In my humble opinion, Verizon should pull back from presenting their FIOS and wireless services as an integrated (voice, TV, Internet and wireless) set until they can support it through a single web site, common business rules that are customer focused, and properly integrated or better still common billing and accounting systems. Their loosely coupled approach is not working.

Disaster, Are You Ready? Probably Not!

This past summer has again reminded us that we are constantly facing man made and natural disasters and that organization’s Information Technology (IT) function and therefore their CIO play a critical role when disasters occur. So are you ready for a disaster, to which I posture the answer, probably not.

Why not? Because most of us have not actually experienced a disaster and therefore we don’t know exactly what to expect. This was certainly my experience when I first smelled smoke on Sunday morning while visiting Torre Pines Beach in Del Mar, CA last fall. I had never experienced out of control wild fires fueled by dry tinder box conditions and constant Santa Anna winds over 50 miles per hour.

I had been in Southern California for only 10 weeks and discovered quite quickly how totally unprepared IT was to deal with the wild fires. What was 100 times worse was the ignorance of senior government officials concerning just how unprepared IT was. Great efforts had been made to establish an emergency response center (EMC); to prepare plans for police, fire fighters and other first responders; but IT was completely ignored. So much so that there was no place for the CIO at the EMC and the CIO was not on the telephone call list to notify key employees that an emergency had been declared.

So this was all new to me. New job, new location and new situation with multiple wild fires in the process of burning a significant percentage of the County. When I arrived at the EMC I was met by absolutely livid executives because our emergency web site was down and local officials had been instructing citizens to go to the web site for information, especially concerning evacuations which were a matter of life and death. Moreover, as the impact of the fires became a national and even international story, the web address was being given out and linked to by 1,000′s of news organizations.

As we investigated the “down web site”, we began to see just how unprepared IT was. The number of hits to the web site had increased dramatically for an average of 300,000 per day to around 10 million, well over a 30 fold increase. The web site was not actually down but was experiencing essentially a denial of service attack. Our server, a small Sun server, was overwhelmed. We discovered that the web service software we were using was an older version and single treaded. We also discovered that the software had a setting for the maximum number of concurrent session and that this setting was set at 12.

On the positive side our outsourcing agreements allowed us to quickly address these problems. We installed a humongous Sun server and moved our emergency web site to it. We upgraded our web server software to a current, multi-treaded version and began opening up the throttle on the number of concurrent users. At the peak of the disaster we had open this throttle to well over 30,000 concurrent users.

However, what amazed me was the continued ignorance and distrust that existed over the need to invest in our IT infrastructure, to better prepare for the next wild fires that were certain to happen in the future. The IT staff that predated my arrival continued to cling to the flawed belief that investing in a more robust web architecture was a waste of money and our IT governance body of senior management was struggling to understand the problem and commit to investing in a more scalable architecture.

I think one of the ways to address this lack of understanding is to reposition the discussion around a concept that is more familiar to senior executives, namely, risk management. In this context, running IT as a business and as an integral part of the business, we can better frame the issues and costs around preparing IT for potential disasters. I’ll discuss this risk management perspective in future postings. As we reflect on the recent hurricanes, Ike and Gustav, we would like your thoughts on how best to communicate the need to invest in our IT infrastructures to make them more robust when disasters occur.

William A. Crowell, Principal

Magellan Associates, LLC

http://www.magellan-associates.com/

Disaster, Getting Ready!

This posting is a follow on to the one I recently submitted entitled “Disaster, Are Your Ready? Probably Not!”. In that article, I postulate that executive leadership doesn’t appreciate the key role that IT plays in a disaster and therefore in many cases significantly under invests in its IT infrastructure. This view is based upon my experience in the wild fires of Southern California in 2007.

In evaluating this issue, we must also acknowledge that IT and especially the CIO in his/her leadership role has not necessarily done a very good job in communicating the problem or the solutions in a vocabulary that non-technical executives understand. My suggestion is that rather than frame the issue in technical terms such as disaster recovery or business continuity planning, we should simply frame the issue as “risk management”. Why risk management? Because it’s a concept that most executives can get their heads around.

Risk management is a strategic concept that includes understanding and defining the risks that an organization faces (public or private) and developing an appropriate response to address these risks. Appropriate response implies a level of investment that balances risk abatement and costs. Senior executives play a key role in each of these steps.

In most instances, the operational risks of a man made or natural disaster are easy to understand and define. However, the biggest risk, which will be impacted on how effectively the organization handles the operational risks, are to the reputation of the organization. In a study conducted by Rory F. Knight and Deborah J. Pretly at Templeton College, University of Oxford, they found that companies that were seen as effectively handling a crisis eventually had a 7% increase in shareholder value after an initial decline of 5%, while companies that were seen as ineffective had a 15% decline in shareholder value. Recent events on Wall Street would argue that shareholder value can be essentially obliterated by failure to effectively handle a crisis.

In the public sector there is also clear evidence of the impact of failing to effectively deal with a crisis. Katrina comes to mind. Need we say more?

In my next posting on this topic I will be discussing a 5 step life cycle that we help organizations implement to prepare for and deal with disasters from a risk management perspective.

William A. Crowell, Principal

Magellan Associates, LLC

http://www.magellan-associates.com/

Disaster, Five Steps to Manage the Risks!

Hurricane Ike cripples Texas and leaves more than 2 million citizens without power. The government steps in to rescue Fannie Mae and Freddie Mac. Lehman Brothers announces suddenly that is filing for bankruptcy. Wild fires sweep through Southern California. The Feds announce the bailout of AIG.

Whether natural or man made, sudden and unplanned for disasters can spell major risk for shareholders, employee livelihood, and even human life. If disaster suddenly struck your organization, whether private or public, large or small, would your organization be prepared?

Was Lehman Brothers? Was the State of Texas? Were the companies doing significant business in Texas? Were the companies doing business with the companies doing business in Texas? These disasters serve once again to raise the question, are business and IT aligned and prepared to quickly mitigate the risk of a disaster?

When preparing for a potential disaster from a risk management perspective, 5 clear action steps are critical. 1) Assess the risk, 2) Determine the potential business impacts of the risks, 3) Evaluate and develop recovery strategies, 4) Test, test and test, and 5) Enhance the plan based upon lessons learned.

As a CIO in Southern California, I had the opportunity to live through a disaster presented by the lengthy, and far reaching effects of wild fires. Were we fully prepared? No. Did we learn from the disaster? Yes. Will services and ultimately the residents of Southern California be in a better position if and when other unwanted disasters hit. Absolutely.

So what did I learn?

Assessment of the risks from a disaster is the crucial first step. What we learned from the wild fires was that a principle function of IT during a disaster is to maintain communications when traffic volumes are growing exponentially and capacity is negatively impacted by the fires. Because we did not prepare for this, we were unprepared when traffic volumes to our emergency web site increased by over 30 times and calls to our 211 service increased over 100 times. Could we have designed an architecture that would have easily expanded the capacity of our systems to meet the increased demands? The answer is unmistakably yes, if we had properly understood, assessed and communicated the risks of failure to meet the dramatically increased demands on our services. This last item, communicating the risks, is a key outcome of an optimal disaster recover plan.

Determining business impact is step two and we need to keep in mind here that the potential impact on the organizations reputation and how it handles the crisis can be an overriding factor. This was certainly the case in the wild fire experience. The fact that citizens could not get to our emergency web site for information, even though the local officials were referring everyone to this site, and that our 211 services was experiencing unacceptable wait times sent the public a message of incompetence. The business impact of not being able to dynamically increase capacity for these key services to meet demand in an emergency situation had not been properly analyzed.

The third step, evaluating and developing recovery strategies is an important technical activity for IT as there may be more than one way to skin the cat. While it was certainly possible and arguably best to build a web environment that would meet maximum expected demands during a crisis, this would have been cost prohibitive. Alternatively, we could have outsourced our web operations to a company that would be willing to dial up capacity in a crisis and then dial it down when the emergency had passed. Given that we had already outsourced our computer operations, it turned out that our best strategy from a capability and cost perspective was to re-architect our internal web environment in such a way that inexpensive web servers could be plugged in to handle peek volumes and then redeployed when the crisis had passed.

The fourth step is test, test, and test. A plan is only as good as its test. Yet knowing this why do so many organization scrimp on testing? If you aren’t going to test the plan you developed and spent so much time building, then why build it. To be able to check if off the list as d-o-n-e? This phase also includes documentation, communication and training materials. The time to make sure that everyone “gets it” is never when the disaster strikes.

The final step in our process is the enhancement of the plan. After every incident, leadership must mandate that the plan be review to incorporate lessons learn. And yes, this may result in additional testing, shouldn’t it? , Exercising the plan in a test environment, documenting what happens and developing lessons learned must become an ongoing, no shortcuts allowed, rhythm of the organization.

Taking the time to actually conduct this process and to get senior executives in your organization to support you efforts is no simple task. This is especially true in tough financial times like these! My experience in the wild fires clearly demonstrated the risks of not having an effective risk management program. While we were able to scramble to recover our web capabilities and expand our 211 services, it took time and valuable resources that could have been of service elsewhere. And the time spent scurrying was time when our customers, the citizens were not being properly serviced, which was completely counter to our mission. We would have been much better off if we had followed our process and been more prepared in the face of a disaster. Bottom line, is your organization prepared? Do you know? Don’t you think it’s time to find out?

William A. Crowell, Principal

Magellan Associates, LLC

http://www.magellan-associates.com/

Running IT as a Business

After 35 years in the field of information technology, I’ve decided to semi-retire from the active management of the IT function within both the private and public sector and have joined a small but  powerful IT consulting firm, Magellan Associates (magellan-associates.com). One the prime attractions is their philosophy of “Running IT as a Business” which I totally agree with and have practiced during my years as a CIO. I’ll be writing this blog to share this philosophy and to pass along the lessons we’ve learned during our active careers as CIO’s.

I will be covering a broad array of topics including leadership, strategic planning, customer service, developing a marketing plan, organization structure, communications, team building, risk management and many other topics. I’ll also work to cover contemporary topics of interest and provide a former CIO’s perspective. I’ve also decided I’ll keep my blog postings short but posted more frequently as a series. It’s been my experience or maybe I should say preference not to read blog postings that are longer than one page. Again this is my preference but I would be interested in your comments on this strategy.

My first series will start tomorrow and focus on the impact of open source technology on managing IT as a business.  Why open Source?  It is in my opinion the most significant new trend in IT and will have a dramatic impact on the operation of businesses in both the public and private sectors.  I will be discussing these impacts in this series and look forward to hearing your views and opinions.

William A. Crowell, Principal

Magellan Associates, LLC

www.magellan-associates.com

What Happened, The Market Implosion?

This situation is hardly rocket science, although listening to the politicians and media you would think so. Here’s my interpretation of what happened, why it happened, and what we need to do to correct the problem.

Banks and savings & loans have traditionally lent money to borrowers to purchase homes and taken a mortgage or lien on the property to secure the loan. When this was the banks money, they required certain things from the borrower. They would typically require a 20% down payment to protect their interests if the value of the property declined. The monthly mortgage payment was generally not allowed to exceed 30% of the borrower’s income and the borrower needed to have a good credit rating. Essentially, the financial institutions understood the risks and took steps to minimize these risks.

Fannie Mae and Freddie Mac were created to increase the liquidity of the mortgage market. A 30 year mortgage is not a very liquid asset and financial institutions could not afford to own large portfolios of mortgages and this restrained the size of the mortgage market. Fannie and Freddie (quasi-government organizations) enter the market and offered to buy these mortgages at a profit for the local bank, thereby freeing up their capital to make more mortgage loans. Fannie and Freddie then created marketable securities based upon the underlying mortgages and sold them to investment firms such as Lehman Brothers, Goldman Sacs, AIG, etc… These securities were “marketable” and therefore quite liquid.

In this new market a new player also emerged the mortgage processor. These firms, sometime large banks, took on responsibility of processing the original borrowers loan payments and making local property tax and insurance payments for a processing fee. I’m not sure exactly how the principle and interest payments were tied back to the marketable securities but would be very interested in learning more about this.

The implicit assumption underlying this market was that Fannie and Freddie were purchasing sound mortgages and that their securities were backed by the full faith and credit of the United States. However, when Fannie and Freddie, with the encouragement of the Federal government (Administration and Congress) agreed to purchase mortgages that were of questionable quality to achieve a social objective of greater home ownership, the incentives were set in place for this systems eventual collapse. Everyone involved had discovered a new way to print money.

The so called sub-prime debacle is simple to explain. The banks no longer had any risks from lending money for mortgages and could quickly turn these mortgages around and into cash at a profit. The competitive pressures lead to lowering lending standards. No down payment, no minimum income requirements, no minimum credit score, and low introductory rates (sub-prime) to stimulate demand. A boom in the housing market and in mortgage lending resulted all backed by substandard loans.

When the housing market started to contract and house values fell, the real assets backing these securities became more and more questionable. Moreover, the borrowers were losing their jobs or their adjustable rates were increasing to the point that they couldn’t afford the mortgage payments. I’m guessing, but I expect that Fannie and Freddie could not easily track specific non-performing mortgages back to the related securities that they had created.

This becomes a truly critical problem because you have no idea how many under performing mortgages are related to a specific security. If this is true and it appears to be, the value of specific Fannie and Freddie securities becomes an unknown and this unknown value freezes the market. Would you be willing to invest in a security if you didn’t know exactly how many bad mortgages were underlying it (1 or 2%) or maybe (50 to 60%)? Of course not, unless your Warren Buffet and willing to take on these risks, which are probably not that great.

So what’s the solution, short term. Have the US Treasury buy up the frozen Fannie and Freddie mortgaged backed securities. Then begin the process of bundling these securities to determine the actual status of the underlying mortgages. The preforming mortgages that are supported by adequate down payments, adequate income levels and credit scores can then be re-bundled and sold. The non-performing mortgages will be held by the government until the underlying real estate is sold and the proceeds are realized or the terms are re-negotiated and the loan again becomes a performing mortgage. No one knows how this will exactly work out so that’s why the Government can not determine a precise figure.

Long term, we must return to our historic quality standards for mortgages based upon adequate down payments, adequate income coverage of the monthly loan payment and adequate credit scores of the borrowers. It would also appear that we need systems that closely tracks the underlying mortgage’s payment status from the mortgage processor and the reporting of this information to the security owners. They could then better judge the underlying risks and their impact on these securities value.

This is a disaster, of the man made variety. Is IT ready to play its part and develop the tracking system I suggest is needed? I sense there is going to be a surge in the need to develop this type of system to provide the information needed to increase the liquidity of our financial markets.

I may not be 100% correct in my analysis but I bet I’m pretty close. Please use the comment feature of this blog to correct any inaccuracies.

William A. Crowell, Principal

Magellan Associates, LLC

http://www.magellan-associates.com/

Bailout Done, So What Is Next?

As a follow up to my blog posting on September 27th titled “What Happened, The Market Implosion?”, our Congress has now passed and the President has signed the bailout legislation providing $700 billion to purchased distressed mortgage backed securities. From all I have read on the subject, The US Department of the Treasury has been given great latitude in how it sets up the process to actually purchase these securities from the private sector and has been working on developing this process for some time, with support from the Federal Reserve, SEC, etc…

The key question is how to value these securities, since there is no market for them. There is a single buyer, the US taxpayer through the Treasury. There are valuation models including the Monte Carlo method and/or the Binomial Tree solution but these appear to be flawed in this particular situation.

One method I like which puts the responsibility on the organization that is looking to sell their mortgage backed securities to the Treasury is “Discounted Cash Flow” or DCF for short. It’s transparent and would work as follows. The firm wishing to sell their securities to the Treasury would develop a forecast and fully document all their assumptions of the future cash flows of the security. This would be done based upon the terms of each of the underlying mortgages and would include amortization of principle (borrowers expected principle payments over the life of the mortgage), interest income based upon mortgage contract rates (including assumption of future rates for adjustable rate mortgages), borrower prepayments assumptions (generated when a borrower sells their property and pays off their mortgage early), and estimated reductions in cash flows for deferrals of borrower payments due to default and foreclosures.

Given this information, the Treasury need only decide what the taxpayer wants in return for agreeing to purchase the security and this is based the discount rate or interest rate that it will apply to the projected cash flows. The value of the security is simply the net present value of the projected future cash flows that the security will produce if held to maturity.

All of the above information can be maintained for each security in a database and used by the General Accounting Office (GAO) to provide a fully and transparent audit trail of how each security was valued including all the assumptions and what income or cash flow the security produced during the time the security was held by the Treasury and the value obtained when the security is eventually sold. The GAO can also easily calculate the return generated for the taxpayers in bailing out the markets.

In addition to transparency, the above approach might encourage private sector firms to enter into the auctioning of these distressed securities. For example, let’s assume that Treasury decides it wants a return of 15% on the projected future cash flows of a specific security and bids a value based upon a 15% discount rate. Maybe Goldman Sacks or Warren Buffet would be willing to set a value on the security using a 12% or 14% discount rate. Since the lower the discount rate the higher the value to the seller, the final value would be based upon a rate of return set by the market.

I’m sure there are nuances to this idea that need to be considered, such as setting the risk factor based upon the composition of the underlying mortgages (for example how much of the portfolio are prime vs. sub-prime mortgages). However, I believe the above approach will provide the public the information we need to know to assure that the Treasury is properly investing the taxpayers dollars.

So what can we do as CIO’s to assist in this national challenge. Here are some ideas: 1) send this idea to your Congressman and Senator, 2) send this idea to leaders at the Treasury, SEC, Federal Reserve, etc…, 3) let’s suggest that the oversight board form a commission of CIO to help quickly develop the database that can track the forecast cash flows and assumption used to value these securities and to track the return they generate for the taxpayer. This is an important issue for all of us and I look forward to your sharing your thoughts.

William A. Crowell, Principal
Magellan Associates, LLC
http://www.magellan-associates.com/

Collaborative Software Development – A Must To Explore

Collaborative development of non-strategic applications.  It’s a mouth full and probably the biggest opportunity for the CIO to reduce the costs and increase the value of IT within their organizations.  There have been a number of successful collaborative software development initiatives using an open source development model.  Some examples: of course there is Linux which is governed by what was the Open Source Development Lab in Beaverton, Oregon (now The Linux Foundation ), and the Eclipse Foundation an organization providing a universal tool set for development of open source software, and one of my favorites the Kuali Foundation a consortium of Universities that are developing, sustaining and evolving a comprehensive suite of administrative software that meet their financial, research, student community and infrastructure needs.

What each of these initiatives represent: major technology companies (Linux), software development companies (Eclipse) and universities (Kuali), is the realization that it is in their individual and collective interests to work collaboratively using an open source development model to create software applications that do not have strategic value to any of the individual participants.  In this climate, a new company has emerged in Beaverton Oregon called the Collaborative Software Initiative (www.csinitiative.com).  CSI is looking to extend the collaborative software development model in both the public and private sectors and the opportunities seem almost endless.

A prime target market is the social service programs that are administered by the Federal, State and Local governments in the United States.  For example, the Federal government funds a health insurance program for the poor called Medicaid.  The program is administered by the States who enroll their citizens in Medicaid and pay their benefits to the health care service providers.  The program is administered under federal rules and regulations and is therefore largely identical in all 50 states.  Moreover the software that has been developed over the years to administer Medicaid is in the public domain because it was largely funded through federal dollars and is therefore available to form the foundation of an open source initiative.

With all this in mind, Oregon is in the process of implementing a new, modern system to administer their Medicaid program at a price tag of over $70 million.  If all 50 States spent this amount every 7 to 10 years to keep their applications up to date, the overall price tag would be $3.5 billion to the tax payers and since the Federal government funds these systems at 90%, their cost would be $3.2 billion.  This seems to be ample incentive to have all 50 states come together in a consortium to apply the proven open source development model to create a single universal system for the administration of the Medicaid program.

Hopefully this will happen in my life time,

William A. Crowell, Principal
Magellan Associates, LLC
www.magellan-associates.com