IT Governance Framework For

Insurance Industry AVIVA Life

Insurance, India
 What is Governance?
In order to understand governance as it applies to IT and the CIO we first need to
understand a little about governance in general. "Governance is the term used to
describe how the processes and authority for resources, risk, conflict resolution, and
responsibility for is shared among business partners, management, and service
providers.
As defined above, governance within a practicing business is vast and involves
many people from top-management. It is used to help add structure to the company
and help decided how to guide the organization to its goal of Strategic Alignment.
Many times organizations practice some form of governance within their business
and don't even know it. Governance is simply formalizing the procedures that an
organization will use to make decisions and guide it in everything from board
member selection and composition, to CEO pay, and ethical responsibilities for the
business.
IT Governance
The goal of IT Governance is to formalize the alignment of IT strategy and business
strategy. Organizations do this in order to stay on track with their strategies and
goals while implementing methods to measure IT's contribution to the company's
performance. IT Governance also takes into account stakeholder interests and
ensures measurable results from processes. IT Governance should look at overall
S Cperformance
IT- ITB of M
the 2
IT 0 0 9 - 1 1what methods of measurement management
department, Rohit
needs, and how IT is contributing to the business in relation to the investment
made. Ranganathan(9030241027)
IT governance is about:
Shubham
• Who make these decisions (Power)
• Why they make them (Alignment) Puranik(9030241033)
• How they make them (Decision Process)
1 0 / 1 4 / 2 0 1 0Vikram
Ideally, business and IT management jointly make these decisions. Underlying the
Kumar(9030241041)
principles of IT governance is the theme of effective and efficient communication
among IT and business. This is critical for appropriate decision making regarding IT.
IT governance involves authority, control, accountability, roles, and responsibilities
among organizational units and their management for making decisions about the
use of IT. The dynamics of these relationships are crucial to an organization’s
effective use of IT in an economic climate of increasing uncertainty and the need for
ever-rapid strategic responses to the uncertainty of the external environment. A
well-structured governance model is an important prerequisite in large, complex
organizations to making effective and efficient decisions about the investment of
scarce capital and human resources.
IT Governance does not focus on what decisions are made within the IS/IT
department, rather, IT governance pursues the issue of which people have the right
to make decisions, who has input rights to the decisions, and which people or
groups are to be held accountable for the decisions.

Purpose of IT Governance
The purpose of IT governance is to direct IT endeavours, to ensure that IT's
performance meets the following objectives:
• For IT to be aligned with the enterprise and realize the promised benefits
• For IT to enable the enterprise by exploiting opportunities and maximizing
benefits
• For IT resources to be used responsibly
• For IT-related risks to be managed appropriately

Who needs IT Governance?

Every organization, no matter what size or if it is public or private, with an IT
infrastructure should establish some sort of IT governance in order to achieve
control over the department.
Six Areas of IT Governance Focus
There are six key areas that effective IT governance should focus on:
• Accountability.
• Alignment.
• Delivery.
• Reporting.
• Risk Management.
• Resource Management.

The framework diagram is designed to underline the principle that IT Governance is

a continuous process, with the areas of Risk Management and Resource
Management being shown in the center of the model as they support, and are
central to, the other four key areas.

Accountability
 • Establishing clearly defined roles and
responsibilities for IT and IT Governance.
• Ensuring the IT Governance model is
understood by all IT stakeholders.
• Ensuring the right balance between
accountability and authority.

Alignment
• Ensuring IT Strategy is aligned with business
strategy.
• Ensuring a balanced approach to investment in
services and projects that support the current
organisation and that help to grow or transform
the organisation.
• Making informed decisions about the use of IT
resources across the organisation’s priorities:
new markets, reducing costs, increasing
revenues, improving customer satisfaction and/or
customer retention.

Delivery
• Managing the delivery of IT services and
projects within the agreed budget and time
constraints and to the required levels of
quality.
• Managing the contribution of IT to the
achievement of the organisation’s goals.
• Ensuring transparent and repeatable
processes are in place for managing
project and service delivery.

Reporting
• Measuring and monitoring the performance
of all IT services and projects.
• Regular reporting of relevant information
to all IT stakeholders.
• Identifying and promoting best practice
and addressing areas requiring
improvement.
Risk Management
• Implementing a standard approach for
identifying, documenting, evaluating and
monitoring risks.
• Ensuring that significant risks are
understood by all relevant stakeholders.
• Ensuring that risk management is reflected
throughout the organisation’s processes,
structures, controls and policies.
• Establishing a mechanism for escalating
changes in risks when agreed tolerances
have been breached.

Resource Management
• Establishing clearly defined responsibilities for IT
and ensuring adequate and appropriate resources
are available.
• Managing utilisation and ensuring efficient use of
IT resources (people, suppliers, hardware,
software, data, etc.).
• Implementing appropriate processes, controls,
policies, skills, etc. to manage IT projects and
services.
• Establishing processes and policies for the,
recruitment, development and retention of skilled
IT staff.

Establishing IT Governance
Establishing a complete and detailed IT Governance model can be a long process
and may involve significant change within the IT function and the wider
organisation. The timescale and extent of the change will depend on the maturity of
the IT function in terms of is processes, controls, etc., and the organization’s culture
and existing corporate governance arrangements.
10 Principles of IT Governance
Peter Weill and Jeanne W. Ross from the Harvard Business School present us
with a list of 10 principles to use as a guideline when considering IT
Governance or reevaluating current IT Governance structure.
The Key IT Decisions and Archetypes for IT governance
A large enterprise has 5 major IT decisions to make and use 6 mutually
exclusive Archetypes for making these decisions.
Governance Archetypes – the rows within the matrix
Business monarchy
This is where the C-level executives (CxOs) make the decisions. Recently the
CIO has been more involved and has a more active role in the decision
making within the business monarchy level. At this level, decisions are
derived from input from many areas.
IT monarchy
The IT monarchy consists of IT executives (CIOs) or IT functional heads.
Within this governance archetype, decisions could be made by way of an IT
leadership committee or an IT leadership council. As displayed on the
governance matrix, decision rights for both IT Infrastructure Strategies and IT
Architecture were the responsibility of the IT monarchy.
Feudal
Feudal governance is characterized by delegated or otherwise dispersed
governing rights. The exercising of decision-making is highly localized, and
central leadership is weak or at least unobtrusive. This model usually arises
in organizations with highly independent and incongruent business units.
Federal
This governance archetype works similar to the U.S. government in an
attempt to balance responsibilities in the decision making process. Using the
U.S government analogy, the C-level executives would be viewed at the
country or federal level and business leaders would be viewed as the state
representatives. Normally this form of decision making consists of the C-level
executives and representatives from one other tier within the organization
(for example, business leaders tier, business process owners tier, IT leaders
tier, etc.).
Duopoly
This archetype is characterized by a two-party involvement consisting of one
IT group and one business group. This archetype could be used by the
business side to introduce business objectives and by the IT side to introduce
available technologies so both sides can ultimately reach decisions on viable
solutions.
Anarchy
Business process owners and end users have decision rights under this
archetype. Surprisingly, most large firms display elements of anarchy. When
optimization and customization supersede sharing and standardization, it
makes sense to delegate decision rights to end-users.

Governance Decision Areas

IT Principles
This is the area in which organizational principles (policies, standard
operating procedures, etc.) are decided upon. The key here is to adopt IT
principles that will best satisfy an organizations IT and business needs. The
governance matrix indicates that this decision may be best handled with a
duopoly archetype consisting of both executive committee member and IT
leaders.

IT Infrastructure Strategies
Within this area, the rights and responsibilities for deciding what type of
infrastructure issues need to be handled to accommodate organizational IT
requirements is determined. The governance matrix indicates that because
of its technical nature, the decision rights in this area belong to the IT
monarchy.
IT Architecture
In this area, the type of IT employed to fulfill organizational business
requirements is decided upon. Similar to the IT Infrastructure strategy area
(above), because of its inherent technical nature, IT Architecture decision
rights are normally granted to the IT monarchy.
Business Application Needs
This area is for the most part self-explanatory. This is where organizational
business applications are decided upon. This area is not technical in nature.
According to the governance matrix, this decision may be best left to
business leaders and the business process owners who are at the forefront of
organizational business processes.
IT investment and Prioritization
In this area, the final approval on what IT investments will be made. Decision
is made based on justification and feasibility. Understandably, within the
governance matrix, the decision rights for IT investments have been granted
to the capital appropriation committee.

IT Governance and Insurance Sector

In the simplest terms, insurance of any type is all about managing risk. For
example, in life insurance, the insurance company attempts to manage mortality
(death) rates among its clients. The insurance company collects premiums from
policies holders, invests the money (usually in low risk investments), and then
reimburses this money once the person passes away or the policy matures. A
person called an actuary constantly crunches demographic data to estimate the life
of a person. This is why characteristics such as age/sex/smoker/etc. all affect the
premium that a policies holder must pay. The greater the chance that a person will
have a shorter life span than the average, the higher the premium that person will
have to pay. This process is virtually the same for every other type of insurance,
including automobile, health and property.

IT Governance Challenges in Insurance

One of the most challenging issues facing the insurance industry today
surrounds IT Governance. There is a widening gap between business and IT
departments. The gap is compounded by ineffective IT governance process,
lack of clear roles and responsibility and the right balance of accountability.

Without mentioning the quantifiable losses to companies in terms of

investment and return on dollars; the losses that companies face in terms of
misses opportunities is substantial. Without clear governance and true
alignment between the business and IT, evidence of increasing friction
between business and IT is apparent. Lack of governance is leaving business
leaders across the industry in a difficult position where their IT departments
are moving further away from the strategic vision of the organization,
delivering critical functions to support business plans that move the
company forward.

Many insurance companies face IT governance challenges that result in

delays, cost overruns and a lack of accountability.
Types of Insurance
There are several major types of insurance policies. Some companies offer the
entire suite of insurance, while others specialize in specific areas:

The main Insurance Types are: -

• Life Insurance - Insurance guaranteeing a specific sum of money to a
designated beneficiary upon the death of the insured, or to the insured if he
or she lives beyond a certain age.

• Health Insurance - Insurance against expenses incurred through illness of the

insured.

• Liability Insurance - The miscellaneous category. This insures property such

as automobiles, property and professional/business mishaps.

Over the years, there has been a big shift in the life insurance industry. Instead of
offering straight insurance, the industry now tends to sell customers on more
investment type products like annuities. As a result, insurance companies have
been able to compete more directly with other financial services companies such as
mutual funds and investment advisory firms.

AVIVA and IT Governance

Introduction about the company

Aviva Life Insurance is private insurance company which was formed by the
collaboration of UK's Aviva insurance group and India's one of oldest and top
traditional health care product producer named Dabur group. The Products of Aviva
were familiar with its support in providing the flexibility and transparency for the
customers, and the value for the money.

Starting from 1696, Aviva Insurance Group stood famous as one of the leading life
and pension products provider to both Europe and the other parts of the world. In
1834, Aviva Life Insurance was started. It was one of the largest foreign insurance
groups with the compensation being paid by the Government of India. In 1995, it
was the first foreign insurance company which started its representative office in
India. Currently, about 26% of the Aviva Life Insurance shares are held by the Aviva
group and about 74% of the shares are held by the Dabur group.

At present, the best features of the Aviva Life Insurance are as follows. There are
about 40 branches in India which includes even the rural areas that supports the
distribution network. It has succeeded with a best position in the Indian market with
about 27000 financial planning advisers and programmes for financial health
checks. Financial health check programme is a free service offered by the financial
planning advisers that makes an analysis on the long term insurance requirements
of the customers based on the life stage and the earnings of the customers. Thus
helps the customer to select a proper insurance product.
Aviva has a multi-tier management structure comprising of MD & CEO followed by
directors, portfolio managers and relationship managers.

Such organization structure ensures that:

• Strategic supervision is provided

• Control and Implementation of strategies is achieved effectively
• Delegation of responsibility is proper
• Financial integrity is maintained

At Aviva, the CIO has similar decision taking powers as other directors indicating a
strong IT driven organization.
Information Technology in Aviva
Aviva has been one of the pioneering organizations in India who leveraged the use
of Information Technology in servicing and in their business.

Front End Operations

On Line Service to policy holders to receive immediate policy status report, prompt
acceptance of their premium and get Revival Quotation, Loan Quotation on
demand. Incorporating change of address can be done on line. Quicker completion
of proposals and dispatch of policy documents have become a reality. All these
modules help to reduce time-lag and ensure accuracy.

Metro Area Network

A Metropolitan Area Network, connecting branches in tier 1 and tier 2 cities was
commissioned in enabling policy holders to pay their Premium or get their Status
Report, Surrender Value Quotation, Loan Quotation etc. from any branch in the city.
The System has been working successfully. More than 10,000 transactions are
carried out over this Network on any given working day. Such Networks are being
implemented in other tier 3 cities also.

Wide Area Network

All 7 zone offices and all the MAN centres are connected through a Wide Area
Network (WAN). This will enable a customer to view his policy data and pay
premium from any branch of any MAN city.

Interactive Voice Response Systems (IVRS)

IVRS has already been made functional in many centres all over the country. This
would enable customers to ring up Aviva and receive information (e.g. next
premium due, Status, Loan Amount, and Maturity payment due, Accumulated Bonus
etc.) about their policies on the telephone. This information could also be faxed on
demand to the customer.

Aviva on the Internet

Aviva’s website is an information bank. They have displayed information
about Aviva & its offices. Efforts are on to upgrade our web site to make it dynamic
and interactive.

Payment of Premium and Policy Status on Internet

Aviva has given its policy holders a unique facility to pay premiums through Internet
absolutely free and also view their policy details on Internet premium payments.
There are various service providers with whom Aviva has signed the agreement to
provide this service.

Info Centres
Aviva has also set up 8 call centres, manned by skilled employees to provide you
with information about our Products, Policy, Services, Branch addresses and other
organizational information.
 IT Governance in Aviva India
Roles and Responsibilities
• The CIO who is also the member of the board of Directors reports directly to
the CEO and was given the responsibility for defining the role of IT for the
integrated enterprise. The CIO is responsible for laying down the IT principles
decision.
• An Investment Committee, made up of CEO, CIO & other Directors gives the
final judgment on all IT investment projects.
• Technology Architect is the person who is responsible for taking IT
Architecture related decisions.
• IT infrastructure related decisions are taken by Director IT, who is also the
CIO in Aviva, based on the inputs given by Project Manager and Technology
Architect.
• Business Application needs are provided by the portfolio managers in sync
with IT team and decisions are taken by

IT Governance Strategies
Decisions
Business
IT Application IT Investment
Style IT Principles Architecture IT
Needs
Infrastructure

Inpu Decisio Input Decisio Input Decisio Input Deci Input Decisi
t n n n sion on

Business CIO PM, CIO CIO, CEO

Monarchy TA
Other
Directo
rs

IT TA CIO
Monarchy

Feudal

Federal
IT PFM PM,
Duopoly TA

Anarchy
 IT principles – Clarifying the business role of IT
 IT architecture – Defining the integration & standardization requirements
 IT infrastructure – Determining shared and enabling services
 Business application needs – Specifying the business need for purchased or
internally developed IT applications
 IT investment and prioritization – Choosing which investment to fund and how
much to spend
 Business monarchy – Top managers
 IT monarchy – IT specialists
 Feudal – Each business unit making independent decisions
 Federal – Combination of the corporate centre and the business units with IT
people involved
 IT duopoly – IT group and one other group (for e.g. top management or
business unit leaders)
 Anarchy – Isolated individual or small group decision making