| When Microsoft’s claims manager Brian
| |
| | RM: What were the biggest technical
|
| Warren (risk management) and senior
| |
| | hurdles you had to overcome in working
|
| program manager Ed Shoemaker (treasury
| |
| | together?
|
| information technology) joined forces
| |
| | Warren: There has been a learning curve
|
| five years ago to bring the Redmond,
| |
| | throughout my working with IT. I am
|
| Washington-based software giant’s IT
| |
| | always trying to understand IT budget
|
| and risk management departments together,
| |
| | cycles, how IT prioritizes projects,
|
| they knew their work was cut out for
| |
| | learning how to express my business
|
| them. Their challenge was not just to
| |
| | requirements in ways that can be
|
| manage Microsoft’s risk more
| |
| | supported by IT.
|
| efficiently, but also to affect the kind
| |
| | Shoemaker: Brian came to the company
|
| of institutional change within the
| |
| | about six years ago and I came about five
|
| organization that would long outlive
| |
| | years ago. By that time, our departments
|
| either of their stays. Risk Management
| |
| | already had a history together, but it
|
| Magazine spoke with Warren and Shoemaker
| |
| | was very young. I came in as a contractor
|
| on the difficulties of bringing their
| |
| | to deploy the first RMIS system at
|
| departments together, what they have
| |
| | Microsoft. That was the real beginning of
|
| achieved and how their progress serves as
| |
| | our relationship in terms of providing
|
| a model for other organizations.
| |
| | systems needs for Microsoft’s risk
|
| RM: What makes Microsoft’s risk
| |
| | management department. IT was not doing
|
| management and information technology
| |
| | much for risk management prior to that.
|
| demands unique?
| |
| | I’m unique in the IT group at Microsoft
|
| Warren: Our main product is intellectual
| |
| | because I came in from eleven years in
|
| property. Consequently, we don’t have
| |
| | the insurance industry, so I already
|
| the property exposures that other
| |
| | understood risk financing and insurance.
|
| businesses might. We have relatively low
| |
| | The challenge for me has been learning
|
| investment in physical plants, and
| |
| | how to help the business understand IT
|
| relatively less workers’ compensation
| |
| | and helping Brian meet his challenges
|
| exposure than most manufacturing or
| |
| | while trying to be pragmatic about
|
| service businesses. But we do have far
| |
| | striking a balance between evolving
|
| more concern over intellectual property
| |
| | process efficiencies and delivering
|
| rights issues, contractual issues, etc.
| |
| | systems solutions.
|
| When you look at this company in terms of
| |
| | RM: What cultural obstacles stood between
|
| its balance sheet, it’s a whole other
| |
| | your departments?
|
| dimension of opportunities and
| |
| | Warren: When we started working together,
|
| challenges. In many cases, Microsoft has
| |
| | there was a defensive attitude between IT
|
| more assets than the insurance companies
| |
| | and the rest of the business. Certain
|
| we consider doing business with, so we
| |
| | projects hadn’t gone well and a lot of
|
| have to ask ourselves, “What are we
| |
| | blame got tossed at IT, so they did not
|
| trying to accomplish?” The answer to
| |
| | want to get burned on future projects. We
|
| that is we are trying to achieve
| |
| | struggled with that for a little while.
|
| flexibility for alternative risk
| |
| | For risk management, we had to figure out
|
| financing from other-than-commercial
| |
| | how to define our business requirements.
|
| insurance markets. This creates a lot of
| |
| | That became an exercise in documenting
|
| new business systems to manage.
| |
| | everything so that there would be no
|
| Shoemaker: Microsoft’s significant cash
| |
| | opportunity for us to come back at IT
|
| resources give us the ability for
| |
| | later if a project fell through and say:
|
| creative risk financing that other
| |
| | “This is your fault.”
|
| companies do not have. As such, our
| |
| | We realized if the business uses the
|
| unusual business systems needs take us
| |
| | system successfully, that results in a
|
| out of the mainstream of packaged
| |
| | win for risk management and for IT. If
|
| solutions. When Brian comes to me with a
| |
| | the project fails, it is a loss for all
|
| business need or a systems need, it may
| |
| | of us. Once we broke through the bad
|
| not be mainstream. I have to take more
| |
| | blood created by others, we aligned the
|
| time to understand his needs in creating
| |
| | interests of our organizations, and
|
| and deploying those solutions. This
| |
| | developed a win-win mantra. Things
|
| opportunity creates additional challenge.
| |
| | started to smooth out and get better from
|
| RM: What inspired Microsoft’s IT and
| |
| | that point on. It gave IT permission to
|
| risk management departments to work
| |
| | be flexible in trying to solve our
|
| together?
| |
| | systems requirements, and if something
|
| Warren: We were not satisfied with the
| |
| | unsuccessful happened because of their
|
| policy side of any RMIS [risk management
| |
| | being flexible, we would not blame them.
|
| information systems] products we looked
| |
| | Shoemaker: Now we share common values and
|
| at on the market, largely because of the
| |
| | goals. But when Brian and I started
|
| unique risk financing Microsoft does with
| |
| | working together, IT’s business
|
| captive utilization and some finite
| |
| | relationship with risk management was
|
| programs with extended durations and
| |
| | like the Wild West. The dialogue between
|
| broad coverage. Standard RMIS does not
| |
| | IT and risk management was: “You told
|
| encompass multiple-year policies or
| |
| | me you need to handle a certain
|
| integrated policies with single-aggregate
| |
| | requirement, I think I have a system for
|
| limits across dissimilar additional
| |
| | you, here’s what you need.” And we
|
| coverages like property and general
| |
| | gave it to them. They would end up coming
|
| liability merged under a single limit.
| |
| | back to us, saying: “This is not
|
| We realized we were not going to get what
| |
| | working for me!” So we told them they
|
| we needed from our RMIS vendors, so we
| |
| | had to become masters at telling us what
|
| opted to develop a RMIS solution
| |
| | they need, to articulate that, and we
|
| internally. We went that route as a last
| |
| | would then build something to meet those
|
| resort because the costs can be
| |
| | needs.
|
| prohibitive. But management decided it
| |
| | RM: Given your departments’ common
|
| was important enough for IT and risk
| |
| | history, would it be as difficult to
|
| management to jointly work on a
| |
| | build a Sandhurst II?
|
| proprietary risk financing program
| |
| | Shoemaker: It would be much easier. When
|
| code-named Sandhurst, which launched on
| |
| | I came to Microsoft, I was a singular
|
| October 18.
| |
| | capital investment because I already
|
| Sandhurst is a Web-based software
| |
| | understood risk and insurance. My
|
| solution you access through Internet
| |
| | challenge was to transfer my knowledge to
|
| Explorer. It can capture virtually any
| |
| | the other IT professionals. Sandhurst was
|
| risk financing program or instrument you
| |
| | a good opportunity to do that. Because it
|
| can think of. Extra aggregate limits,
| |
| | was an internal custom application, I
|
| coverages, any sublimits, per occurrence
| |
| | could employ other analysts, developers
|
| limits, retentions, all that. It can set
| |
| | and testers to help build it. They could
|
| up an occurrence and suggest, based on
| |
| | get their hands dirty with this system
|
| characteristics of that occurrence, which
| |
| | and its documentation, so as we move on
|
| of our policies or programs have
| |
| | to other projects, these people have a
|
| available limits and could possibly
| |
| | greater familiarity with risk
|
| respond and provide coverage. This allows
| |
| | management’s systems needs. I am more
|
| the user to take additional steps to
| |
| | replaceable today than at the beginning
|
| select coverages, lock them in and make a
| |
| | of the project, which is something we
|
| record of the claim. The actual handling
| |
| | endeavor to do.
|
| of the claim is still manual; you have to
| |
| | Warren: On the risk management side, we
|
| call the carrier, etc. But over time,
| |
| | have expanded my skill set to two or
|
| this will give us much better perspective
| |
| | three people beyond just me. On the IT
|
| on the remaining balance or limits of our
| |
| | side, Ed did a lot to expand exposure to
|
| risk portfolio so we know at any given
| |
| | risk management systems to the other
|
| time what programs have the potential to
| |
| | people on his staff. A couple of years
|
| respond to specific situations.
| |
| | ago, it was just Ed and myself. Now,
|
| Shoemaker: Sandhurst is designed to
| |
| | there are four to five people on the IT
|
| support our business needs for five years
| |
| | side and the risk management side who are
|
| or more. We are going to start improving
| |
| | familiar with the process and can work
|
| the code base immediately, so it will go
| |
| | together. We have built an institutional
|
| through an evolutionary process until,
| |
| | skill set amongst the staff that will
|
| ultimately, Microsoft’s business needs
| |
| | make things like Sandhurst much easier in
|
| will have changed so much it will become
| |
| | the future.
|
| cost effective to create something from
| |
| | RM: What words of advice would you give
|
| scratch rather than continue to update
| |
| | to colleagues trying to accomplish a
|
| Sandhurst. The only thing that would
| |
| | similar goal?
|
| derail that would be a sudden and
| |
| | Shoemaker: You should always scale your
|
| significant change in how Microsoft does
| |
| | business requests to IT according to
|
| business—a fundamental, underlying
| |
| | whatever competency, budgetary and other
|
| change in our database requiring such a
| |
| | business restraints may exist. If IT and
|
| substantial rewrite of the application
| |
| | risk management have not yet developed a
|
| that we would have to start over from
| |
| | mature relationship, if they don’t have
|
| scratch.
| |
| | a big budget with lots of resources, then
|
| RM: Would you consider Sandhurst to be
| |
| | scale your requests to something that is
|
| the capstone of your departments’
| |
| | possible for you to achieve. Brian and I
|
| collaboration so far?
| |
| | cut our teeth on smaller projects at
|
| Shoemaker: Sandhurst is a sign of the
| |
| | first, enhancing an existing system or
|
| maturing relationship between
| |
| | building a narrow function. As we got
|
| Microsoft’s IT and risk management. If
| |
| | more successful at working together, we
|
| Brian and I started working on Sandhurst
| |
| | learned how each other’s processes
|
| four or five years ago, the project would
| |
| | worked, and whatever pitfalls may exist
|
| not have been as successful as it is
| |
| | between them. Once you get a joint
|
| today. We put Sandhurst on the board,
| |
| | success, even if it is a modest one, you
|
| determined its specs, scheduled it,
| |
| | can build on that.
|
| costed it, made changes along the way,
| |
| | Warren: Try to get inside knowledge of
|
| had a commitment date of 10/16 and missed
| |
| | how your IT department functions. Learn
|
| that by only two days. All things
| |
| | how it sets its budget and its
|
| considered, that’s pretty good.
| |
| | priorities. Be realistic about what you
|
| Obviously, it was a cooperative effort,
| |
| | need. There are a lot of good services
|
| for both IT and risk management.
| |
| | being offered by RMIS companies, so
|
| Warren: The concepts for this were pretty
| |
| | asking IT to build something special for
|
| groundbreaking. It presented a
| |
| | you might not always be necessary. You
|
| significant challenge for an IT
| |
| | are going to have problems if you ask IT
|
| organization when the business is
| |
| | to deliver something unreasonable. But if
|
| struggling to define new processes at the
| |
| | you come in with a logical argument and a
|
| same time it is trying to build a system
| |
| | business case that makes sense, the
|
| to run those processes. It would have
| |
| | challenge then becomes how to engage IT
|
| been far easier to automate a
| |
| | and get what you need. IT is motivated to
|
| well-established manual process. We
| |
| | make itself relevant to the business. If
|
| automated risk financing at a point in
| |
| | you present your project as an
|
| our experience when it was not a
| |
| | opportunity for IT to add a value-added
|
| well-established business process,
| |
| | resource or a useful new business
|
| however, which made it much harder. We
| |
| | function, you will be much more likely to
|
| had to decide what our standard was going
| |
| | get its support.
|
| to be as we went along.
| |
| |
|