COBIT Case Study: Prudential Financial 

 

Abstract

Prudential, a leading financial services provider worldwide, recognizes the need to adopt an IT governance framework to provide its operations in Asia with a uniformed platform to sustain growth and eliminate risks. As a result, the corporation chose Control Objectives for Information and related Technology (COBIT) for its user-friendliness, flexibility and simple structure. Although Prudential’s implementation of COBIT is still in progress, the corporation’s regional IT team has already seen results in enhanced communications between IT and business operations, better responsiveness in project management as well as an improved environment for risk assessment for each of the corporation’s 12 market countries in Asia.

Background

Established in the United Kingdom in 1848, Prudential is a global leader in financial services and Asia’s leading European life insurer. Together with its fast growing asset management operations, Prudential Corporation Asia has more than 9,000 employees in 12 countries across the Asia Pacific region. As part of its commitment to the Asia market, Prudential maintains two key regional IT hubs, one in Malaysia and one in Mainland China, as well as a regional sub-hub in Singapore.

Prudential Corporation Asia’s Regional Head of Information Technology Emmanuel Rodriguez first introduced COBIT in 2005. Supported by Rodriguez’s six-member regional IT team in Hong Kong, the initiative to adopt COBIT was championed by the Prudential’s CEO and board members, who strongly support the adoption of better IT frameworks, systems and processes to give the corporation better competitive edge across the region. 

Prior to adopting COBIT, the various IT teams in each of the corporation’s 12 markets had already implemented a series of their own IT initiatives and achieved successful results.  But Rodriguez soon realized it was time for Prudential to adopt a standardized IT governance framework across the region to cut repetition and build synergies. 

Rodriguez’s overall goal was for COBIT to provide a uniform framework consistent with the corporation’s existing best practices. The key to success was the ability to maintain a balance between pan-regional uniformity and flexibility to accommodate different markets.

Process

Better IT Control is Key to Sustain a Corporate Growth in Asia

Since 2001, Prudential has been putting significant efforts into strengthening its IT frameworks as its business operations across the region have reached a certain level of maturity. As a result, better IT consolidation, standardization and security are needed to sustain the corporation’s growth and protect existing data and structures.

Rodriguez captured the essence of the situation at the time with an analogy between Prudential and a racecar. “The corporation was like a classic race car. Equip it with better and proper IT tools, it can definitely run faster,” Rodriguez said.

COBIT Provides Essential Foundation for Management Support

“COBIT is a very simple and powerful management tool that allows us to achieve our goals,” Rodriguez explained. “We needed a base upon which we can make our IT infrastructure credible for each of our markets across the region, and the IT Governance Institute (ITGI) has done a great job in putting together an IT governance tool that is coherent and easily understandable to everybody.”

Since Rodriguez’s target audiences include not only each of the market’s IT heads, but also business managers, project leaders, board members, risk committee members and audit committee members, COBIT’s friendliness to these users and its use of common business language are key reasons why Rodriguez and his team adopted it.

“IT governance can appear to be a boring subject to our colleagues in business operations, and without any background in IT many of them may never understand it.  The last thing we want is to give our business and project managers the impression that IT governance is all about what they cannot do rather than what they can do.  For this reason, we adopted COBIT as our framework because its language is so easy for non-specialists to understand and it will enable our business colleagues to develop an interest to understand what doors IT governance can open for them.”

COBIT Helps Protect Corporate Integrity and Reputation

Other key issues Rodriguez and his team aimed to address with COBIT were those of security and access.

“There are tremendous risks associated with not having proper IT governance. Just one bad incident may destroy what it takes years to build.”

For instance, with so much data about Prudential’s clients across Asia, the prospects of leaking any of these data to unwanted hands is something that Rodriguez and his team have always kept in mind. Without a proper code of conduct in the IT system, however, there will be risks for someone to gain undesirable access to those data.  In another scenario, if Prudential were to outsource its IT operations to the wrong partner without the proper guidelines put in place, the corporation will be exposing its businesses to further risks across the region.  Therefore, to Rodriguez and his IT team, COBIT is a very important guiding light that identifies where the risks are, what their overall impact is, and what the team can do to deal with them.

“Not having proper IT governance in our world is like having mud on your windshield while driving 150 km an hour. You might think you are speeding along a straight path, but you have no idea what is ahead of you and you will be taking great risks.”

A Cost-effective Value Creator with Long-Lasting Results for Corporations

Subsequently, Rodriguez and his team compiled an “IT governance cookbook,” so called for its quick-reference convenience. The compilation of the cookbook consisted also of a very thorough consultation process to make sure that different countries’ IT needs are addressed and included. Targeting all regional IT and business heads, project managers, board members as well as risk committee and auditing committee members, the distribution of this cookbook across Prudential’s operations in Asia was completed by November 2005. To ensure that COBIT was read, understood and implemented properly, Rodriguez and his team also designed a survey to obtain his target audiences’ feedback. 

“The implementation of COBIT is an ongoing process, but I believe we have already achieved in raising awareness in the importance of IT governance across the region. This will enable us to enforce our standardized framework more effectively in the next stage.”

In addition to heightened awareness, Rodriguez also saw more responsiveness in Prudential’s 12 markets in terms of project procurement, approval, structuring, governance, as well as a better overall understanding in how to develop and implement initiatives in a more structured manner.

“The more I use COBIT, the more confident I feel in making key decisions. COBIT is a great guide that tells me and our business managers what we can and cannot do strategically without compromising our commitment to comply with regulations and corporate governance.”

For Rodriguez and his team, IT governance is not something that needs to be cast in stone. COBIT’s well-structured, easy to use components allow Rodriguez and his team to get as technical and specific on any element or topic as they see fit. At the same time, it also provides them plenty of capacity to take into consideration the needs of Prudential’s various markets in Asia.

More importantly, COBIT has proven itself to be a value creator, and this allows Rodriguez and his team to convince his board members to continue their support toward his team’s initiatives. To Rodriguez and his team, a more coherent and safer IT environment gives everyone peace of mind so that they can focus on delivering better and more focused value added solutions to the entire corporation. It is essentially a matter of creating bankable funds for the organization, and such has been the key principle that Rodriguez’s team is instilling into his audiences’ minds through COBIT.

“A good doctor is someone who is able to explain to her or his patients clearly what they need to do to stay healthy. Likewise, a good IT professional is one who is able to make the subject easily understandable for a business audience. There is no doubt in my mind that COBIT is the tool that allows me to achieve that, and with COBIT I believe we can establish a culture of better IT and corporate responsibility for Prudential.”

Conclusion

Although Prudential’s implementation of COBIT is still in progress, it is apparent from Rodriguez’s experience that the framework will continue to provide values to the corporation in terms of:

  • IT governance: Pan-regional strategy formation, uniformity
  • Cost-cutting: Trims repetition
  • Security: Managing regional customer data
  • Outsourcing: Provides proper liabilities for outsourcing partners
  • Communication: Easy to understand terminology for wide range of corporation audiences
  • Business Growth: Provides a safer, more coherent overall IT environment for leaders to focus on value-adding solutions
  • Risk assessment: Sets boundaries for decision-makers to understand what they can do

In other words, COBIT allows Rodriguez’s IT team and their business operation counterparts to maintain a better alignment between Prudential’s IT goals and business growth objectives by consolidating existing best IT governance practices and eliminating risks. Such will be Prudential’s key IT strategy to strengthen its leadership in Asia for years to come in the future.