Swipe Right or Left: Choosing the Right Governance Approach for Your Company

DP: Hi and welcome to Swipe Right or Left: Choosing The Right Governance Approach For Your Company. We are going to get into the details behind these two wonderful gentlemen's approaches to governance. One is a little different than the other, and I'm anxious to get both of their approaches because they're both successful. I am very pleased to be joined by Steve Willer from Klick and Steve McKenzie from Zoetis, and today as according to our SAS management index that we just published, not more than a month ago, SAS, as we all know, that's why we're all here. It continues to be out of control and sprawling. You have the shadow IT issues, the security risks that go with it. Obviously, governance is a very important issue with all of our customers. That's the general beginning, and so I'm going to let you guys introduce yourself to make sense and we'll get into the real details. Why don't we start with Steve Willer from Klick?

Steve Willer: Okay, so hi. Yeah, my name is Steve Willer. My title here is CTO. I'm tech guy, but also very operational focused. Lately I've been at Klick for about 20 years now. Klick is many times larger than the version of IT that it was when I first joined. Our focus as an organization, we are a marketing agency essentially. We work primarily in the pharmaceutical, biotech and healthcare industries, primarily in the US. We work on marketing programs, many of which are very technology oriented but also very important it's a highly regulated space.

DP: Super. All of you have that in common, I'm sure. Over to you, Steve McKenzie with your intro.

Steve McKenzie: Thanks, DP. I'm Steve McKenzie. I'm the IT supplier management lead here at Zoetis Tech and Digital, which is the IT department for Zoetis. We are an animal health sciences company with a number of products across a broad range of species and we have a global remit. We work across the world in many, many countries. I've only been here at Zoetis three years, so not quite as long as my counterpart, Steve W. at Klick. But in my time here, I've actually started off in the procurement team and moved here to the ZTD area to take on supplier management and software asset management.

DP: Perfect, perfect. Well, thank you both and thank you very much on behalf of Zylo for being here and let's dig into it. Steve McKenzie, let's start with you and we'll have both of you answer this question to give everybody an idea of what both approaches are and then just walk us through the governance approach at Zoetis and why you picked that approach or why you manage in that way.

Steve McKenzie: Yeah, we are well under our way to move to a centralized governance model here. I will say collectively as a group, we're working towards an agile mindset, so we have a centralized process to review the intake and request for new technology. It's driven by manufacturers. I will say our portfolio varies widely. We have your core IT, but then obviously we have a research and development organization who has to meet the needs of our therapeutic areas quickly, and then also manufacturing space as well too, so our software remit is wide, it's global, and it varies tremendously. But that doesn't mean we haven't had pain points. We've seen tremendous growth in our past 10 years and we have really strong goals going forward. We realize we have to make sure that we're making conscious decisions when we're bringing on new technology to prevent duplication, functionality, and better management, and of course, above and beyond that, make sure that we're bringing on secure and safe products to protect our data.

DP: Makes sense. Over to you Steve W. How does Klick to do this?

Steve Willer: Yeah, so governance, we are... Okay, so one of our very important elements of our corporate culture is this notion of entrepreneurial spirit. Innovation and innovation in technology has been a core part of who we are since before I joined. Trying to maintain a balance between cost efficiency and innovation can be a bit of a challenge. Historically, what we've done is we've been essentially very tightly managed and have pretty strong central governance when it comes to security and privacy in particular. We had some number of years back established. One of the teams I manage is called the trust team, which was inspired by Salesforce a long time ago. That brings together security and privacy as well as internal and external audits and compliance function, that type of thing. That was very tightly managed and we had an organization understood, we work in a regulated space, and so they've been very cooperative on that. When it comes to cost, historically we had told people" If you want to try something then try it, but don't put any kind of confidential information with them until we've had a chance to vet them. But when it comes to the cost, as long as it's below some reasonable threshold, then expense it and we will find a way to cover it." As we are growing as an organization and getting more mature, we're actually in the process right now of shifting over to much more comprehensive centralized governance of costs, as well. The messaging is shifting from" Try it and then let us know," into" If you want to try something and it's going to cost money, then talk to us first. We're happy to help you and to find the budget for it to work through the contracting to deal with all the process steps, but we really need you to talk to us before you get too heavily into it." That's the process right now.

DP: Gotcha. That makes sense. That's the evolution, the maturity of a program, it sounds like to me. I think you touched on something, Steve W., that is probably difficult. I'll say that word, maybe it's not, but for both of you, but software makes everybody more productive so it's not going anywhere and new things coming all the time that help solve problems and make us all more productive. How do you balance this? You just touched on it, Steve W, and then Steve M., you had more of a... I'll just... Potentially a poor source or a poor choice of words, buddy, more of a control around it. But how do you make sure you're allowing for the right freedom within a framework so that employees feel like they are getting the best and they're depending on you, it sounds like Steve M. do that, whereas Steve W., they're doing a little bit on their own. I go back to you Steve M. How are you balancing that" Hey, we do still need to be innovative." Zoetis is known as this known innovative company. How do you do it?

Steve McKenzie: Yeah, that's where I have to give a lot of credit to our enterprise architects. We have a colleague who centrally manages that, but we obviously have those who have the role in a distributed manner. I really give credit to them where they're collaborating and sharing ideas. I'm not a technologist at my core like Steve W. Might be, but I feel that they give those guys the guidance and the support to be creative. Creative is many different things to find that new product, to be reacting to the customer, and then even productivity as we see with the boom of AI. I give a lot of credit to our enterprise architecture team where I feel I've given them a process for our colleagues that come together, voice their opinion on things they may need and review it and give a frank assessment of do we have that or is this truly an area that we need to move into. Then for all the right reasons, again, make sure that we're not cart before horse jumping into something, loading it with confidential information before we've had the chance to engage risk management to review that, to collaborate with the software provider to understand their security controls.

DP: Yeah, that's good. If you don't mind a follow up there. You touched on AI. ChatGPT, it seemed to just the head of the spear, so to speak, and it entered in everybody just" What is AI? We need to make sure we have it, we need to be more productive." It started at employee level, I feel like for most companies, and now obviously it's corporate initiatives, but what happened, if you don't mind, Steve, if there's any, not necessarily insight baseball there, but for employees just coming to you guys all the time saying, " Hey, we need this, we need this."

Steve McKenzie: Yeah, we have a... It's been a big initiative of ours. You can see it right from our CEO down where we want to lead with data. I have to give credit again to our digital data analytics team. There's actually one colleague in particular, he's really jumped and has been the face of AI here, where I give credit to our executive team as well and our leadership within our IT group to say, " Identify those use cases quickly." We jumped in, we're piloting different tools and it's all over the place. It's not just those that could benefit us, but it's also I myself. I'm part of the beta group where I'm testing out how can I bring that in as I build out the software asset management, governance and practice here as I grow supplier management here for ZTD. We jumped into it quickly. I will say I noticed it quite well because I personally was very interested in that, really listening. I got tired of the machine learning and AI felt like this nebulous thing off in the very far future to where it became very real very quickly. I feel like we reacted to it quite well where we have our use cases we're working towards, and again, really trying to enable all employees with AI.

DP: Gotcha. There's more of a controlled enabled effort and then it's rolled out, if you will, it sounds like to me, but I'm oversimplifying. Steve W., so it's a little different on your side, you're in this transitional period it sounds like. That, I would say, may be even more difficult, you've got this AI, that's just an example, but how are you balancing then from going from a freedom within the framework or maybe even just freedom to putting a framework around it for everybody? Does everyone feel good about it?

Steve Willer: The whole AI, in a sense situation, it's complicated. There's the potential for our own business to be disrupted, and so what we're trying to do is to, in a sense, disrupt ourselves before we get disrupted. What we're going through around AI in particular is trying to... There's different groups and different interested parties that are all running as fast as they can. We're just trying to keep the chaos barely under control in a sense. The spend side of it is almost simpler because the tools on a limited basis aren't generally that expensive. They're much more prickly or difficult when it comes to... They were very difficult when it comes to security and privacy where there's a lot of fly- by- night companies. Up until March of last year, even the major companies like OpenAI, they weren't guaranteeing that they weren't going to use your corporate data for training their own model. They set a precedent that was very damaging for the industry. They turned it all back on March 1st, but then we needed to help everyone to understand, including at an executive level that"No, no, they're now promising not to use our data or our client's data." We've been trying to strike a balance around with AI more around the security and privacy aspect where if you're trying out some tool, great, but again, nothing confidential, nothing client- related. You cannot ever send anything there. Talk to us first because maybe we can get ahead of your deeper testing with a vendor approval and whether it's a trial or not, we want to make sure that we vetted them from a security privacy perspective before they work with any data that's even remotely confidential.

DP: Absolutely makes sense.

Steve Willer: Yeah, that's the balance that we're trying to strike there. In terms of all the different groups that are working, it feels like a marketplace of ideas, but it's whoever is able to make the most progress before everyone else, in a sense. There's different groups that are competing, and I'm personally involved in some of these build efforts. We have internal build teams that are trying to stay ahead of third- party tools. Then there are other groups that are working with these third- party tools, and it's a lot of experiments just to see what sticks in a sense.

DP: Gotcha. Okay.

Steve Willer: Just to watch it as it shakes out.

DP: Gotcha. As you think about that, then there's the identification and the finding of all of these applications. Then there's all of the aspects of governance, all the way through writing of protocols and policies and then the policing of it, et cetera. What would you guys say is the most difficult portion of just this big term called governance or software governance? What's the most difficult to execute against? Either of you, actually.

Steve McKenzie: For us, and I will say we're recent joiners here with Zylo is just the amount that we've uncovered. You always know that, to use the iceberg analogy, you always know the top, but it's that it's below that surface, right? You expect it to be smaller things, but it actually is a pretty sizable portion. It's trying to understand how do we build a process that helps those where it's not a cut and dry case of" I need this type of functionality, can it be provided by one of our key software suppliers?" To build something that like we were talking, Steve was mentioning and you had asked him, DP, is where it's stifling flow and the ability to create and to adapt and to respond to what's needed. That's the issue you find so much that you're like, " I've got to get my arms around this. I've got to do X, Y, and Z. but then how do I also make sure that the business keeps running?" I think that's always the toughest thing is there's probably a bit more out there than you expect. Then how to build a governance for all of that. That's where you've got to take that in mind and take a quick lesson and say, " All right, maybe I've got a focus here." It could be with those top applications, the contracts, the spend associated with that, build it and adapt it down. Or it could be the inverse if expense is an issue, go from the inverse and say, " Hey, I'm well managed at the top. Let me work more on the lower portion of lower dollars but many transactions." But again, that's always what I felt has been the toughest part, is that you uncover so much so quickly with a platform like Zylo and then you're like, you just get almost overeager to build a governance process and you find yourself trying to do too much in too many areas too quickly, and you've got to be focused on how you apply it.

DP: Very good. Very good. Steve W., how about you? What's the biggest challenge? What's been most difficult as you think about that spectrum of governance?

Steve Willer: Yeah, I was thinking about that. I guess I feel the same way. The biggest issue is just the volume. There's the big collection of items that sure, that you would uncover when you first set up Zylo. You start and you're able to uncover expenses that you didn't know about with software and maybe five different competing products that are throughout your organization. But then you have the task of trying to consolidate those five applications or cover for the contracts that you don't have. There's just a huge to- do list to clean up your data set and your processes, even independent of the change management aspect of adjusting your governance model to meet these challenges, particularly volume- wise, given that often you may have yearly contract renewals, so it's never static. Then every once in a while a bomb drops in the AI thing, right? You're just trying to get your stuff cleaned up and then something like that drops in and now you've got 25 new tools that you need to evaluate or manage. It's a lot of volume, it's a lot of complexity, and it gets hard to keep track of everything that you need to do relatively rapidly.

DP: Yeah, that makes sense. Excuse me. I don't mean this to be a surprise at all, but when you both landed with a tool like Zylo, a SaaS management tool, and many apps were uncovered you may have not known about or even expense, how did you start the process of working with other departments to start the governance to really initiate the first levels of governance? It's a difficult question, but either one of you or Steve M., if you don't mind going first.

Steve McKenzie: Yeah, no, it's a great question, DP. Quite honestly, we learned quickly that we'd wanted to first work with things that are centrally managed and owned by our department, our IT department, ZTD. Really from there, the approach was then to start talking to those who manage the cost center, those who manage the other platforms. Zylo is an important piece of our overall software asset management structure because of the software we have, we obviously do have a large on- prem remit as well, we're working with those. That's really going down that path, the collaborate with those guys, " How can we share information? What am I missing? What do you have that could be shared with me," and vice versa to build that directionally correct inventory. It'll never be a hundred percent. If it is, there's the... I hope to reach it someday, but things change as the needs of the business change. That's really where we started first is let's get a tighter management here because we felt if we can... We've been working towards let's build the governance for ourselves as the face of technology here within the company, and therefore it should be easier to work with our business partners to implement that mindset for them as well. It's set up a roadmap where we know, " Here's what we want to attack and in this timeframe."

DP: Yeah, makes sense. It's not easy, that's for sure. How about you, Steve W.?

Steve Willer: I would say given at the time, we were pretty decentralized to manage the sheer volume of it. I'd say almost the first step was to identify which departments were self- managing in a responsible way and could be trusted to continue to do that for a while while we got everything else in order and cleaned up.

DP: You're responsible?

Steve Willer: Yeah. We have two different IT departments for two different purposes. Then there's also our media team, which actually did a good job of managing their tools. It's like, " Okay, well you continue to do that while we focus on some other areas that were more problematic." I'd say that was the first step, just figuring out which departments they were.

DP: All right, so we've got about 45 seconds left. What advice would you give to the listeners and watchers out there who are sitting there saying, " I nearly need to do this,"? What advice would you give them? I stumped our panel. That's always a no- no.

Steve McKenzie: I would go back to my earlier point, DP, right? Take it from us that you will uncover more than you probably expect. Be prepared to take everything in a phased approach, right? Rely on the strengths you have or Zylo can help strengthen them further, right? You're going to uncover a ton, so be conscious about that and try not to do everything all at once because it is a long- term roadmap that Zylo can help assist.

DP: Gotcha, gotcha. It looks like we're out of time. I apologize. It looks like Steve M. got the last word, so sorry. Steve W. if you have something quick, add it.

Steve Willer: No, I feel the same way. Step one is get the gigantic data dump and upload it to Zylo to see what you got.

DP: Perfect. Excellent. Thank you. Steve Willer from Klick. Thank you Steve McKenzie from Zoetis for being with us today and hopefully everyone will be able to take that away and start their governance process. Thank you both very much.

Steve McKenzie: Thank you.

Steve Willer: Thank you.