One of the hardest challenges for any Credit Union is establishing meaningful IT Metrics for your credit union. Sure it is easy to come up with things like uptime metrics or age of servers but ultimately, many of these fail to translate consistently overtime to the business objectives. Without this translation, even well intentioned IT Departments can hide behind their metrics and not truly create the efficiency or performance the organization requires. In addition – the more focused these metrics are on technology or infrastructure type items – the less business impacting work your technology department will do. Credit Unions have tons of technology talent at their fingertips but most fail to deploy them in strategic or member impacting ways.
There are three basic components that each technology department should be measured on. Efficiency is a key one. Measuring IT efficiency can be pretty challenging though. You can measure it by labor hours, expense levels, help desk statistics or many other ways. The huge challenge in this metric is the fact that often times in technology you get what you pay for. Buying a super cheap server often results in lots of unplanned maintenance and performance failures. Whereas buying the most expensive server results in more feature functionality and possibly the need for more training or better qualified employees. Hence, depending on what you measure you can create unfortunate side effects. To measure efficiency correctly you should start by determining philosophically if you believe IT’s role should be to reduce aggregate labor in the CU or should it be to provide more services to members. If it is the former, than focus on measuring IT’s efficiency by comparing it to other similarly sized credit unions and looking at the broader labor efficiency in the Credit Union. I strongly recommend using membership sizes to determine complexity over assets. For example four or five credit unions that are the same number of members on the same core system and create a baseline labor efficiency to compare against. If you are more aligned with the goal of having more services – than measure the number of services or transactions your team produce against other credit unions of similar size.
In Credit Unions, security is paramount. So, creating transparency and metrics that allow you to know that your IT Security processes are in place and improving is imperative to success. Since most experts agree that security is the result of a multi-layered approach you will probably need a multi-layered approach to metrics. This means you will need to measure a handful of items to establish the quality of your IT Security program. The technology world would have us look at this by measuring the quality of patching programs, log reviews, vulnerability assessments etc. In reality, the only thing that really matters to the business is probably that the cost of making sure you don’t have a security breach is less than the security breach. Of course, many of us see this is a binary thing in credit unions and that we should do everything to never have a breach. In reality though, we don’t all have infinite budgets. So, instead you will need to probably use a combo metric. A) Has a breach occurred during the given time period – if yes – than failure has occurred. B) A score that allows you to compare performance from period to period that weighs the importance of each security tool vs. the performance. For example, the firewall being in place is crucial and is more important than a server being patched. (Perhaps we can write another blog on building a security score) C) Evaluate the quality and depth of the program subjectively through your annual penetration and vulnerability assessments.
Having been a Credit Union CTO in my past life, I would strongly suggest a strong vendor management metric. Each year this becomes more important as more and more is outsourced and consolidated. Your CTO probably spends a huge portion of their time managing third-parties, negotiating services, and solving problems with outside vendors. Yet, very few of us measure the success of this area. Again, this measurement really requires a philosophical discussion to begin with. Does your credit union outsource things that aren’t core competencies or do you do everything in house. If you believe in focusing on what you are best at – than your IT leadership need to effectively maintain, develop and foster strong relationships with your third party vendors. These relationships need to be measured and managed just like employees to make sure you get consistent and sustained value out of your partners. If you are a DIY Credit Union, than you could really focus on the efficiency aspects of your third party vendors. This can be accomplished through basic contract management and making sure that you both get services for as cheap as possible but that you also establish this philosophy with your vendors so that you avoid mismatches. Basically, it doesn’t work well to have a vendor negotiated down to zero margin if you are going to want anything custom or good service. If it is a pure commodity (like office supplies) than sure, but if the service is essential to your members you probably need to make sure you are good partner in the equation.
In general, you get what you measure and if you don’t make sure your credit unions philosophical goals align with your technology goals – you can wind up with very disjointed and misaligned resources. If this goes on long enough, IT can become the choke point for projects and advancement of the credit unions business goals and end up wasting tons of resources.