Good Software is Good Business - Invest Your Money Wisely

12/20/2016 03:07 pm ET Updated Dec 21, 2016

I recently sat down with Christophe Duthoit, Senior Partner and Managing Director at Boston Consulting Group, to talk about the business value of software. Software can be obscure, and its direct impact on the business is not always seen. However, with critical business operations relying more and more on software systems, it is essential for senior business executives to understand software risk and its implications.

Software is becoming the DNA of any business, predominantly in banking, ecommerce, healthcare, insurance, logistics and others. How do you see this evolving in the coming years?

I want to steal the formula from Chris Dixon, “software is eating the world” which we can adapt to “software is eating business.” Software is becoming the critical factor in the success or failure of a growing number of businesses today. And what was until recently considered as the poster child activity in many companies is now becoming central to success.

Take financial services, for example. Banking is moving away from being just a transaction processing and relationship business to an information business. Fintechs are fully capturing the opportunity and are riding that wave. With world-class innovation and technology capabilities, Fintechs are re-imagining the financial services customer experience and bringing it to the best digital standards.

There is a clear correlation between wise spending in technology and good business. In a recent BCG report, The Power of Technology Economics, we demonstrate that sustained and wise technology investments (of which software constitutes the most part) delivers superior business performance including more competitive cost base as well as better growth over the long run. Having said that, Information technology and Software have been around for more than 50 years and it has not yet reached the stage of a mature business yet.

Good software is good business! The flip side is the ever increasing number of IT systems outages – Knight Capital, HSBC, Delta, Target to name a few – that have a direct impact on top and bottom line, brand reputation, CxO jobs and even stock prices and shareholder value. How would you explain these ‘bad surprises” to a shareholder who lost 20% in one day following a massive crash?

I don’t think you can explain to shareholder at that point, it is too late! You want to do everything possible to not find yourself in that position. You want to explain to your Board and Shareholders why it is so important to invest in cybersecurity and good software practices ahead of any major IT systems outage. You need to work smarter and harder to prevent IT systems outages. And in order to ensure your hard and smart work is worth it, you need a plan and the metrics to measure progress. Software needs to be run as a business, and as a business you need the metrics to measure progress against objectives.

Digging into the risk factors of annual reports, beyond the traditional data it’s all about “market acceptance,” “dependence on suppliers” and “unexpected disruptive competition.” There is not a single word about the critical software skeleton that supports the business. If shareholders knew how much software risk a company may have in its IT system, they might think differently before investing their life savings. Why don’t SEC regulations require companies to be fully transparent in this regard?

Board and shareholders start to realize it, but it’s not there yet. The U.S. Securities and Exchange Commission recently adopted Regulation Systems Compliance and Integrity (SCI) to strengthen the technology infrastructure of the securities markets. It is clearly a good start, but so far it’s all about “you must do your best.”

CISQ, a consortium backed by the Software Engineering Institute at Carnegie Mellon University, has established global standards on IT system reliability, but this is early days and adoption is slowly growing.

In the future, I imagine that rating agencies would include explicit risks related to IT systems in their evaluation of companies and ratings and even potentially produce specific IT risk ratings. However, there is not yet enough demand for this. We have a long way to go, and there is much to be done at the "smart" regulatory and individual company level.

Do you think Boards, CEOs and CFOs would push back hard against such mandatory exposure?

If you asked them tomorrow, yes. However IT transparency is rapidly becoming a must for executives. Once it becomes a standard and a common practice, software risk reporting will become another part of doing business and no one will question it, unless a major IT system outage with systemic consequences will suddenly act as a wakeup call. There are multiple reasons why exposure is becoming mandatory. When you’re exposing critical APIs to third party developers, startups and software providers, software reliability becoming a vital concern given a broad range of emerging applications (for example, self-driving cars).

Christophe Duthoit is Senior Partner and Managing Director at Boston Consulting Group in New York. He leads BCG’s global Digital & Tech in banking business. He holds an MSC from Berkeley and a PhD in Mechanical Engineering from the University of California. Learn more about Christophe’s work here.

Vincent Delaroche is the CEO and Founder of CAST, the leader in software analysis and measurement.

This post was published on the now-closed HuffPost Contributor platform. Contributors control their own work and posted freely to our site. If you need to flag this entry as abusive, send us an email.