When revenue gains soften, costs start to attract greater executive attention. And so it is with Pharma. It’s widely acknowledged that the pressure to control and reduce costs is the next major challenge facing companies contributing to the Pharma industry’s global value chain. Growing generic competition, imminent patent expirations, and shorter pipelines are all contributing to eroding margins.

But as part of their efforts to improve financial performance, many pharmaceutical companies are finding it hard not to turn the cost-cutting spotlights on IT. And for good reason; not only does the Pharma industry, according to recent research, spend six times more on IT than the average U.S. industry (15% of revenues vs. 2.5%) but many companies are still waiting to chalk up measurable IT-driven business value from this huge and growing investment. It’s little wonder that pharmaceutical executives are asking why IT costs so much and yet seems to deliver so little.

Given the trends reshaping the industry and the extent to which pharmaceutical companies will be increasingly dependent on IT capabilities, success—and, for some, survival—depends in great measure on “getting IT right.”

The challenge today is often acute: despite IT’s growing implications for strategic areas, far too few pharmaceutical companies have a well-defined IT governance capability in place. What many pharmaceutical executives don’t realize is that the building blocks of an effective IT governance capability are already embedded in their organizations: many of the same business practices that are used to reduce cycle times, lower costs and ultimately improve bottom-line performance can also be applied to better manage the IT organization.

IT Ungoverned: A Closer Look At the Value Drain

When IT organizations are not managed to provide value, the signs aren’t hard to spot. IT projects languish, encounter delays, result in cost overruns, or fail to deliver the business results anticipated. Investments are made in spot solutions that add layered complexity to the IT infrastructure, but little attention is paid to how each solution contributes to the overall efficiency and effectiveness of the IT organization. Ownership and accountability for IT results is unclear or unassigned. The lack of an IT vision and strategy leads to inconsistent decision-making and misplaced priorities. Utilization rates for core IT technologies remain low because the organization cannot attract, afford or retain IT specialists with the needed skill sets.

In some cases, too many projects chase limited funding—without a disciplined approach to prioritization and business alignment. In other cases, funding for new projects is fully expended on technology, without taking into account the need to develop the critical supporting processes and organizational elements. And sometimes a major IT implementation project stumbles badly just because a key executive takes on expanded responsibilities, changes position or leaves the company.

Fast-Moving Trends That Make IT Governance Critical

While rising development costs and declining pipeline productivity are pressuring pharmaceutical companies to deliver greater value, other trends are also conspiring to place IT governance as a top priority on the business agenda.

Migration towards new (and uncertain) business models

As R&D productivity continues to decline and key franchise-supporting patents approach expiration, many analysts agree that the pharmaceutical industry is evolving away from a business model that supports the delivery of “blockbuster drugs” and toward new ways of funding, developing and delivering medicines. Since companies don’t have clear visibility into what kinds of IT capabilities will be needed in the future, they should be pulling out the stops to engage IT oversight mechanisms that help ensure that current and future IT investments result in a flexible, adaptable IT infrastructure. This oversight should also ensure that IT executives have the ability to redirect resources as necessary to reduce costs, improve delivery times, and prioritize resource allocations in alignment with business needs.

Global regulatory compliance

Expanding regulatory oversight and the scrutiny resulting from class-action law suits have raised the total cost of compliance as well as the financial risks should non-compliance occur. This scrutiny is occurring in a number of critical IT-supported areas, including sales and marketing practices, government drug price reporting, patient privacy and/or customer health information, clinical operations, post-marketing drug safety reporting, and in quality control activities around manufacturing operations. For pharmaceutical companies, this can mean new layers of compliance-related tasks—layers which can easily lead to operational bottlenecks and inefficiencies. While some organizations may have elected to address these new compliance obligations manually, reliable and cost-effective compliance over the long term will require a carefully considered, IT-governance directed approach to automation, security and privacy considerations, and IT-based controls.

Growing importance of outsourcing, partnership and collaboration

As drug pipelines become less productive, Big Pharma is increasingly turning to partnering arrangements such as strategic alliances and joint ventures with small, innovative biotech companies as sources for new products. But with compliance and risk management objectives so prominent in the industry, prospective partners seeking these new relationships need to be able to meet rising standards in areas with clear IT dependencies. For example, if protected information is to be shared across organizational boundaries, then effective access control and threat and vulnerability management capabilities may determine which outsourcing partner is selected. Or if a potential partner’s operations must be able to contribute to key segments in another company’s supply chain, then efficiency-enhancing, IT-supported capabilities may need to be firmly—and demonstrably—in place.

New drug development’s increasing dependence on IT

As Big Pharma’s internal R&D productivity continues to slide, new opportunities are emerging for cross-organizational collaboration. Many of these opportunities, however, depend on the successful convergence of IT with R&D processes. These capabilities aren’t developed overnight or in the weeks immediately preceding the submission deadlines for a Big Pharma request-for-proposal (RFP). They’re targeted well in advance—through informed IT-dependent foresight and strategic planning.

Applying Pharma’s Business Practices to IT

To address trends and challenges such as these, pharmaceutical companies have adopted a rigorous set of business practices. Many, for example, are extending product life cycles through off-label usage, entering into cross-licensing agreements with competitors, improving supply chain integration from raw material sourcing to delivery, and expanding collaboration within the organization and with third parties. Many companies are also outsourcing non-core business activities such as internal audit, acquiring specialized skills on an “as needed” basis and optimizing the allocation of research resources—budgets, facilities and people—based on portfolio management methods and techniques. While all of these business practices support core business objectives such as raising revenue, lowering costs or improving the return on capital, they also offer pharmaceutical organizations a huge—and often untapped benefit: they can frequently be directly applied to IT.

Just as their business counterparts must manage many complex and intertwined issues, IT managers in pharmaceutical companies must constantly addresses similar challenges.  These can include achieving a balance between competing business needs for application functionality, ensuring that staff with an appropriate mix of skills and training are available, or lowering the costs of commodity like goods and services such as personal computers and networks.  Other comparable IT challenges can require securing the services of “specialists” with unique skills, knowledge, and know-how; evaluating the feasibility of outsourcing select activities to third parties – whether off-shore or near-shore – to reduce costs, improve delivery times, and meet cyclical resource needs; and most frequently heard, improving the return on invested and operating capital provided by the business.

But how should IT adopt these business practices to improve the return on one-time and ongoing expenditures? What should IT do to ensure it operates as the “low-cost provider” while simultaneously providing information technology the business needs? And what actions can IT take to deliver greater value for the investment?

Foundational Elements and Objectives of IT Governance

IT governance requires much more than just a commitment to project prioritization. Even leading pharmaceutical companies that recognize the need for strong IT oversight can spend years refining a top-down approach to managing the IT organization without fully embedding within their efforts the most important principle: that IT should be managed as a business. This simply means that the adoption of sound and practical IT governance practices should be aligned with the business. In other words, IT governance should be focused on providing the oversight necessary to build a compliant, value-based, high-performing IT organization that is aligned with the organization’s primary objectives.

To achieve this, pharmaceutical companies must address the three foundational elements of IT governance: policies, practices and methods. As the underlying principles or guidelines of an effective IT governance capability, policies set the rules and define the expectations for behaviors and practices across the IT organization. Practices are the comprehensive sets of tasks and processes undertaken to realize these policies. Methods include the procedures, methodologies and tools that support IT practices—enabling capabilities such as software or program code or analytical procedures that inform decision-making.

These three foundational elements are essential to helping pharmaceutical companies achieve the following IT governance objectives:

•    IT alignment: Ensuring that IT is fully aligned with the organization’s business objectives.

•    IT accountability and ownership: Ensuring that IT accountability and ownership are clearly and appropriately defined throughout the organization.

•    IT spend management and transformation: Ensuring that total IT spend is fully understood and that the focus is constantly on transforming ‘old’ spend on maintenance into new spend on building the future.

•    IT resource management: Ensuring that the resources that support the organization’s IT capabilities are allocated, scheduled, coordinated and optimized in a dynamic and flexible manner that best supports the achievement of the company’s business objectives. Also ensuring that IT practices are efficient in comparison with peer organizations and consistently used across the organization.

•    IT risk management: Ensuring that IT-related business and compliance risks are identified and addressed—either through risk mitigation, elimination, transfer or acceptance.

•    IT performance monitoring and improvement: Ensuring that IT performance is constantly monitored and that the means of improving IT performance are identified and addressed as a regular part of business and IT operations.

Five Steps a Pharma Company Can Take Today To Establish or Improve IT Governance

What does it take to begin putting these objectives into action? Here are five steps crucial to putting an effective IT governance capability in place:

1)    Identify current IT governance capabilities

Change always begins with a starting point. Determine your organization’s current IT governance policies, practices and methods, both formal and informal, wherever they reside within the executive suite, the various business units and the IT organization. Also gather information on the symptoms of IT’s inefficiency or its misalignment with the business. Use both sets of information to begin building the business case for change.

2)    Determine leading practices for IT governance in your peer group

Don’t just examine how other companies are exercising strategic oversight for IT. Dig deeper. Try to capture insight into the practices of pharmaceutical firms operating within your specialty area, whether that’s enterprise operations, manufacturing and supply chain operations, R&D, or sales and marketing. Look at different models for how business and IT leaders collaborate in sharing IT-related information and decision-making. Look at how ownership and accountability is defined. Ensure that, just as your company takes a “life-cycle approach” to products from R&D through “generification,” your IT organization takes a “lifecycle approach” to IT asset management.

3)    Prepare a plan to improve or develop IT governance

Make sure it is aligned with your business objectives, consistent with your organization’s business policies and practices, and includes participation from key executives. Also take care that the plan is communicated in non-technical business language and engages mechanisms that support enforcement.

4)    Establish a framework to capture and assess IT spend and performance data

The lifeblood of IT strategic decision-making is accurate data on what the “real” IT spend is across the organization and what this investment is contributing to the business. This framework should define specific IT spend categories and prioritization criteria; support the identification and linkage of each spend item to specific corporate or business unit objectives to clarify alignment requirements; allow “ruthless prioritization” of IT projects to determine rankings; and support resource management analysis to ensure that demand can be met by available resources.

5)    Make sure that the new IT governance practices support continuous improvement

Develop a process to ensure that the strategic allocation, scheduling and coordination of IT resources can be adapted as business and technology requirements change. At a minimum, this means that reporting capabilities must be robust and based upon the appropriate set of metrics. It is also essential that executives responsible for IT governance can easily track progress, share documentation and achieve efficient and cost-effective control over costs, risks, and business-aligned payoffs. And one more thing: make sure that the right processes are employed to ensure that the IT organization incorporates lessons learned and is committed to making the adjustments necessary to continuously improve IT delivery performance over time.

With one of the highest levels of IT spend as a percentage of revenues, pharmaceutical companies should expect a substantial return for their investment in IT—not just in terms of capital commitments but also—and even more importantly—in terms of the larger and ongoing costs required to maintain the IT organization over time. As both business and IT cost pressures continue to rise in the industry, one of the most important ways of continuously ensuring an ongoing stream of business benefits from IT is to define and adopt IT governance practices that are firmly rooted in the strategies, tactics and operational needs of the business.

Marc Swenson is Director, PwC Advisory. He can be reached at marc.swenson@us.pwc.com.