In-Depth

Innovator Awards 2006

• May 1, 2006

ADT’s 12th annual Innovator Awards recognize the work of IT teams who developed—and deployed—unique apps to solve their company’s business problems. This year’s winners all demonstrated flexibility in the face of business change. The winning teams grappled with post-merger integration, developed business intelligence systems for e-business and re-architected critical information systems to compete in new and emerging markets.

This year, we received 31 nominees in five categories: data warehousing, application engineering, middleware/application integration, e-business application development and open-source application deployment.

The winners, selected by judges at Boston-based IT consultant Keane, are profiled here. Review the apps of all the nominees and find out which ones our readers picked to win.

A single view of procurement

When Halifax Bank and Bank of Scotland merged in 2001 to become HBOS plc, the combined entity needed to merge data residing on several disparate systems. The newly formed organization also sought ways to cut costs and inefficiencies that resulted from the merger. “In procurement, the only way to do so was to have full supplier and spend visibility,” explains Sharon Reason, procurement specialist.

As the United Kingdom’s largest mortgage and savings provider with 22 million customers and assets of more than £440 billion [USD$770 billion], HBOS needed a flexible app that could be implemented rapidly and would be adaptable to business changes.

Timeliness was of utter importance for the organization to ensure contented customers and cost savings throughout the process. “With £2.4 billion [USD$4.2 billion] annual expenditure, it was obvious that it would be well worth the investment to get a clearer picture of who was spending the money in the organization, with what suppliers, and what they were spending it on,” Reason says.

With those goals in mind, HBOS went to work creating the HBOS Supplier Relationship Management (SRM) application. Three months later, the seven-person development team delivered the first phase of the project, which provided a single view of procurement data across the combined organization. “We have more visibility now than ever before,” Reason says.

As a result of putting the SRM system in place, she elaborates, “We are now able to see a wide range of data in a comprehensive, accurate way, ensuring one version of the data no matter who is viewing it or from what perspective. Merging all the data, both external and internal, provides the most complete information for our employees to make the best business decisions possible.

Before the merger, Reason explains, the financial firm did not have any visibility into its data because it spanned many systems, making the task of accessing it difficult. It also took a week or more to find where needed data was stored. “Now, this is not a problem because users can log on to the system and find what they need in a matter of seconds,” she notes. “If we need a new report, we can get it in a matter of hours.”

SRM provides a single view of data that covers all categories in the bank from temporary staff, to pens and pencils, to ATMs. “Absolutely anything and everything that HBOS buys goes through this system,” Reason says.

The success of the initial phase was due in large part to the use of Kalido’s adaptive enterprise data warehouse. Kalido acts as a hub, where all the disparate data comes together and provides a 360-degree view of purchasing.

For two years after the 2001 launch, HBOS went through additional development phases, which were often propelled by business imperatives. For example, HBOS had to start handling procurement data from a subsidiary at the same time internal changes led to a new system, or phase. This e-procurement phase provided a view of supplier spending habits and relationships back to 2001.

A subsequent phase extended the reach of the SRM system to give a complete view of supplier spending habits and relationships regardless of which reporting system was used at the time of the merger. This was followed by a phase to incorporate external risk data from Dunn & Bradstreet.

Extending the reach of data provided another benefit to the organization: the ability to drill into the data based on customized needs and preferences. For example, a procurement agent can drill into one division and then further down into a specific category. “The granular approach is what makes the data so accessible for the respective teams,” Reason says.

Another plus of the SRM system is that it gives the firm the ability to maintain consistent reporting without disruption. For this aspect, HBOS devised a commodities and category hierarchy to allow for the feeding of all the new codes in the existing schema. “As Kalido can handle the multicodes, there is no change for the end user,” Reason notes.

The most significant benefit, however, is the ability of the procurement team to obtain information in a timely manner without having to go and retrieve it. This frees up more time, which can be reinvested in newer projects, and can then lead to monetary savings.
Continued flexibility in the face of business change posed the most significant challenge to HBOS during the project. As a financial institution, HBOS must adhere to several regulations, satisfy growing and changing customer needs, and prepare for mergers and acquisitions. Kalido is flexible enough so that the firm can cope with the business changes, such as taking on new commodities and suppliers, Reason says.

“The SRM project continues to empower our procurement decision makers and has been invaluable in delivering the cost savings we required,” she concludes.

Reason advises any organization considering embarking on a similar project to know the overall business goal. With that goal in mind, she encourages finding the most flexible solution that will meet the organization’s needs, which most likely will change and grow. “Never stop reevaluating the solution and exploring additional innovative avenues to fully capitalize on the system’s capabilities and achieve the maximum possible return on your IT investment.”

Lana Gates is a freelance writer based in Mesa, Arizona. She can be reached via e-mail at [email protected].

Check out all the data warehousing nominees and their full applications.

Building intelligence into e-fraud management

In May 2004, HPShopping.com began rebuilding its fraud management screening system so that it would scale with the growth of the business. The project, undertaken to streamline credit checks when prospective customers ordered goods from Hewlett-Packard’s Home and Home Office Store online, would serve as the blueprint for HP’s worldwide e-commerce operations.

“The system we had would scale on the number of hits you had per order,” says Phil Mindigo, risk manager for HP Home and Home Office Store. Flagged orders were outsorted to trained fraud analysts, who manually reviewed them during same-day business hours, so as not to inconvenience customers.

“What we needed to do was improve and speed up the order review process and reduce the number of orders that were outsorted,” Mindigo explains.

HP set out to develop a fraud-screening system, based on using business intelligence and data modeling to handle most of decision making. The new system would also aggregate customer information, risk profiles and third-party Web-based data services in a portal for analysts to review outsorted orders. The scope of the project required the dev team to build its own fraud management system using a variety of tools.

“Fraud is a constantly changing business problem and you’ve got to use a variety of tools,” Mindigo explains. “A lot of companies use each and every one of these tools but they don’t have them connected so that you can actually build a strategy that is based on looking at the results of these tools or services and then make a decision based on all that knowledge.”

The new fraud management system features CyberSource’s Risk Management Server, a rules engine that allows analysts to develop and maintain fraud-screening algorithms. A Fraud Queue Manager Web portal and dashboard enable fraud analysts to review flagged orders. When an order is placed, customer information is processed using the screening algorithm, which sends Web service calls to five third-party data sources.

Many online retailers still use the cut-and-paste method or rely on scores provided by vendors. “That score aggregates the knowledge from a lot of these services that are used behind the scenes,” Mindigo says. “However, they are using a small percentage of knowledge that is available from those services to create that score, where we are taking advantage of all the knowledge of these services by plugging these in native and putting it into our strategy.”

For example, he says, an IP address returns 32 fields. “If you look at any score, typically, it may use one or two of those parameters; we are able to look at all those parameters and take advantage of that as part of our business,” he says.

“In the payment industry, and in the fraud industry, there is no silver bullet,” says Greg Andrews, IT manager of payment fraud systems at HP. “So aggregation of the best pieces of all of these tools in essence has built pretty close to a silver bullet. The other part is combining all of the data and data elements within a fraud review portal so that the analyst can have all of the data in a cohesive location.”

To automate fraud screening, the IT team had to integrate apps running on Broadvision (the storefront), .NET and J2EE platforms, as well as data from third-party vendors. The 10-person dev team used rapid app dev tools, Weblogic Workshop, Hibernate and Strut.

“We have everything on the backside—Oracle, Microsoft, HP Lex—so we had to build a tool that would integrate well with whatever storefront or internal app we had to integrate to,” Andrews says. “So that is one of the reasons that we chose to go with Web services-driven and SOAP-driven technologies.”

When a customer orders, the storefront sends a SOAP message using SSL to the .NET financial gateway app, which processes and transforms the SOAP request into an XML message for the risk management system. A fraud screening strategy is executed on the order data; calls are made to Enterprise Java Bean plug-ins that query third-party data sources or the storefront’s order history database.

After the order is approved, declined or flagged for review, the order data and third-party data are stored in a database asynchronously using JMS message queues. Analysts view flagged orders through the Fraud Queue Manager, which provides access to order details, a risk profile, order history, and a summary of results from third-party data sources. The order can then be checked in more detail before it is approved or declined.

“The benefit in any complex fraud solution like this where you’ve got to strategize is that you’ve got to be able to model the data after you receive your negatives or your chargebacks,” Mindigo says. “We have a business intelligence system but we also have an analytics expert that’s using tools like SAS and KnowledgeSeeker to do complex modeling and then that modeling is reflected back into the strategy.” He adds: “You’ve got to have a tool that’s sophisticated to put the results modeling back into the strategy and that’s what CyberSource RMS provides.”

Andrews estimates the cost of the North American project, which took a year to complete, was about $1.25 million, including licensing, development and infrastructure. The return on investment of the new system is time savings, automated fraud management decisions based on a lot more data elements, an ability to control the use of fee-based third-party data services, and business scalability without adding head count.

“Now we have the dials on the system so that when we hit peaks like back–to-school, a one-month peak where we see our business double for a month, we can turn the values on the system, reduce outsorts and minimize the impact—we do not have to staff up for seasonality,” Mindigo explains.

HP’s fraud analysts are able to review about twice as many orders per hour. Operating expenses at HPShopping.com have decreased by about 25 percent per order. These benefits were measured by tracking order volume, revenue, operating expenses and chargebacks during the first 6 months and doing a year-over-year analysis.

“We’ve increased our approval rate on good orders and that’s added to the ROI,” Mindigo says, “and then by aggregating all these fee-based third-party data services we can control how they are used, and when they are used, which allows us to control the cost.”

Thinking globally is one thing. Deploying an intelligent fraud management system that automates the bulk of the decision-making and adheres to the respective privacy laws and regulations of financial infrastructures around the globe is like climbing Mount Everest.

There’s also the integration of storefronts, Web services, apps, and back-end infrastructures to consider.

“Right now the rules engine behind the fraud management tool has over 15 different deployments,” says Scott Koehler, director of HP Web services and configuration. “We’re deployed in every region around the world.”

Koehler adds: “What we are trying to do is utilize the tools, the strategies, and the processes, and sophistication that the team has developed in the United States in other countries.”

Check out all the e-business application development nominees and their full applications.

BMC re-architects aging product line with agile rewrite

By Lana Gates

When Houston-based BMC Software found that its systems management technology risked putting the company at a competitive disadvantage, it decided to replace its aging PATROL product lines with a single architecture.

“In simple terms, BMC decided to introduce a new generation of their own successful products before any competitors could,” says Israel Gat, VP, Infrastructure and Application Management.

Even though the company risked alienating some of its 15,000 PATROL customers, technology advances and an aging product line forced BMC to rethink its app strategy. Rich native instrumentation, the impact of Internet-based protocols, expanding network bandwidth, Web-based interfaces and customers’ desire for agent-less monitoring all played a role in BMC’s decision to develop a new architecture.

“This is the least disruptive solution for introducing a new generation of technology,” Gat says.

BMC wanted to build an end-to-end systems management app with the functionality to diagnose complex problems, enabling customers to focus on more value-added tasks. The system needed to provide remote discovery and monitoring, require no agents on target nodes, simplify administration, and protect customers’ technology investments.

A 200-member dev team set out to build the new architecture, combining features of PATROL 3, PATROL 7 and PATROL Express. Eight months later, the team delivered on its third release of BMC Performance Manager, a mission-critical project for the company.

To pull it off, the dev team had to integrate five infrastructure components and replace three components—the PATROL Central Operator Microsoft Windows Edition, the PATROL Central Operator Web Edition and the PATROL Classic Console—with a single console component: the BMC Performance Manager Portal.

On the agent side, the dev team brought together agent-based monitoring and agent-less monitoring. To do this successfully, the team hid the way data was collected from the management app that uses the data. “The application does not need to know whether data was collected PATROL Classic style through an agent, or without one, PATROL Express style. By hiding the way the data was collected, we created the virtual reality ‘all the data in one place,’” Gat explains.

The dev team was under pressure to deliver the new architecture in 8 to 10 months, in part because BMC’s Fortune 1000 customers face similar deadlines with tight IT budgets. The dev team relied on Scrum agile methodology to deliver two-week iterations throughout the project. The team performed unit testing, GUI automation testing and automated API testing on the iterations and kept costs down by off-shoring those processes.

The iterative nature of the agile methodology helped BMC harness the myriad details across the three product lines. “Mere mortals, even very talented mortals, would not have been able to foresee the subtle dependencies between one detail and another,” Gat says. “Agile unveiled these dependencies in real time.”

Agile was simply one of the layers in BMC’s stack of software engineering practices. Other layers relied on aggressive use of automation tools and dynamic programming languages. The dev team used Eclipse, Oracle, JBoss app server, JUnit and Maven software to build the new architecture, but most important to the team was the methodology and principles used, not the tools and technologies, Gat explains.

&Instead of project management tossing requirements over the wall, they now work on a day-to-day basis with development, explaining the rationale for the requirements and guiding their implementation,& he says.

Each day starts with a 15-minute team meeting, where every member gives a briefing on what he accomplished the day before, what he plans to accomplish today, and where he’s stuck and needs help. Follow-up meetings are scheduled to ensure that everything stays on track.

“I find these meetings indispensable—by far the best way to learn—as distinct from reading a 20-page project status report two months after the time I needed to know or act upon an item,” Gat says.

With agile, BMC developed a self-assessment process and aligned its business metrics with software dev metrics. “We broke the silos between functions, building holistic project teams instead,” Gat explains. “By so doing, we minimized the time wasted due to cross-functional dependencies,” such as dev waiting for a new build.

The dev team is able to incorporate new requirements quickly. If, for example, a client wants additional functionality, BMC creates a demo of what a full implementation would look like. The team can usually deliver the demo in two weeks. During the demo, BMC takes feedback from the customer. After that meeting, BMC goes back, makes changes if needed and delivers the final product in approximately 6 weeks.

As a result of combining the PATROL product lines into a single architecture, BMC has increased developer and team productivity 20 percent to 50 percent. The company has also realized the benefits of improved team work between product management and development, reduced investments and waste associated with unfinished or unnecessary shipments, and increased its ability to incorporate new requirements quickly. In addition, customers are receiving critical functionality sooner through more frequent releases, Gats says.

He encourages any org considering a project of this magnitude to take risks. There is opportunity for innovation in each and every phase of the product life cycle. “Risk minimization strategies will not get you there,” he says.

According to BMC, it is still too early to declare success in the user community, but the completion of the release lays the groundwork for modular monitoring applications that are independent from the infrastructure,” Gats says.

“If you accept the premise that market needs change faster than the software industry’s traditional ability to develop solutions,” he continues, “you’re left with the question, ‘What can we do about it?’ For me, the answer is agile.”

Lana Gates is a freelance writer based in Mesa, Arizona. She can be reached via e-mail at [email protected].

Check out all the application engineering nominees and their full applications.

GeoDecisions saves taxpayers $15 million

In 1999, geospatial software provider GeoDecisions, created IRRIS, a Web-based system that uses advanced information technology, geographic information systems and location-based services to support transportation security and logistics for U.S. state and federal agencies. The system houses data on road conditions, construction, incidents and weather. After 5 years of development on IRRIS, technology and user requirements changed, prompting GeoDecisions to reexamine the system.

GeoDecisions decided it needed a more flexible app built on a common framework to keep up with the changing needs of its clients. “It got to the point that we couldn’t maintain the previous version very well,” explains Brendan Wesdock, director of military solutions. “It was starting to become a house of cards due to all the shifting requirements and the ASP 3.0 base it was built upon.”

The organization opted to rewrite the system from the ground up to provide for future adaptability, growth and additional deployments. Although it did not have an enterprise mapping application built using ASP. NET, GeoDecisions needed to build a scalable enterprise app and decided that .NET would provide the best common framework.

“Since we started the project in 1999, the ASP 3.0 and VB code we were using were better suited to be rewritten in .NET,” Wesdock says. “Since it’s very difficult to separate the UI from the business logic and the database in the older technologies, over time the application became difficult to maintain.”

.NET offered better language support, new controls, XML-based components and better user authentication, as well as a common framework. The common framework allowed GeoDecisions to free up its developers from tedious and difficult dev tasks to focus on building the application. “Developers can use the framework to develop similar applications in weeks rather than months,” Wesdock points out.

The 32-member team of VB/ASP and Java developers decided to use Visual C# to build the framework. “We voted on the language of choice and it came down to 32-0 decision in favor of C#,” Wesdock notes. “It’s so similar to Java that the Java guys had no problem with it, and the VB guys all wanted to learn it, so it worked out well.”

The team was geographically dispersed across Pennsylvania, Virginia, Missouri and Texas so they relied on daily status meetings and MSN Messenger to communicate. During the 10 to 15 minute status meetings, team members reported on assigned tasks, upcoming tasks, problems, concerns and other issues.

In addition, the team formed committee groups during the initial design and development phase to help focus the development staff and to “slice up the development of the application into bite-size pieces that weren’t overwhelming,” Wesdock says. One group was responsible for mapping, one for reporting, one for the IRRIS framework, one for the GUI, and so on. These groups operated as mini projects, Wesdock adds, and were eliminated after delivering the first beta product.

In a matter of 10 months, the development team completed the new framework, which is based on interface inheritance. This allowed the team to use numerous databases, mapping engines and reporting tools that can be installed as part of IRRIS or hook into it.

Thanks to the new IRRIS, Version 6.0, GeoDecisions saved more than $15 million in taxpayer dollars in 2004-2005 through improved efficiencies. For one thing, the organization boasts greater access to critical information such as cargo manifests and the location of sensitive cargo. Now, the time to track a shipment has gone from days to minutes, Wesdock says.

In addition, the newly written app automates some tasks that were once performed manually. Wesdock uses as an example the new way it reports carrier performance metrics. These measure on-time performance, direct routings and incidents of government shipments. “In the past it took months to gather data and several months to prepare a report,” Wesdock admits. “Now metrics can be generated in a matter of seconds with the most up-to-date information.”

Tracking of hazardous shipments is nother example of a newly automated task. Before IRRIS, there was no need to look at shipments unless there was an incident. Now, however, users can see shipments in real time and are therefore able to react quickly. “This has decreased incident response time from 4 hours to seconds,” Wesdock notes.

GeoDecisions also has become more flexible and responsive. IRRIS interoperates with other systems, providing enhanced vehicle routing and additional tracking of data feeds. Compared to the Version 5.3, IRRIS 6.0 has an 80 percent faster map response time and a 20 percent faster overall application speed, Wesdock says. It features a redesigned user interface that lets users perform operations with a single click after getting set up.

If given the opportunity to do the project over again, GeoDecisions would develop a more flexible toolkit that would enable it to integrate different types of mapping software. Wesdock advises any org considering embarking on a similar project to keep lines of communication open between management and development staff, adding that user feedback plays a key role as well.

“The success of this project is due to the hard work and innovation of all of our team members,” Wesdock concludes. “Their can-do attitude and approach to new and untested methods proved to be the underlying foundation of the project.”

Lana Gates is a freelance writer based in Mesa, Arizona. She can be reached via e-mail at [email protected].

Check out all the middleware/application integration nominees and their full applications.

Banking on open source pays-off for German loan provider

By Kathleen Richards

When Francis Pouatcha was tasked with automating norisbank’s consumer credit system, he begged management at the German bank to give him a chance to build the app using open-source tools. Back then, norisbank was using commercial platform BEA WebLogic for its Internet banking apps.

“I thought it was a very young and very innovative company with a flat hierarchy,” recalls Pouatcha, head of application and development, who joined norisbank AG in 2002. What appealed to him greatly was that he could interact regularly with key management.

“After I put up the first prototype without spending a lot of money, they gave me a chance to do it,” Pouatcha says. “Cost was not really the main factor,” he adds, although it made management happy. “The main reason for choosing open source was technical. We could really start very fast to make proof of concept. When you have an open-source server, you can reuse their built-ins, processes and patents; you have an open-source community,” he says.

“With a commercial application server, you have to negotiate some conditions with the provider and all that takes time,” Pouatcha explains. “If I had to make a system using a commercial server, I think I would have needed twice as much time.”

Pouatcha and his team opted to use the open-source Java 2 Enterprise Edition-based app server JBoss 3.2.5 (now 4.0.2) with the Apache Tomcat Web server as the platform for the online loan system, which would automate manual processing of loan and credit applications. In 2002, when the project first got underway, “JBoss was the only app server really providing a way of extending the server functionality,” Pouatcha says, through its implementation of Java Management Extensions (JMX) with respect to Mbeans.

“My management was not very sure of open source, they were always planning a fallback strategy,” recalls Pouatcha. The use of the J2EE standard-platform mitigated the risk because the bank could port the easyCredit system to a commercial J2EE platform such as BEA WebLogic or IBM WebSphere, if necessary. The new online loan application system needed to support about 5,000 users from 1,500 agencies.

JBoss is licensed under the free Lesser GNU Public License. The core developer, also called JBoss, offers three-levels of subscription support. Among other concerns, norisbank wondered how financial and legal risk would be handled with an open-source platform. “My manager asked me, ‘What if some day, a company comes and says we have violated their digital rights?’” recalls Pouatcha. The contract with JBoss has provisions for legal assurance, as well as technical support.

The dev team received the requirements doc for the easyCredit system in January 2003. Development was based on the unified software dev process, which meant users were involved from the requirements phase. Tasks were assigned based on J2EE best practices—user interface developers, business logic developer and database designers.

About 80 percent of the tools used to develop easyCredit were open source—development was done in an Eclipse environment with xdoclet. Open-source tools were used throughout the app development lifecycle, from the components framework (Apache Struts, Apache OJB) and version control (CVS), to testing (JUnit, Grinder) and build (Cruise Control). The remaining 20 percent of the tools were developed internally.

The easyCredit application runs on a Sun Solaris network of 16 online JBoss/Tomcat servers and two JBoss/Tomcat batch servers in a Java virtual machine configuration. The servers are connected to two storage area network nodes running Oracle RAC databases. Joe-SNMP and Log4J are used for system management.

The easyCredit system uses Web-based apps and tools to gather third-party data for credit checks when applicants apply for a loan. A rules engine and business intelligence tools are configured to detect fraud, allowing for machine-based credit decisions. An enterprise content management system gives employees access to customer files.

Immediately after the test version of the system was ready in May 2003, norisbank was acquired. After the acquisition, the 35-member dev team was told the system needed to integrate with 785 additional financial institutions to support 11,200 agencies and more than 31,000 users. It also needed the capacity to handle concurrently 100,000 Web-based transactions.

The prototype was finished and the system was open enough to integrate into the infrastructure and specifications of the parent company. The easyCredit system went through QA testing by September. In December 2003, the first online credit application was processed.

“We moved our revenue from 400,000 million to 3.2 billion in two years,” says Pouatcha. “It was not only the software, we have a very strong exhibition department, very aggressive marketing, but we have the necessary technical system to support quotes that’s what matters. The system we had in the bank was not able to support 5,000 users; the new system we set up can support 100,000 users. We took 9 months to set up a system like that from scratch.”

Developers use open source because of its flexibility, Pouatcha asserts. “Before I did this project I was a software engineer really focused on software and software architecture,” he explains. “As of 2003, I had to maintain the software, and the maintenance part of software development of business applications is very much neglected. I’ve learned that the software is only one-third of what makes a business application. There are a lot of operating and maintenance issues to be considered.

“The open-source community is becoming more professional,” he says, “concerning software they are very far, but concerning operations and maintenance, there is a lot more to do.”

Check out all the open-source application deployment nominees and their full applications.