Monday, August 4, 2008

Stan talks deals with the Silo Effect.


It is all too often that in my day-to-day consulting of multinationals that I see managers who have not the slightest clue of what their employees are up to, and vice versa. In today’s business world of SOX, BASEL II, and ISO, it is imperative that all companies be fully accountable and transparent. This transparency, although a simple concept, is often difficult for companies worldwide to adopt. Transparency and accountability require a company to constantly track changes, follow guidelines, and always know the role that their employees play.

If transparency and accountability is not achieved then it is only a matter of time before the walls start caving in around you. Audits never come at a time favorable to companies, if that is even possible. The first thing I tell companies when I start a new contract is – relax. Audits don’t always have to be a bad thing. If transparency and accountability is properly upheld, then audits should prove to be just another way to show how organized and successful your company really is.

BPM software solutions are by far the best way to go about doing this. Processes are mapped effectively – a cost saving task – and all business processes henceforth have the ability to be tracked. Managers can ensure that their entire corporation is accountable and transparent.

BPM software also gives managers the ability to ensure that employees are on task – so you always know what they are doing. The suites allow for roles and resources to be assigned to individual employees eliminating any redundancies in your business processes. Web-based portals allow employees to access a personal homepage with any news or information that pertains to their life, their job, their role. The Webportals allow for roles to be assigned to employees, with no way for them to dodge work, or accidentally ‘miss’ an assignment.

In a perfect world employees’ actions can be fully tracked, their day to day activities can be monitored, and their roles can be assigned and monitored in real time. Oh wait, that’s the BPM world.

If you're new to the BPM world, I at least recommend that you download Free modeling software to map your business processes.

Friday, August 1, 2008

Stan talks about Risk Management


IT? Who needs it?

I bet you have asked yourself “Why do I need that IT guy”.

I know at first glance they seem to just sit around, order parts and pull shredded paper out of your jammed printer, but they are actually one of the most important people in your office. Why? Two dirty words: Risk Management.

In all my years sorting out the problems of multinational companies I have heard every excuse imaginable for skimping on the IT department. What they don’t seem to understand is that a vital aspect of risk management is ensuring the continuing functionality of their supporting IT systems. Often the worst offenders are technically-oriented workplaces who engage in software development themselves and should, more than anyone else, understand the value of having an IT specialist to take care of their computers, servers, and data security. But management didn’t want to spend the extra money. Why? Because they figured that among their 50 employees, there would be enough aggregate knowledge to serve as a kind of ad-hoc IT guy. What you end up with is an IT Frankenstein. Every problem was solved by a different person, using a different approach, often using shortcuts and workarounds that don’t actually solve the issue (which one would expect, since these guys were not hired to manage their office computer assets). So over time, the stitched-together network, the obsolete and malfunctioning components, and the willful negligence of management came together to create a monster that was a threat to the whole company. Luckily I showed up in time and set them straight. Creating effective processes to solve the problems that cropped up around the office allowed for proper solutions to be implemented, resulting in greater stability and much less frustration when that blue screen pops up.

Now I’m going to get controversial: DON’T RELY ON TECHNOLOGY.

That may seem like a bit ironic, since we are talking about Information Technology – but the key thing that I want to drive home is that it is not the hardware you have in place that will ensure the stability of your IT , it’s the people (specialized people, please) and more importantly – the processes that guide them. A computer will not maintain itself - quite the opposite; over time it will just become more and more chaotic if left uncontrolled. You need effective controls ensuring that the computer doesn’t end up erasing its own hard drive.

I was engaged as a process consultant at a company who made this mistake. They actually had an IT guy, but he was more interested in purchasing gadgets than setting up controls to mitigate the potential risk of relying on these gadgets in the first place. I remember when I first met him, he was one of those guys who never takes off their Bluetooth headset and ended up looking like a wannabe Star Trek regular. I can tell this guy loved Technology, and like any good circuit worshiper, he loved to spend money. And he spent big. He purchased a hyper-expensive fileserver to maintain all the data within his office, and when I asked him what his plan was for data loss – he acted like if the idea was preposterous. I pressed him harder and he came up with a strategy: Upgrade the brand-new server to something more expensive.

I could tell he didn’t take me seriously with my talk about Risk Management and Process Controls, but in the end I can never really force people to follow my advice… advice that they pay for. Months later, there was an electrical storm and a power surge killed his fancy server. His company ended up loosing 2 weeks of software development because his backup processes were not properly managed. As a result the company had to delay its product release by 3 months, lost its market advantage to inferior products and set in motion some destructive ripples that the company will feel for years. In the end they recovered, but at the expense of growth, profit, and customer satisfaction.

But you know what – I can’t find myself blaming this IT guy. Sure, he displayed a tragic hubris that would make the gods weep, but the real problem was not that he messed up – it was management that neglected to enforce effective risk management via business processes.

In the end, a computer is a dumb box, and lots of computers linked together in a network is just a disaster waiting to happen. Unless, of course, you understand the risks by documenting your processes, and eliminate those risks by implementing effective controls. They say that a computer is only as smart as the person using it – the same thing goes for your IT systems, they are only as smart as the people managing them. And the best way to manage them is via processes with a good understanding of the risks that can be encountered.