The Risks In Social Without Governance

RadarIf I were a Chief Risk Officer, I’d definitely have social on my radar.

There’s a huge enthusiasm for collaboration and a fascination with the tools and platforms that enable it. The ‘Shareconomy’ was voted the keynote theme at the world’s biggest trade fair, CeBIT, this month.

Which is great. Essential and exciting in fact. But midst the revolutionary fervour, it’s easy to overlook governance. Not completely, of course, but to allow roles, responsibilities and accountability to blur in the excitement; to relax rigour in the quest for agility; and to permit a cultural slide into ‘governance-lite’ as the new default.

Unleash social without a complete and joined-up model of the enterprise – one that is owned and embraced by the business – and it’s the stuff of CRO nightmares. Without the right process management platform in place, it’s not just easier to incubate a black swan, it’s quicker.

Related Posts

15 March 2013 Future BPM: The Enterprise Platform

29 June 2012 Process And The New World Of Risk Management

© Text Michael Gammage 2013

Cloud Without Risk: Pie In The Sky

We know that systems failures are surprisingly common, hugely wasteful and can bring a company to its knees.

Best example last year must be Knight Capital, a market-maker responsible for 10% of US equity trading volumes. In two hours of trading on the afternoon of 1st August, a ‘software glitch’ lost the firm $460m. The subsequent rescue package cost the owners 70% of their equity.

Arguably though there’s no such thing as an IT failure. If all work is ultimately process, then ultimately it’s always a process failure.

At one level, Knight Capital went down because of a flawed implementation of a software upgrade. But it’s probably more true to say that, somewhere along the line (and maybe we’ll find out once the legal battles are done), there was a flawed process, or a good enough process that was poorly executed.

Probably both. And almost certainly – because this is the continual theme – the root cause was ineffective collaboration.  Vital stakeholders were missed out from the consultation. People thought that they had a common understanding of an end-to-end process and missed the gaps. There was no governance framework to ensure that people used the latest document. No-one realised that there were two different versions of the same process…

So McKinsey is right when it warned last week of the new risks in the migration to cloud services, making it clear that this is not simply a technical IT challenge:

“IT organizations must now adopt a business-focused risk-management approach that engages business leaders in making trade-offs between the economic gains that cloud solutions promise and the risks they entail.”

In cloud migrations, as in every other business transformation program, it’s effective collaboration that underpins innovation and sustainable improvement – and ensures that risks are properly managed.

It’s extraordinary therefore that so many organizations flirt with disaster, blithely assuming that they don’t need an enterprise-wide process management platform equipped to enable effective collaboration.

They may say otherwise but in practice they rely on definitions of their business based on process fragments, in multiple formats and tools, often in arcane technical languages, of unclear provenance, scattered across multiple repositories, only tenuously linked with operational realities, and ‘managed’ with the flimsiest of governance.

Amazingly, Gartner’s dramatic prediction, announced two years ago this month, that: “Between now and year-end 2014, overlooked but easily detectable business process defects will topple 10 Global 2000 companies” still looks a safe bet.

Related Posts

11 Dec 2012    Process Management and Google Maps

19 Nov 2012    No Other Corporate Asset Is Wasted So Spectacularly

© Text Michael Gammage 2013

Optimize 15,000 Business Controls? No Problem

iStock_000016133531SmallManaging variants in business controls is essentially the same problem as managing variants to global processes. Except arguably more complex and business critical.

McKinsey has noted that most organizations don’t manage global processes well. Many are in denial that there is a problem. They define process variants as an IT issue and talk of ‘vanilla’ system implementations as solutions. And if variants are addressed, it’s in a one-off Inquisition, as though things would stand still thereafter.

The truth is that every global process requires local variants of some sort. But global processes continually evolve, and local circumstances continually change. So what’s really needed is the capability to continually re-optimize the mix of global process and local variants. And, of course, to continually re-deploy these changes to the workforce in a way that ensures adoption.

McKinsey noted that many multinationals don’t have the collaborative (and governance) framework in place to pull this off. They suffer a ‘globalization penalty’.

It’s the same problem for global business controls, except more complex. Three case studies at IP11 showed how an enterprise process management platform can pay huge dividends:

  • Rene Nibbelke from BAE Systems highlighted in his keynote the value of visualization in enabling a Finance team to transform and deliver 280 processes with 230 business controls.
  • In one workshop case study, an investment bank showed 15,000 business controls embedded in its processes in Nimbus. Many were local variants so there was a need to continually re-optimize the mix of global controls and local variants.
  • In another case study – another investment bank – the client had created a single source of truth: an integrated process map, covering its activities in 28 functional areas and across 3 regions of the world, complete with 10,000 business controls embedded in the operational processes – in just six months.

Related Posts

10 Jul 2011 Managing The Downside of Global Processes