Protecting Information: a cascading approach to information security Reply

There is no easy way to protect corporate information.  Protecting government information is easy because they have their own networks.  Life in commercial society is somewhat more different but if businesses follow these 6 steps they will be better off:

  1. DEFINE. Don’t protect everything.  It costs too much and it’s a waste of time.  Define what is intellectual property (patents, trademarks etc).  This is the stuff that (a) is legally protectable, and (b) it is what the market will pay for (i.e. it isn’t an intangible asset – it has dollar value).  Intangible assets which are collectively seen as valuable are classed as intellectual capital.  Everything else is either supporting information or junk.  
  2. DETERMINE.  Determine what goes where as part of your internal processes and workflows.  Remember, it gets used if it’s part of the workflow.  Proper IP should reside on closed systems with certain roles acting as guardians, e.g. in-house counsel, financial comptroller etc).  Intellectual capital, things such as frameworks, processes, analytical methods should sit on systems with role based access privileges  so that repeated access (e.g. for screenshots) is noted. Printing and downloading should be limited and part of a defined process.  Thin client technology helps but the most important means of guarding this stuff is to make it compartmentalised (i.e. various levels of decomposition etc) so that it’s hard to gather it all together it once yet easy enough to use as a reference tool for team use.
  3. DEVELOP.  Keep developing your intellectual capital.  It’s less worthwhile stealing information which is outdated.  Moreover, make sure that development is cross-functional and multi-disciplinary.  This is akin to holding the encryption key to your intellectual capital.  If only a few central people know how the framework all works together then even if it is taken by former employees they will, at least, be unable to build on it.
  4. IDENTIFY.  Identify the people who are going to access this sort of information.  Now build these roles and enforce them with internal business processes and physical security measures to make this work.
  5. INSPECT.  Tag your information and gain access to employee hard drives.  There is no way around it.  Be subtle about how you approach knowledge workers and develop socially enforceable norms around the use of corporate proprietary information.
  6. INVEST.  For intellectual capital works invest in a great means of display.  If you’re afraid of other firms ripping of your frameworks or processes then get a graphic artist to create excellent visual representations.  Then you can protect that image through contracts with employees and clients.  Any use outside of your parameters can be met with a solicitor’s letter.

Most importantly, invest in your people and invest in the development of new knowledge.  If they want to take it, they will but nothing secures information like happy employees and few will want to steal outdated information which they can’t build on.

The Complexity of Cost: the core elements of an ICT cost model Reply

cost model. financial modelThere are 2 reasons why IT cost cost reduction strategies are so difficult:  Firstly, many of the benefits of ICT are intangible and it is difficult to trace their origin.  It is hard to determine the value of increased customer service or the increase in productivity from better search and retrieval of information.   Secondly, many of the inputs which actually make IT systems work are left unaccounted for and unaccountable.  The management glue which implements the systems (often poorly and contrary to the architecture) and the project tools, systems and methods which build/customise  the system (because IT, unlike standard captital goods, is often maintained as a going concern under constant development, e.g. upgrades, customisation, workflows etc) are very difficult to cost.

Standard IT cost models only account for the hard costs of the goods and services necessary to implement and maintain the infrastructure, applications and ancillary services.  Anything more is believed to be a project cost needed to be funded by the overhead.

This is unsatisfactory.

The value of technology systems – embedded systems excluded – is in the ability of information workers to apply their knowledge by communicating with the relevant experts (customers, suppliers etc) within a structured workflow (process) in order to achieve a corporate goal.

Capturing the dependencies of knowledge and process within the cost model, therefore, is critical.   Showing how the IT system enables the relevant capability is the critical factor.  A system is more valuable when used by employees who are trained than less trained.  A system is more valuable when workers can operate, with flexibility, from different locations.  A system is more valuable where workers can collaborate to solve problems and bring their knowledge to bear on relevant problems.  So how much is knowledge management worth?

The full cost of a system – the way they are traditionally modelled – assumes 100% (at least!) effectiveness.  Cost models such as COSYSMO and COSYSMOR account for internal capability with statistical coefficients.  Modelling soft costs such as information effectiveness and technology performance helps the business define the root causes of poor performance rather than subjective self-analysis.  If a firm makes the wrong assessment of capability scores in COSYSMO the projected cost of an IT system could be out by tens of millions.

Financial models for IT should therefore focus less on the cost of technology and more on the cost of capability.  The answer to this is in modelling soft costs (management costs), indirect costs and project costs as well as the hard costs of the system’s infrastructure, apps and services.

 

The Complexity of Cost (Pt.1): problems with ICT cost reduction Reply

cost reduction

In a crisis the company P&L statement can be a useful starting point for cost reduction programs.  Over the long term, however, general ledger entries do not have the required level of detail to garner the requisite per unit analysis (McKinsey, May 2010).  Unfortunately, few companies do not have systems which can analyse the complexity of cost and spend in order to make accurate and detailed changes.

In the following series of blogs we will highlight the problems with standard ICT cost reduction & management programs and detail how to structure and run one effectively.

The key to an effective ICT cost reduction & management program is detailed cost modelling.  Most financial systems do not capture costs at the right level of detail for businesses to perform accurate and detailed cost reductions.  Businesses need to perform intricate spend analyses and build up intricate cost models for ICT which highlight the following:

  • The capabilities which various ICT components support (and where in the Value Chain they lie).  Only through this level of visibility can the business consolidate their ICT spend.
  • The HR and process dependencies which are indirectly attributed to various ICT elements.  Only with this level of detail can ICT remove duplication and redundancy.

In the absence of this granularity, cost reduction programs invariably fail or fail to stick.  In fact, McKinsey & Co note that 90% of cost reduction programs fail.  Only 10% of these programs actually succeed in realising sustained cost management three years on.

In a typical IT cost reduction cycle the following happens:

  • Headcount is reduced.  The remaining people then have to work harder (but with fewer skills, because tasks are pushed to the lower pay bands) to achieve the same amount of work.
  • Many, often unique, soft skills are also removed (from experienced people in the higher pay bands) in the redundancies.
  • Overall service levels decrease.
  • Further cost reductions are then required and some applications and services are axed.

In simple businesses this is not a problem.  In large and complex businesses the outcome usually follows a vicious cycle, namely:

  1. The firm still needs to retain a significant management overhead in order to deal with complexity.
  2. In these cases, poor transfer pricing and high overhead allocations mean that perfectly good, competitive core business process seem cost-ineffective.
  3. Critically, Kaplan notes in his seminal work “Relevance Lost: The Rise and Fall of Management Accounting” that the increased costs of  processes leads to outsourcing of perfectly good processes.
  4. Capability suffers and the  business loses competitive advantage.
  5.  The business is no longer able to deal with the level of complexity and complexity reaches an inflection point.  The business outsources the whole problem (eg, large ERM programs with much customisation),  getting locked into  horrific terms and conditions.
  6. Core business is lost and competitive advantage is reduced. Remaining managers pad out their budgets with excessive risk and contingency in order to shield themselves from further cost reductions.
  7. Overheads increase again and the business eventually prices itself out of the market.

cost reduction.accenture

In a recent (2010) Accenture survey on general cost reduction effectiveness in the banking industry, 40% of  respondents noted that the program has reduced overall ICT effectiveness and impacted adversely on both customer service and general management.

in order to reduce costs effectively without impinging on capability as well as making new costs stick, it is essential to view costs and spend at the most granular level possible.

In our next blogs we will go into detail how to structure and run an effective ICT cost reduction and cost management program including effective ICT cost modelling.

 

How Integrated Contract Lifecycle Management Can Reduce Legal Fees 1

Image

In a recent study by the American Bar 58% of procurement departments noted that they had been involved in purchasing legal services for three or more years.  More than half the respondents were Fortune 1000 companies and about a third were Fortune 100.

Despite this trend most legal work is neither panel-based nor subject to competitive reverse-auction processes.  In fact, back in 2007 McKinsey Quarterly ran an article titled “Inventing the 21st Century Purchasing Organization.”  They noted that businesses had woken up to the cost benefits of strategic sourcing and intelligent supply and management.

It is my prediction that with the massive oversupply of law students and as more lawyers move out of the profession into traditionally non-aligned areas our age will see a large rise in the need for law firms to become highly competitive.

The American Bar reported an interview with the Chief Procurement Officer of a large company.  He stated that “if you know your business, you should know how long something takes and how much something should cost”.  He had worked in the nuclear power industry and thought that building nuclear power plants was a lot more complex than litigation.  Understandable, although I should add that in most industries (Defence excluded) there is no one on the other side conspiring to destroy your plans.  Needless to say, he has a point.  Most law firms track costs but they don’t track work.  They track bills but they don’t track customer value.  Legal work suffers from a dire lack of transparency largely because it doesn’t need to.  In the legal profession it does no one any good to try and commoditise their work.  However, that’s exactly what needs to happen.  In many areas the rise of the paralegal (e.g. conveyancing) has been aimed at increasing profit margin internally rather than increasing customer value externally.

In order to increase customer value to corporate clients law firms must integrate their services with the company’s business lifecyle.  When this occurs the results will likely decrease total legal spending per project but they will likely increase the total number of projects using external legal assistance.  Why?  for the same reason iTunes didn’t decrease the per capita spend of teenagers on music.  Integrate with their life style.  Give them more opportunities to spend.  With a clear idea of the value external counsel can offer on a specific deal or project and the ability to keep the legal spend down it is likely that managers will seek to use that new found power to cover themselves rather than have their own accounts and reputations wear the risk.  The effect on total law firm revenue should be negligible but the effect on law firm structure should be striking.  As the commercial legal sector strives to accommodate the need for increased throughput there will likely be a greater emphasis on workflow and process.

The graph above outlines (in red) the traditional legal spend.  Very high costs being injected at pre-determined points of the business lifecycle.  This does not take into consideration all the costs which are incurred from failed contracts and poor contract management.  The blue graph outlines the standard curve from contract management expenses.  Current contract management professionals are involved earlier in the business lifecycle.  Where problems arise of specialist legal expertise is involved then external counsel are involved.

Gartner note that in 75% of the contracts they review they find hard dollar savings.  As markets develop and try to develop new revenue models through licensing options and new pricing structures it is vital that the operational parts of the business remain up to speed.

Law firms are very important and they are not going away.  The depth of knowledge they provide and the expertise in navigating transactions, deals and disputes cannot be delivered through new software.  The trick, however, is to  maximise the value for money from law firms.  The best way to achieve value for money is to ensure that detailed legal advice or drafting is injected at the precise point of value from the most valuable person and this is where intelligent procurement will have the most impact.

Most importantly, legal advice and transactional support is not operational. There are very few lawyers in very few sectors who have operational awareness let alone operational experience.  This is where professional contract managers can have the most impact.  By detecting risk in the subtleties and complexities of operational and technical minutiae contracts professionals can have a huge impact.  The company is likely to spend less on legals as well as making it a far wiser and effective spend than now.

What does this say about contract management today?  Contract management is by and large an ineffectual and redundant function.  Sandwiched between project management, operations and legal – and adding little value to any of them – one has to ask what the point is?

What does effective, integrated contract management look like?  It would mean that once operational problems were detected and identified then analysed the contract managers would be able to determine the precise level of legal exposure.  This would require the contract management function to be able to analyse financial, operational and technical issues within contracts and assess them for validity, severity and impact (including probability).  The contract managers are then empowered to assist the business to deal with these problems.  This is not the contracts and commercial departments of today.

The contract management function described above requires a variety of monitoring systems:  From the top down, the business needs to analyse cost structures and EBIT for risks before variances arise.   From the bottom up, the CRM systems need to percolate a wide variety of issues which line managers can analyse for veracity, velocity and trend.

Identifying issues as potential contract problems is NOT the job of most line managers.  The contract professional has that job with the assistance of the program manager/account manager but acting together in an integrated business lifecycle a modern contract management function has the ability to reduce risks and legal spend significantly.