Since early 1980s, the "democratisation" of IT resources increased the amount of information shared and stored, while producing new sources of pressure for innovation (both real and apparent), and a constantly reducing lifespan of new "management buzzwords" and tools.
Since early 1990s, the widespread use of external resources and COTS (Commercial Off-The-Shelf) business and software solutions helped reducing the operational costs.
Way too often in recent years consultants were requested from customers to take over processes and activities which required a sensible amount of knowledge of the customer's internal processes, supplementing knowledge that used to be "in house"- or maybe was still there, but in another department, and therefore unreachable.
Eventually, the internal knowledge of processes was adapted to the external "standardized" approach offered from the external suppliers.
The net result? The Total Cost of Ownership of a specific subset of knowledge increased.
External resources (consultants, outsourcing companies, software suppliers) became eventually practically owners/initiators/facilitators/negotiators of internal business processes- a long-term loss
of knowledge for the customer.
Sometime, this transfer was formally sanctioned with the establishment of "joint-ventures" between the customer and the supplier.
A more in-depth discussion of "outsourcing" (with and without "joint ventures") will be contained in the next issue of BusinessFitnessMagazine, but the impact of externalisation of full processes on knowledge retention cannot be discounted.
Processes that are not "core" could benefit from the externalisation to suppliers that are more focused and can achieve economies of scale.
Transferring core processes, or replacing them with external processes without willingly adapting the corporate culture to this new approach could result in a reduction of the control on your own activities- i.e. an activity detrimental to your security posture.
We believe that while security can be added to any process, embedding security inside a process, by defining in each task some security components, both reduces the cost and improves the overall security posture of your company.
Consider a process as a chain: the strength of the chain is the strength of the weakest link.
As will be described in the next issue, externalising a process require a clear definition of responsibilities and overall integration of the process with the other corporate processes.
The loss of control of internal processes resulted in the quest for a partner with the depth and breadth of skills and knowledge required to cope with taking over complete processes.
This shift toward "sizing" produced another side effect: larger organizations have higher overhead costs, and also consultants started developing an "economies of scale" business approach.
Each activity was required not only to produce knowledge to thesaurise and maybe reuse, but entire solutions were to be reused.
Also, as the suppliers became larger and their solutions became a "de facto" standard, the customers often lost the capabilities to negotiate the content of the processes, and therefore the differentiating factor vs. their own competitors.
The economic model adopted from the suppliers required a minimal use of highly skilled resources, and large teams of lower skilled resources focused on customizing the standard solution.
This customisation was not limited to the deliverables: progressively, also methods and processes were "reused" and customised, with an additional layer of costs on each project.
Practically, this was akin to attributing to each customer of a part of the thesaurisation overhead of the supplier.
Also minimal changes seemed to require extensive use of external resources, as a sensible amount of consultants' time was devoted to actually integrating their pre-existing solutions into your own business processes- or the reverse!
Y2K and Euro activities, where consultants were seemingly scarce, showed that companies could find a way to ensure business continuity with a limited use of external resources.
Since 2001 the European market has seen a constant reduction in both the size and scope of projects involving external resources, while major projects have been carried out using short-term planning horizons.
Some would say that the costs involved in Y2K, Euro, ERP, CRM, and now the current war are the culprits: our position is that the '90s spending binge produced structural changes in both the demand and offer for consulting services, changes that have not always positively affected the long-term viability of businesses.
This issue will show how a more appropriate knowledge retention policy could increase the business flexibility needed to cope with normal market uncertainties.
Some interesting side-effects could include:
- allowing to plan for long-term capability to reduce the impact of unforeseen major events
- improving your security posture, as the policy will help you identify who should be in charge of the business continuity of each process
- identifying the cost/benefit ratio of each knowledge provider.
The net result will be embedding security in your own business processes, by ensuring that your own resources control the evolution of your own processes according to your business needs.
|
Current issue