+1 812 868 ROSS (7677)

Of co-location and fiduciary responsibility of services…

by | Nov 1, 2007 | Blog, Business

I’ve been
thinking about something the last several days, you know I sit on the board of
a couple of non-profit organizations, and we’ve been looking at outsourcing
services to other organizations. I also had a discussion about outsourcing with
a lunch partner today, and this thought cropped up again.

As outsourcing
of mission critical services becomes more and more commonplace, especially in
small business where business owners don’t have the means to maintain a
dedicated technology staff, I have a question about how service organizations mitigate financial risk from service failures.

In
businesses that build and sell widgets, you would typically carry a warranty
reserve as a liability on the balance sheet to compensate for the cost of
returns from the field. But that doesn’t work in a services business that hosts
and maintains mission critical applications (and quite often sensitive private information). What happens if there is a failure that causes a service outage
for a length of time (which in many cases isn’t very long) creating a financial
impact on the business that relies on the service?

I mean,
I’m sure the company backs up, and I’m sure they co-locate their sites.

I’m
talking from a financial responsibility perspective, how they carry a loss of
service/information liability on their books.Even a publically held company’s
10Q mentions service disruption risks as part of their operating model, go ask
your CFO if your financial processes account for those service disruption risks
on the balance sheet.

Here’s
the reason why; any business that provides goods or services has some type of
reserve on their balance sheet to cover the liability of a failure in either
goods or services.

As part
of the T&C of the service agreement, they will make some claim regarding
confidentiality, integrity and availability of the information and service. If
they fail to meet those T&Cs they’re going to experience a liability. How
do they carry that liability (and how much) on their balance sheet?

It’s
important to know because we’re entrusting our very private and critical
information to a service outside of our control. I’m sure they do their due
diligence on backups, but it’s easy in a fast growing business to not keep up
with the controls necessary to protect the C/I/A of the information (both from
a process and infrastructure perspective).

 The single failure cost of loss to a small business could be
catastrophic (think loss of either information or unintentional divulgence of
information). The company you contract with has some financial responsibility
to make you whole (at least in part) because you have the SAME responsibility
to your community (think about it this way, if your credit card information was
left out on someone’s desk, the cleaning crew came by, took it and ran up
thousands of dollars on www.myporn.com, you’d expect the company to attempt to
fix the problem, wouldn’t you?).

So the
question is how does the company mitigate that risk? In similar cases the way
to transfer the risk is through the purchase of insurance, but you can’t insure
against that. So the company has to self-insure by carrying a liability reserve
account on their balance sheet. Ok, so now, the company has thousands of
clients, right? *IF* there is a failure (in service or process) and *IF* the
company doesn’t carry enough of a reserve on their books to compensate their
clients for a claim, they can’t (or won’t) attempt to make things right without
a fight.

Now, I’m
not so naive to think that we’re going to change anybody’s mind about how any company
does their internal risk mitigation or accounting. But if a company has shown
enough foresight to put internal controls in place to mitigate financial
liability against these types of risks, then there is a good chance that they
have enough foresight to place control in other parts of their corporate
governance. And, if they’re a publically held company, then SOX applies, and
they’re being audited on GCC anyway.

Now
before all y’all think that this makes no difference, and that I’m tilting at
windmills, consider that just in the last couple of weeks, that Home Depot had
a laptop stolen with "the names, home addresses and Social Security
numbers of 10,000 employees," AND Iron Mountain a DATA PROTECTION SERVICES
COMPANY admitted it lost a decade’s worth of bank account data and Social
Security numbers for almost all Louisiana college applicants and their parents
during a move when a driver apparently failed to follow company security
procedures.

All of
these weren’t malicious attempts at terrorism, they were simply part of the
category of sh** happens.

At the
end of the day how a company’s internal processes address these types of risks
is a barometer of where their focus sits.

 

Bringing ‘Lean’ Principles to Service Industries — HBS Working Knowledge

by | Oct 22, 2007 | Blog, Business

Link: Bringing ‘Lean’ Principles to Service Industries — HBS Working Knowledge.

In his book "The Machine That Changed the World," Jim Womack, et al. discusses the inception of "Toyota Production System," eventually to become known as lean manufacturing.

The basic concept is simple (ok, for all you lean experts, I know this is an oversimplification, but give me a break), figure out how long it would take to make something and how much material is needed, if everything went according to plan; no delays in assembly, no part shortages, no rework, and so forth. Whatever happens to make that ideal time take longer and use more material is called waste (or muda in Japanese). For example, if I’m making a red Swingline stapler, and I can’t finish an order for a customer because either the red plastic housings were late, or I had to pay an expedite charge to get them on time, or I had to throw a bunch of them out because I ran over them with a forklift, all of that is considered waste.

Waste in a process, any process, is bad; it doesn’t contribute in the least adding any type of value to the thing you’re making. Waste is also inevitable; you simply can’t get around it. So, the basic notion of lean manufacturing is to remove as much waste from a process as is possible. It’s a balancing act, between capacity, quality, and efficiency.

Ok, I said all of that to say this… Over the last 20 years tremendous strides have been made in implementing lean manufacturing concepts in a number of manufacturing settings. What have been lagging behind, dramatically, are similar concepts in “soft” or office processes. Office processes are notoriously wrought with all sorts of waste. When was the last time you had waited on a reply to an email on some issue that required an answer prior to completing some other task? I’m not being self-righteous, I engage in waste myself, and waste is unavoidable because we are human and flawed.

That said small incremental improvements (called kaizen in Japanese) is what is required to move forward. We’re talking evolutionary, not revolutionary. You can’t fix the world all at one time, so how do you, as the cliché goes, eat an elephant? The answer is one bite at a time. That’s what kaizen is all about making small incremental and measurable improvements in processes.

In the referenced article from the Havard Business School, the author Julia Hanna discusses the ideas of bringing lean principles to the office process and services industries. There are so many sectors that need this kind of help, the social services and non-profit sectors are prime candidates for this type of assistance. The non-profit sectors are often overworked, but have people with a passion for what they’re doing, and they’re often doing and re-doing tasks over and over again. I’m involved as a board member of two non-profits and see this as an ongoing problem, and for these organizations to succeed, simplifying processes to minimize labor, material, in short waste, is a key business concept.

Trying to make the connection for the office folks is another story though, it’s often the case that conveying the need for this type of improvement is difficult to effectively communicate if the individuals involved don’t really have a background for it. Also, not all lean principles translate into lean office concepts; some creativity in plying the lean concepts is in order.

This is an excellent article discussing some of the research in implementing lean in an office, and perhaps we’ll see more of it in the social and NPO sectors.

Here are some good references to read:

Wikipedia: Lean Production

SME: Lean Office

Now, I’m off to Poke Yoke a purchasing process.