November 7, 2011 § 2 Comments
On my white board sits a list of topics that are near and dear to my heart; topics that I think about often and want to espouse, pontificate and illuminate. Most often, I think I have original ideas on these subjects and while I don’t feel I have the time to get it all out at once, I keep this list with the intention of banging them out slowly – one by one. And almost without fail, in my regular reading or research, I’ll come upon an article or book on one of these topics and then suddenly, like a bolt of revelation, someone’s beaten me to the punch; made the key insights that I thought were my domain.
The Surety of Fools
One such happening this past weekend as I perused the New York Times Magazine, a gentleman by the name of Daniel Kahneman wrote an article entitled “The Surety of Fools”, an adaptation from his upcoming book entitled “Thinking, Fast and Slow”. He hit on a key observation that is at the core of what I’ve been writing about over these last few months; misperceptions of risk. I won’t rehash the whole article, but in essence, Mr. Kahneman points out how we often hypothesize based on logic, but when empirical evidence belies our theories, we simply don’t believe the facts. He calls this phenomenon the “illusion of validity.” I love this premise as I see it so often with investment managers, news reporters, mortgage brokers, sport team coaches, politicians, voters and prognosticators in general – they all create their own reality.
Creating Your Own Reality
We ALL do it to some degree. We watch the news channel that validates our set biases. We befriend people who support and validate our opinions and views. On the topic of investment risk, operational risk and risk in general, how does that phenomenon play out? Do we see the facts and are we able to evaluate data without bias? Mr. Kahneman illustrates the reality of investment bias with examples of studying investment managers and how their performance is measured. The vast majority of investment managers he studies do not perform better than a purely random pick of stocks. Yet, the illusion of validity causes the management of the largest investment firms to bonus and commission those managers as if they are keenly skilled; as if the fund managers have brought tremendous value to their client’s interests. They create their own reality – instead of accepting that the unbiased data shows no value in their management of investment assets.
Life Sciences’ High stakes
There are even greater risk examples. Life Sciences companies such as pharmaceuticals, biotechnology and medical device firms have huge investments and pressures to produce new products. Each development stage requires rigorous testing and massive volumes of data. While the FDA enforces regulations and these companies are regularly audited both internally and externally, the pressure to produce is high. Time is of the essence when it comes to bringing a new drug to market; both for the sake of patients as well as profits. How well is the data reviewed and scrutinized before passing each validity stage? Is there a bias that errs on the side of validation ahead of rejection? Absolutely. Kahneman’s Illusion of validity is at play and the consequences are immense.
The Supply Chain Fog
For Life Sciences companies the risks involve patient health as well as immense risks to the company including product recalls, regulatory findings, lawsuits, and ultimately, reputation damage. The organizations I’ve worked with over these last few years are extremely diligent in their processes and methods for R&D, trials, manufacturing as well as distribution. But other operational risks do exist. In a post last year by Daniel R. Matlis entitled, “Life Science Executives Concerned about Outsourcing and Globalization Unintended Consequences”, Mr. Matlis notes, “In the drive to lower costs, manufacturing and sourcing of ingredients and components in countries such as China and India are playing a more prominent role. Yet, according to the research, outsourcing to manufacturers in developing economies carries significant operational risks. Industry Executives surveyed for the research said that Raw Materials sourced outside the US represented the greatest risk to the Value Chain, with 94% of those who responded seeing it as a significant or moderate risk. When comparing the risk profile of US vs. foreign raw material Suppliers, United States Suppliers were classified as low risk nearly 10 times as often as foreign Suppliers.” Any Life Science company’s ability to define, monitor and track each and all of their third party providers adds a level of complexity and difficulty. This difficulty stems from what consultants at Nimbus have labeled the “fog of process accountability, control and oversight.”
To be certain, this fog exists to some degree everywhere and obviously with supply chain partners even more so, but how well an organization tries to create clarity of process definition and clarity of quality both from within and beyond the enterprise is critical when managing operational risk. Perhaps the biggest concern I have with the phenomena of “creating your own reality” is the fact that the “fog of accountability” provides a condition for pushing forward; an excuse for not accepting what the data is revealing; and a scenario wherein doubt can always be cast on outliers.
Focus on the Facts
I spent part of last week with a biotechnology firm’s scientific directors, their CIO and colleagues from TIBCO, briefing them on my company’s software technologies and how they apply to the wide variety of process areas they represent. The volume of data and the complexity of that data as it applies within their product trials is tremendous. Next week I’m with a medical device company who’s in the process of a major transformation and will need to address most every operational area as part of a corporate spinoff. These are just a couple of quick snapshots, but they epitomize the speed with which organizations change, adapt, and grow. Speed and volume is only increasing – further escalating the demands for validation of each initiative.
I can only hope that Mr. Kahneman’s “illusion of validity” is tempered when organizations manage operational risk and the key decisions that drive product development. The stakes are indeed high when it comes to Life Sciences, but every industry is predisposed to this condition. In short, we can never be to too sure. Let’s not fall too in love with our own marketing slogans. Let’s understand the complexity that we’re faced with, make our best, valid judgments and do the best with the facts we have. While there is never purity in our judgments, we can at least try to be aware of the propensity to fulfill objectives through maintaining a blindness to the facts.
September 7, 2011 § 6 Comments
This past week the company I work for, Nimbus Partners, was purchased by a larger software company, TIBCO. I can’t comment on the process of due diligence of the deal, but as any large acquisition is considered, a great amount of analysis must be performed. To value any software company, the acquirer must value the assets for product technology, position in the market, product position within the existing family of assets, the company’s existing financial state as well as projected earnings potential.
This acquisition is one of many major decisions that executives at TIBCO and other corporations go through every year. Some investment options require incredibly in-depth analysis while other investment decisions may be made quickly with far less due diligence. There are plenty of reasons for performing an analysis on an investment to a given level and not to a finer level. When purchasing a stock or making a trade on an existing holding, how much information is driving your decision? Did you read the prospectus of the latest 10-Q? Did you attend the recent investor conference calls with management? Did you get all the answers to your concerns of the latest one-time charge to net income? The odds are you didn’t. The odds are you’re trading on gut feel of the situation or you’re trading on some limited understanding and you accept that risk based on the fact that simply don’t have the time to do all of the research you would have liked. Now, you might also put your trust with money managers or fund managers; expecting they are doing all the analysis required to make good value judgments that are in line with your risk profile and your investment objective. Again, are you sure they are going down to a depth of analysis that ensures risk is minimized?
A Hedge Fund Legend
Recently, I read about a very successful investor named Michael Burry. For those of you who haven’t heard of Mr. Burry, he gained a degree of notoriety for wisely betting against banks’ mortgage holdings and cashing in massive returns for his hedge fund when the credit crises hit full tilt in 2007. His brilliance wasn’t just that he recognized a good bubble when he saw one, it’s the way he figured out how to capitalize on this realization that a spectacular amount of mortgages were doomed to fail. The fact is, when Mr. Burry first became convinced that the type of lending that banks were engaged in was destined to result in large numbers of defaults, there was no real instrument for wagering against the performance of these notes. The various tranches of subprime mortgage bonds could not be sold short. Even with his conviction that the subprime mortgage bond market was doomed, he could not capitalize on it.
Then came Mr. Burry’s discovery of the credit-default swap. It was basically an insurance policy that could be purchased against corporate debt, but that was only useful for betting against the companies that would likely default such as home builders. Ultimately, he convinced a number of big wall street firms to create them including Deutsche Bank and Goldman Sachs. Now, what made his work absolutely brilliant was the fact that he would spend untold hours poring over each bond prospectus, only investing in the most risky of those assets. He was performing the due diligence on each of the loans, such as analyzing the loan to value ratios, which had second liens, location, absence of income documentation, etc. Within each bond, he could sort out the riskiest of the lots and incredibly enough, Deutsche and the other banks didn’t care which bonds he took positions against. He essentially cherry-picked the absolute worst loans (best for him) and found the bonds that backed them.
Mr. Barry would ultimately bring his investors and himself astronomical returns at a time when the vast majority of investors lost roughly 50% during this crisis. If you read about Mr. Burry, you’ll find there is much more to his story as he is unique in many ways, but one key point that separates him from the pack is that he does his homework. Details matter. How these loans were structured matter to all that were connected to them. In these bonds were real loans that represented real value. Understanding the risk factors would immediately point to a very low valuation on these bonds.
I’m not going to delve into the full issue of responsibility relative to loan originators, banks, Fannie Mae, borrowers, etc, but suffice it to say that solid due diligence reduces the risk of any transaction. The more you understand about the asset under consideration, the better you can predict its performance. It’s as simple as that.
So, what’s with my title, “The Interconnectedness of Things?” Well, it got me thinking about just how interconnected we all are. Without getting all Jean Paul Sartre on you, let me point out the most common difficulty in all of management: interconnectedness. That’s right, interconnectedness. The fact is; executives hate it. But it exists. We have the tendency to measure performance of an exact metric; of an exact process step, or an exact person. We like to think that sorting out the specific items of measurement can enable us to understand what is strong and what is weak. Fix the weak bits, keep the strong bits, and voila, you have Lean. But, from the work I’ve been involved in, it’s not so simple. Similar to the difficulty of sorting out all the bits that make up a good loan from a bad loan; a good mortgage bond from a bad mortgage bond; business processes can be extremely complex and highly interdependent.
How do we get our arms around the complexity of process? Mostly, in very distinct ways. How many of us love to look at organizational charts, value chain analysis diagrams, system architecture diagrams? If you are shaking your head “yes”, I’m deeply sorry. The fact is, we are trying to ensure we understand the interconnectedness of things, but we often do that work in silos. In efforts to diagram process or entity relationships of systems or people relationships, this work is most often performed as one-off attempts with a singular purpose or project in mind. They are not done to ensure a wider scope of understanding is gained and maintained. And therein lies a serious shortcoming of those efforts. With islands of understanding, there may be some level of interconnected understanding, but the silos remain silos and whenever we look at those groupings within a map or chart or a diagram, there is too much lost information. The value of what you have is just as quickly defined by what it does not have. (Perhaps some Camus?)
Devil’s in the Details
So, how do we connect all these silos and how do we know when we have enough detail? These are big questions to which there are no silver bullets. During a recent engagement, I was working with a global IT organization who brought together four business units to define standard global processes. Ultimately, the idea was to consolidate where possible, but initially they needed to capture how each unit was operating. I’ve done this type of work a number of times and what still amazes me each time is how often we find gaps in processes, areas that are not understood, as well as overlaps where steps are replicated and no one knew what the other one was doing. As we embarked on the journey of process design, the key question that this team asked of me was, “how many levels down do we need to go?” My answer was pretty simple: go down to the level of detail that someone from outside this process area can read and understand what is happening without any ambiguity.
Imagine if you will an organization that has documented down to that level in a consistent way across their organization. Further, imagine a singular map with diagrams that connect to all appropriate related process steps, to all related electronic content and within a platform that provides instant feedback from the personnel that perform the operations. Now, that’s getting your arms around complexity and it tells the story of the interconnectedness of things.
Finally, once we gain perspective on this interconnectivity we can truly understand what is working and where risk lies. For it is risk that we are constantly managing. The banks that held large amounts of mortgage credit were blind to what was in the big bag of bonds that contained smaller bags of loans that contained all kinds of facts, some of which were never gathered (such as income verification). Did they completely understand the interconnectedness of things? Did they get down to a low enough level of detail to really understand the assets that so much was riding on? To reduce operational risk, the devil’s in the details. Get your arms around process, get your arms around the details and know what you’re buying into.
August 8, 2011 § Leave a comment
Forming a Process Centric Model
Regulatory bodies and compliance rules are as old as civilization. Early Egyptians, Greeks, Romans and Indians created standards and rules for business. These rules were centered on weights and measures as well as currency, but today regulations come from many sources.
When we look at a regulatory construct, we are effectively looking at rules, laws, guidelines and best practices that are dictated by a governing body. I say dictated, but these rules are generally a set of statements that have been developed, reviewed and ultimately enacted through a governing board within a corporation. Regulations may also be established as governing boards that are industry related and many regulations are based on governmental laws (federal, state and local agencies). The volume of these regulatory books and the volume of statements contained in each can be enormous depending on the industry and corporate size. Public companies have the Securities and Exchange Commission to deal with. Companies with global operations have to comply with varying laws that are relevant in each operating country; adhere to health and safety standards, hiring and firing requirements, social responsibility requirements, etc. If you’re a financial services firm, a plethora of regulations guide how you account, record, trade and settle. If you’re a pharmaceutical company, strict standards dictate how you run your clinical trials, record your findings, label your products, etc. Now, add in all of the internal standards that govern your best practices related to your unique products, partnerships, and contract types. As we can easily surmise, the complications that result are immense.
The SOX Phenomena
In 2003, after starting my own software services firm, I sat with the head of compliance for a Fortune 100 construction company to review their requirements for Sarbanes-Oxley. Within a day of information gathering it became clear that their main objective was to look at how to manage a set of “controls” by recording who was responsible for each and whether it was working or not. Now, to be clear, a “Control” is simply a process step that has an owner and it’s in place to mitigate a risk to the organization. So, what this company was doing was to create a “matrix” of relationships between identified risks, controls (mitigation steps), owners, and the process area they relate to. As I discovered in the weeks following these meetings, almost every company that was scrambling to comply with SOX was doing this exact thing and they were almost all risk/control matrices in spreadsheets. The problems with that approach was universal and having a collaborative, relational data storage solution was an obvious need.
Process is the common denominator
While I grew my business by developing software to address this requirement, other interesting similarities emerged from my client base. Companies were not only interested in passing an audit or dealing with the SOX regulations. They had a dozen or more other pressing regulations that required the same type of solutions. In each case, whether it was FDA regulatory 21CFR part 11 or ISO9000 or Basel II, or the variety of internal standards that was being addressed, the same basic needs existed. Companies needed to understand the regulations, identify the risks, controls, gaps, remediation steps, owners, process areas and manage all of that information somewhere. Most commonly, that meant in an independent spreadsheet. And what was the one thread that formed the backbone of all compliance management? Process.
Another Fire Drill?
What I found was that each process area (ie: HR, Finance, Manufacturing Ops, etc.) was being hounded by internal audit teams, compliance directors, external auditors and quality managers to document their processes; document their controls; document their risks; document their issues; document remediation tasks, and on and on. It’s amazing that anyone was ever actually doing their day job. During the nearly ten years that I’ve worked with organizations on regulatory requirements, very little has changed in this regard. I have yet to encounter a company that manages all of their compliance and regulatory requirements from a single platform. Some organizations have made strides with managing process details in a more coordinated fashion, but most still deal with each compliance requirement as a separate challenge involving separate projects.
The issues with this condition are perhaps obvious; each time one of the regulatory initiatives is executed, operational leaders are reliving the exact nightmare! It’s Groundhogs Day! I’ve had leaders within Pharmaceutical clients tell me that rarely does a year pass before they have to execute another fire drill of process capture, internal review, internal audit, and external audit. Invariably, it’s a short sighted exercise to check a bunch of boxes and get a rubber stamp, so we can get back to normal operations.
The Single Platform Vision
Now for the good news, things are changing. During my four year tenure at Nimbus I’ve seen an awakening within highly regulated industries to stop the nonsense. It all begins with proper process management wherein organizations do the following:
- Define end-to-end processes using a simple notation for business end users.
- Govern process definitions and all related reference materials in support of process execution.
- Manage regulatory and internal standards within structured, governed statement(s).
Process management should not become the result of fire drill exercises to satisfy auditors, rather BPM should be an integral part of knowledge capture, process improvement, compliance management and business agility. As one executive summarized when heading into a board meeting after meeting with me, “We can’t improve what we can’t understand.” As I’ll discuss in later postings, there is both a mechanical nature to BPM and a cultural one. Very few cultures are used to maintaining a high level of accountability and continuous management of process content. Just putting systems in place is not a cure-all and as we’ll explore, organizational culture plays a huge role.
August 4, 2011 § Leave a comment
As I discuss in my posting on Active Governance, I find a great deal of reluctance by executives to invest in managing and controlling process information. There are a few factors that play into this reluctance by executives. The first fundamental fact is that leaders hate spending time, resources and money on things that do not obviously make them money. No company is in the business of governance. Included in this category are other supporting operations such as Information Technology, Finance, Human Resources and Legal. Most organizations do not value the investments in those parts of the organization as value drivers. They are viewed as infrastructure. They’re necessary for holding up the theme park, but not necessary to generating revenue and profits. As long as these non-value driver (NVD) processes serve the most basic needs, keeping costs minimized is the objective.
BPM treated as the “necessary evil”
The approach to NVD operations is the same objective to compliance and governance. They are necessary evils. They must be done, but the objective is to minimize costs to provide only the essential requirements. Spending beyond the minimum provides no additional value to the organization or its investors. If I spend more money to ensure a higher degree of IT support, it’s not likely to translate into more sales this quarter. In fact, the cost of new systems or additional resources will shrink margins and drain profitability.
While there is some truth to this common condition, I contend that organizations must appreciate the value of ALL processes. They need to see help desk support processes as equally valued when compared to sales processes. Further, they must harvest and protect these unique processes as much as they value and protect the secret sauce locked in the impenetrable safe. Where does Coca Cola or Heinz keep it’s secret recipes? You bet they are secure and carefully managed.
An IT Transformation Case
One of my clients has over 3,000 IT professionals in the US supporting the subset an organization of about 300,000. How well this IT organization operates has a huge impact on the overall health of the company. But, how are these processes managed? How are they understood? When I embarked on a major transformation effort with them, several issues were well understood.
- Costs could be reduced if they could consolidate overlapping processes across four major business units.
- Quality could be improved if the global organization could identify the best performing processes and then standardize on those high performing processes.
- A technology platform for managing process content could allow them to sustain all changes and improve process ongoing.
- Future change considerations could be achieved far quicker and with a greater degree of certainty if process content was maintained and understood.
- Process content within a management platform could be leveraged for governance and compliance initiatives, eliminating future process documentation projects.
What Makes Us Tick?
From this experience and others, I’ve found that it’s the unique processes that organizations possess that can make massive differences in profit margins as well as massive differences in revenue generation. A sales approach is a process. A pricing approach is a process. Partner channel development is a process and success in those approaches needs to be harvested as repeatable processes. It’s these successes that are some of the most important assets of an organization. But how are they harvested? How are they repeated? Who actually understands them? If a key individual leaves or a group of key people leave, does our ability to tap into that market disappear? Do we lose the ability to form specific partner relationships?
And within IT or HR or Compliance… what about those areas of the business? Are they just as important as the secret sauce? A colleague of mine, Chris Taylor, recently highlighted the “secret sauce” issue in his posting on end goals. He surmises that the “end goal of BPM is creating revenue for your company”. As I will detail in later postings on this blog, BPM impacts top line revenue, cost containment, bottom line results, compliance management, risk management, business agility and investor confidence among other key business benefits.
I find a varying degree of understanding and appreciation for protecting the “secret sauce” of the organization. Some organizations are highly protective of their processes and understand that the unique way they manage provides higher margins, quality products, quality service, customer experience and competitive advantage. Process Management is the critical foundation, what is too often viewed as mundane infrastructure that is the secret sauce. It just may be the case that new product development, marketing, and sales truly deserve the accolades, but again we must ask, how well has the organization captured that secret sauce and protected it?