So, where is corporate America in this wild technology ride? The leading companies are right there, setting the pace for the digital revolution, taking advantage of technology magic to grow their businesses, increase profits and contribute to the world’s economic engine.
But, who has the map for going digital? This is a brand new road to travel, with few signposts along the way. Right now, companies can choose many different ways to make the journey to digital business.
Since there is no single map to follow, anyone can start the journey anywhere and in any manner. The challenge becomes knowing the right place for your company to begin and what path to follow. Can you digitalize part of the business, but not all? Every day, company execs ask questions like these:
Is it enough that my customers can order products online?
If we offer a mobile app, do we have a digital business?
We connect with customers through social media; what else should we do?
Digitalizing just a portion of your business isn’t enough today. For example, if someone gave you a set of handlebars and two wheels, would you be a bicycle?
Not even close. But some companies look at digital transformation in this way. Digitalize here, digitalize there, gather up the pieces and hope it translates into enough innovation to fuel business growth.
However, some organizations are headed in the right direction and others have reached their destination of a digital business. And, it turns out that there are map makers to help companies go digital. They are the heads of strategy, directors of business transformation, enterprise architects and others with a stake in change management and business process management.
Next week, March 21-24, these digital experts will gather at the Business Transformation & Operational Excellence World Summit (BTOES) in Orlando to focus on strategies for transforming businesses end-to-end, function-to-function, and process-by-process to gain competitive advantage in a digital world. Business leaders will hear how to rethink their go-to-market strategy, improve sales and product development, and reshape continuous improvement to prepare for the future.
One of the key ways these experts are succeeding in digital transformation is by leveraging enterprise architecture as the means to accelerate innovation and help manage change. You could be developing transformation scenarios right now, identifying the most appropriate one to support your company’s digital strategy. You could be reconciling application and technology portfolios to free up resources to invest in new digital technologies. You could architect new business processes to improve your customers’ journey as they engage with your organization. Your strategy and enterprise architecture team can do amazing things with the right knowledge, tools and support.
It promises to be a great event, hearing from architects and strategists about the challenges that are a priority for them and how they’re approaching them. If you’re going to be there, come find us - MEGA will be at booth #A6.
... View more
Every company lays out a strategy at the beginning of each year. However, according to Daniel Prosser’s Thirteeners, “87% of those companies fail to successfully execute the strategy they set for any given year.” That’s a pretty hefty number – so, how do you rise above it and become part of the 13%?
It’s difficult to execute on strategy when your strategy is vague.
Remember Napster, the innovators that had insight on the value of file sharing? With the first-mover advantage, they could have gained a competitive advantage through control of resources, and could have been rewarded huge profit margins and monopoly-like status. However, there were multiple flaws in their business model that left opportunity for new entrants to enter the market and compete more effectively and efficiently. 
If only they had the visibility into their processes and technical resources to map out the requirements to appropriately execute on their strategy.
Consider a GPS: it won’t tell you where to go shopping or who to visit - you need to determine the goals that are most appropriate for your needs. Once you identify a potential goal (“I’d like to go to Store X.”), the GPS can help you understand the journey that will take you to your destination. The scenario that the GPS lays out can help you determine if you want to follow through on that scenario or if there are things (like timing or resources) that you hadn’t considered. A scenario analysis like that may have helped Napster capitalize on their first-mover advantage.
Similarly, if someone else in your market is tries to branch out and capitalize on a first-mover advantage, but doesn’t have the visibility into how their organization’s processes and resources can specifically support their strategy, if you have visibility into the moving parts of your business ecosystem, you can leverage that visibility to make sure you have everything in the right place to avoid some of the mistakes of the first-mover and capitalize on a second-mover advantage.
Another concept that Prosser explains is that “the true challenge of building a great company, one that consistently executes its strategy, is understanding the real nature of human interaction and the key to success is connectedness.”
So, what does that mean for your business? How can you apply this concept to successfully execute your strategy next year?
Prosser states that “a business should be viewed as a network of interrelated conversations.” So, capturing those interrelated conversations and tying them back to specific tactics, goals, and resources will enable your business to effectively execute on strategic initiatives.
Once you have created a solid foundation on which to execute your strategy, you can then try applying the same moves externally, to your customer interactions.
In this new “customer age” where customers can wield their mighty sword in a single swipe on their smart phones to influence the flow of the market and the direction of your business, it’s important to have your finger on the pulse and the resources to rapidly respond.
Today, not only do customers expect businesses to present their value propositions in 140 characters or less, but they also expect you to listen and respond quickly while offering the cheapest, fastest, and highest quality solutions. Why shouldn’t they be able to demand the best customer experience when your competition might be able to do it better, cheaper, faster? That’s the beauty of a free market – competition will always keep you on your toes, and being the best prepared with the clearest plan will give you that advantage.
So, how do you compete for your customers’ love and loyalty? Again, it comes back to visibility and understanding where you are now, where you want to go, and how you’re going to get there. Not only does this apply to your business strategy, but at a more granular level it applies to improving your customer experience through customer journey mapping. For example, a roadmap gives you a clear picture of the ins and outs of how your customers interact with your product, your messaging, and your employees.
Are you ready to be part of the 13%? Learn more about how you can successfully execute on your strategy next year and become more connected to your customers. Download our eBook "Capture Digital Strategy Using Enterprise Architecture".
... View more
In the 5 Common Mistakes in Risk Identification, Analysis, and Evaluation blog post, we identified misunderstandings and missteps that many fall victim to when managing business risks. A 360° view of your business ecosystem helps you determine risk exposure and ensure regulatory compliance before your business is impacted. Of course, the original five mistakes aren’t the only things for risk professionals to be concerned with. Here are 5 additional mistakes to watch out for!
#6: Confusing gross risk and net risk
Gross risk, or sometimes referred to as inherent risk, is the level of risk prior to implementing controls and other mitigating factors. Net risk, or residual risk, is the level of risk after all measures and controls are put in place. Knowing how to classify these two types of risks is not always obvious, particularly when the controls are not clearly defined or available to the assessor. In the case where the controls are not clearly defined, risk assessors may not understand that their net risk is actually lower than they perceive. This can get costly and problematic because you end up focusing resources/bandwidth on risks that are already under control, and not focusing on risks that legitimately need more attention.
Going back to our example in the original 5 Common Mistakes blog post with the flat tire, assessors often put preventive measures in place (regular tire maintenance), maintain awareness of risk status (air pressure indicators on the car dashboard), and have reactionary/response measures in place in case of an incident (tire-repair kit in trunk). The number of risks & controls, and tracking the changes to controls, becomes too complicated to manage when using a simple spreadsheet (or similar tool).
A dedicated risk management platform provides the visibility necessary to effectively manage gross and net risk and avoid mistake #6.
#7: Establishing new risk control actions without verifying the effectiveness of existing controls
In the case of the flat tire, if you were to invest in a set of high-performing “run-flat” or “zero-pressure” tires like the ones that come standard on sports cars, Cadillacs, and BMWs, it would cost you significantly more than standard tires. However, simply adhering to better driving habits, conducting regular safety checks, and planning out your trips to avoid bad road conditions may deliver almost equal risk protection, and can prove to be far less costly.
All too often, in an effort to protect the business, risk managers put in additional controls to ensure that they have everything covered without taking into consideration controls that are already in place and can be optimized. The business may already have enough controls around a particular risk and the additional investment may not be necessary. It’s important to make sure that visibility is not obstructed and all options are gauged.
Mistake #7 can be avoided with a 360ᵒ view of information, managed in a shared repository that centralizes and connects all data related to risk management (e.g. risk, objectives, processes, departments, end-users, etc.).
#8: Limiting your risk management approach to either reducing or eliminating it
There are more ways to approach risk management than merely diminishing or completely doing away with a risk. You can also transfer it, share it, accept it as is, or increase it. With any one of these strategies, in order to apply effectively, you need to attain crucial information, including cost of implementation, the anticipated impact(s), set-up time, etc.
An effective risk governance system takes various options into account, but is particularly helpful when considering the possibility to increase the identified risk. Risk is a daily part of business and can affect all areas and at any level, and understanding the context of a risk is necessary for managing business expectations and achieving business goals. As such, a manager or a group of experts should be able to identify situations where accepting or increasing certain risks would be beneficial to the business.
#9: Letting your risk assessment go stale
When it comes to risk management, businesses focus on identifying and addressing their critical risks, then often find themselves stumbling into the pitfall of “over-controlling.” This can become a problem for any company where there are outdated risk controls in place. You don’t want to be in a position where so much time goes by between assessing risks and their controls, that you lose sight of why the control is there and whether it’s still necessary. If you’re trying to reassess the effectiveness of risk control plans from previous years, you may end up addressing risks that are no longer needed or are a low priority.
Reviewing risk controls and their relevance to the task of risk identification and treatment, and updating all of the information from various Excel spreadsheets to locate instances of over-controlling can be a daunting job.
To be more efficient and effective, boost your efforts with a tool that provides a dynamic view of the various controls connected to the identified risks, updated in real time. This allows your organization to have their finger on the pulse of where the business is now, what risks it may encounter, and how to manage those without unnecessarily impeding operations.
#10: Neglecting the proposed risk treatment plan
Since we’ve identified that one of the preventative measures to diminish the risk of a flat tire is checking tire pressure, it would be foolish to ignore this part of the plan, right?
Similarly, why put forth the time and effort to identify and analyze risks, then document and develop preventative measures, if you are not going to evaluate their impacts? While monitoring the risk is the most important part of the process because it produces the most tangible effects in the field; unfortunately, it is often overlooked.
Using a tracking tool that can be integrated with other types of action plans such as quality, performance, compliance, etc. that has alerts set up for monitoring purposes, will likely help to prevent Mistake #10.
We’ve reviewed the most common mistakes to avoid in the risk identification, analysis, and assessment process. Do you find yourself in one or more of these scenarios? How have you managed to swerve around them? With MEGA, you can determine your risk exposure and ensure regulatory compliance with a 360ᵒ view of all risk management processes. To learn more, read about HOPEX Operational Risk Management.
... View more
Still managing your IT Risk like it’s 1999? I’m sure you’ve watched technology drastically change the way we do business in the last couple of years, let alone in the last couple of decades! From mobility, to BYOD (Bring Your Own Device), the Cloud, and IoT (Internet of Things), let’s face it – times have changed. These changes have opened new doors for consumers, revolutionized uses and transformed society. These days, CIOs are well aware of the new era we have entered: the digital age.
As one of the ambassadors who has helped usher in this game-changer, CIOs continue to seek new and innovative solutions to manage IT risks in the cheapest and most streamlined way possible, while improving security and trust. How would one begin this search? By questioning two common practices:
confining IT risk within the IT department,
IT Project Managers and IT Risk Managers working independently from one another.
Confining IT Risk within the IT Department
IT risks such as maintaining business continuity, data security, IT compliance with regulations, and protection against cybercrime are not just IT issues. They span the entire organization and affect every department, from sales and marketing to finance and legal, because they have a direct impact on business performance.
Let’s take a look at damages caused by cybercrime. According to a 2015 Grant Thornton International Business Report, one in six businesses experienced a cyber-attack in 2014 with a total cost of attacks globally estimated to be at least $315 billion USD.
New technology (both hardware and software) can present threats to profitability and more importantly, security. To ensure that a robust risk management system is put in place, CIOs must involve the entire organization in order to align all priorities and business goals. They will need to find links between the potential impacts of the risks and the company’s processes and objectives.
IT Project Managers and IT Risk Managers working independently from one another
ITPM (IT Portfolio Management) enables IT managers to obtain a 360ᵒ view of all applications, their functional coverage, their impact on the operational performance of business processes and the relationships between the information within the various system components.
ITRM (IT Risk Management) provides a complete view of all IT risks, threats and vulnerabilities, dependencies with suppliers (e.g. SaaS models), and the risks of non-compliance. Operational business performance is directly threatened by new IT risks, therefore, it is essential that IT managers and risk managers collaborate and share their views of their respective portfolios. Both teams need to understand the applications that support the various departments in order to help them identify where the most critical risks exist. For CIOs, complete visibility into the risk process allows them to better understand and measure their level of impact on the entire organization.
Embedding the risk component (ITRM) into your ITPM is a smart way to manage IT risk. This allows the CIO to gain the agility and responsiveness essential to ensuring his/her role as an organizational leader in the business’ successful performance. To learn more, download our white paper: IT Portfolio Management – Boost Business Value by Incorporating Risk.
... View more
There are numerous ways to identify, analyze, and assess risk. And it can take various forms – depending on context, industry and lines of business. But regardless of the type, there are five common mistakes to avoid. What are they and how do you ensure that you don’t fall for them?
# 1: Not understanding the difference between risk analysis and risk evaluation
Risk analysis identifies the causes and potential impacts of a risk, qualitatively. For example, you’re driving down the highway, when all of a sudden, you get a flat tire! You try to figure out what could have caused it: tire pressure, driving too fast, poor road conditions, a nail in the tire, etc. Then, you take into account the immediate and long-term consequences: your safety and those around you, financial impacts, long-term damage to your car, legal ramifications, etc. The causes and impacts are part of the risk analysis.
Risk evaluation is when you define the seriousness of the risk in relation to other risks. It is the quantitative part of the risk assessment. Going back to the driving analogy, getting a flat tire is a risk worth paying attention to, but how does that compare with the risk of a head-on collision or the risk of skidding on ice? Understanding the risks associated with your business and how to prioritize them will allow you to allocate resources in the most appropriate manner.
It’s important to recognize the difference between risk analysis and risk evaluation to determine when to apply each practice.
#2: Involving the wrong people in the risk assessment
It’s important to ensure the appropriate stakeholders are involved in the risk assessment process. Going back to our driving analogy, we would want to make sure that people who are familiar with the car and the associated circumstances that result from getting a flat tire while driving are contributing to the risk assessment. Without that specific experience, he or she may not be able to foresee potential ramifications or consequences. Would they understand that the car may violently pull to one side if a tire blows out while driving? Would they understand that there would be an immediate and dramatic loss of control of the car? Probably not. Ideally, a person analyzing and evaluating the risks of a flat tire would be a person with prior experience and an understanding of the associated results.
Having a tool that centralizes all of the data, along with the information on the end-users and their roles, can provide the context necessary to help you identify, analyze, and evaluate risk more accurately.
#3: Confusing risk factors with the risk itself
A risk factor can contribute to the likelihood of a risk occurring, but it is not the risk itself. Under-inflated tires, unpredictable weather, or potholes in the road don’t necessarily mean that you’ll end up with a flat tire. However, these risk factors can contribute to the likelihood of getting a flat. Being able to distinguish between “risk factors” and “risk” is helpful in determining causes and consequences of specific business actions. This enables stakeholders to build the correct preventative and reactive measures into strategic plans to avoid, minimize, and mitigate associated risks.
#4: Assessing risk without all the necessary criteria
Company-defined objectives to measure the success of a program must be used to identify and assess associated risks. The danger lies in making an assessment based on the evaluator’s risk appetite, instead of basing it on the company’s goals.
To avoid this, the risk evaluators will need to be equipped with the company’s objectives so that they may perform an analysis in line with business goals. Having a solution in place to help communicate this information to the right people at the right time is key. To add further value, an integrated solution will need to include organizational, strategic, operational, and cost information related to identifying, analyzing, and assessing risk.
#5: Comparing risk to the effectiveness of controls
Don’t compare risk to the effectiveness of the controls you’ve put in place. Instead, you need to understand the way the controls affect and reduce an inherent risk into a residual risk. In the driving example above, the risk is getting a flat tire, while the controls are regular tire checks, taking alternate routes to avoid damaged roads, keeping your AAA membership active, etc.
To accurately assess the situation and put an effective strategy in place, it’s important differentiate between the risks from the controls put in place. Understanding this and prioritizing them will allow you to allocate resources appropriately.
Do you find yourself in one or more of these scenarios? How have you managed to swerve around them? With MEGA, you can determine your risk exposure and ensure regulatory compliance with a 360ᵒ view of all risk management processes. To learn more, read about HOPEX Operational Risk Management.
... View more
The key is to accept risk: learn how to navigate around some risks and manage others. Digitally transform your business by taking a risk perspective into account when rationalizing and modifying your IT portfolio.
You’ve got ideas to digitally transform your business, so where do you begin?
To transform your business to meet today’s market demands, you need to be innovative. And there’s a good chance that to be successful with your innovation, you'll need to take on new risks. Given the rapid pace of change today, how does IT manage this additional risk? And as if that responsibility wasn’t enough, the IT department is also expected to drive and support many facets of the business, all the while streamlining IT costs and establishing a foundation for digital transformation.
As you know, nothing in life is risk-free. Everything is accompanied by risk. But, the key is to accept risk into your life, learn how to navigate around some risks and manage others.
Let’s take a look at some of the risks associated with transforming your business:
Sluggish, inefficient applications that slow down your business
Since the dawn of the digital age, CIOs have been catering to their organizations by constantly offering "band aid" solutions to meet immediate needs. However, this piecemeal approach often results in random and hap-hazard extensions, modifications, additions and siloed solutions that offer immediate gratification, but prove to be short-term in value and costly in the long run. This practice ends up hindering overall operational effectiveness, and increasing IT risk and cost.
When individuals in your organization take it upon themselves to resolve their IT needs without organizational support and/or approval, it often leads to clutter and chaos of your IT portfolio. This poses detrimental effects to the speed with which the IT department can respond to growing business needs and demands, especially if you want to champion a digital transformation. This trend of acquiring rogue applications causes increased security risks, compliance issues and data breaches.
The introduction of new technologies and behaviors, such as mobility, the Cloud, IoT (Internet of Things) and BYOD (Bring Your Own Device) pave the way for IT consumerization – revolutionizing the way we use technology and transforming not just business, but society as a whole. This forces CIOs to deal with added risk such as protection and confidentiality of personal data, company data security, and regulatory compliance.
Question: How do you prevent this from turning into a catastrophe?
Answer: Three easy steps …
Inventory Phase. Take inventory of your IT resources and determine the associated coverage, costs and risks.
Evaluation Phase. Assess the impact that each application has on business performance and their vulnerability to risks.
Transformation Phase. Develop and compare transformation scenarios through various criteria such as risk on quality, risk of feasibility and costs.
Risk exists. You need to be aware of it. Then, navigate around some and manage others. With MEGA, you can digitally transform your business by including a risk perspective when rationalizing and modifying your IT portfolio.
Bring broader value to your digital transformation efforts by taking a risk perspective into account. You owe it to your business.
To learn more, download our white paper: IT Portfolio Management – Boost Business Value by Incorporating Risk.
... View more