Archive by Author

Business Continuity Framework

10 Feb

Here is a sample framework that I came across and found quite useful:

BC Structure

 

 

[1] http://www.anao.gov.au/betterpracticeguides/workbook/workbook04.html

Advertisements

Why are firms poor at disaster recovery?

10 Feb

If a firm has IT systems inside their business, then Business Continuity is an important part of what they should be thinking about. One of the biggest fears for the IT manager of any company is the catastrophic loss of data – this might be through a server failure, a data loss or a power overload causing a server to go down. Not only will the firm lose the data, issues will arise over compliance, legal implications with regards to loss of data and the exposure and public relations issues, all of which can have a huge impact on the running of a business. It is therefore essential that all businesses have a Business Continuity plan for their IT services.

Disaster recovery used to be reserved for large enterprises, but in the increasingly 24/7 business world, more and more midmarket firms are finding they can’t afford not to keep things running. And high-availability requirements are growing all the time.” [1]

Some companies are just poor at IT disaster recovery in general and there are a number of reasons for this, such as:

  • Regulatory Compliance: A lot of companies tend to be under rules and regulations about how the data should be kept and secured, who should and shouldn’t have access to it and of course the often high cost of having a data recovery infrastructure.
  • Processes and Procedures: These have to be constantly updated and tested. In addition there has to be consideration taken for the risk of errors – a lot of these systems will involve human processes and therefore will be prone to human error.
  • Lack of Testing: A lack of test strategies inside the organisation to ensure the disaster recovery processes actually work. “The impacts of failing to test, however, are a significant erosion in the investment made in developing a technology recovery solution. Failure to exercise plans and people, or only ‘testing’ once a year, leaves an organization and its recovery capabilities unprepared for an actual incident.” [2]
  • Time to Restore the Data: Once the disaster has struck. If a company is only using one tape to store the data on and this gets lost or is destroyed during the recovery process, the data may be gone forever and be unrecoverable.
  • Logistical Problems: If the data is off-site, it may be both difficult and problematic to get it back. This can be particularly so if the disaster happens outside of office hours or on a bank holiday. Sending C.D.’s and tapes between sites may result in some storage devices being lost.

“More than 60% of U.S. small businesses do not have a formal emergency-response plan and fail to back up their financial data off-site, leaving them vulnerable to catastrophic data loss in the event of a natural disaster.” [3] This is a figure released by ‘Small Business Disaster Preparedness Study’ (2012) [4] – In essence, these businesses are simply not prepared for any kind of disaster and are leaving themselves vulnerable to what could be catastrophic effects, maybe even the loss of the entire company.

When a disaster strikes, a business needs to be 100% sure that they can recover their systems and servers both quickly and efficiently.

[1] http://searchcio-midmarket.techtarget.com/magazineContent/Roadmap-to-Recovery?pageNo=1

[2] http://www.sungardas.com/Documents/FiveReasonsWhyDisasterRecoveryPlansFail_EBO-008.pdf

[3] http://www.journalofaccountancy.com/News/20126135

[4] http://na.sage.com/sage-na/newsroom/~/media/site/sagena/documents/surveys/sage%20survey%202012%20backup%20report

Disaster Recovery: RTO & RPO

10 Feb

“Disaster recovery is the process by which you resume business after a disruptive event. The event might be something huge-like an earthquake or the terrorist attacks on the World Trade Centre-or something small, like malfunctioning software caused by a computer virus.” [1] Essentially, as already touched on by most of the other bloggers here, disaster recovery is completely focused on the IT systems that help to support a business’ core functions.

Two of the most important aspects of Disaster Recovery are Recovery Time Objective (RTO) and Recovery Point Objective (RPO).  Take for example a company that uses only tape as its backup and does a backup every night – if this company were to lose mass amounts of data, it would take a certain amount of time to go and actually get the tape, bring it back, restore its server and subsequently restore the data. The amount of time it takes to complete these tasks is known as the RTO, i.e. the amount of time it takes to bring a server back to where it was before the disaster struck.

For the same company, if they backed up their data religiously at midnight every night and the disaster happened at 4p.m. then the recovery point would be the previous night. There are however other ways of backing up so that firms can have a much shorter recovery point, i.e. every 20 minutes. This is known as the RPO.

It is however worth noting that the shorter both the RTO and the RPO, the more expensive it is to a business to implement that type of solution.

How can a firm know what type of plan is most appropriate for them? Typically, the more transactions a firm carries out, then the shorter the recovery time they will need. Most organisations tend to be willing to spend more on these solutions due to the huge amounts of money they stand to lose should their down-time be long.

What is the difference between the two? Dejan Kosutic [2] says that “The difference is in the purpose – RTO has a broader purpose because it sets the boundaries for your whole business continuity management, while RPO is focused solely on the issue of backup frequency. They are not directly related – you could have RTO of 24 hours and RPO of 1 hour, or RTO of 2 hours and RPO of 12 hours.” But both are absolutely crucial for Business Continuity management – if they are not predetermined, then firms will just be guessing what to do when disaster strikes and “guessing is the best way to ensure you never recover from a disaster.” [2]

[1] http://www.csoonline.com/article/204450/business-continuity-and-disaster-recovery-planning-the-basics

[2] http://blog.iso27001standard.com/2012/01/30/what-is-the-difference-between-recovery-time-objective-rto-and-recovery-point-objective-rpo/

What is Business Continuity?

10 Feb

Business Continuity in essential to ensure that businesses will always have the capabilities to supply vital business functions to “customers, suppliers, regulators and other entities” [1] that need to have access to these functions. The term Business Continuity describes a mentality or methodology of conducting day-to-day business [1], as opposed to Business Continuity planning which is essentially the way by which a firm can conduct and implement such appropriate measures.

Business Continuity is not just an important thing for firms to consider, it is absolutely crucial if a firm wants to survive and indeed thrive in the future – many businesses suffer severe damage as a result of events that they simply hadn’t planned for. Such events can range from anything like IT virus infections or broken supply chains to accidents, illness and crime, as well as natural disasters. These can result in simple unplanned events occurring like late deliveries or poor customer service, to name but a few. Or, at the other end of the spectrum, a firm’s service might break down altogether which, without relevant planning, may lead in the frim struggling to recover, allowing competitors gain a significant advantage. A tiny hit to a customer’s confidence in a business or service can take huge amounts of time and effort to recover and in some cases the effects can be irreversible.

These leads us on to the idea of Business Continuity planning (BCP), in other words, if something were to happen that affects a business’ normal operating procedures, do they have a plan in place? The plan is essentially a group of documents with instructions for employees on what they need to do before during and after any disaster. Business Continuity planning needs to be in line with a firm’s mission statement. “Creating and maintaining a BCP helps ensure that your business has the resources and information needed to deal with an emergency” [2]. Other benefits include:

  • Enhance your business image with employees, shareholders and customers by demonstrating a proactive attitude.
  • Improve efficiency in the overall organization.
  • Identify the relationship of assets both human and financial resources with respect to critical services and deliverables.

Here are a few points which could be considered as a template when creating such a plan [3]:

  • Cooperation of Organization & a Team
  • Review Business functions
  • Conduct business impact analysis
  • Policies, Procedures & Protocols
  • Create a Written Plan
  • Test & Modify

Here is a link to a sample Business Continuity plan template: http://www.inc.com/tools/business-continuity-plan-template.html

[1] http://en.wikipedia.org/wiki/Business_continuity

[2] http://www.bdc.ca/en/advice_centre/tools/business_continuity/business_continuity/Pages/default.aspx#.URT_gqUvF1Y

[3] http://www.youtube.com/watch?v=v8-bR1DUwII

Delivering BPaaS from the Cloud

30 Nov

In this post I will look to further build on my more recent posts which have been centered around this idea of combining BPM and the cloud and illustrating the obvious benefits that come from such a marriage. To spice things up a bit, I think that some more practical examples are needed to clearly demonstrate this power.

For example, I read a blog post which used some interesting diagrams, two of which I have explored below. These can be found at: http://thoughtsoncloud.com/index.php/2011/12/business-process-as-a-service-bpaas-delivered-from-the-cloud/ [1]

Looking at the BPaaS in Figure 1, it sits above the software as a service (SaaS) layer.  BPaaS is about intelligently consuming services from the SaaS, PaaS, and IaaS layer.

figure 1

Figure 1:  Common Cloud Management Platform Reference Architecture

 A key benefit going forward is that users can try out various services before integrating in their larger business process or replace an existing service rapidly. Services are now available in the market place that line-of-business executives can search, use for testing, and then decide to buy or keep looking for something else.

figure 2

In Figure 2, the services consumed by the business process can be sourced from internal private cloud, partners cloud, or some public cloud

IBM ‘Blueworks Live’ is one example where an entire organization can collaborate and make decisions using a third-party business service. Social networking meets BPM in Blueworks Live. Built-in communication features, such as instant messaging, live news feeds and the ability to leave comments enables users to immediately react to process changes that affect their projects. By consolidating all of their process knowledge in one place, an organization can ensure that the right people are informed of the right changes at the right time.

In summary, I think it’s fair to say that BPaaS marks a new shift in the industry that not only affects IT executives but also line-of-business executives. Biren Ghandi concludes [1] by saying that  “BPaas offers a chance to transform a business processes and create an enterprise architecture that is both agile and flexible to rapidly changing business environments and opportunities arising out of globalization.”

How Cloud is Transforming Business Process Management

27 Nov

We are seeing a marked rise in popularity of cloud-based business process management or “Business Process as a Service” (BPaaS). But what’s driving this?

An article I came across on ‘Business Finance Magazine’ highlighted the growing link between BPM and Cloud computing, something which I explored in my previous blog post. http://businessfinancemag.com/article/how-cloud-transforming-business-process-management-0604 [1]

Mony and Raman write in [1] that rather than looking for simple replication of existing processes at a lower cost, companies are asking providers for transformational support through standardized processes. In addition to services, a lot of firms are also looking for technological support. Companies using BPMS are increasingly asking providers for these solutions rather than making capital investments to build these capabilities themselves.

Business Process as a Service (BPaaS) provides process and people expertise that enables part or all of a business process and makes it available through a pay-per-use model.  BPaaS can enable fast entry into new markets and smooth setup of operations in new geographies – it does not require a heavy upfront investment in new infrastructure, or upgrading of operations and systems across old ones.

The figure below is used to highlight the value that can be gained from combining cloud and BPM. 

A traditional BPMS implementation would have required the company to:

  • bear significant capital expenditure
  • Spend years on system overhaul prior to handing over the processes to the BPMS provider

Instead, a company can have aBPaaS up and running in a matter of months. BPaaS allows either retooling of end-to-end processes or selected modular upgrades that don’t require significant change management or investment. BPaaS is also a real consideration for companies facing structural change such as acquisitions and new market entry.

They close a rather intriguing post by proclaiming  “BPaaS enables greater end-to-end flexibility and effectiveness in an organization, providing options for improving processes. It does not need to be an end-to-end transformation – it can be a set of selective improvements that generates the greatest payoff, maximizing benefits for the costs of change — both in monetary terms and disruption”.

BPM & The Cloud

26 Nov

I came across an interesting piece online which illustrates the increasing importance of BPM software as the cloud matures, which can be found at: http://www.appian.com/bpm-news/cloud-applications/bpm-software-vital-as-cloud-matures [1]

The writer, Cheng notes that as cloud computing solutions mature, they begin to play a larger role in the enterprise. With the cloud becoming a more prominent part of operations, there is a growing need to find ways to integrate diverse solutions and enable them to function well in concert with one another. Business process management software can play a valuable part in that process, especially when it comes to dealing with the interplay of cloud, social and mobile technologies.

If we take a blank-piece-of-paper approach in analyzing business process management (BPM) in the cloud, we can analyse BPM/cloud-related architecture, technology, functionality and features. Can the combination of one and one, BPM and the cloud, equal more than two?

Another article which caught my eye was written by a Dennis Byron and can be found at: http://www.ebizq.net/topics/bpm/features/11336.html [2]

He appears to be a firm believer that BPM in the cloub is an inevitability, rather than a possibility. Recent changes in the Internet, as technology moves towards supporting social computing, means BPM in the cloud can improve on BPM without the cloud. The cloud lets BPM analysts and developers collaborate more easily on process discovery. “Use the cloud to replace the whiteboard in the way Facebook works.” (Matt Green, 2011). BPM is all about change and the cloud is all about change. Byron states that “because of the ease of defining and deploying at runtime on a cloud, BPM and cloud computing are much more relevant together than, for example, ERP in the cloud.” Supporting different BPM alternatives at both run time and development time are just two examples of how the cloud’s architecture works to enhance BPM as compared to just using on-premise BPM.

Technology differences have business implications as well when it comes to BPM in the cloud. Most IT users will be approaching BPM in the cloud from the point of view of the BPM provider being the interface with the cloud services provider, rather than having to deal with two different technology suppliers. At run time, with multiple clouds involved, BPM applications in the cloud need certain characteristics that take advantage of the cloud such as ability to increase/decrease privileges, add/subtract users, etc.

The piece I highlighted earlier in this post [1] finishes with a view I share myself. Cheng illustrates how numerous businesses are facing challenges when it comes to integrating diverse cloud solutions. BPM software helps companies deal with these difficulties, by providing the automation and data integration. This helps employees take information from a variety of cloud sources and use it in the most efficient way possible. “As companies move deeper into the cloud, the need to address issues with data being spread over multiple applications and services could become much more important.”

BPR – Get Off your High Horse and Hang with the Plebs

5 Nov

A huge problem with Business Process Reengineering is how to enable a “bottom-up” participation in a top-down reform program. BPR insists on the need to restructure processes prior to structuring institutions and hierarchies, while being predicted on the assumption that the potential of IT enables innovative designs of how work is being carried out. It is hard to simply define reengineering as having one set of methods, in fact it is impossible as  Business Process Management  encompasses many strategic theories, including BPR. BPR methods often set unrealistic expectations where only inadequate resources are available. Many organisations are slow to “reengineer” due to complacency or simply due to a fear of the unknown.

A more affordable approach for most companies is to use Clean Slate Design, which involves a detailed vision for a process without concern for the existing environment. However, the implementation is done over several phased projects. Some opponents of BPR say that despite the delivery of radical design, it does not guarantee a revolutionary approach to change – a revolutionary change process might not be feasible given the risk and cost of revolutionary tactics.  Archer and Bowker’s (1995) survey with consulting companies specialising in re-engineering indicates that some factors for the failure of BPR are likely to be a lack of communication of a clear vision of the project, lack of staff participation and ownership, lack of involvement from staff at different levels, failure to instil a re-engineering culture, and lack of project organisation and planning.

BPR and Employee Involvement                                                                                                                                                                                                   In times gone by, only a small group of high-level process designers would analyse the entire situation. BPR ignores much of the proven benefits of participative work design. In recent years, more attention has been paid to the participatory mechanisms of doing BPR – the design of more detailed process activities and flows can be done by those who do the work. Employees who do the actual work are in the best position to know the detailed steps in each process. It is often stressed that although these organizations are often hierarchical and top down in approach, the communication at all levels must be managed throughout the process in a manner so that no one feels exploited or neglected (Smith, 2003). They are also most familiar with the common roadblocks and bottlenecks and the key contacts in the organization to get things done. Employees should be involved up front by inviting them to join process-mapping teams. Additionally, managers and supervisors should be kept out of the process-mapping sessions, as they have a tendency to dominate the sessions with their own “expertise.”

Business Process Management and Reengineering: Are They Fads or Necessities?

25 Oct

Are BPM and BPR just fads? In my opinion, Business Process Management is something that can never be ignored if a firm wants to successfully evolve – BPM tools can be applied part by part to the whole enterprise, by adapting more manageable and smaller changes in the process. Business Process Reengineering, however, involves radical redesigning of end-to-end processes and was a very popular means of improving business performance in the nineties.  Both share the same fundamental concepts:

  • Simple metrics delivering on the metrics of quality, service & flexibility
  • Focus on eliminating non-value adding activities
  • Decisions becoming an integral part of the process

To answer the question posed, I feel that Business Process Reengineering can indeed be labelled a “fad”, it needs to be part of a wider approach and not a stand alone plan. The term “Business Process Engineering” may be a more accurate description of what is required – a need for “reengineering” makes it seem that the existing processes were incorrect, as opposed to highlighting the fact that any changing, evolving business needs to upgrade certain processes to remain relevant.

Hammer and Champy (1993), say that the greatest challenge facing BPR was the actual implementation of the idea, with a failure to involve people more in the process as the principle catalyst. Strategy is about being different to competitors and BRP essentially only focuses on one dimension.

The need for constant change and improvement will never go away, but the approach will change over time as situations change.

 

.

 

%d bloggers like this: