Category: business process improvement

Posted on

The Productivity Paradox: Accounting for Returns on IT Investments

The Productivity Paradox: Accounting for Returns on IT Investments

There has always been somewhat of a struggle between the IT department and “management”, much of the difficulty existing with the need to demonstrate clear returns on investments for IT purchases.  Unfortunately, expenditures in information technology are often the result of short-term views of long-standing problems, applying “solutions” that do not fully address the requirement or which do not deliver the productivity or performance gains expected, particularly in a dynamic and rapidly changing business environment. The assumption is that a wise investment in information technology will result with improved profitability and performance.  Demonstrating this on paper is not always easily accomplished.

There is a great deal of research on the subject of accounting for returns on IT investments.  Some of this research describes “The Productivity Paradox”, referring to early studies on the “relationship between information technology and productivity, and finding an absence of a positive relationship between spending on IT and productivity or profitability”. [1]  Previous to the emergence of cloud computing and widely available remote and mobile technologies (and now possibly even more with the prevalence of available options), businesses invest heavily in IT infrastructure and applications which deliver nominal benefit to the business when measured against the cost of acquisition and implementation.  Heavy IT investments are made with little or no measurable benefit to profitability, even if operational performance improvements are created.  In many cases, the difficulty in “proving” benefit from information technology investments rests with the lack of information relating to impacts in non-operational areas, such as with investors, auditors or analysts.

The early research has become a foundation for making the argument that accounting professionals should be more directly involved in determining the value and impacts of IT investments – due largely to the fact that accounting professionals are generally familiar with the variety of formulas and approaches which become relevant in measuring the effects of IT purchases.  Information technology spending will result in short-term impacts, but will impress on the business over the longer view as well. With a foundation in accounting principles, valuation and analysis, and accompanied by IT knowledge and experience, management accounting benefits from an improved ability to recognize the relevance and value in IT implementations even where no direct profit improvement is visible.

Can difference in firm performance be explained by differences in IT investments?
Can differences in firm performance be explained by differences in IT investments?

Emerging technology models are having huge impacts in business capability as well as risk, and this new paradigm requires that accounting professionals apply their skills to understanding more fully the influences from and results of IT spending in the enterprise.

Having a basis for studying valuation and recognizing the good and bad of focusing on various key measurements (return on assets vs equity vs sales vs investment…) is essential in developing a “formula” for predicting impacts of and potential returns from IT spending, and solving the puzzle that is the productivity paradox.

jmbunnyfeetMake Sense?

J

[1] Journal of Information Systems Vol. 16; “Returns on Investments in Information Technology: a Research Synthesis”

Posted on

Security and Users: Change is the Only Constant

Security and Users: Change is the Only Constant

Managing user accounts and access to business IT assets is challenging, particularly as cloud and social computing models introduce new wrinkles in security and identity management. Information has become “mobile” along with the users accessing it, yet management of user behavior is even more complicated that trying to manage a digital resource.

If you look at the history of security breaches, you’ll find that many of them started with a user making a mistake – like losing a laptop or clicking on a phishing email, downloading bad software, or forgetting to report an employee termination to the IT dept – something which inadvertently created a vulnerability that could be exploited.  It’s tough to stop breaches because there are so many possible ways for them to happen.

If most security breaches start with a user mistake, then IT departments have their hands full because users aren’t static, unchanging objects to monitor and manage.  Users change, sometimes a lot.  It is this constant change which undermines the ability for some IT departments to meet the demand to adequately secure company information systems and data. Now is the time to take control of user security and identity management, creating automation and controls to protect business assets in a constantly evolving environment.

It is not simply employee turnover that challenges security management.  Certainly, IT departments have been dealing with user account creation and termination for a long time.  And sure, users have sometimes been promoted and demoted, resulting in the requirement for IT to increase or perhaps decrease access to information and applications.  These are normal and expected activities for a business IT department.  Unfortunately, IT often doesn’t hear about the user’s change in status.  An account isn’t disabled, access isn’t restricted, and the system is left vulnerable.

Just to pile on, think about what happens when a user is more than just a single system user.  It may be manageable when where a single identity and set of credentials governs their access to applications and information.  But the proliferation of web-based services and SaaS solutions has made it commonplace for users to have multiple applications and services available to them, each with their own approaches to identity management.

For even a small business IT department, the security of all of these access points and applications must be managed and monitored – no small task when the department may not even be aware that the solution is in use.  It is not unusual for file sharing, data sync, or other applications to be implemented in businesses without the knowledge or participation of the IT department.  Actually, many services attract users due to their simplicity and ease of use, leveraging the fact that they can be deployed without the “assistance” of IT.

Users are becoming increasingly mobile, accessing information and applications from public and private locations while using any number of possible mobile devices.  Vulnerabilities which may exist in public networks and the increased potential for device loss or theft are high on the list of concerns of IT departments managing remote and mobile user access.  Mobility is driving many changes in how information technology and access to systems is provided to users, and it is changing user demands for what they should be able to easily accomplish while being mobile.

Businesses need to recognize that their continued existence may rely on keeping their information systems and assets safe and secure.  Disaster recovery and business continuity applies not only to loss of physical systems, but also to losses of various forms due to data breach. The disaster recovery and continuity plan (you have one, right?) should not only address situations after they happen; planning by definition is proactive.  It is not enough to have a plan to recover from loss or failure; the business must actively engage in activities which will prevent loss and reduce vulnerability. 

Part of this plan necessarily centers on managing users and user identities, ensuring that the company knows about all access or user accounts involved and employs strict processes and guidelines for making sure they are constantly up to date and have the authority to do what they’re trying to do.  In short, the plan must also be a plan for change, providing change management processes to guide the business as the evolution of information technology and the dynamics of user interaction continue to change.

jmbunnyfeetMake Sense?

J

read more about IT Security and Engaging users to reduce vulnerability

read more about Mobility and the Cloud, Managing BYOD and securing company resources

Posted on

Degrees of Success: Improving Productivity and Performance through Process Automation

Degrees of Success: Improving Productivity and Performance through Process Automation

Few businesses use just one solution to get all their work done.  In most cases, the business must at least communicate, produce information and account for financial activities – and each of these functions has a software product or service associated with delivering the required capability.  While every business uses technology at some level, some businesses have more success than others in developing streamlined and efficient processes guiding the various tasks and activities performed throughout the day.  Sometimes the problem stems from a lack of understanding of the importance of process automation, and sometimes it’s the software.

integrated

The success (or lack thereof) in streamlining a business process is often enabled by the tools supporting it, yet the truth of software and systems is that not everything  is easily integrated and not all business workflows actually “flow” smoothly.  In many cases it is left to the human user to connect the processes and keep the work flowing, creating the opportunity for missed deadlines, duplicated or erroneous data, and a greater dependency on individual worker knowledge than is good for the business.

The better alternative may be the adoption of workflow and automation tools to assist with bridging and scheduling of repetitive tasks, building the knowledgebase of process and task flow supporting business sustainability efforts and easing the burdens of training new employees.  Process automation helps to improve productivity, it’s just that simple.

If the time is taken to really consider the variety and numbers of repetitive tasks employees perform throughout the day, the cost in time, lost productivity and data errors or omissions would likely add up to far more than initially expected.  People tend to adapt to using the tools they are provided, and will find ways to get things done (whether it’s the most effective way or not).   The end does not always justify the means, and many businesses ultimately find that it is here – where individual worker initiative and unguided action are most prevalent – that the operation fails to accomplish stated goals.

In order to create a sustainable operation with consistently high levels of production and performance, the business must establish a complete framework for process automation and support.  Where existing application and software functionality is not able to meet the requirement, the business should implement specialized tools to bridge the gap and embed the process knowledge in the system.

Scheduled reporting, customer and product data synchronization, import/export routines, data maintenance routines – these are among the tasks and processes which represent the regularly-performed work that may be sucking the user productivity and performance out of the business.  It’s a matter of degrees of success, and productivity improvements introduced through comprehensive process and task automation can make the difference between a little success and a lot.

Make Sense?

J

Posted on

4 Rules of Thumb Regarding Workers Compensation Insurance for Employers

In two previous “4 Rules of Thumb” articles, I discussed a few things that businesses can do to create the best possible environment for engaging new customers and providing quality service (4 Rules of Thumb for Business Success) and provided additional tidbits for service businesses – things the company can do to make sure that the work is done completely and correctly the first time, which is what leads to happy and loyal customers (4 Rules for Building Service Customer Loyalty).

This article is focused a bit more internally to the business, discussing a few of the risks and considerations surrounding those dreaded tax burden issues: Unemployment Insurance, Worker Classification and Workers Compensation Insurance. 

Unemployment insurance is one of those items that most businesses pay attention to, because rates are impacted based on unemployment claims made and paid. The cost of unemployment insurance is usually calculated just like workers’ compensation, using standardized arithmetic formulas based on the profile and past record of the company.

Workers Compensation insurance is sort of the “elephant in the room” of compliance – it’s a big problem that is frequently the last item of consideration in business compliance and reporting. It is also an item that frequently goes without scrutiny at the state level, so little attention is generally given it by accounting and human resource professionals.

Workers Comp is one of those payroll reports where you select from a broad list of categories relating (hopefully fairly closely) to the work your people do, you calculate the cost, and you pay the fees.

Ideally you’re classifying workers properly in terms of their being employees versus independent contractors – this being the big focus of most workers comp audits and where many advisors say to pay attention. If you use a company to perform some of the work of your business, also pay close attention to the concept of joint-employer status (see article on joint employer status).

An equally big issue – the issue that impacts the business owner perhaps more than the employee – is classifying worker activities too broadly, potentially costing the business hundreds (if not thousands) of dollars in annual workers comp premiums. Improper classification of worker activities can lead not just to increased premium costs, but heavy penalties in the event of a claim finding the worker was not properly covered.

Most workers compensation policies issue blanket risk classifications, yet how these classifications are used in different industries is where the secrets of cost savings exist.  In the moving and storage industry, for example, the risk is in the warehouse. If a clerk or administrative worker enters the warehouse, that employee is now actually working under a different classification. However, if the worker often checks warehouse inventory or sells items from the warehouse as part of their sales job, they may operate under yet another classification.

There is a balance required when seeking to reduce premiums while keeping the company compliant.  Many companies consider caution to be more affordable than keeping highly detailed activity and work classification records, finding that reporting workers in higher cost work categories is more cost effective than paying for the labor intensive effort of capturing, analyzing and reporting in more detail. That is, until a worker is injured and the risk wasn’t disclosed through accurate workers compensation reporting.

When it comes to workers compensation insurance for the business, give these 4 compliance rules of thumb some strong consideration.

Rule 1: Get informed and get help.

It’s OK for a business owner to not be the expert in all facets of compliance and reporting – – you have accountants and tax advisers that can gain this knowledge from their annual CPE (continuing professional education). The potential costs of mis-handling workers compensation and other aspects of having employees are too great to risk being uninformed and unprepared.

Rule 2: Call an employee an employee

Classifying workers will turn out better for all parties in the long run even if it seems like the more expensive way to go. Misclassification of employee workers as contractors hurts everyone, eventually. There is a big problem with businesses misclassifying workers as contractors rather than as employees, sometimes to avoid paying taxes and benefits, but sometimes not just for that reason. When classified as contractors, workers are generally not covered by the various protections and do not get the benefits that employees do.

Some business owners who are unsure of the state administrative rules may pay workers compensation premiums for workers that are truly independent contractors. Other businesses may require workers to have a workers compensation account as a condition of employment. Either way it is being done improperly and one party or the other ends up bearing unnecessary cost and/or risk.

The unfortunate result is that employers are bearing larger than necessary burdens of supporting injured workers and the unemployed.

Deliberate mis-classification can save dishonest contractors upwards of 30 percent in payroll and other taxes, but for workers, taxpayers and honest employers, the practice amounts to millions in lost wages and revenue. – See more at:

http://www.ibew.org/articles/13ElectricalWorker/EW1305/Misclassification.0513.html#sthash.7u1vtjW

Rule 3: Details Details Details.

Worker classification done properly can save businesses a lot of money simply by being more accurate. Yes, there may be tradeoffs in terms of labor to perform the calculations and reporting, but it can prove to be well worth the effort.

Particularly in businesses where workers may perform multiple duties or work in a variety of locations and conditions, there is value in delving into the details of time, location and work performed to make sure the business is adequately covering itself. Filling out the report by simply selecting the broad category that “seems most likely” is not the best way to go. There are details in the rules, and the smart business takes advantage rather than being surprised by them.

A home installation satellite company did not keep sufficient records for their most hazardous business classification: tower work. During the audit, all their hours were assessed in this one classification that was six times the reported amount. – See more at:http://cath235lni.wordpress.com/

Rule 4: If there is a worker injury claim, pay attention and deal with it right away.

While it seems somewhat like getting car insurance after the wreck, there may be some risk mitigation that can occur if the issue is dealt with directly and in a timely manner – possibly avoiding a claims nightmare.

The last item is more of a suggestion than a rule, which is to be fair and truthful. Treating employees well is part of growing a successful team that will propel the business towards success.

Surprisingly enough, the benefits to the business may not only be a more productive and happier workforce, but lower risk exposure and lower workers comp premiums due to more detailed use of classifications in reporting.Tell employees and independent contractors what workers’ comp does for them – it’s essentially a medical and lost wage policy to protect them and those close to them.

Explaining to employees that keeping the boss informed about what is happening in the plant or in the field is simply part of helping ensure their proper protection.

Joanie Mann Bunny FeetMake Sense?

J

Many thanks to my friend Ted Carlson, Certified Fraud Examiner (retired), a veteran of the Department of Labor and Industries (L&I) in Washington State – responsible for Tax Discovery and Fraud Prevention field Audits. 

Posted on

4 Rules for Building Service Customer Loyalty

4 Rules for Building Service Customer Loyalty

Every business owner knows that it’s important to retain the business of good customers, because those good customers will turn into referrals and more customers.  What many business owner’s don’t know is that building customer loyalty – the repeat and referral business that keeps the doors open – takes more than producing a good product or having nice personnel.  Building customer loyalty is a continuous process which involves just about every area of the business. Particularly with service-based businesses where there may be a number of variables involved with the delivery, proper information collection, management, and communication becomes the essential foundation for delivering on the promise of great service, which helps to develop loyal customers.

4-rules-of-thumbIn a previous article titled “4 Rules of Thumb for Business Success”, I stressed the importance of creating the best business impression possible.  Here are a few additional tidbits for service businesses – things the company can do to make sure that the work is done completely and correctly the first time, which is what leads to happy and loyal customers.

Rule 1. Remember that everyone in the company is essentially in a sales and service position.  The customer should be able to get useful help or direction from any employee.  Not that everyone in the company can do all the jobs in the business, but everyone should be willing and able to find the resources necessary to get the customer’s question answered.  And it’s a good habit to try to set any necessary service appointments on the first call – it lets the customer know you’re ready to get the job done and saves them time.  Too many sales teams simply answer inquiries from callers and don’t ask for the business.  If you don’t ask, they can’t say yes.

Rule 2. Structure the order process to make sure that all information is captured, stored, and made available to service techs.  Customer requests should be specifically noted, along with any special details or requests.  There’s nothing more annoying than telling the company to watch out for something when they’re at your place, and then finding out that the tech didn’t get the memo.  Also make sure that any specific work items or parts are listed on the order, making it easier for the tech to record what they do and use.  All of this information should be available not just to techs, but to customer service and sales people, too.  After all, mismanagement of order information is usually not the customer’s fault, yet the customer is the one who ends up not getting what they asked for.  Avoiding this situation is critical to developing loyal, repeat customers.  It also makes getting the customer sign-off more likely, and this signature should be captured at the work site when the job is completed (allows the billing department to get the invoice out much faster, which allows the company to get paid faster).

Rule 3. During the job, make sure customers and co-workers are informed as to the status of the work.  The worst thing is to partially complete a job and leave the customer hanging – a situation that status tracking of service orders helps prevent.  When the work is completed, make sure to let the customer know, and also provide observations and recommendations.  Whether it’s a single job or a regular maintenance contract, always document what was done so that the customer knows exactly what work was performed.  Use a checklist or cheat sheet to make sure things are done completely and consistently every time, including cleaning up and making notes about the job.  Documenting things that technicians notice while at the customer location may provide the opportunity to offer more or other services to the customer, or might at least inform the customer about an issue they should be aware of.  By paying attention while on-site and looking for upgrades or value-adds that might benefit the customer, service technicians can often position themselves as top sales people, too.

Finally, Rule 4, always thank the customer for their business and let them know you genuinely appreciate it.  Smile, hand them a business card, and maybe even ask for a referral.  If you’ve done your job well and kept the customer informed along the way, it’s likely that this customer will bring you more business both directly and through referrals and recommendations.  That’s customer loyalty, and you can’t buy it anywhere – you have to build it.

Make sense?

J

coopermannconsulting-paperli

Posted on

The Line in the Sand: Your RPO (Recovery Point Objective)

The Line in the Sand: Your RPO (Recovery Point Objective)

IMG_0108Businesses and individuals are increasingly more dependent upon the technology supporting their various activities, and the volume and velocity of information moving through these systems is increasing at astonishing rates.  With the growing reliance on information technology and electronic business data, you’d think that more businesses were paying close attention to protecting these assets. I recognize that there is a broad understanding of responsibilities as they pertain to system security, and businesses of all sizes and types are increasing their awareness of the variety of threats facing their systems and are taking steps to address them.  Yet there remains an aspect of business data protection that too few businesses are really zeroing in on, and that is the time and complexity of recovering or restoring business data in the event of an outage or loss – and the absolute line drawn in the sand which says that “here” is the tolerable loss we can experience: no more and no less.

This line in the sand is referred to as the RPO, or Recovery Point Objective. A recovery point objective is part of the business continuity plan (or should be!), and describes the maximum tolerable period of time for which data might be lost from a major IT service incident.  The necessity to establish this time frame – the RPO – exists whether the business is small or large.  In fact, small businesses have data protection needs quite similar to their enterprise counterparts.  In an article in SmallBusinessComputing.com, Kieran Maloney of Quantum Corporation is quoted as saying that “from a data protection standpoint, smaller businesses face challenges that are similar to those of larger enterprises; the amount, and the value, of their data is growing significantly while their budgets are not”.

What doesn’t seem to make sense is that businesses continue to view data backup as a necessary evil rather than a strategic element, and spending considerations for creating and meeting a realistic RPO remain low.  An article in TheStreet.com on the subject quotes Terry Cunningham, president and manager of EVault, saying “When largely preventable data loss conservatively costs businesses hundreds of millions of dollars annually, it is time to rethink your priorities”.  The author also writes that “while 95 percent of US IT decision makers said they have some type of disaster recovery plan in place, only 44 percent have remote, cloud-based recovery capabilities… More than twenty percent of IT organizations that manage between 2-7 TB of data suffered a data loss in the past year – in fact, more than half of this group suffered 2-3 data losses – each with an estimated average cost of 2-5 percent of total company revenues”.

Part of the continuity plan and a consideration in developing an approach which will meet the RPO timeframe should be the implementation of remote cloud based service, yet this has remained a low priority for many business owners.  Reliance upon more traditional data protection approaches, including tape backups and on-premises HDD solutions provides IT managers with a false sense of security and often cannot even reasonably address recovery from data loss due to hardware outages, much less for potentially catastrophic failures including loss of the location.

When considering the RPO – the minimum acceptable point for data recovery (or maximum tolerable point for loss) – businesses must look at their data management and backup strategies in order to address recovery approaches for various types of outages.  There are benefits and drawbacks associated with the different methods of backing up data, and the cost/benefit of employing any solution must factor in to the requirement to meet the stated RPO.  Daily backups may be the standard procedure, but is a potential loss of 24 hours of data acceptable to the business?  On the other hand, what is the potential cost of re-creating the data, if it can even be recreated?  Consider also that the timeframe for data recovery is not the point at which the last backup was completed; it is the point when the last backup was started.  This could result in a loss window greater than the established 24-hour boundary.

Many businesses would suggest that their tolerance for lost data – due to the cost of lost productivity and order activities – is far less than 24 hours, yet solutions employed to reduce the potential data losses often do not fully address the issue in any comprehensive manner.   IT personnel working with separate products to handle incremental data backups, machine recovery (bare metal) and snapshots of disk arrays often have a tough time trying to piece together the various pieces of the puzzle and often simply hope for the best in terms of outcome.

The prudent move is to thoroughly consider the business disaster recovery and continuity plan, and establish the boundaries for tolerable loss.  No business wants to expect to lose valuable data assets, but expecting technology to perform flawlessly is unrealistic, not to mention the unexpected impacts from acts of nature or other forces majeure.  Architecting systems to withstand service outages and having a comprehensive plan for recovering from system outages in a timeframe survivable by the business is the essential element to making a continuity plan worthwhile.  Draw the line in the sand, and then develop the system protection and recovery plan that will help make sure you never have to step over it.

Make Sense?

J

Here are a few data loss statistics for your reading pleasure… Enjoy  🙂

(stats drawn from summary on BostonComputing.net.  They may be a bit dated, but the numbers have only increased since then.) http://www.bostoncomputing.net/consultation/databackup/statistics/

The following statistics were gathered from various sources:

  • 6% of all PCs will suffer an episode of data loss in any given year. Given the number of PCs used in US businesses in 1998, that translates to approximately 4.6 million data loss episodes. At a conservative estimate, data loss cost US businesses $11.8 billion in 1998. (The Cost Of Lost Data, David M. Smith)
  • 30% of all businesses that have a major fire go out of business within a year. 70% fail within five years. (Home Office Computing Magazine)
  • 31% of PC users have lost all of their files due to events beyond their control.
  • 34% of companies fail to test their tape backups, and of those that do, 77% have found tape back-up failures.
  • 60% of companies that lose their data will shut down within 6 months of the disaster.
  • 93% of companies that lost their data center for 10 days or more due to a disaster filed for bankruptcy within one year of the disaster. 50% of businesses that found themselves without data management for this same time period filed for bankruptcy immediately. (National Archives & Records Administration in Washington)
  • American business lost more than $7.6 billion as a result of viruses during first six months of 1999. (Research by Computer Economics)
  • Companies that aren’t able to resume operations within ten days (of a disaster hit) are not likely to survive. (Strategic Research Institute)
  • Every week 140,000 hard drives crash in the United States. (Mozy Online Backup)
  • Simple drive recovery can cost upwards of $7,500 and success is not guaranteed