BPM and Mobility, Unified Approach

The mobile enabled work revolution and Cloud migration is creating an environment in which enterprise IT departments will  have to rethink their service distribution and support models wp.me/pO8n7-7L to meet the needs of mobile workers, customer anytime-anywhere-access, and how the organization manages its resources. This revolution will take a little more than just virtualization, increased data storage, server-side controls, and authentication and authorization, etc. to make mobile access a reality. Organizations contemplating or implementing mobile will need a unified approach to process management that will govern architectural changes with reinforced processes and operational controls. The whole idea behind mobility is to provide information access to decision makers, knowledge workers and customers anytime on any device. Providing access to back-end system information, enterprise data and process infrastructure is essential to increasing competitiveness, productivity and efficiency. The role of BPM in this shift in technology consumption is not only more robust process automation, but control to make “access anywhere” efficient for the user and provide safeguards for organizational assets and to minimize risk.  How does an organization manage the mobile access revolution?

You begin with a process driven strategy for implementing mobile enabled work/access that will guide the organization including the IT department in the delivery of services. A targeted framework will include the processes needed to deliver anytime access and safeguard investments.  Regardless if the organization implements BYOD, invests in mobile devices, or if the mobile deployment is customer centric, governance and controls are important.

The principles of a mobile technology governance framework is not limited to the IT department, but is inclusive, it has to be developed in the light of risks associated with a mobile deployment and the management  of  those risks, to include collaboration with business units as the owners of processes that fit a mobile usage criteria. Strategic direction and proper planning are necessary, understanding the process landscape, what the users require, user needs and application expectations along with KPIs need defining and assessing for a review at a later time. Mobile technology devices such as smart phones, mp3 players and tablets that feature video calling and integration with Social Networks for the always on people presents big data challenges that will require a management and control strategy as part of the mobile governance framework.

Initiating a mobile center of excellence designed to optimize the use of corporate resources will smooth the progress towards the best chance of success. The Center should have the responsibility for developing standards, communication, planning and performing quality assurance for mobile application development. It should consist of representation from business units, IT and operations.

As we have seen in our personal mobile life, mobile is a rapidly evolving technology, it is important to plan for obsolescence. Organizations should adopt the same replacement plan for mobile as for server and desktop and vendor selections, with dedicated resources for rapid mobile application development.  Not to forget mergers and acquisitions in the vendor space will impact mobile deployment and use.

A strong policy is essential for governing the use of mobile technology and devices, whether BYOD or corporate investments. Out-of-the-office-by-design access is nothing new; resources have changed as well as the hosting platform – the Cloud, which presents a change in how technology is used. Other than the usual policy content describing  proper behavior and stipulating what may and may not be done and for when people leave the organization, mobile policy should address where a device containing sensitive data can be used, as-need-usage, cost and reimbursements, types of devices supported by the organization and those that can be connected to enterprise information sources to retrieve information through controlled ports, exceptions, unsupported devices and if data is stored on the device or server side, etc. As a part of policy it should include where in the IT department support will be provided.

Establish a comprehensive security policy to include a strong identity model. The risk of unauthorized tapping into wireless networks is higher with the borderless Cloud, stolen or lost devices is a high risk area, leak of sensitive company data creates legal liability or an employee is injured using a supported device. We have heard or read that cell phones can cause cancer or damage to the brain, do not think for one minute that a disgruntle employee will not try to take advantage.

A policy must be enforceable and either eliminate use or force compliance. As part of governance the policy must clearly communicate the organization’s stance on mobility; permissible use, sourcing, charge-back, standards for devices and usage, support and service levels and security, etc.

Deploying new technologies are always a challenge, managing and controlling are a greater challenge.  Mobile devices are literally moving targets, making control a potential nightmare. Having a guiding framework and operational policy are jump-offs for developing a control process. A control process has a continuous flow between measuring, comparing, and action, with key result areas and success indicators, also known as KPIs. The four steps in a control process are establishing performance standards, measuring actual performance, comparing measured performance against established standards, and taking corrective action. The mobile deployment just as any other service has to be monitored regularly to ensure effective utilization of resources and return on investment.

What does it mean for a company to journey to the Cloud, culture and processes

Business environments are faced with rapid change to better adapt to evolving market conditions and operational costs. These challenges most often requires the company to change the way business is done. BPM has become a critical function in many companies and is expected to grow even further with the journey to the Cloud.

Enabling IT operations and workflow over the cloud is a concept that many organizations are embracing and this service is growing in popularity among other companies that have yet to transition IT operations over to the Cloud. Shifting IT operations to the Cloud will fundamentally change the way that technology is exploited and the value that it can bring. Using cloud solutions to manage a business’s operations is a shift in technology that offers great value, with an increase in complexity and challenge to traditional IT operations. According to Gartner, by 2016 20% of all the “shadow business processes” will be supported by BPM cloud platforms, such as spreadsheets, routing of emails, collaboration apps, etc. As applications mature, performance requirements, regulatory requirements, or specific business drivers change the organization will explore other Cloud solutions that will continue to present process and cultural challenges.

The journey to the Cloud will need a re-inventing of the traditional IT model of plan, build and manage. Traditionally 100% demand for IT services has gone to the IT department. Cloud solutions are changing that model. With traditional  IT services transitioning to the Cloud Service Provider (CSP) the waterfall of activities  associated with the traditional IT model for delivery and management of services such as security, governance, capacity planning and budgets will pose a challenge for the CIO and CTO. Cloud providers are usurping the CIO and going directly to the business to sell their line of business solutions, such a shift in strategy causes a disruption in IT service delivery. Along with providing the business units with a consumption model, something the traditional IT department does not do, the business unit is able to keep an eye on their budget and the direct relationship offers project visibility. For the business unit these are added value for doing business with the CSP. Such shifts will force the hand of the enterprise to look at change of culture, operational processes, infrastructure and architecture as part of a new model for IT operations.

In a July SAP Cloud Computing post Sina Moatamed, Ding, Dong, The Suite is Dead! (as we know it)  proposed the following architectural components for a new IT model. Such changes will transform organizational culture and the way we traditionally think of the IT department. Creating a Process-as-a-Service model will revolutionize the IT department from traditional plan, build, manage to Service Provider. In this role the IT department is the “gatekeeper” of company assets, representing the business before CSP. Business units no longer have the need to go directly to the CSP.

Integration-as-a-Service would give process integration between SaaS solutions and with existing internal application services.  It would also provide for Master Data Management.  If the enterprise is journeying to a Public cloud offering which is without borders, the security issues so many companies wrestle with, Sina suggest the only way to properly secure organizational assets is to tightly manage the identities that have access.  So IT will need to use an Identity-as-a-Service provider to manage identities across all SaaS services. A centralized  Platform-as-a-Service environment. The normalization of data will allow for developing point solutions and workflows.  He states this is significant change to the traditional model.  Because now the PaaS is the center of the universe with many SaaS services surrounding the PaaS. The PaaS concept as being “the center of the universe” causes me to think of BPM PaaS.

This model not only transitions IT from overseer to an actual service provider, it offers solutions to some of the challenges and concerns expressed by companies with regard to moving to the Cloud. This is a frontward architecture for other shifts in technology consumption such as mobility and social networking.

BPM, connecting the dots for success or not

Business process management (BPM) is a management approach focused on aligning IT and business with the strategic goals of the enterprise, to include its stakeholders and clients. BPM is focused on change. Whether you take a project or program approach to BPM, there are two effective management practices that will support your efforts for success, peer-to-peer alignment and KPI’s.

Peer-to-Peer alignment of IT, HR and business units and the value it has for BPM is not hard to understand. Having that buy-in and support makes transformation processes effectual and allows for quantitative/qualitative measurement of the results. Using Key Performance Indicators to connect the dots for measuring BPM success or failure, that’s the idea of this blog.

KPIs determine “what’s next”. Key Performance Indicators should relate to the enterprise strategy. If the strategy is operational excellence, then some of the KPIs that may be of relevance are,

· Cost of quality as % of annual revenues

· % of time of employees available for improvement activities

· Average number of quality checks vs. target

· % benchmarking activities that result in implementation of enhancements

· % reduction of IPCS’s (incident, problem, change, service requests)

· % of current initiatives driven by the business

· % of spend on current IT capital projects that are considered driven by the business

· % of current business initiatives driven by IT

· % of changes initiated by customers

· % of change initiated by incidents

Performance indicators differ from business drivers & aims (or goals). A call center might consider the number of tangible leads provided for their client as a Key Performance Indicator which might help them increase business with that client. An IT shop might consider the denied access rate of an application as a Key Performance Indicator to justify the purchase of additional licenses.

While at BPM.com I read the summary of a white paper that asked some key questions with regard to BPM such as “What processes should we focus on next? How do we scale the discovery, development, deployment, and usage of process applications across the company? What are the best practices we should follow to maximize reuse across projects to achieve economies of scale?” Some of the latter KPIs could be used to measure and provide answers.

The key stages in identifying relevant KPIs include,

· Having a pre-defined business process (BP).

· Having requirements for the BPs.

· Having a quantitative/qualitative measurement of the results and comparison with set goals.

· Investigating variances and tweaking processes or resources to achieve short-term goals.

Flawed business logic + flawed business processes = security risk

Running and managing secure information architecture requires good business processes that reflect sound business logic and rules, along with physical security such as strong authentication, SSL, proxy servers, etc.  Many businesses  have some type of Internet presence, most conducting some form of B2B/B2C transactions, with a few businesses moving towards cloud computing.  Flawed business logic integrated in processes for such businesses can prove risky and pay high dividends for hackers.

Here is an example of a process designed from flawed business logic.

In 2007 a woman was accused of scamming QVC out of US$412,000 by exploiting a flaw in its business logic. She placed orders for 1,800 items with the home-shopping network and then canceled the orders on its Web site. She received credit for returning the merchandise, but the items were sent to her anyway and she sold them on eBay.

Not knowing all the details of the transaction – a business rule for verifying and validating if the user was allowed to do what she was requesting could have been incorporated into the process for cancelling orders. Rather than just process such a request, design a process incorporating a simple business rule that only a manager can approve such a request on an order with a dollar value or item count of more than 123 or XYZ.  Another process could have been designed based on a business rule to verify and validate the shipment of the merchandise and receipt of the returned merchandise, and then applies the credit.

A business model such as QVC, logic would require that both systems – telecommunication and web to interface for a cross walk of authentication/ validation, transaction, etc. Such a design would sustain the capabilities of modeling business processes to be consistent with business rules and logic for inherently handling such scenarios and for B2B business process concepts; to include public and private processes, in addition to the ability to apply business logic in the sequence of steps required in exception handling, transactions, and compensation.

Business logic and rules drive the modeling of processes that manage risk, reduce redundancy and support efficiency. Expanding the scope of analysis and design of business processes to ensure sound logic and good business rules are embedded enables the organization to adjust to internal, B2B and B2C business circumstances. It is imperative that the business people understand the logic and procedures themselves. In connecting to the systems of business partners and suppliers, have a ready-made process scheme for exchanging credentials and granting permissions based on business logic and rules. The same applies to granting access to all parts of a Web site – design a process that is subject to rules that govern what authority the user has in specific situations.