One of the most important functions to be covered by a CIO is to be able to determine where to dedicate resources so that the IT strategy not only aligns with, but also drives business strategy. Frequently IT plans and programs tend to lie on the optimistic side of things and fail to consider the operational risks the business is exposed to.
In this paper we will walk you through the steps to account for risk so that your IT strategy is tailored to reduce the impact of potential disruption in business operations.
Imagine a Murphy-like day in the office. Everything thing that can go wrong, actually does go wrong. Say regulators fine you because someone in the organization forgot to renew a permit, your shipments get lost, the warehouse holding your inventory is on fire. Feels like you are in a horror movie. Fortunately, you do not need to wait for that day to take meaningful and sensible action to risk proof your business.
With our methodology, we will guide you through a sequence of steps that will allow your organisation to implement a solid business-oriented IT strategy:
Step 1: Determine Time to Recover
In this step we deep dive into your Operation with the aim of identifying every process or activity subject to disruption… this includes not only obvious mayor disruption but any other kind of disruption as the time to assess impact will come at a later stage. In most cases, it might also be necessary to look at potential disruptions your business partners are subject to, especially during handshake moments.
Then we will identify the time it will take to fix each of the potential disruptions; for instance, regulators have not only fined you, but they have also forbidden you to operate for a number of days. As for the lost shipment, how long will it take to replace those products and get them to destination? And remember about the warehouse? So, how long until we have it replaced and filled with new inventory? How soon will you be able to operate from a contingency location? And how about the financial cost you are to assume due to unexpected delays?
Step 2: Measure Impact
In order to assess the impact for each of the potential disruptions you have identified, it will be necessary to choose a measure that will be employed as a standardized tool and so be able to compare all kinds of events and avoid the mistake of comparing apples with oranges. This measure can be either of Financial or Operational nature. Examples of a Financial measure are Profit or Revenue. In the case of Operational measure, Production Output or Market Share can be considered.
For exemplification purposes let´s choose Revenue as our measure. Are sales lost as a consequence of disruption? Let´s go back to our potential disruptions and asses them: The regulator does not allow us to operate for several days, so definitely some sales are going to be lost, we need to come up with a number of what is more likely to happen. The average sales of a day by the number of days we cannot operate will be the accurate choice.
In this step, especially if we are dealing with a business feature that represents a competitive advantage, it may be convenient to dive in further by adding a couple more scenarios such as an Optimistic Scenario if we believe we might be able to negotiate late deliveries; and a Pessimistic Scenario in which we will not only lose sales during the days we cannot operate but also, our image will be impacted so that we will sell less once we resume operation.
The same exercise will need to be run for the rest of disruptions. In all cases, the objective is to quantify the amount of revenue lost by each potential disruption.
Step 3: Reality Check
Reality check your assessment and remember the devil is in the details. Do not fall for the usual path of assessing only raw materials and providers that represent a large amount of your cost and expenses as more often than not we have seen cases in which risk does not necessarily come from Category A suppliers or highly expensive raw materials, but it may come from secondary suppliers or tiny parts, that just so happen to be critical or scarce and therefore might cause you to experience a mayor disruption in your operation.
Step 4: Prioritize IT Budget
Sort the processes by the financial impact their disruption will cause. Now prioritize your IT investment by the amount of risk reduction each technology is able to provide.
Let say that our analysis has determined that:
Once faced with the above analysis, you realize that you as a manager, and therefore the company, will be better off if the budget was allocated first to prevent a potential fire in the warehouses. So, you might decide to implement Internet of Things technology with fire prevention sensors in your warehouses. Then, you might decide the next most risk reducing effective action is to ensure that nobody forgets about regulations and thus implement an application that allows employees to keep track of certifications and permits that need to be periodically renewed. Finally, you decide to use some mix of GPS and AI technology to track your shipments and identify unusual movements.
This sorted list is also of good use for the quality assurance and process optimisation departments who can plan their inspections and run their programs accordingly.
This methodology supports the IT department to come up with strategies that will increase process robustness and thus reduce operational risk exposure, drive business efficiency and support long term strategy.
• Powerful analysis to determine where IT investment and resources have more business impact.
• It focuses on risk not in business as usual optimisation, providing a distinct and unique view of the financial impact of the use of ITs.
• It helps the CIO to liaise with the CFO in financial terms.
• It gets easier to make a business case for the investment in a particular technology since the benefit in terms of opportunity cost has already been calculated.
• Strong tool when it is necessary for the business to embed IT investment with strategic or regulatory priorities such as those driven by climate change.