Continuous Strategy - A New Way to Discover, Develop and Evolve Strategy in the Digital Age

Continuous, that is the disruption that is coming to enterprises the world over. The ways in which products are developed, marketed, sold and used by the consumers is being changed by the digital connectedness of everything. From cars to medical devices to sporting goods to kitchen appliances and their interactions with foodstuff packaging, the Internet of Things (IoT) is drastically compressing the time windows associated with every stage of the product sales cycle, in some cases eliminating the windows altogether. Before this digitization there were serialized, potentially long periods to determine a strategy, manufacture, market and then sell a product prior to the ability to determine success. Digitization in this case refers to the degree in which an organization’s value creation and the resulting profitability are realized via technology, especially where the enterprise and customer are continuously connected through technology.
 
With products delivered in the digital age, different facets of the product are sold to different submarkets. Likewise, customers will have the potential to become advocates for those products that change their lifestyle in ways and within time boundaries that were previously unachievable. In order to address this fundamental disruption in the ways strategy is conceived and updated; strategy must itself be inextricably connected to this phenomenon. Along with this connectivity to the customer usage phenomenon, a broad sweeping collaboration amongst individuals in the enterprise is required in devising the strategy based on the combination of digital functions of the target products along with their portfolios of adjacent products and services. This is what is we call Continuous Strategy and companies that cannot master this method of delivering products and features to microcosms of their total addressable markets will be woe to compete against those who can.

Before delving deeper into the meaning of Continuous Strategy, we need to first provide a clear definition of strategy itself. Strategy can succinctly be defined as an organization’s unique way of creating sustainable value. At the heart of every good strategy there are two interrelated decisions that must be coherently and iteratively answered at every organizational level:

1. Where to Position Your Products or Services? Selecting, exploring and exploiting the target markets where you have the best chance of succeeding.
2. How to Position Your Products or Services? Deciding how to create significantly more value for your target customers than the competing alternatives. What is your value proposition?

Even under ordinary circumstances making these two strategic decisions in a way that consistently leads to success is a challenge. Just imagine the difficulty of consistently making successful strategic decisions under the compounding pressure of continuous digital disruption. While there is an ever growing multitude of approaches to strategy, the majority of these methods are ill-equipped to deal with the constantly changing dynamics of today’s world much less tomorrow’s. Traditional strategy methods put too much importance on using the right words, developing good stories and finding absolute answers. However, when you must wrestle with constant change there is no right answer or definitive story. A successful choice today can often lead to failure tomorrow.
 
Given the increasingly high risk and cost of failure, in today’s world what matters most is always choosing to succeed. Consistent success in the face of constant change requires decision-makers to be able to continuously, concretely and collaboratively make progressively better strategic decisions. To attain this goal, decision-making needs to be viewed as synonymous with learning, where anticipated success and failure are both treated as inputs to a continuing transformative process. Moreover, this means emphasis must be placed on constructing an increasingly valid, reliable and holistic view of the world that can be tested through a vigorous mix of market feedback, relevant data and on-going dialogue amongst all of your key stakeholders. In this way, your strategic decisions can be easily updated, improved upon and if necessary, also rejected.

Gone are the days when executives, lines of business and product owners can lock themselves at an offsite meeting and determine the best features, target market(s), advertising and price points for products. Gone as well is the ability to focus solely on that unified, packaged, delivered item and its lifecycle. Seemingly lesser products that have capitalized on integrating digital features into the customers’ lifestyles will gain the ability to capture new customers through a lifestyle enhancing experience with that product. Increasingly this customer experience driven mode of disruption will diminish the relevance of any potential competitive advantages held by today’s market leading products or companies. To mitigate this risk, companies will need to diversify across the varied layers of the products being delivered to ensure continuous delivery of product features. Correspondingly, companies will also need to gain continuous feedback about product usage and perception in the marketplace.

This diversification will not necessarily happen by releasing many versions of each product targeted at specific markets but instead as shown in Figure 1, where product strategy is closely tied to continuously delivering new functionality and capabilities through software. Whether it is a wearable device, has a mobility application to go with it or can be enhanced by placing the users profile and data into a virtual community that constantly improves the consumer’s experience, the products of the future will not be subject to the long, meandering, difficult to close loop of strategy as it exists today. Quite to the contrary is the fact that consumers can buy a product, start using it and generating massive amounts of data to the cloud, gain value from the value added services overlaying that data and immediately become a champion for that product by opting in to the supported online community in ways that add value to other customers. For example, think of the value created by enthusiastic customers taking to social media to explain the ways in which your product has enhanced their lifestyle or in other cases where your customers spontaneously use traditional media channels to give your product a glowing testimonial, all without advertising spend.


Figure 1. Layers of Digital Products

While big data is a large part of understanding how customers are using products and services, there are other parts of reality that must be integrated and measured in perpetuity for Continuous Strategy to be effective. The first of these are the existing enterprise systems that facilitate planning and execution for any business strategy, systems like ERP, CRM and PLM just to name a few. The next part deals with the less understood phenomenon of just how these products; their features and benefits are interacting with individual markets through tapping into the vast data sources of social media. Plotting a Continuous Strategy not only revolves around mastering the delivery of products, features and services that are appealing to your markets, but is also tied to the perceived reaction of target customers. This expected social behavior is part of the Continuous Strategy closed loop. After all, delivering products that positively integrate and improve the lifestyles of customers is something that will generate passionate advocacy and as such successful offerings can be the anchors for broader marketing campaigns within the enterprise and its go to market themes.

Due to the vastness that is big data, especially given the potential to discover patterns relative to Continuous Strategy, implementing Continuous Strategy takes not only an analytic backbone but also adequate exploration tools for all stakeholders involved in the value chain. The ability to collaborate across the ecosystem in as near to real time as required should be delivered in a highly governed and well-understood manner that portrays all facets of value creation in terms that can be agreed to despite the richness of available data relative to each persona. This model that supports continuous interactions across the strategy lifecycle, indeed digitizes business itself for the information age. This is what we call Assisted Intelligence and is at the core of Continuous Strategy. While not quite AI in the traditional sense, Artificial Intelligence that is, Assisted Intelligence is a concept that captures a holistic, definitive mapping of the continuous flow of business across production and into the marketplace. This aids decision makers in extracting the pertinent interpretation of experience from all stakeholders across facets of the product and its lifecycle through each digitally connected stage.

 
Figure 2. Micro, Pico, Nano Integrated Lifecycles



Because of the integrated parties and the corresponding ability to plot and measure a Continuous Strategy, enterprises will be able to dynamically hedge their risk through diversification. Those forward-thinking decision-makers utilizing Continuous Strategy will accomplish this by aligning macro, micro, pico and even nano stages of product and service aspect development, as seen in Figure 2. A major output of this product and service lifecycle alignment is that enterprises will gain the capability for recombinant features across the product portfolio. This also extends to the partner ecosystem where aligning to adjacent markets and products becomes a well-understood exercise. Through the mastery of the Continuous Strategy, enterprises can expect to maximize the potential of each product, gain the elusive gestalt value from a product portfolio and ultimately establish branding that works best for the corporation at large with fluidity. The ability to continuously understand the timing of such efforts combined with unforeseen disruptions within markets assures that enterprises are making the most sensible portfolio based decisions on where to invest for maximizing revenue and profits in each market. Continuous Strategy becomes the means to the deliver this future state of doing business.

Given the continuously rising levels of change, uncertainty, complexity and instability facing strategic decision-makers, Continuous Strategy can only be implemented via an integrated digital platform that seamlessly combines structured decision-making with cutting-edge technologies. This platform can be defined in terms of seven self-refining ontological levels. Each level provides uniquely powerful value creation that increases exponentially as it is integrated within higher levels, forming a gestalt for consistently winning in any market. Furthermore, this platform will also provide users with a pathway for delivering digital content that fuses the user experience to products, which is necessary in order to realize the full benefits of successful Continuous Strategy implementation. The seven levels of a fully realized Continuous Strategy platform are as follows:

Level 1: Structured Decision Approach - At the core of the Continuous Strategy paradigm there needs to be a structured approach and model for making increasingly better, timely and effectively communicated strategic decisions. Following a structured approach ensures that strategic decision-makers have a clear picture of how to create sustainable value; key stakeholders are on the same page; and these stakeholders have the coherence, confidence and commitment necessary to consistently succeed. More specifically, a Continuous Strategy driven structured decision approach provides strategic decision-makers with:

• A dependable, user friendly and effective framework for evaluating the perceived value customers experience from any product or service;
• The capability to construct a value-focused ‘Theory of Mind’ for every target customer that allows you to maximize sustainable value creation;
• A straightforward way to determine does your strategy ‘make sense’ while consequently ensuring stakeholders are: (a) focused on understanding the most important variables, (b) prioritizing key activities and (c) choosing the best course of action to increase your probability of substantial success as well as reduce your risk of major failure;
• The capability to frame strategic decision-making as a continuous process of forming useful hypotheses from which you can systematically pivot to increasingly better hypotheses as you gain more information, knowledge and wisdom;
• Finally, a practical means to clearly, concretely and collaboratively think things through.

Level 2: Secure, Compliant Cloud - At the technology base of Continuous Strategy is the concept of cloud computing. Gaining the kind of insights described herein, collaboratively and in as near to real time as possible requires an underlying compute foundation that is scalable in a linear fashion. After all, success in this arena will always create a hunger for more of what got you there and to satisfy that hunger enterprises will have to feed the Continuous Strategy platform with more data, calculations and hopefully more customers and partners who are providing most of that sustenance. While cloud computing has proven capability to provide resources in this fashion, what has eluded the industry more broadly is the concept of a truly secure and compliant cloud. This means not only the ability to meet various regulatory requirements including HIPAA for healthcare, Sarbanes-Oxley for public companies, banking regulations, etc., but also the profile for acceptable risk within the enterprise. After all, who would want a consolidated location that houses the assets to produce something as powerful as Continuous Strategy that when compromised, could provide the ultimate espionage opportunity.

The Secure, Compliant Cloud that delivers the platform for Continuous Strategy must be one that not only provides the linear scalability previously mentioned but also be built to provide access to the community that will support it. Thus assuring that these veritable ‘nuclear secrets’ remain parceled out only to those with a need to know and presented in a way governed by their access level relative to a specific subject matter. These are issues that have plagued effective communication between national security agencies for years but in this case of Continuous Strategy the entire phenomenon will drive the creation of each layer such that these types of requirements will be met and fears about actually creating something this powerful can be ameliorated.

Level 3: Integrated, Scalable and Policy Driven Big Data – On top of the Secure, Compliant Cloud at the foundation of Continuous Strategy, there will be many incarnations of Big Data that benefit not only from the underlying linear scalability but also the compartmentalization of data processing elements that will integrate from sources as diverse as social media, enterprise systems like ERP, IoT enabled products and digital services just to name a few. This compartmentalization will serve multiple purposes. First, it will accommodate the data structured in various ways such as key-value pair, columnar, graph, relational, ontological, etc. to allow for the nearest to real time analytics possible without the need to juggle or reformat. Second, it will be a more granular compartmentalization of customer data with very specific mappings of available policies governing the usage of that data.

Once again creating this kind of power and connectedness with the customer does not come without its potential perils. Therefore Continuous Strategy must bring with it a Big Data layer devised to directly identify and embrace these policies as determined by a collaboration of stakeholders such as legal, regulatory along with the customers themselves. Unlike many systems today where utilization of data is a policy restriction, in the digitally connected product era, customers will tend to have a much different idea of how these strategically enabled products and services enable their lifestyle as well as what they are willing to sustain in terms of being marketed for potential upsell/cross sell opportunities. At the same time, Continuous Strategy needs to allow responsible parties to understand the potential boundaries of this usage governed by regulatory bodies, ethics, opt-in agreements, etc. Consequently, this critical capability will need to be fluidly encoded into the big data layer such that affected parties grasp potential upside and ramifications of certain levels of sharing.

While currently this may seem a feared area to tread in the world of Continuous Strategy, it will create a kind of currency in and of itself that must be managed and parsed against what may be perceived as burdensome today. An example would be a avid supporter and user of a product or brand that is willing to open up data about his/her experience, perhaps for a discount on services or rebates on future purchases. This kind of data can be effectively used by the product company to attract similar customers and as such this type of advocacy must be rewarded. However, these rewards need to be based on strict, well-understood guidelines between product companies and their customers. Providing this critical line of sight to developing this future generation of products and services will allow petitioning of governing consortiums, watchdogs and public policy entities to ensure that something potentially with broad sweeping benefits and upside profit potential is well identified as to its usage across involved parties.

Level 4: Pattern Recognition of Streaming Data – Continuous Strategy requires the ability to not only harness the power of big data but also extract meaning of streaming data as it is ingested into the system. Data in the new digital world is constantly being generated and much of it may be considered to be noise. Filtering through that noise in order to find those items that may allow enterprises to infer more deeply within Continuous Strategy is crucial for success. Furthermore, these data artifacts must be identified and marked for surveillance. Whether it is a series of posts on social media, a dearth of sales to a targeted market, a competitor’s new product that has stormed onto the scene, unexpected usage patterns in telemetry from digital portions of a product offering or even a supply chain issue hampering adequate inventories as products are flying off the shelves, events must be identified, put into context relative to Continuous Strategy then triaged by responsible parties. As they say, “Time is money” and to double up on the clichés a wise man once said “Bad news early = good, bad news late = bad”. The ability for the platform to react to these trends, whether macro in nature or as discreet as a potential interaction with a customer or his/her product, is the critical facet of Continuous Strategy delivered by Pattern Recognition of Streaming Data.

For Continuous Strategy to be effective the event processing must live as close to the incoming digital reality as possible. Because the available data coming from that reality are of variable types, the system needs a way to parse and glean meaningful elements from that data. These features are used to compare against historical trends, those relied upon by Continuous Strategy, in order to spot anomalies in those trends. This requires a method for pipelining these results into various streams of real-time data and text mining along with some traditional mathematical pattern matching. As will be discussed in the following section (i.e. Level 5: Prescriptive Analytics), it is the automated programming of metadata and values that seed these functions that form the watchful eye at the gateway to reality for Continuous Strategy.

The other role of this level in the overall fulfillment of Continuous Strategy is to determine which data needs to persist in order to control potential explosion as well as moderate the desire to grab and hold on to everything possible. It is as critical that data is cleansed, features extracted, compared for actions within the system and ultimately stored in Level 3: Big Data of the Continuous Strategy platform so that it can be used at a later time in more batch oriented processing that occurs there. This requires a level of assuredness that actual source data being discarded has been summarized in way that is not ‘lossy’ to the overall concept of Continuous Strategy. This is not a fork in the road type of decision made within the system but more akin to a ‘digestion’ process that will stage and process data in several phases in order to reach equilibrium of system resources.

Level 5: Prescriptive Analytics – Today’s business intelligence and analytics supports monitoring of business strategy for effectiveness. In the future, Continuous Strategy will not only look at historical markers to predict trends but also assemble potential adjacencies, orthogonal or axiomatic themes that will provide avenues to prescribe future actions for evolving strategies. Because so much data about individual users, populations of users, geographic, demographic subsets of markets, etc. is available, Prescriptive Analytics will find potential paths to provide more value by understanding the vectors in which value has been previously created in these alternate pathways. Often traditional regression analyses will render a prediction of the future based simply on facts in evidence. These tools are useful due to the fact that certain types of behavior within markets and other functions can provide a great deal of predictability. In the future, however, customer personas, slices into customers’ very existence such as mom, chef, competitor, driver, etc., will need to have a value-based ‘Theory of Mind’ seeded into expected patterns for surveillance. These patterns will allow you to gain proper perspective against the eventual feedback generated by products, services and customers.

Data comes into the system and is scored against an expected reality that has been established as a baseline. This means that consumer behavior is measured across numerous vectors and will give you more clarity about your predictions. The system will also perform reification of more atomic, more aggregate or adjacent theorems for sustainable value creation. In this way axioms are built within the system by ranking and completeness. By comparison against the data seeding the Continuous Strategy, the system now can consider what was previously in a large sense considered to be noise from social media and other sources. This provides a way to further interpret what assumptions have become or are becoming true or false over time. Moreover, the ability for Prescriptive Analytics to create more discreet, aggregate, concentric or altogether different sets of attributes relative to these ‘Theory of Mind’ slices into customer personas will become the genesis for Assisted Intelligence.

Level 6: Collaborative Decision Support (CDS) - CDS from a Continuous Strategy perspective involves modeling strategy as a Multi-Criteria Decision-Making (MCDM) process. The results of this MCDM process are consistently unfolding timely decisions via progressive learning, understanding, evaluating, conducting on-going dialogue and taking action. A Continuous Strategy based CDS has nine essential characteristics. It is: (1) Simple; (2) Robust; (3) Easy to control; (4) Adaptive; (5) As complete as possible; (6) Easy to communicate with; (7) Focused yet expansive as necessary; (8) Time Binding; and (9) Poly/Omni-Linguistic (i.e. It provides a value-based, universal grammar that enables effective communication throughout the organization). CDS ensures decision-making is transparent as required, traceable and based on the best facts available. CDS promotes creating empowering, enabling and energizing shared realities; building active stakeholder commitment; and moving decision-making away from risky individualism by leveraging the untapped potential wisdom of crowds. 

Level 7: Visualization, Guided Work-Flow and Knowledge Discovery - User interface technologies have evolved to where mobile devices are now in possession of very powerful visualization tools rivaling the most powerful workstations of a decade ago. While powerful, these visualization tools are only as good as the information being fed to them in order to present the user with the most powerful paradigms possible to facilitate true understanding. In many cases, visualization for analytics promotes multiple form factors with which to present data for enhanced understanding. In the case of Continuous Strategy it is not enough to simply visualize data from vantage points necessary for understanding concepts from different dimensions. It is also necessary to present this visualization to each party involved in the planning and execution of the strategy reflecting relevant areas of responsibility. This enables visualization to be performed on a role-oriented basis as part of the overall Continuous Strategy model.

Continuous Strategy will provide a collaborative, process oriented, guided workflow built on organizational capabilities to deliver on the established goals and objectives. By assimilating the vastness of data available, interpreting it relative to individual microcosms of strategy formation and execution, enterprises will facilitate exploration by parties involved. Because the concept is something that is less attainable within the boundaries of physical limitations such as the time to produce and ship product, Continuous Strategy guided workflow will be plotted with concurrent streams of delivering the total customer experience via the various facets as previously shown in Figures 1 and 2. Along with visualization, Continuous Strategy will provide users the ability to discover then encode their interpretation of knowledge used within their decision making at each of these guided workflow phases.

At the cusp of the Continuous Strategy horizons where macro adjustments, additions and other decisions must be made, Visualization, Guided Workflow and Knowledge Discovery will provide a firm record of all facts in evidence leaving no doubt as to how Continuous Strategy was used to provide the collective knowledge fed into the collaborative decision making process. This portion of the round trip through the Continuous Strategy system constitutes the human side of Assisted Intelligence. As shown in Figure 3, it is the responsibility of the Continuous Strategy system to put the participant in context for exploration and knowledge discovery leading to a refined visualization for decision making replete with cognitive triggers, weights and indicators that are intuitively constructed from the layers underneath.

 
Figure 3. Decision Making within Continuous Strategy

In the future it will not be adequate to simply turn data into information, information into knowledge and finally knowledge into decision. Continuous Strategy and its mastery will demand that this path to decisions and the knowledge gained becomes encoded within the organization in the form of wisdom. Finally, this inherent wisdom is antecedent to intuition or simply helping the enterprise gain as much agility as possible in identifying markets along with the required products and services to be profitable within those markets.

Good strategy has always emerged through an iterative process that balances intuition, creativity and deliberation. In today’s world of constant change and the ever-rising tide of ‘unknown unknowns’, regardless of the market you are seeking to capture, having a good strategy to guide your organization has never been more important. Unfortunately, a major problem facing business leaders and strategic decision-makers is that traditional strategy approaches are becoming increasingly inadequate in today’s unforgiving business environment. Moreover, the ‘future-world’ will only become more unstable, complex, and competitive. The world is rapidly becoming a ‘winner takes all, pugilistic arena’ where either you succeed or collapse with little tolerance for mediocrity. Consequently, the undeniable importance of adopting new, more effective strategic decision-making methods cannot be overestimated.

The map for Continuous Strategy we present in this paper defines the territory that every forward-looking business leader will seek to successfully navigate. It is clear that along with the high risk of competing in the era of continuous digital disruption there are also boundless opportunities for those pugilists who are willing to embrace this challenge in a rational yet creative way via Continuous Strategy mastery. Mastering Continuous Strategy will grant you an invaluable set of organizational abilities (among many other emerging benefits). With Continuous Strategy you will:

• Maximize the probability of consistent success across the product portfolio while minimizing the probability that the strategic decision-makers will get any decision completely wrong.
• Provide business leaders and strategic decision-makers with a discretionary line of sight across the organization.
• Ensure the right stakeholders are always included in the strategic decision-making process.
• Enable business leaders and strategic decision-makers to periodically score and measure expected strategic performance against actual business results.
• Ensure strategic decision-making is always based on the most relevant, transparent criteria.
• Provide key stakeholders with clarity about who is responsible for strategy implementation along with the dynamic prioritization of critical activities.
• Ensure business leaders and strategic decision-makers have a realistic model of expected results which provides a basis for detailed planning.
• Enable business leaders and strategic decision-makers to realistically assess the company’s execution capabilities.
• Provide key stakeholders with a holistic framework for reviewing any business case.
• Provide the organization an expanding knowledge base for developing wisdom.

Achieving consistent success (i.e. creating sustainable value) in the ‘digital connectedness of everything’ era means organizations must adopt equally disruptive strategic decision-making methods. To quote Christian Clayton the world's leading authority on disruptive innovation: “We keep re-discovering that the root reason for established companies' failure to innovate is that managers do not have good tools to help them understand markets, build brands, find customers, select employees, organize teams and develop strategy”. We propose that our vision for Continuous Strategy is a blueprint for eliminating this ubiquitous root cause of organizations failing to innovate while providing strategic decision-makers with the means to consistently leverage the virtually unlimited potential for sustainable value creation via digital connectedness.

Conclusion

Imagine a world in which enterprises are able to deliver products that become an integral part of their customers' lifestyles. These could be sporting goods such as golf clubs or a bicycle; they could be a set of kitchen appliances or medical devices. Now imagine the ability to generate necessary readings from those devices and process them in prescribed intervals such that the customers' lives are improved. This could be the weekend athlete looking to take strokes off of his game or reduce the time of her ride. It could be a homemaker creating the best Thanksgiving meal possible with recipe selection, planned shopping and optimal cooking times being effortlessly orchestrated. It could be the college football party hosted in that same kitchen area that plays the fight song as beers are retrieved. Perhaps more meaningfully it could the person with diabetes or emphysema and their care ecosystem that are incentivized by patient healthcare outcomes.

In any of these cases, the ability to capture data from these products integrated into their tasks at hand and plan a portfolio of digital services that fuses the device and its usage to the customers' lifestyles are what bring home the idea of Continuous Strategy. Continuous Strategy is not about making machines self-aware or reaching some sort of utopian technological singularity. It is about encoding the knowledge of experts that most of us could never gain access to in such a way that when combined with data emanating from products in use, customers' lives are profoundly impacted. Whether they are the weekend warrior or the PGA professional, the focus is on providing customers with empowering, energizing and enabling solutions that innovatively addresses their needs, wants and aspirations. This digitally driven innovation is provided in such a way such that your customers are compelled to enthusiastically advocate for your products via every available communication channel because they truly feel this advocacy is mutually beneficial. In other words, Continuous Strategy is about sustainable value creation that is increasingly attractive and truly nourishing for everyone involved. The ultimate goal of Continuous Strategy is to maximize sustainable value creation through digital connectedness such that every stakeholder in the offering ecosystem experiences his or her own version of success.

About the Authors: 

Allen Shortnacy – Allen has 20+ years of digitizing a diverse set of industries. Throughout his career he has developed and scaled very large, complex databases and their logic as well as managed large-scale data acquisition and integration for those databases. For the last 5+ years he has been evangelizing for the secure, compliant cloud. He is also an industry thought leader for the next generation of applications comprised of IoT, big data and analytics running on the secure, compliant cloud.  

Vaughn Jackson, Ph.D. – Dr. Jackson has 20+ years of experience providing organizations with structured methods for effective operational and strategic decision making. He is the architect of a structured approach and model for making increasingly better, timely and effectively communicated strategic decisions, which is the foundation for the Continuous Strategy paradigm. His expertise is in the practical application of decision theory, cognitive science and systems thinking to successfully implement strategy across a wide variety of industries.  



You may download a PDF of this document here: Continuous Strategy

Leveraging BPM, SOA, Identity Management and Enterprise 2.0 for Governance, Risk and Compliance

Running an IT organization for government or business in this day and age has brought about new challenges which place a focus on capabilities and tremendous strain on resources that ideally would have occurred only per the natural requirements of the business or mission. This somewhat artificial digression from the politics or competitive landscape that has historically shaped how most IT systems were built, delivered and managed is a new layer of complexity that has appeared on the horizon and which can easily engulf scarce IT resources if not handled strategically.
In this white paper we will attempt to address Governance, Risk and Compliance while prescribing the new technology paradigms of BPM, SOA, Identity Management and Enterprise 2.0 as a unified set of patterns and tools that can be brought to bear on these new initiatives. This should be the driving force behind how you modernize your IT environment to service these needs while also providing the value of agility to your enterprise. At the conclusion of this read we hope to have presented a compelling story around how and why this set of technological offerings will be all you need to implement in the foreseeable future for solving these problems while continuing to improve the overall quality of your IT mission.

Compliance

In thinking about this new wave of Governance, Risk and Compliance let’s start in reverse and look at the end result, Compliance. For the scope of this white paper ‘Compliance’ could be anything from Sarbanes-Oxley Section 404, HIPAA, CMMI Level 3-5, ISO 9001, Basel II, even anything that is internal to your organization such as capitalization or Service Level Agreements (SLAs), and the list goes on….
No matter what you are faced with in the ways of Compliance, the end result is likely some kind of an audit or periodic report to someone or something responsible for verifying that you are in Compliance. Such requirements as that are usually tied to some sort of Business Intelligence system that will tend to aggregate data from all kinds of places and systems to produce reports that verify levels of Compliance. The difficult part of such period based reporting systems, in addition to the mad scramble to actually make them produce positive results, is showing your work, e.g. decomposing the aggregate numbers for proof of Compliance. While Business Intelligence, such as that of the aforementioned variety, isn’t mentioned in the title of this white paper it has become very much a part of BPM at large and will be discussed under that topic later in this white paper.
In the end the old adage about those things measured and reported on are those things which are acted upon is the real rule of thumb here. No matter what you are expected to fall into Compliance with you will first need to figure out how it will be measured. We will take a more in depth look at how to define these metrics in the next section, Risk.

Risk

As previously discussed Compliance is something that may come from a myriad of places. It may come in the form of an audit to uphold some certification or perhaps simply adherence to some plan of capital outlays for value in your IT portfolio. Whatever these items are they should measured in terms of the level of Risk you acquire by somehow falling out of Compliance. There are many types of Risk, Operational Risk, Financial Risk, etc. and in some cases the Risk you are trying to measure has prescribed methods for doing so. The Basel II Accord for Banking where your Risk is measured in a monetary fashion is one such standard. Where there are government institutions enforcing Basel II on the largest (about 100 of them in the US called Tier 1) banks there is additional Risk of finding that you haven’t complied in addition to fines and publicity that may come in tow. The Basel II calculation of Potential Default (PD) or Exposure at Default (EAD) is likely something that should have been measured a little bit more closely by all institutions with regard to the recent housing market lending issues that materialized in poor ratings for those aggregate Collateralized Debt Obligations (CDOs) rife with subprime mortgage write offs.

Prior to thinking about Compliance or Governance you must plot those Risks that are important to your organization. One approach is to scatter plot such items as in the chart below. We’ve stated that Risk could be measured in negative value but let Value to your organization be the X axis and assign some other weighting say 1-10 for the items that have the greatest Risk for your organization. Again those things may be moved by their negative value but they may also realistically fall into the category of Risks you are willing to take. You can size the point on the chart for the levity of the Risk. Obviously you cannot hope to attack all points equally but it is necessary to make this a living exercise to constantly re-evaluate where you stand in the vast world of Risks that affect your operation. If you are at Risk of losing market share for instance then you will certainly become out of Compliance with shareholder expectations!
There in lies the point of having a sound strategy for Governance, Risk and Compliance so that you’ve controlled your Risk internally before having to worry about it externally. After all, exposing your customers to that risk can cost the most important capital an organization possesses, credibility. We all experience Risk in everyday life for instance when we approach an intersection with a yellow light we make a calculated decision based on the Risk that we may be caught breaking a law if we proceed. If you were to get into an accident or get a ticket in doing so it would pose great risk to you in the form of bodily harm or financial responsibility. Externally, however, insurance companies would have new ideas about the risk you present for them in continuing to insure your operation of a motor vehicle in the future. Some Risk happens that quickly but identifying all of those things ahead of time that are possible and preparing to handle them proactively is what Governance is all about.

Governance

While Compliance is usually done to appease some authority that has the ultimate say as to whether have effectively mitigated or managed our Risk, Governance is the practice of managing the Risk of not being in Compliance. We’ve stated earlier that this Compliance may come down to something at the very core of your business such as whether or not you are generating enough revenue for the marketing campaign that was just funded. Perhaps this Compliance is more of an absolute such as that of Sarbanes-Oxley Section 404. No matter what the total sum of these Compliance items that assure that you’ve managed the Risk specific to you, there is also likely a number of Governance frameworks established to deal with those same issues. In the case of Sarbanes-Oxley (SOX) there is the CobIT framework which is meant to put in place the Controls necessary to be able to attest to Compliance with SOX. There are many complimentary frameworks that every publicly traded company should implement or at least investigate for portions applicable to enhance CobIT such as ITIL and ISO 17799 (now ISO 27002). Many of these involve internal processes that must be implemented, verified and measured as an ongoing, ‘in-situ’ audit rather than the mad dash of period based reporting most experience these days.
Governance then is the sum of these policies and procedures that you put in place, some of which are based on industry standard frameworks, in order to effectively manage your total Risk. Don’t let all of the alphabet soup of all of the frameworks, regulations and standards scare you. Once you’ve gained an understanding of your Risks you will be able to map the appropriate frameworks to them for building your own Governance ‘mashup’ (see Enterprise 2.0 at the end of this paper for a definition of ‘mashup’). The point of this white paper is to explain how a modern approach in implementing these controls with state of the art technology patterns can actually provide a vehicle to sustain any combination of these needs while also modernizing your IT infrastructure to be defined and driven by all business goals. Rather than consider any of the items addressed in this article as a ‘siloed’ cost center investment one should look at the overall agility these patterns can provide to an ever changing marketplace that demands more visibility into how you are protecting the interests of your customers, citizens or investors.

BPM

In addition to this plethora of frameworks (see Glossary at the end of this paper) aimed at supporting Governance there are a number of methodologies that support Quality and other initiatives in general such as ISO 9001:2000, CMMI and ISO/IEC 15504 which attempts to harmonize many frameworks starting with the two previously mentioned. There are also any number of derivatives of kaizen or Continuous Process Improvement methodologies such as Lean (from the Toyota manufacturing process), Six Sigma and even Lean Six Sigma. These all exist to minimize the number of defects per opportunity thereby increasing quality while allocating resources to the process steps in a ‘just in time’ fashion. The Continuous part involves understanding, measuring, simulating and re-engineering processes for gained effectiveness and efficiencies. The round trip for this Continuous Improvement Process is all about the reporting of the Risk measurements determined by what are seen as Key Performance Indicators or KPI’s. This data about performance is ideally fed back into a business process analysis tool that can use it as a simulation baseline.
Because these Risks have Governance frameworks associated with them it also ideal to weave these activities inside of the normal everyday duties that your lines of business perform. As mentioned in the Governance section of this white paper it becomes increasingly difficult not only to generate Compliance reporting around your business processes, but more importantly how you can decompose those reports to provide on the spot actual data. By fusing the techniques provided in this white paper your organization can provide a line of sight from any vantage point of your operation to any other(s). Although not a substitute for period based business intelligence aggregated for the purpose of performance management this brings the necessary aspect of decision support into your operational systems. Also because data from these more robust periodic systems can and should be embedded into your business process management applications you get an accurate picture of ‘who knew what and when did they know it’ that seems to be at the crux of most critical forensic audits occurring today.
The other part of BPM that is critical, especially since BPM is at least somewhat overlapping if not a superset of BPR (Business Process Re-Engineering), is the ability to understand how your human resources interact within business processes. Even more importantly, strategic human resource management involves understanding how your people can best perform and in what quantity especially if your workforce has a highly repeatable set of tasks. Understanding the activities of each individual in a discreet manner but always in relationship to the macro set of processes they participate in is where BPM intersects with Identity Management and is sometimes called ‘Role Mining’. This study has far reaching impact not only in BPM but also Human Capital Management where you literally are able to grasp the impact of enabling Human Resources with certain capabilities before investing in those initiatives. After all it is really the adoption of any initiative by a larger business community that enables success of any of the things such as those discussed in this white paper. Giving your organization protection from harm and increased value to the people it serves will win over many line of business owners and users who too many times have seen change come for the sake of change.

SOA

Service Oriented Architecture (SOA) isn’t an entirely new concept. It is however a new acronym with a lot of hype. In fact it has its own ‘hype cycle’ and now potentially an extended ‘trough of disillusionment’. This last part occurs when most realize that even though this new paradigm or technology is quite attractive, the reality of getting it implemented to derive its promised value seems distant if not impossible. SOA is one of these that experienced a steep slope that exists on the upside of that trough known as the ‘slope of enlightenment’. During this enabling phase many have realized that it takes more buy-in from various factions in an organization than what they may have assumed initially. An interesting statistic put forth by Gartner (whom by the way founded the ‘hype cycle’, ‘trough of disillusionment’ and ‘slope of enlightenment’ being discussed here) recently states that only about one quarter of larger companies will have the organizational or technical skills to realize an SOA by the year 2010.
SOA is largely an IT exercise and because IT has been somewhat separated from business in that its cyclical nature of responding to change in business models it is not seen as adequate in many business owners’ opinions. While services are typically portrayed as those interactions between systems in an SOA the other perhaps more key tenet of an SOA is how those systems are presented to and allowed to interact with the users involved in the business processes they support. An SOA is the fundamental center of the holistic concept presented in this white paper as it embodies all of the enterprise wide integration aspects that have heretofore been known as EAI, EII, ETL, MDM, B2B and the list goes on. An SOA requires its own set of rigors for Governance because of its own inherent Risks whereby measuring it for Compliance against its stated goals are the beginning of a truly shared model where business and IT are joined at the hip.
A perfect example of software vendors addressing this challenge has been the phenomenon of ERP and other COTS business applications that attempted to insulate business owners from dealing with IT in terms of actually creating systems to run parts of their business. The process of configuring these systems is what BPM looked like for many years until people realized how changes made to those systems affected upgrade paths not to mention stability of the applications themselves. The nice thing about this new philosophy of SOA and BPM is that those investments as well as investments in other legacy systems are preserved. Using BPM as your genesis for an SOA gives you an opportunity to attack this problem from a known set of requirements which are those of the business owners in the organization. They will give the commitment you need to get started not only because they are actually driving SOA requirements at the appropriate layer but also because you give them the ability to modernize their legacy or ERP systems without actually touching them. This is something that will save them huge budget and also allow those systems to continue providing the functionality they provide today including remaining the system of record for mission critical data.

Identity Management

As described in the previous two sections, the most important parts of your business are those resources that are not automated but human. They pose most of the Risk once you are into even the most basic maturity stage of an SOA and are responsible for carrying out operations using the Governance model that you’ve put in place in order to stay in Compliance. It is now apparent that Identity Management is the sharp end of the spear known as Human Capital Management as it was discussed earlier. It is literally where the rubber meets the road in that it is how your people gain access to the systems they interoperate with everyday to conduct your business. In addition most organizations have realized that the same digital identity should be used for gaining access to locations in which physical systems and other resources reside. The cost of managing on-boarding, off-boarding and otherwise managing credentials for these varying communities of individuals as they relate to your business has historically been a tough cost center to deal with. With a sound Identity Management Strategy much of this process can be centralized and provided in a self service fashion.
Outside of the HR or BPM side of knowing who your folks are and what they do, Identity Management provides one of the most critical items for Compliance and that is Attestation. Simply stated, Attestation is what an organization’s executives must sign off on periodically that says you’ve taken appropriate measures (implemented appropriate Governance) to mitigate any Risks. These include any or all of the Risks mentioned in this document plus untold others unique to certain industries or even those yet to be enacted or enforced. The one Risk that cuts across all others is that of the insider empowered to conduct your business that does so with a malicious intent, the so-called ‘insider threat’. This is the one thing that weighs the most on a company executive’s mind as it, aside from reports he’s looking at, is ensconced completely within a black box until discovered and by then it is often too late. Identity Management along with other appropriate Governance measures implemented in BPM and SOA helps to ensure that your employees act ethically and with your mission as their driving priority.

Enterprise 2.0

Let’s start by stating that Enterprise 2.0 simply means Web 2.0 and how that phenomenon applies to the enterprise. The key element of Web 2.0 and indeed Enterprise 2.0 is the ‘social network’ or the idea that in everything you do that involves communication with others there is a set of attributes or ‘social fabric’ that ties you together with that person or group you are interacting with. This allows you to participate in each task you perform everyday with those attributes front and center in the form of a collective context or ‘presence’. Presence is something you are familiar with if you’ve ever used an internet chat program and categorized your ‘buddies’ into groups for family, work, friends, etc. In the enterprise however presence is a more richly intuitive list of who’s available to you and what their role is in the scope of tasks you are currently working on. The other thing about Enterprise 2.0 in this collaborative scope of activities are the communications that come from this presence interface such as instant messaging but also including voice over IP (VOIP), video conferencing or web conferencing where a user’s desktop or document(s) are shared.
The other services provided in an Enterprise 2.0 fabric are those that were previously thought of as content management applications but now are seamlessly integrated into the ability to search for content, create it on the fly and share it any way imaginable. What you are working with at all times is data from your SOA that can be materialized as a printable document on the fly. For imaging or other legacy captured documents those can be passed as part of a ‘worklist’ that may be subscribed to for personal tasks assigned to you or tasks assigned to those in a certain role necessary to perform the work. In any case the idea of a ‘document repository’ or really locations in general is abstracted from the users in an Enterprise 2.0 environment. And since everything is locatable via a search engine interface or by attribute tags that give the documents the same project based context as presence, producing, accessing or editing documentation becomes a seamless part of a business user’s tasks.
Enterprise 2.0 components known as wikis and blogs allow for effectively introducing your new BPM centric SOA to personnel, both old and new. Wikis are essentially online encyclopedias of knowledge about things in your enterprise. Everyone can make entries in a wiki and those wiki entries are searchable as content. This is really a readable index of what people think is important to your organization and again its entries are presented along the hierarchy of your business taxonomies. Blogs are essentially similar but are more personal in nature in that it is used to record notes about how certain things were accomplished or perhaps more importantly are to be accomplished thereby alleviating the pain for the next individuals who experience the same challenges. Blogs allow for community comments on their content whereas wiki comments are effectively another entry into the wiki linked to the previous entry. These things provided together are known as a ‘mashup’ in Web 2.0 parlance and delivered to your users as an AJAX based Rich Internet Application (RIA). This combination also allows for a harness of sorts to be provided for business users to accomplish a very necessary goal of having a self identifying, self training work environment to be immersed in. Ideally this environment has gleaned all of the knowledge from your body of workers that is subject to disappear if not captured adequately. There is no bigger need for this than the current set of baby boomers that have been performing their work for decades and have their respective and collective knowledge bottled up in a form currently not transferable to the next generation. This paradigm allows for capture of that knowledge and its embrace by the new systems you put forth in order to address the challenges of the future while assuring good practices are not lost and also of equal importance that others are.

Conclusion

In today’s environment of regulations, competition and changing market conditions software vendors have thrust an abundance of new offerings into the marketplace in an attempt to enable their customers to cope and either remain in or gain a proactive posture towards IT investments. In this white paper we’ve presented some of these new patterns of software as well as visibility into some of the drivers necessitating an agile approach. You are hopefully now armed with a holistic view of these matters which you can bring to the attention of the appropriate decision makers within your organization to take action. Understand also that this story itself could start at any section in this white paper and easily transition to other sections as they part of a contiguous whole. This is a gestalt of the largest order in that it is increasingly difficult to enact certain combinations of these capabilities in a silo and still more difficult to actually do some of them without consideration for the others. Yet every day products are purchased and architectures are founded without consideration for a whole picture similar to the one drawn here.
When you start down the path of SOA with BPM as the key driver it becomes a self fulfilling prophecy due to the nature of how the onion is peeled with these techniques. Your BPM effort allows you to start with what your business actually does today and use that to drive the façade around your existing systems that becomes your initial SOA. You then take BPM a step further to analyze appropriate frameworks and methodologies that need to be embraced for the reasons discussed in this document. Next you add the study of your workforce and their enablement within these systems via Identity Management and its BPM components. Finally you modernize the way your business users interact in this new world of BPM by introducing Enterprise 2.0 with Identity Management as the secured wrapper that allows them to be entrenched in the appropriate role based contexts for the work they are expected to carry out. This is in stark contrast to those institutions today who for instance can’t even lend money even though lending is their primary line of business, all due to their own accumulated risk they’ve realized with their poor controls (or absence thereof)
On the road to this nirvana is the ability to rationalize the appropriate portfolio of services for your SOA as well as a cookie cutter understanding of how to procure IT assets. In the end rolling out a new virtualized line of business or change to your mission should be as easy as filling your plate at a buffet and not much more difficult to put into this framework with newly enabled personnel who are now able to more effectively multi-task due to the homogenized IT environment presented to them. In the end this really makes IT transparent if not invisible to businesses who have struggled in large part due to the antithesis to this picture that exists in many places today.