Session 6 Commentary
AGENDA
Assignment II Presentations:
Reconsider:
User Support & Training
Help Desk
Staff Training
Break
Review:
Change Management Primer
Risk Management
Discussion Questions
QnA on Assignment 2
Assignment II Presentations
Discussion Questions
-- What are the three greatest risks to an application's
successful implementation? Give specific reasons for each risk's
selection. Teams 2, 5, 8
-- What lessons can be gleaned from the Y2K
experience? How can these lessons be applied to new situations?
Teams 3, 6, 9, 10
-- What roles can DSS (Decision Support Systems) and EIS (Executive
Information Systems) play in managing risks? Teams
1, 4, 7
Reconsider User Support, Help Desk, Information Center
Help Desk Scope
Driven by Support Strategy
What does HELP DESK really do?
Need to define in advance (manage expectations) and measure performance
Define contact procedure
1-800-HELPME2, for example
HELP DESK Models
Most prevalent models
Three tier model – all issues
Two tier model – selected/new applications
Two tier model – all issues
Driven by Strategic Intent
Response time to caller
Response time to resolve problem
Part of support process to improve application
HELP DESK - 3 Tier
HELP DESK - 2 Tier
HELP DESK Tools
Help Desk Polarities
Typical Project Cycle
Major Design and Business Considerations
User Support and Training
- Integral part of application design
- Must be considered and validated during General Design
- Integral to low cost on going operation of the asset
- Should be managed by User on Steering Committee
- Goal is always to Minimize Operations Stage Costs-- How?
Operations Stage Cost Minimization-- comes from superior user support and training
Why?
How?
User Leaders --
Old Solutions for User Training
Application Support Team
Managing the Investment return
All functions must work together for same goal
Some historic boundaries (Mental and Physical ) need to go
Need to consider how to monitor the ongoing health and return from the investment
Break
Review Change Management Primer
CHANGE MANAGEMENT PRIMER
the need for educated executives so IT innovations are possible. Also discusses uses of meetings /seminars for bringing execs up-to-date. Questionable success if IT mgt has no track record -- may seem self-serving. Critical need is to understand the firm and its industry and the competitive forces that are working.
Focus for the class -- CIO + line mgrs-- managing the POLITICAL RISKS (see C.5 above) -- means for getting buy-ins from top mgt & mid mgt through-out the firm --
definition -- change management (the overarching concept behind risk
management) -- process of assisting people in making major changes in
their work environment.
Disruptive nature of change in a business person's life?
Change Management Roles Involved
4 step approach for describing / assessing change (c.)
The need for CHAMPION (someone who has vision and gets it implemented
How IS can help?
Champion needs from IS
End User Training
Computer-Based Training (CAI, CMI, CBT, IPSS)
End User Training Needs (5)
Review Risk Management
Risk Management
A. Paul, Lauren Gibbons, "High Wire Acts," CIO 6/15/98,
http://www.cio.com/archive/enterprise/061598_risk_content.html
B. Hildebrand, Carol " A Road Map for Risk," CIO, 4/15/96
http://www.cio.com/archive/041596_method_print.html/
C. Radosevich, Lynda and Cheryl Dahle, "Risk Management: Taking Your
Changes," CIO 4/15/96,
http://www.cio.com/archive/041596_risk_print.html
Risk Management
Highlights from Web Based Articles
A. Paul, Lauren Gibbons, "High Wire Acts," CIO 6/15/98,
http://www.cio.com/archive/enterprise/061598_risk_content.html
smart companies take portfolio approach -
- a mix of high risk (high potential return)
- mid risk (mid potential return)
- low risk (low potential return)
understand EVERY ASPECT of the risk so you know the level of risk you are taking on
should FACTOR risk into their return on investment calculations -
- some might think activity is profitable when in fact is not -- why this
happens -- risk is calculated on only 1 dimension from one group's point
of view -
technological risks -- MS intro of new ergonomic keyboard -- legal liability for repetitive stress syndrome
- therefore use interdisciplinary teams (h/w, legal, finan, mktg, risk mgt-- probability of failure) to calc risk & dev strategies -- h/w designed best k/b, legal drafted warning msgs, mktg promised to NOT advertise k/b as an ergonomic cure-- calc % that have a potential for repetitive stress syndrome., cost of lawsuit defense & potential judgments, etc.
- Fidelity Management Trust Co. log of every loss > $5000 with
details on incident and what ctls were put in place to get around it.
getting the right measures, understanding root causes-- learn from
mistakes
"R" is for return: Are
we achieving an appropriate return for the risks we take?
"I" is for immunization: Do we have the
controls and limits in place to manage downside risk?
"S" is for systems: Do we have the systems
to measure and report risk?
"K" is for
knowledge: Do we have the right people, skills, culture and incentives
for effective risk management?
These questions, as
well as a listing of best practices for each category, appear on the
Global Risk page of the corporate intranet--the hope is that they'll never
be far from executives' desktops and minds.
-- For joint ventures & partnerships -- grief-to-revenue ratio
B. Hildebrand, Carol " A Road Map for Risk," CIO, 4/15/96
http://www.cio.com/archive/041596_method_print.html/
"Often a CIO is so concerned with being an advocate for a project that he or she hides the uncertainties of a project" he (finance Professor Nalin Kulatilaka of Boston University) says. .. "not only did the CIO not get blamed for bad decision making, but his credibility increased. By translating an IS project into terms of risk and rates of return, he could speak the same language as the CFO."
By using the model of options trading-- develop a flowchart
("tree") of decisions and their possible outcomes extending into 5
years into the future.. Then, probabilities of occurrence are attached.
Then the projects are done in modules where at each stage, the risks are
reevaluated and recalculated. If the project's success now is iffy and its
likely payoff is too small then the project is canned. Some of this
modeling comes from Chaos theory -- particularly
"the butterfly effect" -- small changes can result in states totally
different from the originally expected. A butterfly fluttering in
Argentina results in a snowstorm in Chicago five days later.
example -- early users of technology face more risks than mid users
or late users of same technology and therefore must expect a much higher rate of
return starting sooner because higher risks must have bigger payoffs in order to
make sense.
| Risk | Early Adopter | Mid Adopter | Late Adopter |
| hands-on implementation experience | little exper / high risk | more exper / mid risk | much exper / low risk |
| vendor survival for project after shake-out | high risk | mid risk | low risk |
| sudden changes in direction of technology | high risk | mid risk | low risk |
| integrating technology with existing portfolio | high risk | mid risk | low risk |
| Benefits | |||
| Period for Start of Payoff | Short term | Mid term | Long term |
| SIze of Returns per period | Biggest | Bigger | Big |
C. Radosevich, Lynda and Cheryl Dahle, "Risk Management: Taking Your
Changes," CIO 4/15/96,
http://www.cio.com/archive/041596_risk_print.html
presents a framework for making sure all major categories of risks are examined
1. Cost Analysis -- cost, savings, potential new revenues. -- start with demonstrating that new project's Internal Rate of Return (IRR) exceed a set rate.
IRR is the discount rate at which the present value of the future cash flows of an investment equal the cost of an investment. It is found by trial and error; it is the rate that occurs when the net present value of cash outflows (the cost of the investment) and the net present value of cash inflows (the returns on the investment) equal zero, the discount rate used is the IRR.
2. Opportunity Lost: the Risk of Inaction or Failure -- weighing the cost of NOT
launching a project or FAILING in attempt.
Those costs of a potential failure are subtracted from the
expectied benefits to give the true costs.
3 . Vendor Management: Buying Smart -- negotiating with vendors and managing resulting contracts. Assessing the costs that would incurr if vendor goes out of business, or drops its support of a product that the firm bought,
4. Developing Practices: Getting It RIght -- setting clear business objectives. conducting modular projects. shortening development, increasing user involvement. and using more off the shelf software.
5. Political Risk: Stumping for the Project -- cannot be overemphasized that a CIO must get buy-ins from peers and superiors-- particularly when system spans functional areas (e.g., ERP) -- must not just get buy-in but also reassess situation constantly.
Ranking IT Projects -- {sum of reward factor scores - sum of risk factor
scores} = Project Risk Score
Higher the score the better. -- list is a good place to start
with risks, rewards, contract risks
D. Carol Hildebrand, "Beware the Weak Links," CIO 8/15/98.
The risks inherent in Supply Chain Managment (SCM) are explored. The "gapping the line" risk -- causing a break in assembly line.
Solution: cooperative, not antagonistic partner relations where meeting
common goals means sharing more information and sharing logistic workload to get
the goods where they need to be when they need to be there.
"But as chains linking suppliers, manufacturers, distributors and customers grow ever more intricate, so do the inherent risks. One company's problem could have repercussions through a far wider array of companies and functions than ever before."
Risks:
Topics
Risk Mangement
What imperils the Benefits?
General Business Risks:
Ineffective use by users
Poor Training
Poor Procedures
Inability to resolve problems
Poor Help Desk
Poor Monitor/Control
Lack of trained support
Poor access to user support
Lack of trainers
Risk Management Topics
- Overview
- Risk management approaches
- Technology risks
- Management processes
- Implementation issues
Risk Management Overview -
External Risks
(some others not mentioned in readings)
- Board of Directors (legally accountable for the system's operations and outcomes)
- Fiduciary [f.] responsibility of managers (a f. holds assets in trust for a beneficiary )
- Shareholder assets (the firm c/hold the f.s or mgt as responsible for losses)
- Foreign Corrupt Practices Act (started out to make sure MNCs didn't bribe foreign govts -now its been expanded -- basically the firm is held responsible for its own mgt's actions and c/be for its consultants)
- Personal financial and criminal liability (from shareholder lawsuits and FCPA)
- U. S. Government policies inappropriately administered
Risk Management Overview - Internal Risks
- Risk is anything that can go wrong
Murphy applies (If something can go wrong, it will) Ancient problem - compounded by new technology (esp. distributed processing, ERP, e-commerce) Year 2000 issues -- so far so good for most organizations but not out of woods yet Electronic Commerce
Risk Management Approaches
- Policies as rules to govern behavior
- Cost-benefit tradeoff
- Audit processes and plans
- Management accountable - personally
- Avoid risk - don’t go there
- Mitigate risk - prevention
- Recovery scenarios - plans
- Recovery capability - drills/skills
- Process audits - break in
Technology Risks
- Year 2000 -- so far, so good, but story is not all told yet
Management Processes
- Recognize IT risks
Policies and audit Standard risk review process which looks at both: --Design issue
--Project issue
- Discipline and will
- Process to identify risks and mitigation approaches
- Process to understand impacts
- Process to develop recovery skills -- Fire Drills
- Personal accountability
- Regular communications reinforcement
Implementation Issues
- No one wants to do this!
- An insurance cost at best
- Resource drain/competitor
- No perceived present value
- Usually must force from the top
- Safety and environment usually easiest
- Executives must consider IMPACT of interruptions
Temporarily unavailable
Permanently unavailable
- Business operations impact
- Business existence imperiled
Questions to consider:
- What happens if network is down?
- How long can you do without it ?
- How do you plan to keep recording transactions ?
- How long can you do this ?
- When do you go out of business ?
Risk Management Tools
- Common awareness and policies
- Security environment and ongoing management
- Management process to review risks
- Management decisions to accept level of risk and costs
- Oftentimes replicate some key technologies
Managing Distributed Computing Risks
- New media - old problem
- Some technology to help
- Management needs to understand IT is another business risk to be managed
- IT CANNOT do this alone
- Risk Management is a BUSINESS ISSUE
Discussion Questions
- What are the three greatest risks to an application's
successful implementation? Give specific reasons for each risk's
selection. Teams 2, 5, 8
-- What lessons can be gleaned from the Y2K
experience? How can these lessons be applied to new situations?
Teams 3, 6, 9, 10
-- What roles can DSS (Decision Support Systems) and EIS (Executive
Information Systems) play in managing risks? Teams
1, 4, 7.