Ten years ago, I played my very first game of golf. I had all of the gear I could possibly need, a set of expensive golf clubs and absolutely no clue what I was doing. I didn’t even make it off of the driving range before I broke two of my golf clubs. Thankfully, that outing was cut short before there were any further casualties.
That experience taught me a lesson that I have carried over the last decade of my career. No matter how amazing your tools and equipment are, they will never make up for flawed technique. The same goes for business processes, which are the bedrock of any Service Management implementation. Any gaps, inconsistencies, or exceptions in your process will still be reflected in your tool. If your organization is audited for SOX or PCI compliance, then these flaws and any inaccurate documentation will be an even larger problem.
So what can you do? Just like my golf game, all it takes is a little practice (or a lot of practice). Your business processes are the one part of your organization that you should never be complacent with. No matter if you have been doing it for six months or sixty years, there is always an opportunity to make improvements. The method I prefer to use is one you’ve heard before.The 3 R’s: Reduce, Reuse, and Recycle. Let me explain:
- Reduce: Every component of your processes should add value; whether its mitigating risk, providing automation, or some other outcome. In my experience if the justification is “just because” or “we’ve always done it that way”, then most likely it is no longer needed.
- For Example: I had one client that required approval from a business user before building, after testing, and before implementing a new enhancement. The business user was also involved in testing, and provided no input to the production implementation review. Due to this, we were able to reduce them to a single approval before build. Not only did this speed up their time to delivery, but it also maintained their level of oversight.
- Reuse: Your organization should be able to execute these processes easily and consistently. In a perfect world there would be no exceptions. Many organizations allow these exceptions to become the rule. A better approach is to have a procedure that will consistently document these exceptions so your process can stay intact. This could include additional oversight, reviews, or approvals to contend with audits or compliance.
- For Example: I worked with one client who had multiple Network Firewall changes outside of their maintenance window, but did not qualify the changes as emergencies. To assist with this issue, I expanded their process to require additional justification as well as approval from the Director of Network Infrastructure. Now these changes have the correct approvals, and are properly documented.
- Recycle: Perhaps the most important component, schedule a periodic review of your processes. The interval for this review should be proportionate to the business criticality of each process. High impact processes could be reviewed once a quarter, while low impact processes might be reviewed once every year. Whenever possible, try to align external audits with your internal business process reviews. Putting two sets of eyes on your process at the same time might bring to light new ways to refine it.
- For Example: The business processes that handles changes to your organization’s ERP system should probably be reviewed at least twice a year, or up to once a quarter if financial information is driven through the system. On the other hand, Employee Onboarding or Asset Refresh can make it through a whole year before performing a review, as they seldom change and are less likely to expose the business to risk.
With every iteration you will see the maturation of the process. There will be some reviews where no changes will be made and this is perfectly acceptable. Having scheduled reviews ensures needed changes can be documented and implemented in a timely manner. This will keep the auditors at bay and help reduce the time your staff will need to spend on an audit.
Lastly, you should only change your processes to fit your current toolset where it makes sense. These changes should never introduce more risk, or reduce value to the business. Always work to improve and mature your processes. If you have a great tool, it should be easy to adapt it to your innovations.
For those of you who are wondering, while I have spent the occasional hour or two at the driving range, my business processes are still in much better shape than my golf game!