Month: January 2009

Future AAS

Cloud computing is in the horizon. The topic has come to architects and strategist for a consideration and discussion.  It is not in the research paper any more. It is viable to any enterprise as a technological innovative solution  for cost efficiency, speed and agility.

At this time, I should say, all the enterprise architects, strategist and IT leaders are familiar with SaaS model. Salesforce.com is a prime example of a successful SaaS model and the trust index for this business model has transformed to trust worthy due to its success.

A successful business model is always twicked and fine tuned for an another business model in a different market segment. Saas is not an exception. SaaS concept has been extropolated to other areas and there are quite a few “Aas” prolifirated so far. Here are the few..

  • Infrastructure As a Service (IaaS)
  • Platform as a Service (Paas)
  • Database as a Service (Daas)
  • STorage as a service (STaas)
  • E-mail as a Service (EaaS)
  • Desktop as a Service (DEaas)
  • ERP as a service (ERaaS)

and this list is expected to grow. IaaS and Paas sounds the same but there is a subtle difference between IaaS and PaaS. PaaS provides a platform with a set of APIs to develop applications. GoogleApp engine is a prime example of PaaS whereas Iaas provides a stack of hardware infrastructre like servers, database, network, web server, application server and etc.

Amazon is a leader in the cloud computing space. No surprise that Amazon made lots of money in the tough economy but also they projected better outlook in future. Amazon stock would become like apple or google stock.

Management in business – Not a precision engineering

I observed few management team members  got into the trap of making management in business, a precision engineering.  Philosophically, I completely differ that management in business can’t be precise in a corporate environment. Due to office dynamics, politics, internal and external uncertainties, management in business is all about approximation but not perfection.

In most of the cases, the practical approach should be : “THINK BIG, START SMALL, RUN FAST”

Technically, management in business can be precise but it’s very expensive. I had read few dynamic programming papers published from Nasa on how the project schedule conflicts are resolved using various optimization theories. Those techniques were published as a research paper. While management in launching a rocket to outer space business need precision engineering but, for instance, when you create a draft project charter, you do not.  Corporation should not be spending their time to make it perfect when they you are dealing with uncertainities. I understand, plan is nothing but planning is everything. But when a project lacks clarity on its scope, don’t spend  time on planning but use it wisely to improve the clarity of the project.

IT Vendor Risk Management

IT vendor risk management is a component of over all IT risk management. In my previous blog on over all IT risk management, there is a comment from pmhut  to expand each component of the IT risk management.  Let me expand my thoughts on IT vendor risk management and provide a framework to develop the IT vendor risk management.

Steps to develop a IT vendor risk management plan:

  1. Develop a consolidated list of all IT vendors
  2. Categorize the vendors broadly
  3. Prioritize the vendors in each category based on the type of business you are in. For instance, if IT supports retail business, the Point of Sale is key functioin and the vendors supporting that line of business is very critical to the day to day operation. It will have top most priority than any other vendors.)
  4. Identify the potential risk of the vendors
  5. Analyze the potential risk of the vendors
  6. Develop residual risk matrix
  7. Monitor the residual risk matrix and repeat from step 4.
  8. Report the residual risk matrix to CIO office periodically.

Step I: Develop a consolidated list of all IT vendors

Get a IT vendor list from corporate purchase/procurement department. Make sure the following information are available

  • Account representative contact information – Office Phone, cell phone, snail address, email address
  • Investor contact information – Depends on the type of the company – corporate, partnership, properitary and etc
  • Client list

Step II: Categorize the vendors

Types of vendor involved in a typical IT organization.

  • Sourcing provider
    • Alliance provider (like out sourcing provider)
    • Human resource provider for in sourcing. It is generally for time and material model for 6 months to 1 year engagement
    • Consultant provider for insourcing. It is generally for time and material model for a specialized role for a very short time.
  • Software provider
    • Enterprise software system provider (like SAP, Peoplesoft, Fidelity and etc). Enterprise software system depends on the type of business.
    • Office software (like MS Office,and etc)
    • Specialized software provider  (for instance, in the financial industry, quantum is a specialized treasury software provided)
  • Service provider
    • Infrastructure service provider (in most cases, it includes all the system software like OS, database and etc)
    • Research consulting service provider (market research and etc – like gartner.com, executiveboard.com)
    • Specialized service provider (depends on type of business – credit score card development provider and etc)

Step III: Prioritize the vendors

Prioritize the vendors based on their dependencies to the core IT operation. It depends on the business you are in. If there is alliance provider to performing lights on support to an IT organization, then that provider play a vital role in IT operation. For an instance, if it is financial administration company (like financial out sourcing) then their enterprise application like SAP financial plays a major role to perform their core operation. 

 Lately, almost all organization utilizes the outsourcing company to provide lights on service to the core IT operation.

Step IV: Identify the potential risk of the vendors

Sourcing provider (includes alliance and out sourcing provider) is taken as an example and the associated risk are identified. The similar steps can be taken for other types of vendors.

Service level risk

Measure the performance of the provider against the objective set in the beginning of the engagement.  In some cases, the sourcing provider is selected to provide partnership or alliance to improve innovation or business consultation or value creation and few other cases, the provider is selected to provide the on going lights on support. In my example, I will assume the provider is selected to provide the on going lights on support. The typical performance measure for the lights on support are given below:

  • Service quality
  • Service delivery time
  • Missed service level
  • Response time
  • Resolution time
  • Problem repeatability rate

For an outsourcing engagements after the due diligence and contract and terms & conditions are agreed by all parties, there are two major phases. Transition phase and stabilization phases. The sample performance measure listed above will be used for the risk identification after the stabilization phase.

Receive the trend data for the performance measure and compare against the original agreement with the provider. Develop a variance analysis and repeat the cycle. If there is a negative variance in the measure for a prolonged duration then there is an issue. There is a risk that provider to continue under perform and impact the core IT operation.

Vendor Financial stability risk

I would not have come up with this as one of the potential risk item before Satyam scandal. I would not had  even considered it before the scandal. 

  • Participate in quarterly earning call
  • Study the provider balance sheet
  • Study the probability of liquidation or solvenacy
  • Identify your contribution percentage to the provider’s bottom line
  • Identify their auditors reputation

Vendor strategy risk

Request vendor to provide their corporate strategy and make sure their direction is aligned to your expectation of their service. If provider corporate strategy is to out of service business and sell software products, then organization currently receiving provider’s service need to know that. There is a risk that the provider will not focus on the service in near future and their service quality will deteriorate

Vendor cultural risk

It is a philosophical discussion. It depends on the philosophy you believe in. Few believes, same behavioural partners will lead into the strong longer marriage and few believe the opposite. I have an unpublished paper on “Q-learning algorithm for a quick and better mutal understanding of marital partners in the east Indian arranged marriage culture”. Two years after my arranged marriage (I saw my wife a week before my marriage) I wrote this paper. This paper assumes that both partners have commitment before the marriage that no matter what happens, they are going to make their marriage successful. 

I will leave the vendor cultural risk assessment up to your belief. Whatever your believe, the vendor cultural risk must be assessment.

Vendor Geo-political risk

Majority of the outsourcing players are from India. Geo-political risk for an outsourcing project has been a factor all the time. When it comes the analysis of the risk and probability of occurance, it used to score very low. In the recent past, as mentioned in my previous blog, it is elevated.

Vendor take over risk

In the financial world, when a small fish swims with strong cash gills, the big fish will swallow for good.

The above identified risks are  the major risks I could think of. There are few risks like provider employee retention and etc.. Those risk can be amplified based on type of organization you are in. I heard many times that business knowledge like electronic fund transfer knowledge will be lost if the provider keep losing their employees. In my opinion, those are very insignificant risk because eft can be learned by any programmer very quickly. However there are areas like 3D drafting package development out sourcing. Systems like this needs extensive analytical geomentry mathematical knowledge, programming language knowledge, device drivers knowledge and etc. It is very difficult to get people with all the skills. Mathematicians with extensive computer engineering hands on experience with executive level communication skills.  The initial training for these kind of development would take 8 – 10 months. These are rare cases and I’m not going to expand.

Step V: Risk analysis

All the above identified risk should have:

  • Probabaility of occurance
  • Cost of business impact if the risk becomes an issue
  • Risk treatment
    • Avoidance
    • Reduction
    • Transfer
    • Retention (accept it)
  • A plan for avoidance, redution and transfer risk treatments

Step VI: Residual Risk Matrix

The residual risk matrix is a consolidated vendor risk exposure to the organization.

Step VII: Monitor Residual Risk Matrix

A dedicated team and process to monitor the residual risk matrix of the organization.

Step VIII: Reporting

Report the RRM to the CIO, steering committe and operating committe of vendor management for a proactive informated decisions.

IT Sourcing Risk Management

Risk in general can not be eliminated but it should be managed. The likelihood of geo-political risk and security exchange  risk of any IT sourcing partners located at India was very low three months ago. It is not low any more due to the recent terror attacks at Mumbai and last week financial scandal by the Satyam services and recent world bank backlists Wipro

Terror Attack:

Tension between India and Pakistan has been there for past 45 years and Kashmir is the center piece of the conflict. Three wars were  fought between these nations after their independence.  Yearly, there were thousands of people died on both sides for so many years. Both nations have nuclear weapons tested in last ten years. This is a known fact and the likelihood of any major conflict that would impact the out sourcing business was not ignored  but, before few months ago, the probabability of occurence was assigned as low as zero.

Mumbai terror attack caught many corporate America’s attention because the attack was strategically planned by terrorist  mainly to get corporate America’s attention.  It was executed during the Thanks giving holiday when majority of the American people spend their time with family eating turkey and watching TV (Lions and Dallas cowboys football games). Unlike terror bomb blast attacks, this attack was prolonged for three to four days and constanly the progress of the attack was updated in the television. (Human mind believes what it sees more) The geo-political risk what was considered as low as zero before in selecting the sourcing partner from India has increased significantly after this terror attack. It is not as low as zero from any out sourcing assessment.

Financial Scandal:

Satyam scandal is India’s Enron scandal. What happend after Enron collapse?  There were more regulation introduced, more stringent fedral, SEC policies and resulted in SOX. Does SOX will ensures that Enron similar debacle will never repeat in US again? In my opinion, I do not think so. It created more regulation and audit controls on IT general controls including processes, procedures, policies and etc. It is not guranteed to never repeat the similar corporate collapse, but it will make the corporate executives not easy to make the similar mistakes. Taking the reaction to Enron’s situation into consideration, I speculate, the similar steps will be taken by SEBI (similar to SEC in India) to tigthen the regulation in India.

How this is related to IT sourcing risk? Coincidently, Satyam is one of the top 5 sourcing provider to major clients in US. Had a client in US picked Satyam as their souring partner, they need to go through the motions and cycles to over come the Satyam’s situation which will not help the client in any form or shape to increase their productivity or their bottom line. In some case, if a client depends on Satyam for major core business functions, there are potential risk that their core operation would be interrupted due to this astronomical scandal by a sourcing provider. What happend to Satyam could happen to any sourcing provider or to any company managed by SEBI ? Adding fuel to the fire, world bank back lists Wipro, another major sourcing provider from India.

Based on the sourincg strategy and solution design, the risk management plan of sourcing strategy should consider these recent risks which are made visible to corporate America.

Basic introduction to Gabor Transformation

It is very challenging to use wordpress Latex plugin to write mathematical article in wordpress. It is not impossible but it is very challenging and realized it in my attempt to write the explanation of Schrodinger equation.

Looking for how to apply Gabor transformation/filters in credit risk management. My attempt to explain the basics of Gabor transformation and step wise proof that Gabor functions holds the minimum uncertainty in the joint time frequency domains.  Please click the following link for the details.

I wrote it in a pdf, please CLICK this link

Twitter in enterprise

In last few weeks, there has been increased attention to Twitter micro blogging concept and technology since president elect Barack Obama’s twitter account was hacked along with few other celeberties.  Micro blogging was a dismissed concept in its infancy stage and due to its adaption particularly by the teens  it gained its popularity and benefit visualization was accomplished in a short time span.

Micro blogging is a compontent of web 2.0 and web 2.0 has been seriously considered by enterprises to maximize the benefits.  Vivek Kundra was promoting Twitter in the public office and there are major benefits of micro blogging in the emergency operation.

My views on how Twitter can be applied to an enterprise.

  1. Twitter can be used to communicate the status of various team members tasks in Agile software development methodology.
  2. Twitter can be used to keep the key stakeholder updated on the recent progress in production outages resolution (part of incident management)
  3. Twitter can be used to keep the team members up to date on execution of a major projects when teams are spread across the states, countries and continents
  4. Twitter can be used to understand what employees really LOVE to do. (All HR policies must be applied before enterprise uses this information for its use)

Vivek – New IT Role Model

Vivek Kundra is a new role model  for me and he will be a role model for any ambitous enterprise architects and IT strategiest. For the enterprise architects who enjoys their job to make an impact to organization’s bottom line, Vivek would be one of a good role model to them.  It is encouraging to me that he has been able to push IT innovative solutions to a Government organization by over coming the office  politics,why can’t the Enterprise architects in the corporate America be able to push those kind of innovative, cost effective solutions. It is encouraging!!

I wish good luck to Vivek and inspire more innovative minds  of future economy.