Dear readers
Too much focus on operational issues
Last week I had a meeting with a client to inform them that there were some weaknesses in their IT systems and to discuss with them the way forward – i.e. how to fix these vulnerabilities. The weak points discovered were quite serious – with the potential risks of unauthorized access to and payment transactions on these systems. Unauthorized transactions would constitute fraud, i.e. illegal payments, and, eventually, profit erosion. [Note: Please be patient with me, this blog post is not about IT systems; I only use it as an example to discuss certain business planning and profit protection principles.]
More importantly, we discussed the reasons for these control weaknesses. The most apparent causes were easy to identify – certain settings and security settings were not disabled or enabled. However, the most important causes were not so evident…
The lack of security awareness among employees and IT personnel, the lack of proper and continuous training of IT personnel/knowledge transfer between IT personnel members as well as the lack of documented policies, procedures and standards were some of the less obvious BUT more important causes…
Yet, we also discussed something even more important. There was an underlying reason for this lack of controls… namely the total focus of Management on operational issues/tasks at the expense of planning in general as well as risk management planning. What do I mean by this statement?
I think as entrepreneur and business owner you know the feeling – we live in a world today where there is little time for planning. Nor is planning considered a valuable exercise. Even as entrepreneurs we are caught up in a rat race, with only one thing on our minds… to serve our clients with our services or products as fast as we can. In other words, we need to keep the shop open and running at all cost (i.e. we focus on operational tasks only). Unfortunately, it takes up ALL OUR TIME. There is, normally, little time for anything else (e.g. to identify risks; profit erosion leakages etc.).
This reminds me of a poster I have seen years ago. The man on the poster caught my attention. Obviously an entrepreneur. He was wearing a suit, with a briefcase in one hand and a mobile phone in the other. He was running on a racetrack, like an athlete.
Picture the scene for yourself. A man in a suit, running on a racetrack like an athlete, with no time to stand still and finish his conversation over the phone. He is doing at least three things simultaneously… chasing the objective, whatever it might be, carrying his briefcase (representing the fact that he is working at something) and talking business over the phone… (See our cartoon Too busy for business planning)
I think the majority of entrepreneurs act like that man on the poster. Caught up in the rat race; with time an extremely scarce resource…
“I do not have the time for this” is the most common excuse not to perform planning.
Let alone profit protection planning (risk management planning)! See our cartoon on the Ignorant Business Owner.
In my client’s case, they just didn’t dedicate time and human resources to address potential risks associated with their IT systems – e.g. to identify potential risks, to educate the personnel and to create security awareness among personnel. As a matter of fact, just to keep the operational systems up and running is a major challenge. Unfortunately for them, major weaknesses still exist in their operational systems, waiting for unscrupulous employees or outsiders to exploit them…
It is ironical – the drive to place total focus on operational issues (i.e. to keep conducting business 24×7 in order to make a profit every day), eventually allowed for (created) ways to erode the profit generated from day-to-day operations…
The discussion went on and we talked about possible champions to drive risk management planning in the company. I mentioned a name but immediately corrected myself by indicating to the client that this person might be “dictator”. To my surprise (and I am actually ashamed!), the client told me that “if we had this attitude in a dynamite factory, we would have been dead a long time ago…”
Oops, a reminder (from a client!) why I encourage entrepreneurs to address and include their business risks (i.e. the pitfalls) in their business plans too! Actually, the dynamite parable is one of the best parables I have ever heard! If this were a dynamite factory…
Business like designing a fun ride?
I think the closest I ever came to the “dynamite factory” parable was with my discussion of business planning essentials in my book Survival Kit for Small and Medium Businesses – Profit from your Business Risks! Here is an extract from Chapter 2:
I am standing in a very long queue, waiting my turn to get into the seat of a fun ride. I will buckle up and face risks at an extremely high speed whilst enormous gravitational powers are at work. I am watching, intensely… in the blink of an eye the monster is in the loop and out again, throwing its victims from left to right, from top to bottom, then from bottom to top. The queue is moving forward…
“Exactly how safe is this…?” the thought crosses my mind. “I haven’t crossed the point of no-return… I can still turn back…”
Have you ever had the same doubts?
Exactly how safe are these fun rides?
Well, of one thing I am certain.
The engineers, who design and build these fun rides, DO NOT TREAT THE INHERENT RISKS ASSOCIATED WITH IT, AS AN AFTERTHOUGHT! (See our cartoon on Business Planning)
They try to pinpoint all the things that can go wrong. They identify and assess all possible types of accidents (threats), weak points (vulnerabilities) in the machinery and consequences (the effects of accidents). They try to minimize the possible occurrence and impact of accidents by identifying counter and protection solutions (controls). They do it by performing risk and control planning.
Because these engineers are working for profit-oriented organizations, they, in effect, perform profit protection planning – realizing that low-quality (unsafe) fun rides would not sell, would expose them to legal actions, and would result in a loss of money, income, and potential income.
Therefore, a great deal of PLANNING goes into the manufacturing of these fun rides!
Their PLANNING makes the difference between safe or unsafe rides!
Would you be dead?
My point? Almost every day I am astonished by the fact that entrepreneurs can create businesses left, right and center WITHOUT giving much thought to the pitfalls involved. The focus is totally on the operational issues – how to create the service/product, deliver the service/product and keep doing it over and over again. Unfortunately, by ignoring the risks involved in a business venture, an entrepreneur allows an invisible enemy to eat his/her profits like a hungry bear…
So, my question to every entrepreneur is straightforward: “If your business were a dynamite factory, would you have been dead by now?”
If you have any questions, you are welcome to contact us at blog@business-around-the-globe.com
Warm regards
Michiel Jonker, CISA
Tags: bankrupt, Business Planning, business plans, entrepreneur, operational tasks, out of business, pitfalls, profit erosion, risk
Website Trackback Link…
[...]the time to read or visit the content or sites we have linked to below the[...]…