We seem to have forgotten that the development of Enterprise Resource Planning (ERP) was more a response to regulatory pressure than a child of technical innovation. This is why many executives and board members are unsure why their firm needs an ERP (and the massive investment implied), as ERP’s primary purpose was to improve governance (and, consequently, reduced operational risk and cost) rather than to provide the firm with some new value-creating capability.
Just prior to ERP, a confluence of technical and non-technical factors had created a situation where a firm’s executives and board had little idea of the goings on beneath them. Important details were buried in spreadsheets, squirrelled away on desktop PCs, with only summary reports passed to the general ledger and data warehouses.
Without the compliance guide rails provided by Finance and IT it’s easy for lines of business to go astray. Not long after spreadsheet use became widespread, it was clear that the information in the general ledger which the executive and board were relying on to direct the company could not be trusted. While the firm appeared to be making money, how this profit was being generated was less certain. Nor was it clear what operational risks a firm might be implicitly accepting, unable to manage them.
At which point the regulator stepped in demanding improvements in governance and operations. Industry’s response was ERP: an integrated set of business processes that synchronise (in real time) departmental solutions with the general ledger, supported (and enforced) by information technology.
We seem to be approaching a similar situation with digital. Firms are finding that important details are buried in SaaS and online solutions outside the purview of the Finance or IT departments and which are only loosely integrated to core systems, and their systems of records are, well, no longer ‘systems of record’.
This state of affairs could be accidental. The business wants to do the right thing but finds it difficult to know what the right thing to do is. They’re operating in a complex and rapidly changing business environment with demanding customers, many (previously core) functions are outsourced to specialist partners and suppliers, and they don’t have complete visibility into everything that is done on their behalf. It’s also an environment where regulators are constantly tweaking the rules to try and shape firm behavior, making a firm’s ability to absorb constant regulatory change a skill in and of itself.
Less ethical groups see this disconnect between the general ledger and lines of business as an opportunity to shape the story reaching head office. Cosmetic accounting techniques might be used to temporarily remove liabilities from a balance sheet, or to inflate revenue or market capitalisation by, for example, abusing special-purpose entities via techniques such as round-tripping (where an unused asset is sold with the understanding that same or similar assets will be bought back at the same or a similar price), all hidden under the veil of a summary report periodically passed between the department and the general ledger. These are the types of behaviours that brought Enron and Lehman Brothers down.
The information silos of departmental computing, the paradigm before today’s ERP-enabled enterprise computing, drove business efficiency by enabling firms to manage larger volumes of data. LEO (the Lyon’s Electronic Office), an example of an early (and possibly the first) general-purpose business computer in the world, elaborated orders phoned into head office by Lyon’s tea shops every afternoon, calculating production requirements, assembly instructions, delivery schedules, invoices, costings, and management reports. These departmental applications, however, didn’t enable managers to find or exploit opportunities between departmental silos.
Spreadsheets and desktop PCs changed this. A desktop PC on a line manager’s desk enabled the manager to download data from multiple departmental applications and smash the data together in a spreadsheet. The resulting insights enabled production to be streamlined, or identified opportunities for new products and services, reducing costs and creating new value for the firm. Success begets success, and more data was downloaded and spreadsheets created. Soon these spreadsheets became integral parts of business processes and morphed into operational tools, outside the purview of the departmental applications that drove the firm’s compliance and reporting processes. Often the only connection between these new business processes and the general ledger was a summary report uploaded periodically.
The solution, then, was to integrate these cross-department spreadsheets, and the new business processes they enabled, into the firm’s departmental applications. The result is what we know today as ERP.
Something similar is happening with ‘digital’.
Cloud and SaaS solutions’ low barriers to adoption, and a customer empowered to demand what they want at the price they want from a global pool of suppliers, is driving line of business managers to go outside the enterprise to meet their needs. It’s not that the required business processes don’t exist; it just takes too long to modify the business processes to support new products, supply chains, suppliers and partners. Managers find it easier to put a credit card into a SaaS solution than wait for the IT department to respond with a plan, cost and timeline.
Departments are building entire value chains outside the purview of Finance and IT, as they believe that this is the only way that they can effectively respond to market opportunities and threats. Often the only connection to the general ledger is a summary spreadsheet, capturing details from cloud solutions, uploaded every few weeks or so. While the firm might be making money, it’s not clear to the executive or board just how this money is being made. Nor the risks this creates. We’ve been here before.
If the regulators don’t see this as a problem today, they soon will, as there is clearly a risk that good actors will unintentionally do the wrong thing, and for bad actors to intentionally do the wrong thing. There’s also the emerging problem of third parties hiding in the shadows using your legitimate business to wash funds (just as Amazon and Airbnb have become a target for money launderers). Operational risk is escalating as firms transform themselves from asset managers into integrators of services and information. The networked environment firms these firms inhabit creates unique challenges, has all the asymmetrical risks of an online environment, and the lack of visibility is compounding associated risks.
The problem digital is creating is clearly similar in effect to that the one created by the introduction of spreadsheets and the desktop PC. The cause, however, is different. Rather than creating new business processes that span existing (departmental) ones, digital is resulting in duplicated business processes that run in parallel and which support particular products or initiatives within the firm. They are also combining internal and external services, reducing the control a firm has on the end-to-end process.
These processes are intended to be short lived, thrown together quickly and torn down just as quickly. A process might be required, for example, to support a new supply chain for a burger of the month, thrown up at the start of the month to bring in new suppliers and partners, and torn down at the end. The duplicated processes are to support short-lived business exceptions, not to span business silos.
It’s assumed that more precise and tightly defined processes, backed by teams focused on maintaining and updating these processes to make them ‘agile’, will bring the firm back into compliance. This is not working though.
So while the problem digital is creating is similar to that due to spreadsheets, the cause if different and consequently our solution must also be different. Indeed, one might see business processes as part of the problem rather than as part of the solution.