Revenue, cost, and risk.
These are the three goods of business — the three and only three reasons for expending money, effort and attention.
To increase revenue, companies either attract new customers or sell more to the customers it already has. As an alternative, some companies acquire another company to buy its revenue … usually for more than it’s worth.
To cut costs, businesses can eliminate “non-value-adding” activities — those that have no impact on revenue, cost control, or risk management. Or (or, better, and) they can become more effective at the activities they undertake to increase revenue, control costs, and manage risks.
Regrettably, some still follow in the footsteps of Chainsaw Al Dunlop, stupidly and blindly cutting costs in ways that create permanent, and sometimes unrecoverable damage to the business.
That leaves risk. You can reduce the odds (prevent), reduce the damage (mitigate), or shift the costs (insure).
Insurance, though, is expensive … insurers have to make a profit, after all … and since revenue requires risk-taking, companies that place too much emphasis on prevention and mitigation damage their ability to attract and retain customers.
When you lock the gates, you keep customers out along with the riff-raff.
Another angle:
Entrepreneurial start-up companies live on risk. Or, looking through the other end of the telescope, they rely on luck. Why not? In round numbers 70% fail in the first three years anyway. What’s a little more risk here and there?
The problem, of course, is that luck eventually runs out, so as start-ups mature they have to start plugging the holes. Too often, though, as companies grow hole-plugging takes over. “What can go wrong?” and “How can we prevent it?” replace “How will we benefit?” and “How can we leverage it?” as the most important questions executives ask about possible opportunities.
The bigger the company the more this attitude takes over. The reason: With size, executives gain elevation and distance from the actual work of the enterprise. They move out of their entrepreneurial roles of creator and promoter, becoming reviewers and critics instead.
When the questions are what can go wrong and how to prevent it, the answers tend to be controls, controls, and more controls.
Which brings us to the state of the IT industry as of the end of 2009: Too much emphasis on controls; not enough emphasis on opportunity. That’s what passes for “best practice” in IT circles these days: Lock down the desktop because you don’t trust your antimalware technologies (and certainly not your end-users); insist on hard-dollar, provable returns on investment for all projects; implement SOA Governance to regulate the creation of software services.
Some control is, of course, necessary: The more technology you have in place that the company relies on to keep the joint running, the more moving parts you have that can jam up or break. To take just one example: As the number of applications you have in production increases, and as you integrate them better to facilitate a smooth flow of work, the more interfaces you’ll have to keep track of that can break if a developer sneezes, let alone installs code that hasn’t been thoroughly regression tested.
The question is how much control is too much control. Just as requiring overly secure passwords worsens security by ensuring end-users will write them down in easily-found places (such as Post-Its stuck to their monitors), so locked-down desktops ensure end-users will buy iPhones and Droids, melding sensitive corporate data with “there’s an app for that.”
(I-told-you-so department: I did a pretty good job of predicting this with “Why PDAs will be huge – sellers, that is,” which ran in InfoWorld 12/8/1997.)
Not all that many years ago we didn’t have Service Oriented Architecture. We had “web services.” The big philosophical difference between the two is that web services emphasized entrepreneurship and innovation, while SOA, which supplanted it, is strongly oriented toward controls.
The same story applies to The Cloud. Sure there’s hype. Sure there are skeptics. Most of their arguments are about whether it can replace your existing computing infrastructure. It’s the wrong conversation: Replacing your existing infrastructure means a conversion — something companies should not undertake lightly.
What The Cloud provides, for companies with the wit to see it, is opportunity — a way to reduce the cost and risk of trying out service innovations. Focusing on IT’s ability to manage it … to control it … is a great way to make sure only your competitors take advantage of what it has to offer.
Controls are about preventing problems. But preventing everything that might go wrong from going wrong doesn’t result in anything going right.
It results in nothing going anywhere.
🙂 This was at the top of my email, helpfully inserted by our security system:
WARNING: This message is not from a sender on your “Safe Sender” list AND MAY BE AN ATTEMPT TO STEAL YOUR PASSWORD. DO NOT RESPOND. No one (including TTU employees) should ask for your password!
Pingback: SKMurphy » Quotes for Entrepreneurs – December 2009