3-I stands for Involve, Identify, Improve. This document tries to explain how enterprises can manage issues and risk associated to IT services and solutions to help improving enterprise business value.
3-I to manage issues and risks associated to software and IT services
1. - A way to convert criticisms to value added solution
3-I Approach- Managing issues and
risks associated to software and IT
services
S u n d e e p _ m o h a n t y @ y a h o o . c o m
3 / 2 6 / 2 0 1 4
Sundeep Mohanty
3-I stands for Involve, Identify, Improve. This document
tries to explain how enterprises can manage issues and risk
associated to IT services and solutions to help improving
enterprise business value.
2. 3-I Approach
- A way to convert criticisms to value added solution
Technology, technology and more technology, in today’s economy and ever changing technology
landscape the fact is, “technology makes business happen”. Regardless in which industry you work or
what core line of business you have, software’s, services or applications are part of everyday life, it links
your business to the consumer and drives your business. Happy or critical, customers comes from
different backgrounds and everyone differs in their expectation, but it is for sure that in current
globalized market they have more options, they don’t want to compromise in quality, in their
expectation and expressing their satisfaction or displeasure. For today’s customers, suffering or
compromise in their expectation is not an option, they are equipped with a sophisticated tool called
social media which they use to reflect their loyalty for the organizations and for products they like also
don’t hesitate to act as critics if they don’t feel happy or satisfied. With availability of alternate solutions
and almost every now and then appearance of new rivals keeping the businesses in toe and if your
services and applications are frustrating or not keeping the customers engaged then there is someone
happily waiting to lure and accept your customers. In this service driven industry, IT software’s,
services and applications plays the nerve system for the organizations, so the question here is, how to
improve the services, how to be proactive in avoiding situations which will cause damage to your
business operation? To be sustainable in market, organizations are more and more looking for their IT
division to help in assisting in business delivery by providing software and services timely, innovative,
interactive in order to keep the customers engaged and satisfied. With fast changing business process,
people swear by innovation, velocity and expectations are high from the IT department for it to equip
the organization with solutions and software. With this ever changing technology landscape, there is no
straight and easy way to ensure your services and software products are efficient, accurate, value
adding and have engaging capabilities.
3-I approach is one way to make your organization proactive and focusing on improving products and
services by following few basic
approaches- Involve, Identify
and Improve.
Involve: Involvement is one of
the key elements to
understand expectation, also
helps sharing and educating
others about business services
and solutions. Involving
different groups, taking
feedback from others helps
identifying issue or the areas
of improvement and it is more
3. effective when engagement and involvement happens at early stage of services and solution. It helps
reducing risk and helps identify critical touch points which directly or indirectly affect business delivery.
Mostly majority of us will agree that it is necessary to involve and engage key stakeholders, but
sometime we get lost in how and when part of it. Involving others not necessarily just educating or
informing, it is essential to take proactive feedback. Remember proactive feedback collection means
you are open and listening to others and providing better service to make everyone happy and satisfied,
whereas reactive feedback gathering is you acting on complain, someone already raised concern, your
provided service is making someone unhappy and you are too late, now you have to do much more to
bring the confidence back. So it is always better to be proactive in understanding concerns, continuously
taking feedback.
While engaging with customers through social media you need to be very careful. Social media
has potential to help winning consumers/costumer’s confidence, it also has its own risk, if the social
media not handled properly; it will act against your organization, also too much dirty laundry in social
media may fuel risk for the enterprise in future. It is nice to keep the customers engaged and educated
through social media, but don’t try to solve all customers problem through social media, If customers
complains on social media and you need to interact multiple times with the customers and need
necessary credentials from consumers, then try to provide positive response in social media and in the
meantime try to reach out to customer via email or phone to make the customer comfortable and to
assure to the customer that you and your organization really care for the customers. You may consider
directing consumer from social media sites to your organizations site, for example: secure chatting
through organizations website or interactive feedback collection through organizations website.
In addition, it is advisable for the IT division of your organization to keep interacting with customer
service and business units to collect proactive feedbacks. It helps in two ways, customer service and
business units will feel confidence and comfortable when they will see IT division is backing them and
providing them all necessary tools and supports for them to support customers. Second, it will
encourage customer service and business units to proactively provide their feedbacks, observations or
the areas which they feel need improvement and it will help reducing internal complains and internal
criticism to cooperative and proactive approach in addressing issues. In order to make this happen, it is
necessary to create an automated process to collect feedback and if necessary provide necessary
training and education to the customer service units and/or business units.
Identify: After gathering feedbacks and understanding concerns, first it is necessary to solve the issue as
soon as possible to avoid impacting the business, it may be by fixing data, or by rebooting servers or by
flushing connections, etc. but at the same time it is highly essential to identify root cause of the issues,
ensure proper risk analysis happened and create proper impact analysis and risk mitigation strategy in
order to fix the issue from the root. In most cases it is observed that same type of issues surfaces
repeatedly and in ticketing systems 3 to 4 issues are responsible for 60% to 70% of customers
complain. In some cases developers fix the issue by changing the data directly in database or by using
some admin GUI interface, here I am not saying it is wrong approach considering the business impact,
but it is necessary to find out what caused the data to be inconsistence. The other common major issue
are performance, maintaining 24/7 system uptime and inconsistence presentation. Though
4. improvement is continues and is part of service/software life cycle, it is essential to collect feedback
proactively, when solving any issue try to create proper document to ensure it captures the issue, the
root cause and what action taken to fix or mitigate the issue. Remember if any issue is associated with
security risk and/or compliance avoid compromising with it and don’t try “just work around” fix,
accidents not happens every day, but when it happens, it risks the life, similarly don’t assume that for
last 5 years or 10 years nothing happen and in future nothing will happen, this is the big miss
assumption, along with technology advancement, in current days, data and compliance risks are also
bigger, so be careful in fixing security and compliance issues without identifying the root cause of the
issue.
Improve: Wait, don’t jump to implementing a fix or solution, through it is important to fix issues with
proper solutions, but fixing issues, testing, communicating, making the fix production ready require
resources and also cost associated to these activities. First, it is necessary to understand risk of the
issue-For example, if it is not fixed within certain timeframe or if not fixed at all then how it is going to
impact. Compare the risk associated to the issue with enterprise risk appetite and risk tolerance
benchmarks. If the risk is acceptable or falls under the category of enterprise risk appetite, or
considered as low impacting risk, then evaluate options for risk avoidance or risk reduction options.
Mark and accept the risk only if it falls under enterprise’s risk appetite and under the matrix of
enterprise risk tolerance. If it is necessary to fix the issue, then prioritize the issues and based on priority
fix the issue. If in your organization you have separate teams for development and production support,
and issues to be fixed by support team, ensure support team properly understand standards and
frameworks and following same enterprise practices and principles followed by development team.
When any issue fixed or alternate approach identified, it is always advisable to do proper unit testing,
functional testing and/or if permissible integration testing, also if possible better to scope performance
and stress test. In any case, it is recommended to maintain issue log along with detail on risks associated
with the issue and what action taken on issue.
If your organization maintaining issue and/or risk audit, then it is always recommended to evaluate and
analyze the issue and risk logs periodically. With evaluation of new technology almost every day,
organizations are opening up them as fast as possible to new technologies to take advantage of it, also
in current days enterprises are opening up them for shared environment or cloud environment to take
the organization to future along with adding more flexibility to the resources, it is necessary to evaluate
enterprise risk appetite, tolerance criteria along with compliance related policies periodically. Last but
not the list, most of the time service, application or software related issues are associated to business
risk, if organizations focuses on building enterprise level risk awareness culture, then it will help various
departments, business units and IT division to come along for common purpose to keep the organization
risk free, this will help improving communication, help increasing feedback gathering and positive
contribution from all the employees and help providing better IT and business services to business
consumers.
5. Note: This document is just a white paper, represents my opinion based on my understanding and
experience. I will suggest you to do your homework while evaluating this document. Remember, every
organization is different, operates and does business differently. There is no single solution for all the
problems. Enterprise IT maturity, enterprise structure, and types of solutions or services it offers, who are
the customers or consumer for the enterprise also plays crucial roles in determining how any particular
organization going to implement and/or adopt issue and risk mitigation strategy.