#BFM2013: Knowledge-based organizational change

BFM2013
Knowledge-based organizational change

Roberto Lofaro

Copyright © 2003-2005, 2013 Roberto Lofaro, aleph123int@gmail.com
All rights reserved.
ISBN: 1493581074
ISBN-13: 978-1493581078

“In general, commanding a large number is like commanding a few. It is a question of dividing up
the numbers. Fighting with a large number is like fighting with a few. It is a question of
configuration and designation”1

Divide et impera has had an universal appeal since humanity tried to create
complex organizations.
In our XXI century, complexity is not simply related to structural issues,
but also to the flexibility (somebody would say instability) associated with
an endless and unforeseeable number of communication channels.
Coping with complexity isn’t enough: you need to breed a culture that is
built on prioritization about your own “core” values, or otherwise you will
waste endless resources to play “catch up”, moving from crisis to crisis.
Therefore, being able to see your company as a forest composed of trees,
instead of focusing on each tree individually, is a first step toward a
proactive management of complexity.
Your knowledge (and how you configure and designate it) is your key asset,
and what really differentiates your company from your competitors.
Know where you are, what you stand for, and choosing where to go will
become based on a longer-term perspective.
Quoting again Sun Tzu:
“Thus is said that one who knows the enemy and knows himself will not be
endangered in a hundred engagements.
One who does not know the enemy but knows himself will sometimes be victorious,
sometimes meet with defeat.
One who knows neither the enemy nor himself will invariably be defeated in every
engagement.“2

1

Sun Tzu, “Art of War”, Sawyer edition, 1994 Westview Press, page 187

2

Ibidem, page 179

PROLOGUE
Why this book? Because between 2003 and 2005, as part of a programme to
return to Italy, I started publishing an online magazine that had over 800
subscribers (mostly senior managers) from more than 500 companies.
The publication of the magazine was halted when I understood that, having
lived abroad since 1998 and worked with foreign companies since 1986, I
was too “foreigner”.
So, in 2005 I started a resettlement and repositioning programme, aiming to
settle in Brussels (by invitation)- but to phase out existing business
relationships in a responsible way took up to spring 2008.
Despite valiant efforts to become local, it took only from spring 2008 to fall
2008 to understand that I had to scale down my expectations, and therefore
simply decided to move online everything that didn’t find buyers locally.
Aim: to have others re-use what I could not use (never waste experience),
and keep skills alive (for future uses).
As resettling in Brussels as an employee did not work, despite passing a
Dutch language exam, I had to start (again) a repositioning programme.
This book is part of that “Plan B”, which included a first book published
on Amazon in January 2013, to design and test publishing processes3.
Few more books will be published in 2014, always on change management.
This book, updating on the 2003-2005 material, is offered as a free eBook
to more than 3,000 online contacts (former subscribers and others).

3

#BerlinDiaries, the process and marketing history is described on Slideshare:
http://www.slideshare.net/robertolofaro/berlin-diaries20130917marketingpresentationandsample

ACKNOWLEDGEMENTS & RATIONALE
This book is an extensively edited and updated reprint of what I posted
online between 2003 and 2005, as part of an online magazine.
Since 2008, online articles published on http://robertolofaro.com/blog
covered a variety of subjects, from the perspective of a change (cultural,
organizational, technological) consultant with experience also in politics.
Writing this book, and the articles between 2003 and 2005, would not have
been possible if it weren’t for opportunities that I have been given since the
early 1980s to share knowledge, deliver conferences, and work with people
(notably senior managers while I was in my early 20s).
I certainly invested a significant amount of time to continuously improve
my knowledge and skills, but that would have produced no significant
results if it weren’t for the foresight, patience, and willingness to coach of
countless senior managers that I met across Europe.
Being able to work in a different industry each day was a significant
challenge and opportunity that I was offered in Italy by business units of
Andersen Consulting, in the late 1980s.
I have to be equally grateful to other managers (my CEO in Italy and the
Paris-based Marketing Director, from Lebanon) of CGI, as well as fellow
consultants and customers that I met while working for my longest-running
customer, Cedacrinord, whose CEO offered me the opportunity to change
their way of working and thinking in December 1992- and continued until
2006 to provide new challenges, pivotal in being able to deliver activities in
other countries and industries between mid-1990s and 2013.
Therefore, sharing the eBook version of this book on Slideshare is an
appropriate “thank you” note- but you are obviously invited to buy the
paper version on Amazon (in that case, the Kindle edition is free).
By design, as it is process-oriented, this book lacks an index (but contains
an extensive table of contents).

CONTENTS
Prologue .................................................................................................................. iv
Acknowledgements & Rationale .......................................................................... v
Contents .................................................................................................................. vi
1. Introduction....................................................................................................... 11
Genesis of an e-zine ...................................................................................... 12
Positioning and defining the “format” ...........................................13
Content provisioning and management ................................................. 14
E-marketing on a shoestring before Facebook .................................... 15
Reaching the audience ................................................................................ 16
2. Improving the use and control ...................................................................... 17
Knowledge management vs. knowledge retention ..................................... 18
Introducing knowledge retention .................................................................. 19
ISO9000 and knowledge management ......................................................... 20
Public and knowledge production ................................................................. 21
Knowledge snippets and traceability ............................................................. 22
Downsizing and knowledge configuration................................................... 24
Knowledge Configuration Management & Knowledge Costing.............. 25

Knowledge management and participation.................................................. 26
Knowledge and embedded security............................................................... 27
Guidelines for action ....................................................................................... 29
Timeframe for delivery .................................................................................... 31
Closing................................................................................................................ 32
3. Strategic Outsourcing....................................................................................... 33
Outsourcing as a magic wand ......................................................................... 34
What is outsourcing ......................................................................................... 36
Controlling the process ................................................................................... 38
Framing vs. frameworking .............................................................................. 41
The content of outsourcing ............................................................................ 44
Consequences of outsourcing ........................................................................ 46
Strategy and outsourcing ................................................................................. 48
Outsourcing and “internal outsourcing” ...................................................... 52
Strategic outsourcing........................................................................................ 54
Costing outsourcing ......................................................................................... 57
Outsourcing contracts ..................................................................................... 61
Managing outsourcing ..................................................................................... 64
Conclusions ....................................................................................................... 66

4. Business Continuity Governance ................................................................... 67
A knowledge-based definition ........................................................................ 68
Business Continuity as a project .................................................................... 69
Business Continuity vs. crisis management .................................................. 70
Coping with uncertainty .................................................................................. 71
Managing expectations .................................................................................... 74
Perception and reality ...................................................................................... 75
Self-protection and threshold levels .............................................................. 77
Raising awareness and “controlled crises” ................................................... 78
Systemic approach to Business Continuity and Risk .................................. 79
Cultural approach to Business Continuity.................................................... 80
Setting priorities ................................................................................................ 81
Business continuity and Outsourcing ........................................................... 82
Business Continuity Management ................................................................. 83
Continuous improvement ............................................................................... 86
Dynamic Corporate Governance................................................................... 88
From BCManagement to BCGovernance.................................................... 90
Introducing BCGovernance ........................................................................... 91
Conclusions ....................................................................................................... 92

5. Business Perspective on E-Government ..................................................... 93
Introduction ...................................................................................................... 94
E-government in perspective ......................................................................... 95
Why e-government........................................................................................... 98
Defining e-government ................................................................................. 100
The economics of e-government ................................................................. 102
Past forecasts, current realities ..................................................................... 103
The hidden costs of e-government.............................................................. 105
Converging transparency initiatives............................................................. 106
Business side-effects ...................................................................................... 107
Costing e-government ................................................................................... 108
Deploying e-government in your organization.......................................... 111
Increasing e-government benefits................................................................ 113
Conclusions ..................................................................................................... 114

BFM2013: Knowledge-based organizational change

1. INTRODUCTION
The book that you are about to read has a story probably as useful as
what you will read in the next few chapters.
What you will find in the next chapters is a revised collection of an ezine on cultural/organizational change and knowledge management
that was published online between 2003 and 20054, and whose
readership included over 800 managers from more than 500
companies.
Along with this collection, a completely new book, again focused on
change, will be available on Amazon in 2014, along with a new
version of the website and community.
The next sections of this chapter will share the case history of the
repositioning programme started in 2003 and halted in 2005, of
which the magazine and the associated research & marketing
campaign were just one work-stream, hoping this introduction will
inspire your own knowledge-sharing and “positioning” activities5.

4 http://www.businessfitnessmagazine.com
5 Comments, etc: http://www.linkedin.com/in/robertolofaro
11

http://www.linkedin.com/in/robertolofaro

Genesis of an e-zine
The e-zine was called “Business Fitness Magazine”, as the content
was “licensed” for free to my own company6, based in UK, that I had
set up in 1998 to support customers around Europe.
What was the aim of the magazine? To reach a larger audience for my
services on cultural, organizational, and technical change, while
supporting my relocation back to Italy, as after five years abroad
working in few European countries I had few new opportunities to
share my business experience with Italian partners and customers.
When you plan an online publication, you have to assess the
resources needed to keep up with your own schedule7- in business
communication, inconsistency isn't a virtue.
Nonetheless, knowing “how often” you are able to communicate
(something that could be altered by adding more resources) still
leaves to be defined “what” you are going to write about, and “who”
is going to be your audience8
But in this case, I had also to think about how to evolve it.
And how can you evolve something if you haven't yet defined its
audience, and seen how what you are already offering is perceived?
It seems a “catch-22”, but it is much simpler: you need a “pilot
group” of readers that will get access to a “pilot issue”, enabling you
to both tune your material and have already something online before
you start looking to increase your audience and readership.

6 Business Fitness Consulting International Ltd, now closed
7 See, in Italian but with links to the English version,
http://www.dirittodivoto.com/index.php/strumenti
8 Refer to the articles listed under note 3.
12


Positioning and defining the “format”
The first step was obviously to identify a “target audience”, in my
case by using the experience and data obtained by previous “lead
generation” and market assessment activities.
Along with the obvious “domain experts” (e.g. organizational
development directors, knowledge managers, ICT managers, anybody
involved in IPR), also those who could influence their activities (i.e.
direct or indirect stakeholders) were to be included within the target,
as the e-zine wasn't just a vanity publication.
The idea was to produce something that, eventually on a quarterly
basis, would share experience (through case studies and lessons
learned) and inspire action, not necessarily through my or my
partners' involvement.
White papers are fine, marketing-through-newsletters is fine: but
neither was my purpose.
The first use of the magazine was to share with customers some
articles, to be read before brainstorming sessions, as a quick way to
give ideas and inspire doubts without challenging directly their own
perceptions of their own environment: change begins with an
assessment of where you really are.
Then, as discussed in the next few sections in this chapter, the real
marketing and “reach the audience” campaign started.
But even before the first issue was completed, a publication schedule
covering one year had been prepared, along with a “format” and an
online publishing framework that enabled to have an online
publication that could be read also with the slowest connection you
could think about.

13


Content provisioning and management
Talking about content: also if you assume, as I did with Business
Fitness Magazine, that you can produce each issue independently, it
will eventually make sense to have contributors, or even to hire staff
producing material based on your own “style” and “content
branding”.
Across my career (actually, also while in High School), I had some
“ghost writing” activities- in business on behalf of senior managers or
board-level executives, and my role in each one of those cases was
first to collect samples and profile who I was writing for, to ensure
the production of consistent material.
If you “ghost write” once in a while or just once for somebody, it
makes sense to do this in the same way.
But if you want to do something more structured, e.g. to ensure that
enough material is always available, it is better to build your own
“format”- i.e. the “how”, “what”, etc. of your content, to ensure
consistency, along with guidelines on how to produce new content.
In my essay-oriented blog9, or even the articles on structuring your
content that I referred to in a previous section10, I kept referring to
three sources that could inspire your own “format” definition:
- Bernays’ “Propaganda” (available for free online)
- the movie “Thank you for smoking”
- last but not least, Roddenberry's “The Making of Star Trek”
The common thread between the three? They describe how to apply
whatever “format” that you will find suitable (and any mix of
channels) to your communication.

9 http://www.robertolofaro.com/blog
10 http://www.dirittodivoto.com/index.php/strumenti
14


E-marketing on a shoestring before Facebook
Since mid-2000s Google became part of the toolset of anybody trying
to market anything- and not just necessarily online.
In the early 2000s, it was more touch-and-go (I registered my first
Internet domain, prconsulting.com, in 1997, but it was online as a
website much earlier, hosted on other websites).
Anyway, that e-marketing campaign was based on lead generation
and “market size identification” activities first delivered in late 1980s
as part of pre-sales.
As the target was senior management, also if, at the time, there would
have been around the tools that are available now, I still believe that
at least a “personal contact” would have been needed.
In this case, the web helped, by providing access to databases and
lists of companies and their key managers.
But instead of a traditional email, or letter, I used a different
approach, that worked well whenever the “target audience” was
holding senior management positions, and expected to be treated
accordingly.
The concept is simple: prepare scripts that will guide through a Q&A
while mimicking a conversation, thanks to a script based on “traffic
lights”, i.e. identifying the level of interest shown by those who are
called.
It is obviously critical to have the right people making the calls, to
ensure that, while not necessarily being experts (it would be too
expensive), they are able to qualify the contact, and provide
information that is consistent with what can be delivered, at a later
stage, by somebody able to answer open questions (a subject matter
expert)

15


Reaching the audience
As the magazine was anyway going to be accessible online through a
website, but only to registered users, the website had to be available,
up-and-running, and with some content in before we started the
campaign to obtain subscribers.
A characteristic of the magazine was that, eventually, it became more
than a positioning tool for consulting services, as other partners
joined up, and plans included a multi-party merger in Italy: the UKbased company and the magazine (in English and Italian) were to
become shared resources.
Few rounds of “prospecting”, by industry and by country, where
launched: in a short while, one person working on a list and series of
data-collection forms and scripts was able to confirm over 800
subscribers (mostly senior managers) from more than 500 companies.
If your idea is to create a “layer of services”, starting from a free
newsletter, up to customized and paid services or products, including
the traditional “premium services”, paid publication, etc., this has to
be decided from day 1: converting the same services from unpaid to
paid is never an easy transformation to manage, and comes with
significant “attrition” (i.e. loss of subscribers).
In my case, the magazine reached its audience when… I contacted
them to announce that a new issue was available online (a way to
remember the company and address).
In your case, if you aim for a much larger audience, it might make
sense to study and identify also “outreach” channels, as I did for a
non-profit startup between 2008 and 2010 (it included online
presence, “clubs”, and events).

16


2. IMPROVING THE USE AND CONTROL
This first issue was focused on methods and solutions that could help
in improving the way an organization accumulates knowledge, as a
way to increase control on core processes, while reducing the use of
external experts to where they can add value.
It is a simple statement, but a complex predicament. How do you
convert this concept into something practical, without first dropping
endless amounts of money into “knowledge management”?
Interestingly, some organizations that misused Knowledge
Management tools and methodologies found themselves with an
increased use of external consultancies, used by some organizational
units as a way to circumvent rules that were applied only to internal
knowledge production.
A caveat: what follows is a set of guidelines that could help to define
your own roadmap or even blueprint of a “transformation
programme”, but its feasibility is a function of two key elements: an
understanding of your own corporate culture, and the clearness of
the mandate that will be assigned to those involved- no amount of
resources would deliver sustainable results without both of them.

17


Knowledge management vs. knowledge retention
Knowledge Management is quite often confused with tools and
methodologies related to knowledge management.
Anyway, almost any system works according to the “Garbage InGarbage Out” (GIGO) principle.
GIGO? Usually, any transformation process does not improve the
quality of its inputs- at best, it can minimize the additional
“background noise” introduced by the transformation process.
Any tool that tries to build a general description of activities across
the functional divide assumes a specific reference set of accepted
processes, results, and ways to manage change: we will define this set
of assumptions the “Embedded Corporate Identity” (eCI).
ERP, CRM, and Knowledge Management tools share the same
pitfall: unless you know already where you are, you risk that the tools
will insert into your organization their own “Embedded Corporate
Identity”.
The reality will then be discovered “on-the-job”, and changing both
the tools and your own Corporate Identity will start; few million
dollars, you will discover what happened (at an official ERP
conference sponsored by a supplier, a customer reported that the
overall cost of a botched ERP transition had been on the tune of
more than 40 million EUR).
We suggest that Knowledge Management is introduced once you
have already a working policy for collecting, structuring, distributing,
maintaining knowledge: what we call “Knowledge Retention” (KR)
policy.
Knowledge Management cannot work without Knowledge
Retention, and it is greatly enhanced by the use of tools to manage
the processing of knowledge.

18


Introducing knowledge retention
As a first step, we suggest that you identify what is the current
behaviour in your organization when it comes to knowledge
retention: do not be surprised to find wide differences between
organizational units, or within each organizational unit.
The early XX century “Scientific management” à la Taylor was
originally based on sound knowledge of management practices, to
ease the training of managers without the need to start from the shop
floor and rise up into management, as training was supposed to
replace experience.
Thanks to PCs, the widespread use of computers tools like the
spreadsheet allowed to replace the transfer of “fuzzy” knowledge
(people skills, etc.) with a more structured and quantitative approach,
easing the replication and communication of knowledge.
Or so it seemed.
In reality, the 1990s saw the sharp rise of spreadsheet-toting
consultants, focused on quantifying everything, quite often discarding
the unquantifiable as irrelevant, or coercing reality into a convenient
set of values that allowed classifying everything.
Admittedly, successive generations of quantitative-focused managers
and consultants increasingly drifted away from business common
sense.
While assessing the current status of your “Knowledge Retention
Policies” (KRP), we usually suggest to identify a set of qualitative
parameters and some levels of compliance used to benchmark each
organizational unit.
Using these parameters, a simple “radar” chart will become the basis
for a brainstorming on possible initiatives to improve the status of
each organizational unit.

19


ISO9000 and knowledge management
ISO9000 is just an example of a “standard” that can have significant
impacts on your way of doing business- and therefore it is worth
spending few words about it.
In the 1990s, ISO9000 certification became a “condition sine qua
non”, a cost of staying in the business- as having a telephone.
Eventually, customers practically merged ISO9000 and Knowledge
Management, but while the latter has the purpose of reducing the
cost of increasing, distributing, and updating knowledge, the former
is focused on different premises.
ISO9000 originally simply stated that you were going to be assessed
vs. what you stated that would be your quality level- not vs. some
“common” or “standard” quality level.
Often knowledge producers became the “bottleneck”, as they were
required to produce variants of the same set of information for
different destinations - ISO9000, Knowledge Management, etc.
If your organization has already ISO9000 and Knowledge
Management initiatives in place, we are not suggesting to trash what
you already have: our approach is to find a way to restructure
knowledge so that each item can be reused to be “published” for a
different public.
Public: yet another concept that is quite often discussed along with
Knowledge Management, and quite often distorted into a simple
format conversion.
Tailoring your content to a different public is not just a matter of
changing layout, or graphical format: often, you have to consider also
the different knowledge and experience background of each segment
of your audience.

20


Public and knowledge production
While a technical approach to knowledge management sometimes
could benefit from a “big bang”, this usually produces just a
technological implementation.
But who will maintain the processed knowledge stored inside the
knowledge management system? Certainly not the knowledge
producers, as it will be completely different from the source.
Each document has (or should have) a destination public, i.e. an
intended audience.
If you cannot define the audience, chances are that your document
will not achieve the intended results.
But do you really need to write the same item time and again? The
risk is that your knowledge producers will spend seven hours
reporting in slightly different formats what they spent one hour
doing.
While knowledge production obviously should stay with those who
own the knowledge and are able to make it evolve, knowledge
retention and communication might involve a differentiation of roles
based on your own specific organizational culture and structure.
As an example, consider the differentiation between “knowledge
producers” and “knowledge consumers”: what the former produce
might require somebody belonging to the organization from the latter
and able to “convey the message”.
This is probably already part of your practices, as e.g. you would not
expect to communicate with the CEO as if (s)he were a production
engineer: but data management tools often took over common sensealso if there is an alternative, i.e. to use both tools and common
sense.

21


Knowledge snippets and traceability
Two simple actions could simplify both the interaction with the
“thesaurisation and compliance organizations” (e.g. methodology,
quality assurance, knowledge management) and those charged with
knowledge production: writing “knowledge snippets” along with each
item, and defining “building maps” for the basic documents to be
generated by the knowledge producers.
Traceability is a simple concept, and it is more a matter of common
sense than a completely new concept.
Simply, partition your document into “atomic” (i.e. not further
divisible) items, and whenever producing an update, take note of
which existing item you are updating.
Managing traceability is slightly more complex, but it is built around
this same basic rule.
Not everyone is keen on documenting in a traceable way, or
interested in restructuring documents according to different sets of
requirements.
The knowledge producers should retain control of the knowledge
they originated, as they are the only ones able to update it in a
meaningful way.
Obviously, this implies that the knowledge producers operate
according to your own rules- and this applies both to your own staff
and any external supplier: as you pay, they have to use your
methodology, not their own.
As it will be discussed in a later issue, you can outsource/delegate the
execution, but not the responsibility.
While outsourcing, you focus on the results and not the process: in
that case, the knowledge ownership balance might be altered.

22


If you define clear "roadmaps" to assemble and store knowledge
items, then the thesaurisation is just a by-product of your normal
activities.
Then, the knowledge producers can delegate the actual collection and
formalization to resources focused on those task, usually belonging to
the “thesaurisation and compliance organizations”.
Knowledge producers usually need to get through some trial-anderror before they can identify the proper size of the “knowledge
snippets” for their own processes, but there is a low-cost option.
Ask them to define “knowledge snippets” so that they can enforce
traceability.
They should start by looking at their own business processes, and
check what is the minimal traceable “knowledge snippet”: probably
the actual size and configuration of a meaningful knowledge snippet
is different across the organization.
It is critical that this “traceability identification” is defined by
knowledge producers, to ensure that it is consistent with their actual
“real” processes, as often processes contain both a visible layer,
operating through the formal organization, and an invisible layer,
managed through the informal organization.
And this awareness becomes even more critical in case of knowledge
thesaurisation activities that are a step toward restructuring (e.g.
downsizing, merger, acquisition, asset/business line disposal) or
outsourcing activities.

23


Downsizing and knowledge configuration
A common problem in any organization is that through downsizing,
BPR, re-organization, outsourcing, probably the organization
removed as much organizational redundancy as it was previously
available, therefore leaving scarce (if any at all) cross-functional
expertise left in-house.
This implies that quite often “knowledge configuration” (KC), where
existing in-house knowledge components are re-used across the
organization, is increasingly difficult, or it is delegated to external
resources- who happen to be the only ones still working across the
functional divide (with further side-effects on business continuity).
Using “knowledge snippets” along with traceability reduces the cost
of knowledge production and retention (including its maintenance).
Also, this allows your organization to introduce “knowledge
configuration management” (KCM), ensuring consistency of
behaviour across the organization.
KCM is linked to another concept: “versioning” of knowledge. The
basic concept is that any item of knowledge depends from one or
more other items, produced in the same or other organizational units.
Knowledge management tools can become obviously useful- but you
need first to have in place a culture able to process knowledge.
The next step is, obviously, seeing how you can monitor your
knowledge stock and benefit from it.
Incidentally: “knowledgebase”, or “knowledge base” are avoided in
this book, as two often they are used to describe both “knowledge
collections” and “knowledge thesauruses”- basically, “static” vs.
“dynamic” knowledge11.
11

See chapter 4 in this book
24


Knowledge Configuration Management & Knowledge Costing
When “Knowledge Configuration Management” is in place,
quantitative analysis of your “knowledge stock” becomes again
possible.
Obviously, the parameters must be tailored to the specific
categorisation of “knowledge snippets” that will have been negotiated
with knowledge producers.
Why introducing again quantitative analysis, after criticizing it in the
previous section?
Consider this as possible side effect, not a mandatory element of a
“knowledge retention” policy.
Introducing quantitative analysis after adopting the new approach
could be useful to actually share the costs of producing and
maintaining a specific “knowledge snippet” with all its users.
And it is not only useful for "Internal Transfer Pricing" (e.g. to
identify how other parts of your organization should contribute to
the investment on knowledge production), but also when spinning
out a unit or negotiating a joint venture, and in IPR management.
Obviously, also if the demonstrated value or cost of an item is X,
corporate policy realities could result in a lower transfer price,
considering the balance as “overheads”, paid by the organisation as a
whole, e.g. for processes that, while being managed by a specific
business unit, are actually the reason for the organization to exist.
The risk? If you forget what is “core” to your business, some
excessively entrepreneurial elements of your organization might
quarrel about considering their support processes as “core business”and ask others to contribute to their own costs.

25


Knowledge management and participation
If you introduce Knowledge Management after Knowledge Retention
and Traceability, the actual knowledge producers will be more active
partners in setting up and negotiating the separation of roles and
structuring of the knowledge infrastructure.
This increased participation will result in a greater control on what is
inside your “knowledge store”, as the knowledge management
organizational unit will not be the only organizational structure in
charge of all tasks related to knowledge management.
If the Knowledge Management organization is in place before the
rest of the organization is able to provide usable knowledge, the net
result is usually an “ivory tower” approach.
Should this be the case, the Knowledge Management organization,
for lack of contacts with sources that understand its “lingo”, starts
generating knowledge and assumptions, instead of structuring
knowledge produced by the actual Knowledge Providers.
In turn, this will give less incentive to the other organizational units
to become part of a process that adds overhead but whose value (i.e.
knowledge that can be extracted and reused) is questionable.
Of course: a better alternative is to clearly “phase-in” such an
organization, by assigning it an advisory role to business units during
the first phase of its activity.
Knowledge Management based on Knowledge Retention also
simplifies the identification of “core” knowledge items, whose
understanding should be kept inside your organization.
These “core” items are those relevant to ensure that any
“outsourcing” activity does not affect your business continuity.

26


Knowledge and embedded security
Once the knowledge production is structured, it becomes easier to
define a knowledge control/security policy, by assigning a different
level of access and responsibility to different organizational units.
A positive side-effect of this definition is: identifying the “knowledge
boundaries” for each organizational unit limits the need of crossfunctional meetings to those where the subject is new or clearly spans
across “knowledge boundaries”.
As each item is classified while being defined, it becomes possible to
delegate without losing control12: this will reduce the number of
resources needed to cope with a larger number of projects, using
external resources only when and for how long is really needed, and
without any loss of knowledge.
As described above, adopting a sound Knowledge Management
policy based on Knowledge Retention makes investment on
knowledge and knowledge costing possible.
Why the title of this issue13 links “knowledge retention” to
“embedded security”?
Knowing which items of your knowledge thesaurus are “core” and
should be maintained inside your organization ensures that you can
improve your business continuity capabilities, also when delegating to
third parties one or more processes.
What is “embedded security”? Security management is quite often
considered an additional set of processes, almost an afterthought.

12 See chapter 3 in this book, originally issue 2 of BFM
13 The original title was: “Improving the use and control of knowledgeembedded security”- too long for this book!
27


But this externalisation of security implies that you try to build up
walls (virtual or real), without actually involving those who produce
the knowledge and therefore should know its operational sensitivity.
It is true that those above them know how, within the “formal
organization”, that knowledge impacts on other areas of business: but
also if those managers are promoted from the rank-and-file,
eventually they will lose knowledge of the current, real, “informal
organization”, and its informal communication flows (more
appropriately, “back channels”).
Security (both physical and logical) does not come cheaply, and 100%
security is simply impossible.
Our concept of “embedded security” is quite simple: instead of
adding security after your processes, try to focus on identifying who
is responsible for each specific knowledge subset, and involve them
in the definition of the related security profile, with the support of
your security experts or “internal audit”.
Maybe you will discover that some of the security can be
“embedded” in the actual processes involved in producing the
knowledge, minimizing your security overhead.
Knowledge-based security profiling increases the accountability of
knowledge producers, while ensuring compliance with your own
internal policies.
Further additional layers of security would just (expensively) increase
the perceived security, while impeding the knowledge distribution
that is needed to actually generate value, and creating a false sense of
security in knowledge producers.

28


Guidelines for action
All the basic items now clarified, how long would it take to achieve
these results?
It depends on your expectations- and how you manage them.
As noted above, a “Big Bang” approach is possible if you focus on
technology, but then maintaining the knowledge will be more
expensive, as the producers will need constant help both to trace
back and update the “thesaurised” knowledge.
In any change management activity, you need to change the
behaviour of knowledge producers as a whole.
A simple presentation is not enough to produce the change: you also
need to reinforce the message with consistent, individual actions.
We suggest a staged approach, using the results from the parameterdefinition activities shown above, to build up a schedule of
intervention that could produce the first results in few months.
Lowering the expectations (better, managing them) implies
identifying which organizational units could produce results faster.
Then, a “viral” model could be used to both improve your
knowledge retention policy and spread the activity to other
organizational units.
Whenever you want to “evangelise” on something new, identify a
first structure with a high chance of success.
Once successful, this structure should “spread the message” to
others, reinforcing the message: usually, the growth is not simply
linear.

29


How do you operate? Realistically, identify a homogeneous area to
“tune” your approach, and identify the actual “stakeholders”
involved in knowledge management processes: production,
collection, distribution, and maintenance.
This approach allows finding if there are any further organizational
units that should be involved, while negotiating both a process and
the associated roles; e.g. organizational units that have already been
assigned similar tasks, or that defined their own knowledge retention
policies that are worth considering “best practices”.
Just remember: this approach has to be tailored to both your own
corporate culture and your aims.
As an example: often, while taking over or merging units, or defining
a joint-venture, “promoting” processes already adopted by some
units prior to this organizational and cultural change could actually
increase resistance to change.
Finally, no knowledge retention policy should allow “loopholes”, e.g.
using external resources to bypass standards, using as an excuse that
they follow their own rules.
The message to both internal and external resources is quite simple:
you delegate the execution of activities, not responsibility, and
therefore any organizational unit using external resources should
“price” the cost of converting the externally-generated knowledge in
order to make it comply with the internal rules, and obtain something
whose lifecycle can be managed internally.
Quite often, these additional costs would reduce or remove the
economic viability of externalisation, at least for recurring activities.

30


Timeframe for delivery
A first project could usually take one-two months to assess the
parameters and give an overview, using brainstorming sessions to
identify the targets and the first organizational units to apply the
process to.
The collection and first structuring, with the building of a reference
catalogue, would probably take another four months.
Unless you have already a knowledge retention policy in place, the
cultural change management usually would require another six
months, with oversight from either the first organizational unit
carrying out all the activities, a new structure, external resources, or a
team composed by a mix of resources from the three.
Again, staffing choices have to be tailored to your own current and
proposed environment.
Thereafter, a “viral spreading” approach (like the one used in
Business Intelligence and similar activities) is suggested to deploy the
process across the organization.
As for the project team size: the initial team should be as small as
possible, while a single resource should be responsible for the first
catalogue building, to ensure consistency.
Once the first phase and second phase of the first project have been
carried out, and the working rules have been defined, the team could
be expanded to activate parallel projects.
Anyway, consider these first phases as part of a long-term cultural
and organizational change programme, if you want to produce selfsustainable results.

31


Closing
In conclusion, knowledge retention is not rocket science, but the
benefits it can deliver are quite sensible.
Moreover, you can do it yourself.
With different levels of detail, this approach has been applied time
and again, both internally and for customers across Europe.
As usual, use the information at your own risk and adapt anything
you read to your own environment.
While we had consistent success in applying this approach, we cannot
guarantee that it will work for your organization.

32


3. STRATEGIC OUTSOURCING
This issue was focused on methods and solutions to manage
outsourcing choices, while retaining the capability to keep the
evolution of business processes on track.
Outsourcing and BPO (Business Process Outsourcing) are often
considered mere economic or technical choices.
Instead, a wrong outsourcing decision could negatively affect your
organization's ability not only to carry out business-as-usual activities,
but also to evolve.
As discussed in the previous issue14, if you don't know what is really
“core knowledge” of your business, and the associated formal and
informal organization, outsourcing could not be the best choice,
unless it is a mere output-oriented activity.

14 See chapter 2 in this book, originally issue 1 of BFM
33


Outsourcing as a magic wand
Since the late 1980s, a constant drive to downsize, rightsize, sliceand-dice businesses pushed many companies toward considering
“externalisation of non-core activities” as a routine affair.
Outsourcing became a magic wand to convert fixed costs into
variable ones, while improving the level of services received vs. what
was previously delivered by internal resources.
But outsourcing is a business process to achieve change, and like any
other process it requires a clear definition and understanding of your
current position before you can introduce any change.
While introducing change inside your own company without
sufficient knowledge could be “fixed” later on, outsourcing is usually
supported by water-tight legal writs (this usually wasn't the case with
early 1990s contracts).
The previous issue15 described how every company works on its own
eCI (embedded Corporate Identity), i.e. what is the accepted
behaviour within a company, as expressed by processes, organisation,
etc.
As the Cheshire Cat in “Alice in Wonderland” said: you need to
know where you are heading to before you can decide which way is
the right one to go.
Once you know where you are, you can define the destination, and
start thinking about the “how”.

15 See chapter 2 in this book
34


Outsourcing is more than just a solution to the “how”, and unless
you are able to identify and communicate effectively the current
status of what you outsource, all that you obtain is just a long-term
restructuring of costs.
Some companies simply outsource out of despair, seeing outsourcing
as an easy way out of a history of mismanagement and spiralling
costs, while others simply are unable to find the human resources
they need on the market.
As it will be discussed later, defining the priorities is obviously a
bonus when short-listing outsourcing suppliers- and building the
right list of priorities requires a clear understanding on the purpose
of the outsourcing: what are the issues that should be solved by
outsourcing?
Actually, the way most outsourcing contracts are built, if you do not
document correctly the current status, you can expect a short-term
decrease in costs, to be more than compensated by unexpected costs
whenever you and your supplier find some “extras”.
“Strategic Outsourcing” requires a contract built to ensure the
economic viability of the outsourcing activities, as explained in the
next section.

35


What is outsourcing
Over the years, as the “outsourcing” concept (including the use of
software solutions covering different vertical processes, e.g. ERP or
CRM) was considered quite appealing and easy to explain, the
meaning of the word has been bent and shaped in many ways, both
from suppliers and customers.
Some activities often called “outsourcing”:
- facilities management
- the delivery of a service from a supplier, usually using a mix
of your own and their resources, and with an high degree of
control on the results, the process to achieve them, and the
resources required; the main difference vs. typical body-rental
agreements is that a common management team is designed,
with a set of service level targets agreed to
- joint venture
- the delivery of services and products using resources from
both companies, but under the management control of a new
structure; the revenue is usually generated by a short-term
transfer of the existing customer's budget, eventually to be
offset by the delivery the services to third parties; there are
two main risks: 1.under-documented existing level of services;
2.constant struggles between partners over business priorities
- shared services
- usually it is a hybrid, but under the control of the customer,
with neither external management or market; the risk is that
of a company internal spin-off, with all the disadvantages of a
joint-venture but without the same structural independence
- outsourcing
- the focus is on the outputs, with a clear definition of the
inputs, but with a general framework for the service level
agreement (SLA) and any additional activities.

36


All these approaches contain the same risk: transferring a vertical
process usually results in loss of knowledge, as operational
knowledge ceases to be thesaurised inside the customer organisation.
Obviously, sometimes this is an intended consequence, e.g. for
companies that want to expand into new markets they have no
operational knowledge of, like cash-based businesses (retailers,
insurance companies, etc) entering the retail banking industry to
convert their own cash-flow into an additional revenue stream.
As described in the previous issue16, this risk can be easily managed
by adopting a thesaurisation process that is more common sense than
rocket science, i.e. by identifying “knowledge snippets”.
What you outsource is the production of a set of knowledge snippets
whose “how” (i.e. the production method) you do not need to keep
inside the company.
More on this aspects will be hinted at in the “Strategy and
outsourcing” section, and in the next issue of BFM17 (focused on
“Business Continuity Governance”).

37


Controlling the process
Outsourcing is quite often considered a financial decision (converting
a fixed cost and the related investments and maintenance into
variable costs), but quite often the decision-making process does not
subject the decision to the same level of scrutiny of a financing
decision.
Knowing the content of the outsourced services and processes is
required not only to ensure a successful outsourcing, but also to
avoid signing a contract that could result in substantial financial
penalties... to obtain the same or a lower level of services!
“Outsourcing” comes in many forms and shapes- and my favourite
example is what happened when in UK tax offices where given in
outsourcing through a “leaseback”.
It is still a popular idea: sell your buildings, get the tax revenue, pay a
fee to rent them back.
The idea? As a State, you get immediate cash, plus taxable income
from what you pay to the new owner, while cutting down the costs
by removing the need to carry out maintenance and “manage”
buildings.
Nice idea, but... the company was revealed to be based offshore
(goodbye taxation), and eventually said that it needed more income
to cover the costs- or otherwise those buildings would be sold.
Can you imagine how it ended?

38


When outsourcing services that are delivered without technology,
customers analyse all the details, sometimes up to a full due diligence.
Which details? How many people are involved, how many events,
what are the qualifications of the people involved, the time and
materials required, processes, etc.
Usually the quantitative analysis is less well developed when
technology is involved, e.g. almost no company checks if every
software component or database is properly documented, assuming
that if it is working, there is obviously everything needed to make it
working.
Controlling the process of outsourcing implies:
- being able to transfer knowledge to the new organisation
- identifying why you are outsourcing the service.
Cutting costs is the classical motivation for outsourcing, but “cutting
costs” has different dimensions:
- are you planning to reduce existing costs?
- do you want to avoid required investments or regulatory
hurdles implied in keeping the service in-house?
- does the company need to expand, but your do not see how
you could manage the expansion?
- etc, etc.
Outsourcing requires a clear definition of the boundaries of the
contract, as you can outsource the execution of activities, but you
cannot outsource the responsibility of either the activity or the
definition of its boundaries.
As previously hinted, some companies outsource complete processes
that are not relevant to their own core business, keeping control only
of core processes and communication with the outsourced ones.

39


These companies retain in house the knowledge required to oversee
the outsourcing supplier(s), to the degree of detail required to ensure
that the SLAs (Service Level Agreements) are respected and that the
processes not outsourced are still working properly.
Unfortunately, most companies usually carry out different rounds of
outsourcing, constantly enlarging the boundaries of the outsourced
activities, but without updating accordingly the knowledge required
to retain control.
Retaining the capability to dialogue with the outsourcing supplier is
useful also when the customer wants to be able to manage the
evolution of the SLAs according to business needs.
Therefore, selecting the right outsourcing supplier requires a clear
understanding of what are the real capabilities of your own company
to retain the knowledge required to manage the relationship.
Outsourcing suppliers that originate from the same market of their
customers (usually as a shared supplier between customers) are able
to fill the void left by the loss of knowledge inside the customers, at a
price: it becomes like any other utility, and you risk losing influence
on the content (and degrees of freedom) of the services delivered.
While apparently a larger, generalist outsourcing supplier could seem
to be the best choice, in our experience understanding the mix of
skills available inside the outsourcing supplier is the major factor
enabling a successful outsourcing.
The most critical requirement is: the supplier must have internal
resources that understand your own business, to deliver “backbone”
services- otherwise, the supplier will outsource to a third party
outside your own control.

40


Framing vs. “frameworking”
Sometimes the financial analysis of outsourcing activities is stretched
too far, forgetting that any outsourcing supplier in the end needs to
deliver services: a case of over-negotiation.
Any failure in delivering the agreed level of service will impact
directly on the public perception of your own company, maybe
affecting your business.
“Beauty contests” between outsourcing suppliers, where customers
ask them to underbid each other are dangerous if the customer lacks
the required in-house knowledge of the activities they are trying to
outsource.
Usually, the outsourcing supplier that “bites the bullet” either is
planning to gain in the long term, or quite simply lacks the
knowledge to understand the real costs of the outsourcing contract.
If your outsourcing supplier lacks the resources required to
understand the evolution of your business and proactively support
your business, probably either you or your supplier will use third
party resources to fill a temporary (?) void- usually with unpredictable
impact on quality.
A contract is the typical “framing device”- but is having a contract
enough?
Financial penalties are not going to recover any business lost due to
the failure of an outsourcing supplier that is unable to deliver the
service agreed.

41


Contract definition is usually quite complex, but if the “technical”
annexes are properly detailed, this is usually a good sign that one of
the following three events is happening:
- “the good”
- both you and your supplier understand the requirements, and
the contract allows to deliver the services you need now,
while covering also the management of possible evolutions;
yes, this is a “win-win”
- “the ugly”
- your supplier understands the contract better than you do;
probably, you will end up paying more than you expectedalso to obtain the services that you assumed to be included
- “the bad”
- you understand the contract, while the supplier does not; if
you are lucky, the net result is that your supplier will deliver
services at below the market price; if you are not so lucky,
this will have an impact on the long-term viability of the
contract and probably a negative impact on the relationship
with other outsourcing suppliers, as well as maybe affecting
your business.
If a contract is no protection, another device that is becoming more
and more widespread is, of course, an insurance policy. But what do
you get from insurance?
An insurance policy is built around an assessment of the risk to
determine the premium to pay the insurer, so that if any of the
negative events covered happen, the insurer pays the agreed amount.
With this (limited) definition, it is quite clear our approach: if a set of
penalties embedded in a contract is no safeguard, while should
insurance be any different?

42


The issue is not one of reality, but of perception: unless an insurance
company invests in some companies that are able to actually
“supply” the services the insurer covers, the business risk is not
reduced.
As usual, insurance providers spread across the system the financial
risk linked to the policy using re-insurance.
Therefore, while obviously contracts and insurance policies could
reduce the financial burden due to the failure of the outsourcing
supplier to deliver the service agreed to, we suggest focusing your
negotiation on the actual definition of the SLAs.
Reason? If you halt your business due to a continued failure from
your outsourcing supplier, no matter how much you are paid by the
insurance company- your business is gone.

43


The content of outsourcing
In our experience, if you decide to outsource the execution of a
service, then the actual details of the execution should rest with the
outsourcing supplier.
Defining the results is certainly the easiest way, but it is not so easy to
implement: do you really know all the “outputs” produced by your
own processes?
By “outputs” we mean not only results from IT-based processes, but
also results produced by other processes- including items as number
of rooms cleaned, phone calls answered per minute, etc.
If you define the boundaries of your outsourcing contracts and SLAs
around outputs, it becomes easier to quantify the level of service and
negotiate the price of the contract (i.e. by number of incidents or
“time slots required” to execute a process).
And, of course, the price of any additional services that may be
required at a later stage.
Some companies outsource only whole processes, A-to-Z, top-tobottom: if your outsourcing supplier understands your business,
probably this approach is less resource-intensive (for you) than the
output-based approach we suggest.
However you build the framework for your outsourcing contract, it is
important that you thoroughly analyse your business needs.
When you will first transfer a service to an outsourcing supplier,
probably you will rely on partially structured and organized
information to build the framework of the contract.

44


Some companies instead rely on the outsourcing supplier to build the
framework.
In our experience, this is the worst choice, as neither you nor your
supplier will really have the knowledge required to manage the
outsourcing contract.
Our approach is to carry out a “due diligence”: both the prospective
supplier and the customer document the framework, to confirm that
what the customer perceives is what is assessed by the supplier.
Usually, such an exercise is quite expensive, and progressively
suppliers started steering away from prospective customers that have
a history of “serial proposals”, i.e. requiring new proposals whenever
an assessment of internal processes is required- but always ending up
giving the business to existing suppliers, or delivering with internal
resources.
A common approach is to shortlist prospective suppliers on a limited
set of parameters, and then pay the shortlisted prospective suppliers a
"fee" to carry out the detailed assessment.
Sometimes, the cost of such an assessment is credited by the supplier
if awarded the outsourcing contract.

45


Consequences of outsourcing
So far, we discussed outsourcing assuming that it is possible- but it is
really always possible to outsource?
In our experience, outsourcing should not be considered if the set of
activities or outputs outsourced is too linked to other processes that
are not to be outsourced.
If you outsource such an activity, your business evolution could be
impaired, notably when your supplier is delivering just economies of
scale, but without any capability to manage the service and its
evolution.
Whenever this is the situation, we suggest instead either to:
- keep inside the company the process and outsource the
technology to support it, e.g. using applications delivered via
Web or virtual machines
- use external resources to supplement the skills lacking inside
your own company, but ensuring that the knowledge required
on a day-by-day basis is transferred to your people.
Sometimes, outsourcing can still be considered, but would require a
focused monitoring to avoid counterproductive side-effects.
Typical examples are call centres, account management, sales
management outsourcing, and other sometimes described as “hiring
a team of expert resources”.
Why counterproductive?
In this example, because the typical mistake is to leave external
resources manage the relationship with your own market using their
own processes.

46


The result? The actual improvement of the sales/account managers
market visibility and Rolodex, and reduction of your own
understanding of your own market.
A proper management of the services outsourced can avoid these
negative side-effects, e.g. by requiring the external sales/account
managers to report all the information, and then managing through
either internal resources or another company the collection of market
feed-back.
As described in the previous issue of BFM18, another consequence of
some forms of outsourcing (e.g. ERP, a de-facto adoption of external
business processes) is the introduction in your eCI (embedded
Corporate Identity) of processes that work fine- but only if your
company behaves as somebody else has decided that your company
should behave.
The focus is to identify which parts of the activities can or cannot be
outsourced- and not just those whose outsourcing is economically
viable.
Consultants should suggest the best solution based on their own
experience and knowledge, but then execute the solution agreed with
the customer.
Consultants should plan for their departure from day one, with a
clear visibility of the planned knowledge transfer to the customer.
Outsourcing services should be considered for activities that require
constant update (e.g. tax law) but that are not used frequently enough
to both justify the investment and ensure that the internal people
involved are able to be highly efficient (and informed).

47


Strategy and outsourcing
The first issue is the difference in timescale: while outsourcing is
considered mainly an operational issue, strategy definition usually is
considered an exercise that delivers longer-term results and impacts.
The resources released through outsourcing could benefit from the
increased focus on core business processes.
But outsourcing should satisfy business needs, not be a task in itself.
Business strategy definition and appraisal should also identify a
framework to define guidelines about what can or cannot be
outsourced by your organization.
Once defined, it must be routinely reviewed and revised, to ensure
that service contracts are tailored to your business- and not the other
way around.
Our experience is that the lack of understanding of the strategic
impacts of outsourcing could seriously impair the conversion of your
carefully planned strategic initiatives into operational realities.
Assuming that your outsourcing supplier understands the costs
involved in outsourcing, you could end with an economically
efficient outsourcing contract that doubles as a straitjacket for your
business development.
The results of any negotiation are strictly related to the understanding
of the assumptions of the negotiating parties, and a successful longterm outsourcing contract requires a degree of empathy and
willingness of both parties to see beyond the short-term
cost/revenue ratio.

48


Also, avoid contracts that have a “dumping” upfront, to keep the
price lower and win the contract, as this is usually followed by a
“spiking up” of the cost once the customer is acquired.
As an example, consider your product and service portfolio, and call
centre and account management requirements: did you know five
years ago the level, type, and quantity of services required?
The suggested solution is quite simple: partition your knowledge of
the activities to be outsourced into levels of linkage to your own
strategic guidelines, and add into the framework of the outsourcing
contract specific SLAs, i.e. targets linked to the flexibility required to
cope with the unforeseeable.
A simple device to obtain an outsourcing contract that closely
matches your strategic requirements is to “layer” your outsourcing
agreement, separating the SLAs according to the level of knowledge
available and the degrees of freedom required.
If your history of internal management of the activities shows that
planning assumptions constantly conflict with reality, then probably
using just your own planning assumptions to enter into an
outsourcing contract is not the wisest choice.
As previously described, we assume that an outsourcing contract is
built around the outputs to be produced and inputs, or the processes
to be carried out; we do not consider outsourcing the transfer of
internal resources (people, software, assets) to a supplier that then
delivers the same services using them- this is facilities management.
Anyway, most outsourcing contracts start as hybrids, where the
supplier takes over resources from the customer, using the value of
these resources toward part of cost agreed for the contract; these
resources are eventually phased out or absorbed by the supplier.

49


If you require a continuous facilities management for part of the
activities that you want to outsource, then ensure that the contract
clearly separates outsourcing from facilities management.
We saw too many contracts called “outsourcing” that were actually
facilities management in disguise: and usually in the end this is a loselose situation (hint: look at communication channels- if everybody
talks with everybody, it is doubtful that that is really an outsourcing).
Finally, you should clearly include inside the outsourcing contract the
“skills mix” required to service the contract, e.g. the level of skills
that both parties should have inside their own organization to ensure
that that the long-term management of the contract is feasible, at
least for key resources (people acting as communication channels on
contractual issues, managers, subject matter experts on continuous
availability, etc.).
Formally: no SLA without a matching OLA (Operational Level
Agreement), stating what your resources should to do provide:
inputs, processes outputs.
Also the rules for monitoring, audits, inspections should be written
within the annexes.
Whenever you outsource the execution of a process or the
production of outputs, you should remember that you are still
responsible of the long-term viability of the processes involved.
While it is tempting to remove all the resources that used to take care
of the same process within your own organization, you should
control your cost-cutting instincts, and consider if you can dispose of
internal knowledge by replacing it with external knowledge.

50


As hinted above, if your company is entering a new business, and you
find a supplier that is able to provide everything to allow you to take
care only of the day-by-day activities with minimal additional
resources, then you probably can avoid the investment, and use the
services provided by the external supplier.
The same applies if you are, say, transferring your IT department to
an external company, but not necessarily if you transfer just part of
your IT systems or sales processes.
Making your DBAs, Systems Managers, and credit managers
redundant is the best way to lose control of critical parts of your
market presence or ability to make your processes and systems
evolve.
As discussed above, usually customers roll out outsourcing
progressively.
But is there a suggested “speed of outsourcing”?
Beside this “how fast you should outsource”, we will discuss also
internal and external outsourcing: sometimes, the first step toward
outsourcing your services is... to delegate the execution within your
organization.
Reason? E.g. to be able to really identify the scope of the activities
that you would like to outsource.

51


Outsourcing and “internal outsourcing”
Most customers are afraid of the “Big Bang” approach to
outsourcing, and try a step-by-step approach.
Interestingly, few companies have in place what is required to carry
out a step-by-step approach.
As discussed in the previous issue of BFM19, if you have KC
(Knowledge Configuration) Management in place, you have defined
the basic elements that are required to outsource parts of your
processes and outputs.
The key issue is always the same: you cannot outsource what you do
not know- and a step-by-step approach, seemingly the most costeffective approach, could actually be the less cost-efficient.
A quite common mistake is to transfer to the outsourcing supplier
the required internal people before the customer builds its own
internal support and management structure.
Therefore, planning the rolling out of outsourcing should be based
on knowledge boundaries, to ensure that you still retain internal
resources able to control the interfacing with the outsourced
activities.
Outsourcing is usually supposed to involve external suppliers- or this
is the common wisdom.

52


Actually, consolidation activities are the most common type of
internal outsourcing, but almost never planning activities recognize
the similarities.
Our approach is to consider internal consolidation activities as
overall outsourcing activities, both to ensure that the “outsourcing”
organizational units still keep control of their own knowledge and
that the consolidation is based on a sound economic and financial
assessment.
Managing the consolidated activities as “outsourced” also clarifies the
boundaries, as quite often the originating organizational units tend to
“forget” that they are now supposed to focus on the outputs, not on
the way they are produced (they mix up outsourcing and facilities
management or body rental).
We suggest adopting sound guidelines to identify if the real solution
is selecting an external outsourcing supplier, or “internal
outsourcing” is the safest choice.
While talking about Business Continuity Governance in the next
issue we will also discuss the concept of “maturity levels”.
Before adopting a “best practice” from somebody else (including
standards or an ERP), you should assess if your own organization has
the “structural maturity” to comply with rules that assume that
everybody works as a “cog in the wheel”.
If that is not the case, then some adaptations will be needed.

53


Strategic outsourcing
“Strategic outsourcing” requires a clear understanding and knowledge
of both the outsourced activities and the outsourcing relationship.
What is the difference with other outsourcing activities?
Outsourcing is not just a variable cost: usually, to ensure profitability
and economic viability for both parties, it is a multi-year agreement
with a “phase-in” and a potential “phase-out”.
If you therefore consider the outsourcing costs as an overhead within
a specific profit centre, it becomes easier to manage both its own
viability, and to identify how to cost and manage any change (e.g.
who should pay for what within your organization, and on according
to which algorithm the costs should be allocated and spread between
various organizational units).
Any change on the outsourcing arrangement has to be clearly related
to company strategy and linked to the organizational structure of the
company, also to avoid that the outsourcing supplier builds a parallel,
unsupervised structure, maybe even with “custom” cross-functional
communication channels within your own company.
This process requires that both the customer and the supplier accept
to be actively involved in managing the relationship.
While the customer should keep the connection to the internal
organization and structure, the supplier should assess with the
customer the impact of any change, and maybe even help to identify
how the associated costs should be partitioned within various parts
of your organization.

54


A strategic outsourcing partnership will eventually result in a
proactive management of both the content and scope of the
outsourcing contract from all the parties involved.
Managing the relationship requires identifying a way to assess the
quality of the services delivered by the outsourcing company, and
usually this is done by adopting one or more SLAs (Service Level
Agreements), as well as a communication strategy focused on
measuring trends in customer satisfaction.
In our experience, most outsourcing contracts lack the structure to
actually allow a quantitative monitoring: parameters, timescales,
agreements to deliver continuous process improvement.
Again, a preliminary extensive activity should be carried out by both
the supplier and the customer to identify the parameters and phase-in
the outsourcing contract, ensuring that no knowledge is lost in the
process.
Introducing strategic outsourcing requires a frank assessment of the
current status of the activities to be outsourced, with a sensible
planning to ensure their proper management.
A typical sign of an outsourcing contract that has not been thought
through and documented properly is the constant change of the
resources in charge, both on the customer's and the supplier's side,
and the number of meetings required at every change.
Our suggestion is to be realistic: if your outsourcing supplier gives
you unbelievable short timescales, look for checks and balances to
show progress.

55


If they are mostly qualitative (or qualitative disguised as quantitative),
then probably the supplier is investing on the relationship, looking
forward to long-term gains, or simply does not understand the
contract.
In both cases, you are increasing your operational risk: until when the
supplier will sustain an unworkable agreement?
Therefore, introducing strategic outsourcing requires that you first
understand and explain your own strategy to your own people (at
least those that will select and/or manage the relationship with the
outsourcing supplier), and then shortlist suppliers that fit the profile,
before negotiating with them, aiming for a long-term proactive
relationship.
Planning and structuring the outsourcing contract and the
relationship with the suppliers is only part of the picture: strategic
outsourcing requires also a more structured approach to costing an
outsourcing contract.

56


Costing outsourcing
Most outsourcing contracts describe the cost of the service delivered
by the supplier, but there is a limited assessment of the costs still left
inside the customer organization.
Moreover, often contracts that compare outsourcing vs. internal
costs do not analyse the history of the development of costs, but just
the costs to be replaced.
Studying the history of the internal costs and their relationship with
organizational structure and strategy could actually give a fair view
not only of the “instantaneous” costs, but also of the speed,
acceleration, and level of absorption across time.
If you build this “history”, represented by a simple chart, and then
compare it with the models (usually, financial plans) offered by
different suppliers, you can also focus the negotiation on specific
differences to be inserted in the contract- and maybe also assess the
compatibility between their corporate culture and your own
(outsourcing is a marriage, not a date).
This inclusion is quite important, because when outsourcing the
contract to an external company, the costing model they offer is
representative of their eCI (embedded Corporate Identity), and any
discrepancies that are not managed usually result in additional costson either side (who bears them is then a matter of negotiating
power).
We are coming again to the same point: you need to understand
where you are before you can outsource.

57


Properly managed outsourcing relationships could add value to your
company, as the supplier could add a new perspective on ways and
means to deliver services- and improve delivery.
Whenever outsourcing, you should insert clauses to retain inside your
company the knowledge required to develop your own business.
If Knowledge Management is introduced after outsourcing then
probably the most effective way is to involve your outsourcing
suppliers in the process, so that they can help you in identifying the
knowledge boundaries.
The clear definition of where the outsourced activities are linked to
the knowledge distribution inside your own company allows moving
from a quantitative approach to outsourcing to a qualitative one, but
built on reality, not expectations.
Quantitative analysis is able to assess the outsourced activities vs.
previously agreed measures of compliance with already known
activities, but gives limited indications on the evolution.
Deriving from the quantitative measures new KPI (Key Performance
Indicators) that can be used to monitor the evolution of the
outsourced activities is a useful exercise.
Anyway, such KPI exercise requires full co-operation from both
parties: you can "slip" that requirement into the outsourcing contract,
but without the full and willing compliance and understanding of the
outsourcing supplier, you will be better off by focusing on just the
quantitative measures.

58


A more detailed description of this decision support approach will be
contained in the next issue of BFM, focused on Business Continuity
Governance20.
Sometimes, this structured quantitative and qualitative approach is
not feasible, e.g. for lack of resources.
A typical example is when a first outsourcing company obtains an
outsourcing contract that is actually a facilities management activity.
This being the case, probably your own current outsourcing/facilities
management supplier will be unwilling to sustain the additional costs
required to “map” the current status, understanding that you are
scouting for a new supplier.
Manage your communication properly to ensure a smooth transition,
e.g. by allowing the current supplier to provide a proposal for the
new service, but based only on information about existing services
that they released and shared with you (and therefore potentially with
other prospective suppliers).
Whenever involved with customers that have de facto lost control of
their own knowledge, we suggest to identify knowledge boundaries,
as described in Issue01 of BFM21, and then start developing a
roadmap to “get back in control” (which, sometimes, could imply a
whole programme of activities, not necessarily all visible to the
outsourcing company, and involving also some crisis management).

59


Eventually, either the external supplier will accept the new structured
approach, or their degree of freedom will be so limited that their own
unwillingness to cooperate will become the main reason to replace
them with another supplier that is able to co-manage a proactive
outsourcing.
Every business relationship could turn sour, and also strategic
outsourcing does not protect you from a failing supplier or a change
of business strategy that makes the existing arrangements untenable.
For critical activities, we always suggest customers to keep at least an
internal “knowledge presidium” (a subject matter expert) to keep
abreast of the knowledge transferred to external suppliers.
Ideally, as discussed in the next issue of BFM on Business Continuity
Governance22, each business should define the minimal level of
service required to pass through a time of crisis or to fill the void left
by a failing supplier.
Some companies include in their own contracts redundant facilities,
to ensure disaster recovery, as well as “on demand” contracts to cope
with short-term business needs that cannot be managed by either
internal resources or the existing suppliers.
Beware of using “on demand” external suppliers that are called only
when there is a crisis: the risk is that they will optimize their own
resources allocation- and have just “sandbagging” staff available,
while waiting for the real experts to be released elsewhere.
In the end, all the processes suggested can be simplified by properly
managing the outsourcing selection process.

60


Outsourcing contracts
Assuming that your company really wants to outsource an activity to
an external/internal supplier, you should first identify if this is a oneoff event or could be the first step of a series of outsourcing
contracts, with the same or a variety of suppliers.
If you insert outsourcing as an option inside any new business
development or project activity, then outsourcing becomes another
tool to build your own strategy, but you need to adopt a structured
approach to simplify the assessment of both internal and external
proposals.
The first step should be obtaining proposals from companies that are
actually able to deliver the activities you require with a cost structure
that is acceptable, now and for the length of the outsourcing
relationship.
Also, you should carry out some market research to identify
outsourcing suppliers that are able to understand your business.
Do not ask for detailed proposals immediately: the cost of assessing
proposal coming from companies blatantly unable to deliver the
service could be staggering.
From the first (internal and external) prospective outsourcing
suppliers, a short-list of companies that could be invited to the next
round should be derived, using a vendor evaluation process to
quantify the compliance with your expectations.
The short-listed prospective suppliers should then be invited to
supply the detailed proposal.

61


Currently there is a trend toward absorbing part of the costs for all
the short-listed suppliers, as anyway the customer will receive a better
understanding of its own activities.
Do not limit the assessment only to the documentation provided:
short-listing is useful also to reduce the prospective suppliers to a
limited number, so that you can visit their premises, check with some
customers, and interview them to understand if their eCI (embedded
Corporate Identity) is compatible with your eCI.
Also, we strongly suggest that you identify and define the profiles of
the resources to be provided by the supplier, notably the person who
will manage the relationship (as described in previous sections), to
avoid suppliers that deliver their best people only in the pre-sales
phase.
The actual definition of the contract is a somewhat more complex
activity, and resources are available on the market to help structure
the details.
Beside the structure and content of the contract, the other issue to
consider is its duration.
A proper definition involves also a financial plan linked to the
phasing-in plan, so that the supplier can structure the proposal
according to the cash flows.
The effective duration of the first contract, and the plan for the
contract extension, should be tailored for the specific business
requirement; e.g. a 1-year ERP outsourcing contract is probably a
loss-maker, while a 5-year contract could justify the investment
required to understand the current status.

62


Try to link the contract duration to the investment plan: outsourcing
a part of your infrastructure that requires a 20-year investment plan
on a 3-year non-renewable basis is not exactly going to generate real
interest in outsourcing suppliers that know how to manage their
business...
Finally, did you think about the consequences of what you included
within the contract?
While a legal writ spanning hundreds of pages would be formally
water-tight, it would require months just to be understood, and
probably the actual resources involved on both sides to manage the
contract would not understand all the details- and use informal
agreements.

63


Managing outsourcing
By outsourcing activities you do not remove the need to manage
their results and their integration with other activities that have not
been outsourced, or that have been outsourced to other (internal or
external) suppliers.
Outsourcing contracts should contain also the management structure
to be used not only to authorize any changes, but also to manage the
day-by-day activities; while the execution can be outsourced, the
responsibility cannot be transferred.
In our experience, meetings with a fixed schedule, e.g. weekly or
monthly, should be used only at the beginning of the contract, as
after some time meetings would become just a social event.
Instead, a proper process should be defined to report any problem
and monitor the SLAs (Service Level Agreements), with a limited
number of scheduled meetings linked to specific budgeting activities.
A properly managed strategic outsourcing contract should be
considered like yet another element to be considered (another cost
centre) within the normal budgeting process.
Besides managing the current outsourcing contract, you should use
the budgeting process and the results from monitoring activities to
negotiate the evolution of services- outsourced and in-house.
If the selection process has been properly carried out, your supplier
should be able to deliver not only quantitative information, but also a
qualitative assessment that you will be able to compare with your
own internal qualitative assessments.

64


Any discrepancies could be analysed to identify either new needs, or
a need to improve the services, or even just (re)training needs.
The business environment, technologies, regulations etc. will
probably add another set of changes, that should be properly
managed to maintain the agreed level of service, and only if your
supplier understands your business you will be able to delegate most
of the change activities.
As discussed at the beginning, knowing the reasons of the
outsourcing is mandatory to ensure a proper understanding of the
priorities.
Defining the strategic outsourcing properly will also reduce the risk
that the management costs of the relationship with your supplier
could exceed any savings obtained by outsourcing your services.
If the suppliers understand the process, probably they will be able to
give you feed-back not only on the activities, but also on ways to
improve them.
A properly managed outsourcing contract will turn your supplier into
an internal consultant that will deliver to your organization feed-back
derived from the delivery of services across your industry.

65


Conclusions
Outsourcing costs, and generates results only with long term
agreements; if you do not invest, do not expect the outsourcing
suppliers to do it for you.
The first step toward a successful strategic outsourcing is
understanding: your business, your needs, your suppliers' capabilities.
Before outsourcing, verify that you understand the “knowledge
boundaries” of the outsourced activities and that you are able to
convey this information to your suppliers.
Measuring the performance should not be limited only to
quantitative assessments, but also to the actual fulfilment of business
needs.
A continuous reassessment should be carried out also of the
qualitative parameters used to monitor the evolution of both your
services and the overall relationship with your suppliers.
If your suppliers understands your business and their integration in
your business cycle, then they can become proactive long-term
partners, supporting your continuous service improvement activities.

66


4. BUSINESS CONTINUITY GOVERNANCE
This issue of BFM was focused on “Business Continuity
Governance”: how to ensure that a business will be able to cope with
unforeseen events with minimal disruption and minimal additional
costs, via a continuous, knowledge-based reassessment of business
needs.
Adopting a perspective focused on cultural and organizational
change allows to create a set of guidelines that are flexible enough to
evolve as your own business environment changes, while enabling
the long-term structural sustainability of your business.

67


A knowledge-based definition
Our approach is that Business Continuity should be considered part
of a common framework of processes focused on ensuring the longterm viability of your business, and not just an add-on rulebook.
The remaining sections of this chapter are just an introduction to our
suggested approach to Business Continuity: future issues will deliver
a more detailed description of the subjects outlined here.
Some Business Continuity initiatives results in manuals based on the
assumption that everybody will behave as planned when it will be
required, and that all the details will be magically remembered by
everybody involved.
A knowledge-based approach should start from a clear identification
of the existing behavioural constraints, i.e. what is considered
“normal” within your own specific environment.
Then, beside defining your own “business continuity model”, you
should also identify a “convergence roadmap”, focused on adapting
either your existing behavioural constraints, or your business
continuity blueprint, or both.
Aim: to obtain a behavioural change that will ensure that the required
level of readiness will be in place.
After a first implementation, a continuous improvement approach
will monitor and reinforce the level of readiness achieved, to ensure
that your Business Continuity assumptions are realistic.

68


Business Continuity as a project
The most common approach adopted to business continuity in
private companies derives from the typical IT systems project
activities, i.e. you select the requirements that are to be considered
inside the system (within “scope”), and plan the deliverables
accordingly.
What do you get? A continuity project carried out by external
resources with minimal involvement of internal resources, where
instead a continuity service (whose key actors should be internal
resources) is what is required.
A software can be designed to deliver a certain set of results based on
constraints it receives from a carefully designed environment.
Unfortunately, as discussed in the previous issue of BFM (Issue 02
Strategic Outsourcing23) almost no business can imagine to achieve
the same level of control on its business and human environment.
The risk inherent in adopting a typical project approach?
That, in order to ensure compliance with the design, complexity will
be obviously reduced by ignoring elements that are “outside scope”.
A more appropriate approach?
Business continuity as a programme that creates a set of services,
services whose “delivery agents” will be their users24.

23 See chapter 3
24 E.g. you could use MSP and ITIL, but within the context of the “corporate
culture” framework described in this book
69


Business Continuity vs. crisis management
Another Business Continuity approach focuses more on disaster
recovery, to reduce the impact of any unforeseen event and shorten
the time required to return to the pre-crisis level.
Crisis management stems from the need to ensure that the fabric of
society is kept in place after unforeseen events whose consequences,
if not managed properly, could generate damages possibly greater
than the original disturbance.
A typical example is managing the aftermath of an earthquake, or
trying to activate an evacuation plan.
Eventually, also the private sector started adopting a crisis
management approach, extending disaster recovery from the use of
redundant facilities kept available “just in case”, to the building of
less-than-optimal supply chains, more resilient that a global just-intime that ignores geo-political realities.
The main problem with this approach is that it relies mainly on
special rules to be applied in special cases: this implies that significant
additional costs could be required to maintain the required level of
readiness.
Another pitfall is due to the perception that “crisis management” is a
choice to surrender.
In reality, crisis management is a side-effect of assuming that some
risks must be managed, and neither prevention nor avoidance are
viable choices.

70


Coping with uncertainty
Business Continuity is perceived as a challenge because since the
XVIII century we constantly prized (the illusion of) absolute
knowledge.
Since the advent of “scientific management”, we tried to “bean
count” any event, often adopting the un-scientific approach of
excluding information that did not fit our carefully designed models.
As our technology improved, adding more and more layers between
every day, intuitive activities that we can carry out and the working of
instruments and processes in our complex societies, we developed a
defence mechanism to avoid accepting our impossibility to cope with
a gazillion of details: we “layered” our approach to reality, assuming
that layers we do not cope with are managed elsewhere.
While the increased fragmentation and specialization increased the
efficiency, it reduced the strength of our governance, as we were
unable to have a comprehensive view of the reality, and nobody had
real operational responsibility.
An excessive focus on individual trees, with almost nobody caring
even for her or his own forest: for an urbanized population, it is
normal to assume that there are experts readily available for any need.
Our companies extended supply chains and increased complexity by
outsourcing to third parties- often forgetting that maybe also our
suppliers would apply our approach, and that a chain (including a
supply chain) is as strong as its weakest link.
Using a spreadsheet we de facto outsource to the hardware and
software supplier our computational skills: how many people are still
able to carry out basic business computations in their own mind?
Most people trying to cope with Business Continuity focus quite
often on something akin to an asset logging system.

71

#BFM2013: Knowledge-based organizational change

#BFM2013: Knowledge-based organizational change

Recomendados

Recomendados

Más contenido relacionado

Último

Último (20)

Destacado

Destacado (20)

#BFM2013: Knowledge-based organizational change