Month: August 2021

Business continuity may be defined as “the capability of an organization to continue the delivery of products or services at pre-defined acceptable levels following a disruptive incident”, and business continuity planning (or business continuity and resiliency planning) is the process of creating systems of prevention and recovery to deal with potential threats to a company.[4] In addition to prevention, the goal is to enable ongoing operations before and during execution of disaster recovery. Business continuity is the intended outcome of proper execution of both business continuity planning and disaster recovery.

Business continuity planning is the process involved in creating a system of prevention and recovery from potential threats to a company. The plan ensures that personnel and assets are protected and are able to function quickly in the event of a disaster.

Several business continuity standards have been published by various standards bodies to assist in check listing ongoing planning tasks.

An organization’s resistance to failure is “the ability to withstand changes in its environment and still function“. Often called resilience, it is a capability that enables organizations to either endure environmental changes without having to permanently adapt, or the organization is forced to adapt a new way of working that better suits the new environmental conditions.

Key features of an effective business continuity plan:

• Organization: Objects that are related to the structure, skills, communications and responsibilities of its employees.
• Strategy: Objects that are related to the strategies used by the business to complete day-to day activities while ensuring continuous operations.
• Applications and data: Objects that are related to the software necessary to enable business operations, as well as the method to provide high availability that is used to implement that software.
• Technology: Objects that are related to the systems, network and industry-specific technology necessary to enable continuous operations and backups for applications and data.
• Processes: Objects that are related to the critical business process necessary to run the business, as well as the IT processes used to ensure smooth operations.
• Facilities: Objects that are related to providing a disaster recovery site if the primary site is destroyed.

Planners must have information about:

• Equipment
• Supplies and suppliers
• Locations, including other offices and backup/work area recovery (WAR) sites
• Documents and documentation, including which have off-site backup copies:
• Business documents
• Procedure documentation

Tiers of preparedness

SHARE’s seven tiers of disaster recovery:

Tier 0: No off-site data; Businesses with a Tier 0 Disaster Recovery solution have no Disaster Recovery Plan. There is no saved information, no documentation, no backup hardware, and no contingency plan. Typical recovery time: The length of recovery time in this instance is unpredictable. In fact, it may not be possible to recover at all.

Tier 1: Data backup with no Hot Site; Businesses that use Tier 1 Disaster Recovery solutions back up their data at an off-site facility. Depending on how often backups are made, they are prepared to accept several days to weeks of data loss, but their backups are secure off-site. However, this Tier lacks the systems on which to restore data. Pickup Truck Access Method (PTAM).

Tier 2: Data backup with Hot Site; Tier 2 Disaster Recovery solutions make regular backups on tape. This is combined with an off-site facility and infrastructure (known as a hot site) in which to restore systems from those tapes in the event of a disaster. This tier solution will still result in the need to recreate several hours to days worth of data, but it is less unpredictable in recovery time. Examples include: PTAM with Hot Site available, IBM Tivoli Storage Manager.

Tier 3: Electronic vaulting; Tier 3 solutions utilize components of Tier 2. Additionally, some mission-critical data is electronically vaulted. This electronically vaulted data is typically more current than that which is shipped via PTAM. As a result there is less data recreation or loss after a disaster occurs.

Tier 4: Point-in-time copies • Tier 4 solutions are used by businesses that require both greater data currency and faster recovery than users of lower tiers. Rather than relying largely on shipping tape, as is common in the lower tiers, Tier 4 solutions begin to incorporate more disk-based solutions. Several hours of data loss is still possible, but it is easier to make such point-in-time (PIT) copies with greater frequency than data that can be replicated through tape-based solutions.

Tier 5: Transaction integrity; Tier 5 solutions are used by businesses with a requirement for consistency of data between production and recovery data centers. There is little to no data loss in such solutions; however, the presence of this functionality is entirely dependent on the application in use.

Tier 6: Zero or little data loss; Tier 6 Disaster Recovery solutions maintain the highest levels of data currency. They are used by businesses with little or no tolerance for data loss and who need to restore data to applications rapidly. These solutions have no dependence on the applications to provide data consistency.

Tier 7: Highly automated, business-integrated solution; Tier 7 solutions include all the major components being used for a Tier 6 solution with the additional integration of automation. This allows a Tier 7 solution to ensure consistency of data above that of which is granted by Tier 6 solutions. Additionally, recovery of the applications is automated, allowing for restoration of systems and applications much faster and more reliably than would be possible through manual Disaster Recovery procedures.

Developing a Business Continuity Plan

• Business Impact Analysis: Here, the business will identify functions and related resources that are time-sensitive.
• Recovery: In this portion, the business must identify and implement steps to recover critical business functions.
• Organization: A continuity team must be created. This team will devise a plan to manage the disruption.
• Training: The continuity team must be trained and tested. Members of the team should also complete exercises that go over the plan and strategies.

Governance, risk management and compliance (GRC) is the term covering an organization’s approach across these three practices: governance, risk management, and compliance. The first scholarly research on GRC was published in 2007 where GRC was formally defined as “the integrated collection of capabilities that enable an organization to reliably achieve objectives, address uncertainty and act with integrity.” The research referred to common “keep the company on track” activities conducted in departments such as internal audit, compliance, risk, legal, finance, IT, HR as well as the lines of business, executive suite and the board itself.

GRC

Governance describes the overall management approach through which senior executives direct and control the entire organization, using a combination of management information and hierarchical management control structures. Governance activities ensure that critical management information reaching the executive team is sufficiently complete, accurate and timely to enable appropriate management decision making, and provide the control mechanisms to ensure that strategies, directions and instructions from management are carried out systematically and effectively.

Obligational awareness refers to the ability of the organisation to make itself aware of all of its mandatory and voluntary obligations, namely relevant laws, regulatory requirements, industry codes and organizational standards, as well as standards of good governance, generally accepted best practices, ethics and community expectations. These obligations may be financial, strategic or operational where operational includes such diverse areas as property safety, product safety, food safety, workplace health and safety, asset maintenance, etc.

Risk management is the set of processes through which management identifies, analyzes, and, where necessary, responds appropriately to risks that might adversely affect realization of the organization’s business objectives. The response to risks typically depends on their perceived gravity, and involves controlling, avoiding, accepting or transferring them to a third party, whereas organizations routinely manage a wide range of risks (e.g. technological risks, commercial/financial risks, information security risks etc.).

Compliance means conforming with stated requirements. At an organizational level, it is achieved through management processes which identify the applicable requirements (defined for example in laws, regulations, contracts, strategies and policies), assess the state of compliance, assess the risks and potential costs of non-compliance against the projected expenses to achieve compliance, and hence prioritize, fund and initiate any corrective actions deemed necessary. Compliance administration refers to the administrative exercise of keeping all the compliance documents up to date, maintaining the currency of the risk controls and producing the compliance reports.

Benefits of GRC

• More optimal IT investments
• Improved decision-making
• Elimination of silos
• Reduced fragmentation among divisions and departments

The Capability Model is made up of four components:

LEARN about the organization context, culture and key stakeholders to inform objectives, strategy and actions.

ALIGN strategy with objectives, and actions with strategy, by using effective decision-making that addresses values, opportunities, threats and requirements.

PERFORM actions that promote and reward things that are desirable, prevent and remediate things that are undesirable, and detect when something happens as soon as possible.

REVIEW the design and operating effectiveness of the strategy and actions, as well as the ongoing appropriateness of objectives to improve the organization.

These components outline an iterative continuous improvement process to achieve principled performance and are further decomposed into elements which are then supported by practices, actions and controls. The actions and controls are classified in three types, which organizations can select a mix dependent on their context:

• Proactive
• Detective
• Responsive

A best practice is a method or technique that has been generally accepted as superior to any alternatives because it produces results that are superior to those achieved by other means or because it has become a standard way of doing things, e.g., a standard way of complying with legal or ethical requirements.

Best practices are a set of guidelines, ethics, or ideas that represent the most efficient or prudent course of action in a given business situation.

Best practices may be established by authorities, such as regulators, self-regulatory organizations (SROs), or other governing bodies, or they may be internally decreed by a company’s management team.

Best practices are used to maintain quality as an alternative to mandatory legislated standards and can be based on self-assessment or benchmarking. Best practice is a feature of accredited management standards such as ISO 9000 and ISO 14001.

Some consulting firms specialize in the area of best practice and offer ready-made templates to standardize business process documentation. Sometimes a best practice is not applicable or is inappropriate for a particular organization’s needs. A key strategic talent required when applying best practice to organizations is the ability to balance the unique qualities of an organization with the practices that it has in common with others.

Good operating practice is a strategic management term. More specific uses of the term include good agricultural practices, good manufacturing practice, good laboratory practice, good clinical practice and good distribution practice.

Best practices serve as a general framework for a variety of situations. For instance, in businesses that produce physical products, best practices that highlight efficient ways to complete tasks might be given to employees. Best practices lists may also outline safety procedures in order to minimize employee injuries.

For corporate accountants, the generally accepted accounting principles (GAAP) represent best practices. GAAP is a common set of accounting standards which aim to improve the clarity, consistency, and comparability of the communication of financial information.

GAAP facilitates the cross-comparison of financial information across different companies within the same sector. This benefits investors and the companies they invest in by promoting transparency.

Investment managers may follow best practices when handling a client’s money by prudently investing in a well-diversified portfolio and adhering to a client’s risk tolerances, time horizons, and retirement goals.

Business process improvement (BPI) is an approach used to identify and evaluate inefficiencies within the organization. It redesigns existing business tasks, improving their effectiveness, enhances the workflows involved, and optimizes performance.

Operational: The most popular tasks repeating every day. Examples: opening accounts, reporting, manufacturing, logistics

Management: Focus on human resource development, budgeting, corporate governance

Supporting: All other tasks not classified into the previous categories, like recruiting, accounting, tech support, and others.

BPI can be attributed to a number of reasons including:

• Reduce the time required to get work done
• Eliminate waste & friction in processes
• Ensure better compliance with rules and regulations

BPI structured initiative and it works in the following way:

• Analyze processes and identify areas of potential improvement.
• Identify existing processes within your organization.
• Run various simulations about any changes you can apply to these processes and their effect on the business.
• Focus on redesigning and reorganizing processes.
• Assess and reassess the people behind those processes.

Capacity management refers to the act of ensuring a business maximizes its potential activities and production output at all times, under all conditions. The capacity of a business measures how much companies can achieve, produce, or sell within a given time period.

Capacity management’s goal is to ensure that information technology resources are sufficient to meet upcoming business requirements cost-effictively. One common interpretation of capacity management is described in the ITIL framework. ITIL version 3 views capacity management as comprising three sub-processes: business capacity management, service capacity management, and component capacity management.

Since capacity can change due to changing conditions or external influences including seasonal demand, industry changes, and unexpected macroeconomic events companies must remain nimble enough to constantly meet expectations in a cost-effective manner. For example, raw material resources may need to be adjusted, depending on demand and the business’s current on-hand inventory.

Implementing capacity management may entail working overtime, outsourcing business operations, purchasing additional equipment, and leasing or selling commercial property.

Companies that poorly execute capacity management may experience diminished revenues due to unfulfilled orders, customer attrition, and decreased market share. As such, a company that rolls out an innovative new product with an aggressive marketing campaign must commensurately plan for a sudden spike in demand. The inability to replenish a retail partner’s inventory in a timely manner is bad for business.

Businesses thus face inherent challenges in their attempts to produce at capacity while minimizing production costs. For instance, a company may lack the requisite time and personnel needed to conduct adequate quality control inspections on its products or services. Furthermore, machinery might break down due to overuse and employees may suffer stress, fatigue, and diminished morale if pushed too hard.

Capacity management also means calculating the proportion of spacial capacity that is actually being used over a certain time period. Consider a company operating at a maximum capacity that houses 500 employees across three floors of an office building. If that company downsizes by reducing the number of employees to 300, it will then be operating at 60% capacity (300 / 500 = 60%). But given that 40% of its office space is left unused, the firm is spending more on per-unit cost than before.

Consequently, the company might decide to allocate its labor resources to only two floors and cease leasing the unused floor in a proactive effort to reduce expenditures on rent, insurance, and utility costs associated with the empty space.

Capacity management is concerned with:

• Monitoring the performance and throughput or load on a server, server farm, or property.
• Performance analysis of measurement data, including analysis of the impact of new releases on capacity.
• Performance tuning of activities to ensure the most efficient use of existing infrastructure
• Understanding the demands on the service and future plans for workload growth (or shrinkage).
• Influences on demand for computing resources.
• Capacity planning of storage, computer hardware, software and connection infrastructure resources required over some future period of time.

Factors affecting network performance

Not all networks are the same. As data is broken into component parts (often known frames, packets, or segments) for transmission, several factors can affect their delivery.

• Delay: It can take a long time for a packet to be delivered across intervening networks. In reliable protocols where a receiver acknowledges delivery of each chunk of data, it is possible to measure this as round-trip time.
• Packet loss: In some cases, intermediate devices in a network will lose packets. This may be due to errors, to overloading of the intermediate network, or to the intentional discarding of traffic in order to enforce a particular service level.
• Retransmission: When packets are lost in a reliable network, they are retransmitted. This incurs two delays: First, the delay from re-sending the data; and second, the delay resulting from waiting until the data is received in the correct order before forwarding it up the protocol stack.
• Throughput: The amount of traffic a network can carry is measured as throughput, usually in terms such as kilobits per second. Throughput is analogous to the number of lanes on a highway, whereas latency is analogous to its speed limit.

Capacity Limitations

It is important to understand your capacity limitations so that you can identify areas of improvement and develop a capacity plan that is just right for your organization.

Many factors contribute and detract from the available capacity. These include the quality and quantity of labor, machine availability, waste levels, government regulations, required machine maintenance, and other external factors.

Physical distancing requirements reduced the total available capacity for many manufacturers, leading to a decreased output. Some of these companies chose to add overtime capacity, while others chose to outsource some of their operations or even added automation to increase the output of their production lines.

The prevailing theme for businesses that thrived during the pandemic had one thing in common agility. These companies were able to quickly identify the effects of losing capacity in order to make the right choices to meet their business goals quickly and efficiently.

Capacity Analysis

The first step to take when you are constantly operating under constrained capacity is to identify the bottleneck.

A capacity bottleneck is a process or operation that has limited capacity and reduces the capacity of the entire production plant.

Bottlenecks cause delays in production, too much work-in-process items, and can be costly to the company. Identifying capacity bottlenecks can help identify the real cause of the problem and develop a plan to resolve it.

There are many ways to increase resource capacity within your facility:

• Purchase another machine (best for inexpensive resources, if possible).
• Perform regular maintenance on machines to increase their efficiency.
• Hire another employee.
• Re-allocate existing capacity to increase the capacity of the bottleneck operation.
• Invest in employee training.
• Optimize your production schedule to reduce sequence-dependent setups.

The theory of constraints (TOC) is a management paradigm that views any manageable system as being limited in achieving more of its goals by a very small number of constraints. There is always at least one constraint, and TOC uses a focusing process to identify the constraint and restructure the rest of the organization around it. TOC adopts the common idiom “a chain is no stronger than its weakest link”. That means that organizations and processes are vulnerable because the weakest person or part can always damage or break them, or at least adversely affect the outcome.

The Theory of Constraints provides a powerful set of tools for helping to achieve that goal, including:

• The Five Focusing Steps: A methodology for identifying and eliminating constraints
• The Thinking Processes: Tools for analyzing and resolving problems
• Throughput Accounting: A method for measuring performance and guiding management decisions

The five focusing steps

Theory of constraints is based on the premise that the rate of goal achievement by a goal-oriented system (i.e., the system’s throughput) is limited by at least one constraint.

The argument by reductio ad absurdum is as follows: If there was nothing preventing a system from achieving higher throughput (i.e., more goal units in a unit of time), its throughput would be infinite which is impossible in a real-life system.

Only by increasing flow through the constraint can overall throughput be increased.

Assuming the goal of a system has been articulated and its measurements defined, the steps are:

• Identify the system’s constraints.
• Decide how to exploit the system’s constraints.
• Subordinate everything else to the above decisions.
• Alleviate the system’s constraints.
• Warning! If in the previous steps a constraint has been broken, go back to step 1, but do not allow inertia to cause a system’s constraint.

Constraints

A constraint is anything that prevents the system from achieving its goal. There are many ways that constraints can show up, but a core principle within TOC is that there are not tens or hundreds of constraints. There is at least one, but at most only a few in any given system. Constraints can be internal or external to the system. An internal constraint is in evidence when the market demands more from the system than it can deliver. If this is the case, then the focus of the organization should be on discovering that constraint and following the five focusing steps to open it up (and potentially remove it). An external constraint exists when the system can produce more than the market will bear. If this is the case, then the organization should focus on mechanisms to create more demand for its products or services.

Types of (internal) constraints

• People: Lack of skilled people limits the system. Mental models held by people can cause behaviour that becomes a constraint.
• Equipment: The way equipment is currently used limits the ability of the system to produce more salable goods/services.
• Policy: A written or unwritten policy prevents the system from making more.

Plant types

There are four primary types of plants in the TOC lexicon. Draw the flow of material from the bottom of a page to the top, and you get the four types. They specify the general flow of materials through a system, and also provide some hints about where to look for typical problems. This type of analysis is known as VATI analysis as it uses the bottom-up shapes of the letters V, A, T, and I to describe the types of plants. The four types can be combined in many ways in larger facilities, e.g. “an A plant feeding a V plant”.

• V-plant: The general flow of material is one-to-many, such as a plant that takes one raw material and can make many final products. Classic examples are meat rendering plants or a steel manufacturer. The primary problem in V-plants is “robbing,” where one operation (A) immediately after a diverging point “steals” materials meant for the other operation (B). Once the material has been processed by A, it cannot come back and be run through B without significant rework.
• A-plant: The general flow of material is many-to-one, such as in a plant where many sub-assemblies converge for a final assembly. The primary problem in A-plants is in synchronizing the converging lines so that each supplies the final assembly point at the right time.
• T-plant: The general flow is that of an I-plant (or has multiple lines), which then splits into many assemblies (many-to-many). Most manufactured parts are used in multiple assemblies and nearly all assemblies use multiple parts. Customized devices, such as computers, are good examples. T-plants suffer from both synchronization problems of A-plants (parts aren’t all available for an assembly) and the robbing problems of V-plants (one assembly steals parts that could have been used in another).
• I-plant: Material flows in a sequence, such as in an assembly line. The primary work is done in a straight sequence of events (one-to-one). The constraint is the slowest operation.

Applications

The focusing steps, this process of ongoing improvement, have been applied to manufacturing, project management, supply chain/distribution generated specific solutions. Other tools (mainly the “thinking process“) also led to TOC applications in the fields of marketing and sales, and finance.

A successful Theory of Constraints implementation will have the following benefits:

• Fast Improvement: a result of focusing all attention on one critical area; the system constraint.
• Increased Profit: the primary goal of TOC for most companies.
• Improved Capacity: optimizing the constraint enables more product to be manufactured.
• Reduced Inventory: eliminating bottlenecks means there will be less work-in-process.
• Reduced Lead Times: optimizing the constraint results in smoother and faster product flow.

The term “value-added” describes the economic enhancement a company gives its products or services before offering them to customers. Value-added helps explain why companies are able to sell their goods or services for more than they cost to produce. Adding value to products and services is very important as it provides consumers with an incentive to make purchases, thus increasing a company’s revenue and bottom line.

Value-added could thus apply to instances when a firm takes a product that may be considered homogeneous with few differences from that of a competitor, if any and provides potential customers with a feature or add-on that gives it a greater perception of value. Adding a brand name to a generic product can be just as valuable as producing something new or in a way that no one has thought of before.

Value addition and Supply Chain

• Supply Chain basically starts from raw material suppliers, OEM, Distributor, Retailer and ends at Customer (or the other way around)
• Value can be roughly formulated as (Quality/Cost)

Value Addition in Supply Chain Management is about processes and activities that enables products (goods or services) to be more desirable by the customer  it has nothing to do with price or cost of production.

When you undergo a through analysis of supply chain systems (processes and activities) and you identify those that are not directly linked to ensure customer satisfaction and you remove such from the system, you are doing Value Addition.

Value-added is the difference between the price of a product or service and the cost of producing it. The price is determined by what customers are willing to pay based on their perceived value. Value is added or created in different ways.

These may include, for instance, extra or special features added by a company or producer to increase the value of a product or service. The addition of value can thus increase either the product’s price that consumers are willing to pay. For example, offering a year of free tech support on a new computer would be a value-added feature. Individuals can also add value to services they perform, such as bringing advanced skills into the workforce.

Consumers now have access to a whole range of products and services when they want them. As a result, companies constantly struggle to find competitive advantages over each other. Discovering what customers truly value is crucial for what the company produces, packages, markets, and how it delivers its products.

Bose Corporation, as an example, has successfully shifted its focus from producing speakers to delivering a “sound experience,” or when a BMW car rolls off the assembly line, it sells for a much higher premium over the cost of production because of its reputation for stellar performance, German engineering, and quality parts. Here, the additional advantage has been created through each brand’s symbolic value and years of refinement.

The purpose of supply chains is to add value to production and distribution. Depending upon the markets and the value chains they are servicing, supply chains can be differentiated according to criteria such as costs, time reliability, and risk. Efficient logistics contributes to added-value in four major interrelated ways:

Location. Logistics adds value by taking better advantage of various locations, implying access to expanded markets (more customers), and lower distribution costs.

Production costs. Derived from the improved efficiency of manufacturing with appropriate shipment size, packaging, and inventory levels. Thus, logistics contributes to the reduction of production costs by streamlining the supply chain.

Control. Added value derived from controlling most, if not all, the stages along the supply chain, from production to distribution. By better synchronizing cycles and lead times, logistics enables better marketing and demand response, thus anticipating flows and allocating distribution resources accordingly.

Time. Added value derived from having goods and services available when required along the supply chain (e.g. lower lead times) with better inventory and transportation management.

A variety of factors are jointly shaping the configuration of supply chains:

Transit time. A factor that is increasingly being considered since it strongly influences inventory carrying costs and inventory cycle time in supply chain management. So, for cargo with a higher value (clothing) or is perishable (refers), the routing option that is the fastest and/or shortest will be preferred.

Logistics costs. Considers the full array of costs to make products available to the final consumer, namely transport, warehousing, and transshipment. Supply chain managers are particularly sensitive to the stability of the cost structure (consistent costs), implying that routes having cost fluctuations may be discarded in favor of routes of a higher cost but with less volatility. Therefore, costs are a standard criterion where the cheapest routing option is sought, as long as the cost structure remains stable as supply chains are unlikely to be modified if a cost advantage is only temporary. The concept of cost is relative since its importance is concerning the value of the cargo being carried. Cost considerations tend to concern more containerized goods with a low value, such as commodities (e.g. paper), than high-value goods (e.g. electronics).

Supply chain risk. Relates to a generally imponderable factor and involving the level of confidence that the shipment will reach its final destination within expected costs, time, and reliability considerations. In some cases, risk can also involve potential cargo damage or theft. Low risks routes are obviously preferred over higher-risk routes.

Reliability. Relates to a factor that is mitigated by contemporary supply chain management practices. For several supply chains, time can be a secondary factor as long as shipments arrive at the distribution center within an expected time frame. If shipments are regular and that this reliability remains consistent, it is possible to organize supply chains accordingly by having more inventory in transit.