A Business Technology Place

Root cause analysis for team building

Early in my career we used a process that loosely resembled a root cause analysis after a severity 1 production outage. The intent of the process was to determine why the severity outage occurred and then fix the problem so it didn’t happen again. No one liked process and the documents we produced were rarely used to influence process improvement. It was a checkbox and an exercise to fill-in-the-blanks to say we completed it. I always thought the name post-mortem was bit odd as well and we were certainly dead to the process. Looking back, I see post-mortem efforts can be valuable if championed and executed correctly. But there is a better way.

Twenty years later, we are learning to implement root cause analysis (RCA) into our recurring operational procedures. Like a post-mortem exercise, a RCA is typically done after an event has occurred with the intended benefit to prevent problems from recurring. If done correctly, this can reduce waste and downtime.

But a RCA is distinct with its own set of advantages. Our team is using lean A3 problem solving techniques as the backbone for RCAs.  It is apparent to me the RCA process, if supported and executed routinely, can shape a culture of continuous improvement. Here are a few practical ways:

  • The outputs can be used as a proactive measure to predict and prevent future failures. Problem solving focuses on examining why events occur coupled with action items and sustainment activities. This is a great way to identify potential future problems.

In one recent 5-why exercise about a database failure we identified a few weaknesses in a process in addition to the root-cause of a failure. Our corrective action plan addressed multiple weaknesses and has undoubtedly prevented some of the weaknesses from becoming service outages.

  • A systematic approach to RCA involves setting a recurring cadence for problem solving. RCAs require a wide range of knowledge to identify problems, compile documentation, and create sustainment activities. Individuals will struggle, but teams can thrive solving problems like this.

We post our RCAs on our department flow-and-performance board to make them visible, promote discussion, and to keep the process top of mind. Our standard is to perform one RCA per month. This reinforces that RCAs are part of the culture of the team.

  • Done correctly, RCA focuses on resolving process deficiencies instead of blaming people. It’s not always easy but we remind ourselves to focus on behaviors and results over individuals.

Onward and Upward!

Photo Credit: ResoluteSupportMedia via creative commons – https://flic.kr/p/88Kdgw

Forced change vs Needed change

A few weeks ago I read a passage from John Maxwell in his book The Maxwell Daily Reader about scurvy. The passage summarizes difficulties in implementing the cure for the prevention of the disease during the time of European exploration of the Americas. Multiple sources knew about the effect of fresh fruit and vegetables, but due to poor communication, stubbornness, and pride of the medical establishment, the change needed to prevent the disease was delayed.

I polled a couple of my colleagues to ask them what they thought is a modern day business scurvy. One of them replied, “This is a good question. Sometimes, forced change can hide needed change, and the two become hard to distinguish for relevancy and value with so much activity happening at once.”

His answer summarizes both the challenge faced by European sailors as well as leaders in our business environment today. I thought about this for a few minutes and then wrote a quick list to try to distinguish between ‘forced change’ and ‘needed change’. I did this quickly so as to record my “gut feel” and then observed the list as a means of reflection and learning.

Forced change

  • Reporting structure reorganization
  • Technology platform adoption
  • Technology platform migration
  • Compliance
  • Outsourcing

Needed change

  • Removing waste from processes
  • Adding value to a customer relationship
  • Cross-department collaboration improvements

When I read the list a few patterns occurred to me:

  1. The items in the ‘forced change’ list concern people, tools, and rules. The items in the ‘needed change’ list are about process, value, and communication.
  2. The items in ‘needed change’ are more impactful and longer lasting to the business.  The items in ‘forced change’ can be tactical tools to help drive needed change if executed for the right reason. For example, some technology adoption is aimed to reduce the process steps in product delivery (remove waste) to the customer. Likewise, some compliance changes will help an organization tighten their processes to be more secure in how they handle data (add value to customer relationship).
  3. The challenge with the items in the ‘forced change’ list is we often implement before there is a common understanding with all the employees about why those changes are enacted. Implementation of forced change truly feels forced. When that happens, the change will either fail outright or fail to achieve the desired results.

So what is our modern day business scurvy? I would answer; it is the failure to align the reasons for needed change in an organization with the tactical implementation of change. With that thought, I see signs of scurvy in my own management and leadership approach. Ouch. It’s time to find some citrus for my business diet.

Onward and upward!

Photo credit: Pablo Vidosola via Creative Commons – https://flic.kr/p/pGWebT

 

The data we see

What we see

When I was an intern in college I worked as a desktop service technician for computer support. I remember an internal financial auditor on the fourth floor of my building that I would occasionally help. Reese was much older than me, but took time to talk to me about life as I fixed his computer. I wish I would have appreciated it more at the time, but I was young and learning my way in a corporate environment.  I thought about him recently because the world of auditing and compliance is changing rapidly in the areas of security and availability of data. While Reese was making sure our company followed GAAP for our financial books I wonder what he would think about compliance controls for information security.

Our news feeds are filled with incidents, thefts, and breaches of company assets involving personal and protected information. A whole new generation of auditors is here to check compliance with controls for how we protect data like credit card numbers, health records, and education records. Identity thieves and hackers have created a gold-rush in recent years to steal data bits that when assembled correctly tell them about you and me. Digital gold.

What we do with it

Today, I have to answer the auditor’s questions about controls in the audit. Unlike my time with Reese, I’m no longer part of the auditor’s day to fill time with a nice break and chit-chat. When I am answering an audit, I often try to really understand the basis of a control or as I as the “spirit” of what the control is trying to achieve (auditors don’t always like this, they’re often a bit stiff).

But here’s my take. The essential question behind the myriad of compliance controls is “what do we do with and how do we protect the data we see in our jobs?”  The intention of the controls is to modify our behaviors to take greater care of the data we see. To do this we have to modify our behavior to treat the data we see like our personal accounts. That means we have to consider who has access to the data. We have to consider the classification of the data we see (confidential, private, restricted, public, etc.) and take action to protect the data in storage and transit.

Thieves rely on our inconveniences to be successful. Restricting access to data in storage and transit is rarely convenient. It requires we think, classify, and take action. It could mean we need to password protect a file, use a secure site for sending a file to a customer, or check to make sure the network folder is only accessible to people in our immediate workgroup. But it doesn’t stop there; sometimes we need to challenge people asking for information.  Tailgating and phishing are made possible because it is uncomfortable for us to challenge people.

Behaviors worth changing

One thing is certain. We are stewards of the data we see each day. Our customers expect us to treat the data with confidentiality and care as if it were own personal data. Forming good habits in data security is worth a little bit of hassle. So here are some practical steps I can offer to help us be better stewards of the data we see each day at work:

  • Take the annual Information and Security Awareness training seriously. Much of the information will repeat each year, but it serves as reinforcement for good habits and the tactics used by thieves.
  • Be cognizant of the data we handle. Classify the data and treat it accordingly. This may mean marking the data classification on documents, storing data in secure places, or using encrypted controls for transferring data to others.
  • Challenge others who ask for access to data. Make sure they truly need access to the data to complete their assigned job function. Make sure they understand the classification of the data.

It’s rarely convenient. But it’s worth the effort.

Onward and upward!

Photo credit: Robert Couse-Baker via creative commons

More or Less?

Truth.

There will always be more work to do than is possible to accomplish by my team.

Think more. Whine less.

Earlier this year I penned some thoughts about thinking through resource contention, Do more with what you have!, because I was looking for better ways to address resource contention than to simply say more people are needed. Getting stuff done is as much a mindset as it is a collection of work output. I’ve learned that when I am overwhelmed with size of the backlog of tasks then the frequency of my output decreases.

In the book, ReWork,  Fried and Hansson address the value of staying lean with less,

“I don’t have enough time/money/people/experience.” Stop whining. Less is a good thing. Constraints are advantages in disguise. Limited resources force you to make do with what you’ve got. There’s no room for waste. And that forces you to be creative. “

Do I believe that? The words do inspire me to look at my backlog through a different set of lenses. One thing I know is this. If I’m able to produce consistent output that adds value to the customer and mission of my team then conversations about the priority of the backlog are easier.

In the book Blue Ocean Strategy, Kim and Mauborgne say it this way,

“instead of getting more resources, tipping point leaders concentrate on multiplying the value of the resources they have.”

The Theory of Constraints management paradigm teaches us to first find the constraint within a process and then to exploit the constraint by shifting resources, managing work queues, and possibly adding capacity. With this lense, value is unlocked by first examining the underlying process instead of trying to add more people.

More or less?

As I sit writing this, I’m led to these conclusions:

More is contentment with less because having less allows me to get more done.

Less is obsession about more, because having more often leads to getting less done.

Onward and upward!

JIT Action Items for the Office Worker

Just in time.

Picture this. You are reviewing a list of tasks that was assigned to colleagues in your business. You remind one of the task owners their action item is due tomorrow and they respond, “I have it on my list, but I’m operating just-in-time.”

This happened to me recently. The word choice “just in time” (JIT) is from a Lean concept in which production output is managed by when the customer requests delivery rather than when the producer can complete the task. Most office workers today don’t match-up their behavior with Lean Principles. But even if you aren’t a Lean practitioner, there is tangible value to considering the JIT approach.   One of the primary goals of JIT is to eliminate waste by not working or storing excess inventory. For this blog post, I’m writing about assignments, tasks, and action items for office personnel. Think of excess inventory as assignments that are completed but never used or maybe action items that are started but never finished. That is considered waste and our time is too valuable to spend it producing work that doesn’t add value for the customer.

Three ways to structure a task list for JIT delivery in the office:

1. Purge non-value added activities.

 

 

So often we spend our time prioritizing tasks to stack rank them for the order they should be worked. With ‘Lean’ thinking the first question should be “do the results of this activity add value for the customer or is it a necessary non-value added activity?” (i.e. compliance task). My experience with tasks prioritized low is over time they eventually fall off the list because they are no longer needed. This most often means it was never a value added activity and just clutter on the backlog (unnecessary inventory). It’s a good idea to review the backlog of tasks on some recurring interval to purge non-value added activities.

2. Group items into buckets already covered by standard work activities.

 

 

Some action items may fit into already established recurring work activities where standards and time allotments exist. If that is the case, then it’s not necessary to create additional time for one-off production of work output. An example of this recently happened to me. A compliance control required the review of at-risk vendors and documentation of the results. I already had time assigned on my calendar for a quarterly review of security and risk related items as part of a security committee agenda. Rather than add a new task for myself, this compliance control was added a responsibility of the Security and Risk Committee. The concept for this idea is to examine recurring activities already part of standard routines. Some assigned tasks may naturally fall into those routines and intervals.

3. Use a calendar of due dates to help with priority sequencing.

 

 

Putting due dates for action items on a calendar provides several nice features for structuring work. It enables the ability to preview the calendar for upcoming work (Daily or Weekly) which triggers work execution. The concept of JIT relies on keeping inventory of unused work at a minimum. With this thought in mind, try to avoid having active progress on work that isn’t due because it may take away time from working on tasks that are due.  The challenge with this method is estimating how long a task will take to complete and being able to work through unplanned interruptions.


So being a JIT employee isn’t quite like being a Jedi employee. But then again, if you can consistently deliver action items in the expected time frame, it won’t take long to reach Jedi status in your office.

Onward and upward!

Photo Credit: Philip West via Creative Commons.