Malahayati Management: January 2011

Tuesday, January 25, 2011

Helping Supervisors become Performance Managers

How does your organization prepare supervisors to manage employee performance?

What tools does your organization provide to make performance management part of a supervisor's daily routine?

How much emphasis does your organization place on performance management?

If you were able to quickly and easily answer these questions, it's likely that you have made a priority of helping supervisors understand and embrace the importance of being performance managers. If you had to think twice about your answers or if your answers were immediately on the negative side, it's likely that the day-to-day management of employee performance has not been made a priority in your organization.

Performance management, the process of providing direction, feedback, and recognition to employees, contributes to workplace culture. It defines what is important to employees and communicates day-to-day expectations. However, many organizations, public and private sector alike, have become distracted by the crisis of the day and overlook this important managerial function.

When the management of employee performance is not a priority, employers are likely to see reduced levels of employee engagement and commitment. A recent study by Watson Wyatt, 2005/2006 Communications ROI Study, found that clear communication leads to greater levels of engagement and higher levels of retention. The study found that most organizations expect supervisors to take on a greater share of the communication responsibilities, but few organizations are providing the tools that supervisors need to communicate more effectively with employees. This study, and probably your own experience, leads us to the conclusion that supervisors need help in managing the performance of their employees. Supervisory training and development programs play a critical role in helping supervisors become performance managers. The purpose of this article is to provide five tools that will lead supervisors to become better managers of employee performance.

Tool #1: Help supervisors see the cyclical, constant nature of performance management, using the performance management cycle.

In many organizations, performance management is thought about once a year--at performance evaluation time. We know it shouldn't be a once a year activity although many Human Resources departments foster that approach. The performance management cycle, illustrated below, is a sound model to communicate the cyclical, on-going nature of managing employee performance.

If messages about employee performance management are issued only once a year, the result will likely be surprised, angry employees and/or unmet expectations. If the Human Resources department "talks up" performance management on a regular basis by reminding supervisors to address performance concerns immediately, maintain complete and frequent documentation, and have regular, informal conversations with employees about performance, these important activities will remain a point of focus for everyone. If the topic is brought up just once a year, employees will only focus on it once a year.

The performance management cycle can also be used as an outline around which to structure performance management training sessions. Each of the stages in the cycle calls for at least one learning objective and warrants discussion and practice.

Likewise, the cycle provides a roadmap for organizations looking to reinforce effective performance management behaviors throughout the year. One approach is to send monthly or quarterly emails or newsletters to supervisors to remind them of individual steps in the cycle. For example, one month a performance management note may be sent that gives a few tips related to effective documentation techniques. The next month the performance management note might share the importance of having regular and frequent conversations with employees about performance.

The performance management cycle provides a sound structure around which to organize communications about performance management.

Tool #2: Help supervisors clarify their performance expectations.

When asked, "What do you expect of employees?" many supervisors return a blank stare. Though employees are asking this question daily in a million different ways, supervisors often struggle with articulating the answer. Performance management training should help supervisors identify and describe performance expectations so that the expectations can be clearly understood by employees. Here is an exercise you can use to help supervisors articulate their expectations.

First, ask supervisors to write down the behaviors of an ideal employee. These can be general behaviors or specific job tasks. Using the "ideal" as a template, ask supervisors to write a list of their "must have" behaviors on the job. Even though the job description defines the essential functions of the job, each supervisor has his/her own expectations and visions for performance. These expectations often separate the good from the great performers. For example, a common behavior that a supervisor might expect is timeliness. One supervisor said he expected that everyone on the team would be on time and prepared for meetings. When a new employee joined the work unit, the supervisor gave the employee a copy of his written expectations, which included the need to be on time and prepared for meetings. Rarely did this supervisor have a problem with late-starting meetings or unprepared employees.

These kinds of expectations may seem obvious, but when stated clearly by the supervisor, in writing, they become easier to address and reward. Performance management training should provide supervisors with practical tools for articulating expectations clearly.

Tool #3: Help supervisors create documentation easily.

Written expectations, as described under Tool #2, can help supervisors articulate their goals and visions for employees. Likewise, written expectations can serve as the first form of documentation the supervisor creates in the performance management process. Helping supervisors continue the documentation process is the next step.

Most Human Resources professionals have faced a supervisor who wants to address a performance problem with an employee in the performance evaluation or with discipline, and the supervisor lacks adequate documentation to support the concerns. When developing supervisors to become performance managers, the training curriculum should include guidance on how to prepare fair and legal documentation in a practical way that will get implemented when the supervisor returns to the workplace. Here are two recommended training tools that can make the documentation process easier for supervisors:

A. Demonstrate the use of a consistent format for maintaining documentation. Often referred to as a performance log, a standardized form helps supervisors know where to put their notes about performance and can provide a format for writing specific and clear comments. The log can be maintained on paper or in an electronic format. Most online performance management systems include an electronic performance log system. When training supervisors in the basics of performance management, it is important to encourage supervisors to use a log of some form to ensure consistency with documentation.

B. Provide real life examples of what effective documentation looks like. One effective approach is to compile a mock "supervisor's file" that contains 10-15 examples of effective and ineffective documentation. In a training workshop, supervisors can review each piece of documentation in the mock file and critique each item on its effectiveness. The conversation that follows the exercise provides ample opportunity to reinforce the importance of keeping fair and legal performance notes. It also illustrates what should be kept in a supervisor's working file and what should be left out.

Tool#4: Help supervisors have frequent and specific performance conversations.

Typically performance evaluation and performance management training focuses on the mechanics of the performance evaluation system. Supervisors are taught how to fill out the forms, meet the organization's deadlines, and interpret the rating scales. And, while these are worthy topics for a training session, the greatest need of most supervisors is not in the mechanics of the system, but rather in the delivery of feedback to employees. A primary objective of performance management training should be to teach supervisors to have effective conversations about performance.

Performance conversations between supervisors and employees represent the quality of the entire process and yet, in many organizations, performance conversations happen without much thought or preparation and are often tacked on after the evaluation forms have been deliberated over for days.

Performance management training should present a conversation model that supervisors can follow when conducting performance feedback meetings and/or when delivering the end-of-cycle performance evaluation. In addition to providing a model in the training setting, it is critical that supervisors have an opportunity to observe the model via a live demonstration by the facilitator. Following the demonstration, each supervisor in the workshop should be expected to practice using the model in a role play format. This basic behavior modeling approach has been proven to be the most effective method for teaching supervisors to have effective performance conversations.

To help supervisors take the conversation practice to the next level, they should be encouraged to develop their own case study, based on personal experiences. Then, using that scenario, the supervisors should role play and receive feedback on the real life situation in dyads or triads. The application of a conversation model to personal situations leads to the most effective outcomes by reinforcing the learning concepts while allowing the supervisors to build confidence around issues that are personally important.

Tool #5: Help supervisors foster performance-enhancing dialogue with employees.

Performance management training typically focuses solely on the skills and behaviors of supervisors. However, much progress can be made in developing a performance management-focused culture by reaching out to employees. Supervisors must involve employees in the performance management process in order to foster increased levels of communication and trust. It makes sense that training on performance management also includes an element that teaches supervisors to ask the right questions which involve employees in the process.

Many organizations also offer training for employees to help them better understand how they can participate in the performance management process. Employee training might include information on how to appropriately maintain personal performance documentation, reinforce the need for clear expectations between employees and supervisors, and help employees ask the right questions to clarify supervisory expectations.

When we only train supervisors to manage performance, we leave out a critical element of the process. By not involving employees in the training, performance management and performance evaluations become something that is done TO employees, rather than WITH them.

Of course, effective management of employee performance doesn't happen by accident. It must be modeled by top management and actively supported by the Human Resources function. It must be clearly defined, constantly communicated, and consistently rewarded. Supervisors become strong performance managers when the organization places an emphasis on it via employee development efforts. The result can be higher levels of engagement and enhanced job satisfaction.

Confessions of a Reformed Manager: Seven Principles for Becoming a Good Manager

Another one walked out the door. With him, $25,000 in recruitment fees, $3,000 in relocation expenses and a $31,000 learning curve went down the drain. Clients became uneasy, employee morale suffered and my firm's ability to recruit top talent was negatively impacted.

My management style was costing my firm money and it was exacting an emotional toll on me. Taking each departure personally, I was beginning to feel like a failure.

Like so many young managers, I had been bumped up into management because I was a good producer. No one had considered that production and management require two different skill sets, and that those skill sets are often at odds with one another.

I wanted to be a good manager. I took management courses, read a plethora of self-help books and hired a management coach, but I still hadn't hit on the right formula for management.

Totally ill equipped for my new role, I continued to make mistake after mistake.

It wasn't until I looked at myself that I got it.

First, I had tried to control my employees. Then, I had tried to motivate them, but only when I sought to inspire them did I become a good manager. It was a principle so simple that I had missed it.

Good management is not built upon behavior modification, manipulation or
motivation; it is grounded in intention. Instead of searching for the right combination of words and actions to produce desired behaviors, I began to put my employees' needs first and truly care about them as people. Together we worked toward the company's goals while meeting our individual needs.

Good management is not linear. Like the imagination, it is fluid, flexible and creative. While I found no set rules to becoming a good manager, I did discover seven principles that helped me grow into management.

Good managers know themselves. Good managers know their strengths and weaknesses, and they understand their management styles.

A clue to identifying our management styles can be found by examining our relationships with our parents. Once I looked at my relationship with my father, I discovered why my employees were unhappy. I had adopted his impersonal, authoritarian style.

Good managers share themselves, as well as their knowledge. When I train executives in presentation skills, I encourage them to be themselves. The best presenters are those who share their souls with their audiences, and good managers are no different.

Sharing our souls does not mean becoming close intimate friends with those we manage. It does mean, however, allowing employees access to our lives. Employees want to know their managers as people, too.

Share yourself, but don't share your moods. Employees crave consistency and calm from managers, especially in crises.

At no time do managers show their true colors more than in crisis. I ran red. Adrenaline surged through my blood when faced with crisis. While I was super-productive, I put the office in a hyper-frenzy. By staying grounded, I could get as much done without electrifying the office.

Good management is servant leadership. At its simplest, servant leadership recognizes great leaders are humble servants. Servant leaders manage from the soul and not the ego.

My job was not to do the job, but to get the job done right and that meant ensuring my people had the tools, training, encouragement and trust they needed. By serving them, I met my goals.

Good managers manage the whole person. I used to look on my employees as machines, seeing them only as a means to get the job done instead of the people they were. When I began to look at the whole person, I began to become a good manager.

Being a good manager doesn't mean liking every employee. While I have not liked every person I have managed, I have cared about each one.

As managers, it is important to recognize we cannot separate our employees' work lives from their personal ones anymore than we can separate our own.

I also learned how to utilize employees' strengths and support their weaknesses. No employee has it all. Our job as managers is to create personalized environments for employees in which they can thrive.

Years ago, I hired a senior consultant who was one of the most creative people I knew and had a Rolodex as large as a car tire. Still, she could not manage traditional public relations accounts.

After trial and error, she became "a marketing matchmaker" setting up strategic meetings between companies sharing similar marketing objectives. Her division quickly became one of the agency's most profitable, and she remained a loyal employee.

Good managers thrive on feedback. Key to becoming a good manager is 360-degree feedback. Good managers put ego aside, ask for constructive feedback and act upon it. One of the worse things a manager can do is ask for feedback and not act upon it.

At my old firm, employees filled out "How Am I Doing?" surveys on their managers. To encourage candid feedback, responses were confidential and compiled by an outside source.

From the feedback, managers were encouraged to select no more than three areas for improvement, develop a plan, and share that plan with their employees.

Good managers constantly check in with their intentions. Good managers focus on intentions over outcomes.

One employee had been with the firm for close to seven years. We changed her job description several times to present new challenges and capitalize on her strengths. But as the agency matured, it became apparent we no longer had a place for her.

Over lunch, I learned she was unhappy, and although she wanted to move on, she was afraid. That afternoon, we mapped out a plan that made sense for her and for the agency, set a completion goal of three months, and agreed to meet periodically.

Today, she is the director of marketing for a large professional service firm. She is happy and challenged and looks back on her agency days fondly.

When good managers make mistakes, they correct them fast. Even with the right intentions, we all make hiring mistakes. When we do, we need to correct them fast. Again, if our intention is pure, we can make this transition humanely and with a minimum of disruption to the operation.

The Mini-Project Manager Concept

"Manage from the bottom up; not just from the top down; this creates personal commitment and accountability."

- Bryce's Law

INTRODUCTION

A couple of months ago we started a free service to analyze a person's style of management. Through our "Bryce Management Analysis," a manager answers a series of questions (30 in all) and, based on his responses, we produce a report which assesses his style of management as well as other attributes.

The data collected from these surveys has confirmed a lot of my suspicions; that companies are regressing back to a Theory X form of management. Over the last twenty years we have witnessed a dramatic swing from a Theory Y or Z form of management, back to Theory X. Whereas workers used to be empowered to make decisions and tackle assignments (a la Theory Y or Z), managers today tend to micromanage every action or decision in their department. Workers are told what to do, how to do it, and when it has to be done, with little regard for their input. We see this not only in the corporate world, but in nonprofit organizations as well. The result is that organizations today are run by control freaks who would be more content working with robots as opposed to human beings. This mentality has resulted in an apathetic workforce that doesn't trust management. It also breeds contempt and disloyalty for management, as well as making for some excellent fodder for such things as Dilbert and NBC's hit comedy, "The Office."

Although there are instances where a Theory X form of management can work effectively, it nonetheless represents a top-down unidirectional "master-slave" relationship. Theory X can work well in certain crisis situations, such as "crunch-time" projects, but it is hardly conducive for a normal mode of operation in today's society. Let me be clear on this, under a Theory X form of management, project planning, estimating, scheduling, reporting and control is performed top-down. Instead, a bi-directional approach is recommended which is a critical aspect of the Mini-Project Manager concept.

THE CONCEPT

The Mini-Project Manager (MPM) concept is based on our experiences in several I.T. shops over a number of years and was first described in the Project Management activities of our "PRIDE" methodologies dating back to 1971. Unlike Theory X, the MPM concept seeks to empower workers and make them more responsible for their actions. It promotes more management and less supervision. Actually, under the MPM concept, the individual is expected to act professionally and supervise themselves.

There are still some top-down activities to be performed by management, such as project planning where projects are defined and prioritized. Further, managers select and allocate human resources to participate in project assignments. It also includes establishing project Work Breakdown Structures (WBS; e.g., phases, activities, tasks) and precedent relationships between such structures. Here, the manager relies on such things as Skills Inventories, Resource Allocations, Calendars, and Priority Modeling tools.

After projects are assigned, workers estimate the amount of effort needed to perform the work. This is a critical aspect of the MPM concept and is typically not found in today's Theory X environments. Here, the worker is asked, "What do you think?" But understand this, the worker's estimate is an expression of his personal commitment to the work involved. If the manager does not agree with the estimate, he may ask the worker to rationalize his estimate. If the manager is unhappy with the answer, he may elect to give the assignment to someone else (perhaps another employee or a contractor). Nonetheless, the estimate is an expression of commitment by the person.

Based on the estimate, the manager then calculates the project schedule. Whereas the worker developed the estimate, the manager computes the schedule. Here, the manager considers the project's WBS and precedent relationships. More mportantly, the manager considers the Indirect and Unavailable time affecting the worker. This means the MPM concept does not subscribe to the "Man Hour" approach to project estimating and scheduling. I have discussed the differences in the use of time in many other articles, but in a nutshell we view time as:

AVAILABLE TIME - this is the time workers are available to perform work; e.g., Monday through Friday, 9:00am - 5:00pm.

UNAVAILABLE TIME - this is the time when workers are not available for work; e.g., weekends, holidays, vacations, and planned absences.

Available Time is subdivided into two categories:

DIRECT TIME - representing the time when workers are performing their project assignments and, as such, estimates are expressed in Direct Time.

INDIRECT TIME - interferences which keep workers from performing their project assignments. For example, meetings, training classes, reviewing publications, telephone calls and e-mail, surfing the Internet, and breaks.

The relationship between Direct and Indirect Time is referred to as "Effectiveness Rate" which is an analysis of a worker's availability to perform project work. For example, the average office worker is typically 70% effective, meaning in an eight hour day a worker spends approximately five hours on direct assignments and three on indirects. Effectiveness Rate is by no means a measurement of efficiency. For example, a highly skilled veteran worker may have a lower effectiveness rate than a novice worker with less skills who has a higher effectiveness rate; yet, the veteran worker can probably complete an assignment faster than the novice. It just means the novice can manage his time better than the veteran worker. Again, what we are seeing is the individual worker being personally responsible for supervising his own time. Interestingly, a manager typically has a low effectiveness rate as he typically has a lot of indirect activities occupying his time. For example, it is not unusual to find managers with a 20-30% effectiveness rate.

Returning to scheduling, the manager uses the worker's effectiveness rate when calculating project schedules. If the worker's estimate is such that it greatly impacts the schedule, the manager may consider alternatives, such as influencing the worker's indirect time (eliminating interferences) and unavailable time (work overtime or on weekends, possibly cancel vacations, etc.).

This brings up another important aspect of the MPM concept, the manager is responsible for controlling the work environment. In addition to the physical aspects of the job such as the venue and tools to be made available to the worker, it also includes managing Indirect Time. For example, if a worker is working on a project assignment on the critical path, the manager may elect to excuse the worker from meetings and training so that he can concentrate on the project assignment. Whereas the individual worker is concerned with managing his Direct Time, the manager controls the Indirect Time. It is important to understand that nobody can be 100% effective; for nothing else, we as human beings need breaks so that we can refocus our attention on our work.

The "Effectiveness Rate" technique serves two purposes: it builds reality into a project schedule, and; it provides a convenient mechanism for a manager to control the work environment. For example, a manager may decide to send someone to a training class to develop their skills (representing Indirect Time). By doing so, he is weighing the impact of this decision against the worker's current assignments.

As workers perform their project tasks, they report their use of time (representing another "bottom-up" characteristic of the MPM concept). In addition to reporting time against assignment, workers are asked to appraise the amount of time remaining on a Direct assignment (not Indirects). This is referred to as "Estimate to Do" which is substantially different than the "Percent Complete" technique whereby workers are asked where they stand on an assignment. The problem here is that workers become "90% complete" yet never seem to be able to complete the last 10%. Under the "Estimate to Do" approach, the worker estimates the amount of time to complete a task. To illustrate how this works, let's assume a worker estimates 30 hours to perform a task. During the week, he works 15 hours on the task. He is then asked how much time remains on it. Maybe its simply 15 hours (whereby the worker was correct on his estimate) or perhaps he determines the task is more difficult than he anticipated and 25 hours remain (15 hours performed + 25 hours "to do" = 50); conversely, perhaps he found that the task was easier than imagined and only 5 hours remain (15 hours performed + 5 hours "to do" = 20). Either way, this will affect project schedules and the manager must then consider the repercussions and take the necessary actions. "Estimate to Do" is another example of where the individual worker is asked, "What do you think?"

Although the reporting of time can be performed in any time cycle, we recommend a weekly posting. This can be performed either with Project Management software or using a manual system involving Time Distribution Worksheets. Either way, it is important for the manager to review each worker's distribution of time (including Direct, Indirect, and Unavailable time) and their effectiveness rate for the week. This review should not be considered frivolous as the manager should carefully scrutinize the worker's Direct and Indirect time as they might impact project schedules.

A good Project Management system should have the ability to "roll-up" time reports into departmental summaries for analysis by the manager. For example, a departmental effectiveness rate can be calculated thereby providing the manager with a means to study which workers are working above or below the departmental average. Again, you are cautioned that this is not an efficiency rating and workers should not necessarily be competing over who has the highest effectiveness rate. Accurate time reporting is required to make this work properly.

Both the individual and departmental effectiveness rates should be plotted on line graphs to allow the manager to study trends, as well as determining averages over a period of time; e.g., three months (quarterly) or annually.

IMPLEMENTATION

Implementing the MPM concept requires a good Project Management system (either automated or manual) and a good attitude by all of the participants involved, both managers and workers alike. Some people resist the concept as it forces accountability. Now, instead of the manager making an estimate, the worker is charged with this task, something that doesn't sit well with some people who shirk responsibility. Further, some Theory X managers falsely see it as a threat to their control and authority. However, most people welcome the MPM concept as it represents more freedom and empowerment. This helps promote project ownership by the workers as they now feel their input is heard by management, which leads to improved corporate loyalty, trust, harmony, and teamwork.

By encouraging worker participation in Project Management, they tend to act more professionally and responsibly in project activities. Interestingly, as workers are given more freedom, they are forced to become more disciplined and accountable at the same time.

CONCLUSION

It was back in 1982 when Dr. William Ouchi wrote his popular book, "Theory Z," describing Japanese management practices empowering workers. And it was in 1986 when President Ronald Reagan advised, "Surround yourself with the best people you can find, delegate authority, and don't interfere." Keep in mind, this was twenty years ago. A lot has happened in the last twenty years; the Baby Boomers have been succeeded by Generation X, who is also being succeeded by Generations Y and Z. In the process, socioeconomic conditions have changed as well as the management landscape. Frankly, I think a lot of the management practices of today are dehumanizing. There is little concern for the people side of management, only numbers and technology. Its no small wonder that workers are becoming more socially dysfunctional.

To change this, I recommend that managers manage more and supervise less. And this is the heart of the Mini-Project Manager concept.

Managing Risk in Financial Sector

Risk Management is a hot topic in the financial sector especially in the light of the recent losses of some multinational corporations e.g. collapses of Britain's Barings Bank, WorldCom and also due to the incident of 9/11. Rapid changes in business condition, restructuring of organizations to cope with ever increasing competition, development of new products, emerging markets and increase in cross border transactions along with complexity of transactions has exposed Financial Institutions to new risks dimensions. Thus the concept of risk has captured a growing importance in modern financial society.

By facilitating transactions and making credit and other financial products available, the financial sector is a crucial building block for private as well as public sector development. In its broadest definition, it includes everything from banks, stock exchanges, and insurers, to credit unions, microfinance institutions and moneylenders. As an efficient service provider, the financial sector simultaneously fulfils an important function in the overall economy. Various types of Financial Institutions actively working in Financial Sectors include Banks, DFIs, Micro Finance Banks, Leasing Companies, Modarabas, Assets Management Company, Mutual Funds, etc.

Thus today's operating environment demands systematic and more integrated risk management approach.

Risk:

Risk by default has tow components; uncertainty and exposure. If both are not present, there is no risk. Definition of Risk as per Guidelines on Risk Management issued by State Bank of Pakistan is, "Financial risk in a banking organization is possibility that the outcome of an action or event could bring up adverse impacts. Such outcomes could either result in a direct loss of earnings / capital or may result in imposition of constraints on bank's ability to meet its business objectives. Such constraints pose a risk as these could hinder a bank's ability to conduct its ongoing business or to take benefit of opportunities to enhance its business."

Types of Risks:

Risks are usually defined by the adverse impact on profitability of several distinct sources of uncertainty. More or less all financial institutions have to manage the following faces of risks:

1. Credit Risk

2. Market Risk

3. Liquidity Risk

4. Operational Risk

5. Country Risk

6. Legal Risks

7. Compliance Risk

8. Reputational Risk

Broadly speaking there are four risks as per Risk Management Guidelines which surround Financial Sector i.e. Credit Risk, Market Risk, Liquidity Risk and Operational Risk. These risk are elaborated here under:

i. Credit Risk

This is the risk incurred in case of a counter-party default. It arises from lending activities, investing activities and from buying and selling financial assets on behalf of others. This risk is associated with financing transactions i.e.:

a. Default in repayment by the borrower and

b. Default in obliging the commitment by another Financial Institution in case of syndicated arrangements.

It is the most critical risk in banking and one that must be managed carefully. It is also the risk that requires the most subjective judgment despite constant efforts to improve and quantify the credit decision process.

ii. Market Risk

Market risk is defined as the volatility of income or market value due to fluctuations in underlying market factors such as currency, interest rates, or credit spreads. For commercial banks, the market risk of the stable liquidity investment portfolio arises from mismatches between the risk profile of the assets and their funding. This risk involves interest rate risk in all of its components: equity risk, exchange risk and commodity risk.

iii. Liquidity Risk

The liquidity risk is defined as the risk of not being able to meet its commitments or not being able to unwind or offset a position by an organization in a timely fashion because it cannot liquidate assets at reasonable prices when required.

iv. Operational Risk

This risk results from inadequacies in the conception, organization, or implementation of procedures for recording any events concerning bank's operations in the accounting system/information systems.

Need for Risk Management and Monitoring:

There are a number of reasons as to why there is so much emphasis given to Risk Management in Financial Sector now a day. Some of them are listed below: -

1. Present structure of joint stock companies, wherein owners are not the mangers, hence risks increase; therefore proper tools are required to achieve the desired results by covering the risks.

2. The financial sector has come out of simple deposit and lending function.

3. The world has become very complex so the financial transactions and instruments.

4. Increase in the number of cross border transactions which caries its own risks.

5. Emerging markets

6. Terrorism Remittances

Risk monitoring in financial sector is very crucial and an inevitable part of risk management. Risk Monitoring is important in the financial sector due to the following reasons:

1. Deals in others' money

2. Direct stake of deposit holder.

3. Much riskier sector than trading and manufacturing.

4. Previous / Recent problems faced by banks i.e. stuck portfolio that is credit risk.

5. Bankruptcy of Barings Bank due to short selling / long position that is market risk.

6. Operational risk does not has immediate impact, but important for continuity and progress of organization.

7. Appetite of a financial institution to take risk is related with the capital base of the institute so it caries a huge risk of over exposure.

Components of Risk Management Frame Work

Risk Management Frame Work has five components. First of all risk is Identified, then it is Assessed to classify, seek solution and management, after assessing quick Response and implementation of solution and the last phase is Monitoring of the risk management progress and Learning from this experience that such problem never occur again. Whole process is to be well Communicated during the entire process of risk management if it is to be managed efficiently.

The International Organization for Standardization (ISO) has defined risk management as the identification, analysis, evaluation, treatment (control), monitoring, review and communication of risk. These activities can be applied in a systematic or ad hoc manner. The presumption is that systematic application of these activities will result in improved decision-making and, most likely, improved outcomes.

Structure of Risk Management

Depending upon the structure and operations of organization, financial risk management can be implemented in different ways. Risk management structure defines the different layers of an organization at which risk is identified and managed. Although there are different layers or level at which risk is managed but there are three layers which are common to all. i.e.

Risk Management

For managing risk there are certain basic principles which are to be followed by every organization:

1. Corporate level Policies

2. Risk management strategy

3. Well-defined policies and procedures by senior management

4. Dissemination, implementation and compliance of policies and procedures

5. Accountability of individuals heading various functions/ business lines

6. Independent Risk review function

7. Contingency plans

8. Tools to monitor risks

Institutions can reduce some risks simply by researching them. A bank can reduce its credit risk by getting to know its borrowers. A brokerage firm can reduce market risk by being knowledgeable about the markets it operates in.

Functionally, there are four aspects of financial risk management. Success depends upon

A. A positive corporate culture,

No one can manage risk if they are not prepared to take risk. While individual initiative is critical, it is the corporate culture which facilitates the process. A positive risk culture is one which promotes individual responsibility and is supportive of risk taking.

B. Actively observed policies and procedures

Used correctly, procedures are powerful tool of risk management. The purpose of policies and procedures is to empower people. They specify how people can accomplish what needs to be done. The success of policies and procedures depends critically upon a positive risk culture.

C. Effective use of technology

The primary role technology plays in risk management is risk assessment and communication. Technology is employed to quantify or otherwise summarize risks as they are being taken. It then communicates this information to decision makers, as appropriate.

D. Independence or risk management professionals

To get the desired outcome from risk management, risk managers must be independent of risk taking functions within the organization. Enron's experience with risk management is instructive. The firm maintained a risk management function staffed with capable employees. Lines of reporting were reasonably independent in theory, but less so in practice.

Internal Controls

Para one on first page of the 'Guidelines on Internal Controls' issued by SBP provides:

"Internal Control refers to policies, plans and processes as affected by the Board of Directors and performed on continuous basis by the senior management and all levels of employees within the bank. These internal controls are used to provide reasonable assurance regarding the achievement of organizational objectives. The system of internal controls includes financial, operational and compliance controls."

The current official definition of internal control was developed by the Committee of Sponsoring Organization (COSO) of the Treadway Commission. In its influential report, Internal Control - Integrated Framework, the Commission defines internal control as follows:

"Internal control is a process, effected by an entity's Board of Directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories:

 Effectiveness and efficiency of operations.

 Reliability of financial reporting.

 Compliance with applicable laws and regulations.

This definition reflects certain fundamental concepts:

 Internal control is a process. It is a means to an end, not an end in itself.

 Internal control is effected by people. It is not policy manuals and forms, but people at every level of an organization.

 Internal control can be expected to provide only reasonable assurance, not absolute assurance, to an entity's management and board.

Internal control should assist and never impede management and staff from achieving their objectives. Control must be taken seriously. A well-designed system of internal control is worse than worthless unless it is complied with, since the assemblance of control will be likely to convey a false sense of assurance. Controls are there to be kept, not avoided. For instance, exception reports should be followed up. Senior management should set a good example about control compliance. For instance, physical access restrictions to secure areas should be observed equally by senior management as by junior personnel.

Components of Internal Controls

Components of internal control also depend upon the structure of the business unit and nature of its operation. The COSO Report describes the internal control process as consisting of five interrelated components that are derived from and integrated with the management process. The components are interrelated, which means that each component affects and is affected by the other four. These five components, which are the necessary foundation for an effective internal control system, include:

I. Control Environment,

Control environment, an intangible factor and the first of the five components, is the foundation for all other components of internal control, providing discipline and structure and encompassing both technical competence and ethical commitment.

II. Risk Assessments,

Organizations exist to achieve some purpose or goal. Goals, because they tend to be broad, are usually divided into specific targets known as objectives. A risk is anything that endangers the achievement of an objective. Risk assessments is done to determine the relative potential for loss in programs and functions and to design the most cost-effective and productive internal controls.

III. Control Activities,

Control activities mean the structure, policies, and procedures, which an organization establishes so that identified risks do not prevent the organization from reaching its objectives.
Policies, procedures, and other items like job descriptions, organizational charts and supervisory standards, do not, of course, exist only for internal control purposes. These activities are basic management practices.

IV. Information and Communication, and

Organizations must be able to obtain reliable information to determine their risks and communicate policies and other information to those who need it. Information and communication, the fourth component of internal control, articulates this factor.

V. Monitoring

Life is change; internal controls are no exception. Satisfactory internal controls can become obsolete through changes in external circumstances. Therefore, after risks are identified, policies and procedures put into place, and information on control activities communicated to staff, superiors must then implement the fifth component of internal control, monitoring.

Even the best internal control plan will be unsuccessful if it is not followed. Monitoring allows the management to identify whether controls are being followed before problems occur. In the same way, management must review weaknesses identified by audits to determine whether related internal controls need revision.

Tools for Monitoring of Risk

Management Information System

M.I.S or Management Information System is the collection and analysis of data in order to support management's decision with respect to the achievement of objectives mentioned in the policies and procedures and the control of various risks therein.

It is this area i.e. M.I.S, where I.T can play a vital and effective role as with the help of I.T large information may be analyzed efficiently and with accuracy, so that effective decision may be taken by the management without the loss of any time.

Asset-Liability Management Committee (ALCO)

In most cases, day-to-day risk assessment and management is assigned to a specialized committee, such as an Asset-Liability Management Committee (ALCO). Duties pertaining to key elements of the risk management process should be adequately separated to avoid potential conflicts of interest - in other words, a financial institution's risk monitoring and control functions should be sufficiently independent from its risk-taking functions. Larger or more complex institutions often have a designated, independent unit responsible for the design and administration of balance sheet management, including interest rate risk. Given today's widespread innovation in banking and the dynamics of markets, banks should identify any risks inherent in a new product or service before it is introduced, and ensure that these risks are promptly considered in the assessment and management process.

Corporate Governance Principles

Corporate governance relates to the manner in which the business of the organization is governed, including setting corporate objectives and a institution's risk profile, aligning corporate activities and behaviors with the expectation that the management will operate in a safe and sound manner, running day-to-day operations within an established risk profile, while protecting the interests of depositors and other stakeholders. It is defined by a set of relationships between the institution's management, its board, its shareholders, and other stakeholders.

The key elements of sound corporate governance in a bank include:

a) A well-articulated corporate strategy against which the overall success and the contribution of individuals can be measured.

b) Setting and enforcing clear assignment of responsibilities, decision-making authority and accountabilities that are appropriate for the bank's risk profile.

c) A strong financial risk management function (independent of business lines), adequate internal control systems (including internal and external audit functions), and functional process design with the necessary checks and balances.

d) Corporate values, codes of conduct and other standards of appropriate behavior, and effective systems used to ensure compliance. This includes special monitoring of a bank's risk exposures where conflicts of interest are expected to appear (e.g., relationships with affiliated parties).

e) Financial and managerial incentives to act in an appropriate manner offered to the board, management and employees, including compensation, promotion and penalties. (i.e., compensation should be consistent with the bank's objectives, performance, and ethical values).

f) Transparency and appropriate information flows internally and to the public.

Tools mentioned above can be utilized in identifying and managing different risks in the following manner:

I. Credit Risk

It is managed by setting prudent limits for exposures to individual transaction, counterparties and portfolios. Credits limits are set by reference to credit rating established by Credit Rating Agencies, methodologies established by Regulators and as per Board's direction.

o Monitoring of per party exposure

o Monitoring of group exposure

o Monitoring of bank's exposure in contingent liabilities

o Bank's exposure in clean facilities

o Analysis of bank's exposure product wise

o Analysis of concentration of bank's exposure in various segments of economy

o Product profitability reports

II. Market

Financial Institutions should also have an adequate system of internal controls to oversee the interest rate risk management process. A fundamental component of such a system is a regular, independent review and evaluation to ensure the system's effectiveness and, when appropriate, to recommend revisions or enhancements.

Interest rate risk should be monitored on a consolidated basis, including the exposure of subsidiaries. The institution's board of directors has ultimate responsibility for the management of interest rate risk. The board approves the business strategies that determine the degree of exposure to risk and provides guidance on the level of interest rate risk that is acceptable to the institution, on the policies that limit risk exposure, and on the procedures, lines of authority, and accountability related to risk management. The board also should systematically review risk, in such a way as to fully understand the level of risk exposure and to assess the performance of management in monitoring and controlling risks in compliance with board policies. Reports to senior management should provide aggregate information and a sufficient level of supporting detail to facilitate a meaningful evaluation of the level of risk, the sensitivity of the bank to changing market conditions, and other relevant factors.

The Asset and Liability Committee (ALCO) plays a key role in the oversight and coordinated management of market risk. ALCOs meet monthly. Investment mandates and risk limits are reviewed on a regular basis, usually annually to ensure that they remain valid.

Risk Management and Risk Budgets

A risk budget establishes the tolerance of the board or its delegates to income or capital loss due to market risk over a given horizon, typically one year because of the accounting cycle. (Institutions that are not sensitive to annual income requirements may have a longer horizon, which would also allow for a greater degree of freedom in portfolio management.). Once an annual risk budget has been established, a system of risk limits needs to be put in place to guard against actual or potential losses exceeding the risk budget. There are two types of risk limits, and both are necessary to constrain losses to within the prescribed level (the risk budget).

The first type is stop-loss limits, which control cumulative losses from the mark-to-market of existing positions relative to the benchmark. The second is position limits, which control potential losses that could arise from future adverse changes in market prices. Stop-loss limits are set relative to the overall risk budget. The allocation of the risk budget to different types of risk is as much an art as it is a science, and the methodology used will depend on the set-up of the individual investment process. Some of the questions that affect the risk allocation include the following:

* What are the significant market risks of the portfolio?

* What is the correlation among these risks?

* How many risk takers are there?

* How is the risk expected to be used over the course of a year?

Compliance with stop-loss limits requires frequent, if not daily, performance measurement. Performance is the total return of the portfolio less the total return of the benchmark. The measurement of performance is a critical statistic for monitoring the usage of the risk budget and compliance with stop-loss limits. Position limits also are set relative to the overall risk budget, and are subject to the same considerations discussed above. The function of position limits, however, is to constrain potential losses from future adverse changes in prices or yields.

III. Liquidity Risk

The Basel Committee has established certain quantitative standards for internal models when they are used in the capital adequacy context.

a. Allocation of capital into various types of business after taking into account the operational risks i.e. disruption of business activity, which has especially increased due to excessive EDP usage

b. Allocation of the capital is also made amongst various products i.e. long term, short term, consumer, corporate etc. considering the risks involved in each product and its life cycle to avoid any liquidity crunch for which gap analysis is made. This is the job of ALCO

c. For instance Contingent liabilities not more than 10 times of capital,

d. Fund based not more than 6 times of capital

e. Capital market operations not more than 1 time of capital

f. However these limits cannot exceed the regulations.

g. Parameters of controls

o Regulatory Requirements

o Board's directions

o Prudent practices

For liquidity management organizations are compelled to hold reserves for unexpected liquidity demands. The ALCO has responsibility for setting and monitoring liquidity risk limits. These limits are set by Regulatory Bodies and under Board's directions keeping in mind the market condition and past experience.

The Basel Accord comprises a definition of regulatory capital, measures of risk exposure, and rules specifying the level of capital to be maintained in relation to these risks. It introduced a de facto capital adequacy standard, based on the risk-weighted composition of a bank's assets and off-balance-sheet exposures that ensures that an adequate amount of capital and reserves is maintained to safeguard solvency. The 1988 Basel Accord primarily addressed banking in the sense of deposit taking and lending (commercial banking under US law), so its focus was credit risk.

In the early 1990s, the Basel Committee decided to update the 1988 accord to include bank capital requirements for market risk. This would have implications for non-bank securities firms.

Thus, the formula for determining capital adequacy can be illustrated as follows:

= Tier I + Tier 2 + Tier 3 *- 8% .

Risk-weighted Assets + (Market Risk Capital Charge x 12.5)

IV. Operational Risk

To manage this risk documented policies and procedures are established. In addition, regular training is provided to ensure that staffs are well aware of organization's objective, statutory requirements.

o Reporting of major/ unusual/ exceptional transactions with respect to ensuring the compliance of the principles of KYC and Anti-money laundering measure

o Analysis of system problems

Conclusion

For any business to grow and stay in the market management style is a key and Risk management is basically the management style of managing the risks.

It is so important and that State Bank of Pakistan plans to replace Prudential Regulations with Risk management guidelines, which will be adopted by banks according to their size and complexity of operations.

Risk is inherent in every business and every organization has to manage it according to its size and nature of operation because without it no organization no organization can survive in long run.

The Death of Management

"You cannot treat a patient if he doesn't know he is sick."
- Bryce's Law

INTRODUCTION

Epitaph:

"Here lies the body of 'Management,'
Who at one time moved mountains but was put to death by
government regulations, social mores, office politics,
and general apathy. R.I.P."

I have a good friend who was recently elevated to the job title of "Systems Manager"
at a large Fortune 500 company in the U.S. Midwest. As someone who has been in
the Information Systems field for over 30 years now, my interest was piqued and I asked
her how big of a staff she was going to manage and what kind of systems she was
going to be responsible for administrating. She told me she had no staff and her
responsibilities primarily included going to user sites and helping them setup their
laptop computers with office suites and pertinent Internet software.

This is certainly not how I have come to understand the concept of a "Systems"
person or, for that matter, a "Manager." What she described was more of a technical
or clerical role as opposed to one of management. But I guess the times are changing.

I always viewed "management" as a people oriented function, not a mechanical
function (which is why "man" is used as part of the word). I define it as, "getting
people to do what you want, when you want it, and how you want it." But perhaps
I am beginning to date myself as more and more "managers" are appearing with
fewer and fewer people involved. Even though the title is flourishing, I contend
true management is becoming a thing of the past.

WHY IS MANAGEMENT DISAPPEARING?

First, we have to understand that managers are in the business of conquering
objectives and solving problems in the workplace through people. If we lived in a perfect
world where everyone knew what they were suppose to do and when they were suppose
to do it by, there would not be a need for managers. Inevitably, this rarely occurs as
people are social animals and rarely agree on anything, particularly on how to perform
a given task. Hence, a manager is needed to establish direction and referee. As such,
managers are the field generals for their departments.

There are three basic attributes of a manager: Leadership, Environment, and Results.
Let's consider each separately and how they have evolved:

1. LEADERSHIP

To properly coordinate human resources, an effective manager should always be at least
one step ahead of his staff. This requires visionaries who inspire confidence in their troops
and can set them marching in the right direction. The problem though is that little, if any,
planning is being performed in corporate America. Instead, we are content to react to
calamities as opposed to looking into the future and trying to anticipate problems. As
a small example, we are now embroiled in a tempest over the Hurricane Katrina disaster
in New Orleans. Engineers have long known that the levees used to keep the sea out
of the city were inadequate for a category four or five hurricane (Katrina was a category
four). In fact, I saw a documentary on this very subject just weeks prior to the disaster. Now, we
have local, state and federal government agencies rushing to correct the problems (and
doing a lot of finger pointing in the process). As costly as it would have been to fix the
levees, it would have been a spit in the bucket when compared to the costs to clean up the
aftermath.

In the corporate world, Detroit is reeling from the types of automobiles now being
imported into this country. Asia has stolen Detroit's thunder who now finds itself
offering cash incentives to stem the tide. It is no secret America has developed an
ever-increasing dependency on foreign oil, and is now saddled with an aging oil
refinery infrastructure and a shaky economy. Why then was Detroit surprised to see their
market share take a nose-dive in favor of quality fuel-efficient automobiles from overseas?

The point is, our planning and leadership skills are at an all time low. Why? Because
it is easier to react to a problem than to do a little planning; easier, but costlier. Let's face
it, planning is hard work and, as the old adage goes, "You can pay me now or you can pay
me later, but you are going to pay me." Planning is a projection into the unknown and involves
a certain level of risk that most people are not willing to assume (and are afraid to do so).
Consequently, our society is more interested in safety nets than in taking risks. I guess this
is why I admire gamblers who mentally calculate their odds for success and are unafraid of
taking risks.

Nonetheless, American competitors (and our enemies) fully understand our weakness as
planners and are not afraid of taking the risks that we balk at. As a result, they will continue
to take advantage of us until such time as we get some serious leadership.

2. ENVIRONMENT

In order to set workers to task it is necessary for a manager to establish a
suitable work environment. This includes:

* Defining the location of the workplace, hours of operation, and corporate policies to be observed (e.g., payroll, benefits, performance reviews, etc.).
* Defining the methodologies, tools and techniques to be used by the workers in their assignments.
* Defining the corporate culture - Although this is normally defined by the company overall, the astute manager establishes the ethics, customs and social intercourse to be observed within his area of responsibility (a subculture). By doing so, the manager has defined the code of conduct in the department denoting what will be tolerated and what will not.

As part of the corporate culture, the manager defines his own personal style of
management, for example:

* The types and level of discipline, organization, and accountability expected from the workers.
* Will the manager try to micromanage everything (top-down) or empower his people, delegate responsibility and manage "bottom-up"?
* How employees are evaluated and rewarded; by accomplishments or by political maneuvering.

The manager's objective is to create a homogeneous working environment whereby
everyone is "rowing on the same oar" towards common objectives. Unfortunately, the
problem here is that our society is now more inclined to accept rugged individualism
as opposed to team effort. For example, employees are commonly rewarded based on
individual initiative as opposed to group effort. Between this spirit of individualism
and government regulations that embolden employees to resist the company, loyalty and
teamwork are at all-time lows and apathy and restlessness permeates corporate
America. Such spirit disrupts the harmony of the work environment, thus compounding
the problems of the manager.

3. RESULTS

Ultimately, the manager is charged with the responsibility of producing a product or
performing a service. As such, the manager must establish and prioritize
assignments, and assure they are accomplished in a timely and cost effective
manner. This requires managers who can articulate assignments and coordinate
resources towards this end. Sounds pretty simple, right? Then why are we failing
in this regard? Three reasons:

* Managers are more interested in gamesmanship than actually producing anything of merit. They have developed a "fast track" mentality whereby managers have little interest in their current job and want to advance to the next plateau in their career. "Long-term" planning is no longer measured in years, but rather in months or weeks (a "long-term" project is now considered three to six months in length). Consequently, managers are primarily interested in quick and dirty solutions which will see them through their tenure of office, but will create burdens later on for their successors. Managers now spend more time scheming and maneuvering than worrying about getting the job done. What's the sure sign of such a manager? He/she knows the latest buzzwords and is always "politically correct."
* Managers are no longer results oriented, Instead, they are more focused on the process or mechanics of getting a job done. Although it is desirable to be well organized and precise in our work effort, it is for naught if you cannot deliver what you are charged to produce. The manager needs to be focused on deliverables, not mechanics (with apologies to the ISO 9000 folks).
* Managers no longer hold people accountable for their actions. This is due, in part, to government regulations that are more concerned about the rights of the employees as opposed to the manager's. As a result, managers spend less time managing and more time supervising people. Understand this: there are substantial differences between management and supervision; the two are most definitely not synonymous. Supervision is much more "hands on" with employees being continually watched and directed in their work assignments. Managers should manage more and supervise less, and employees should do more self-supervision. Unfortunately, this philosophy is not in vogue these days. Workers no longer seek responsibility and prefer to be told what to do thereby they cannot be held accountable if something goes awry. This alone says a lot about our society and is worrisome to me.

Let us never forget, unless you can deliver what you are charged to perform, you
are a failure as a manager. Consider the numerous coaches and managers in
the world of sports who have been fired over the years, not necessarily because
they didn't run fine programs, but because they lost sight of the end result: winning.

CONCLUSION

What I have described thus far pertains primarily to large corporations. Management
is still alive and well in small businesses that are not encumbered with bureaucracy
and need to manage simply to survive. I have also been primarily describing corporate
America, but many of these bad habits are creeping into the management style of Asian
and European companies as well.

Now and then, I like to make an analogy between management and dieting. There
is nothing magical about losing weight; you simply watch what you eat and get some
exercise. However, millions of dollars are spent on the latest diet craze, usually to
no avail. The same is true with management; you simply need some leadership,
organization and follow-up and you will get the results you want. However, it
seems companies today do everything but manage.

Beyond this, our social fabric and government regulations discourages
effective management. Instead of discipline, organization and accountability, we
are more concerned with nurturing free-spirited individualism, gamesmanship, and
chasing panaceas. In many cases, managers are inhibited by the press who
scrutinizes decisions, particularly in the government sector. Fearing to make
a bad decision, managers suffer paralysis and nothing is accomplished.

Bottom-line, corporate America is no longer managing; instead, we are playing
games or as I like to call it, "Rearranging the deck chairs on the Titanic." In other
words, as the ship is going down, we tend to focus our attention on everything other
than saving the ship or passengers. In the past we have talked about Theories X, Y, Z
for describing different styles of management. Perhaps we should describe today's
management style as "Theory Zero."

What is needed is someone who isn't afraid of taking the reigns and is allowed
to run the department to produce the necessary results - that is the job of a
manager. Let me give you a small example. Recently, I attended a meeting for a
nonprofit organization who wanted to draft legislation for the association. The
meeting started out pleasantly enough but quickly slipped into an uncontrollable
series of arguments. I could tell by the confused look on the faces of the attendees
that the meeting was out of control and so I grabbed the gavel and brought the
meeting to order. I next divided the group into subcommittees to discuss the
different issues and gave them a deadline to produce a rough draft of the
legislation. Within each subcommittee I appointed a chairman, a secretary,
and someone to research the legislation. I then went outside to smoke my
cigar. When I came back to the room, bedlam had been replaced by quiet
organization. The legislation was drafted according to my instructions and the
members left the building saying it was one of the best meetings they had
attended. Why? Because a manager took the gavel.

One last note which I will specifically address to my colleagues in the IT Industry;
In my 30 years in this field I have never encountered a technical problem that
cannot be conquered by good old-fashioned management. I'll bet this is true
in any industry, not just IT.

Why Does Project Management Fail

"It must be remembered that project management is first and foremost a philosophy of management, not an elaborate set of tools and techniques. It will only be as effective as the people who use it."

- Bryce's Law

INTRODUCTION

I often run into companies who ask the simple question, "Why can't we get our act together? Why does Project Management routinely fail in our company?" I do not believe a company's overall problems in Project Management can be attributed to a specific tool or technique (although some certainly do not help matters). Instead, I believe it is based on how important a company considers Project Management to be. If they believe it to be a vital part of the company's overall performance, it will be more successful than a company who considers it irrelevant. In other words, I view Project Management as integral part of the corporate culture.

Let's consider the indicators of how a company values Project
Management:

* LACK OF KNOWLEDGE - employees simply lack the basic knowledge of the mechanics of Project Management. I do not run into too many companies anymore with a total absence of knowledge in this regard. The conceptual foundation of Project Management has been around for a number of years. There is a multitude of training programs in Project Management, both at the college and commercial level. There are also several discussion groups on the Internet and professional associations dealing with this subject (e.g., the Project Management Institute of Newtown Square, PA). Hiring or contracting people with absolutely no knowledge of basic Project Management concepts is becoming a rarity.
* LACK OF ORGANIZATIONAL POLICY - the company has not adopted a formal policy for managing projects. Consequently, informal and inconsistent approaches to project management are used with mixed results. This is a much more common occurrence than finding a company devoid of knowledge in Project Management.
* LACK OF ENFORCEMENT OF POLICY AND PROCEDURES - even though a policy has been established, it is not enforced. As a result, inconsistent results emerge. If a standard and consistent approach to Project Management is devised by a company, it must be routinely policed in order to assure accuracy and uniform results. It is one thing to enact legislation, quite another to enforce it.
* LACK OF CONSIDERATION FOR THE MAGNITUDE AND COMPLEXITIES OF PROJECT MANAGEMENT AND ATTACK IT IN PIECE MEAL - People seem to naturally underestimate the magnitude of project management. For example, project planning involves defining work breakdown structures and dependencies which is a precursor to estimating, planning, reporting and control; estimating is a prerequisite to scheduling; time reporting impacts project estimates and schedules; resource allocation is based on availability of qualified people (skills inventory) and current project schedules; etc. There is an overwhelming number of software packages on the market attacking various aspects of Project Management, but very few addressing it is an integrated whole.

It must be remembered that project management is first and foremost a philosophy of management, not an elaborate set of tools and techniques, nor is it an administrative function. Rather, it is concerned with managing human beings towards the accomplishment of work (it is a "people management" function). As such, project management will only be as effective as the
people who use it.

Ultimately, project management represents DISCIPLINE, ORGANIZATION, and ACCOUNTABILITY; which are three areas people seem to have a natural aversion to these days.

DISCIPLINE - In the western world, people tend to resist discipline because some believe it inhibits creativity and personal freedom. As a result, teamwork is often sacrificed in favor of rugged individualism.

ORGANIZATION - Pursuant to discipline is the problem of organization. Again, in the western world, people prefer to maintain their own identity and organize themselves to meet their needs as opposed to the needs of the organization. There are also those who claim, "A cluttered desk is the sign of a brilliant mind." Hogwash. In contrast, I am a believer of the Navy's regimen whereby you either work on something, file it, or throw it away. This forces people to get organized. If we need more files, let's get them. A cluttered desk is a sign of a disorganized person. Shape up, or ship out.

ACCOUNTABILITY - This is an area people tend to rebel against the
most. The approach to project management, as advocated by "PRIDE," ultimately represents visibility and responsibility to produce according to plan. Unfortunately, some people shun commitments and, instead, prefer to hide their activity, thereby they cannot be measured and evaluated. This is typically the reaction of people who are insecure. People who are confident in their abilities have no problem with the accountability issue.

REACTIVE VS. ACTIVE MANAGEMENT

The old adage, "If you do not make the decision, the decision will be made for you," is valid. This also sums up the difference between an active and a reactive manager. True Project Management requires an "active" manager, not "reactive." The active manager takes care of the problems before they happen. They plan on the future. The reactive manager deals with yesterday and waits until problems occur, then tries to take care of them. Today, more and more IT organizations find themselves in a constant "firefighting" mode of operation. Why? Because of a "reactive" management style. The "reactive" manager never seems to get ahead, yet probably enjoys the highest visibility in the company. As an aside, beware of your "firefighters," they are probably your chief arsonists.

Managers don't wait for things to happen, they make things happen.

HOW MUCH PROJECT MANAGEMENT IS NECESSARY?

Can the philosophies of project management be adopted and implemented by a single group of people for a single project? Yes. A department or division? Certainly. The entire company? Definitely. In fact, as the scope grows, communications improves and the philosophy is more consistently applied.

The scope of project management affects many people:

* The individual worker will prepare estimates and schedules, perform project work, and report on activities.
* The project manager will plan and direct the use of resources on projects, and solve problems.
* Department managers will administer resources and control projects within an area.
* Executive management will establish project priorities and monitor project progress.

Obviously, project management should not be restricted to a handful of people or projects. Dozens of projects may be active at any one time, involving hundreds of workers across departmental boundaries. Synchronization of the work effort is required to maximize effect and minimize confusion. Project
management, therefore, should be viewed as a corporate philosophy as opposed to a technique used by a select few. Only when a standard and consistent approach to Project Management is adopted by a company will it become an integral part of the corporate culture. We will then hear less about why Project Management fails, and more of how the company is prospering.

Desktop Management: Saving Your Small Business Resources

Table of Contents

Introduction.......................................................1

Importance of PC Management.........................1

Effective PC Management.................................2

Alternatives for Acquiring Good Tools: Build, Software as a Service,
Outsource..................................................................2

Building an Internal PC Management Infrastructure.....3

Software as a Service...................................................3

Outsourced PC Management........................................4

Morton & Morton's Perspective...................................4

Introduction

Personal computers have delivered on the promise of productivity for knowledge workers. As a consequence, desktop and laptop computers have proliferated to almost every knowledge worker in a company. Advances in network bandwidth and the availability of wireless connectivity options have radically increased the number of home and remote workers. However, the increased use of personal computers and remote access has added significant workload and coordination to the already busy IT schedule.

For many companies, desktop management is not a core competency and there are other IT tasks that are considered mission critical or more strategic. Yet for many knowledge workers, the desktop is mission critical. Schedules, correspondence, contact lists, presentations and work in progress all live in the desktop for most office workers. Take away the desktop and work stops until the desktop is back up and running.

Most small and medium businesses do not have the IT staff and tools to treat desktop management issues with the attention they deserve. IT shops in small and medium sized companies are generally over-taxed and doing the best they can to keep the IT infrastructure running smoothly. Budgets are much smaller than those of their large enterprise counterparts, staffing is limited, and toolsets are few and far between. Too often manual processes and "just enough to get by" scripting is the answer to desktop management in the small and medium sized company. Individual users can be left to handle minor issues for themselves, and pseudo power users often get themselves into trouble and require IT staff assistance to resolve problems they have created through their self-help efforts. It is no longer a viable answer for small and medium sized business to treat desktop management casually.

Importance of PC Management

The task of PC management has become too large and too important to be handled on an ad-hoc basis with limited tools. The number of personal computers is significant. There are many versions of operating systems and many different software applications. This is also complicated by the number of employees working from remote offices. The scale has become rather large, even in a small to medium sized business. Now add in the constant stream of Microsoft patch updates (security, operating system and application software updates), periodic operating system upgrades, user initiated software installations and configuration changes, antivirus updates, and IT configuration changes. The rate and volume of change is significant, if not overwhelming. Not to mention the problem of Microsoft phasing out their support of old office applications and operating systems. Windows 95 is no longer supported and 98 is now no longer going to be supported.

The risks of doing a poor job of desktop management are now quite high given the security risks to every PC every day. Left unprotected, PCs are subject to Trojans, Keyloggers, Root Kits, Spyware and Viruses. One of the best ways to be protected is to apply all patches to operating systems and applications in a timely fashion. However, coordinating, staging and testing these patches is time consuming and something that should not be left to end users or ad hoc processes by the IT team. Every desktop needs Anti-virus software that is constantly updated, and users cannot be trusted to keep their virus data files current. Mobile users should also be protected with personal Firewall software, but again, users cannot be depended upon to install and keep such software current. Leaving this to chance can put the entire network and subsequently the entire company at risk.
The employee desktop today contains significant corporate data, both data taken from corporate repositories for use on the desktop as well as work-in-process data not yet stored on a secured and backed-up repository. Employees handle important and sensitive data that needs to be protected. This can include price lists, customer lists, customer data, human resources data, strategic plans, product plans and corporate financial information. Security breaches, viruses, and spy-ware can lead to stolen, lost or corrupted data. Regular backups can mitigate the risk of lost or corrupted data, however most users are not disciplined enough to perform regular backups. Mobile and remote users complicate the backup problem and render home-grown backup scripting ineffective.

Dealing with the disruption and potential data loss of security breaches can represent significant productivity loss. Work-in-process data on the desktop can represent weeks of effort and may be difficult or impossible to recreate. The loss of such data can affect project time-lines, which in turn can cause customer satisfaction issues and/or contractual penalties. Desktop data loss can also affect revenue if a desktop problem interrupts critical timeframes for customer proposals.

Another factor driving the need for good desktop management is the increasing regulatory compliance issues that are affecting businesses of all sizes. Consumer and patient privacy laws such as HIPAA (Health Insurance Portability and Accountability Act) and the wave of trend setting privacy laws out of California affect businesses of all sizes. Sarbanes-Oxley compliance includes rigorous asset management, change management and other controls for IT. This should be of concern for more than just the public companies covered by the law. Many small and medium sized businesses are working toward an eventual acquisition as an exit strategy, and most such acquisitions are by companies that are subject to Sarbanes-Oxley. It is much easier and faster to work through the due diligence phase of the acquisition if the company being acquired has implemented the types of controls required by Sarbanes-Oxley. Good desktop management can assist a company in certain aspects of regulatory compliance.

Effective PC Management

Effective PC Management begins with knowing what you have to manage. Complete and accurate asset and license management is key. Knowing how many machines of what type, their location, memory, hard drive, processor speed, etc., is a big step forward for many small and medium sized businesses. Tools available today have automatic discovery capabilities and excellent management reporting which can assist IT staff in establishing and maintaining good processes for asset management. With an accurate picture of the installed hardware base, it becomes much easier to assess operating system and business suite software upgrades.

Keeping track of software licenses and where they are installed is another important function. Accurate information of which machines have which software installed is a major starting point to effectively manage PCs across the company. This information can minimize the number and duration of on-site visits by IT support personnel. It can also ensure that software licenses are appropriately managed; paying for only those copies of a particular software that are needed and reducing the risk of fines in a software license audit.

Another good practice is to keep software installs to the minimum required for each employee to do their job. This will shorten install time, reduce updates and patches required, and use fewer resources leaving more capacity for each user's needs. Some systems administrators will attempt to make things easier by standardizing the desktop to one image for everyone. PC management is one place where "one size does not fit all." Overcomplicating the software image for every user by installing all applications everywhere will increase work in the long run and make everyone unhappy. A better practice is to define unique user types by department or job function, and to define a standard image for each user type. This can limit the time to upgrade applications and allow for better service for each user.

With an accurate inventory of all hardware and only the software needed on each desktop, the next step toward effective PC management is to automate software distribution. Automated software distribution minimizes the number of onsite visits IT staff must make. This lowers the cost of support and allows for more frequent updates. This can be applied to virus data files, operating system patches as well as updates and new versions of application software. Changes should be staged in a separate environment for testing and then rolled out based on individual or group user profiles.

Automated software distribution is the first step in remote management. Full remote management includes the ability to remotely control the desktop and make all required configuration changes through a networked connection. This is a critical function as the number of remote and mobile workers has increased. IT staff must be able to perform administrative functions from their office as if they were sitting in front of the PC of remote and mobile workers.

When considering how to implement desktop management best practices, companies need to acquire management tools to automate the management tasks. Companies can license tools and build an in-house management infrastructure, access management tools through a hosted Software as a Service (SaaS) model, or outsource the entire desktop management process. Each of these alternatives is explored in more detail below.

Alternatives for Acquiring Good Tools:

Build, Software as a Service, Outsource

A company with as few as 2-20 employees can struggle

with manual desktop management processes. The more

desktops to be managed and the more mobile and remote workers to support, the more difficult it becomes to deliver good service with manual processes. The severity of issues that can arise from poor PC management requires that the problem be taken seriously and therefore automation should be given significant consideration.

There are now many options available to automate some or all of the PC management functions, and some of these options are cost effective even for small and medium sized companies. However, tool selection should be made carefully to ensure that the necessary functions are addressed by the tool, to keep training time to a minimum and to avoid selecting a tool that requires more effort to administer than it saves. As with any decision, all of the alternatives should be considered before making the decision. PC management is no different, and it can be accomplished through several approaches: management tools deployed in-house to internally manage PCs (the "build" approach), using a Software as a Service hosted management tool with internal staff, and outsourcing the management of PCs to a third party.

Building an Internal PC Management Infrastructure

This traditional approach to management involves identifying tools to purchase, purchasing those tools, deploying the tools, training IT staff on how to effectively use the newly deployed management tools, and staffing sufficiently to manage the PC infrastructure on an ongoing basis. One of the advantages of this approach is that the IT organization retains full control of the management infrastructure and functions because the solution is an internally deployed solution. However, the control also brings with it the responsibility to manage the management system/software itself.

The build approach typically requires a larger initial budget outlay for purchase/licensing costs, with on-going maintenance fees, and any investment in additional hardware that is required to run the
management infrastructure. In addition to these initial licensing costs, it is also important for IT organizations to realize that there is an associated cost of management. The IT staff is naturally responsible for managing the IT infrastructure, but in addition, they are also responsible for managing the IT management infrastructure itself. For example, in the case of internally deployed management software tools, these costs reveal themselves in deployment costs of the management tools, maintenance of the management tools (upgrades, patching), support personnel for ongoing operational support, management tool consulting services, training, software licensing costs (both initial purchase and recurring maintenance costs), hardware costs for additional hardware that is required to run the management software, and the cost of integrating tools in-house.

The cost of management depends on several factors; the ease-of-use and ease-of-deployment of the management solution, the stability of the management code, the frequency of new releases, and the maturity of the IT organization. Most of these factors translate to IT staff time that is required to manage the management infrastructure. In addition to these direct costs, maintaining a help desk to assist users with PC issues is another additive cost of management. For geographically dispersed companies, the help desk may be required to operate 24x7, which adds significantly to the cost of ownership.

Software as a Service

Another way for IT organizations to employ PC management functionality is through management software delivered as a service. This option shifts the responsibility for the management software deployment and maintenance to the service provider. Software as a Service (SaaS) results in eliminating the following costs for enterprises: deploying the tool, maintaining the tools, consulting services to deploy the tool, software licensing, internal tool integration, hardware to run the management software, and troubleshooting when the tool is not working properly. Instead of these costs of ownership, the cost of the hosted software is in the form of fixed monthly subscription fees.

PC management SaaS can bring additional advantages beyond the features of the tool. Virus protection and automated update of virus data files is a feature often available. Some services include significant coordination of new patches; simplifying the staging, testing and deployment of patches. The service may include automated backup and offsite storage features providing excellent data protection with little additional effort or hardware costs. Hosted software solutions also provide news and information on new practices and trends which can assist the small to medium enterprise IT staff.

Some IT departments may be concerned over the loss of control by using a management infrastructure provided as a hosted service. The quality of the service provided must be excellent and the reputation of the service provider is critical. However, only the infrastructure itself is under third party control in this alternative. Company IT staff remain in control of the actual end user interface and the actual processes and actions taken on individual desktops.

The SaaS model provides access to a full suite product without the upfront license and setup costs. It allows the IT staff to maintain control of the desktop management process without the effort required to setup and maintain the management environment. It does require training and good internal processes. It also requires a way to track service requests and problems. To provide effective support, a help desk is useful, and for some companies a 24x7 help desk is necessary.

Outsourced PC Management

The point of acquiring good PC management tools is to provide effective PC management. There are a number of full service outsource options available to small and medium sized businesses for desktop management. This alternative solves the effective PC management problem by turning the work over to a service provider. The service provider is responsible for tool selection, deployment and operation. The service provider also brings trained staff and proven procedures.

Like the SaaS model, the outsourced model eliminates the costs of licensing the management tool, deploying the tool, consulting services to deploy the tool, integration costs, maintenance costs and hardware costs. Additionally, the outsourced model eliminates the costs of internal staff for PC management and the costs of an internal help desk function for PC management. Outsourced PC management is typically charged on a per desktop per month fee. It is more expensive than a SaaS model as the service includes the staff and the help desk functions.

Outsourced PC management brings good tools and good processes to the problem of PC management, protecting the assets of the company while providing professional performance enhancements to maintain top performance expectations from the PC. Some businesses have experienced higher individual user costs for desktop management as individual users can spend more time attempting to solve their own problems rather than look to the third party provider for help.

The quality of the service delivered by the service provider must be excellent, and the services must be flexible enough to fit in with the way the company works. A collaborative working relationship must be established. This can require a different kind of management oversight than exists in some small and medium sized businesses. An outsourced service may bring improved service by providing a 24x7 help desk, a tremendous resource saving feature for a small business productivity need.

Morton & Morton's Perspective

Desktop Management is a critical business practice that, when done well, can keep employees productive and keep external threats to the company network in check. The traditional approach to managing PCs has been to deploy the management software in-house or use manual methods. Most companies now realize that manual efforts are no longer viable given the number of desktops, the frequency of changes and the risks to employee productivity and data. However, outsourcing the process to a competent third party company is by far the best method to reduce the cost of the company's resources and protect the intellectual assets of the company at all times.

We will provide you the best protection of your assets and reduce your small business resource requirements to manage the desktops and keep the performance level up the expected user level for the best productivity and do it at a cost that you can afford.

Malahayati Management