Monday, May 30, 2016

The wonderful and scary period called Notice Period when you leave your job

I met up with a very unusually relaxed CXO friend who appeared to have all the time in the world for the mid-week lunch meeting. We indulged in leisurely talk while I had time to kill in between meetings and him with the knowledge that no one would be missing him at his workplace. Savoring the dishes in front of us, he pronounced the fact that he was on his notice period for the next two months and guess what ? It was better than the honeymoon period he enjoyed when he had joined the company.

The luncheon meeting had me thinking about the terms of employment where notice periods vary from 30 days for junior staff increasing with rank up to 3 months (have not come across longer notice periods and would be happy to learn about them). Through my corporate career spanning three decades I had to serve notice period ten times and by the time I had crossed the fourth, the term had stretched to three months, not counting the period of negotiations before the resignation is accepted.

Notice period norms started with the view that the outgoing person needs to transfer his/her tacit knowledge on to the team and/or replacement identified for the role such that the enterprise can minimize disruption risk and adverse impact. Fair point in a scenario where the person has specialist skills that requires deep understanding of the role and responsibilities or the industry vertical, or for that matter has created valuable intellectual property which needs careful handling before the person exits.

I am sure that there would be other reasons someone can think of to demonstrate that there are indeed reasons to hold back people after they have announced their intent to depart for greener pastures; e.g. handing over key accounts to others, completing projects that may get delayed with change of personnel, providing continuity to a strategic initiative, I believe that the list can fill up many pages. The average time taken to obviate the risk should ideally determine the notice period a person would serve.

Organizations define such timelines with analysis of time, cost, effort, and impact to determine how long before a person is freed to pursue his/her interests outside. Anyone making such a statement would find it difficult to place a hand on the heart and repeat it. It has become the norm that junior resources shall have 30 day notice period while mid and senior management shall have 3 months.  Ask any Human Resource Head or CEO, they would struggle to provide credible rationale for their policies.

Joining competition ? Surprise ! You will be relieved faster than you can imagine making you wonder about your reason for existence in the enterprise. Guess what ! You are no longer trustworthy ! Controlling damage and ensuring that you do not take away every little secret that competition would love to exploit. Handover or knowledge transfer ? The risk is deemed higher than the benefit; thus companies err on the side of caution in the belief that naive and innocent employees would take trade secrets after they resign.

As the CIO, he was busy stretching 60-70 hours in a week balancing meetings across the spectrum of activities; he traveled frequently to stay connected to the business which had given him the platform on which he had risen to fame in the industry. Sought for his deep insights and crisp analysis of situations, he always provided alternative solutions. He was a prominent member of the leadership team. And then things changed as if he was an outcast, brain dead, a leper to be avoided leaving him disenchanted and disillusioned.

My friend’s life changed after he announced his exit; he was eased off critical meetings and management reviews; he was not invited to new business discussions since he wouldn’t be around to execute. He wandered the corridors meeting people, chatting up uneasy senior managers who engaged in small talk. Everyday morning he arrived like clockwork, had his morning coffee, read emails he received, responded to some, had lunch and then spent time over an evening tea before calling it a day.

Why do enterprises continue to insist on long notice periods when no productive work gets done by the individual in that golden notice period ? A sheer waste of time for the incumbent and the rest of the team knowing fully well that s/he is not empowered anymore to take critical decisions. Can the person not be exited logically within time taken to relieve him/her of corporate belongings, wind up receivables, and pack personal stuff. Why make him/her feel redundant, worthless and useless in the last days ?

Monday, May 23, 2016

How many fixes to a software solution before you decide to replace it ?

The system had gone live after a bit of delay; everyone sighed in relief and believed that the best is yet to come with the long awaited solution that should deliver a competitive edge before others caught up. The system automated processes that were thus far manual and in a geographically spread business where collation of data took some effort; standardization using spreadsheets had not delivered the desired result. Thus anticipated benefits from the system were high as the deployment completed as per timetable.

Giving some credit to the implementation team comprising of business, IT and the vendor, they had attempted supporting the business to institutionalize the effort. Time passed by, the usage graph gradually started declining reaching a level that rang alarm bells. Response time was the first issue raised followed by bugs, functionality limitations, lack of reports and analytics, it appeared that everything that could go gone wrong had. The challenge was thrown to the new IT leadership team to diagnose and fix.

A crack team was created to deep dive, assess and document the root cause and find a solution to the predicament that faced the enterprise. The team spent more than a month meeting members from IT, business, vendors, software principal, and key users collating information that would finally create the prescription to remedy the situation. The laundry list thus created needed budgetary support and resources to get started; so the CIO sought audience from the business head and the CFO.

With aplomb the CIO personified in most meetings, he presented the findings to the assembled group. It was more than a year since the solution had been deployed; barring basic functionality, users had stopped using it, reverting to time-tested quasi manual process. The investment had failed to deliver commensurate benefit. Fair evaluation of the solution had reported 85% fitment to requirements. The implementation partner recommended by the principal had struggled but finally delivered the desired solution.

As the discussion progressed there was growing discomfort in the room as the list of changes appeared unending. It challenged conventional wisdom to implement any solution with minimal changes or customizations. The CIO pushed a long list of 117 changes to the COTS solution over and above those done as a part of the original implementation promising everything the business wanted. The ask was budget almost equal to the total project cost thus far and timeline spread over more than a year.

For the business head and the CFO the decision was between scrapping the project and putting time, effort and money to rescue the project which promised significant operational and process improvements. The conviction of the CIO swung it in favor of putting some more money behind the challenged project. The business team was asked to prioritize the long list by putting it into different buckets based on impact and effort. The budget was scrutinized by the Finance team and the list of 117 changes was approved.

Quick wins came easily, re-use of the solution jumpstarted with delivery of the high priority items on the list. Emboldened the team pushed ahead only to face roadblocks on technology as well as stability of the changes. Three quarters later the list was pruned and the internal and outsourced development team given the stick; the business disengaged from active participation deciding to get involved whenever a delivery happens. The project was relegated into the background keeping the team busy, often pulled out for other pressing activities.

The now floundering project became the white elephant in the room in review meetings with IT. The CIO exited under mysterious circumstances replaced by young blood; triggered by a strategic review conducted by a veteran consultant, rational thought and direction on the project finally saw light of day with the approval of an alternative solution to replace the infamous mess. News of scrapping of project created flurry of activity; the Principal vendor sought to intervene, a request that was promptly denied.

Where did the project go wrong ? Initial evaluation was extensive and could not be faulted; the now approved new solution came across as the winner; the incumbent solution was the next best choice by a small margin functionally but at half the cost making it an attractive option to consider. Are next best choices not good enough ? Was the implementation flawed or people competency a challenge ? Was the CIO correct to push for large number of changes ? Why did he not propose the other solution ?

At times people are blind to right choices; they push low cost or safe choices, or put good money behind bad as was this case with irrational prevailing; the CIO avoided conflict by not confronting past decisions and thus lost the opportunity to create better outcomes. Compulsions if any remain a mystery between the business head and CIO. Opportunity lost, time, effort and money wasted, the enterprise is the final loser. I don’t believe that many would approve such elaborate customization, but I may be wrong !

Monday, May 16, 2016

Should you allow exceptions to an information security policy ?

Once upon a time when information security did not figure in the priorities of the IT Head (the era before the CIO title came into vogue), the company took upon itself to protect sensitive information that if leaked would be detrimental to the image and reputation. The internet was beginning to spread its wings reaching out to residential customers, the browser wars had just begun, electronic commerce was yet to reach irrational valuations, and information leakage or protection was not on the radar of many enterprises.

There were no USB connectors or drives, internet connections were rationed and capacity low, email the primary mode of information dissemination apart from paper. Separation of Information Security & Risk into an independent entity was a big pioneering step forward. The new team started with creation of dos and don’ts for users that culminated into a set of policies. In a hierarchical world moving up the ladder, the stringent policies became liberal as you look upwards for the convenience of senior executives.

Then came the noise and requests for exceptions citing business need and impact with the newly imposed controls; function heads authorized the leniency thereby rendering policies significantly compromised in intent and execution. New threats that were perceived to be largely external were intercepted and addressed, internal exceptions however stayed and continued to grow. Companies worked on an acceptable risk internally and with high levels of trust with senior executives to guard the family jewels.

Fast forward to the current world of heightened awareness and impact from information leakage and cyber threats, is the scenario any different ? Sampling across companies in a cross section of size, industries and geographies indicate that the information security function now exists in a majority of enterprises, reporting into the CIO who has also taken on the mantle to protect the information assets. High maturity and regulated companies have given security independent charge to the CISO accountable to the CEO/Board.

Policies have become stringent, implementation rigor higher and with the availability of a plethora of tools, the ability to monitor better. The industry has continued to disrupt available solutions with newer, faster, better, cheaper, painting a scarier picture forcing adoption driven by FUD. Social engineering has evolved to new levels with multitude of avenues reaching out to the gullible and the stupid who are willing to give away everything including personal records that compromise corporate and individual assets.

Most policies are cookie cutter approaches with standard templates from the consulting companies with some variance by industry; many of them have statements that put at risk the enterprise and the policy itself. The implementation too is outsourced to IT companies who provide out of the box solutions at times with no alignment to industry specifics. Compliance continues to drive policy creation and intent: to pass the statutory audit, to ensure that customer audits do not show non-compliance, to help justify budgets for information security.

Leaving aside an exceptional case of incompetency at the senior management level within an enterprise, today the awareness and intent to protect information assets of the company is genuine enough to put pressure on IT and Information Security professionals. Auditors and regulators have also gained adequate expertise to go beyond the superficial reports, dashboards or compliance statements. They are better equipped and have raised the bar for owners, entrepreneurs, management and the Board.

ISO and other standards based practices and certifications are mainstream, the cost of information leaks can now be measured in fiscal terms; wordsmithing to crisply document and disseminate the policies with no room for ambiguity or misinterpretation has become the baseline expectation. No exception is the new rule; need to deviate ? Change the policy instead, create grades and boundaries for execution. It makes life so much easier rather than to explain why an exception was granted and how was it managed.

Staying compliant is mandatory, protecting information is necessary, educating stakeholders is a starting point; take steps before a crisis emerges. Make sure policies are easily understood in intent and execution; have employees sign off acceptable use policies that define the boundaries; reinforce with frequent communication; assess, audit and publish results irrespective of status, success or opportunities to improve; stay connected to innovators and peers in the industry to benchmark your effort and stay safe.

But whatever you do or don’t, please don’t create exceptions to any policy !

Monday, May 09, 2016

Job hoppers seeking the perfect match rarely find it

It was an embarrassing moment for the CIO who I bumped into at the reception of a customer; he was there for an interview with the Group CIO for a position with one of the business units. He did not expect to find me there; while he knew that I had given up my corporate role some time back, he wondered if I too was there for the same interview. So making polite conversation, he queried if I had also come for the interview. I smiled back at him and nodded in affirmation that it was indeed the interview that brought me there.

He was beginning to build an image in the industry as a CIO who will make it to the big league sooner or later. He had started getting visibility in the CIO circles with a few panel discussions where he was able to make his presence felt. Though he was not quoted often or written about, he appeared to be taking the right steps towards creating a persona. After a longish tenure at a mid-sized enterprise, he had a string of short-term roles each lasting not more than six months which surprised peers, friends and industry observers.

Leaving aside the tenured CIOs (and here I refer to the real CIOs, not people with underserving titles) with over a decade in their current roles, most CIOs typically spend an average of 3-4 years in a company. They create and leave behind an impact on the enterprise with their management style, technology solutions, and bit of leadership. They contribute to an overall improvement in the IT maturity, elevation of the IT team perception, business impact led by technology, and a general acceptance of the value of IT to the company.

Coming back to our friend in dire need, he walked into the room with a complete panel to grill him on why he should be given the coveted position. Seeing me on the interview panel unbalanced him as we all greeted him and introduced ourselves wanting to make him comfortable. As we progressed through his professional life and key milestones, the conversation finally reached the point where his quick changes came into the limelight as the panel sought clarification on what caused the instability in an otherwise good career.

At the time of the interview, he had been in the current role for less than 4 months and two earlier stints had lasted six months apiece; here he was again wanting to move ! He started off talking about cultural mismatch between the first of the 3 and the fact that he was constrained from making any decisions. The second was an attempt a new industry segment which he quickly realized he was unable to adjust to; and finally the current role was more of a maintenance role and did not offer any freedom to innovate.

Closing the interview the HR Head thanked him for his time and promised to get back should he make the grade ! Between 5 of us on the panel we had unanimous consensus that the candidate would find it difficult to get into any new role which will not give him the comfort of the old one he had discarded sometime back for greener pastures. Fallaciously he was seeking acceptance as a new comer rather than build relationships with peers and trust with his team that comes with immersion into the new role and company.

Every new role has a honeymoon period that the newbie enjoys as s/he learns about the company, industry, culture, people, team and expectations of the role. The duration varies by company, size, and the level in the hierarchy of the enterprise. The new entrant has to create an enduring and affable persona that is true to self; it is difficult to act like someone else and sustain it for long. This is the time that needs to be spent in building bridges and credibility which sustains a person in the role and organization.

My friend never got the call he was waiting for as he had frittered away the honeymoon period or made bad choices not aligned to his ability and/or goals. Call it mid-career (or life) crisis or a victim of the changing dynamics of the role, it is evident that he is not ready for the new dimensions that are base expectations now. In the fast changing digitally disruptive business models world, the CIO has to step up the ante. Many have transformed themselves to take on the new challenge, a large majority faces disruption.

Ready or not, that is reality !

Monday, May 02, 2016

Politicos fuel corporate politics impacting individual and enterprise performance

This is the last part of the trilogy on how people impact enterprises. Click here for Part 1 and Part 2

Position bestows power; power brings superiority; superiority brings attitude; attitude brings the feeling of superiority and invincibility to some; at this point sycophants start flocking the powerful like flies who seek rubbed off glory. The resultant coterie shamelessly mimics the good, bad and ugly, indifferent of their visibly spineless behavior that makes them the subject of ridicule. They mostly amplify the unwanted and undesirable characteristics of their self-proclaimed leader leaving behind a trail of collateral damage.

Known as the M&A king, in every company he had created inorganic growth and value. As a person, he was aloof and unapproachable creating an aura revered by the bourgeois wanting to please him. They fought to second guess what he liked and wanted to hear; the abysmal hit rate strove them to try harder resulting in error of comedies ! It never occurred to them to ask him while he remained indifferent to his followers who tried even harder to get close to him. The enterprise saw some high profile exits which were inexplicable in the beginning.

Culture is driven from the top is a well-known fact; people ape their bosses, the politicos consciously and the majority subconsciously. For the leader, it is important to stay connected to reality and take cognizance of the culture they are creating and supporting. When they do not pay heed to the undercurrents and allow the survival of an army of flatterers, the performers end up disillusioned; they need a direction and a leader they can look up to. Unable to stand the shift in culture, the performers find greener pastures quickly.

When he structured a sizeable deal with an equal, it created ripples internally and across the industry with the insecure wanting to kiss up to demonstrate their value lest they become part of synergy between the companies. His detached demeanor gave nothing away not that he really bothered about anything except his image of success. For the insecure, the need to be visible resulted in adverse impact to enterprise performance while causing the exact damage to themselves that they wanted to avoid in the first place.

All deals don’t always work out the way they are planned; emboldened by past success, the CEO had gotten too ambitious in his quest for growth. It was too early as they had still not fully completed the previous integration. The deal hailed by the industry as too aggressive eventually turn out to be his nemesis; the board who had earlier showered him with adulation fired the CEO for diluting shareholder value. Loyalists were rewarded with key positions to rescue the sinking ship, they did arrest the slide albeit slowly and steadily.

Exit of good talent left the organization scrambling to bring back performance to an acceptable level. Loss of market share drove south market capitalization giving rise to speculation that the once “too big to fail” company may actually become an acquisition target themselves. Remnants of scavengers and the bewildered were clinically removed to cleanse the system and induct required talent that the company needed to survive the impact of a merger gone awry. Survival instinct of a few politicos aligned themselves to the new powers.

Companies have had massive rises and colossal falls attributable to charismatic leadership; these companies did not build the breadth and depth of management required to sustain in the long run. Organizations are indeed resilient though sudden dips in performance are difficult to recover from. Political and personal agenda should be systemically removed by the Board and Shareholders.  Alignment to the larger objective and crisp, timely and coherent communication keeps everyone objectively focused on what matters.

Turf wars, silos and politics are a given in today’s world; what matters is the alignment to the larger enterprise agenda ! If you run a company, do introspect what is the message you are giving to your team, their teams, your customers and stakeholders. If you are working in a company, review where your personal agenda fits into the larger goals of the enterprise. In both cases there will be many who find themselves at odds; if there is a disconnect, take corrective action before you stand out and are made part of statistical correction.