Time
2 hours 3 minutes
Difficulty
Advanced
CEU/CPE
5

Video Description

This lesson covers business process re-engineering. This is the idea that organizations are always in need of improving processes and procedures to make sure they stay on top of a competitive market. At the same time businesses must be aware that changes can bring new risks.

Video Transcription

00:04
All right, so now let's talk about business process reengineering. The idea with this is that
00:09
organizations are always in need of
00:12
tweaks and adjustments to the way they do things.
00:16
Unless the organization's been around a very long time and has extremely well defined processes and procedures,
00:23
there's almost always some area where there is room for improvement.
00:27
So BP are gives us the ability to make the business more efficient over time, as your employees and workers gain more experience that can do their job well quickly with less errors,
00:39
uh,
00:40
basically raising their productivity after they reach a certain level of competency.
00:46
You could also consider be PR as being a way of introducing improved techniques
00:52
there might be might think of instances like manufacturing
00:56
where microchip manufacturers
01:00
improve their techniques on a regular basis every two years or so. The speed of the
01:04
processors and all of our PCs and laptops takes a significant jump. Sometimes it even doubles
01:11
and these air, because of new techniques come along. Maybe there's ways to fold multiple step processes into one step
01:18
because of some new tools or some new technology,
01:21
So that's a definite goal
01:23
and also
01:25
be PR is important when we have new requirements,
01:30
so there might be a situation where organization has certain products and service is.
01:34
But now there's something new on the landscape or something new that their customers want, so they've got to rethink how they do things in order to satisfy that demand.
01:42
So what does the goals of
01:46
PPR and at the high level,
01:48
we're talking about continuous improvement,
01:49
any any adjustments, any tweaks.
01:53
Any rethinking of existing
01:56
processes is potentially going to be helpful.
02:00
We don't want us to get stuck into the mindset of doing something the same way
02:06
all the time because that's the way we've always done it. That's an easy, easy trap to fall into. We've always done it this way. It's been working fine for 10 years. Let's just keep doing it that way.
02:15
That might be fine, but if you could take the attitude of looking for ways to improve and become more efficient,
02:23
and possibly that helps the business
02:24
overall, Thio improve itself
02:28
financially, gaining more market, share new customers, who knows what the limits are there. We also have to remember that change introduces new risks,
02:37
so just because we find a better way of doing something doesn't mean that
02:40
that we haven't solved one problem and created two new ones.
02:45
So this is
02:46
really important to tie back to something like change control and doing business impact analysis.
02:53
So if you're introducing some new process, some new
02:57
tools,
02:59
there has to be some study conducted to make sure that that
03:02
new way of doing things doesn't break something else that's already in existence.
03:07
It doesn't open up some vulnerability that wasn't foreseen when the change was being proposed.
03:14
But, of course, that ties back to our security controls,
03:17
especially as it relates to them being continuously monitored.
03:22
If we're continuously monitoring the controls,
03:23
then we make changes to the environment. There should be some evidence of those changes
03:29
in the in the monitored controls. And maybe that can be correlated to know if your change was a good thing or a bad thing.
03:36
Any time you make an important change, always want to have a rollback plan anyway,
03:39
so that's something good to kind of close that loop a little bit. So
03:44
how do we go about BP? Are any structure way?
03:49
One way to think about it is to think big to think outside the box
03:53
if you're your organization, does seem certain things from certain tasks or provides products, and service is
04:00
an interesting concept. Would be, too
04:03
to basically try to wipe your mind clean to say I don't want to rely on anything that already exists. If we had to design this from from scratch right now, how would we do it?
04:14
How would we?
04:15
Uh huh
04:16
accomplished the goals of the business without using anything that's already been done before.
04:20
And that might be a great opportunity to bring someone new into the situation. Who doesn't know how things were done before so they don't have that stuck in their mind, as as a reminder which may, you know, lead them down the wrong path.
04:34
Another approach is to do what I was mentioning earlier and more of an incremental approach where you look at all of your processes,
04:43
document how they work
04:45
from the bottom up
04:46
and
04:47
see if there are little areas where you might be able to make small little improvements.
04:51
Maybe a few percent here, a couple of percent there.
04:55
All that might add up to a significant change if it's done carefully.
04:59
One down side with incremental approach is that
05:01
it might be easy to get lost in the details documenting the current process. And that might take a lot more time than
05:10
I'm just trying to redesign from scratch.
05:12
The thinking big idea anyway
05:15
doesn't hurt anything if you're just
05:17
putting ideas down on paper or discussing it.
05:20
So incremental is good as well,
05:24
because that's a more natural flow for the way most people think.
05:27
Like Oh, I just want to make a slight adjustment year, a slight adjustment there.
05:30
Another option is to use a hybrid approach,
05:33
meaning that you're you're looking from the top down, trying to get the big picture, but also trying to make incremental adjustments
05:41
so that you're not starting completely over. But you're trying to blend the best of those both worlds. You have to have a reasonable body of knowledge in order to
05:49
be successful at doing V P R.
05:53
For instance, having up to date skills for auditing makes sense.
05:57
You wouldn't want to attempt
05:59
business process reengineering if you're you're auditing skills were a little bit rusty
06:04
having the sea, I say
06:08
audit skills that we've talked about looking at the ASAC, a code of ethics.
06:12
Knowing how to
06:14
to go about the methodology of auditing information system
06:17
would be an important consideration as well.
06:20
Knowing howthe company works like that, what is their business logic? Where the moving parts involved?
06:27
How do you analyze that in a way that makes sense,
06:30
especially when you have requirements to measure something and to provide proof
06:35
that
06:36
your analysis show is there could be improvements if we change this or if we change that.
06:42
Being a good people person doesn't hurt,
06:46
since you may have to interface with various different people all the way from CEOs down to, you know, regular users on the network,
06:54
asking them questions, trying to get them to cooperate,
06:57
getting useful information that you can pull together as your evidence
07:00
to support your opinions. All right, So if we're trying to apply the
07:05
the guidelines for BP are we have to think about different types of steps. Here
07:12
we have six major steps. First we can start with envisioning.
07:15
So here we're trying to say that we we can see if there's a need
07:19
to improve something.
07:21
We're trying to get a better return on investment
07:25
trying to
07:26
show
07:28
with a project plan and some other details that we think that we can modify this or this or this or redesign that
07:35
and produce some better result
07:39
after it's all completed.
07:41
So some deliver balls to think about. They're trying to find a project champion, someone who can work with you
07:46
to remove obstacles and to advocate for,
07:49
for the cause
07:51
again, dealing with a project plan
07:55
to find your scope to find your goals and your objectives.
07:59
That way, it's clear to anyone who looks at this documentation. Here's where you are now here's what you're trying to accomplish. You can get to some other place,
08:07
and it helps with the person doing the work to keep track of where the hour of the process as well. Then, of course,
08:13
describing all the other deliver bols that are expected
08:18
and as much detail as possible is going to be helpful to anyone looking at this. And
08:22
if you're trying to get people to help
08:24
showing them good, detailed documentation to build confidence and make them want to be part of the project
08:31
after we envisioned, then we have to think about initiating
08:35
so
08:37
talk with your sponsor that you, you ah,
08:41
start to work within the first step
08:43
and agree upon some goals.
08:45
If you can agree upon the goals, then you could start going about the process of gathering the evidence to support
08:50
the BP. Our plan,
08:52
some deliverables to think about here,
08:56
looking at internal external requirements,
08:58
maybe doing a business impact analysis or business
09:01
use case,
09:03
trying to show that if we change
09:05
the way we do things, we can make an extra 10% profit or something of that nature.
09:11
Put together a formal project plan.
09:15
Find out how much your your sponsor or the project manager
09:18
how much authority they have to actually help you make changes.
09:24
Look at your profit and loss statements.
09:26
So if you've got
09:28
details like this to work with, you can say
09:31
we're spending this much money on this. If we do this project that I'm proposing, we'll end up spending this much money, which is hopefully less
09:39
and then try to get your sponsor to sign off on your project charter
09:45
showing that they truly support the effort.
09:46
And I'm not just giving it lip service
09:50
and we move on to part three
09:52
of the of the application where we diagnose
09:56
problems, So this means you're studying the processes
10:00
in a very low level detail. Try and understand
10:05
where the value comes from and doing things the way they've been done before.
10:09
That helps to identify areas where that might be able able to be improvements instituted
10:16
some deliverables to think about here.
10:18
Try to document the existing processes best as you can
10:22
again, this could be it an area where things might slow down, but it's worth
10:26
doing because you wanna be able to compare the existing process with the one that's being proposed. As as the new process,
10:33
Try to find a way to measure the performance of the individual steps
10:39
in the process. The current process anyway.
10:41
If you could do this, then it should be easier to show where the improvements might be. Once the process gets redesigned,
10:48
then you're trying to look for ways to add value to your customers, to your users, to your management, to the bottom line,
10:56
wherever, wherever the value might be.
10:58
Also, you want to find those areas in the procedure of the process that do not add value
11:03
so that you can consider redesigning those separately, or maybe even removing them all together
11:09
because there might just be taking time and effort without any changeable benefit. Then you also want to think about what are the attributes
11:16
that are defined that show that this is a process does provide some value, does provide some meaningful use to the organization,
11:26
moving on to part for where we think about redesigning the process. Now that you've gathered some information you've done, the analysis have diagnosed the problems
11:35
that you think the process has
11:37
and you can consider redesigning. It may take several attempts at redesigning before you get a solution that works everyone's satisfaction. That's normal and expected
11:46
it would be very difficult to just redesign the first time and have everything be great unless you've been doing the work for a long time and you have a
11:54
some brilliant insight. Most likely, there will be some it orations that will have to happen,
12:00
but that's okay, so you analyze your alternatives
12:03
when you come up with a solution, you build a prototype, do some testing,
12:09
do some more analysis and determine if
12:11
the prototype is a successful replacement for the process that was
12:16
being redesigned,
12:18
and then you formally document
12:20
the final redesign. Once you've determined that that's going to be a suitable alternative,
12:26
then we move on to the reconstruction so you can take your process. He's apart
12:31
and put them back together. By following the BP. Our plan,
12:35
you might have instructions that were generated. Say that we
12:39
you want to start every process over from scratch. We're going to
12:43
just just regard any existing processes and start with the top down approach that has talked about earlier.
12:50
Or you might say, Well, we're gonna We're gonna go with the bottom up, incremental approach and look at every process documented and figure out where we can tweak it and where we can change something. Thio provide some small improvement,
13:03
hoping for a large net improvement once that process is completed.
13:07
So deliverables to think about here
13:11
having a conversion plant
13:13
paying attention to dependencies. If you're going to redesign something, you have to make sure that you don't break something else in the process,
13:20
so process a depends on process. Be when understood, redesigning process be I need to keep process a in mind. Otherwise, something will break between those two dealing with change control. That's an important consideration.
13:33
Making sure that you're
13:35
monitoring the progress of the BCP.
13:37
I'm sorry, the B p r.
13:41
Making sure that that if you do design
13:43
something new or you redesign an existing process that you have training materials or training program ready to go,
13:52
it would be foolish to redesign a process without educating the user's off that process as to what to expect.
14:00
How did they do things differently now than the way they used to do it To support the new way, the new method.
14:05
And of course, you want to be able Thio set up a pilot.
14:09
This means that you're going to potentially run the new process in parallel with the old process. Have some people use it, have people test it, make sure that it actually performs as expected.
14:20
Then you can finally go for some formal approval by the sponsor of the project,
14:26
getting them to sign off, to say that we went through all the appropriate steps and this looks to be a good solution, so we're gonna move forward with that.
14:33
All right. Moving on to be PR step number six where we evaluate
14:37
this isn't an important step because now that the process has been redesigned, you gather all your evidence putting into production.
14:45
You need to start measuring the performance of this process
14:50
and finding ways to contrast that with the performance of the previous process.
14:54
Would then close the loop to show that this was a worthwhile effort.
14:58
You did all the research. You found all the details you needed to gather all the evidence required.
15:05
Did the analysis redesigned redeployed something new? Now you're measuring it and you find that it actually works, and it's
15:13
generating the improvement that you was expected.
15:16
So some deliverables to think about here, comparing the forecast to the actual performance.
15:22
So you you expected a 10% improvement
15:24
in the time, or maybe profits. But the process redesign actually produced a 12% improvement. So that will be a great result to achieve
15:35
trying to find those lessons learned the post boredom, if you will. What did we discover when we were redesigned? This process that we didn't know before?
15:45
How can we use this information for the next be PR exercise? That will be good documentation tohave.
15:54
And then, of course,
15:56
we have to make sure that your quality assurance process or program works with the new process to make sure that everyone is aware of it properly trained
16:06
and that it's being monitored for problems just like all the other processes in the organization.

Up Next

IT Governance and Management

What does CISA Domain 2 cover? Domain 2 of the CISA surrounds the governance and management of IT, with included topics ranging from IT monitoring and assurance practices.

Instructed By

Instructor Profile Image
Dean Pompilio
CEO of SteppingStone Solutions
Instructor