Environmental Sustentation 19: Water

Water, water everywhere
and not a drop to drink

As we indicated in our damnation post on water, fresh water is quickly becoming the scarcest resource. While nearly 70% of the globe is covered by water, less than 2.5% of it is fresh. Moreover, only 1% of our freshwater is easily accessible, with the rest trapped in glaciers, snowfields, and the earth itself. In essence, at most 0.007% of the planet’s water is available to fuel the planet’s 7 Billion people. And the situation is only going to get worse.

By 2025, over 5 Billion people could be dealing with water scarcity issues. That’s (well) over half the planet, and, by then, a significant amount of these people will be in developed countries with the means to do something about it. Governments will have to do what it takes to ensure their people have enough water, and rather than risk revolt, they won’t care about what that does to your business.

The reality is that it’s not just we as individuals that need fresh water to drink (and, to some extent, to bathe and clean) and to grow our food (in dry climates that need irrigation), but our organizations need it too. When it comes to modern production, water is needed to clean and cool modern production plants. For example, not only is it impossible to make semiconductors and modern computer microchips in anything other than an ultra-clean facility, but ultra-pure water is required during production.

But it’s not just semiconductor and microchip plants that require clean, and sometimes ultra clean, water, it’s also data centres that use water cooling, production plants that have to clean production lines between runs, and so on.

As indicated in our damnation post, you can no longer depend on your local city infrastructure to deliver fresh, clean water to you. In many developed economies, there is not always enough water for consumers. In the southern US, municipalities often have to ban people from watering their lawn, in southern Europe, there is not enough water for agriculture, and so on. Countries where, even a decade ago, one would not expect a freshwater crisis are now experiencing water shortages.

You need to insure as soon as possible that the only fresh water required by your organizations is the fresh water your employees need to drink. Your office buildings should be updated so that only the faucets, and maybe the showers, use fresh water, the toilets should use recycled water that goes through a filtration purifier. All of your plants should be retrofitted with multi-stage filtration that includes desalination, that can take whatever water source is available — recycled water, locally pumped groundwater, and even re-routed seawater — and use that. If astronauts can survive on fully recycled water for six months or more in the space station, it’s obvious that this technology is no longer rocket science, well understood, and very affordable — and much cheaper than the skyrocketing costs to the local municipality that can be expected or the cost of a disruption because your water gets shut off during a crisis. Build your own water processing plants now, or form a cooperative with other nearby factories or large office complexes to do so, and reap the benefits later.

If You Can Marry Magic to Logic You Might Just End the Marketing Mayhem

In our last post where we asked if marketing mayhem got you down, we noted that, in many organizations, Marketing is still one of those sacred cow categories that Procurement has (very) little influence over (but yet often accounts for [up to] 20% of spend).

And since it needs to have a substantial impact on sales and revenue at that spend volume, it’s important that the spend be effective as well as efficient. This means that not only does the organization have to make the spend that is most likely to lead to a return, but it can’t overspend in the double digit percentages on a significant percentage of spend if it wants to get the maximum ROI. But when a considerable portion of the spend is on consumables (like print) or commodity services (like website design, social media marketing, or production overhead costs), that spend has to be efficient. But when its managed by Marketing, it typically isn’t.

But as a Procurement professional, whom Marketing often sees as the enemy who only wants to help Finance cut their budget as Procurement cuts their spend, chances are you won’t ever get to lay a hand on this spend unless you can change the status quo, which starts with changing the way Marketing sees you. In order to do this, you have to look like someone who is their friend, and not their foe, and this will involve mastering the marketing way — walking the walk, talking the talk, understanding, and working towards their viewpoint (spend money to make money, even if they can’t measure it). (Except that you will work with Marketing to take action to make sure that spend is accompanied by measurements and metrics that will help Marketing gage which spend is most successful with respect to a particular goal.)

Only once the walk, talk, and focus is mastered can Procurement get to the message, which has to revolve around Agency (Lifecycle) Management, as discussed in a recent six-part series over on Spend Matters Plus on Mastering the Marketing Way by the anarchist and the doctor. As of our last post, only the first three articles were available. Now the entire series is available. And in the last three articles you get a deep dive into agency management support, intelligence, training, and how to create a great RFX. If you want good results, you need a good RFX — and creating a marketing RFX is not like creating an RFX for commodity goods.

the doctor recommends that you check out the rest of the series, which is the most in-depth series on mastering marketing spend for Procurement that has ever hit the Procurement bit stream.

  • Offering Agency Management Support
  • Optimize Your RFX Support
  • Intelligence and Training

Enjoy.

Should All Service Spend Be Subject to Procurement

Last week, Spend Matters UK ran a great post that asked “why do executives employ their friends as consultants”, which noted that one of the most problematical spend categories is professional services, and in some organizations, this is even more problematic than contingent labour spend, marketing spend, and legal spend. Why? Not only do some executives in some firms often engage senior experts and big 5 consulting firms on six, seven, and eight figure (plus) deals without any notice or without any respect for the process, but they often do so without any background checks or references whatsoever.

Sometimes, as pointed out by the public defender, the consulting firm or expert is being hired because the consulting firm or expert was hired in the past and did a great job, and, more importantly, there is a need for speed.

Sometimes, as also pointed out by the public defender, the budget holder is simply lazy. He knows the consulting firm or expert will do an okay job, and that’s good enough for him.

But sometimes, as documented by the public defender, there is an emotional dependence on the supplier, and that’s a good enough reason for the budget holder not to rock the boat, and other times there is a personal relationship, which is a great reason for the budget holder but not so great for the organization.

And sometimes, as clarified by the public defender, the reason is not a good one, or even a legit one. The budget holder might be making the award on the future expectations of a favour or because of a bribe and/or kickbacks that have been, or will be, received.

But if bribes and kickbacks was the worst situation that could happen, that wouldn’t be so bad. It would just mean that the award was costing the organization more than it should (and maybe significantly more than market average). If the work is quality, and identifies an ROI, that’s not too bad.

You see, if proper process, and due diligence is not taken, the organization could:

  • guarantee a large minimum payment regardless of work quality, completion, or dismissal (such as a 1M payment for early termination)
  • hire someone with a known criminal record for fraud
  • hire someone with known terrorist associations who will try to steal trade secret technology protected under a defence act

And if you think overpaying an average consultant who will take twice as long to produce an inferior result is bad, imagine how much worse each of these situations would be.

So, while maybe it is the case that not all spend should be under the control of Procurement, it is the case that all spend should follow the proper Procurement process under the guidance of Procurement so that all the facts, and options, are available to the budget holder. And since the CFO and CEO can be held criminally liable for certain oversights in the business, they should support this as following a good Procurement process and policy is the best CYA defense there is.

Data Breach Response Planning Part II


Today’s guest post is from Torey Guingrich, a Project Manager at Source One Management Services, LLC who specializes in helping global companies drive greater value from their IT and Telecommunications investments.

In our last post, we indicated that no industry or company can escape the potential of a data breach, including yours. Given that large retailers, health insurance companies, financial services firms, and the U.S. federal government have had to deal with reporting and responding to large-scale data breaches in the last few years, it’s becoming more and more of a certainty that if your organization is of a significant size and has a fair amount of valuable (or secret) data, at some point it will be desirable enough for a third party to try and obtain it illegally through a hack or systems breach. And bolstering prevention alone might not be enough, any weakness at all in any system used by your organization, or a supplier, could be enough to let a black-hat in. Thus, the best preparation, and prevention, is often that which assumes a breach will occur and has plans, and relationships (as per our last post), to identify, patch, and deal with the breach as fast as possible. A quick response can be the difference between a breach that is only able to capture a few dozen credit card numbers at one point of sale and a breach that continues to infiltrate the system until thousands of credit card numbers across dozens of points of sale are compromised.

In order to insure a quick identification and response to a data breach, along with choosing partners to work with for a breach, the key to quick action is to have the internal processes and systems in place to respond accordingly. As part of preparation, companies are beginning to define data breach response teams to develop response plans and define clear roles for the key departments that would need to spring into action. Typical roles/areas that companies would need to include are:

  • IT
    Companies look to their IT departments to immediately identify and rectify the point of entry for any breach. IT will need to work with forensic IT partners to get as much information as possible in terms of scope and scale of the breach, as well as ensure systems are up and running to keep regular operations functional.
  • Communications
    The Communications team needs to take a lead role in responding to a breach and developing key materials (e.g. for the call centre scripts, press releases) within a data breach response plan. Appoint a role or individual as the spokesperson for the company and ensure that all employees, and even BOD members, know to reference back to this person when contacted regarding a breach.
  • Operations
    The call centres are one of the first areas that are overloaded when a breach occurs. Work with Communications to prepare scripts and materials to provide to the call centre (both in-house and outsourced) to ensure a consistent message and avoid unwanted confusion. Your Operations team also needs to ensure that internal operations are adjusted as necessary and continue to run given that a breach has occurred.
  • Legal
    Your Legal department (and likely outside counsel) will need to look at the compliance and regulatory implications of a breach. Depending on what industry your company is in, data breaches can carry hefty fines. To report a breach accurately, key individuals will need to work with IT to understand scope and scale and report to the necessary governing bodies. As this landscape evolves, ensure that the Legal department is aware of any new regulation that your industry may become subject to, e.g., proposed cybersecurity regulations for banks and insurers. The Legal team will likely need to engage with law enforcement, either local or federal, and manage the company’s duties along with direction received from law enforcement.
  • Suppliers
    A supplier may in fact be the point of entry for a breach in your system, as has been the case with many of the breaches in recent years. It is important to understand that your customers will still be looking to your company to respond and correct that breach. Because you will need to work with your suppliers to correct and adjust operations as necessary, Procurement should consider including language in contracts or RFXs that obligates suppliers to comply with your response plan in the event of a breach.
  • CEO/C-Suite
    Within each of these groups, it is vital to have individuals within the response team that can make decisions. Typical delegation and “chain of command” decision making will only delay the process and response that your company is able to provide. Executives and team members also need to understand that they may need to make decisions with incomplete information; this can be difficult for organizations who are accustomed to making decisions only when all variables are identified. Due to the scrutiny and reputational risk at stake, it should be made clear to customers that decisions are being made given the information available at the time.
  • Procurement
    Procurement will need to support supplier selection, contracting, engagement, and performance management of all necessary outsourced response services. Procurement will be managing different priorities and requirements from various stakeholders involved in a breach, i.e. all of the departments above, and will be expected to act as a cornerstone in ensuring that different requirements are met and balanced when and where they need to be.

As indicated at the start of this post, in today’s atmosphere, the possibility of a breach cannot be ignored and relying too heavily on breach prevention without a focus on response preparation can be a costly mistake. To avoid this, make sure your organization has a validated response plan and key materials primed in advance of a breach to be able to promptly respond to customers and return to normal operations as quickly as possible. Given the department’s experience in supporting process improvement and collaboration, Procurement is in a unique position to champion a proactive approach to response planning by bringing together stakeholders and identifying strategic partners that can enable the entire organization to respond to the dreaded data breach.

Thanks, Torey.