Monthly Archives: September 2024

What SHOULD Procurement Officials Learn from CrowdStrike?

A recent article over on on GovTech titled What Can Procurement Officials Learn from CrowdStrike caught my eye because I wondered if it contained the most important lesson.

The article, which sub-headlined on how CrowdStrike is a useful lesson for officials who draw up government IT contracts, pushing them to ask the question of how future contracts can prepare for any unplanned outages, hit on five important point(s) of modern SaaS / Cloud-powered technology.

  • additional safeguards are needed in IT contracts
  • even with safeguards, there is still the possibility of a cyberattack, so there must be an immediately actionable disaster response and recovery plan (which vendors must be able to live up to)
  • there should be alternate backup/failover options, even if non-preferred, and that can include paper in the worst case (as far as the doctor is concerned, it’s absurd when a store shuts down in broad daylight because they lost power or internet connectivity to the bank — that’s why we have cash and credit card imprint machines)
  • one should consider specifying liquidated damages up front, to prevent long drawn out lawsuits and delayed response time from the third party (who will want to avoid those damages)
  • consider cyber insurance, either on the vendor side or your side

Which is all good advice, but misses the most important point:

NEVER ALLOW A CRITICAL SYSTEM TO BE AUTOMATICALLY UPDATED (en masse)

Now, there’s a reason the military will exactly configure a system designed for single use and LOCK IT DOWN. That’s so it can’t accidentally go down from an unplanned / uncontrolled update when it’s needed most.

For example, there’s no way any update, no matter how minor, should be pushed out to a core airline operations terminal without an administrator monitoring the update (which could be on the vendor side IF the vendor maintains a [virtual] configuration that is the exact same as the customer’s configuration) and ensuring everything works perfectly after the update. And then the updates should be propogated to the rest of the terminals in a staged fashion. (Unless you’re dealing with a critical zero-day exploit that could expose financial or personal information, there’s no need for rapid updates; and even then, there should be techs on standby after that test update is complete just in case something goes wrong and a system has to be immediately rolled back or rebooted.)

Modern operating system installations, like Windows 11, can have up to 100,000,000 (that’s one hundreds million) lines of code and since you never know where the bugs are, there is no such thing as a low-risk update. Any update has the chance of taking down the OS or the application you are updating that is integrated with the OS.

But this is not the only critical lesson to takeaway. The next is:

For critical systems, your provider must maintain backup hot-swap redundant systems!

Once a configuration is confirmed to be bug-fee, it must be propagated to the backup, which must have a backup redundant data store with all transactions replicated in real-time (so that you’d never lose more than a minute or two of updates with an unexpected failure) that can be hot-swapped through a simple IP redirection should something catastrophic happen that takes down the entire primary system. This backup redundant system must have enough power to run all critical core operations (but not necessarily optional ones like reporting, or tasks that only need to be run every two weeks, like payroll, etc.) until the primary system can be brought back online. A catastrophic event like a rolling failure from a security or OS update or cyberattack should be recoverable in minutes simply by re-routing to the failover instance and rebooting all the local machines and/or restarting all the browser sessions.

Those are the lessons. If a system is so critical you cannot operate at all without it, you must have redundancy and a failover plan that can bring you back online with an hour, max.

Advanced Procurement Yesterday — No Gen-AI Needed!

Back in late 2018 and early 2019, before the GENizah Artificial Idiocy craze began, the doctor did a sequence of AI Series (totalling 22 articles) on Spend Matters on AI in X Today, Tomorrow, and The Day After Tomorrow for Procurement, Sourcing, Sourcing Optimization, Supplier Discovery, and Supplier Management. All of which was implemented, about to be implemented, capable of being implemented, and most definitely not doable with, Gen-AI.

To make it abundantly clear that you don’t need Gen-AI for any advanced enterprise back-office (fin)tech, and that, in fact, you should never even consider it for advanced tech in these categories (because it cannot reason, cannot guarantee consistency, and confidence on the quality of its outputs can’t even be measured), we’re going to talk about all the advanced features enabled by Assisted and Augmented Intelligence (as we don’t really have true appercipient [cognitive] intelligence or autonomous intelligence, and we’d need at least autonomous intelligence to really call a system artificially intelligent — the doctor described the levels in a 2020 Spend Matters article on how Artificial intelligence levels show AI is not created equal. Do you know what the vendor is selling?) that have been available for years (if you looked for, and found, the right best-of-breed systems [many of which are the hidden gems in the Mega Map]). And we’re going to start with Procurement.

Unlike prior series, we’re going to mention some of the traditional, sound, ML/AI technologies that are, or can, be used to implement the advanced capabilities that are currently found, or will soon be found, in Source-to-Pay technologies that are truly AI-enhanced. (Which, FYI, might not match one-to-one with what the doctor chronicled five years ago because, like time, tech marches on.)

Today we start with AI-Enhanced Procurement that was available yesterday (and, in fact, for at least the past 5 years if you go back and read the doctor‘s original series, which will provide a lot more detail on each capability we’re discussing. (This article sort of corresponds with AI in Procurement Today Part I and AI in Procurement Today Part II published in November, 2018 on Spend Matters.)

YESTERDAY

TRUE AUTOMATION

Not sorry to burst the Gen-AI believers’ bubble, but true automation has existed in leading Procurement technology for almost two decades, using tried-and-true rules-based RPA that supports advanced rule construction using the full breadth of boolean logic, mathematical formulae construction, and flexible (regex, clustering, etc.) pattern matching.

SMART AUTO RE-ORDER

Threshold re-order points, adaptive trend analysis (based on sales data for quantity, expected delivery time and economic order quantity for interval and volume determination), and contract/preferred suppliers can handle this better than most stock clerks for MRO / commodity stock items.

GUIDED BUYING

All you need to do this amazingly well is RPA, rules based on contract/preferred/budget, and semantically aware keyword/phrase matching, and, if you want a NLI (Natural Language Interface), traditional semantic processing to extract the key-words/phrases that are the appropriate nouns (and items of interest).

SMART (ADAPTIVE) AUTOMATIC APPROVALS

This is just RPA using a rules based workflow, thresholds, and exception-based decision pattern analysis to allow the thresholds to be adjusted within a range based on an approval and/or the platform to infer the thresholds/rules actually being applied by the approver using pattern identification (based on significant factor analysis or fingerprinting) across exceptions to suggest the necessary rule modifications.

ERROR PREVENTION

This just requires valid pattern definition, context-based range analysis, and outlier detection (using clustering, curve fitting, or trend analysis). Anything that can’t be done with the right mix of these methods can’t be done reliably.

M-WAY MATCH

Anything you can’t do with RPA using rules-based workflow, identifier matching, and confidence-based pattern matching and suggestion SHOULD NOT BE DONE. Moreover, anything that can’t be matched with certainty should be flipped back to the supplier for correction/completion (if key identifiers were missing), possibly with a suggestion/question (for e.g. does this invoice correspond to PO 123XYZ?).

SUMMARY

Now, we realize this was very brief, but again, that’s because this is not new tech, that was available long before Gen-AI, which should be native in the majority (if not the entirety) to any true best-of-breed Procurement platform, that is easy to understand — and that was described in detail in the doctor‘s 2019 articles for those who wish to dive deeper. The whole point was to explain how traditional ML methods enable all of this, with ease, it just takes human intelligence (HI!) to define and code it.

Technology DOES NOT Solve Your Talent Problem!

And any claims to the contrary are a considerable collection of cow cr@p!

So, needless to say, the doctor was disgusted at this thinly disguised advertorial by, and for, Amazon Business, which said technology, i.e. its platform, would solve your talent problem.

Not even close!

According to the advertorial, which appeared, appallingly, in USA Today:

While some churn may be inevitable, organizations can take steps to ensure their procurement teams are satisfied. One major step is ensuring they have the technology they need to do their jobs effectively.

Which is important, but not a major step.

If you ask people what they want in a job, which Gallup did in a survey to 13,085 US employees in 2022, it was:

  1. A significant increase in income or benefits (64%)
  2. Greater work-life balance and better personal wellbeing (61%)
  3. The ability to do what they do best (58%)
  4. Greater stability and job security (53%)
  5. Vaccination policies that align with my beliefs (43%)
  6. The organization is diverse and inclusive of all types of people (42%)

the doctor would bet with certainty that not a single respondent said “better technology” in their top five wants. As he repeatedly points out, which he did yet again in why do successful solution providers ruin everything by becoming tech companies?, no one wants tech or software … no one. They just want whatever makes their job easier, and that ain’t always fancy new tech.

At best, it’s a minor step that can enhance the ability to do what they do best.

Then it quotes their VP who says that since 74% of leaders seeing digitization as­­ key to better operations, the interpretation must be it’s clear we need seamless, consumer-like experiences in business procurement because this is what we are used to.

No! NO! NO! Joël Collin-Demers recently penned a great post on why we need to stop chasing an “Amazon-like” buying experience for requesters in your business! In short, in business, it’s inefficient, ineffective, and downright unpleasant. As Joël says, it’s the paradox of choice.

B2B is not the same as B2C, it’s never been, and never should be. So assuming that B2C is the solution is just plain wrong. B2B needs different solutions customized for the needs of bulk buyers.

The really depressing part about the article is they quote a lot of studies by reputable organizations with really concerning findings about just how bad the talent problem is and give a lot of good advice on what kinds of technology a Procurement organization should have in place. It’s too bad they chose to wrap it in a layer of cow cr@p and sully what could have been a good article on why a company should have a Procurement solution run by good talent (two different problems, two different arguments). They could have written the most credible piece USA Today ever published on the subject, but instead decided to pen some self-service BS rubbish with bad arguments and known wrong conclusions.

The only good thing the doctor can say about it is at least they didn’t mention the Gen-AI bullcr@p when they talked about the use of AI in procurement and got that part right at least!

Here’s the thing, if you have a talent problem, it usually comes down to one of two reasons:

  • you haven’t been able to / can’t hire enough talent
  • the talent you have is leaving

If you can’t hire enough talent, that’s usually because you can’t attract enough talent, and that’s usually because you aren’t hitting the top 6 points in the gallup poll referenced above. You need to step back and

  • evaluate your standard offer (pay and benefits) against the local & global industry norms
  • analyze your work life balance options
  • assess the freedom and control you give employees to do their job
  • gauge the job security you offer
  • minimize your (lack of) vaccination policy (which, if it exists, should match the jurisdiction in which your employee resides — i.e. you comply with legal requirements, and that’s it — the choice should be theirs)
  • ask yourself if you truly are an inclusive organization (which, FYI, does not mean DEI — see THE PROPHET‘s many rants on why this is not inclusivity as, simply put, opportunity does not imply outcome and DEI only measures outcome, which simply means it is being used in some countries as a new form of legal discrimination)

And if you can’t keep enough talent, you have to consider the top reasons people quit (as captured in a 2021 Pew Research Center survey):

  • low pay, see #1 reason for taking a new job
  • no opportunities for advancement
  • no respect
  • child care issues, see #2 reason for taking a new job
  • not enough work hour flexibility, see #2 reason for taking a new job
  • poor benefits, see #1 reason for taking a new job
  • wanted to relocate, see #3 reason for taking a new job
  • too many hours, see #2 reason for taking a new job
  • too few hours, see #4 reason for taking a new job
  • COVID-19 vaccine required, see #5 reason for taking a new job

Now, do you see “poor technology” anywhere on that list? If you do, get a new prescription and review the lists again. You don’t. That’s because, only a small fraction of people who leave a job will quote technology as one of the reasons (and the doctor would guarantee 99/100 it’s not the primary reason), and it’s probably less than the 14% quoted in the article. If you actually dig up the quote Lakeside Software research study, you see it canvassed 600 executives, IT leaders, and employees on the state of workplace technology and their digital experience. Not only is that a small sample group compared to the Gallup and Pew studies, but that’s not a homogenous sample group of employees (who were only 1/3 of the participants) — as executives and leaders (who probably don’t even have to use a computer) have entirely different reasons for taking and leaving jobs than the workforce! And even if the statistic was that high, you should be a heck of a lot more worried about why the other 6 employees are leaving than the 1 who decides he doesn’t like the tech he’s being forced to use, because you have much bigger problems than not having the absolute best tech!

Anyway, if you want more insights into Talent Recruitment, Retention, and Revolutionizing, dig into the SI archives.

You Admit You Might Be a Dumb Company. How do you avoid the fork in the road that leads to the Graveyard? Part 1

Good for you! Admitting you might be a dumb company is the most important thing to do on the yellow brick road to enlightenment.

So what do you do next? In short you:

  1. start by admitting to every mistake you are making and do something about it,
  2. look for opportunities to improve that are logical next steps, and
  3. never, ever forget the timeless basics.

Today, we’ll start with describing what you do when you identify, and admit to, one of the first five mistakes we chronicled in our re-introduction to our “dumb company” series and want to do something better. Next week, we’ll tackle the remainder of the mistakes before we move on to our eight-part series (each of which is worth much more than a piece of eight) on avoiding the graveyard if you are a dead company walking. After that, we’ll provide even more advice if you just want to be a smart company in two two-part series! In other words, SI has a lot of great helpful content lined up for you if you are a vendor that wants to successfully sail the choppy seas ahead (and not end up as another wreck on the ocean floor).

1) No More Perks

Unless you’re going crazy on perks, just leave them alone.

If a few are a bit crazy, reign them in to reasonable levels.

If they still eat up too much of your budget, find something else to cut. Start with the deadweight (and begin your search in the [micro] management suite). A useless or salary or two will go a long way to maintaining morale (and if you cut deadweight, morale will even lift).

2) No More Tech/SaaS

First, do a process time audit and figure out where your people are spending too much time on tasks that can be semi-automated to a significant extent.

Then, identify the appropriate solution to the problem and a set of potential SaaS tools to fill that solution affordably.

Then, Get SaaSy and do a SaaS audit, find the 33%+ overspend, cut it, and use that savings to get the SaaS your organization needs to be more productive and receive a return of at least $3 for every $1 spend on SaaS.

Finally, if your cloud costs are significant, Be Cloud Aware and do a cloud audit, tracking down what applications, or parts of your application, are chewing up the most CPU time. Then reign that in. Ongoing cloud costs add up faster than you realize!

3) NPD Can Wait (Sell What We Have)

Maybe heaven can wait, but hell waits for no man, and neither do the competition you don’t yet know about. No matter how good, or how bad, times are, your product must ALWAYS be improving. The minute you stop, the sales will stop as the customers will peg you as a dead company walking if you are not actively developing your product.

Segment all features into must, should and nice to have from a target customer perspective and make sure you are constantly working on the “must have” features, getting a decent number of the “should have” features that aren’t too time consuming to add into the plan, and prioritize any “nice to haves” that can swing a deal in your favour. If you have to slow down a bit because you can’t expand the team, that’s fine, just as long as you don’t stop.

Remember to keep dependencies in mind and structure development so that dependencies are always done first, to minimize release cycles.

4) No More Travel

Before you approve travel,

  1. first do an audit of all travel reasons the company has seen. Then,
  2. identify the direct and indirect ROI on past travel. Finally,
    • determine where in a marketing cycle travel actually results in actual, qualified leads
    • determine where in a sales cycle travel actually results in a selection or sale
    • determine which conferences/workshops/training events helped product management or developers

Then deny all travel that does not fall into one of those buckets.

Next, for travel that does, look at the cost vs. the projected return and how it compares to the most successful travel of the past. If a conference only results in 10 real leads, and it will cost 100K, but there’s another conference likely to result in 5 real leads that will only cost 25K, deny the first request and approve the second.

If $$$’s are tight, then restrict all travel to

  • small, focussed, cost-effective events that will generate actual leads or customer insights
  • on-sites likely to close the deal
  • low cost workshops where your product managers / developers will definitely improve their skills

5) Cut 10% Across the Board

Do a full budget review (keeping the dumb mistakes in mind) and cut the unnecessary expenses. They are MUCH higher than you think (because, when times are good, or you raise too much money, you don’t watch the small stuff and your unnecessary tail spend is just as bad as your clients).

Then, do a performance analysis (and blind peer review) of the teams across the department, especially the management teams, and cut the real deadweight.

Chances are, done right, there’s more than 10% that can be safely cut with no impact (whereas 10% across the board will damage morale to the point that the best talent might leave at a time they are the most critical).

Be sure to keep reading SI as Part 2 posts next week!