Investment Management and ITSM: Lessons to be Learned

Spent several hours yesterday with a brokerage firm, consolidating various financial accounts.  I’ve worked for various corporations over my career naturally choosing to take the 401k investment options that each had offered.  My belief is if the place is good enough to work at why wouldn’t you invest in it also.  On the surface the logic makes sense.  However, as I’ve delved deeper in Portfolio Management and Enterprise Risk Management (ERM) concepts the past several months I’ve gained a deeper appreciation of the concepts of diversification and attention capacity or economics.


Most modern portfolio management discussions introduce the topic of diversification as a means of risk mitigation.  The theory suggest that having a broad set of investments reduces one’s risk as if one element in the portfolio crashes or under performs it will be made up by others.  This only hold true if each investment is independent of the others.  That is to say, there is causal relationship between the two components.  However, if there are causal relationships then these components are not truly independent and the portfolio you’ve create still has risk exposure.  Take the most recent financial meltdown of the economy.  Stocks, Bonds, Real Estate, and other investment all tanked crashing the economy.  In theory this should not have occurred as these are separate asset classes, independent of others.  However, as the laws, rules and regulations changed regarding banks, brokerage houses, Real Estate Mortgages, and other financial vehicles subtle interconnections between these components were established.  These connections were either not well understood or completely ignored.  Investment vehicles such as collateralized debt started to appear.  These created the linkage between other assets which established the potential for what eventually happened.

Collateralized Debt has as its root a portion of Portfolio Management.  That is investing in multiple elements to reduce risk, in many cases high risk mortgages.  The theory being that may be one or two mortgages might fail but overall the majority of these would not.  However, the conditions that created failure for several of these mortgage failures where the same for most of the others.  This when one failed it was only a matter of time for the others. As such this pool was a collection not a managed portfolio.  Add to this other investment vehicles such as derivatives which further linked real estate to other types of investment in the economy and the causal chain was completed with few people realizing the risk that was just created.

ITSM’s relationship to Investment Management

ITSM seeks to create an ecosystem for the enterprise where the Information Technology function creates a catalog of services for the rest of the enterprise to consume either to perform its knowledge work or provide to its external customers.  One the surface this is a great concept.  In practice creating an catalog of services that are tightly integrated brings to it the same risks to the enterprise as tightly linking the various financial vehicles did in the general economy.  This serious strategy and due diligence in risk management and mitigation is called for least an enterprise crash like the economy over an IT failure.  Consider if your network infrastructure failed for several days and you just recently migrated all your voice (phones) to voice of IP (VOIP):  Your financial functions can not access your general ledger, not billing can go out, nor paying vendors; Your in house sales staff either cannot call prospects or have to use their personal cellphones to make calls, further expense and they can’t enter orders anyway your systems are down; other negative effects propagate throughout the enterprise and compound the situation.  In a very short period of time an enterprise could be so overwhelmed with the consequences it could take years to recover or might never recover.

Some vendors might say move to the cloud that will solve the problem…but will it? What happens if your cloud provider fails, or access (your internet connection is down), or both.  You are back to that same perfect storm scenario.  So is the answer go back to a paper based system?  Not likely, the scale and speed of business today prevents going back to such methods.  The answer I believe lays in a more comprehensive approach to the strategy and design of enterprise.  An approach the unifies Executives, Line of Business Management and Information Technology is an effort to view and manage the risk in a coherent and conscious manner.  This suggest enhancing current portfolio management practices advocated by vendors that only prioritize investment by ROI (gain) to include the downside aspects (i.e., Risks such that ERM typically works to mitigate).

Attention Economics

The problem with such an approach is that it requires greater attention to detail and in an age where businesses have caught AD/HD, this is a hard practice to employ.  Its easy to ignore the risks as did the investment and economics communities prior to the financial meltdown.  Many corporations are focused on multiple targets and this one is left to the IT function, typically without effective governance or oversight my the executive suite.  Possibly due to the fact that discussions often arise around the technology’s structure rather than the capability ad risks of applying.  This tends to overwhelm the attention span of the rest of the business as those not involved with IT capability creation and management don’t have the time to learn the details.  This is where Enterprise Architects and Technology Strategist should play a role, however, oft times they are used for designing applications rather than helping to guide technology application for the enterprise.  A subtle difference but critical to understand if your EA function is to provide the highest value to the corporation.

The one leverage point that may eventually cause corporations to focus on this arena -in spite of all the standards and methodologies out there– is that Corporate Executives are now held responsible for governance actions.  And whether they understand the ramifications or not of new laws and regulations such as SOX, Patriot Act, HIPA, and others not understanding how to govern corporate information and information processing will eventually put both a business at risk and executives out on the street or worse.

Structure in Threes: Integrating Finance and Engineering approaches to Risk

As I continue researching risk elements for designing and enterprise, it is interesting to see how implementing risk management translates differently depending upon your discipline.  Finance focuses on of course financial risk; the various forms risk takes with regard to translating investments into returns in a monetary sense.  While engineering disciplines focus upon risk that effects the degree of achievement to performance goals of a product or lately service.  Both disciplines acknowledge the others concerns but often do not provide the linkage between these.  Finance will often categorize engineering risks into buckets called operational and strategic/business risks.  Engineering will lump the various economic risks into a single bucket called financial risk.

This is mirrored in how Business Continuity/Disaster Recovery(BC/DR) and Enterprise Risk Management (ERM) are implemented in most corporations. The BC/DR practices focus on the engineering risks of project, process and product, while the ERM practices direct attention to the financial aspects of the enterprise.  What seems to be missing is the linkage between the two.  The interrelationship between the two or cascading effects appear to be a neglected concern.  This maybe due to the nature of our western culture or increased specificity of roles within corporations even in white collar positions now.  The role of the generalist or systems thinker has been diminished or dismissed or possibly transformed.  More and more of my systems thinking peers have become entrepreneurs, possibly because they do not fit the new organizational models or appear to be in direct competition with mid-level management.  This is odd in that first line and mid-level management no longer have the time to consider various degrees of consequences of actions and decisions or alternatives, but is the stock and trade of systems thinkers.  This may be one of the root causes to several of the catastrophic failures of the economic system, geo-political relationships and technology achievement misses.

Today’s research continues down the path of system dynamics and identifying the linkages between financial and engineering risk management.  It may turn out that there is no true mathematical formula that links these and the best that can be achieved is to use Bayesian logic to create priorities for a balanced scorecard that reflect enterprise values and then monitor how these correlate to the ecosystem.  Which brings me back to using system dynamic models and validating these with actual performance in the real world.

In my opinion , despite the emergence of BI and Big Data, application at this level is still years away.  The majority of enterprises and thought leaders are still at a primitive level when thinking about exploiting such technology.  Think of how sophisticated and how long it took to apply various influence and behavior models in the marketing community.  Then consider the effects of having too much information, creating an information glut.  While computers are great at dealing with volumes of data, we humans are not.  We still need to deal with the limits of cognition.  Despite all the hype about multi-tasking, the facts are coming out, something is lost when you try to focus on too many tasks at once.  In fact you’re not actually focusing on them at once, you are switching attention between them rapidly (page swapping) and eventually you either reach a limit where you get nothing accomplished or a catastrophic event happens: Texting while driving during the Grand Prix is not a good idea.  What this suggest is that it will take a long time to really sort through BI and Big Data’s potential into something practical verses creating more noise in the enterprise system.

Structure in Threes: Business Continuity / Disaster Recovery

Several months back I had released the first four parts of a White Paper Series on Business Continuity / Disaster Recovery Strategy for Microsoft’s Services.  During my research & brainstorming efforts for the series I became aware of just how fragmented the entire domain was.  There are efforts in Finance; Information Technology; and Corporate Governance, Risk and Compliance functions.  However, collaboration between these functions on the topic of protecting the corporation are often non-existent.   This fact become further evident to me during a discussion I had yesterday around an old engagement on Y2K mitigation.  I was discussing an old consulting engagement with a group director.  He had wanted to get a handle on “How I Think”  –I though it reasonable, but unlikely to succeed objective, but was willing to give him the best opportunity to do such.  The unfortunate think about discussions like this is these require similar knowledge bases and context as often terms and concepts are used to relay deeper meanings.  If you’re not aware of these materials its like hearing a foreign language; you may pick up some of the tone of the conversation but the deeper meanings are lost.

To continue while discussing the engagement I had started to think about how to integrate these three Business Continuity / Disaster Recovery function’s focus around ensuring business survival in context to Portfolio Management.  Clearly, the financial planning specialist consider these goals.  Then another recent request for information and conversation came back to me regarding the Future of Wealth Management Branches.  This past year I’ve been getting lots of inquiries from various Wealth Management and associated  groups about what they can do for me.  Or may be I’m just more attune to the messages this year due to the topics I’ve been researching and developing Intellectual Property around.   From the synthesis and analysis of the data I had been collecting, the financial services industry around this topic was just as fragmented as businesses itself.

–As an side, it was appearing to me to become the organizational equivalent of a Fractal, now you see why I though understanding my thinking process was going to be difficult.  I’m continually developing broader and deeper knowledge base, like most people…however, I spend time generalizing these into patterns and looking how to connect and integrate these into my broader knowledge base.  This was the foundation for my company Intellectual Arbitrage Group.  Which later I discovered a small collective of other people are doing also; Genrich Altshuller whose methodology TRIZ is a brilliant formalization of the process I go through is one example.–

So as I review the outline for my book project I’m starting to see another thread develop which also looks to be another triad.