The daily, human-driven processes upon which most businesses rely make up an estimated 60 to 80 percent of the work done in any given company. If left to their own devices, employees are likely to manage these processes via e-mail or Office applications, on paper or through verbal updates.
However, none of these ways enable managers to track the steps of business-critical actions and ensure positive outcomes. Ad hoc tasks, by their nature, defy the confines of structured solutions such as business process management. However, that doesn’t mean that businesses need to accept the operational risk inherent in unmanaged or mismanaged processes.
There are adaptive case management solutions available that are specifically designed for managing these unstructured processes. They consist of gathering information, collaborating with others, managing individual work loads, and making decisions that are dependent on the knowledge, judgment and experience of the participants. This technology can be a stand-alone solution or can be embedded in familiar Office environments, making it intuitive for users and simple to incorporate into day-to-day use.
Day-to-Day Uses for Adaptive Case Management
Day-to-day uses for adaptive case management
Operational risk management issues created by unstructured human processes exist in every industry and run the range from tactical process risk through strategic process risk. The audit process itself is a classic example of an unstructured human process.
Audit processes consist of a number of subtasks such as defining an audit plan, gathering information and defining findings, creating the recommendations based on those findings, and finally, the follow-up and tracking of recommendation implementation. Each subprocess is a negotiation and collaboration between the involved parties (done via e-mail and documents in many cases).
For illustration purposes, let’s focus on the recommendation-tracking and follow-up subprocess. Let’s say an audit finds a safety issue in a plant that needs corrective action. An auditor e-mails a plant manager, alerting him to the safety issue and making recommendations for addressing it. The plant manager then delegates the task (also via e-mail) to an employee and explains the corrective actions. They will most likely engage in e-mail conversation about the specifics of the safety issue: What is the problem? What needs review? What are the next steps?
In discussing the answers to these questions, the parties will likely go back and forth a few times. Depending upon the specifics, they may involve more team members to correct the issue. These exchanges are not unusual in the auditing process, but because they are ad hoc and unstructured, the auditor and management have no real visibility into the problem-solving activities, let alone an ability to manage and track the overall process life cycle.
Regulatory Compliance Processes
Regulatory compliance processes
An audit is just one way human processes are used for regulatory compliance. In today’s dynamic regulatory environment, new regulations and greater regulatory supervision are the norm for many industries.
In most cases, the process for handling these regulations are human-centric and unstructured-until the organization familiarizes itself with the regulation and its consequences. Over time, the organization may decide to codify the handling of compliance through a structured process supported by IT. Until then, though, most companies will handle it through a human process that is probably executed via e-mail messages and documents.
For example, the new “breach notification” provision of the Health Information Technology for Economic and Clinical Health Act (HITECH Act) is a healthcare regulation that has just been enacted. The regulation requires Health Insurance Portability and Accountability Act (HIPAA)-covered entities to promptly notify affected individuals, the health and human services secretary, and the media, of any breach affecting more than 500 individuals.
Since this is a new regulation, one possible way to handle compliance is to assign someone as the breach process owner. Her first act will most likely include sending out instructions on how to handle the breach. The first step in handling a breach might be sending an e-mail message to the breach process owner when a problem is discovered. At that point, the company would need to organize a response to the breach, making sure to meet the regulatory requirements and any relevant internal processes. That means ensuring affected individuals are notified and, if needed, that the government and media are notified.
The company may also launch an internal investigation of the breach. Without adaptive case management, all of these steps will probably be done via documents and e-mail messages-making it impossible to manage, track and audit compliance with the regulations.
More Examples of Regulatory Compliance Processes
More examples of regulatory compliance processes
Another example is a process initiated as a result of a decision taken during a board of directors (or any executive management) meeting. In this example, the meeting takes place, decisions are made and processes are initiated-but the processes themselves are different every time, depending on the context of the board meeting.
For example, let’s say a bank’s board is worried about the risk profile of the bank, especially their loans. Therefore, they will initiate a process regarding the risk management of loans to European real estate and construction projects. In this case, the bank made large loans for the construction of commercial real estate projects in a number of European countries and those projects have reached a point where they will be asking for additional funding to enable the project’s completion. In the time since the original loans were granted, both the macroeconomic and microeconomic environments have changed, causing the bank to revisit the original assumptions underlying the loans.
These loans now represent large, relatively risky loans and have the possibility of external scrutiny of the handling of those deals, so the board decided to take a closer look. It requested that the international banking division and the real estate division jointly look into the viability and risk of the projects, taking into account various deal parameters such as the current legal situation of the country involved, the macroeconomic outlook, the expected amount of financing that will be requested, the financing sources for the projects, the capital structure of the projects and the current viability of the developers.
Such a deep dive in process will generate more activity involving numerous people throughout different divisions in the bank and experts from outside the bank. The specific participants and information assembled are dependent on the specifics of the loans being examined.
Managing Unstructured Processes
Managing unstructured processes
Enabling the monitoring and tracking of unstructured processes through e-mail messages and documents also provides a complete system of record for execution-an invaluable asset if problems arise and an audit trail is needed.
For example, let’s assume you have a customer overseas and you need to verify that a large order can be shipped to that particular country. The sales manager in charge may have received an e-mail message from the controller notifying him of this requirement (that is, checking with export controls). However, given the nature of e-mail message, there is no way for the controller to know that the manager actually took the appropriate action; it may have fallen through the cracks or gotten lost in the flood of e-mail messages received by the sales manager.
Until your business has visibility into these unstructured activities, you are not managing the bulk of the work in your organization. If these processes should be tracked for compliance reasons, then this lack of visibility poses significant risk. Consider your regulatory and compliance processes-people-intensive tasks that begin as a result of an external regulation.
Think of how many e-mail messages and documents are generated by these processes. Does your business really know how compliance procedures are executed or where each of the currently running compliance processes stand? These changes occur on a case-by-case basis, and people tend to rely on documents and e-mail to deal with them. However, since these actions entail some type of penalty if not completed on time, IT must provide the ability to manage, track and monitor these ad hoc actions. Given the way most people work and the current infrastructure in most companies, the best way to do this is by enhancing e-mail and documents with adaptive case management.
It makes sense that IT first tackled the less complicated problem of handling rote actions that occur in the same manner over and over again. Business process management and similar products have ably automated oversight of those predictable tasks. Now, technology has advanced enough to handle the significantly more complex matter of action tracking changeable work. Adaptive case management makes it possible to monitor ad hoc processes from start to finish, in a manner that eliminates risk and increases visibility. Given the importance of these tasks to organizations in virtually every industry, the cost of not managing them is too great to consider.
Jacob Ukelson is Chief Technology Officer at ActionBase. Jacob has a proven track record in discovering and developing innovative solutions to real-world customer problems and then developing them into products. Jacob is published in many technical journals and has spoken at conferences worldwide. In 1997, he received the Alexander C. Williams Ergonomics and Human Factors Award from the Human Factors Society. He can be reached at [email protected].