I have previously posted information on how social network analysis (“SNA”) is being used to assist companies in getting a better picture of how their organizational structures actually work. Companies can use SNA to tap into underutilized human resources that have accumulated social capital and influence within the informal organizational structure even though they do not have lofty titles and formal spheres of influence on the company’s formal organizational chart. For example, a company that has been having trouble changing its culture to embrace more entrepreneurial and innovative values may supplement formal training with a search for low- and mid-level managers who have demonstrated the traits and talents the company is most anxious to instill throughout its workforce—passion, commitment, tolerance for calculated risk-taking, competitiveness, solution orientation, and an ability to inspire colleagues and build trust. Experts in SNA might work with the company’s human resources department to develop surveys, canvass existing information such as performance reviews, and interview executives and other senior managers to identify a small group of managers at lower levels of the formal company organization that appear to have the desired traits and talents. The members of that group would go through extensive interviews and asked to provide the names of others within the company that they believe share most or all of the characteristics that the company is seeking. The immediate result of this process should be identification of a core group of talented managers and other employees who had earned the respect of their peers and are well positioned to exert tremendous influence over their colleagues to drive them to take the company in a different direction provided the group can be convinced to buy into new goals and objectives established for the company.
The first step for mobilizing the leaders of the informal organizational network should be a focused meeting with the CEO and other members of the senior management group to discuss possible company goals and objectives and the strategies that might be used to achieve them. The CEO should not dictate and instead should be prepared to listen very carefully to the feedback that is provided by everyone in attendance. Proper respect should be shown for the social capital that has been accumulated by the key persons within the informal organizational network and the CEO must realize that they cannot be expected to fritter away that capital on ideas and directions that are not consistent with their own values and interests. The CEO and other senior managers should also be prepared to abandon micro-management of strategy and tactics and avoid constraining the informal network by changing the formal organizational structure in a way that will lead to conflicts as new projects are launched. Once these leaders of the informal organizational network understand what is being asked for by the CEO and the other senior managers they should be empowered to “organize” on their own and provided with the resources that are reasonably necessary to influence and educate other employees. For example, they may hold meetings and conferences to share information and discuss particular topics and brainstorm about new ways to do certain operational activities. In addition, plans should be made for monitoring the impact of supporting the leaders of the informal organizational network, such as by conducting surveys of employee and customer satisfaction. Finally, an effort should be made to continue identifying additional candidates for leadership in the informal network. Ironically, if the process is successful the informal organizational network will itself become more institutionalized and companies may set aside resources, such as administrative staff, to support its activities. However, companies need to be careful about the size and formality of their encouraged social network activities since a network that grows too large may lose its effectiveness.
The ability to recruit and retain talented and skilled managers and employees is essential for emerging companies to become and remain competitive. Unfortunately, companies are increasing challenged in their attempts to tap into pools of qualified candidates from outside due to the increasing global demand for talent and the lack of a sufficient number of Generation X workers to replace retiring baby boomers. As a result, companies are turning inward and attempting to identify potential leaders from within their workforce that can be trained to assume more important roles. In order for this strategy to be successful, companies are allocating more resources on management and employee development programs and creating what are, in effect, human capital investment projects. As with any other type of investment, companies must establish specific goals and objectives, which requires forecasting the future human resource requirements of the company; prioritizing how the available monies are spent on specific development programs; and creating tools that can be used to measure the effectiveness of the choices made relating to the investments in development programs.
There are a number of options available to companies wishing to provide professional and career development opportunities for their managers and employees. For example, many companies offer courses to their personnel covering a wide range of topics and the increasing ease of use of online learning has made it easier for companies to tap into specialized programs that are available through universities and private education companies. Universities are also mobilizing to provide a customized curriculum, including made-to-order degree programs for a specific company, which would be available through in-class courses and online. However, even companies with substantial financial resources are questioning the efficiency of trying to create and offer learning programs for everyone in the organization and there is a growing recognition that the scope and focus of these programs must be closely aligned with the long-term goals of the company. Specifically, companies are being advised to reduce the amount of funds allocated to training for rank-and-file employees and instead concentrate their efforts on the positions that the company has identified as being most critical for the success of the company five to ten years down the road. In order for this approach to be successful, however, the company must have a good idea of where it intends to go including what new products, technologies and markets will be central to the company’s business in the future. Moreover, human resources professionals must be able to assist managers in identifying those persons who are most likely to emerge as leaders at some point in the future and the company must be prepared to provide those selected for development with sufficient incentives to remain with the company to the point where there skills become most crucial and important.
I previously wrote about preparing procedures for responding to a security breach and noted the importance of having a data security policy. In this post I wanted to lay out some guidelines for drafting and implementing such a policy. Numerous versions of data security policies are available for viewing online and examples of policies adopted by governmental agencies, universities and hospitals are generally quite comprehensive and may be too cumbersome for use by smaller companies. There is a general consensus, however, that any data security policy should cover each of the following core topics and issues:
The policy should open with a “Statement of Purpose” that describes why the policy is needed and why the board of directors and senior executives of the company have taken the time and effort to create the policy and invest resources in educating employees about the underlying issues.
The policy should define its intended “scope,” including who and what is covered by the policy. This section should make it clear that the policy applies to employees, contractors and others that the company provides access to its confidential information. The policy should define the “data” which is subject to the policy and the definition should track applicable statutory definitions of “confidential personal information.”
The policy should spell out the responsibilities of all covered persons with respect to handling, storage and protection of confidential personal information. Since one of the primary audiences for the policy are the employees that work with sensitive data it should include rules and examples that track the manner in which the data is used on a day-to-day basis within the company.
The policy should identify who within the company organization has been vested with responsibility for implementing and enforcing the policy and should also spell out the potential sanctions that may be imposed against persons who fail to comply with the policy.
It is not sufficient to merely write a data security policy and post it on the company’s internal web site. A strategy should be put in place for communicating the policy throughout the company organization and making sure that all employees are aware of the policy and receive any necessary training and support. The person or department responsible for implementing and enforcing the policy should also develop procedures for reviewing how well the policy is working and updating the policy as needed to close any gaps in security that are identified or to fix any specific problems that may have led to an actual breach of security. The policy should also be reviewed periodically to make sure that it takes into account changes in technology and data storage practices as well as new laws and regulations and changes in the types of data that the company collects.
The requirements for any project should be developed by the project manager with consultation from senior executives, user groups and, if applicable, customers. In general, the requirements can be broken out into three basic categories – a statement of the scope of work and specifications for the end result of the project, milestone schedule, and a schematic that shows the logical structuring of the tasks and activities necessary to complete the project.
The statement of the scope of work should identify the goals and objectives of the project, briefly describe in narrative form the work required to complete the project and identify the material funding limits and other constraints. The length of the statement of work will vary depending on the size and importance of the project and for small projects may be no longer than a couple of sentences. It is important, however, for the project manager to prepare a statement for all projects regardless of size.
As the name implies, a “milestone schedule” is timeline, with target dates, of the major milestones that need to be achieved in order for the project to be completed. The actual milestones will depend on the particular project and, for example, a project focusing on new product development might include the following milestones: design review meetings, completion of initial product testing, availability of prototype, completion of procurement and receipt of required licenses for sale of the product. Delivery and presentation of major written and oral reports to senior executives may also be included on the milestone schedule.
The description of the work structure necessary for completion of the project will depend on the specific project; however, the goal of the project manager in developing the description is to break the project down into manageable sub-projects stages that can be priced, monitored and controlled. For example, if the project is the introduction of a new product the project manager might segregate tasks and activities the sub-projects might be identified as sales promotion/advertising, pricing, market test, manufacturing and training. In addition, the project manager should list the important tasks or activities for each sub-project. With respect to training for new product introduction the list of tasks or activities might include selection of salespersons, selection of distributors, training of salespersons, training of distributors, printing of literature, dissemination of literature to salespersons, and dissemination of literature to distributors. Note, of course, that activities such as dissemination of literature to salespersons and distributors cannot be done until the sales promotion/advertising sub-project is completed since that is the time when the relevant team members develop and finalize the literature.
The success or failure of a particular project often hinges on selecting the project manager. There is always a temptation to recruit the project manager from outside the company in order to avoid actual or perceived problems of conflict of interest or loyalties to a particular function or department within the company. However, bringing in someone new may not be the best idea since the person would not be familiar with the way that the company operates and others within the company may resent the newcomer and make it more difficult to complete the project successfully.
Line managers normally do not make good project managers given that they have built-in conflicts of interest and will also be distracted by their normal duties and responsibilities. In particular, if a line manager controls resources necessary for a project and also serves as the project manager she must often make difficult decisions regarding allocation of those resources between the project and the day-to-day functional activities that she is responsible for as the line manager.
If at all possible, senior management should identify one or two persons from within the company who have the requisite skills and independence and assign them to full-time, dedicated positions as project managers. Assuming that these persons do not have conflicts of interest, this is the best method for ensuring that projects can be executed effectively and efficiently since the project managers can focus all of their attention on the projects and build and nurture the skills necessary for effective project management. This method works best when there is a steady steam of projects sufficient to justify allocation of resources to full-time project managers and it should be expected that project managers will handle several projects simultaneously.
While there is a long list of desirable personal characteristics for a project manager, the two most important are communicative and interpersonal skills. Assuming that the project manager will be required to interact with managers and employees from all parts of the company, many of which have high levels of technical expertise, it is essential for the project manager to be a good communicator, poised and an effective integrator of divergent opinions and personal styles. In addition, the best project managers are able to balance technical solutions with the applicable constraints – time, cost and performance – and devote sufficient time and attention to planning and controlling the project. Finally, the project manager must be able to identify and resolve problems and make decisions and explain them clearly and thoughtfully to all parties involved and impacted by the decision.
In order to be effective a project manager must understand quantitative tools and methods, organizational structures and organizational behavior. Companies generally have a variety of quantitative tools and resources for planning, scheduling, controlling and monitoring work processes. Knowledge of organizational structure of the company includes an understanding of how each line function or department operates so that potential conflicts between the responsibilities and goals of the project manager and each of the line managers can be identified and reconciled as soon as possible in order to allow the project to proceed smoothly and effectively. Finally, organizational behavioral issues focus on the conflicts that will typically arise for functional employees when they are required to simultaneously report to their line manager and to the project manager of any project to which they are assigned. In order to address problems from this dual-reporting structure senior management must ensure that managers and employees receive adequate training and guidance before imposing a project management overlay on to the day-to-day organizational structure.
The Securities and Exchange Commission (“SEC”) recently decided to allow issuers and other soliciting persons to furnish proxy materials to shareholders by posting them on an Internet website (other than EDGAR) and providing shareholders with a Notice of Internet Availability of Proxy Materials in a prescribed form. This “notice and access” model is voluntary, not mandatory; does not replace other methods of furnishing proxy materials in paper or email form; and can be used for all proxy solicitations except those relating to business combinations. Unless a shareholder has already consented to electronic communications, issuers electing to follow the “notice and access” model must mail the Notice at least 40 calendar days prior to the shareholder meeting (other requirements apply to soliciting persons other than the issuer). The Notice must include a prominent legend in bold-face type that states: “Important Notice Regarding the Availability of Proxy Materials for the Shareholder Meeting to Be Held on [insert meeting date]” and must also include the following information mandated by the rules and requirements promulgated by the SEC:
A statement that the communication presents only an overview of more complete proxy materials available to shareholders on the Internet and a statement that shareholders are encouraged to access and review all of the important information contained in the proxy materials before voting.
A statement that proxy materials are available at a specified Internet Web site.
A notification to shareholders that if they want to receive a paper or e-mail copy of the documents, they must request one, a statement that there is no charge for requesting a copy, and a notice that a request for a copy must be made in the manner described in the Notice on or before a specified date in order to facilitate timely delivery.
The date, time, and location of the meeting, or if corporate action is to be taken by written consent, the earliest date on which the corporate action may be effected.
A clear and impartial identification of each separate matter intended to be acted on and the soliciting person’s recommendations regarding those matters, but no supporting statements.
A list of the materials being made available at the specified Internet Web site.
A toll-free telephone number, an e-mail address, and an Internet Web site where the security holder can request a copy of the proxy statement, annual report to security holders, and form of proxy, relating to all of the registrant’s future security holder meetings and for the particular meeting to which the proxy materials being furnished relate.
Any control/identification numbers that the security holder needs to access his or her form of proxy.
Instructions on how to access the form of proxy, provided that such instructions do not enable a security holder to execute a proxy without having access to the proxy statement and, if required, the annual report to security holders.
Information on how to obtain directions to be able to attend the meeting and vote in person.
Companies that send a Notice of Internet Availability of Proxy Materials must use plain English principles in the organization, language, and design of the notice including short sentences; definite, concrete, everyday words; active voice; tabular presentation or bullet lists for complex material, whenever possible; no legal jargon or highly technical business terms; and no multiple negatives.
Several different forms of project management have been identified and each of them raises their own unique issues with respect project management techniques and cooperation and coordination between different departments and business units within the company.
The first form is referred to as “fragmented,” or “partial project,” management and will be used in cases where project management is required only for a small portion of the activities of the company. A good example would be the use of project management techniques within a single department, such as new product development, which the remainder of the company continues to rely solely on traditional management tools. This type of project is relatively simple to execute given that there is little need to reconcile actual or potential conflicts with other departments; however, it is still necessary to understand some of the tools that are available to improve how the project proceeds. Moreover, the manager or employee within the department who is responsible for the project should be trained in basic communication, organization and project management techniques to be sure that the project is completed on a timely basis and that the end result conforms to the expectations of all interested parties within the department.
The second form is called “departmental project management” and requires that each department have its own project managers to oversee the department’s contribution to a larger project that must pass continuously through several departments. New product development provides a good example of how this might work. The process might begin with a project manager and project management structure in the research and development department. Once the project team in that department has completed its work the torch is passed to another project manager and team in the engineering department. This process continues through the manufacturing and marketing departments. While the advantage is that each department uses a formal process to manage and complete its main responsibilities with respect to launching the new product, the obvious disadvantage is that there is no single project manager with a stake in making sure that the entire project successfully moves through all the stages from beginning to end. The obvious response to the limitations of departmental project management is “task force project management” that includes designation of a task force leader who is to be “responsible” for making sure that the entire project is completed.
Finally, companies engaged in project-driven industries such as aerospace, construction and defense tend to gravitate toward “matrix” structures. A matrix management structure for a project requires coordination between the project manager who is primarily responsible for the work flow and completion of the project and the managers of the various functional departments that have control over the resources that the project manager needs in order to complete the project. Advantages of this type of structure include access to the specialized resources developed and enhanced by the functional departments; however, the main disadvantage is the possibility that the managers of the functional departments will withhold resources from the project and channel them toward other projects that have a more direct bearing on the performance and operations of the department. Companies using a matrix management structure for projects may adopt different variations that are based, in large part, on how power is balanced between the project and departmental managers and senior management generally needs to be prepared to actively intervene to ensure that the project is completed on a timely basis without undue disruption to departmental activities.
In addition to a data security policy, each company should also have formal procedures in place to describe the steps that it is required to follow in the event of a security breach that results in the unauthorized disclosure of confidential personal information that the company is maintaining in its electronic and paper-based data systems. The process should be triggered by either actual evidence of a security breach (i.e., acquisition of confidential personal information by an unauthorized person) or the occurrence of events that create a reasonable belief in the minds of company officials that a security breach is likely to have taken place (e.g., suspicious loss or theft of a computer or device that contains unencrypted confidential personal information). The first step after the problem is noticed should be controlling and containing the systems that appear to have been breached and launching a preliminary internal investigation to ascertain the scope of the breach. The internal investigation should be conducted with the assistance of outside forensic investigators. The company should also contact law enforcement agencies (i.e., the Federal Bureau of Investigation and state and local police departments) to notify them about the breach and honor the instructions of those agencies as to whether or not the company should go forward with notifying affected persons or wait until such time as notice would not impede any law enforcement investigation. Assuming that the law enforcement agencies do not object, the company should than take the necessary steps to comply with applicable federal, state and local requirements to notice affected individuals about the unauthorized access to their confidential personal information. The specific requirements regarding the contents and timing of the notice, including the need to notify credit reporting agencies, should be verified. Finally, in the case of public companies that suffer a security breach, a report of the breach should be made in the company annual and quarterly filings with the SEC (i.e., Forms 10-K and 10-Q) and persons within the company who have notice of the breach should be barred from trading securities of the company until a public announcement of the breach has been made and disseminated in the financial markets.
One of the most important ways that the CEO of an emerging company can impact how effectively the company and its organizational structure operates is through his or her selection of the members of the senior management team. In addition to their functional skills and experience, senior managers can support the vision of the CEO by communicating and practicing the attitudes and values associated with the organizational culture preferred by the CEO. In order to fulfill this role, senior managers must understand culture and organizational structure of the company and the thoughts and directions of the CEO and should have a clear idea of where the company is headed and be committed to that direction.
While recruiting and retaining high quality members for the senior management team is obviously important for the organization, development of job descriptions for senior managers is often neglected. One reason this occurs is because senior managers often view job descriptions as to restrictive or static to be of much use. Another concern that a senior manager might have about engaging in developing his or her own job description is that the end product might be used as the basis for a negative performance evaluation or a change in role and responsibilities that might be unacceptable to the manager. Disadvantages aside, however, it is recommended that an effort be made to write job descriptions for top managers in order to define their specific tasks and objectives. By preparing job descriptions for senior managers, and reviewing them periodically, the CEO can make sure that the responsibilities and objectives of the managers are properly aligned with each other and with the overall goals of the company. In addition, job descriptions can provide a direction for each senior manager and a basis for establishing priorities that are mutually agreed upon by the manager and the CEO. Finally, a job description for a senior management position that has yet to be filled can provide a basis for discussions with prospective candidates. A job description for a member of the senior management team should focus on the tasks to be done; the goals to be achieved; the challenges to be overcome; and the organizational norms that are to be emphasized. In addition, the job description should include a list of the information that will be needed in order to evaluate the performance of the manager in relation to the stated duties and responsibilities.
The budgeting process is an essential element of strategic business planning that involves the development of the goals and objectives of the company; the formulation of specific department and overall organizational budgets; and the reporting and follow-up of budget variances and revisions. The goals and objectives of the company should, of course, be based on an assessment of the marketplace, the operational activities and strengths of the company, and the long-term business objectives of the stakeholders of the company. These goals and objectives are needed in order to give direction to the budgeting process. Operational objectives could include such things as controlling inventory levels and carrying costs and, if so, the budget should include all the indicators necessary to monitor inventory-related performance.
Analysis of variances is absolutely necessary to evaluate the integrity of the budgets as well as overall performance of organizational operations. By identifying and analyzing material variances, management can determine if the budget needs to be revised and/or other operational decisions are required. In order for the budgeting process to be most effective it should be done on a continuous basis as opposed to episodically or once a year so that the budget becomes a tool for regular feedback and improvement.
Fixed budgets are generally used in situations where the sales volume of the company is relatively stable and predictable. Fixed budgets are based on the estimated or standard unit costs, selling expenses and administrative expenses that correspond to a specific projected volume of sales. A fixed budget serves as a profit plan–assuming that the estimated costs and expenses are less than the projected sales revenues—and can be used as the basis for cash flow forecasting; however, the utility of a fixed budget depends heavily on the accuracy of the assumptions regarding sales volume. Accordingly, if the actual sales volume differs substantially from the projections, either due to unforeseen circumstances or faulty assumptions, then a fixed budget will immediately require modification—particularly if sales are depressed and cost cutting is needed in order to avoid substantial losses.
The alternative to a fixed budget is a flexible, or variable, budget. This type of budget is useful for controlling expenses and evaluating managerial performance. Development of a flexible budget begins with allocation of expense items to three different categories: fixed, semi-variable and variable. Each expense item has its own specially developed formula that is used to forecast costs and expenses based on the actual level of sales or production. Allocation of expense items and development of formulae can be a challenging process since it is often difficult to determine whether an expense is fixed or variable or choose whether the formulae should be based on sales or output. However, the time and effort invested in creating a flexible budgeting process is generally comparable to that associated with a fixed budget if one factors in inevitable modifications to the original fixed budget in light of actual operational performance. In fact, flexible budgeting is probably the preferred approach for smaller companies that are growing since there is bound to be unpredictability with respect to sales and output and the inherent flexibility lends itself to the management of change that is so necessary during the earlier stages of the company’s development.