Six Sigma,  ROI and  Cyber Law Compliancy

.


In the quest for continuous improvement of business competitiveness, the industry has now set its focus on a BPI (Business Process Improvement) programme that can provide measurable benefits to a Company.

Six Sigma is one of the methodologies that is being practiced and essentially is a conscious approach to near perfect operational efficiency. It aims at identifying defects and rectifying them. It is a rigorous and disciplined methodology that uses data and statistical analysis to measure and improve a company's operational performance by identifying and eliminating "defects" in manufacturing and service-related processes.

Cyber Law Compliancy (CyLawCom) as being advocated by Naavi.org is similar to and perhaps be considered as one part of the Six Sigma approach covering the defects that arise out of non compliance of the legal aspects of Computer business.

The experiences of Radiant Software, Polaris, I Flex, Elcomsoft or Napster bears fruit to the fact that negligence of legal compliancy in business could have disastrous financial consequences.

Unlike the Six Sigma Core approach which quantifies the number of defects and tries to minimize them, CyLawCom is to be treated more with as a qualitative assessment. It is often not the number of Cyber Law Non Compliance incidents that pose a danger to business continuity or profits. It is the nature of non compliance.

The undersigned recently came across an incident where certain aspects of CyLawCom negligence lead to a staff member picking up a key software tool developed by the Company and pass it on to a competitor. One single incident of this nature could cost a Company enough to drive it out of business.

We often encounter a question amongst IT managers about ROI (Return on Investment) of a Cyber Law Compliancy programme.  The ROI in case of the above Company if it had implemented a proper CyLawCom programme would have been perhaps around 500 % pa.

ROI of a CyLawCom programme should be looked at  as we see the ROI of "Insurance". Let us take "Medical Insurance" for a person of age 30. If he carries a hospitalization policy and maintains it regularly say for the next thirty years paying an average premium of say Rs 2500 per year, he may be spending Rs 75000/- over a period of 30 years. However the probability of incurring a hospitalization expenditure of around say Rs 3 lakhs during this period is nearly one, making it a 400 % ROI (Gross) investment.

Similarly, a Company should consider a long term perspective of at least 10 years and estimate the probability of its legal negligence crystalizing into a financial liability and then evaluate the ROI of its CyLawCom programme.  Obviously, the probability of the CyLawCom programme providing complete protection against any liability also cannot be one. But even at a lesser level the savings achieved could be enough to provide the right ROI. Taking examples of Napster or Radiant Software both of whom had to sell themselves out to survive, it is clear that the cost of CyLawCom negligence could be placed at 100 % of the discounted turnover of next 10 years of the Company.

A quick glance around the industry can indicate that there are many small , medium and large Companies and Banks who are merrily carrying on their E-business in India with several CyLawCom risks left unattended. One never knows when they will be hit and when that day comes, all the stakeholders would regret their negligence.

Cyber Law Compliancy haw three major segments, namely,

1.  IPR violations

2. Digital Contracts

3.Due Diligence

IPR violations are easily understood and covers the avoidance of using Pirated software or violation of Licensing terms of a software. The other two segments however are not so easily understood and Companies are likely to commit far more mistakes in these segments due to ignorance than in the IPR area. IT users must understand that every "Mouse Click" or a "Key Board Tap" particularly while on a website is a potential signature to a commitment.  There could be hidden contractual obligations behind such clicks and taps. Similarly, every Network manager should realize that he is the custodian of "Due Diligence" in managing the Network from the point of view of Cyber Law Compliancy and any lapse on his part can land his Company into losses and put his job at stake.

In order to start its CyLawCom process, Naavi.org advocates a AAA Enterprise training programme covering

Awareness Creation about Cyber Laws

Application of Cyber Laws in day to day business

Absorption of Cyber Laws into the Business Strategy

Steps taken in this regard could well be significant strides for a Company towards Six Sigma Certification.

Naavi

January 15, 2003

(Comments are Welcome)