Start your day with intelligence. Get The OODA Daily Pulse.
Informing your decisions with actionable intelligence
Start your day with intelligence. Get The OODA Daily Pulse.
Informing your decisions with actionable intelligence
This is part of a series providing insights aimed at corporate strategists seeking competitive advantage through better and more accurate decision-making. The full series is available at our special section on Decision Intelligence. Members are also invited to discuss this topic at the OODA Member Forum on Slack.
This post dives into actionable recommendation on ways to optimize a corporate intelligence effort. It is based on a career serving large scale analytical efforts in the US Intelligence Community and in applying principles of intelligence in corporate America.
The lessons learned we provide in optimizing intelligence are binned into the following categories:
Here is more on each of these:
Whether you are just starting your corporate intelligence program or have been at it for a while, you need a vision that spells out what you want to do. The vision should be easy to understand by a broad range of stakeholders. Every company is different and the vision for how intelligence will serve yours is something you will want to work on internally. But as a starting point consider a draft vision of: “Our intelligence processes will ethically get the right information to the right decision-makers in a form they need, when they need it.” You might also add statements of quality in your vision, perhaps like: “the quality of our intelligence will be so high it will drive operational decisions.” Others may want to add key elements of security to the intelligence vision, like “Our results will be protected from unauthorized users but ensured for authorized decision-makers.”
As you build the vision for your firm, keep in mind that good intelligence programs require by-in from a large number of stakeholders, so you will want to coordinate this vision broadly before finalizing. Then you will want to use this vision to drive action on your program.
Informal intelligence processes are by definition sub-optimized. Optimizing intelligence processes will result in more decision-makers knowing the information at their disposal and ways to make use of it. It will also enable training and continual improvement of the workforce in ways that make your organization more agile and competitive.
The first step in optimizing intelligence processes is understanding them to a degree where they can be written down. If you are early in your journey of improving your corporate intelligence this may seem like a daunting task. There may be an overwhelming number of information inputs and workflows in your organization already. In situations like this we advise starting at a high level to map out strategic processes and fill out detail as you go, this can save time and management overhead while delivering value quickly.
One of the greatest aids in understanding corporate intelligence processes is the methods pioneered by the US intelligence community called the Intelligence Cycle. While designed for intelligence processes serving the national intelligence community it has been proven to be a workable model applicable to most forms of corporate intelligence as well. This is a very high level articulation of processes, so it may very well be a good starting point for capturing your current processes and give you a framework to build out your documentation from.
The key steps in the intelligence cycle are:
Professionalization of intelligence includes using sound analytical methodologies for conducting analysis. History has made it clear that humans are prone to errors in thinking and science has proven that sound analytical methods can improve our ability to reason. It requires very little investment to learn these methods of critical thinking so every corporate intelligence effort should know them (to ensure you are aware of all relevant analytical methods we will we will dive deeper into them in coming posts). Professionalization also means putting in place methods to check for bias in analysis (see An Executive’s Guide To Cognitive Bias in Decision Making).
Smaller companies might not have a single person that can be dedicated to corporate intelligence processes. But even in those cases the things that are done need to be done professionally or they should not be done at all. Firms that can dedicate full time staff to intelligence functions can optimize them by ensuring staff has the right training, education, experience and are backed by well thought out corporate policies to ensure their success. More important than all that is how these people are treated and led, which gets to the key point. Treat intelligence functions in your corporation as a professional discipline, and the people behind the intelligence functions as professionals.
This goes for your own actions in this domain as well. Leaders who approach corporate intelligence with seriousness and discipline are better able to articulate clear requirements (discussed below) and better able to provide feedback to continuously optimize efforts.
In many companies, intelligence processes simply evolved as the corporation grew, and the organizational components that support those processes may be scattered and not operating under common guidance. It pays to think though how your intelligence functions are organized and led. Since corporate cultures vary, you will need to determine the right approach yourself. But in general, for each intelligence function you can either decide on a centralized or decentralized model. The centralized model may involve a special unit or center that reports to the COO or other C-suite executive, but serves the entire corporation. A decentralized model will involve ensuring the right organizational components have their own resourced to dedicate to the intelligence function.
Whether you pick a centralized or decentralized approach for the intelligence functions, we strongly recommend you name a senior executive to be in charge of the function. For example, a Chief Security Officer or perhaps Chief Information Security Officer should be in charge of your corporate approach to threat intelligence. A CFO is responsible for all aspects of financial reporting so in many cases the CFO will be a good choice for business intelligence process leadership. A chief growth officer, chief revenue officer or chief strategy officer may be the right leaders for functions of market intelligence, competitive intelligence, due diligence and tech forecasting.
One of the most critically important inputs to corporate intelligence processes is a list of requirements. The requirements process should involve all decision-makers that rely on intelligence. Requirements should spell out what type of information is needed and when it is needed by.
Intelligence staff can help ensure a good requirements process by providing feedback on intelligence requirements and asking clarifying questions, but responsibility for running the process should be in the hands of the executive over the intelligence function (the CEO, COO, CFO etc). The requirements should have as much fidelity as possible, and should, when possible, contain information on when the information is needed by.
Data is the fuel for your intelligence processes. Sources include your internal corporate data, publicly available data, and paid feeds from specialized providers.
Internal corporate data is usually the primary source of business intelligence functions. It can include data on sales and expenses and forecasts on both. Internal data also includes information on suppliers, inventory and employees. Internal data can also include feeds from physical security systems and cyber security systems.
Publicly available data is the largest data source. The art form is in determining the right data from the globally connected Internet to draw from. Finding the right data is informed by the vision of your intelligence program and the requirements articulated by leaders. (We hope OODALoop.com remains on your list of intelligence providers!).
Paid providers are available for every discipline of corporate intelligence. The best will provide intelligence in a format ready to be consumed by your organization. This includes information that can inform decision-makers at all levels.
In each case, for every data source, you should understand the strengths and weaknesses of the data source. Also determine how dependent you are on the data and if you should be developing other data sources to mitigate the risks associated with dependences.
For smaller organizations it can be relatively easy to keep everyone in the loop. But the larger your business gets the more thought needs to be put into how corporate processes will ensure the right intelligence will get to the right user at the right time.
In some cases, solutions can be put in place to give decision-makers intelligence integrated into the way they work. For example, business intelligence solutions can be provided that lets users interact with data themselves, pulling the info and iterating over data as they ask new questions. This type of solution can be hard to leverage for competitive intelligence and threat intelligence. But for those, intelligence teams can produce written products for dissemination to decision-makers.
Other ways of disseminating intelligence internally include webinars and in-person briefings.
The reason intelligence functions exist is to serve corporate decision-makers. Intelligence can only improve it there is feedback to the process. When intelligence fails to support decisions, the intelligence team needs to know that. When intelligence results in success the team needs to know that too.
Some of the most important feedback will come in the way of more questions for the intelligence team. The more, and harder, questions, the better the intelligence team can perform.
Treating corporate intelligence as a discipline requires putting forethought into how you acquire the right intelligence, how you analyze it, and get it to the right users. There are technological components to this. To the greatest extent possible, you want to manage this process and the data associated with it in a way that is secure from adversary exploitation. Corporate intelligence should only accessible to authorized corporate users. But your intelligence architecture must also be designed to get the right capabilities and data to every user that needs intelligence. Finding balance between these two competing interests requires engineering. Fortunately, best practices around identity management, access control and encryption can be applied to ensure both these requirements are appropriately met.
In our experience, corporate intelligence architectures that meet the conflicting goals of getting intelligence to all who need it while keeping unauthorized users out are only built when leadership makes this a clear objective. Which leads to the recommendation that this be considered a leadership level requirement.
The security measures that will be built into the technical architecture supporting your corporate security efforts are necessary, but not sufficient, to protecting your intelligence efforts. Your employees and business partners, including suppliers of intelligence information, need to follow well thought out policies that keep your corporate intelligence information from unauthorized disclosure.
As a simple example of operational security leaks, consider a corporation that has a desire to read the latest information on a competitor’s website. This is openly public information, and, depending on the line of business of the organization, reading this is probably a best practice. Perhaps an analyst from one aircraft manufacturer wants to read what is on another aircraft manufacturer’s website, for example. If the analyst uses a corporate computer, then the second firm will know the precise pages that are being viewed by their competitor. It is also easy to configure websites to show different things to different users depending on where they are viewing from, so the competitor could actually provide information meant to confuse to the viewer from the first company. Good operational security can prevent these types of scenarios.
Note: when contracting with assistance in your intelligence program, it is very important to evaluate the operational security of your contractors. If their methods are observable to your competitors it is less than optimal.
Most businesses already use corporate intelligence. All can optimize how they do so. As you build your plans to optimize your corporate intelligence the lessons learned presented here can kickstart your efforts.
None of the steps above will happen on their own. They all require leadership. Which gets to perhaps the most important concluding comment we can make: Leaders should take a proactive role in optimizing corporate intelligence. With your involvement you can ensure your company leverages the best possible intelligence as fuel for your corporate decision making.
The next post in our series on the Intelligent Enterprise will provide inputs on standards you can apply to your corporate effort, based on the proven standards and methods of the US Intelligence Community.
About the Author
Bob Gourley is an experienced Chief Technology Officer (CTO), Board Qualified Technical Executive (QTE), author and entrepreneur with extensive past performance in enterprise IT, corporate cybersecurity and data analytics. CTO of OODA LLC, a unique team of international experts which provide board advisory and cybersecurity consulting services. OODA publishes OODALoop.com. Bob has been an advisor to dozens of successful high tech startups and has conducted enterprise cybersecurity assessments for businesses in multiple sectors of the economy. He was a career Naval Intelligence Officer and is the former CTO of the Defense Intelligence Agency.
Informing your decisions with actionable intelligence
Informing your decisions with actionable intelligence