BPO Standards

Information Security Management Systems: ISO 17799 / BS7799 / BS 7799 Security Standards and Philosophy

BS7799-2:2002 is a standard specification for an Information Security Management Systems (ISMS). An ISMS is the means by which Senior Management monitor and control their security, minimizing the residual business risk and ensuring that security continues to fulfill corporate, customer and legal requirements. It forms part of an organization's internal control system.

ISO 17799:2005 is a standard code of practice and can be regarded as a comprehensive catalogue of good security things to do.

ISO 17799 is the most widely recognized security standard. It is based upon BS7799. BS7799 is the most widely recognized security standard in the world. Originally formulated in the mid-nineties, it was formally put together in a useable form in May 1999. It progressed into BS EN ISO17799 in December 2000. BS 7799 (ISO17799) is comprehensive in its coverage of security issues, containing a significant number of control requirements.

Compliance with it is a hard task even for the most security prepared of organizations. The areas covered are:

* Objectives
* Scope
* Coverage
* Awareness

Risk analysis – is the determination of what control (and expenditure) is appropriate for given situations or specific areas/systems/applications. It forms the baseline for an organization's Information Security Policy.

Contents of ISO 17799 - ISO 17799 is an extremely detailed security standard, organized into ten major sections. Each section covers a different topic or area. The objectives of each of these are as follows:

Security Policy
To provide management direction and support for information security.

Business Continuity Planning
To counteract interruptions to business activities and to critical business processes from the effects of major failures or disasters.

System Access Control: 1) To control access to information 2) To prevent unauthorized computer access 3) To prevent unauthorized access to information systems 4) To ensure the protection of networked services 5) To detect unauthorized activities. 6) To ensure information security when using mobile computing and tele-networking facilities.

System Development & Maintenance: 1) To ensure security is built into operational systems; 2) To ensure IT projects and support activities are conducted in a secure manner; 3) To prevent loss, modification or misuse of user data in application systems; 4) To protect the confidentiality, authenticity and integrity of information; 5) To maintain the security of application system software and data.

Physical and Environmental Security: To prevent unauthorized access, damage and interference to business remises and information; to prevent compromise or theft of information and information processing facilities; to prevent loss, damage or compromise of assets and interruption to business activities.

Compliance
1) To avoid breaches of any criminal or civil law, statutory, regulatory or contractual obligations and of any security requirements
2) To ensure compliance of systems with organizational security policies and standards
3) To maximize the effectiveness of and to minimize interference to/from the system audit process.

Personnel Security: To reduce risks of human error, fraud, theft or misuse of facilities; to ensure that users are aware of information security threats and concerns, and are equipped to support the corporate security policy in the course of their normal work; to minimize the damage from security incidents and malfunctions and learn from such incidents.

Security Organization: To manage information security within the Company; 2) To maintain the security of information when the responsibility for information processing has been outsourced to another organization. 3) To maintain the security of organizational information processing facilities and information assets accessed by third parties.

Computer & Operations Management: 1) To ensure the correct and secure operation of information processing facilities; 2) To ensure the safeguarding of information in networks and the protection of the supporting infrastructure; 3) To minimize the risk of systems failures; 4) To protect the integrity of software and information; 5) To maintain the integrity and availability of information processing and communication; 6) To prevent damage to assets and interruptions to business activities; 7) To prevent loss, modification or misuse of information exchanged between organizations.

Asset Classification and Control: To maintain appropriate protection of corporate assets and to ensure that information assets receive an appropriate level of protection.

Roadmap - The best starting point is often an assessment of the current position, followed by identification of what changes are needed for ISO17799. From here, planning and implementation must be undertaken. Legislation - A growing number of legislative mandates are appearing in the area of information security. In Europe , Data Protection Legislation is now fully operable. The UK 's Data Protection Act is fairly typical and contains eight Data Protection Principles. These state that all data must be:

Processed fairly and lawfully
-Obtained & used only for specified and lawful purposes

-Adequate, relevant and not excessive
-Accurate, and where necessary, kept up to date
-Kept for no longer than necessary
-Processed in accordance with the individuals rights (as defined)
-Kept secure

COPC

The COPC-2000 ® Standard was developed in 1995/96 by individuals from Microsoft, Motorola, American Express, L. L. Bean, Novell and other customer-focused companies who were concerned with the level of service quality provided to customers by customer service provider organizations. It is the most demanding standard in the customer contact industry. COPC is recognized worldwide as the leading authority on the operational performance of customer contact centers.

As with ISO any other quality program, COPC is an audited, documented process and certification demands annual renewal. The COPC standards were necessary as a majority of customer service operations and call centers were having trouble relating to existing standards which were very manufacturing-oriented.

Some examples of standards include COPC's expectation that every employee know his or her company's mission statement.


24/7 Customer was the First Company in India to Earn the Prestigious COPC-2000® Certification. This came immediately after 24/7 Customer successfully secured the highest Baseline Assessment score to date by any organization using the COPC-2000® Standard (from COPC, the leading authority in customer intensive operations standards.

Accenture Customer Contact Center in Bangalore is the World's First to Receive COPC Gold Standard Certification, the highest rating for Quality Customer Service.

Some FAQ's on COPC :

What is COPC?
Customer Operations Performance Center is an international standard for quality management, specially for call centers.

What is the purpose of the COPC Standard?
To define management & operational requirements for customer service providers (CSP).
To ensure services provided by the CSP meet the CSP's clients & end users expectations.
To provide CSP's with a standards framework within which they can define & implement improvement efforts.

Who are the users of COPC Standard?
Applications - Customer Service, Order Management, Tech Support, Outbound, Fulfillment, Collections, E-Commerce
Industries - Telecommunications, Financial Services, Consumer Products, Consumer Services, Industrial Products, Utilities, Healthcare, and Government

What is the purpose of COPC Standard?
The COPC Model works on increasing Quality, Service, Customer Satisfaction thereby leading to decrease in total cost of operations while getting better profitability.

What is the duration and expenditure involved in COPC Certification?
Time Frame: 1 Year
Resource Required: At Least one registered Coordinator
Cost: Starts at 25 lacs and may go onto 75 lacs depending on who you choose as your consultants.

Can ISO be a starting point to COPC?
Yes. ISO implementation leverages - Standardized Processes, Continual improvement through Measurement and Analysis of Processes and Performance, Client & Customer Focus Orientation.


COPC enhances Standard - P providing Call centers specific Measurement Criteria and their Benchmarks, Identifying and qualifying specific Data recording requirements, Financial Performance Improvement is also part of COPC audits.

Making the Right Choice

There are quite a few standards to choose from - ISO, COPC, STI, HDI, SSPA, SCP and many more. Natural evolution will see more standards in the next few years. The marketplace will determine the survivors. As you consider certification and adopt, implement and sustain a Standard in your organization, keep the following in mind:

1.) Set clear objectives for the effort. These can be financial, non-financial, or more likely some combination. They can be oriented towards improving short-term results such as operational efficiency or longer-term results such as improved customer satisfaction and employee retention. Consider the multiple cultures the Standard will impact to ensure a successful implementation.

2.) Test a Standard for its Return on Investment (ROI). Be sure to segment your analysis into the relevant time frames. Year One will be the investment year (although you should expect a break even, at minimum); year 2 and beyond will be when significant gains are obtained and sustained. If you don't get a high ROI, you may be using a Standard that isn't rigorous or consistent enough to produce the desired results. In this case, you have likely pursued as certification, "a plaque on the wall" vs. true improvement which comes with performance-oriented standards. Regrettably, I can assure you there are "Standards" out there that require little effort and you too, can have a plaque!

I urge you to improve your business based on sound models that have a track record of results. Use a tool that measures and works, and one that can allow your firm to differentiate itself through improved and sustained performance. If using a Standard gets you there faster than you could do it yourself, and in all likelihood it will, don't be too proud to use one. You just might be very pleasantly surprised with the results!

DNC: FTC Amends Telemarketing Sales Rule

The Federal Trade Commission, the Federal Communications Commission, and the states are enforcing the National Do Not Call Registry. Placing number on the registry will stop most, but not all telemarketing calls.

FTC Amends Telemarketing Sales Rule Regarding Access to National Do Not Call Registry

Revised Final Rule Requires Telemarketers to "Scrub" Their Call Lists Every 31 Days; Registered Phone Numbers Top 58 Million; Compliance Remains High.

The Consolidated Appropriations Act of 2004, the Federal Trade Commission in February announced a proposal to amend the "Do Not Call" provisions of the Telemarketing Sales Rule (TSR) to require that telemarketers subject to the Rule access the National Do Not Call Registry and purge numbers on the Registry from their call lists every month, instead of every quarter as the Rule originally required. The Commission today announced that the final amended Rule provisions will become effective on January 1, 2005 , with telemarketers required to "scrub" their lists against the Registry at least every 31 days.

In its February notice of proposed rulemaking, the FTC requested comments on the proposed amendment's use of the phrase "thirty (30) days" rather than "once a month," the phrase used in the statute. In the notice, the Commission suggested the "thirty (30) days" language as a way to make the requirement clearer, and to achieve Congress' intent more effectively, which was to shorten from quarterly to monthly the interval for telemarketers and sellers to purge registered telephone numbers from their calling lists - in effect reducing the time consumers have to wait, after registering, for unwanted telemarketing calls to stop.

The FTC received 186 comments in response to the notice of proposed rulemaking from individual consumers, consumer groups, businesses, and trade associations. The Commission considered these comments before determining the final rule. The Commission chose the interval "thirty-one (31)," as the maximum time allowable under the Appropriations Act to simplify the process of scrubbing lists on a monthly basis. The Commission set the effective date of the Rule as January 1, 2005, to enable the Commission to modify the Registry system to account for increased download traffic and logic changes, and enable businesses, to implement new systems and procedures to accommodate the more frequent scrubbing interval. To date, consumers have registered 58.4 million phone numbers on the Do Not Call Registry. According to the FTC, most telemarketers have been diligent in their efforts to scrub their lists and to meet the Registry's requirements. A recent Harris ® Poll showed high levels of compliance, with a large percentage of telemarketers who are required to download the list and delete newly included numbers doing so on a timely basis. The Commission voted one voice to approve publication of the Federal Register notice by 5-0.

Six Sigma
Corporates use it to boost efficiency, keeping costs down and reducing cycle time:

Six Sigma was introduced by Motorola in the '80s. Technically it means reduction of defects to 3.4 parts per million. A Six Sigma expert is called a Black Belt.

Six Sigma is many things:
First, it is a statistical measurement tool. It enables companies to assimilate quantifiable information on its quality of products/ services/ and processes. The Six Sigma methodology helps to draw up comparisons with best-of-breed processes. It also puts a company on a matrix, showing where it is, so that it becomes easy to decide where it needs to go next! Second, it is a competitive business strategy that embarks from a business philosophy. Its duality gives companies edge to improve quality on one side while lowering costs on the other. Third, it is a philosophy, an outlook, a way of thought. It essentially aims at working smarter, not harder. Resource optimization, not resource utilization. It reduces errors, but most, it implies a whole new thought culture of strategies, tools and measurable improvements. Six Sigma has supportive tools in TQM, ERP, SCM, CRM, and TCS. DFSS: design for six sigma. It is a well known tool to implement six sigma from the seed stage of a process or a product. DFSS being a structural and systematic methodology, it aims at quantum leaps in achievements. Scoring over other methods, it is Predictive Quality Design, rather than Reactive Quality Design. Using the DFSS approach, many companies aim to (and achieve) the goal of predicting and improving quality delivery even before building the prototype design of a process.

Compliance with US regulations and Security Strategy

Much has been written about government regulations such as HIPAA, GLBA and Sarbanes-Oxley and whether they affect your security strategy. This article makes an effort to set the record straight.

SOX is still here to stay, but this year you' will be smarter than the last one. You survived the last year, and then you know a lot more now. But Compliance and Security should flow from your CEO and Executive Board. Do they know enough? Maybe they need a crash tutorial in SOX. The effort is incomplete if there's any slack on this issue between the CEO and CIO. They must essentially work on it as a seamless team. Its time to ask some important (and possibly complicated) questions:

What are the strategic, financial and regulatory risks facing the organization?

There are many different bodies that have come out with intricate conceptual approaches to managing compliance risk. A quick look at some and you find a clear overlap, maybe agreement. First there are legal and regulatory risks. Obligations placed upon the company, by the government. If you fault on managing compliance with these processes, you're calling for a lot of trouble. That's where SOX, HIPAA [Health Insurance Portability and Accountability Act] and a lot of others fall. Second, there is operational risk. A good example of that would be CRM risk. Third, you find is financial risks. Finally, you've got strategic risks and that's more tenuous.

You may want to bring in someone with a clear mandate to drive these efforts. If the understanding is not complete or is completely missing, then you need third party help to focus on defining the risks your company faces.

Is there a charted roadmap and clarity regarding roles and responsibilities for risk and compliance requirements?

Get a cause champion who owns risk management and compliance in an organization. Better still if it be the CEO or CIO. Problem with compliance is that there are many different people and domains involved within the organization who own various aspects of compliance. You go to one and you get an opinion, you go to the next and it completely violates what you heard from the last person. Someone needs to own the full process of compliance and be there to 'interpret' diverse understandings within the organization.

What are the measures of efficiency and effectiveness?

Without appropriate metrics and performance benchmarks, everyone would be headed in the same direction yet on a different route. This may pull down your effort like a house of cards. First, start by establishing what those metrics are. What are the appropriate and acceptable performance parameters accepted by the industry? As they say "You can put in all the great processes in the world, but if you don't know if they're working or not, what's the point!"

Who are the beneficiaries with interest in the performance of compliance and risk management?

Interestingly in the whole process many stakeholders are looking at it from different angles, with varied interests. There is the same data and the same processes, but you're looking through different looking glasses. The regulators are looking for certain things. Your shareholders are looking at the exact same information, but they're looking at it with different perceptions and expectations. They may or may not care about the information the regulators are looking you're your board, executive management, operating management all need to define what they're looking for and how this slots into their particular area of responsibility and interest.

One needs to understand all the important touch points. Part of that process actually falls under Sarbanes-Oxley, but more of financial reporting compliance than other areas of compliance. The same diligence ought to be used for other areas of compliance. Those are critical components to just getting your arms around the current landscape.

..........................................................................................................................................................................................

GUIDELINES FOR SETTING UP CALL CENTRES

1. The Call Centres are permitted to Indian registered companies on non-exclusive basis.
2. The Call centers are registered under the under the Other Service Provider (OSP) category as defined in NTP'99.
3. The validity of this permission is up to 20 years from the date of issue of this letter.
4. 100% Foreign Direct Investment (FDI) is permitted in Call centers.
5. The call center has to ensure that no change in the Indian or Foreign promoters / partners or their equity participation is made without prior approval of competent authority or as per prevailing regulations.
6. The Call centers can take the resources from any authorized service provider i.e. IPLC from the authorized International Long Distance operators and local leased line from any authorized Service providers.
7. The Service providers will examine the network diagram and grant resources to the OSP as per the terms and condition of this approval and the prevailing guidelines & policy for the service from where the resources are being taken. Both the Service provider and the OSP will be responsible for any violation in the use of the resources.
8. The domestic call centers are permitted to be set up, on a separate infrastructure. However, the request of the domestic call center to run on the existing private networks will be evaluated on case to case basis.
9. Inter connectivity of two domestic call centers of the same organizations is permissible subject to further approval from DoT.
10. Inter connectivity of the international with domestic call Center is not permitted.
11. Interconnection of Call Centres of the same group of company is permissible for redundancy, back up and load balancing subject to the prior written approval from the DoT
12. In the International Call centers, no PSTN connectivity is permitted at the Indian end. Both inbound and outbound calls are permitted from the International call centers.
13. Internet and IPLC connectivity is permitted on the same LAN at the Indian end of the International Call Center with the condition that no voice/data traffic shall be permitted from ISP to other destinations via IPLC of the call center.
14. Internet connectivity is also permitted to Domestic call centers.
15. In case the company proposes to increase the bandwidth for the approved IPLC, the company can directly approach the authorized ILD for the same and intimate the same within 15 days to DoT. However, in case the company proposes to change the POP or add another POP, the company shall approach DoT for approval.
16. The International call centers are permitted to interconnect with the "Hot sites", for the purpose of back up and working during disaster at the International call centre location, provided that International Call Centre operators provides the following: -
1. A dedicated server/router at the hot site pertaining to the International Call Centre.
2. Local lease lines from the International Call Centre to the respective server dedicated for this International Call Centre at the hot site.
3. The local leased line from the hot site to the IPLC provider.

Hot sites can be used by the International Call Centre connected to it, only at the time of the disaster, by requesting the IPLC provider to switch its IPLC towards hot sites and informing the same to the DoT.

1. International Call Centre of the same Group of Company are permitted to cross map the seats for use during disaster. During normal days, original International Call Centre will use all seats but in case of disaster, cross-mapped seats will be vacated for use of the other International Call Centre and the same will be informed to the DoT.



...............................................................................................................................................................

Documents required for submitting the application: -

The application can be submitted on the letter-head of the applicant company. Following documents are required along with the application: -

International Call Center

1. Demand Draft of Rs 1000/- drawn in the name of "Pay & Accounts Officer (HQ), DoT", toward the processing fees.
2. Address of the locations of the Indian end and foreign end where the IPLC would terminate.
3. Bandwidth of the IPLC, with justification of Bandwidth requirement.
4. Number of seats in the Call center.
5. Memorandum of Article of Association of the Company
6. Schematic diagram of the Call center layout with complete equipment details
7. Name of the foreign clients (in case the company has not tied up with any foreign client this can be given before the start of the service).
8. Describe the nature of the business.
9. Proof of business nature and agreement with other End customer.

Domestic Call Center

1. Demand Draft of Rs 1000/- drawn in the name of "Pay & Accounts Officer (HQ), DoT", toward the processing fees.
2. Address of all locations connected with leased lines or where incoming only PSTN lines are terminating.
3. Bandwidth of the leased lines.
4. Number of seats in the Call center.
5. Memorandum of Article of Association of the Company
6. Schematic diagram of the Call center layout with equipment details
7. Name of the clients ( in case the company has not tied up with any client this can be given before the start of the service)

The application is to be submitted to the

Assistant Director General (OSP),
PIP Cell,
Department of Telecommunications,
Room No.1014, 12th Floor,
Sanchar Bhavan, 20 Ashok Road,
New Delhi-110 001.
Phone: +91-11-23372075

General Acts applicable to a BPO company / unit with specific reference to a call center:

* The Companies Act 1956
* The Income Tax Act 1961
* IT & ITES ( Information Technology & Information Technology Enabled Services ) Policy 2003
* Relevant Shops & Establishment Act
* Compliance under STPI
* Labour Laws
* Foreign Exchange Management Act 1999
* Information Technology Act 2000
* Telecom Regulations

Fiscal Incentives:

o Exemption from Electricity Duty
o Exemption from Stamp Duty
o Exemption from Octroi/ Entry Taxes
o Exemption from Central Sales Tax
o Lower Property Tax
o Power Supply at industrial rates
o Provisions relating to Floor Space & FSI

Non Fiscal Incentives:

o Permission for 24*7working hours
o No restriction on employing women workers
o Relaxation of labour laws and statutory returns thereon
o BPO units treated as " Essential Services " & " continuous process " units
o Unlimited captive & backup power generation permitted
o Permission for IT units in IT parks to be " Independent Power Producers"
o Data Protection & Consumer Privacy Act



Monthly Progress Reports (MPRs):
All units are required to submit Monthly Progress Report (MPRs) by 7th of every month. It is a mandatory requirement. Units which become irregular in submitting MPRs can be denied services by STPI.

* Compliance under Labour Laws :

o Employees Provident Fund Act
o Payment of Gratuity Act
o Payment of Bonus Act

* Telecom Regulations :

o Permission from the Department of Telecommunications (DOT) for call center is granted for 20 years.
o Interconnectivity between two domestic call centers is permitted; interconnectivity of international & domestic call center is not permitted.
o Interconnection of call centers of same group is permitted for redundancy, back up and load balancing, cross mapping of sets is permitted.
o In international call centers, no PSTN connectivity is permitted at the Indian end , inbound and outbound calls are permitted.
o Internet & IPCL connectivity is permitted at the Indian end of the international call center. Internet connectivity is permitted to domestic call center.
o Outgoing calls are permissible from the domestic call centers using local PSTN connections through PABX of the call center, on a case to case basis. A bank guarantee has to be furnished in this case. This has lead to a minimization of costs for domestic call centers since only one PBAX is required now.
o The use of ATM / MPLS/ Frame Relay is permitted in addition to IPCL for foreign end connectivity in the Indian call center. This is leading to faster connections though it is restricted to players with great capital outlay.

...............................................................................................................................................................

"LATEST IN BPO REGULATIONS" Dated 02-11-05

"Following has been permitted under "Other Service Provider Category":

1. The use of Internet telephony by the call centers is allowed to the extent it is permitted by the ISP's. The call center operator may or may not use Internet telephony depending on their business consideration.
2. Sharing of the common infrastructure between Domestic & International OSP Center has been further liberalized. Following are the main features:

o No Turn over restriction. The company shall have 50 seats setup or above for the call center.
o Condition of "Non-Captive use" for the sharing of infrastructure has been removed.
o OSP will have two options for sharing of common infrastructure:
+ OPTION 1: Separate & Independent EPABX to be used for International & Domestic OSP Centres with sharing of same operator position
# A Bank guarantee of Rs. 2.5 Crore
# Only one call shall be offered to the operator position at a time (be it domestic or international, incoming or outgoing).
+ OPTION 2: International & Domestic OSP Centres to share the common EPABX with logical partitioning
# A Bank guarantee of Rs. 5 Crore
# The Company shall submit a certificate from the Vendors of the EPABX that the software is capable of logically bifurcating the common infrastructure into two separate and independent environments for the Domestic OSP and International OSP Centres.
o In case of violation of OSP terms and conditions following actions shall be taken:
+ Cancellation of OSP registrations held by the company and the company shall be debarred from taking OSP registration for 3 years from the date of cancellation of such registration.
+ The Directors of the board of a company violating OSP terms and conditions shall be debarred for 3 years from taking, directly or indirectly, OSP registration.

...............................................................................................................................................................

Focused and decided while investing: learn from successful VCs

By Deepak kapoor

Like any successful VC Investor, you must have clear key investment criteria. Couple it with a clear geographic focus, and chances are you won't go wrong. I will share my personal list with you, and leave you free to chart out the course that best works for you:

* Management team
* Market size
* Unique products/ services
* Technology evaluation
* Current Valuation
* Growth strategy
* Future valuation
* Role in the entity
* Exit opportunity

Always make investments for the long term subject of course to changes in your larger investment strategy.
Try not to lead investments, follow and prefer the lead to be a new investor with a proven track record. Firm up your initial investment size with allocations for future investment, should the company require it. Never plan to invest without sizing up your kitty. Take board-of-director or supervisory board seats, if not then at least ask for observer rights at the board level, an active investor but never meddle with the operations. Stick as far as possible to strategy. Evaluate the methodology of the promoters and their work values and culture. Seek a comfortable working fit before you decide.
In today's BPO scene it is advisable to invest in expansion-stage opportunities, defined as companies with core management teams in place, a product/ service that is customer-ready, validated by early customer involvement, and some revenue traction.
Define your areas of focus. A few interesting areas that make for good investment today are:

* Business process outsourcing
* Content management
* Domain-specific analytics
* Knowledge management
* Retail applications and analytics engines
* IT Security
* Data centers

In the end, be careful … very careful of whom you invest with. Moreover move very swiftly. I have seen many examples of investors taking too much time to decide on an investee, and a smarter one coming along and picking the opportunity from right under your hands. Remember that an investee company shall approach you only when they need capital and delaying them won't work to your purpose.

Good Luck!

...............................................................................................................................................................

Beware of VC's and Strategic Investors on financial fishing expeditions:

By Deepak Kapoor

With the unprecedented success of the BPO industry and media attention given to it, a number of strategic buyers (and investors) have started expressing an interest in acquisition ad green ventures. For a startup, it can be quite flattering to have a large competitor or suitor express an interest in buying their company. However, as a promoter one should be a wee bit skeptical as many of these interactions end up as just another 'fishing expedition' for the strategic buyer or investor. I have seen too many companies get overly excited about these acquisition feelers and waste time educating the potential acquirer about the business, only for the acquirer to either do nothing, build it themselves, or buy a better healthier competitor. These may just be learning lessons for the investor only to 'warm up' for the real thing with bigger better companies. It is intelligent to start discussing from the assumption that many are just fishing expeditions (VC jargon) where a strategic buyer is just trying to get as much information as they can about a market and the competitive landscape. Smart investors are most certainly talking to all of your competitors. Before divulging information about your company, make sure to gauge the VC's real interest in your company. Here are some questions you should be asking during your initial conversation:

Who is calling you, what is their role, and what have they acquired in the past? Whether it is a junior person screening you or if it is someone with real decision making power.

Why do they want to enter this market and what is the decision making process by which they will make an investment decision? If they are early in the process and do not seem initiated, be very concerned about wasting your time. Educating a potential buyer about your market and in the end getting nowhere with them will make you want to kick yourself in the backside later.

Who else have they been talking to? In many cases, an investor may already know who they want to buy and how much of them, but will still talk to other players to fully understand the market and the competitive landscape and to use you as their strategic and negotiating leverage.

What are they looking for in an acquisition? Revenue, Clients, Management, any one, or all or even more?

Who is responsible for making the acquisition work, and how do they intend to take your company forward? Knowing this will further help you understand the decision-making process of the acquirer, and who you may need to influence to get a deal done.

before your first meeting, here is your due diligence:

What other acquisitions have they done (if any) and what multiples did they pay? How recent were the deals? If the buyer hasn't done many acquisitions or if they paid low multiples do not start thinking about pie in the sky valuations for your company.

What is the company's capital position and how much cash is on their balance sheet? If your selling price is too high for the buyer based on the buyer's market cap or cash on hand, don't waste your time educating them about your product and the market. There are many people on the market just waiting to while away their time and wasting your time in the bargain. Better to keep distant from them.

Use your network to talk to some of the management or venture investors of companies that were recently acquired by the buyer to determine what their process was and to figure out if the opportunity is real or just a fishing expedition. Always have a good CA and Lawyer on your side, helps go through smoothly.
What is the corporate culture of the investor? Does the acquirer have a closed door management culture or is there a history of openly collaborating with partners and looking outside for new alliances?

Once again, it is always nice to have a large company call you and express acquisition interest. Those being said go into the conversations with a skeptical eye and make sure you do not waste your time as these strategic discussions can quickly lead to a dead end if not managed appropriately. The tricky part of the dance is trying to establish early in the process a range that the acquirer will potentially pay for your company assuming everything you tell them is true. The sooner you can get to this answer the sooner you will know if you should continue talking or just walk away. If you manage this process appropriately you may find yourself in a great place as many of the best acquisitions happen when companies are bought and not sold.

................................................................................................................................................................

Saying No to Capital … When to accept and when to Decline!

By Deepak Kapoor

Many companies might be happier turning down a VC (is not as if that they were happy not to need the money, but they were rather happy not to need the VC that came along with the money). When there is a balanced fit between the management team, the VC, and the situation, the outcome is generally good. Market opportunity is maximized and everyone feels good that they worked well together to optimize the outcome. However on the south side, if the fit isn't' right, many things can (and do) go wrong, or the process and results do not meet the ingoing expectations. The worst outcome of a good investment is 'unrealized expectations'!

Take a trial fit before the deal closes!

My pleasant experience, in outcomes, in getting financed myself as well as overseeing such deals for others has been in making sure the fit is right for both sides in any VC/management team relationship. During expansion-stage VC deals (that is investing in companies once they are beyond the initial start-up stage), learn as much as possible. Spend enough personal time with the senior team to build a working relationship and to make sure that you share similar views on how to build the great company you dreamt of.

No two VC's are alike neither are companies …

VC's are diverse, as are the firms that they work for; as are the companies they invest in and the people who work on both sides. The major differences are relatively straightforward to decipher prior to closing an investment that can help you determine if you have the right fit between the company and the investor.

The best due diligence that the senior management of a company can do is to have the VC give you a list of business references or you can do some homework or look them up online and cold call them. Ask to speak with other partners and members of the VC team. Ask them all the same questions. It is a great exercise and you will have made friends to call upon once your investment closes.

The Differences - What to look for…

Market spotlight - What is the market focus for the VC? The more closely the VC's market focus matches your company, the better the fit.

Financing Stage spotlight - What situations are the VC's most familiar with? What extras do they bring to the table with them, besides their money? The skills and network necessary to help very early companies are different than the skills necessary to help companies at the expansion or later stages. Most VC's are growth stage investors, some investors are extremely good with turnaround situations or other special situations.

Culture and Reputation of the VC Firm or Investor - How does the firm intend to focus on adding value or more do they plan to be mere passive investors? Do people in the industry want to work with the particular Investor or do they shy away from them? Lots of questions to ask here!

Background, Intellect, Personality, and Passion of the individual - The partner involved with the deal, who will most likely be sitting on your board. He is the most important individual to evaluate fit with and get to know personally.

Engagement Approach - How does the VC intend to work with you company after the deal? Does he (she) show up daily, weekly, monthly, Quarterly? Are they formal or informal? Is there a team of experts behind the VC that helps on various functionally specific issues? How do they work with the companies? Do they engage when asked?

Philosophy/Values - This is the most important part to be careful about, and the most easily to leave your notice. Expectations out of a deal are important to identify up front. Is the VC conservative or aggressive when it comes to deploying capital? Do you agree on "right" level of profitability, "right" growth rate, "operating points" ? Is the VC looking for "control" or just a "seat on the board"? Does the VC want to replace senior staff, work with current staff, or see how the individuals and company evolve?

Exit Philosophy - What is the "exit" philosophy? Define this at the beginning, the investor will certainly want to know this one, and maybe include it in his contract too.

Available time - Most VC's are extremely busy people. They are trying to build their networks, build relationships with the large companies (to help their portfolio), work directly with their portfolio companies, and find new investment opportunities. Just how much time are they going to spend with you?

I believe that most good VC's and serious Investors will accept and encourage your due diligence effort. I encourage the effort for every company I talk to, as I believe this is important for success. I know some truly amazing Venture Capitalists and I believe the process that I outline above will help you determine the right way to go about them. Remember, if you do not interest them in the first 30 minutes of your meeting chances are that it isn't' going through … VC's are a swift lot, they have the knack of sniffing out the good deals from the average ones. On the other hand learn to keep your spine straight and say a firm NO if you feel that it isn't a good fit. Bad money in a good company never got anyone anywhere.

Happy Hunting...

...............................................................................................................................................................

Business Plan Presentation

Presentation Guidelines

* This is only a guideline, meant to be indicative, it may not be comprehensive!
* Plan the time-length of your pitch and adjust level of detail accordingly
* Summarize only the most important points, leave details for formal Business Plan
* Investors are looking for clear, compelling and credible information.

Business Positioning

Slide one - Position the company and its thought process

* Company name with the Management Team (brief Description
* One-sentence statements on Mission, Vision, Culture and Values

Market Opportunity

* Need and the size of the market
* What creates the demand (present and future) for your solution
* Define the characteristics of buyers that need a solution
* Quantify the opportunity… number of prospects with the need for your product/ services Define market segments and size each of them quantitatively
* Quantify the future of the business and why it will grow

Be prepared to answer the following questions from prospective investors

What specific problem or need is being addressed?
Why the problem important to address and what is are its commercial imperatives?
Who is/are the specific customer(s)?
How large is the market for our Product/ Services?
What growth is expected in this market? Are the market size estimates realistic, explain how?
Who are the buyers (decision-makers) in these prospects?


Targeted Market Segment

Identify the most important 2 - 3 segments of the market you are addressing. For each segment:

* List market size (customers & potential sales)
* What distinguishes the key segments from the broad market and from each other
* How much customers need or want the solution - the value-proposition, and how the demand is being presently met (both in cost terms and delivery)

Prepare a strong case for each of the following

What, specifically, are the company's products?
What do the products do?
Why would the customer buy these products?
What makes the products unique or special?
How are they better than other products or alternative solutions? How much better are they than other solutions?
Can we demonstrate that they are cost effective?
What, if any, proprietary processes/ technologies are used to make them?
Are there patents? If so, what, specifically, do they protect?
Why will be proprietary processes of value to the company?
What special issues relate to manufacturing the product(s)?
Are special materials or processes required, and how will they be acquired?
What special equipment or facilities are required?
What investment is required to set up the business? What capacity?
What cost will yield acceptable gross margins?

Competitive Positioning

Address barriers to adoption or competition

* Inertia - What will it take to get customers to change what they are using/ doing today?
* Big Daddies - What are the well-known companies with established relationships with your target customers doing? How will they react to your initiatives?
* Innovators - What companies might leapfrog your solution with equal or better technology? Explain how you propose to win against the best of these. In particular, describe your strongest Barriers to Competition.

You may need to answer the following:

How else can the customer solve the problem our products solve?
What are the alternatives?
How do we compare to each?
Why are we better?
In what ways are we worse?
Who are the vendors of these other solutions?
How do they compete with each other?
Where will we fit into the industry?
Why will we be able to compete effectively against them in the short, medium and long term?
Why are we confident no new entrant will come along with a better solution?
Why do we think we can dominate our market niche?

Marketing and Sales

Explain the expected sales cycle. How you propose to reach your targeted customers by the following

* Marketing - To raise customers' awareness of your product and stimulate their interest in buying
* Sales - To give buying decision-makers a convenient way to find out the
details and place an order
* Support - To help customers understand your product/ service before buying, during installation and in use

If you rely on indirect channels, explain:

* Your approach to reaching them
* Whose responsibility it is to raise awareness and generate demand among end-customers
* Who provides pre- and post-sales support
* What are the financial implications of using such channels?
* Describe special sales incentive programs (if any)

Management Team

Focus on the management team, VCs are very keen to know about the team in particular:

* CEO - Prior entrepreneurial experience in similar businesses
* CTO - Proven know-how in your core technologies
* CMO - Proven knowledge of the target markets; strong relationships with channel partners and/or key customers
* CFO - Prior IPO or acquisition experience
* CPO - Chief People Officer and success with prior assignments
* Identify Board of Directors highlighting any strategic members' value-added.

Be prepared to answer the following:

What is your background and previous experience?
Where did the idea for the company come from?
How did you get involved with the company?
Who is presently involved in managing the company?
What are their credentials?
Why will they be able to build a successful company?
If not all management spots are filled, what is the plan for filling them?
What kind of people are we seeking and what roles do they fill in?
The CEO that builds the business - what kind of person would you bring in? When?
Who is on your board of directors?
How does the board function?

Business Strategy

* Brief history of the company.
* Describe what business you are in and your goals.
* Identify the several most important steps you need to take to achieve positive cash flow.
* Identify remaining steps to achieve IPO or acquisition readiness.
* Chart the key steps and milestones.

Be prepared to answer the following:

When did the company begin operations?
What exactly does the company do?
What is your long-term vision for the company?
How has it been funded to date?
Where does it stand today?
What are the important strategies for building the business?
What kind of business will it be? (manufacturing, service, distribution,
software, combination?)
What is the business model? (i.e. what will produce the company's revenue?
What kind of gross margins will the company have?
What expense levels are required to run the business?
What level of operating profit can the business generate?
Do you have any corporate partnerships in place?
Do you plan to put any in place?
What are the significant risks your business faces?

Projected Financials

Be very careful on the 'numbers' that you project …

* "Hockey stick" graphs
* Unprecedented margins
* Long periods of negative cash flow (you should show positive cash flow in 6 to 12 months)

Be prepared to answer the following:

What kind of revenues can the business produce, on an annual basis, over the next five years?
What are the projected Gross and Net Profits figures for one, three, five years?
What investment is required to carry the company to the next major level of valuation?
When do you expect the next rounds to take place, if any?
What specific tasks need to be accomplished to do that?
How long will it take? (Try to identify a "next level" that can be achieved in less than 18 to 24 months.)
What investment will be required beyond that?
Explain key assumptions and premise behind your forecast.
Make sure the forecast relates in a logical way to the market forecasts.
How will the investor get his money back? Through an IPO, Acquisition, what is the exit route? And when?

Requested Funding / Use of Funds

Identify the major uses of funds for each round. Describe the "burn-rate" in detaile.

Be prepared to answer the following:

How much cash have the founders put in?
How much cash have Directors and Advisory Board members invested?
What equity is available to recruit key executives?
How did you arrive at your valuation for this round? Explain the model followed.

Exit Strategy

If shooting for an IPO…

* Cite recent comparable offerings, their offering valuation and their current market cap.
* Explain why you believe the opportunity will remain when your company is ready to reach out to the markets.

If you anticipate being acquired…

* Identify the two or three most likely buyers
* Explain why they would be interested
* If possible, describe recent acquisitions of comparable companies and the deal value
* Describe any relationships you already have with potential acquirers investment banks or VCs that might facilitate your liquidity plans
* Summarize why you think there is an opportunity to build a new successful company.

Be prepared to answer the following

Why is this an exciting new opportunity?
Describe any other factors that make this an exciting opportunity.
Why would it excite an investor?
What is the projected valuation of the company in the future (1, 3, 5 years)?

( If you aren't sure how to value the company in the future, use 2 or 3 x annual sales as reasonable estimates)

"Seeded Value"

The combination of Value-Added and Customer Need is called Seeded Value.

* The more you contribute to the solution, the more value you add in your customers' business
* The more valuable your solution is to your customers, the more likely they are to continue to use you. The more dependent a customer is on your solution, the better the chances of your plan getting funded.

Be prepared to answer the following

How important is your product to the customer?
Is your product/ service replaceable with another without affecting the customers' business?
Can your product in some way become embedded in what your customers' offerings?

Keep it simple and realistic, VCs are pros at measuring both, people as well as plans!