Skip to main content

Author: Adrian Reed

Adrian Reed is a true advocate of the analysis profession. In his day job, he acts as Principal Consultant and Director at Blackmetric Business Solutions where he provides business analysis consultancy and training solutions to a range of clients in varying industries. He is a Past President of the UK chapter of the IIBA® and he speaks internationally on topics relating to business analysis and business change. Adrian wrote the 2016 book ‘Be a Great Problem Solver… Now’ and the 2018 book ‘Business Analyst’ You can read Adrian’s blog at http://www.adrianreed.co.uk and follow him on Twitter at http://twitter.com/UKAdrianReed
BATimes_Dec27_2023

Beyond the Finish Line: Understanding the Art of Value Enablement

Written by Adrian Reed on . Posted in Articles.

We recently needed some repair work done to the roof of our house, so called some local roofing firms. Understandably, roofers don’t always answer their phones immediately (I guess they are often out on site working), so we left voicemails for three different roofers.

Out of the voicemails we left, only two of the roofers replied. Both came round, inspected the roof, and explained what needed to be done. They both said they had availability and would send over a quote showing how much the work would cost. However, only one of the roofers actually sent a quote. We accepted the quote and I’m pleased to say that the work is now complete.  But this got me thinking about business, business analysis, and value-enablement more generally.

 

Close, But Stopped Short

Let’s examine the approaches that the different roofers took. The first one didn’t reply. We might argue that this is bad customer service, but if they knew they were busy and had no shortage of business, then not replying might be an acceptable thing to do. It might not be a good long-term approach, but it doesn’t waste any of my time or their time. So while I might have preferred them to drop over a quick reply, I can understand why they didn’t.

The roofer who I really don’t understand is the one who came out, inspected the roof, but didn’t follow up with an estimate. They were so close to actually getting the work, but they failed because they didn’t carry out the final task. They’d spent time (and gas) driving out to see the roof, only to implicitly ‘give up’ by not following up. I found this really puzzling!

 

Advertisement

 

When Is Value Enabled?

This led me to think about value in a broader context, and I think it has some interesting parallels with business analysis. The roofer did all the work to potentially enable some value for him (payment) and for me (a fixed roof), but stopped just before a crucial moment.

In a project or product context, usually we are building (or changing) something with the purpose of enabling value for a range of stakeholders. The value that is enabled may vary for each stakeholder group. A retail bank releasing an app might provide convenience for its customers, while also saving money (and increasing profit) for its shareholders. For the app to be a success, it needs to balance the different perspectives on value. If it’s inconvenient, or hard to use, it’ll backfire—it might actually increase the number of times people call the call center, meaning operational costs increase. Knowing what different groups value is important so that this balance can be struck.

Yet as well as knowing what value can be enabled, it’s important to know when that happens and what the precursors are. Imagine a bank released a self-service banking app but didn’t advertise it to its customers. Sure, some early adopters might find it in the app store, but there would be a range of people who would use it if they knew about it that probably aren’t actively looking for it. Delivering the app without a communications and engagement plan alongside might end up being similar to the roofer who didn’t send a quote… it stops just short of the line for value enablement.

 

Finding The Finish Line

It is worth fostering discussions over what needs to happen not just for a product or project to be delivered, but what needs to happen for value to be enabled. It is too easy to stop just short of the finish line and declare success prematurely. “On time” and “on budget” are important aspects, but “on strategy” and “on benefit” are things that make a long-term difference. In the fog of urgency, it’s important that we don’t lose sight of these.

As James Clear comments in his book Atomic Habits, there’s an old saying that “the last mile is the least crowded”. Perhaps that’s just as true in a project and product context, and by focusing on the last mile and cultivating conversations about value we can help achieve better results for our stakeholders and communities. And surely that’s worthwhile?

 

BATimes_Nov30_2023

Secure or Sorry: From Gym Lockers to Cybersecurity

Written by Adrian Reed on . Posted in Articles.

I’m a member of a local gym, and a few weeks ago I noticed that they were maintaining the lockers in the changing rooms. The lockers are pretty standard metal boxes, and members bring their own padlocks for added security.

I’d noticed for months that the latch mechanisms had been getting very loose, so I was glad to see maintenance happening. The staff member doing the maintenance was chatting to another member, and I overheard him say that there had been a whole series of thefts the previous week. Accordingly, they were ramping up security, including turning on the keycode lock on the changing rooms (members each have a PIN code which can be used to access the facilities, but was usually switched off during the day).

I suddenly felt a real perception of risk, to the point that I decided not to leave my house keys in the locker, but take them with me onto the gym floor. I’m now even more cautious when closing my padlock, to make sure it’s properly secure.

 

The Horse Had Left The Stable

While all of those personal security measures are useful, the gym (and I) were only prompted to review our security posture after an incident had occurred. The thieves had probably long gone, and had moved onto a different gym. Perhaps they even tour the country, buying day passes, finding the gyms with weak security. Who knows.  Not only this, but the gym had increased its security, so my possessions were probably the safest they’d ever been. Yet I felt the most uncomfortable I ever had.

Ironically, the time I was most at risk (the previous week, when security was lapse and thieves were at the gym) I was blissfully unaware, the risk wasn’t particularly on my radar. I may have been happily running on a treadmill at the very moment a thief was breaking into a locker and stealing someone’s property.

This pattern of the gym increasing security after an incident occurred might be seen as a classic case of ‘closing the stable door after the horse had bolted’.  However, it’s not that simple—reacting to a security threat after an incident occurred is still valuable, as it will prevent a similar thing from happening again.  I suppose it is more akin to closing the door after one of your three horses has bolted. Not as good as closing the door earlier, but better than continuing to leave it open…

 

Advertisement

 

Predictable With 20/20 Hindsight

The thing which struck me about the locker thefts is that it was completely predictable with hindsight. The latch mechanisms on some lockers were so loose it’s easy to see how they could be overcome. Not only this, a culture of trustworthiness (which is lovely) had emerged. People would leave their expensive coats out, and some people wouldn’t even use padlocks at all.

As my father used to say “it only takes one bad apple”.  And as time goes on, it seems statistically likely that the bad apple will emerge.

 

It’s Not Just Lockers: Information & Cybersecurity

This pattern of trustworthiness and complacency doesn’t just exist in gyms, it can also be an issue within organizations.  If you haven’t had a data breach, then security of data might seem an irritating formality, or it might not feel as ‘real’ as some other more proximate risks. However, the fact is that there are hostile actors out there targeting companies just like yours and mine.

I’ll bet in most organizations there’s at least one application that is creaking at the edges, is out of support (or nearly out of support), or an application where there’s a maintenance patch needed, but that’s not seen as a priority just yet. Or an application that’s been customized so much it’s not on the official upgrade path any more.  Upgrading it or replacing it has always been seen as important but not urgent, so it’s left there, collecting more and more dust. Might there be some security vulnerabilities there? Perhaps it’s like an insecure gym locker, fine for the moment, but once a ‘bad apple’ finds it there will be chaos… and that single vulnerability might gain them wider access to all sorts of systems and information.

It’s not just about customer data either. Do you know what your organization’s key intellectual property is? Where it’s stored? Who can access it? Where it’s backed up and archived? In many organizations it’s spread out, with key information that yields competitive advantage mixed with more routine stuff, all dumped in a folder or repository of some type… Hopefully someone from ‘corporate IT’ is backing it up. Let’s hope so, eh?

 

Security Matters: Business, Process & IT

There is sometimes a perception that information and cybersecurity is an ‘IT thing’. The reality is so much wider than that. The weakest link might not be the tech, but the person operating the tech who receives a call out of the blue by someone they believe to be a colleague (but is actually a hostile actor engaging in ‘social engineering’ to gain information).

This has wide implications for business analysis. Security needs to be built into IT systems and processes from the very beginning. It’s important to think “who might be trying to gain unauthorized access to this, how would they do it, and how will we prevent it?”.  It’s important to think about the types of information and data held, its sensitivity and the impact if it were to be damaged or disclosed. This will lead to specific requirements and acceptance criteria around these aspects. It will likely lead to a BA asking challenging questions, which might include “is this the right thing to do, right now, when we have a security vulnerability over here?”

Most of all, while things might be calm now, there might be a storm waiting round the corner. It is the calm times when a little investment in the ‘important but not urgent’ will save a lot of headaches in the future. And surely that’s worthwhile?

 

 

 

BATimes_Nov22_2023

Lost in Translation: The Perils of Ambiguity in Business Communication

Written by Adrian Reed on . Posted in Articles.

In recent years, I’ve traveled a lot less than I did before the pandemic. One thing this has led to is me seeing processes and practices with fresh eyes. When you travel regularly, the novelty wears off and a sort of ‘autopilot’ kicks in, and a period of not traveling means that everything is less familiar and more open to scrutiny.

I was recently thinking about the questions that are commonly asked when checking in bags before a flight. I can’t even remember if these questions are asked verbally any more, or if there’s some sort of sign or declaration, but there certainly used to be questions such as:

 

  • “Have you left the bag unattended at any time?”
  • “Did you pack the bag yourself?”

 

I suspect, like many people, if you were asked these questions a semi-autopilot would kick in and you’d say ‘no’ without thinking. After all, presumably these questions are aimed at catching smugglers or criminals of some other type. The questions almost seem redundant for ‘normal’ people.

Let’s examine one of the questions, as I think some of the patterns here are important for business and business analysis more generally….

 

What does “unattended” mean?

Let’s take the first question (“have you left the bag unattended?”).  This question is, upon examination, really quite vague.  In fact, I’m pretty sure the actual question airport staff is more specific, but humor me and let’s imagine they ask it in this way.

A first challenge is what the word ‘unattended’ means to one person might be quite different to another.  Take the following situations, do you consider them to mean that the baggage has been left ‘unattended’?

 

  • You’ve just taken a connecting flight and have had to re-check your bags. Your bags have been handled by baggage handlers, and have been left unattended in the hold of the plane
  • You traveled to the airport by bus. The bags were in the baggage compartment of the bus and you didn’t have access to them during the three hour bus ride. There were several stops along the way where passenger bags were loaded/unloaded. Anyone could have accessed your bag at those times.
  • You drove to the airport. It was a long drive so you stopped for gas and a meal. Your car was parked in a car park for over an hour
  • You traveled as a group in two taxis. Your bag was in the other taxi, accompanied by your friends but not you

 

It’s tricky, isn’t it? Technically, if you’ve checked your bags into a previous flight, they have been unattended for a period of time. Yet, you’d likely say ‘no’ to this question… because you know that this isn’t a circumstance that actually counts as ‘unattended’.  I suppose as travelers we intuitively know what’s being asked and what matters. Or at least we think we do…

After all, if we were to literally interpret the question “have you left your bag unattended at any time?” then there is no way that ‘no’ would be a valid answer. Of course it’s been left unattended at some times… when it’s in the closet not being used!

 

Advertisement

 

Beyond Airports: Why Definitions Matter

You probably don’t work in an airport, so might be wondering why I’m obsessing over the wording of a check-in question. This pattern of ambiguity potentially leading to misunderstandings, confusion or (more usually) people making assumptions is rife in organizations and projects too.

Much like the term ‘unattended’ has ambiguity attached, other seemingly ‘obvious’ terms can be problematic. Take the word ‘customer’, it sounds clear, doesn’t it? Perhaps you’ve even written a requirement or user story which articulates what a customer can do.  Yet even such a simple-sounding word leaves room for ambiguity. For example:

 

  • Does someone have to have already bought something to be considered a ‘customer’? Or does the term ‘customer’ include prospects/people in the buying pipeline too? Or do there need to be two terms, ‘prospect’ and ‘customer’?
  • If the person paying for a product/service is different from the person using/benefiting from it, which one is the customer? Are they both customers?
  • Is the term used to mean internal as well as external customers?
  • Are there different customer types? Does a requirement or story apply to all types or only some types of customer?

 

Things can get even more complicated than this. Who is the ‘customer’ of the judicial system, the prison service, and so on. It very much depends on who you ask, which is why it is important to actually ask the question!

 

Definitions Make For Concise Requirements And Stories

This comes back to a key point that is (sadly) often overlooked: definitions matter. A glossary might not be considered a new or exciting artifact, but it can really help ensure people are on the same page. With a clear and shared understanding of key terms, requirements and stories can be more concise.

A small investment in a shared glossary can save lots of time in the long run. Starting early is the most effective way of doing this. And believe me, if you don’t create one, there will come a point in time where you wish you had!

 

 

 

 

BATimes_Oct26_2023

Have You Considered “Customer Information Needs” In Your Process?

Written by Adrian Reed on . Posted in Articles.

A while ago, I was sitting in an airport where all flights were delayed due to weather. As is quite often the case in situations like this, staff at the gate initially don’t have a great deal of information available to them. In my experience, airport staff will do everything they can to keep customers updated, but sometimes they seem to know little more than the passengers (and are probably every bit as eager to know what is going on!).

What has changed in the last ten or so years is that getting information from outside sources is a lot easier. While some people were lining up to speak to the gate staff, others were accessing apps to try to piece together what was going on.  For example:

 

  • Using a flight tracking app, I could see planes that were previously in a ‘holding pattern’ above had now changed direction (very likely they were diverting to other airports)
  • Looking at other airports’ websites, I could see flights destined for this location due to leave hours ago had not left (presumably as the weather had been forecast). I concluded this might cause a problem, as even if the weather clears, the aircraft and staff won’t be here to conduct the onward/return flights (and even if they are, perhaps the flight crew might have exceeded the number of hours they are allowed to work without a break)
  • Looking out of the window, I could see that the weather appeared to be getting worse, not better…
  • When I accessed a hotel booking app, I could see hotels in the area starting to sell out of rooms. I started to worry that if the flight was canceled, there wouldn’t be anywhere to stay

 

The airport and gate staff were incredibly helpful, to the extent that they could be, but the only information they could really give is “flight delayed: next update in an hour”.  The irony was that a consumer had access to more information via free smartphone apps than the airport representative was able to share.

I made a decision to stick with it, but assumed that I probably wasn’t going anywhere that day. My prediction came true, and after a mad scramble I thankfully did get a hotel room for the night and flew late the next afternoon.

 

Advertisement

 

Customers Need Information

It will come as no surprise that for customers to have a good experience of a service, they need accurate information at key times. If you’ve ever flown on an airplane, you’ve probably found most airports are pretty efficient at managing routine information flow. There might be hundreds of other flights leaving on the same day, but it’s usually pretty easy to know what terminal and gate you’re leaving from. Airports are usually also pretty good at getting people to the gate on time (even if they occasionally pretend they are ‘boarding’ long before the plane is actually boarding in order to get people moving…). Issues sometimes occur when things aren’t going as planned.  This is where you have to rely on someone announcing something over a loudspeaker system, often in a noisy airport, where everyone is desperately trying to work out what is going on…

 

What is perhaps less obvious is that someone has designed how and when information flows to the customer. The “happy path” (where things go well) is a well-trodden and well-designed path. Perhaps some other exceptional paths are less well-designed, meaning customers are less likely to get the prompt information that they need.

 

Consider Information Needs

This is an area where BAs can add significant value. Quite often, the focus will be on designing a customer journey or set of business processes. That is a perfectly good approach, but at each step in a journey or process it is worth asking “what information might the customer need here” and “how can we deliver it to them?” This applies as much to the exception flows as the main “happy path”.  Often exceptions are where those “moments of truth” happen where a customer really relies on good service.

Not only this, but if a customer’s information needs are preempted, this will likely prevent queries. Imagine an announcement at an airport:

“This is an announcement for people on flight BMXXXX to Southampton.  All flights are currently grounded due to weather conditions, and all incoming flights are being diverted. We currently hope to run the flights, but right now we can’t be sure. We will be updating you every hour, and a final decision will be made at 9pm.  If we don’t fly today, you’ll get a free place on a flight tomorrow, which will be automatically allocated (you won’t need to take any action, you’ll get it via email).  If you’d prefer to voluntarily change your flight, come and see us and we’ll explain how to do this, but please do be aware a fee may apply if you opt to change before the flight is canceled”.

 

This isn’t perfect but it would help a passenger make a decision. It has preempted the decision they might want to make and has provided them some context.

Of course, you probably don’t work in an airport, but you almost certainly work to define and design processes that are used by people. By considering what information those people want and need during the process, in both the “happy path” and in exceptional circumstances, we can enhance the experience. And surely that is worth doing!

 

 

BATimes_Oct18_2023

Always Ask Why: A Practical Example

Written by Adrian Reed on . Posted in Articles.

I don’t know about you, but I find that I can’t turn my business analysis brain off. I find myself wanting to improve just about every process that I experience, and I often find myself conducting business analysis on the processes that I experience as a customer.

This happened to me recently when a company asked me for a physical ‘wet signature’ on a form. This wouldn’t be unusual if I was in the same physical location as the person requesting the signature, but I wasn’t—they were literally going to email me a PDF form for me to print out, sign, scan in and email back.  Even though Adobe PDF has a signature function (and I have a graphics tablet, so I can literally do the same signature electronically), this wasn’t good enough. It had to be old-school pen on paper. I eventually complied, deciding that I’d rationalize it by calling the process “retro” and “vintage”…

 

Advertisement

 

Badly “Improved” Processes Might Be MORE Risky:

In situations like this, I always want to ask ‘why’ to understand the underlying reasons that things work in a particular way. In this case, if we were to ask why I suspect the underlying answer would be that an old paper process had been replaced, with each step being recreated electronically.  In this context, ultimately, a signature acts as a way of authorizing something to happen.

You can almost imagine the conversation with a group of Subject Matter Experts (SMEs). One of them is adamant that we couldn’t possibly accept electronic signatures. The legal & compliance SME says that electronic signatures are completely valid, but there is reluctance from other stakeholders for other reasons. Perhaps there’s a perception that by getting a physical signature there is less risk… or perhaps there are other reservations.  Some might be genuine, others might be founded on unsubstantiated fears or assumptions.

Left unchecked, there is a risk that ‘we’ll do things the way we’ve always done them, just in an electronic format’.  This can lead to the worst of both worlds where risk is increased and customers are inconvenienced:

 

  • Alternation: I could have altered the PDF before I printed it and signed it (it’s relatively easy to edit a PDF). Unless they check it word-for-word they’ll never know, and since it’s scanned, auto-comparing will be difficult.
  • Verification: They didn’t actually have my signature on file. If they weren’t comparing it against anything, then really what is the point? I could have scrawled any old signature and it probably would have been accepted.
  • Security: Unencrypted email isn’t a secure transmission format. Even though it was relatively low-risk mundane information, it’s liable to interception en route. Plus emails can be spoofed so there’s a risk of a customer being impersonated.
  • Scanners: How many customers have scanners? What about people who just take photos on their phone, will that be sufficient?

 

These are just four examples, but they illustrate a key point: The process probably isn’t achieving what it actually set out to do. Yes, you are getting a physical signature. But if the aim is to get a secure, authenticated nonreputable authorisation for something… then the process is failing!

 

Always Ask Why: “Good” Questions Make A Difference

The key to avoiding situations like this is to ask why, in varied ways, lots of times. Do this and you’ll get to the core purpose of a process, or process step.  In their book “Mastering the Requirements Process: Getting The Requirements Right”, James & Suzanne Robertson call this “The Essence”.  In this example ‘getting physical signature’ might be the current step, but the essence is ‘authorize transaction’ (or whatever).A key point here is that if you understand the essence, you can question any underlying assumptions or business rules. It’s possible to ask “how else might we be able to do this”. If the aim is to ‘authorize transaction’ then there are countless other ways of doing this that are more secure and verifiable than a scanned PDF in an email.  You could even use the Brown Cow model to question any underlying assumptions that have been made.

 

Asking these questions will help encourage stakeholders to think about the true essence of the process, and about how it might change in the future. A half hour discussion now might save tens of thousands of processing time later, once the process is implemented.

This is yet another area where BAs add significant value by helping to ensure things improve in a way that maximizes the benefits that will be delivered both to the organization, and to its customers.