Skip to main content

Author: Marcos Ferrer

Show Me The Money

Written by Marcos Ferrer on . Posted in Articles.

Last month we posed a quiz, as we continue to build robust requirements for a National and Global Identity System. We “hid money” in this quiz, and now we’re going to try to find it! Here is the list of stakeholders we gave last month:

Citizens

Businesses

  • Banks
  • Credit Card Companies
  • On-Line Sellers
  • Airlines
  • Hotels
  • Disney (takes fingerprints, did you know?).
  • Retailers
  • More along the same lines….

Government

  • Law Enforcement
  • National Security
  • Immigration
  • Customs
  • Internal Revenue
  • Labor Department
  • Unemployment Agency
  • More along the same lines…
  1. What might be wrong with the above list? First – note that it is not only citizens with a stake, but all individuals. If you were being arrested, how would you feel if the police identified you improperly? If you are an illegal alien, you still need to work (and we need you). What is to be done? Second – what about non-business, non-government institutions? Are non-profits different? Are some organizations not even characterizable simply as non-profit? Third – identifying individuals, businesses, governments and other institutions may not be sufficient. Do all stakeholders have the same needs and goals? Are there categories based on identity “needs” more useful than the institutional ones we have chosen? How is local law enforcement different from homeland (I hate that word) security or immigration?
  2. What might it cost to ignore the errors/omissions/assumptions, if any? We know the answer to this, because existing ID systems have NOT identified and addressed all stakeholders and their needs. The cost is exactly the situation we have now – a world of rampant identity theft (1 in 20 may be affected each year), in which law enforcement is almost powerless, a world of unjust convictions and misuse of DNA evidence, a world of constant privacy violation with little or no recourse (the price of fame is constant media pecking, a disincentive to achievement).
  3. What concepts or categories might help with analyzing this list, regardless of any problems so far? Identity needs for criminal convictions are different from those for purchases, for charitable giving, attendance at private social events, and hiring a handyman, etc.
  4. If you, as a BA, can even begin to address such questions, what is your earning potential? I can only speak for myself – since realizing what I was capable of, and getting my CBAP so others would know too, my income is now well into six figures, and my ability to get work and promotions is vastly improved. How are you coming along?

FOR NEXT MONTH:

To reassure ourselves that we REALLY understand the stakeholders, we will try to list the “identity transactions” that might occur in society, and we will try to match these transactions to the kinds of stakeholders we are aware of so far (individuals, businesses, government, and other organizations).

 How many identity transactions can you think of, or how would you elicit such a list?

Potential answers will be discussed next month, and incorporated into the case study. The best reader response will be acknowledged next month (send a picture with your response!) and will undoubtedly receive a large raise in the near future, just for rising above the pack!

The Money Is All in the Stupid Stuff

Written by Marcos Ferrer on . Posted in Articles.

Building on our case study from my last blog – to analyze stakeholder needs for a National and Global Identity System – let me show you what I mean about the money.

Here is a list of stakeholders who might have an interest in such a system – pretty straightforward, stupid stuff, often produced early in a project and never questioned:

Citizens
Everybody

Businesses
Banks
Credit Card Companies
On-Line Sellers
Airlines
Hotels
Disney (takes fingerprints, did you know?).
Retailers
More along the same lines…

Government
Law Enforcement
National Security
Immigration
Customs
Internal Revenue
Labor Department
Unemployment Agency
More along the same lines…

Now for a quiz:

  1. What might be wrong with the above list?
  2. What might it cost to ignore the errors/omissions/assumptions, if any?
  3. What concepts or categories might help with analyzing this list, regardless of any problems so far?
  4. If you, as a BA, can even begin to address such questions, what is your earning potential?

Potential answers will be discussed next month, and incorporated into the case study. The best reader response will be acknowledged next month (send a picture with your response!) and will undoubtedly receive a large raise in the near future, just for rising above the pack!

Hint in the meantime:
This is not a multiple-choice question exercise with trivial answers – it is a truly difficult and nefarious case to analyze, with every pitfall you can imagine. Don’t be afraid to question anything; we are building a REAL case study here. The best reader response might even turn out to be the best next questions to ask!

NGISAOBAMSCLWHNBSO 200YWINFGEONSBIIBA

Written by Marcos Ferrer on . Posted in Articles.

National and Global Identity Systems – An Opportunity for BAs to Make a Social Contribution the Likes of Which Have Not Been Seen in Over 200 Years, and Which Is Now Feasible, Given the Existence of Our Neutral Standards Body, the IIBA.

What contribution, you ask? How about establishing the scope, risks and requirements for Identity Systems?

What’s that you say? This work is being done already?

IT IS TRUE that Amazon, PayPal, Blue Cross, MySpace (and now MySpace lenders), VISA/MC, your local police, and the Transportation Safety Authority, among others, are “solving” the “problem” of identity every day. Did you know that DisneyWorld now takes your fingerprint when you enter their park? I will buy a free dinner for the analyst who can tell me why (I know they do; I interviewed them mercilessly until they admitted it).

WHAT IS MISSING from current identity systems projects (ah, the many thousands) is a committed effort to determine requirements of a whole group of stakeholders – “We, the Identified” (WI).

WI are primary users of Identity! If you doubt this, ask yourself who initiates the transaction requiring “identity”? What do we call it if someone else initiates this transaction instead?

In spite of the clear stake that WI have, the systems focus primarily on the needs of the organizations (understandably), and coincide with ours only where the organization also benefits (sure, we all like fast transactions, even if we are being messed with – just so it’s fast!).

The problem here is partly one of the unintended consequences of otherwise rational economic behavior (I missed this reason last month). It is an example of “hidden costs” like pollution, where no single party has an incentive to make improvements in the absence of any outside duress or any market for trading on the costs. An example of the “hidden costs” of poor requirements is the fact that the potential terrorist list has now exceeded 750,000, AND 60% of all “bombs” actually get through airport security (these are recent TSA tests).

So, given the scope of the enterprise (in this case the People of the United States, their constitutionally elected government, and the multitude of identity systems with which we are currently saddled), I issue the following challenge to all BAs:

  • To perform a volunteer led, BABOK compliant elicitation, analysis and documentation of the many conflicting requirements related to identification systems within the United States of America “enterprise”.
  • To successfully negotiate acceptance of these requirements by all stakeholders, public and private, in such a way that the requirements are adopted into public legislation, practice, and/or the constitution.

Remember that, just as in every project, management (WI, the people?) reserve the right to make any final requirements decisions, and to resolve any disagreements for better or for worse. The political acceptance or rejection of our work will be its acceptance test.

AND – I didn’t forget – we still have an agenda of “BA implementation” problems to discuss. This project will give us PLENTY of opportunity to explore these, in a hands-on way.

We begin next month with a statement of the problem, and an attempt to scope out the stakeholders and their interests.

What do you see as existing issues with personal identity in systems today? How recently have you tried to get your own medical records? Any victims of identity theft out there? Victims of planted DNA?

I, for one, have had enough! How about you?

Marcos Ferrer, CBAP is an experienced teacher, public speaker and instructor with ESI International. He has over 20 years experience in the practice of business analysis and the application of Information Technology for process improvement. Mr. Ferrer began his BA career in 1982. While still a student at the University of Chicago, he developed a consulting practice with local property management and accounting firms. Following graduation in 1983, Mr. Ferrer joined IBM in Chicago, where he worked on requirements and systems implementations in a number of different fields. In 1990, Mr. Ferrer became an independent consultant, again working with a variety of clients, most notably in the family entertainment industry. He has also worked on multiple government systems projects and “business” projects, including.

In November 2006, Marcos Ferrer became one of the first 16 CBAPs certified by the IIBA. He as served as Vice-President for Certification at the DC-Metro chapter of the IIBA.

© 2007 Marcos Ferrer

The Problem

Written by Marcos Ferrer on . Posted in Articles.

Now we are starting to move! We have looked at what business analysis is:

  • Thoughtfulness
  • Due diligence
  • Uncommon sense

We have discussed some of the reasons that it matters:

  • Failed/challenged projects and wasted resources
  • Neglected stakeholders (my favorite is taxpayers!)
  • Critical infrastructure systems present and future (what will you do when someone plants your DNA at a crime scene?)

Now we ask the question – what is the problem with implementing BA, given that it works, and given the high cost of ignoring it? Why doesn’t everyone Just Do IT (pun intended)?

This topic is huge, and I restrict myself to the following incomplete, but analytically organized list, and trust in my Gentle Reader’s patience if I only address one of these topics today, at the end of the essay.

Problems with Human Nature and Limitations:

  • Thoughtful people tend not to be bullies; bullies tend to end up bosses
  • Thinking is hard, and when left alone, many will choose not to
  • For some reason, ego often trumps collective goals – managers have to manage egos – everyone wants to be important. This gets out of control when it reaches the point where misguided managers will assuage feelings at the expense of outcomes.
  • Personal agendas also often trump goals – especially in IT, where the priesthood is fond of obfuscating choices. They love selecting technologies that they think are cool, or will enhance their career opportunities, regardless of justification.
  • Fear is prevalent, even though many hide it from themselves.
  • Work avoidance is commonplace, and due diligence IS WORK.

Problems with Cultural Issues (American):

  • From the earliest ages, we are taught to value action over thought (in the battle between jocks vs. geeks, who wins the sexual selection sweepstakes?). No wonder the cry of “Don’t think, code!” is loud in the land.
  • Even though the founders of this country were followers of the Enlightenment (If you don’t know what this is, well, that is part of the problem – Google it!), there is a strong, superstitious, anti-intellectual streak in many Americans, even in many successful ones (the world is 6000 years old, and was made by an Intelligent Designer, presumably because God didn’t have the chops?)
  • As a capitalist, free society, the Gold Makes the Rules, and that is fine for private enterprise, where bad rules put you out of business, and allow your resources to be put in the hands of someone who might make something out of them. This is not so hot for government, where the gold is shared by legislative priority, in a system where states compete with each other for their share of a pie that no one really owns, and rational, national, greater good use of the money is actually quite rare.
  • For some reason, turf behavior is often tolerated, almost without question.
  • Ethics have become undervalued in our society, whereas wealth, power and appearances are highly valued. Due diligence (BA) is ethical, whereas its absence is extremely questionable. Morality is no replacement for ethics – it is too simple, typically offers easy outs (confess, forgive, judgment is mine sayeth the Lord, purify oneself with jihad, etc.) and tends to be absolutist, in a world where the greater good cannot be accomplished by following platitudes – not even “Thou shalt not kill”. I mean, really, thou shalt not kill what, and why? Cows, for food? People, to save nations? Viruses, to prevent apocalypse? Fetuses, to save families?

Problems with Complexity

  • Some problems are inherently complex, even insoluble at this time (maybe forever).
    Examples include:
    • Mathematically unsolved problems
      • Optimal container packing
      • Efficient material (and network) routing
      • Protein folding
    • Problems that we may not know enough to fully solve at this time, but where useful tools are being found
      • Artificial Intelligence
      • Natural language comprehension
      • Direct brain/computer interfacing
  • There are limits to how much complexity each person can absorb and share, with teams of more than six people achieving increasingly diminishing gains in applicable knowledge.
  • As a project (in time and person hours) gets larger, profound issues of communication arise. The number of possible relationships among team members grows extremely rapidly, and forces division of tasks, increases risks of missed coordination, and often leads to “us vs. them” mentalities.

Social and Political Problems

  • Differences in political goals – e.g., electronic voting might be perceived as favoring one party over another, or national identity systems raise concerns (and rightly so) about civil liberties. Question: Are “We the People” (Nos Populus) being sought for requirements, and honored as stakeholders, or are we destined to being merely “We the Known” (Nos Notus)?
  • Unreasonable requests, ah they are many. My favorite is what I call the “FBI problem”. The request goes something like this: “Give me a system that will find hiding evildoers and track their webs of intrigue so that we may gut their activities once and for all”. When I ran into this one, it took me 12 months to get executives to accept that even the FBI struggles with it.
  • Labor vs. Management – a fossil marking the end of the American industrial age, now applied to governing ourselves and educating our children, with predictable results.
  • I could go on, but I am out of room.

I want to keep my promise to address ONE of the problems listed. Here it goes:

Problem with Complexity:
Some problems are inherently complex. How to not get nailed.

Answer:
Know enough computer science to know about solvable and unsolvable problems. This can help you avoid, or at least identify, bad project scope choices that need addressing (Do you really want to re-invent accounting, or just implement it? Will it be YOU who breaks 128 bit encryption, or is the project goal actually different from that?). to be able to spot these kinds of problems. Here are some fun samples of deep stuff that might help you save a project someday, including the mathematics of voting (you can’t always get what you want, but if you try sometime, you just might find…):

http://en.wikipedia.org/wiki/Voting_system
http://en.wikipedia.org/wiki/NP_%28complexity%29 (be sure to scroll down from the definition to the applications)
http://www.aaai.org/AITopics/html/welcome.html (note the dates and aspirations and name change)
http://www.aaai.org/Organization/sponsors.php (short list of the folks who SHOULD take on AI – are you one?)
http://en.wikipedia.org/wiki/British_national_identity_card#Vulnerable_individuals (interesting – the requirements of “vulnerable individuals” require more work, not resolved, not political, just, gosh, overlooked a little, maybe – what IS the plan? – hmmm….)
http://en.wikipedia.org/wiki/Bin_packing_problem (you can do it for your suitcase, but can you do it for a moving truck?)
http://blogs.zdnet.com/Murphy/?p=822 (what IS the best technology, anyway? How did we go wrong? You’re going to love your first Mac!)
http://en.wikipedia.org/wiki/Protein_folding (if you are in the biology business you already know this, for the rest of us, it is just interesting, and we are generalists).

If what you are up against hasn’t been dealt with according to your research, and your client insists on proceeding, try to get a PHD for the project, not just a salary.

Alternatively, you can ask your stakeholders if anyone (or try yourself, in a quiet room) can describe how to solve the particular knotty problem by hand. If no one can at least describe how to proceed, there is an excellent chance that the problem is unfeasible.

The above approach worked once when a stakeholder wanted a system that would compute detailed violations based on the total dollar penalty assessed, without anyone having to indicate the violations individually to the system. I call this the “Detail from Summary” problem, and it is not typically soluble for real world data, where MANY detail configurations can result in the same summary.

Next Month:

National Identity Systems – An Opportunity for BAs to Make a Social Contribution the Likes of Which Have Not Been Seen in Over 200 Years, and Which Is Now Feasible, Given the Existence of Our Neutral Standards Body, the IIBA. If that is too much, just call it NISAOBAMSCLWHNBSO200YWINFGEONSBIIBA.

Enough for now – be well, BA, Kind Reader!

BA Rising

Written by Marcos Ferrer on . Posted in Articles. 1 Comment on BA Rising

So, last month I covered Business Analysis, and How I Came to Realize What It Was And What It Meant. This month, I want to go more into what it means, and why the increased influence of BA (and the CBAP certification) is so important.

The short version is this: Systems are increasingly important in our quality of life (are you on the no-fly list yet?), and good BA leads to good systems, bad BA leads to Gartner and Standish Group negative statistics (if you don’t know what these groups do, Google them). BAs don’t always have the influence it takes to prevent these bad outcomes, but they should, and they will, now that the IIBA has established some neutral standards.

So, why BA – why can’t we build good systems without it? PMs are trained to deliver on time and under budget, so what’s the problem? (Hint – How hard is it to deliver on time and under budget? How much have you got to spend by when?) If you read the literature, you will see that MOST causes of project failure are related to stakeholders and requirements. These are failures of BA, by definition of the profession, and by default since they are not key to PMI.

I want to make the statement that the techniques of BA work because they are exactly those of due diligence. Sometimes we say that BA is just common sense, then laugh when we realize how uncommon it is. Due diligence IS common sense. Surely no one objects to due diligence? Indeed, why should anyone be concerned about the rise of due diligence? Isn’t that for dullards?

Before anyone spends millions of dollars (or even thousands), or takes any risk of consequence, it pays to do some amount of homework. If the homework seems overwhelming, expensive, or incomprehensible, that just means that the first 10 hours of homework are VERY important. They may be even MORE important than the next 100, or even 1000 hours. There is a LOT of earned value in doing ANY thinking versus none. Once thinking gets to thousands of hours, there is increasing risk of ossification, and the benefits diminish. In spite of this, a common complaint is “We don’t have time for analysis,” as if none were better than too little.

A common project mistake is to assign too much earned value to development, and not enough to analysis. Million dollar mistakes rarely happen at the field definition level, and are typically easy to explain and correct. This is true in spite of the fact that a significant percentage of labor and time may be spent on field level issues, or other technical concerns. Most of the value and risk control in the project may go to the first hours of analysis, with the development being quite low risk, as the “big” problems are actually resolved. It pays to control costs with analysis, and does NOT pay to control it with code change control.

This seems obvious enough, but analysis is overlooked and under-respected on more than a few projects – witness the 35% success rate of projects!t is, in fact, overlooked by the society in general. My father was once a Quality Analyst for a bank. “What do you do?”, I asked? “I make people think.”, he said. “Thinking is painful, and left to themselves, many won’t do it.”

Hmmm. The problem is, that the lax attitude about thinking is due to the illusion that we understand something is so strong. “I’ve been doing this for years, I know what to do!” In effect, EVERYONE thinks they understand, therefore, there is no need for an analyst – no one is (admits to being) confused – that would be awkward, scary even. In my experience, EVERYONE thinks they are THE analyst. It is, apparently, a strong hero role, even if we are only legends in our own minds.

Think about George Washington, fighting a desperate and losing war with England. In the midst of his desperation, he invented enterprise analysis, from a sheer common sense need – “What does the continental army consist of, what is it not, and what can we do about it?” That is bravery, true action, in the face of seemingly insoluble problems.

Imagine making these decisions without a sense of the whole enterprise. Imagine making these decisions under illusions of how coherent the enterprise was, instead of basing them on the best intelligence available.

Imagine pushing resources around “just because you can”.

And if you want to imagine those things, just imagine working on any project for the last 100,000 years, because human nature is such that it prefers illusion to facts, egos to inventories and simplistic principles to problem solving. Our progress comes in spite of ourselves, because nature supports common sense, and punishes lack of care.

The saying that ” common sense is none too common,” applies especially to BA. BA is the refined, professional level, experience based, highly predictive form of common sense. BAs don’t cite common sense; they practice it. They practice it because they are willing to learn, and think, in spite of the petty discomforts.

An example of how rare common sense actually is: Everyone knows you have to think of your customers to have a successful product (at least everyone would select it correctly on a multiple choice test). In spite of this fact, IBM was able to release the PCjr, with no applications that anyone cared about. IBM followed this up by dissing any employees who pointed out the problem. IBM’s slow decline in the late 80s and early 90s was inevitable, and that IBM no longer exists.

Professional BAs really believe in practicing due diligence, because they have seen what happens when you don’t. They are not in denial, and not afraid of the truth. They believe it, and live it, where others don’t, for whatever reasons. YES, they can see the future, because they remember the past.

In a world where “doing it because you can” is the message from the top, it’s easy to abandon due diligence – the paychecks can flow for years sometimes. It is much harder to adopt the Quixotic position – things are worth saving, improving; the world deserves to be a better place.

Given the importance of systems to the state of the future world (identity systems, micro-cash, medical imaging, health management, internet security, etc.), does anyone doubt that they want BA to rise?

This is an important question, for the following critical, political reason: If BA represents stakeholder value, doesn’t that mean that the Project Manager actually reports to the BA, instead of the other way around? Why or why not? Don’t most PMs wish they had a better handle on the requirements before the deadlines and budgets are set? Stay tuned.

Our society has hardly started building systems. We have traffic managements systems to build that will save lives, medical management systems that will empower patients, and identity systems that benefit the users (us) as well as the implementors (them?).

If anyone is against BA, they are against common sense, stakeholder interests, due diligence, and successful outcomes for a democratic society. If you are out there, and don’t want to play, please stand up, so the rest of us can work around you.