Skip to main content

Tag: Business Analysis

BATimes_Nov30_2023

Secure or Sorry: From Gym Lockers to Cybersecurity

Written by Adrian Reed on . Posted in Articles.

I’m a member of a local gym, and a few weeks ago I noticed that they were maintaining the lockers in the changing rooms. The lockers are pretty standard metal boxes, and members bring their own padlocks for added security.

I’d noticed for months that the latch mechanisms had been getting very loose, so I was glad to see maintenance happening. The staff member doing the maintenance was chatting to another member, and I overheard him say that there had been a whole series of thefts the previous week. Accordingly, they were ramping up security, including turning on the keycode lock on the changing rooms (members each have a PIN code which can be used to access the facilities, but was usually switched off during the day).

I suddenly felt a real perception of risk, to the point that I decided not to leave my house keys in the locker, but take them with me onto the gym floor. I’m now even more cautious when closing my padlock, to make sure it’s properly secure.

 

The Horse Had Left The Stable

While all of those personal security measures are useful, the gym (and I) were only prompted to review our security posture after an incident had occurred. The thieves had probably long gone, and had moved onto a different gym. Perhaps they even tour the country, buying day passes, finding the gyms with weak security. Who knows.  Not only this, but the gym had increased its security, so my possessions were probably the safest they’d ever been. Yet I felt the most uncomfortable I ever had.

Ironically, the time I was most at risk (the previous week, when security was lapse and thieves were at the gym) I was blissfully unaware, the risk wasn’t particularly on my radar. I may have been happily running on a treadmill at the very moment a thief was breaking into a locker and stealing someone’s property.

This pattern of the gym increasing security after an incident occurred might be seen as a classic case of ‘closing the stable door after the horse had bolted’.  However, it’s not that simple—reacting to a security threat after an incident occurred is still valuable, as it will prevent a similar thing from happening again.  I suppose it is more akin to closing the door after one of your three horses has bolted. Not as good as closing the door earlier, but better than continuing to leave it open…

 

Advertisement

 

Predictable With 20/20 Hindsight

The thing which struck me about the locker thefts is that it was completely predictable with hindsight. The latch mechanisms on some lockers were so loose it’s easy to see how they could be overcome. Not only this, a culture of trustworthiness (which is lovely) had emerged. People would leave their expensive coats out, and some people wouldn’t even use padlocks at all.

As my father used to say “it only takes one bad apple”.  And as time goes on, it seems statistically likely that the bad apple will emerge.

 

It’s Not Just Lockers: Information & Cybersecurity

This pattern of trustworthiness and complacency doesn’t just exist in gyms, it can also be an issue within organizations.  If you haven’t had a data breach, then security of data might seem an irritating formality, or it might not feel as ‘real’ as some other more proximate risks. However, the fact is that there are hostile actors out there targeting companies just like yours and mine.

I’ll bet in most organizations there’s at least one application that is creaking at the edges, is out of support (or nearly out of support), or an application where there’s a maintenance patch needed, but that’s not seen as a priority just yet. Or an application that’s been customized so much it’s not on the official upgrade path any more.  Upgrading it or replacing it has always been seen as important but not urgent, so it’s left there, collecting more and more dust. Might there be some security vulnerabilities there? Perhaps it’s like an insecure gym locker, fine for the moment, but once a ‘bad apple’ finds it there will be chaos… and that single vulnerability might gain them wider access to all sorts of systems and information.

It’s not just about customer data either. Do you know what your organization’s key intellectual property is? Where it’s stored? Who can access it? Where it’s backed up and archived? In many organizations it’s spread out, with key information that yields competitive advantage mixed with more routine stuff, all dumped in a folder or repository of some type… Hopefully someone from ‘corporate IT’ is backing it up. Let’s hope so, eh?

 

Security Matters: Business, Process & IT

There is sometimes a perception that information and cybersecurity is an ‘IT thing’. The reality is so much wider than that. The weakest link might not be the tech, but the person operating the tech who receives a call out of the blue by someone they believe to be a colleague (but is actually a hostile actor engaging in ‘social engineering’ to gain information).

This has wide implications for business analysis. Security needs to be built into IT systems and processes from the very beginning. It’s important to think “who might be trying to gain unauthorized access to this, how would they do it, and how will we prevent it?”.  It’s important to think about the types of information and data held, its sensitivity and the impact if it were to be damaged or disclosed. This will lead to specific requirements and acceptance criteria around these aspects. It will likely lead to a BA asking challenging questions, which might include “is this the right thing to do, right now, when we have a security vulnerability over here?”

Most of all, while things might be calm now, there might be a storm waiting round the corner. It is the calm times when a little investment in the ‘important but not urgent’ will save a lot of headaches in the future. And surely that’s worthwhile?

 

 

 

BATimes_Nov29_2023

The Value of Business Analysis Competencies in the Successful Delivery of IT Projects.

Written by Nosa Adagbasa on . Posted in Articles.

Several schools of thought have proffered reasons why projects fail; notable amongst these are studies by Forbes, the British Computer Society, Gartner, and many others. Generally, the causes of IT project failures have been described as ranging from poor business cases, requirements management, project management, talent, and poor processes.

Conversely, certain factors, which are described below, can be identified as factors responsible for successful projects.

BA competencies are a set of knowledge, behaviour, attitudes, and skills that enable a business analyst to perform business analysis successfully and efficiently. These BA competencies can be mapped to the factors that guide the successful delivery of IT projects.

 

 

Accurate problem definition and analysis

This is central to delivering successful projects as it entails proper identification of problems, the scope, and thoughts around solutions. One major reason for IT project failure is that the business is often focused on the consequences or symptoms of an underlying problem and quickly directs technology to resolve these symptoms. At best, the result is an expensive IT solution that is sparsely used by the users, who often find workarounds or, at worst, IT projects that fail.

 

BA Competency: Analytical Thinking and Problem Solving

This competency employs critical thinking, system thinking, and problem-solving techniques, amongst many others, to help carry out root-cause analysis and produce problem statements that help correctly identify a problem.

 

People

People are an organisation’s greatest asset. Several schools of thought, including Herzberg’s, Maslow’s, etc., have carried out studies on employee productivity. Too often, while embarking on IT projects, the focus is on the technical skills of the project team, while knowledge around behavioural attributes, emotional intelligence, and concepts that affect productivity resides with the human resources team, who are seldom part of the IT project team.

 

BA Competency: Behavioural Characteristics and Personal Quality

BAs understand behavioural characteristics and human resources concepts of motivation, productivity, and emotional intelligence and constantly need to keep these in sight as they seek to understand the problem and define relevant requirements for a successful solution.

 

Knowledge of organizational structure and culture

While structure deals with norms, rules, and policies, culture is concerned with organisational values, behaviours, and attitudes, and both can affect the agility of project delivery. Thus, an optimal combination of the two is vital to successful project delivery.

 

BA Competency: Business Knowledge

This involves the application of business acumen, industry, organisation, appropriate methodology, and solution knowledge. Peter Drucker famously declared that culture eats strategy for breakfast, buttressing the importance of a thorough understanding of business to aid organizational success.

 

Effective Communication

This is the process of exchanging ideas, thoughts, opinions, knowledge, and data so that the message is received and understood with clarity and purpose. The challenge for many businesses is that this is not recognised as a skill that goes beyond writing and speaking. It involves non-verbal communications, listening, and analysis. When this is lacking in an IT project, the risk of failure is increased.

 

BA Competency: Communication Skills

Business analysts act as intermediaries between the business and IT and, as such, are trained in effective communication skills. They understand business and IT concepts and help to facilitate and interpret conversations to help all stakeholders deliver successful solutions.

 

Advertisement

 

User needs and top management support.

IT solutions are intended to meet user needs; however, a major reason for IT project failures is half-hearted support from top management. Often, top management is concerned with strategy and has a broad view of concurrent projects without knowledge of user needs. There is therefore a disconnect between project delivery and top management, with the resultant effect that projects don’t get the full backing required for success. Support is usually given in principle but lacking in practice as top management is often far removed from the projects.

 

BA Competency: Interaction Skills

Business analysts not only act as the intermediary between IT and the business but can also act as an intermediary between top management and the business. With their interaction skills, they can drive conversations among stakeholders and ensure that difficult questions are asked and resolved to ensure the successful delivery of projects.

 

Business-Led Modular Technology and Data Platform

Organizations that intend to deliver successful IT projects need to have a modern technology architecture driven by business needs, as evidenced by data. Advances in technology mean that businesses no longer have the choice of being either technology-savvy or operating on the fringes of the technology spectrum. Technology drives agility in today’s business environment, and the influx of AI makes it more expedient that businesses that want to thrive will need to invest in sound technology architectures and platforms.

 

BA Competency: Tools and Technology

This BA competency fosters the knowledge and use of tools and technology to drive productivity. From the use of general communication and office productivity tools like ‘Teams, Slack, etc. to business analysis tools like Jira, Azure, Visio, etc. to AI tools like Chat-GPT, Google Bard, Slides AI, etc., business analysts are equipped to be versatile while continuing to broaden their toolset.

 

Clear Process Flows and Business Requirements Management

This covers the end-to-end process of delivering an IT project; it encompasses identifying the right requirements, managing stakeholders, ensuring an accurate depiction of information flow through the organisation, and managing change.

 

BA Competency: Professional Techniques

This deals with delivering excellence by design. It is an aggregation of several BA competencies with a focus on ensuring that excellence is delivered at every point of the customer journey. This implies understanding an organisation in terms of its people, processes, steps, and the data required to make each step as efficient as possible.

 

 

Concluding Remarks

Historically, the rate of IT project failures has been high; however, opportunities now abound to turn the tide. As knowledge and awareness continue to increase and the business analysis skillset becomes more mainstreamed across organisations, there is an opportunity for business analysts to hone their craft, be more visible, and help stem the tide.

BATimes_Nov22_2023

Lost in Translation: The Perils of Ambiguity in Business Communication

Written by Adrian Reed on . Posted in Articles.

In recent years, I’ve traveled a lot less than I did before the pandemic. One thing this has led to is me seeing processes and practices with fresh eyes. When you travel regularly, the novelty wears off and a sort of ‘autopilot’ kicks in, and a period of not traveling means that everything is less familiar and more open to scrutiny.

I was recently thinking about the questions that are commonly asked when checking in bags before a flight. I can’t even remember if these questions are asked verbally any more, or if there’s some sort of sign or declaration, but there certainly used to be questions such as:

 

  • “Have you left the bag unattended at any time?”
  • “Did you pack the bag yourself?”

 

I suspect, like many people, if you were asked these questions a semi-autopilot would kick in and you’d say ‘no’ without thinking. After all, presumably these questions are aimed at catching smugglers or criminals of some other type. The questions almost seem redundant for ‘normal’ people.

Let’s examine one of the questions, as I think some of the patterns here are important for business and business analysis more generally….

 

What does “unattended” mean?

Let’s take the first question (“have you left the bag unattended?”).  This question is, upon examination, really quite vague.  In fact, I’m pretty sure the actual question airport staff is more specific, but humor me and let’s imagine they ask it in this way.

A first challenge is what the word ‘unattended’ means to one person might be quite different to another.  Take the following situations, do you consider them to mean that the baggage has been left ‘unattended’?

 

  • You’ve just taken a connecting flight and have had to re-check your bags. Your bags have been handled by baggage handlers, and have been left unattended in the hold of the plane
  • You traveled to the airport by bus. The bags were in the baggage compartment of the bus and you didn’t have access to them during the three hour bus ride. There were several stops along the way where passenger bags were loaded/unloaded. Anyone could have accessed your bag at those times.
  • You drove to the airport. It was a long drive so you stopped for gas and a meal. Your car was parked in a car park for over an hour
  • You traveled as a group in two taxis. Your bag was in the other taxi, accompanied by your friends but not you

 

It’s tricky, isn’t it? Technically, if you’ve checked your bags into a previous flight, they have been unattended for a period of time. Yet, you’d likely say ‘no’ to this question… because you know that this isn’t a circumstance that actually counts as ‘unattended’.  I suppose as travelers we intuitively know what’s being asked and what matters. Or at least we think we do…

After all, if we were to literally interpret the question “have you left your bag unattended at any time?” then there is no way that ‘no’ would be a valid answer. Of course it’s been left unattended at some times… when it’s in the closet not being used!

 

Advertisement

 

Beyond Airports: Why Definitions Matter

You probably don’t work in an airport, so might be wondering why I’m obsessing over the wording of a check-in question. This pattern of ambiguity potentially leading to misunderstandings, confusion or (more usually) people making assumptions is rife in organizations and projects too.

Much like the term ‘unattended’ has ambiguity attached, other seemingly ‘obvious’ terms can be problematic. Take the word ‘customer’, it sounds clear, doesn’t it? Perhaps you’ve even written a requirement or user story which articulates what a customer can do.  Yet even such a simple-sounding word leaves room for ambiguity. For example:

 

  • Does someone have to have already bought something to be considered a ‘customer’? Or does the term ‘customer’ include prospects/people in the buying pipeline too? Or do there need to be two terms, ‘prospect’ and ‘customer’?
  • If the person paying for a product/service is different from the person using/benefiting from it, which one is the customer? Are they both customers?
  • Is the term used to mean internal as well as external customers?
  • Are there different customer types? Does a requirement or story apply to all types or only some types of customer?

 

Things can get even more complicated than this. Who is the ‘customer’ of the judicial system, the prison service, and so on. It very much depends on who you ask, which is why it is important to actually ask the question!

 

Definitions Make For Concise Requirements And Stories

This comes back to a key point that is (sadly) often overlooked: definitions matter. A glossary might not be considered a new or exciting artifact, but it can really help ensure people are on the same page. With a clear and shared understanding of key terms, requirements and stories can be more concise.

A small investment in a shared glossary can save lots of time in the long run. Starting early is the most effective way of doing this. And believe me, if you don’t create one, there will come a point in time where you wish you had!

 

 

 

 

BATimes_Nov15_2023

Introduction to the 4 Pillars of Digital Transformation

Written by Frank Quintana on . Posted in Articles.

In the wake of World War I, French Premier Georges Clemenceau advised the French people that “War is too important to be left to the generals”. Paraphrasing his words I would say that “Digital Transformation is too important to be left to the marketing and sales departments”- Why? Because they are infatuated with the client and it is right because it is their main objective and priorities.

While the customer is very important, I will say paramount, I believe the causes of so many pitfalls and failures in the implementation of DT (Digital Transformation) are the obsession of marketing and salespeople on the customer the hyper concentration in the customers disregarding what I believe are the foundation of DT: The Four Pillars of Digital Transformation.

Even before any consideration of the digital part (Software and Hardware) of the DT equation we need to take care of what I call the 4 pillars of Digital Transformation.

  1. Culture
  2. Process and Policies
  3. Data
  4. Security

They exist in a hierarchical cycle so while some overlapping is possible, the same that when you wear your shoes, you first need to put your socks on. In the four pillars, Culture comes first, then Processes, Data and Security.

Following the diagram of The Four Pillars of Digital Transformation:

 

Advertisement

 

For marketing and sales, a customer is an external agent, a person that buys the company’s goods (products and services) for the DT practitioner. The concepts should be broader, instead of customer we should think about USERS.

Please, do not read me wrong. The Sales and Marketing people are paramount for the success of your DT but are not the only ones, in my humble opinion. DT is a matter of life and death for your company and if the CEO and all the C-Level are not deeply involved in the DT projects the probability of success is null, zero, nada.

I am using data as a general term because what we call data is often confused with Information and Knowledge, other two important blocks of the ILC, as I explained in my article “Do we know what are Data, Information and Knowledge?” on this website.

In my other model, “The Intelligence Life Cycle” which I used to discover the AI limitations, I explained what Data, Information and Knowledge really are and created a model of the intelligence Life Cycle based on 4 axioms or postulates in the style of the ancient Greek mathematician Euclid’s. I am going to present the ILC and the Limitations of AI at the PMBA Conference in Orlando next year.

Data is not the New Oil as the hyper propaganda instigated by the media and some data scientists in search of fame, support and money claim, and as you can see from the above diagram, occupied a 3rd position in importance.

You can get more details by watching my 4 Pillars of the Digital Transformation at the Virtual BA and PM conference in Dec this year.

BATimes_Nov8_2023

Do we understand what Data, Information, and Knowledge are?

Written by Frank Quintana on . Posted in Articles.

“Data is everywhere, but it requires CONTEXT and accessibility to be useful…”

 This compelling statement by Symphony Logic immediately caught my attention. It resonates with my model of “The Intelligence Life Cycle,” whose first axiom, or postulate, is “Data is measured in context”—a notion that I expanded upon with my second axiom, “Information is organized data with a purpose.”

At first glance, it might seem trivial, but currently, there’s significant confusion in the semantics, ontology, and taxonomy of the three terms that form the building blocks of Intelligence.

Data, Information, and Knowledge are often used interchangeably as though they are synonymous, but they’re not. This confusion compromises the quality and analysis of our data.

 

The Delphi study titled “Knowledge Map of Information Science,” conducted between 2003 and 2005 sought to explore the foundational elements of Information Science. 130 definitions of data, information, and knowledge are documented in this study. The international panel consisted of 57 leading scholars from 16 countries, representing (almost) all the major subfields and essential aspects of the field.

Working with 130 different definitions for terms as vital as DATA, INFORMATION, and KNOWLEDGE seems excessive, and rather than providing clarity, it obscures and leads to confusion.

Therefore, I took it upon myself to find or create simple yet accurate definitions for these pivotal terms using an axiomatic approach, similar to the one used by Euclid in his fundamentals of Geometry.

Axiom 1: Data are measured in context.

Axiom 2: Information is organized data with a purpose.

Axiom 3: Knowledge is the discovery of patterns and their relationships.

Axiom 4: Wisdom is the effective use of knowledge. As Professor Drucker put it, effectiveness is doing the right thing, as opposed to efficiency, which is doing things right.

Fortunately, I did not need to introduce a fifth axiom.

 

Advertisement

 

I applied these axioms to develop a model that I call The Intelligence Life Cycle, which has helped me identify the limitations of AI and numerous pitfalls in Big Data models and architectures. I presented my theory about the ILC in July 2023 at Nova Southeastern University in South Florida during a presentation titled “The Intelligence Life Cycle and the Limitations of AI” at the SQL Saturday event.

More recently, I also spoke at USF during DevFest to a select audience about the ILC and the Limitations of AI, and I introduced my other model, “The 4 Pillars of Digital Transformation.” Here, I argued that Data is not the new oil nor the first block of importance; instead, it is a third-level block in a hierarchy of importance, preceded by the Cultural and Procedures and Policies Pillars.

You can learn more about The Intelligence Life Cycle and Limitations of AI in my LinkedIn article.