Skip to main content

Tag: Risk

Editing for Success: Applying Hollywood Wisdom to Projects

I’ve long been a believer that a good movie is 90 – 120 minutes long. Sure, there’s the occasional storyline that can keep my attention for longer than that, but generally speaking after a couple of hours I’m getting pretty restless. One of the reasons I rarely go to the movie theater these days is that films seem to be getting longer and longer, and unlike watching at home I can’t press ‘pause’ in the theater!


It turns out that I’m not alone. Celebrated film director Sir Ridley Scott, who directed films including Alien, Gladiator and Blade Runner recently spoke about the ‘bum ache’ (‘butt ache’) factor of films. Too long sitting down and apparently movie-goers will get uncomfortable, and this is something that he takes account of in his editing. A classic case of “less is more”, and a director being empathetic to his audience.


Less Is More

I know virtually nothing about movie production, but I’m guessing that it is probably technically easier to produce and distribute a long film than it was, say, 40 years ago. I gather that in the past films came on multiple spools, all of which had to be physically duplicated and distributed. Apparently since the early 2000s, films have been distributed digitally to theaters. With fewer constraints, you could have a ten hour film if you really wanted it.

Yet being unconstrained isn’t a good thing. I’m guessing few people are lining up to watch the ten hour film “Paint Drying” (which is a real film, but was a protest against the cost of censorship). The fact that it’s possible to do something because a constraint is removed doesn’t mean that it’s actually a good thing to do. Sometimes constraints can foster creativity.


From Hollywood To Projects: Time As A Constraint

I’m guessing that you probably don’t work on Hollywood movies, but there’s a direct parallel with projects here. After all, a Hollywood movie brings together a collection of specialists for a period of time to create a deliverable that will generate benefits for its sponsor… which sounds strongly analogous to a project!

One constraint that you and I probably come up against frequently is time.  There never seems to be enough, and time is always the thing being squeezed. It is easy to become somewhat jaded to this, and either just accept the deadline (but implicitly know that it’ll never be met) or rally against it.

Certainly, calling out unrealistic deadlines is an important thing to do. Yet, in some circumstances an alternative approach is to test the constraint and see how it balances against others.




Let’s imagine that a sponsor has set a deadline of 1st January for the launch of a product or project deliverable. We feel there’s a risk that this is an arbitrary deadline, so we start to tactfully ask “if it was two weeks later, but 10% cheaper, would that be beneficial?”.  If the sponsor says “Absolutely, yes!” then we know that they probably value the budget over a fixed deadline.  Or we might ask “How about we delivered it on that date, but the quality was lower?”. They might answer “No! Absolutely not”, at which point we know quality is paramount. We might ask these types of questions about all sorts of things, including scope, timeframe, deliverables, style of delivery and so on.

What we’re doing here is understanding which are hard constraints that genuinely can’t change (or, there would be a significantly negative impact of breaching) and those that can potentially bend. Not achieving regulatory compliance by a mandated date, where the regulator is strict and there’s a significant fine, might be an example of a hard deadline. It’s better to pay more now, and dedicate more resources to ensure compliance. Other things which appear to be constraints might be more malleable.


Product Management and Business Analysis as Film Editing

Once the hard constraints are identified, it’s tempting to be deflated. Rarely are we dealing with a situation where there’s too much time, resources and budget. Yet another way of looking at this is to think about the movie theater experience… sometimes less is more. Much as an ambitious scriptwriter might have a scene cut because it’s not essential to the story (or the location is too expensive to hire), we can ‘edit’ elements of a project or product in or out.

This probably sounds obvious, I mean scoping and prioritization is crucial. Yet, too often scoping and prioritization are carried out somewhat in isolation. It’s easy to end up with an incoherent set of features, or (worse) to find that only the person who shouts the loudest gets what they want…


If we reframe this as a process of ‘editing’, then we are keeping in mind the coherence and desirability of the product as a whole. Imagine asking twenty people for their favorite ever scenes in movies. Perhaps one mentions a scene from Wargames, another from the Barbie movie, another from Love Actually and so on.  Now imagine making a film out of these ‘best’ scenes… it wouldn’t make any sense.  The same can be true of a product too. If the features aren’t coherent it can become somewhat of a Frankenstein’s monster that is difficult to use and doesn’t really serve any single purpose well.

Another thing about editing is that it involves compromises and making difficult decisions. I’d guess actors probably hate having their biggest scene cut. And script writers probably hate being told they can’t have that on-location scene in Barbados due to budgetary cuts. But, it is the editing that means that the film makes money (achieves its financial outcomes) while also providing an experience that the consumer wants (achieving another of its core purposes).


I suspect this is a balance that we all tread on our projects and products, and bringing it to the fore and making tradeoffs transparently and purposefully can only be a good thing!

Baking Success: Unveiling the Sweet Similarities Between a Small Baking Business and a Business Analyst’s Role

Embarking on my journey as a baker just under two years ago, I have joyfully crafted birthday cakes, engagement cakes, baby shower confections, and more. Recently, I faced a culinary challenge that pushed my skills to new heights. This cake wasn’t just another creation; it was a test of my abilities, filled with many “firsts” that transformed my approach to baking. From applying a white chocolate ganache coat to mastering a full fondant covering, I encountered unexpected hurdles that required constant adaptation.

As I navigated the complexities of this ambitious project, I realized that I was implementing a form of agility in motion. Much like a Business Analyst (BA) adapts to evolving project requirements, I found myself breaking down the cake-making process into smaller, manageable increments. Baking the layers two days in advance and freezing them, preparing the frosting a day ahead, and meticulously crafting fondant toppers became a harmonious dance of preparation and adaptation.

This experience illuminated the surprising parallels between my role as a baker and the responsibilities of a Business Analyst. In both worlds, adaptability is the key ingredient for success, allowing for the seamless integration of unexpected challenges into the creative process. Let’s delve into the sweet symphony of similarities between managing a small baking business and excelling as a Business Analyst.


  • Adaptability is the Key Ingredient:

In the world of baking and business analysis, adaptability is the secret sauce that leads to success. Just as a baker adjusts a recipe based on available ingredients or customer preferences, a BA must be flexible in adapting to changing project requirements, client expectations, and market dynamics. Both roles demand a skillful balance between structure and spontaneity, ensuring the final product meets or exceeds expectations.


  • Customer-Centric Approach:

In both professions, understanding and satisfying the customer’s needs are paramount. Bakers pay close attention to customer preferences, dietary restrictions, and flavor profiles. Similarly, a BA delves deep into understanding the client’s business requirements, ensuring that the solutions provided align with the client’s goals. Both roles involve effective communication and active listening to create a product or solution that leaves the customer delighted.


  • Requirements Gathering as a Recipe:

Much like developing a baking recipe, a Business Analyst must meticulously gather and document requirements. In baking, this involves understanding the desired flavour, texture, and appearance of the final product. In the business world, requirements gathering entails collaborating with stakeholders to determine the functionalities, features, and constraints of a project. Both processes require attention to detail, precision, and a knack for turning abstract ideas into concrete plans.


  • Project Management:

Running a small baking business involves managing resources, timelines, and deliverables – much like a BA managing a project. Both roles require effective project management skills to ensure that everything runs smoothly, from planning and preparation to execution and delivery. Time management, coordination, and the ability to troubleshoot issues are crucial aspects that bridge the gap between these seemingly diverse professions.


  • Continuous Improvement:

In the dynamic worlds of baking and business analysis, there is always room for improvement. Bakers experiment with new recipes, techniques, and ingredients to stay ahead of trends and meet evolving customer tastes. Similarly, BAs must stay informed about industry best practices, emerging technologies, and changing market trends to provide innovative and effective solutions.


  • Understanding Global Trends and Market Dynamics:

In the ever-evolving landscapes of both baking and business analysis, awareness of global trends is paramount. For a baker, staying attuned to culinary trends such as the rise of veganism or the demand for gluten-free options is crucial. Just as a baker adapts recipes to cater to changing dietary preferences, a Business Analyst must be cognizant of market trends and technological advancements. Incorporating global trends into business strategies ensures relevance and competitiveness. The ability to anticipate shifts in consumer preferences aligns closely with a BA’s role in recognizing emerging market demands, enabling both to proactively adjust their approaches for sustained success.




  • Risk Management:

The concept of risk is inherent in both the realms of baking and business analysis. In the baking business, the risk might involve experimenting with a new flavor combination or trying out an innovative baking technique. Similarly, in business analysis, the risks could range from technological uncertainties to unforeseen changes in project scope. Both roles require a keen sense of risk management – identifying potential challenges, developing contingency plans, and mitigating risks to ensure a successful outcome. Whether it’s predicting how a cake batter will rise or foreseeing potential project obstacles, effective risk management is the insurance policy for success in both fields.


  • Visual Thinking:

In the world of baking, the visual appeal is as important as the taste. Creating aesthetically pleasing cakes involves a form of visual thinking, where bakers conceptualize designs, color schemes, and decorations. Similarly, Business Analysts employ visual thinking when crafting process flowcharts, diagrams, and user interface designs. Both professions rely on the ability to translate abstract ideas into tangible visual representations that effectively communicate complex concepts. Whether it’s envisioning an elaborate cake decoration or designing a user-friendly interface, visual thinking is a powerful tool that enhances creativity and clarity in both baking and business analysis.



Despite appearing dissimilar at first glance, both industries align on fundamental concepts such as versatility, prioritizing customers’ needs, meticulousness, and a steadfast dedication towards enhancing one’s performance constantly.


Just as a baker meticulously crafts a cake, considering evolving culinary trends and customer preferences, a Business Analyst navigates the complex landscape of project requirements, global market dynamics, and technological shifts. The parallels are striking – both professions demand a delicate balance between structure and spontaneity, transforming challenges into opportunities and setbacks into stepping stones.

The recipe for success transcends the boundaries of specific industries. The amalgamation of these skills – adaptability, customer-centricity, attention to detail, continuous improvement, global awareness, risk management, and visual thinking – creates a masterful blend that resonates across baking and business analysis. Whether you’re sculpting a delectable cake or orchestrating a cutting-edge business solution, the essence of success lies in skilfully blending the right ingredients to create a masterpiece that not only delights but endures in the ever-changing landscapes of taste and technology.

A way to manage Risks in Requirement Management Lifecycle Risk Champions

As a Business Analyst, you would already have worked with Risks; and if you have not, it is a miracle.

Assumptions are essential part of requirements and Business Analysts’ one of primary tasks is Requirement Management which included eliciting, analysing and documenting requirements.

What is a Risk:

Risk describes an occurrence or uncertain event which may influence the ability to achieve the goal.

In Requirement Analysis, Business Analyst, with the help of other stakeholders, determines the risks. Being said that, it is very critical how a business analyst manages risks to achieve the business goal.

In principal, the project team and stakeholders need to take informed decisions based on the information at hand to achieve the project goal. Hence, it becomes essential to understand what the risk is all about and ways to manage them. Risks, positive or negative, should be understood thoroughly to define the level of tolerance, and to identify the responses.

There is another way to manage the risk by Business Analyst is to engage with Risk Champions.

A way to manage Risks: Collaborate with a Risk Champion:

Risk Champion is a person who by expertise or authority champions an aspect of the risk management process, but who is not the risk owner. They are a bridge to engage the business, to take care of aspects of the risk management process on behalf of the business and to ensure that business is aware about the impact, positive or negative, to the business. They are equipped/impowered to find the impediments available in the different part of the organization which in return helps to identify the strategy to manage the risk. They need to be involved when the business needs to take any big/small decision impacting multiple department of the organization. Many companies assign Risk Champions for each major functional area of the business, including sales, marketing, operations, HR, IT, legal/regulatory and the financial departments. These champions can be charged with assessing risk both in their individual functional areas and as a cross-functional team.

Apart from Risk Champion, there will be a Risk Owner who will be a Business Analyst, Project Manager, Product Owner, or a Process Owner generally.

Risk Champions should have most of following traits to be successful:

  • Risk coordinator: Ability to work with multi-functional team for risk management
  • Understands risk: A good understanding of risk management concepts, principles, and processes. They need to be aware of the compliance requirements as well if the industry is working under regulations.
  • Experts: Expert in their function / process in which they are champions.
  • Good soft skills: Strong leadership and motivational qualities; and Good communication skills. Good analytical skills to assist with the analysis of root causes to risk problems.
  • Influencers: Ability to influence the decision makers to keep the organizational needs above all. They need to work very closely with the head of the function they represent.


How it all works:

  • Business Analyst with the help of Project Manager, Product Owner, or a Process Owner identifies the risks.
  • The Business Analyst, who is now the risk owner, engages with the Risk Champion to determine the way to handle the risks.
  • Business Analyst and the Risk Champion will work with cross functional Risk Champions & stakeholders, in a workshop, to identify the severity and probability of the risk occurrence and any budget requirement.
  • In this workshop, they will decide the action items for all the stakeholders to take to prepare & execute all the risk management plan.
  • The Risk Champion, who is working with the Business Analyst, will keep an eye on the progress on all the action items along with the business analyst.
  • Another session of workshop will be arranged to take the decision using the identified the severity and probability of the risk occurrence and budget requirements.
  • After the decision has been identified, the plan will be sent to the executive body for approval.
  • The executive body will evaluate the plan and the champions are required to clarify all the questions raised by the executive body.
  • After the approval, the plan will be ready to be executed under the supervision of the Risk Champion, who will keep all other Risk Champions in the loop.

Factors to consider:


  • They will provide direct and honest feedback keeping organizational needs in mind.
  • A well-designed approach which can work in any cross functional venture.
  • Everyone is aware about the plan and the progress.
  • Risk Champions will make sure that project team does not deviate from the approved plan.


  • The process is time consuming.
  • Requires resources with specific skills and dedicated time.
  • Business Analyst will have to invest his/her time in the Risk management activities along with the Risk Champion.
  • It can reduce the importance of risk champions if he/she does not have required skillset.


The inclusion of Risk Champions has worked in our organization and it has made our decision-making process robust.

However, in my opinion, not all organization needs nor can afford this structure.

This framework will work greatly in those organizations which are working under any regulatory body including, but not limited to, banks, broking companies, financial services companies.

Risk Championship framework can also work outside the project i.e in the BAU environment with great results.

As a Business Analyst, I always believe that the effect of risk management on any project is underestimated. However, at the end, it is just a framework which is as good as any framework if it has resources with required skills and experience.

In my opinion, Risk Champions are not rival to Business Analyst as they are essential Business Analyst themselves with expertise in Risk management.

The Disruptive Business Analyst

Disrupt. By definition disrupt means “to prevent something, especially a system, process, or event, from continuing as usual or as expected.

To throw into confusion, throw into disorder, throw into disarray, cause confusion/turmoil in, play havoc with.”

From a technology perspective, it refers to “any enhanced or completely new technology that replaces and disrupts an existing technology, rendering it obsolete. It is designed to succeed similar technology that is already in use. Disruptive technology applies to hardware, software, networks and combined technologies.”

So, what about the disruptive business analyst? I work mostly with tech projects so for me the disruptive business analyst is working with what we used to call bleeding edge technology on new projects for anxiously awaiting project clients leading tech teams on exciting and sometimes dangerous new project adventures. End users and subject matter experts are awaiting a nearly ready solution during user acceptance testing (UAT) and at implementation rollout to the end user community with this creative solution. Hopefully the tech team… and the business analyst… along with the project manager have provided a workable solution that meets their requirements dead on. This can be difficult, of course, anytime you’re moving to a new technology that you’ve not worked with before, the project team hasn’t worked with before, the client has never likely seen or used it before, and that may not have been implemented in the client’s type of industry before. You’re on the edge… you’re going where no one has gone before (well, with that customer in that industry anyway…).

Stay abreast of new technologies

Since the business analyst is usually at least the liaison between the tech team and the project manager on a technical project – and is sometimes even the co-lead or sole lead of the project – then it is obviously critical that he remain relevant and current of ongoing tech trends and new technology. Through regular training, reading and research, this is easy to do and in terms of products, technology and security, conferences and the exhibit rooms at these conferences are a great way to get first hand face to face knowledge and deep dive information from the individuals creating and introducing this technology. Conferences like CES (Consumer Electronics Show), Interop and Black Hat will have briefings, demonstrations and training available for attendees and they can be fascinating ways to enhance your knowledge level.


Ensure the right team assembled for the tech implementation

A new technology is being used on our high-tech solution for the project client. Is our project team up for the challenge? Is the learning curve reasonable or do we need part time or full-time consulting or new resources on the project? That initial assessment must be made or at least assisted by the business analyst. And this determination needs to be made – and not lightly – as close to the kickoff of a new project as possible so as not to result in a timeframe extension, budget overrun and big, long learning curve for newly on boarded project resources.

Oversee customer training and education on the tech solution and the technology used

The project manager works closely with the customer throughout the engagement. There is no question about that. But on many tech projects the business analyst works even closer and for extended periods of time. On one of my projects, the customer wanted a change order to have the business analyst work full time onsite for the remainder of the project resulting in a $100k+ change order with a high profit margin added to the project. I was happy to oblige, of course. Especially in cases like this one, the business analyst is going to have the best feel for the customer’s ability to understand and eventually take over a new high-tech solution. Should education and training take place? Often the answer is yes. Yet another change order revenue opportunity! Win-win. This is an area where the business analyst will usually need to play point on – be aware.

Ensure Cybersecurity measures are taken

While hackers know that organizations using legacy technology are the easiest target, most get more challenge and enjoyment from cracking new technology. If you are embarking on new tech adventures on your project, know that you may be a target, especially if you are handling any sensitive data with this new tech angle. So, know that if you’re utilizing bleeding edge technology, you are on the hackers’ radar – you are a likely target will need to take proper measures. It’s best to address this possibility early in the planning phases while assessing risks and the skill set needed for your project team.

Summary / call for input

Are you a disruptive business analyst? Most business analysts working with startups and large corporations entering new areas of delivery are going to be utilizing new and cutting-edge technology. The key is to be fully engaged, ensure the client understands – at least to some degree – the new technology and that you have the right talent designing and implementing the project solution. Oh, and that the end user community knows what they are getting. It never hurts to make sure that your project manager is on board with the same technical understanding. Project management is sometimes project management across all complexities and industries… but I’ve always felt that a technical background is critical to the tech project manager’s success in managing tech projects. Sounds logical – and it is logical. I’ve seen it with my own eyes. I’ve got the tech background myself, but I’ve seen many colleagues fail miserably on technical projects because of a lack of tech background and understanding.

Readers – what’s your take on this list and these areas of emphasis? What would you add to it or change about? Do you agree with it? Tell us about a project you played a key role on using new technology and how you managed issues and risks – if there were any – in the implementation. Was it smooth? A success? A failure? Let’s share and discuss.

Business Analyst = Cybersecurity Expert

Ok, this may be a stretch to say “cybersecurity expert”, but I got your attention, didn’t I?

To me – and on all the “real world” tech projects I’ve managed – the business analyst has played the role of part-time tech and full-time tech liaison with the technical team on the project. They run the requirements definition portion of the project, they document – with project manager assistance – the functional requirements for the project and help extract the project client’s current business processes that are or will be affected by the project as well as helping to analyze and define what the new processes need to look like as we build the solution that will satisfy the business needs of the project client.
Easy process? No. Lots of work involved? Yes. Lots of documentation involved as well and much of it will become the basis for the full, detailed requirements document as well as what the ultimate solution is tested against as we run through user acceptance testing (UAT) with the project client. Defining all of this is critical to selecting the right technology, fully and correctly defining what the real requirements are, fully understanding what the “as-is” and “to-be” business and technical processes are or planned to be and fully preparing for the rest of the project.
Now, that said, the project manager has his role. The tech lead and team have their roles. Often, everything else might fall to the business analyst. And as we manage projects in ever increasing dangerous waters filled with hackers and data breaches, the business analyst may be taking on a new role in the smaller and/or less prepared project execution organizations. That is the role of the cybersecurity “expert.”
I’ve often said two things: data security and hacking are such a growing concern that no project should be consider “safe.” Hackers are always one step ahead of us and if you were on their radar you would have already been affected. But you may get lucky for a while. Sooner or later you will be affected to some small or potentially large degree. You can’t necessarily completely avoid or mitigate the hacker / data breach risk. But you can take measures. Does every project need some involvement from security as a part of the project team – if only as a sit-in during risk identification? I think so. Will all organizations eventually have a team of cybersecurity experts? Probably. But for now, that cybersecurity team or presence may just be one untrained or “in training” individual who has a strong interest in cybersecurity (or is forced to have that interest). And who is that likely candidate? The business analyst. In fact, the smart organization would be bringing in cybersecurity trainers right now to start getting the ground work laid for a solid team of security individuals tasked with keeping organization and customer data and systems safe from harm. The larger organizations should be putting a CSO (chief security officer) in place to guide the security infrastructure down the right path and career growths for those hired to be part of that infrastructure.
So, does the business analyst really = cybersecurity expert? In some cases, yes. And in the case where there is no real security awareness, representation or position on the project and in the organization the answer – in my opinion – is a definite yes. Get those BA’s in the organization as a whole at least educated on cybersecurity at a high level so they can begin to integrate cybersecurity awareness on the projects, the project teams and with the company’s senior management. It will give your project clients a better comfort level of satisfaction and confidence and hopefully provide some useful mitigation planning. There are some cybersecurity 101-type documents, videos, webinars and classes out there – often for free. Yes, that is all better than nothing. It’s what I’m immersing myself in – you learn something new and helpful with every watch or read. And I’ve attended many Las Vegas versions of the Black Hat digital security conferences over the years. They aren’t cheap, but they are if you get in for free with a media pass as I do because I’m also an author of these articles, white papers, eBooks and videos.


To get to the point of the proper cybersecurity presence, you can do one or more of the following 4′ things…

If you are a project-centric professional services organization – start with your business analyst or tech leads. In my opinion, this is probably the best way to start spreading the cybersecurity expertise to those who are most entrenched daily in the projects underway, about to happen, being planned and the customers they are working with. And it ensures that every project has a cybersecurity / cyber risk planning and management presence. That is priceless. And you have homegrown talent – also priceless.
Hire an outside consultant to review processes, projects and infrastructure and make recommendations. Expensive, but it can be a good start to building your own cybersecurity infrastructure. The expert will tell you what your needs likely are and help you plan a path to getting there including any re-organization and hiring you need to do today, a month from now and a year from now to be successful and safe. Expensive, but it will help the organization determine their real needs and how to get to the point of fulfilling those needs properly.
Hire cybersecurity talent and build a staff. If you are large organization handling sensitive internal or customer data, then you probably should have done this yesterday. So do it tomorrow and don’t procrastinate. And put a C-level security person in the organization – a CSO.
Hire an outside consulting organization to take part in necessary projects. Not your best choice for the money, but this can be a stop-gap measure if you find yourself suddenly immersed in projects that are highly data sensitive. As you move in that direction, the last thing you want is project failure and a big, highly visible data breach. So, if you must, then do this. It is far better than the alternative. And should something bad happen, it is far less expensive than the hack exposure.


Now is the time for action. Not tomorrow, not next year. Procrastination can cost millions in this instance. Train, buy, hire, or whatever… do something to protect your projects, customers and data.