Tag: Risk

A way to manage Risks in Requirement Management Lifecycle Risk Champions

As a Business Analyst, you would already have worked with Risks; and if you have not, it is a miracle.

Assumptions are essential part of requirements and Business Analysts’ one of primary tasks is Requirement Management which included eliciting, analysing and documenting requirements.

What is a Risk:

Risk describes an occurrence or uncertain event which may influence the ability to achieve the goal.

In Requirement Analysis, Business Analyst, with the help of other stakeholders, determines the risks. Being said that, it is very critical how a business analyst manages risks to achieve the business goal.

In principal, the project team and stakeholders need to take informed decisions based on the information at hand to achieve the project goal. Hence, it becomes essential to understand what the risk is all about and ways to manage them. Risks, positive or negative, should be understood thoroughly to define the level of tolerance, and to identify the responses.

There is another way to manage the risk by Business Analyst is to engage with Risk Champions.

A way to manage Risks: Collaborate with a Risk Champion:

Risk Champion is a person who by expertise or authority champions an aspect of the risk management process, but who is not the risk owner. They are a bridge to engage the business, to take care of aspects of the risk management process on behalf of the business and to ensure that business is aware about the impact, positive or negative, to the business. They are equipped/impowered to find the impediments available in the different part of the organization which in return helps to identify the strategy to manage the risk. They need to be involved when the business needs to take any big/small decision impacting multiple department of the organization. Many companies assign Risk Champions for each major functional area of the business, including sales, marketing, operations, HR, IT, legal/regulatory and the financial departments. These champions can be charged with assessing risk both in their individual functional areas and as a cross-functional team.

Apart from Risk Champion, there will be a Risk Owner who will be a Business Analyst, Project Manager, Product Owner, or a Process Owner generally.

Risk Champions should have most of following traits to be successful:

  • Risk coordinator: Ability to work with multi-functional team for risk management
  • Understands risk: A good understanding of risk management concepts, principles, and processes. They need to be aware of the compliance requirements as well if the industry is working under regulations.
  • Experts: Expert in their function / process in which they are champions.
  • Good soft skills: Strong leadership and motivational qualities; and Good communication skills. Good analytical skills to assist with the analysis of root causes to risk problems.
  • Influencers: Ability to influence the decision makers to keep the organizational needs above all. They need to work very closely with the head of the function they represent.


How it all works:

  • Business Analyst with the help of Project Manager, Product Owner, or a Process Owner identifies the risks.
  • The Business Analyst, who is now the risk owner, engages with the Risk Champion to determine the way to handle the risks.
  • Business Analyst and the Risk Champion will work with cross functional Risk Champions & stakeholders, in a workshop, to identify the severity and probability of the risk occurrence and any budget requirement.
  • In this workshop, they will decide the action items for all the stakeholders to take to prepare & execute all the risk management plan.
  • The Risk Champion, who is working with the Business Analyst, will keep an eye on the progress on all the action items along with the business analyst.
  • Another session of workshop will be arranged to take the decision using the identified the severity and probability of the risk occurrence and budget requirements.
  • After the decision has been identified, the plan will be sent to the executive body for approval.
  • The executive body will evaluate the plan and the champions are required to clarify all the questions raised by the executive body.
  • After the approval, the plan will be ready to be executed under the supervision of the Risk Champion, who will keep all other Risk Champions in the loop.

Factors to consider:


  • They will provide direct and honest feedback keeping organizational needs in mind.
  • A well-designed approach which can work in any cross functional venture.
  • Everyone is aware about the plan and the progress.
  • Risk Champions will make sure that project team does not deviate from the approved plan.


  • The process is time consuming.
  • Requires resources with specific skills and dedicated time.
  • Business Analyst will have to invest his/her time in the Risk management activities along with the Risk Champion.
  • It can reduce the importance of risk champions if he/she does not have required skillset.


The inclusion of Risk Champions has worked in our organization and it has made our decision-making process robust.

However, in my opinion, not all organization needs nor can afford this structure.

This framework will work greatly in those organizations which are working under any regulatory body including, but not limited to, banks, broking companies, financial services companies.

Risk Championship framework can also work outside the project i.e in the BAU environment with great results.

As a Business Analyst, I always believe that the effect of risk management on any project is underestimated. However, at the end, it is just a framework which is as good as any framework if it has resources with required skills and experience.

In my opinion, Risk Champions are not rival to Business Analyst as they are essential Business Analyst themselves with expertise in Risk management.

The Disruptive Business Analyst

Disrupt. By definition disrupt means “to prevent something, especially a system, process, or event, from continuing as usual or as expected.

To throw into confusion, throw into disorder, throw into disarray, cause confusion/turmoil in, play havoc with.”

From a technology perspective, it refers to “any enhanced or completely new technology that replaces and disrupts an existing technology, rendering it obsolete. It is designed to succeed similar technology that is already in use. Disruptive technology applies to hardware, software, networks and combined technologies.”

So, what about the disruptive business analyst? I work mostly with tech projects so for me the disruptive business analyst is working with what we used to call bleeding edge technology on new projects for anxiously awaiting project clients leading tech teams on exciting and sometimes dangerous new project adventures. End users and subject matter experts are awaiting a nearly ready solution during user acceptance testing (UAT) and at implementation rollout to the end user community with this creative solution. Hopefully the tech team… and the business analyst… along with the project manager have provided a workable solution that meets their requirements dead on. This can be difficult, of course, anytime you’re moving to a new technology that you’ve not worked with before, the project team hasn’t worked with before, the client has never likely seen or used it before, and that may not have been implemented in the client’s type of industry before. You’re on the edge… you’re going where no one has gone before (well, with that customer in that industry anyway…).

Stay abreast of new technologies

Since the business analyst is usually at least the liaison between the tech team and the project manager on a technical project – and is sometimes even the co-lead or sole lead of the project – then it is obviously critical that he remain relevant and current of ongoing tech trends and new technology. Through regular training, reading and research, this is easy to do and in terms of products, technology and security, conferences and the exhibit rooms at these conferences are a great way to get first hand face to face knowledge and deep dive information from the individuals creating and introducing this technology. Conferences like CES (Consumer Electronics Show), Interop and Black Hat will have briefings, demonstrations and training available for attendees and they can be fascinating ways to enhance your knowledge level.


Ensure the right team assembled for the tech implementation

A new technology is being used on our high-tech solution for the project client. Is our project team up for the challenge? Is the learning curve reasonable or do we need part time or full-time consulting or new resources on the project? That initial assessment must be made or at least assisted by the business analyst. And this determination needs to be made – and not lightly – as close to the kickoff of a new project as possible so as not to result in a timeframe extension, budget overrun and big, long learning curve for newly on boarded project resources.

Oversee customer training and education on the tech solution and the technology used

The project manager works closely with the customer throughout the engagement. There is no question about that. But on many tech projects the business analyst works even closer and for extended periods of time. On one of my projects, the customer wanted a change order to have the business analyst work full time onsite for the remainder of the project resulting in a $100k+ change order with a high profit margin added to the project. I was happy to oblige, of course. Especially in cases like this one, the business analyst is going to have the best feel for the customer’s ability to understand and eventually take over a new high-tech solution. Should education and training take place? Often the answer is yes. Yet another change order revenue opportunity! Win-win. This is an area where the business analyst will usually need to play point on – be aware.

Ensure Cybersecurity measures are taken

While hackers know that organizations using legacy technology are the easiest target, most get more challenge and enjoyment from cracking new technology. If you are embarking on new tech adventures on your project, know that you may be a target, especially if you are handling any sensitive data with this new tech angle. So, know that if you’re utilizing bleeding edge technology, you are on the hackers’ radar – you are a likely target will need to take proper measures. It’s best to address this possibility early in the planning phases while assessing risks and the skill set needed for your project team.

Summary / call for input

Are you a disruptive business analyst? Most business analysts working with startups and large corporations entering new areas of delivery are going to be utilizing new and cutting-edge technology. The key is to be fully engaged, ensure the client understands – at least to some degree – the new technology and that you have the right talent designing and implementing the project solution. Oh, and that the end user community knows what they are getting. It never hurts to make sure that your project manager is on board with the same technical understanding. Project management is sometimes project management across all complexities and industries… but I’ve always felt that a technical background is critical to the tech project manager’s success in managing tech projects. Sounds logical – and it is logical. I’ve seen it with my own eyes. I’ve got the tech background myself, but I’ve seen many colleagues fail miserably on technical projects because of a lack of tech background and understanding.

Readers – what’s your take on this list and these areas of emphasis? What would you add to it or change about? Do you agree with it? Tell us about a project you played a key role on using new technology and how you managed issues and risks – if there were any – in the implementation. Was it smooth? A success? A failure? Let’s share and discuss.

Business Analyst = Cybersecurity Expert

Ok, this may be a stretch to say “cybersecurity expert”, but I got your attention, didn’t I?

To me – and on all the “real world” tech projects I’ve managed – the business analyst has played the role of part-time tech and full-time tech liaison with the technical team on the project. They run the requirements definition portion of the project, they document – with project manager assistance – the functional requirements for the project and help extract the project client’s current business processes that are or will be affected by the project as well as helping to analyze and define what the new processes need to look like as we build the solution that will satisfy the business needs of the project client.
Easy process? No. Lots of work involved? Yes. Lots of documentation involved as well and much of it will become the basis for the full, detailed requirements document as well as what the ultimate solution is tested against as we run through user acceptance testing (UAT) with the project client. Defining all of this is critical to selecting the right technology, fully and correctly defining what the real requirements are, fully understanding what the “as-is” and “to-be” business and technical processes are or planned to be and fully preparing for the rest of the project.
Now, that said, the project manager has his role. The tech lead and team have their roles. Often, everything else might fall to the business analyst. And as we manage projects in ever increasing dangerous waters filled with hackers and data breaches, the business analyst may be taking on a new role in the smaller and/or less prepared project execution organizations. That is the role of the cybersecurity “expert.”
I’ve often said two things: data security and hacking are such a growing concern that no project should be consider “safe.” Hackers are always one step ahead of us and if you were on their radar you would have already been affected. But you may get lucky for a while. Sooner or later you will be affected to some small or potentially large degree. You can’t necessarily completely avoid or mitigate the hacker / data breach risk. But you can take measures. Does every project need some involvement from security as a part of the project team – if only as a sit-in during risk identification? I think so. Will all organizations eventually have a team of cybersecurity experts? Probably. But for now, that cybersecurity team or presence may just be one untrained or “in training” individual who has a strong interest in cybersecurity (or is forced to have that interest). And who is that likely candidate? The business analyst. In fact, the smart organization would be bringing in cybersecurity trainers right now to start getting the ground work laid for a solid team of security individuals tasked with keeping organization and customer data and systems safe from harm. The larger organizations should be putting a CSO (chief security officer) in place to guide the security infrastructure down the right path and career growths for those hired to be part of that infrastructure.
So, does the business analyst really = cybersecurity expert? In some cases, yes. And in the case where there is no real security awareness, representation or position on the project and in the organization the answer – in my opinion – is a definite yes. Get those BA’s in the organization as a whole at least educated on cybersecurity at a high level so they can begin to integrate cybersecurity awareness on the projects, the project teams and with the company’s senior management. It will give your project clients a better comfort level of satisfaction and confidence and hopefully provide some useful mitigation planning. There are some cybersecurity 101-type documents, videos, webinars and classes out there – often for free. Yes, that is all better than nothing. It’s what I’m immersing myself in – you learn something new and helpful with every watch or read. And I’ve attended many Las Vegas versions of the Black Hat digital security conferences over the years. They aren’t cheap, but they are if you get in for free with a media pass as I do because I’m also an author of these articles, white papers, eBooks and videos.


To get to the point of the proper cybersecurity presence, you can do one or more of the following 4′ things…

If you are a project-centric professional services organization – start with your business analyst or tech leads. In my opinion, this is probably the best way to start spreading the cybersecurity expertise to those who are most entrenched daily in the projects underway, about to happen, being planned and the customers they are working with. And it ensures that every project has a cybersecurity / cyber risk planning and management presence. That is priceless. And you have homegrown talent – also priceless.
Hire an outside consultant to review processes, projects and infrastructure and make recommendations. Expensive, but it can be a good start to building your own cybersecurity infrastructure. The expert will tell you what your needs likely are and help you plan a path to getting there including any re-organization and hiring you need to do today, a month from now and a year from now to be successful and safe. Expensive, but it will help the organization determine their real needs and how to get to the point of fulfilling those needs properly.
Hire cybersecurity talent and build a staff. If you are large organization handling sensitive internal or customer data, then you probably should have done this yesterday. So do it tomorrow and don’t procrastinate. And put a C-level security person in the organization – a CSO.
Hire an outside consulting organization to take part in necessary projects. Not your best choice for the money, but this can be a stop-gap measure if you find yourself suddenly immersed in projects that are highly data sensitive. As you move in that direction, the last thing you want is project failure and a big, highly visible data breach. So, if you must, then do this. It is far better than the alternative. And should something bad happen, it is far less expensive than the hack exposure.


Now is the time for action. Not tomorrow, not next year. Procrastination can cost millions in this instance. Train, buy, hire, or whatever… do something to protect your projects, customers and data.

Design Thinking for a Business Analyst

Design thinking is a concept that was first introduced back in the 1960s and has recently gained a lot of traction in the business world.

Adopted by many high-profile FTSE 500 companies such as IBM, Apple and Google to increase innovation and improve products and services, design thinking is becoming a part of everyday operations in organisations across the board.

What is design thinking?

Design thinking refers to the ‘cognitive, strategic and practical processes by which design concepts (proposals for new products, buildings, machines, etc.) are developed by designers and/or design teams. Many of the key concepts and aspects of design thinking have been identified through studies, across different design domains, of design cognition and design activity in both laboratory and natural contexts.’
Essentially design thinking revolves around gaining a deep understanding of the people that a product or design is being created for. It is widely accepted that there are five different phases of design thinking in no particular order;

  • Empathise with your users
  • Define users needs, desires, problems and your insights
  • Ideate by challenging common assumptions and creating innovative solutions
  • Prototype and start creating effective solutions
  • Test your solutions


What does this mean for BAs?

The very nature of a business analyst role is analytical, and this is unlikely to change, especially in an era of rapid digital transformation. However, this doesn’t mean that certain concepts of design thinking can’t be applied in practice to the role of a Business Analyst. Design thinking is in essence just another form of business analysis and many BAs will have used design thinking concepts in projects before. Perhaps the most common areas that business analysts can apply design thinking are scope definition, requirements elicitation and analysis and validation of decisions. The depth and length of the process will largely be depending on the scale and complexity of individual projects, and as organisations are becoming increasingly agile, so to will the concepts that business analysts are required to use.

Embracing design thinking

For business analysts embracing design thinking can allow them to become more analytical, user-centric and effective. By applying the skills and techniques developed as a BA and undertaking further education, this can also accelerate growth and career trajectory. Approaching a project with a purely business or analytical mindset will no longer be enough – for a Business Analyst, this could mean developing elicitation techniques, rhetoric skills, facilitation, and influence for a more effective project outcome.

The Business Analyst Career Road

The BA career road-map shows a bird’s eye view of the roles that Business Analysts can navigate in their career.

This also states in which function, the skills of a BA are best required. But, there are other functional spaces that a Business Analyst can embrace apart from the Business Analysis, Decision Support Analysis and Enterprise Architecture. One such functional area is Data management and Governance.

Every organization today, is looking forward to transform their business models emphasizing direct and in-direct Monetization as one of the primary drivers. This calls for a change to the current Business, Information technology landscapes while there is also a need to govern data. This can be a regulatory requirement or an enabler.

Often, we keep referring to hundreds of processes in a firm that are supported by thousands of systems that create, store data in again thousands of data stores, in a fragmented way. Thus, complexity of landscape remains the largest challenge that most organizations are tackling to simplify.
The organizational priorities for the much-required landscape transformation is driving the definition of data strategy. Data is the plasma that reaches every corner of an organization and keeps its actively functioning. There are dimensions of data management including data quality, metadata, risk, security and architecture management that help in simplification and benefits enablement using data.


There is a need for information capabilities and skills governed by Data Governance that manage and control this data. This enables the organization to look beyond regular business models, cost and risk reduction while aiding discovery of new revenue streams.
The benefits of having to manage and govern data are multi-fold, in reducing future costs associated with mergers and transformations, upfront integration costs, operational costs of maintaining redundant data, reducing product time to market, competitive advantages and the list goes on.

Data Governance is the process of setting standards, defining rules, establishing policy and implementing oversight to ensure adherence to data management best practices. Governance is the formalization and empowerment of the data management program, to ensure propagation and sustainability throughout the organization.

Most Business Analysts performing Data Analysis in these organizations, gradually moved into well established roles of Data Management and Governance. A business analyst has the necessary skills to gather data requirements, analyze and model the specifications, translate them in a way that designers and architects understand to build solutions. He further understands the need for Governance, performs enterprise analysis and assesses the solution capabilities.

Is it time that this functional area should be included in the BA career roadmap? The Business Analyst can traverse the roles from a Business Analyst or Data Analyst to being a Chief Data Officer.

A Business analyst followed by a Data Governance consultant and then an executive dimension owner, Business Data Steward and a chief data officer are some established roles that exist in this functional area.