Skip to main content

Tag: Techniques

BATimes_Jan25_2024

Maximizing Business Analysis with ITIL: A Strategic Integration for Success

Written by Suchita Panchal on . Posted in Articles.

In the dynamic landscape of modern business, the role of a Business Analyst (BA) stands as a linchpin between technological advancements and strategic objectives. Within this realm, the integration of ITIL (Information Technology Infrastructure Library) principles has emerged as a pivotal force, reshaping the way BAs navigate and optimize business processes.

 

Understanding ITIL:

At its core, ITIL represents a comprehensive framework that encapsulates a set of best practices for IT service management. ITIL has evolved into a globally recognized framework, offering guidance on aligning IT services with the needs of the business. It comprises a collection of detailed practices, emphasizing service lifecycle management, continual improvement, and customer-centricity.

 

Enhancing Business Analysis with ITIL:

For Business Analysts, the incorporation of ITIL principles serves as a catalyst for profound change, fostering a more strategic and holistic approach to their responsibilities. Let’s explore how ITIL augments the role of a BA:

  1. Structured Process Analysis: ITIL provides a structured framework for analyzing, designing, and improving processes. BAs leverage this methodology to gain a comprehensive understanding of IT service lifecycles, enabling them to streamline operations and enhance efficiency.
  2. Facilitating Effective Communication: With a standardized language and terminology, ITIL bridges the communication gap between IT teams and business stakeholders. BAs proficient in ITIL can effectively convey complex technical concepts in a language that resonates with organizational objectives.
  3. Informed Decision-Making: By embracing ITIL methodologies, BAs gain insights into service strategy, design, transition, and operation. This knowledge equips them to make informed decisions that align IT services with overarching business goals.
  4. Continuous Improvement Culture: The core principle of continual service improvement in ITIL aligns seamlessly with the BA’s pursuit of optimizing business processes. BAs facilitate a culture of ongoing enhancement and adaptation, ensuring that IT services evolve in tandem with organizational needs.
  5. Risk Mitigation and Adaptability with: ITIL equips BAs with the tools to anticipate and mitigate risks effectively. This proactive approach minimizes disruptions, ensuring business continuity in the face of technological or operational challenges.

 

Advertisement

 

Real-world Impact and Success Stories:

Numerous success stories attest to the transformative impact of integrating ITIL into the scope of Business Analysis. Organizations have witnessed improved service delivery, increased operational efficiency, and a more strategic alignment between IT initiatives and business objectives. BAs proficient in ITIL frameworks have played a pivotal role in orchestrating these successes, driving innovation, and fostering a collaborative environment that embraces change.

 

Challenges and Adoption:

While the benefits of ITIL integration are substantial, challenges in implementation persist. Resistance to change, organizational inertia, and the complexity of aligning ITIL methodologies with existing processes often pose hurdles. BAs navigating this landscape must demonstrate strong leadership, communication skills, and a keen understanding of organizational dynamics to facilitate successful integration.

 

Continuous Learning and Evolution:

In the ever-evolving realm of technology and business, the journey of a BA integrating ITIL principles is an ongoing process. Continuous learning, staying abreast of updated ITIL practices, and adapting to changing business landscapes are essential for sustainable success.

 

Conclusion:

ITIL isn’t merely a set of guidelines for IT management; it’s a strategic enabler for Business Analysts. Its integration empowers BAs to be strategic partners, driving organizational success by aligning IT initiatives with business objectives, fostering innovation, and enabling a culture of continual improvement. Embracing ITIL principles expands the horizons of Business Analysis, transforming it into a proactive and value-driven function crucial for the modern enterprise.

The synergy between ITIL and Business Analysis isn’t just a trend; it’s a strategic imperative for organizations seeking to thrive in an increasingly digital and competitive landscape.

BATimes_Nov30_2023

Secure or Sorry: From Gym Lockers to Cybersecurity

Written by Adrian Reed on . Posted in Articles.

I’m a member of a local gym, and a few weeks ago I noticed that they were maintaining the lockers in the changing rooms. The lockers are pretty standard metal boxes, and members bring their own padlocks for added security.

I’d noticed for months that the latch mechanisms had been getting very loose, so I was glad to see maintenance happening. The staff member doing the maintenance was chatting to another member, and I overheard him say that there had been a whole series of thefts the previous week. Accordingly, they were ramping up security, including turning on the keycode lock on the changing rooms (members each have a PIN code which can be used to access the facilities, but was usually switched off during the day).

I suddenly felt a real perception of risk, to the point that I decided not to leave my house keys in the locker, but take them with me onto the gym floor. I’m now even more cautious when closing my padlock, to make sure it’s properly secure.

 

The Horse Had Left The Stable

While all of those personal security measures are useful, the gym (and I) were only prompted to review our security posture after an incident had occurred. The thieves had probably long gone, and had moved onto a different gym. Perhaps they even tour the country, buying day passes, finding the gyms with weak security. Who knows.  Not only this, but the gym had increased its security, so my possessions were probably the safest they’d ever been. Yet I felt the most uncomfortable I ever had.

Ironically, the time I was most at risk (the previous week, when security was lapse and thieves were at the gym) I was blissfully unaware, the risk wasn’t particularly on my radar. I may have been happily running on a treadmill at the very moment a thief was breaking into a locker and stealing someone’s property.

This pattern of the gym increasing security after an incident occurred might be seen as a classic case of ‘closing the stable door after the horse had bolted’.  However, it’s not that simple—reacting to a security threat after an incident occurred is still valuable, as it will prevent a similar thing from happening again.  I suppose it is more akin to closing the door after one of your three horses has bolted. Not as good as closing the door earlier, but better than continuing to leave it open…

 

Advertisement

 

Predictable With 20/20 Hindsight

The thing which struck me about the locker thefts is that it was completely predictable with hindsight. The latch mechanisms on some lockers were so loose it’s easy to see how they could be overcome. Not only this, a culture of trustworthiness (which is lovely) had emerged. People would leave their expensive coats out, and some people wouldn’t even use padlocks at all.

As my father used to say “it only takes one bad apple”.  And as time goes on, it seems statistically likely that the bad apple will emerge.

 

It’s Not Just Lockers: Information & Cybersecurity

This pattern of trustworthiness and complacency doesn’t just exist in gyms, it can also be an issue within organizations.  If you haven’t had a data breach, then security of data might seem an irritating formality, or it might not feel as ‘real’ as some other more proximate risks. However, the fact is that there are hostile actors out there targeting companies just like yours and mine.

I’ll bet in most organizations there’s at least one application that is creaking at the edges, is out of support (or nearly out of support), or an application where there’s a maintenance patch needed, but that’s not seen as a priority just yet. Or an application that’s been customized so much it’s not on the official upgrade path any more.  Upgrading it or replacing it has always been seen as important but not urgent, so it’s left there, collecting more and more dust. Might there be some security vulnerabilities there? Perhaps it’s like an insecure gym locker, fine for the moment, but once a ‘bad apple’ finds it there will be chaos… and that single vulnerability might gain them wider access to all sorts of systems and information.

It’s not just about customer data either. Do you know what your organization’s key intellectual property is? Where it’s stored? Who can access it? Where it’s backed up and archived? In many organizations it’s spread out, with key information that yields competitive advantage mixed with more routine stuff, all dumped in a folder or repository of some type… Hopefully someone from ‘corporate IT’ is backing it up. Let’s hope so, eh?

 

Security Matters: Business, Process & IT

There is sometimes a perception that information and cybersecurity is an ‘IT thing’. The reality is so much wider than that. The weakest link might not be the tech, but the person operating the tech who receives a call out of the blue by someone they believe to be a colleague (but is actually a hostile actor engaging in ‘social engineering’ to gain information).

This has wide implications for business analysis. Security needs to be built into IT systems and processes from the very beginning. It’s important to think “who might be trying to gain unauthorized access to this, how would they do it, and how will we prevent it?”.  It’s important to think about the types of information and data held, its sensitivity and the impact if it were to be damaged or disclosed. This will lead to specific requirements and acceptance criteria around these aspects. It will likely lead to a BA asking challenging questions, which might include “is this the right thing to do, right now, when we have a security vulnerability over here?”

Most of all, while things might be calm now, there might be a storm waiting round the corner. It is the calm times when a little investment in the ‘important but not urgent’ will save a lot of headaches in the future. And surely that’s worthwhile?

 

 

 

BATimes_Nov22_2023

Lost in Translation: The Perils of Ambiguity in Business Communication

Written by Adrian Reed on . Posted in Articles.

In recent years, I’ve traveled a lot less than I did before the pandemic. One thing this has led to is me seeing processes and practices with fresh eyes. When you travel regularly, the novelty wears off and a sort of ‘autopilot’ kicks in, and a period of not traveling means that everything is less familiar and more open to scrutiny.

I was recently thinking about the questions that are commonly asked when checking in bags before a flight. I can’t even remember if these questions are asked verbally any more, or if there’s some sort of sign or declaration, but there certainly used to be questions such as:

 

  • “Have you left the bag unattended at any time?”
  • “Did you pack the bag yourself?”

 

I suspect, like many people, if you were asked these questions a semi-autopilot would kick in and you’d say ‘no’ without thinking. After all, presumably these questions are aimed at catching smugglers or criminals of some other type. The questions almost seem redundant for ‘normal’ people.

Let’s examine one of the questions, as I think some of the patterns here are important for business and business analysis more generally….

 

What does “unattended” mean?

Let’s take the first question (“have you left the bag unattended?”).  This question is, upon examination, really quite vague.  In fact, I’m pretty sure the actual question airport staff is more specific, but humor me and let’s imagine they ask it in this way.

A first challenge is what the word ‘unattended’ means to one person might be quite different to another.  Take the following situations, do you consider them to mean that the baggage has been left ‘unattended’?

 

  • You’ve just taken a connecting flight and have had to re-check your bags. Your bags have been handled by baggage handlers, and have been left unattended in the hold of the plane
  • You traveled to the airport by bus. The bags were in the baggage compartment of the bus and you didn’t have access to them during the three hour bus ride. There were several stops along the way where passenger bags were loaded/unloaded. Anyone could have accessed your bag at those times.
  • You drove to the airport. It was a long drive so you stopped for gas and a meal. Your car was parked in a car park for over an hour
  • You traveled as a group in two taxis. Your bag was in the other taxi, accompanied by your friends but not you

 

It’s tricky, isn’t it? Technically, if you’ve checked your bags into a previous flight, they have been unattended for a period of time. Yet, you’d likely say ‘no’ to this question… because you know that this isn’t a circumstance that actually counts as ‘unattended’.  I suppose as travelers we intuitively know what’s being asked and what matters. Or at least we think we do…

After all, if we were to literally interpret the question “have you left your bag unattended at any time?” then there is no way that ‘no’ would be a valid answer. Of course it’s been left unattended at some times… when it’s in the closet not being used!

 

Advertisement

 

Beyond Airports: Why Definitions Matter

You probably don’t work in an airport, so might be wondering why I’m obsessing over the wording of a check-in question. This pattern of ambiguity potentially leading to misunderstandings, confusion or (more usually) people making assumptions is rife in organizations and projects too.

Much like the term ‘unattended’ has ambiguity attached, other seemingly ‘obvious’ terms can be problematic. Take the word ‘customer’, it sounds clear, doesn’t it? Perhaps you’ve even written a requirement or user story which articulates what a customer can do.  Yet even such a simple-sounding word leaves room for ambiguity. For example:

 

  • Does someone have to have already bought something to be considered a ‘customer’? Or does the term ‘customer’ include prospects/people in the buying pipeline too? Or do there need to be two terms, ‘prospect’ and ‘customer’?
  • If the person paying for a product/service is different from the person using/benefiting from it, which one is the customer? Are they both customers?
  • Is the term used to mean internal as well as external customers?
  • Are there different customer types? Does a requirement or story apply to all types or only some types of customer?

 

Things can get even more complicated than this. Who is the ‘customer’ of the judicial system, the prison service, and so on. It very much depends on who you ask, which is why it is important to actually ask the question!

 

Definitions Make For Concise Requirements And Stories

This comes back to a key point that is (sadly) often overlooked: definitions matter. A glossary might not be considered a new or exciting artifact, but it can really help ensure people are on the same page. With a clear and shared understanding of key terms, requirements and stories can be more concise.

A small investment in a shared glossary can save lots of time in the long run. Starting early is the most effective way of doing this. And believe me, if you don’t create one, there will come a point in time where you wish you had!

 

 

 

 

BATimes_Oct26_2023

Have You Considered “Customer Information Needs” In Your Process?

Written by Adrian Reed on . Posted in Articles.

A while ago, I was sitting in an airport where all flights were delayed due to weather. As is quite often the case in situations like this, staff at the gate initially don’t have a great deal of information available to them. In my experience, airport staff will do everything they can to keep customers updated, but sometimes they seem to know little more than the passengers (and are probably every bit as eager to know what is going on!).

What has changed in the last ten or so years is that getting information from outside sources is a lot easier. While some people were lining up to speak to the gate staff, others were accessing apps to try to piece together what was going on.  For example:

 

  • Using a flight tracking app, I could see planes that were previously in a ‘holding pattern’ above had now changed direction (very likely they were diverting to other airports)
  • Looking at other airports’ websites, I could see flights destined for this location due to leave hours ago had not left (presumably as the weather had been forecast). I concluded this might cause a problem, as even if the weather clears, the aircraft and staff won’t be here to conduct the onward/return flights (and even if they are, perhaps the flight crew might have exceeded the number of hours they are allowed to work without a break)
  • Looking out of the window, I could see that the weather appeared to be getting worse, not better…
  • When I accessed a hotel booking app, I could see hotels in the area starting to sell out of rooms. I started to worry that if the flight was canceled, there wouldn’t be anywhere to stay

 

The airport and gate staff were incredibly helpful, to the extent that they could be, but the only information they could really give is “flight delayed: next update in an hour”.  The irony was that a consumer had access to more information via free smartphone apps than the airport representative was able to share.

I made a decision to stick with it, but assumed that I probably wasn’t going anywhere that day. My prediction came true, and after a mad scramble I thankfully did get a hotel room for the night and flew late the next afternoon.

 

Advertisement

 

Customers Need Information

It will come as no surprise that for customers to have a good experience of a service, they need accurate information at key times. If you’ve ever flown on an airplane, you’ve probably found most airports are pretty efficient at managing routine information flow. There might be hundreds of other flights leaving on the same day, but it’s usually pretty easy to know what terminal and gate you’re leaving from. Airports are usually also pretty good at getting people to the gate on time (even if they occasionally pretend they are ‘boarding’ long before the plane is actually boarding in order to get people moving…). Issues sometimes occur when things aren’t going as planned.  This is where you have to rely on someone announcing something over a loudspeaker system, often in a noisy airport, where everyone is desperately trying to work out what is going on…

 

What is perhaps less obvious is that someone has designed how and when information flows to the customer. The “happy path” (where things go well) is a well-trodden and well-designed path. Perhaps some other exceptional paths are less well-designed, meaning customers are less likely to get the prompt information that they need.

 

Consider Information Needs

This is an area where BAs can add significant value. Quite often, the focus will be on designing a customer journey or set of business processes. That is a perfectly good approach, but at each step in a journey or process it is worth asking “what information might the customer need here” and “how can we deliver it to them?” This applies as much to the exception flows as the main “happy path”.  Often exceptions are where those “moments of truth” happen where a customer really relies on good service.

Not only this, but if a customer’s information needs are preempted, this will likely prevent queries. Imagine an announcement at an airport:

“This is an announcement for people on flight BMXXXX to Southampton.  All flights are currently grounded due to weather conditions, and all incoming flights are being diverted. We currently hope to run the flights, but right now we can’t be sure. We will be updating you every hour, and a final decision will be made at 9pm.  If we don’t fly today, you’ll get a free place on a flight tomorrow, which will be automatically allocated (you won’t need to take any action, you’ll get it via email).  If you’d prefer to voluntarily change your flight, come and see us and we’ll explain how to do this, but please do be aware a fee may apply if you opt to change before the flight is canceled”.

 

This isn’t perfect but it would help a passenger make a decision. It has preempted the decision they might want to make and has provided them some context.

Of course, you probably don’t work in an airport, but you almost certainly work to define and design processes that are used by people. By considering what information those people want and need during the process, in both the “happy path” and in exceptional circumstances, we can enhance the experience. And surely that is worth doing!

 

 

BATimes_Aug16_2023

The Tyranny of the Algorithm

Written by Adrian Reed on . Posted in Articles.

A while ago, I noticed that some people changed the way that they were writing LinkedIn posts. Rather than writing in sentences and paragraphs, everything would be written in this weird separated way with everything spaced out in a really unnatural way.  Then certain other common patterns appeared (e.g. using PDFs documents with multiple pages, or ‘carousels’ as some people call them).  Video was huge, then not huge, and so the trends fluctuated.  Some of the formats seemed really good and useful… others… not so much (we’ve probably all clicked on the occasional ‘click bait’ LinkedIn post…).

I gather one of the reasons that people post in particular ways is to get maximum exposure, and to do this you have to pander to the algorithm.  It is, after all, the algorithm that will decide how many people see your post…  and not all posts are created equal.  Those that get more ‘engagement’ will be seen by more people (and, very likely, get even more engagement).  Yet the algorithm decides what counts as ‘engagement’.

There’s nothing inherently wrong with this. LinkedIn is a private enterprise, it can (I suppose) run its operations however it chooses. But take a step back for a moment, and let’s make a hypothesis here:

 

The algorithm has changed the way people write content and interact with others on LinkedIn

I’m making no moral judgment here, and the way that people write and engage with each other has adapted over the years. But let’s follow this to its logical conclusion: social media algorithms have the ability to influence the style and formats in which people communicate. It decides what content gets seen (and doesn’t get seen). Again, as users we might be OK with that. But I hope that there is someone within those companies asking a whole set of ethical questions…

 

Avoiding Biases and Unintended Consequences

In particular, it’s important to consider whether algorithms might lead to bias, and might inadvertently disadvantage or affect particular groups or stakeholders, or whether they might have other types of unintended consequences. For example, I’d imagine that the LinkedIn algorithm probably aims to keep people on the site for as long as possible, and serve them up relevant adverts. But when people learn its nuances, they start to ‘game’ the algorithm, meaning that some folks are more likely to get their content seen than others. Presumably, LinkedIn eventually learns about this too, and adapts the algorithm, and the process repeats.

 

Yet unintended consequences like this aren’t limited to IT or algorithms. Nor are biases  (there are plenty of well-documented cognitive biases that affect people too). Crucially this is an area where BAs can help ask some of the difficult questions, and get beyond (or at least highlight) potential issues.

 

I have often thought it interesting that within most organizations, if you ask the question “who is responsible for regulatory compliance” you will get a clear cut answer. There is usually a legal or compliance team, and often a named individual who is responsible and accountable. Ask “who is responsible for the ethics of this product or project?” and (outside of some very specific domains) you’ll likely get a blank stare. Or, you’ll get a word-soup answer that boils down to “we’re all responsible”.  And when everyone is responsible, too often nobody steps up to ask the hard questions.

 

Advertisement

 

The Ethical Imperative

This is a space where BAs can add significant value. As BAs we’ll be used to conducting stakeholder analysis, thinking in terms of the different stakeholders or personas who will be impacted by a particular proposal. We can extend this thinking by asking “who isn’t here around the table, who is missing from these conversations, and how can we ensure they are represented?”.

We can ask the difficult, but important ethical questions, and ensure that the projects and products that are progressed by the organization are in line not only with its strategy but also its values. If there’s a strategy-execution divide in many organizations, that’s nothing compared to the values-execution divide! (We’ve probably all had experiences with organizations that say they ‘put the customer at the heart of what they do’ that… definitely don’t actually do that!).

 

Often, as BAs, we are able to take a step and ask “what is the impact of this”, and “what does success look like for X stakeholder group?” and “how does that vary from what the Y stakeholder group thinks?”.  By taking a holistic view, balancing different viewpoints and putting an ethical lens on things, we can hopefully reduce the risk of inadvertently introducing bias or unintended consequences.

This involves us having the courage to ask bold questions and keep ethics firmly in mind. If we don’t, there’s a real danger that the ethical dimension will get missed. A situation that I’m sure we’re all keen to avoid!