Posted on

So which is the best analysis method?

Some of us like to do things differently

As the digital space pervades more and more of business, decision makers are taking more of an interest in analysis. There are sufficient battle scars amongst the leaders of today who have suffered from software projects run by developers that they have got over the “do we really need the expense of analysis?” That is the good news.

The next step is of course to ensure that analysis is done correctly, and again there are battle scars from initiatives that have not gone to plan. I worked with a regional Council that was looking for a new IT service management system. They had an analyst develop a large number of requirements from innumerable workshops and put out a tender. Not a single vendor responded!

The key to successful analysis is to align the analysis technique to the specific project. The benchmark international standard for business analysis is managed by the International Institute for Business Analysis. They produce the Business Analysis Body of Knowledge (BABOK) Guide and have further developed a series of approaches in their specialisations – Business data analytics, Cybersecurity, Agile and Product ownership.

Having a global standard to follow and people who are certified certainly improves the chances of success for any initiative. The most critical step however is to document how you will do your analysis – the Requirements Management Plan, sometimes integrated with the overall Project Plan.

The key components of a Requirements Management Plan are:

  • High level approach – this aligns the approach with stakeholder expectations and with good practice. It details how current state will be recorded and analysed and how to go about developing a future state. It needs to align analysis with overall project methods such as agile, waterfall or procurement related.
  • Stakeholder engagement – how does the project engage with stakeholders and what are the expectations on both sides?
  • Process elicitation and documentation – what standards are being used? Do we include user stories and personas? What level of detail is being documented?
  • Requirements lifecycle management – how are the requirements being classified and managed through the lifecycle of the project?

Even with all this in place, getting analysis right is challenging. You need good people who can interact effectively, bring sufficient understanding into the workshops and work efficiently to manage the volume of detail that good analysis inevitably entails.

Have you had good or bad experiences with business analysis?

Posted on

Is Business Analysis the next big thing?

Beautiful, but not tulips
Route de Vireloup

Business Analysis is the next big thing – or so they say! But are we sure it isn’t like the tulip mania of 1637, the railway speculation of the 1840 or the dot com bust of the 2000s?

Well, I for one have taken the punt and thrown my whole energy into a career in business analysis over the last 15 years. On balance I would say that I have ended up with a “Win”, but life is complicated and it might help if I took you through my story.

In a land far, far away, a long time ago I graduated as an engineer and spent 20 years progressing up the corporate ladder and enjoying work immensely. Over the time I was dragged into the IT universe and left my engineering role to become a Chief Information Officer and travel the world.

CIO roles are somewhat bruising and after a while I decided on a third career change. I had seen time and again the challenges of delivering effective technology solutions. I had always recruited great project managers, but the penny dropped that pairing strong project management with excellent business analysis was important for project success.

As time went on I realised two more things – firstly that projects are not always the best way to develop successful technology; and secondly that excellent analysis early on in an initiative was critically important, but often lacking as the skills were not available.

My final career move was from CIO to business analyst (easier to do than the other way around). I grew my career again through some challenging periods and arrived at a destination which gives me great pleasure. I now run my own Business Analysis consulting company (Vireloup Pty Ltd) providing the quality advice that I found so hard to source as a CIO. I have the flexibility to choose interesting projects and work when it suits me. Financially business analysis has been good to me.

One consistent thread through my career has been engagement in industry associations. Paraphrasing Max Weber “civilisation is created through the slow boring of hard boards”. I have done a lot of this, reaching the zenith of President of the Australia Chapter of IIBA for 3 years. It may just be coincidence that my career succeeded while I put immense effort into voluntary roles, but I don’t think so.

So my gamble on business analysis seems to have paid off. I’m not sure that everyone can say that, and I would be interested to hear your experiences.

Posted on

What the pandemic can teach Business Analysts

Not an on-line experience
Less close please

I recently managed to score a meeting with the Dean of Business at one of the GR8 Universities in Australia. Given the pandemonium in the University sector (think: no international students, the move to online education, the Government rework of University Course charges and lecturers can’t take their overseas junkets), I was grateful to get the time. Our conversation covered many topics to do with the future of work, but it was an off-hand comment that peaked my interest.

The Dean mentioned the remarkable job done by the University to pivot to on-line learning as large gatherings were prevented by the Covid-19 pandemic. The speed of transformation was breathtaking (a matter of weeks) and it was well supported by all academic and administrative staff. He commented that if the change had been driven as a regular University project it would have cost millions of dollars and taken 3 to 5 years.

I asked him what the key driver of this successful change was. Evidently the remote learning technology is reasonably mature and most staff had some familiarity with the on-line experience. This was not the main thing. “The one thing that made this happen was that everyone absolutely understood the need for change” the Dean stated.

This set me thinking, what can this teach us about business change in general? In this case many hundreds of man-hours of project manager, business analyst, change manager and tester’s time was not needed. Are we fundamentally flawed in our project approach? Is the money spent on these roles wasted, based on a mistaken belief that the only way to implement technology driven business change is through a well-resourced project team?

For me, the answer is yes and yes. Organisations can effect rapid business change effectively if stakeholders fully believe in the change rationale. In circumstances where the driver is less dramatic than a pandemic, we should be investing more effort in the “why” of change. In practice this means more upfront investment in clarifying strategic drivers and building excellent, believable business cases.

The second “yes” is that the project environment is not well suited to technology driven business change. The move to agile over recent years has certainly been an improvement, but ultimately the change capability must be built into the operating departments of every organisation. For technology driven change we need to move away from project managers to product owners and re-empower the people managers who have responsibility for business success.

It’s a hackneyed term “never let a good crisis go to waste”, but in this case we need some introspection and to ask the question – Are we really doing a good job with business change, or is it just fattening our wallets and keeping us employed?

Posted on

Why do you need a business analyst?

As a seasoned business analyst, a lot of my work involves uncovering the real value of initiatives. I am often a thorn in the side of managers who want to “just get it done” when I ask questions like: What are you really trying to achieve? Have you assigned adequate weights to all the risks? Is your optimism about this project really justified?

My sense of integrity requires that I ask the same questions of myself. I advocate for the use of good business analysis in business as Vice President of IIBA Australia Chapter and Chair of IIBA Brisbane Branch. I need to ask (and answer) the question – what is the real value of business analysis?

I like this definition of business analysis: “Business Analysis uses proven tools and techniques to analyse business performance, evaluate the impact of change and advise the best course of action.” Why do we need to spend money on this effort, for a profession that didn’t even have a name 20 years ago?

The answer I think lies in the changing nature of business investment and in particular in the “IT project”. The graphic below shows the amount of effort expended in different categories of work. The technology project has dramatically higher levels of decision making compared with other investments.

Decision making needs to be informed by good analysis. It is unreasonably optimistic to think that any individual in an organisation has sufficient understanding of current and future state to proclaim “the answer”. It needs those proven tools and techniques to discover the reality of the current state, develop models of the future state and advise on the right decisions in areas as diverse as “What is the likely return on investment” to “How should we configure this input screen?”. The business analyst is your key resource to do this and you need to invest in this area to be successful.

Of course other professions are clamouring for resources, from architects and project managers, to change managers and software developers. All are important and you probably don’t have enough money to fully resource all of them; but with decision making being the key to success in technology projects, business analysis should be the first investment to be prioritised.

Posted on

Is cyber security going anywhere?

Not going anywhere fast

It seems to be the new gold rush – everyone wants to get into cyber security. It isn’t surprising given the salary differential between IT operations staff and IT security staff. There are new education options popping up, all with a hefty price tag. I have a friend who printed a business card, registered for a course and got a gig working in IT security for more money than he could get in IT operations.

While I accept that there is a specific skill set for IT security, I am cynical as to how it is approached in industry. I can understand why the considerable investment in cyber security is not reducing the problem!

So let me give you my perspective on how cyber security influences senior management. The first thing to say is that it does have a place on the agenda of boards and senior executives and this is a good thing. Typically it will take more time than questions about how IT is improving productivity or how technology changes are influencing the current business model, and this is a bad thing.

The initial triggers have come from either a security breach, news of breaches in similar organisations or the regulatory changes being introduced (such as mandatory reporting of certain breaches). A consultant might brief the board and executive and tell them that there is a significant risk that is not being effectively managed. The potential for dire consequences will be spelled out followed by a proposal for an expensive consulting engagement to determine current state and propose rectifications.

The board may feel relieved that they have dodged a bullet and fulfilled their duty by getting in expensive “experts”. Fast forward a couple of years and the whole cycle will repeat. There is little evidence that things are getting better despite the resources devoted to cyber security – an overhead that doesn’t by itself deliver business value.

The trouble is that the experts are expert in the wrong things. They might know about firewall policies, denial of service attacks and (maybe) IT management frameworks. All these are needed, but not sufficient. What you really need to know is how your business manages its data.

The truth is that modern businesses manage data everywhere in their operations. There are staff with laptops, tablets and devices throughout the business collecting, processing, sharing and deleting data. Any system that considers the data without understanding the business processes that act on it is doomed to failure (read ISO 27001).

If senior managers want to manage the cyber security risk they need to put more effort into understanding how their business really works. There is precedence for this; most organisations have a significant effort on understanding their financial data. The accountants and book-keepers who delve into financial transactions generally have a good understanding of data around money. Imagine putting the same resources as are applied to finance into all the other data sources in the organisation – asset, customer, people, health and safety, environment, social, suppliers etc.

Fortunately there is a way around this. Many business areas do have a good understanding of their business processes, their skills and their technologies. Rarely, however is a consistent view available to the executive.

The answer to managing your cyber security risk is therefore to manage your business better – on a holistic level rather than a financial or compliance approach. Putting in place consistent approaches to documenting and monitoring business activities is a good start. Many departments will be undertaking business analysis work within their current scope, so we are not talking about a brand new expenditure line.

Do good business analysis, broadly and consistently throughout the organisation. Collect and leverage the information through some (uncomplicated) architecture. Insist that the effort improves business performance. These are the key tenets for success. With this in place your cyber security consultants can add value and advise on solutions that don’t break the bank.

Posted on

Unleash the analyst in you

Flying in to do strategy
Flying in to do strategy

I have recently made a big change in my life, leaving a CIO role to join a top notch consulting firm. My business card calls me a Strategic Analyst, I get half the pay and have twice the fun. So how different are the jobs of an analysts and a CIO?

I have come up with 4 areas that highlight the similarity:

  1. The CIO as a strategist – The heart of any strategy is analysing current state, developing a vision of a future state and working out what is needed to get from one to the other. The future state is developed with the help of research, providing insight into trends in customer, marketplace, regulations and technology.The output from this enterprise analysis work may be a strategy and roadmap or a business case, all of which need to be bread and butter for a CIO
  2. The CIO as a builder – Much of the executive focus goes into the projects that IT are working on. While these typically represent only 30% of IT expenditure, projects are exciting and presage business change. While many see the skills of project managers and business analysts as the key to success, the CIO should be thinking at the program level. A well designed program focuses on how to integrate many initiatives to deliver an outcome that furthers the business strategy.Pulling good programs together needs enterprise analysis. CIOs need to be thinking about how all the moving parts of projects, programs and BAU knit together to deliver an outcome. The more components that are in motion, the greater the risk and the more strategic the analysis needs to be.
  3. The CIO as an operator. IT systems are not much use if they are not working! CIO careers can easily come unstuck when outages and security breaches cause embarrassment to the businesses.
    To operate IT systems well, the analysis effort needs to go into the IT processes up front. With a good service management framework in place, the CIO needs to ensure that operations are adequately resourced with skilled people committed to outcomes
  4. The CIO as a leader. One key skill for CIOs is as a leader of their team and as a networker / leader of stakeholders. Leadership is open to analysis. There are management techniques that are known to succeed and some CIOs develop a formal relationship architecture.In the end, relationships are about people and your personality type has a big impact here. You don’t have to be extrovert to be a CIO, but you do need empathy and excellent communication skills.

For me, CIO as an operator was my Achilles heel. I could never see how fixing the CIO’s phone was more important than keeping a mine site running or ensuring the intensive care ward was operating. I can now focus on what I am really good at – enterprise analysis, strategic thinking, business case development and program formulation.

So how many of the areas above does your CIO tick off?

Posted on

The four faces of IT


 Tother_Triumph Triumphs 2CV  Grace 1

 

The times they are a changing, and as businesses adapt to the new reality of technology driven value creation, IT departments are changing too (finally)! The scenarios that I am about to paint are not new; what has changed is the scale and ease of action.

These days almost every business function can be enhanced with cloud based information systems – from rubbish collection to retail. The business unit managers are being approached continuously by salesmen with products, and there are compelling business benefits available.  Managers can sign contracts and have working systems in place in a matter of weeks with no interaction with IT. Everything is available through the browser.

Of course problems arise through time – the cost of the system may escalate as more users are put on; the business department has to manage user names and passwords; the reports from the system are limited unless other organizational data can be added; the supplier may have regular outages; and finally the IT department may upgrade systems or security and the system stops working.

If this happens with just one business department, IT can help to resolve the issues; but when it happens everywhere, IT has real resource limitations and cannot respond effectively. This of course drives a further cycle of bypassing IT (maybe by contracting external help).

So how do we deal with this new reality? The answer is first to get on the front foot and work out between the executives what sort of IT department they want from the choices below:

  • Fixer – The business units drive their own agenda, and only occasionally take advice from IT. Often IT cannot influence the outcomes, but has to resolve issues as they arise. The IT department pours its resources into reactive capability and loses control on strategy and architecture. This is happening to many IT departments today.
  • Governor – In this approach, the IT department takes a governing role, collating a single list of technology projects, identifying interactions and pre-requisites but not holding the budgets. IT may set policies on security and service requirements and is likely to get involved in technical negotiations with suppliers. Depending on IT’s ability to influence (and the quality of its advice) this might improve the outcomes but does not deal with issues such as funding for components to tie the initiatives together.
  • Integrator – Here the organization accepts that businesses do not have the skills to procure and manage IT systems. Executives assign responsibility to various departments and ensure that they have the right competencies. For example procurement may need to develop specialist IT procurement skills; compliance would have staff who could take a close look at the technology; audit may verify supplier performance; and IT would take on integration, service desk and other functions. IT is just one of the team with certain key accountabilities. In this model IT has a clear (but limited) accountability and may have to release resources into other parts of the organization.
  • Orchestrator – In this (somewhat scary) model, IT acts like the conductor of the orchestra, ensuring that all components are identified and actioned. The CIO takes accountability and pulls together all the necessary components in a program approach. The IT department has to be agile to meet the expectations of the business and the CIO needs hefty support to ensure that the business department is serious about delivering on benefits.

The key to success in this whole debate is to decide – then do. If you just drift into a particular scenario, it may be very difficult to change to another model.

So are you ready to have the discussion with your executive on which face of IT they want to see?

Posted on

What they don’t know

Birthday cake
Surprise!

Have you ever been to a dinner and known that one of the guests is about to get a surprise? The tingling excitement seeing their normal carry on persona until “it” happens and everyone shrieks in laughter. Well I sometimes feel IT / Business meetings are a bit like that – each side sharing what they think is important and when problems happen they ask “how could they have not known about that?”

The big IT decisions are taken in leadership governance forums, structured to get the right level of input about the opportunities and threats from the business, and likewise from technology. The trouble is that they don’t know everything that we know (on either side of the table). In fact often we don’t think they have sufficient understanding of the realities of the world we live in (again common to both sides).

People have to take decisions based on their understanding of the relevance and quality of the information in front of them. And if you want to get good outcomes, you have to take good decisions. So how do you develop effective governance in the organization. I have a few tips:

  1. The business side needs to see technology literacy as a core development requirement of its leaders. This is not about giving them an i-pad, but teaching them about the value of frameworks, the role of enterprise architecture and service models. Formal courses are required here and an increased technology focus in MBA courses would be a good start.
  2. There just has to be less optimism around IT solutions and more realism. Yes they are the free lunch that accounting firms drool over (while the IT folk work through lunch); but miracles don’t happen, they are dragged out by strong leadership teams steering a steady course and holding to realistic business outcomes – just like the team did with the Collins Class improvements.
  3. The people mix has to be right. You need governance teams with perceptive insight. These may not be the operationally focussed IT staff who have been promoted for brilliantly resolving the ceaseless IT outages. More likely it is the analysts or architects who will develop to GOVN7 competencies.
  4. The information that is shared has to be just right! The governance meetings may take up only a few percentage of the working week. What information to share and what to leave under the covers becomes very important. For project governance, this is reasonably well understood. As you move to programme, portfolio and business process governance, it comes down to having the right leaders with the perceptive insights of what is really important.

I have been a member of a State Government programme board for one of the largest IT projects in the country. We used to receive 300 page board packs, supplemented with consultants’ reports that ran to 100 pages each.  Fortunately we had perspicacious board members who knew where the really important information was – and it was very rarely in the executive summary!

So how do you think we can improve knowledge on both sides of the table?

Posted on

Gregory House for CIO?

The right approach?
The right approach?

Being in a household full of teenage kids, it is hard to find TV programs that everyone wants to watch. One series that we all agree is intriguing and entertaining is House – the story of a brilliant doctor saving his patient’s lives through his intellect. Along the way he struggles with drug addiction, dysfunctional personal relationships and, most intriguingly, managing a high performing team.

I see all sorts of similarities between this evidently contrived medical environment and my experiences as CIO trying to get the best out of my team for their own sakes and to deliver to the organization.

So how does Dr House stack up against my principles of what makes a good leader and especially a good CIO?

  1. Integrity. For me this trait stands above all others in importance (as it does for any executive). On the face of it, House lacks integrity – he lies consistently, is always taking money off Wilson and almost always avoids answering questions. Behind this somewhat dispiriting façade, you know that House holds certain values with incredibly high integrity. He puts his patients first in front of his career or image. He is open and honest about the life that he leads, even if it doesn’t fit society’s norms; and he bases his decisions on fact and not prejudice.
  2. Strategic thinking – CIOs need strategic bones in their bodies (see The Reluctant CIO!) and this takes a certain thought process. They have to be comfortable “in the fug”, not having the full picture but still being confident enough to move in one direction. This is House’s life: a patient presents with lots of data, but insufficient information to diagnose. He has to weigh up the risks of each test or treatment against the risk of inaction (usually the patient will die). He never just sits and holds his head; he always picks a path and follows it.
  3. Domain expertise – This is a tricky area for CIOs; they need domain expertise but it needs to be in the right area. They should not be experts in configuring routers or writing code. They do need to be great at managing risk, optimizing architecture, process management and governance functions. House is the ultimate domain expert in managing risk. He doesn’t know the diagnosis any more than his team (until the last 5 minutes), but he can weigh up the risks of various options and tells the team to “Go!”
  4. Communications – A core requirement of a CIO is to communicate the opportunities, challenges, risks and achievements of information technology. In this area you would have to say that House fails dismally, at least at face value. He interacts rudely with his patients (he would rather not talk to them) and prefers to hang out in the morgue or with coma guy. To counteract this perspective, we know that House is the best asset of the hospital, so somehow the word has got out. Maybe he really does know how to communicate – just in unconventional ways.
  5. Relationship building – I have always thought that the relationship web that a CIO weaves is his or her biggest asset. The CIO must work up, down and across developing trust and enthusiasm. House has a strange set of relationships with Cuddy (up), his team (down) and Wilson (across). The recurring challenge with his team is to let them make their own decisions (and mistakes) but not let them kill the patient (which sometimes happens). This is like any CIO challenge – let the Operations Manager manage operations, but know when you have to step in to save a disaster.

So how would you like to be in Houses’ team? A mixed blessing I think!

Posted on

To interim or not to interim?

Ankor Wat temple
Built to last

There is an approach that is gaining popularity in Australian organizations called “Executive Transition”. This is where the departure of an executive leads the organization to take stock of where it is, where it wants to go and what kind of executive it needs to get there. They might bring in an interim specialist manager who can immerse themselves in the organization, reviewing existing strategies and updating them to reflect contemporary thinking. The interim can then paint a picture of what the replacement executive should look like and assist with recruitment and ongoing support once appointed.

So how well would this approach apply to replacing a CIO?

There are some real positives for the organization:

  1. Many executives have real frustration over the performance of IT in their organization. Complaints are often met with the mantra that IT does not have enough resources, yet they see money being wasted on ineffective IT projects and high third party costs. Getting a reliable and reasoned perspective from an experienced interim CIO is very valuable
  2. There are basic practices in IT that are widely accepted as fundamental to an organization realizing value from technology. These include a business case approach, project management, IT governance, enterprise architecture and service management. An interim can assess the performance in these areas and in a short timeframe restore broken processes.
  3. Different organizations needs different CIOs. In some cases, the CIO is there to keep the infrastructure running – particularly when a business feels that there is little threat from IT enabled market pressures. Where IT is a key part of a transformation agenda, a strategic CIO is needed to ensure that the broader opportunities from IT are leveraged.

Of course there are also down sides to this approach:

  1. Developing an IT strategy involves stakeholders from throughout the organization. To be effective, the stakeholders have to hold a degree of trust in those implementing it. If the replacement CIO does not feel that they own the strategy, the strategy can become a hinderance rather than an enabler.
  2. A critical part of any IT turn around is the IT team. To perform consistently at a high level, the IT department must have the right people with the right motivations, meaning a career structure and associated accountabilities. An interim only has so much influence here as this is the critical work of the permanent CIO.
  3. The time that an interim is in place may seem like treading water. The interim must balance the need to take long term decisions against the reality that they will not be in place to implement them.

I have held roles as interim CIO and as permanent CIO. I believe there is an underutilization of executive transition in Australia. As an interim CIO I can bring a range of experience and knowledge that you would not normally find in the market. Developing strategies, creating relationships with stakeholders and engendering turn-arounds are all high on the list for my “high satisfaction” days.

Do you think your organization could do with an executive transition program for IT?