‘A Typical Day with AI’

by Esther Herzog,

Business Analysts Pty Ltd Consultant


The purpose of this blog is to observe how AI is currently able to assist our everyday activities from sunrise to sundown.

AI should be augmenting the tasks and activities we already complete in our everyday lives, rather than creating completely different ways of completing simple processes.

Let’s explore AI and how it is leveraged to ensure maximum benefits.

Here is a look at an AI timeline journey on a typical weekday, a look into the everyday journey of a busy working family.





  • Using the home speaker device to program the alarm to wake the family by sending a signal to all connected smart devices to tell everyone to wake up and shuts the children’s access to the internet off until they reach school.
  • The smart home energy control IoT that is incorporated into the home, opens the shut-out blinds automatically, the air-conditioning is switched to off and the lights are monitored according to the time of day and natural light capacity.


  • The scheduled activities are notified to all family members via smart devices. Scheduling has been completed at the weekend with an automated virtual scheduling assistant (VSA). VSA identifies the planned activities and tasks for each day and the required attire or apparatuses.
  • The AM news is automatically switched to on using IoT smart tv.
  • The AI based voice recognition fridge is activated for school lunch recipes. Suggestions are produced to the group and the ability to purchase groceries if required.


  • The IoT home speaker device is making clothing recommendations based on the weather forecast for the day and also identifying if rain is a high possibility to necessitate the use of an umbrella.


  • An automated alert via the home connectivity technology is sounded to make sure everyone is on track for departure at 8am.
  • A reminder is set to collect bus passes and to ensure the sporting and music apparatuses for after school activities are organized, And a reminder as to whether it is bin day, or recycling bin week.
  • Everyone in the house has their wearable device, as emotion AI uses voice analysis beyond natural language processing (NLP) to detect the user’s emotion to better predict suggested treatments. Utilising machine learning, emotion AI technology is lent anthropomorphic qualities to collate data on human individuals to learn their specific emotive behaviors, thereby formulating a personalized experience.


  • The IoT blinds are shut and all not vital power is switched to off.
  • The smart phone is able to alert you to the best route to school and work, alerting you to possible areas of dense traffic or vehicle related incidents.
  • Leaving the house, using security technology, enabled with machine learning and biometrics.
  • Jumping into the car which has emotional processing capability using computer vision, and audio sensors to cater and adapt to the needs of the persons within the vehicle, such as detecting blue lips indicting that the temperature control is to be adjusted automatically. And the ability to monitor safe driving behavior.
  • During the day if any parcels are to be delivered the delivery man has access to a parcel door (the size of a cat door) that requires an access code and is monitored by smart security and surveillance cameras.


  • Access to your work building is via facial recognition security technology using deep sensory cameras to gain access to the lifts, the smart security knows which floor you want to be dropped at.
  • To gain access to your company’s network; the security technology uses your face, and this also grants multi-application access.
  • You open your tasks for the day as these have been categorized by your AI virtual personal assistant (VPA), which also determines your meetings scheduled into your calendar for the day and is able to send these through to your smart phone, which is attached to your wrist. This enables an understanding of your location requirements for all meetings. Your VPA can automatically set meetings up when required.
  • Your VPA can also help with providing research to solve business problems, or business analysis approach suggestions, by sourcing data from the BABOK or Agile extension.
  • Through-out the day your smart watch is reminding you to stand up, because it knows when you have seated too long, your body temperature is also monitored to assess your water consumption requirements through-out the day.


  • It’s lunch time, you tell your VPA you want lunch within close proximity of your office, with a specific price point and the cuisine type. The assistant researches options and returns the top three results. If you are having a social work gathering, it may be applicable to ensure delivery which can be arranged by your VPA, however if the meal is individually focused, then the smart watch will advise of the time it will be estimated to reach the destination. And that walking is the best option to take in terms of retrieving your lunch meal.


  • A healthy snack reminder is sent to your smart watch and remaining tasks that are outstanding for the day.


  • Home time; send a check message to the smart appliance fridge to identify any movement with milk or bread supplies. The ability to automatically order online for a click and collect at the supermarket.


  • 3D deep sensing camera technology for facial recognition will allow all members of the family to easily access the home, however non authorized persons will be denied access.
  • Time to seat everyone for a meal and then off to scheduled sporting activities.


With the adoption of wearable tech, advancements in home smart devices and improvements in facial recognition, combining these avenues currently provides a significant avenue for AI to simplify our lives.

Imagine what the future holds…


To find out more about what’s happening in the world of Business Analysis follow us on LinkedIn




Relative Estimation: A Simple Yet Effective Method of Estimation.

by Shanil Wiratunga,

Business Analysts Pty Ltd Consultant


Many moons ago as a young techy I spent numerous hours and days with my teammates, working in laborious estimation sessions, trying to arrive at the most accurate estimate to develop features of a Software solution. From here we created Gantt charts and plans so detailed and lengthy, that they ended up looking like bowls of noodles. It didn’t stop there, as scope and requirement changes would creep in, we’d have to rework these estimates, and the lengthy, stripy charts all over again. But did this help to deliver our projects on time? Well the answer to that question is quite complicated. Yes, we delivered on time, but that is after having toiled away many weekends, public holidays and after office hours to ensure all the remaining work was squeezed in.

This pain staking process went on for many years to come until one day I had the opportunity to attend a seminar on Agile. That was my very first sneak peek at this wonderful world. I learnt many concepts, techniques, theories and most importantly a different way of estimating called ‘Relative Estimation’. I started my quest to learn more about this technique as much as I did on the other Agile concepts. The more I learnt through research and experience, the more I realised how simple, yet effective relative estimation is. It is something we always do. It second nature to us, and hence, the reason why it works so well too.

Before we delve deeper into this, let’s have a look at what estimation in is in the first place. Why it is so challenging?  If then, what is relative estimation? Why I think relative estimation is a more conducive and simple way of estimating in software development projects, as opposed to the conventional absolute estimation.



What Is estimation or absolute estimation?

In Software development projects estimation is used for predicting the most realistic amount of effort required to develop or maintain software, based on incomplete, uncertain, and clouded inputs. One of the key attributes that is predicted in the process of estimation is the time to pursue a course of action. From this teams estimate the cost associated to the time and the value associated with the suggested course of action.

There are many methods that are used for estimation as well. Some of them are:

  • Top down
  • Bottom up
  • Rough Order of Magnitude (ROM)
  • Rolling wave
  • Delphi
  • PERT

Why is absolute estimating so challenging?

Firstly, it must be said that we humans were not designed for absolute estimations. Our brain alone does not have the capability of doing absolute measurements and estimates. We tend to be optimistic or pessimistic more than realistic most of the time. However, it’s easier for humans to relate to similar items than to guess the actual size of things. Humans are designed to look at things comparatively, and relatively.

Secondly, in a world of rapidly changing technology, requirements and scope changes are inevitable. There are so many unknowns and moving parts in a typical project, which makes estimating with an acceptable level of accuracy a nightmare.

What is relative estimation?

Relative estimation is the process of estimating items, not by units of time or size separately, but rather by comparing how they are similar to each other in terms of complexity.  Agile alliance defines relative estimation as one of the several distinct flavours of estimation used in Agile teams, and consists of estimating tasks or user stories, not separately and in absolute units of time, but by comparison or by grouping of items of equivalent difficulty. Basically, relative estimation applies the principle that comparing is much quicker and more accurate than absolute estimation.

Let’s look at an example from what we do almost every day. Buying coffee.  When we go to a coffee shop to get a coffee the Barista asks us to choose the size of the coffee. Assuming we have never been to the coffee shop before we would not know the sizes of the cups, as large, medium or small. Either we could make a lucky guess thinking large would be too large or a small would be too small and settle for the medium, or we could look at the coffee cups kept on the coffee machine to determine the size required, thinking of the sizes of cups we have had in the past. It is very unlikely that we would think in absolute terms whether the small cup is 40 ml or 50 ml or the large is 100 ml before a decision is made. So, what have we done here? We have looked at the relative sizes of the coffee cups and made a relative estimate, to predict what might satisfy our coffee cravings for that moment in time.

Now let’s bake some cakes with relative estimation. Suppose you as a participant is required to bake 3 cakes for a Master Chef competition. The types of cakes to be baked are given by the judges, with 3 sample cakes already made in front of you. The three cakes are of three different sizes. You are supposed to make the 3 cakes exactly the same way as the sample cakes including the same dimensions, colours, flavours etc.  The judges say that there is however one condition that you need to be aware of. That is, you need to let them know how long it would take to bake the 3 cakes beforehand, and you need to stick to the time you commit to. The estimated time frame given would be validated by the expert judges, to ascertain if it’s realistic or too blown up.



So how can you do this? In the past you have made one of the cakes, which is the smallest out of the three, therefore you know how long it would take to make it.  Let say it’s one hour. That could be considered the length of the sprint. You have no idea how to make the other 2 cakes, and how long it would take, the ingredients required etc. But, can assume that the medium sized cake is three times the size of the small one, and the largest is about 5 times the size of the small one. Let’s classify these cakes using a unit of measurement called ‘Cake points’ looking at their relative sizes. The smallest cake could be given 10 cake points. Therefore, the medium sized cake could be given 30 cake points and the large cake 50 cake points. These numbers are just arbitrary numbers, and do not relate to a specific unit of size or time. Since it was said that the smallest cake i.e. 10 Cake points cake can be made in one hour which is the sprint duration, we could easily say that the velocity is 10 Cake points per Sprint. So what’s the total amount of work required for all 3 cakes looking at their relative sizes? It would be 10+30+50=90 Cake points. Given the velocity as 10 Cake points, a little bit of math can show you that you will need 9 sprints to make all 3 cakes. With one sprint being an hour’s duration, it could be determined that all these cakes would take 9 hours to make.   This is the essence of relative estimation. This theory can be applied to Software development projects as well. You could look at a feature and say “I think the feature A is twice as complex as feature B“, with the given knowledge by completing feature A in the past. There is no mention of time requirement, just that it is more complex than the other. Therefore, if feature A took 3 weeks to complete, it is reasonable to think that feature B would take 6 weeks. Isn’t that simple.

Estimation, whether relative or absolute, can be very challenging especially in the world of software development. Even though no estimation technique may be perfect, by comparison relative estimation is a simple, effective and ‘relatively’ accurate method of estimation.

To find out more about what’s happening in the world of Business Analysis follow us on LinkedIn


5000 Miles Dream

by Abi Sachithanantham,

Business Analysts Pty Ltd Consultant


To be precise, 5,424 miles is the distance from Colombo, Sri Lanka (where I used to live) to Brisbane, Australia (my new home). As everyone knows, moving to a completely different country is a BIG move in anyone’s life.

At 12:00a.m 1st January 2019, I made my first new year wish “To get a job in a well-reputed company which will help me to pursue my career in the Business Analysis domain”. From the next day onwards, I started my job hunting. Initially, my routine was to sit in front of my laptop from 10:00a.m. and apply for jobs till 5:00p.m. I have a passion towards Business Analysis and technology therefore, I didn’t want to give up on my dream.

On the 14th January 2019, I got an email from BAPL requesting to have an interview with me. I was excited, hopeful and also nervous. Coincidently, I’d started following Business Analysts Pty Ltd on LinkedIn when I was back in Sri Lanka; therefore, I knew a lot about who they are and what they do.

Business Analysts Pty Ltd is a Consulting Firm who demonstrates their expertise in Business Analysis with diverse clients across a multitude of domains. Following my successful Skype interview, I completed a Case Study to provide greater insights into my capabilities and was further interviewed by the Service Delivery and Engagement Managers.

On the 21st January 2019, I received a call from the BAPL Service Delivery Manager saying I got selected for the job offer. Even though I started to literally jump up and down, I was speechless. Now the moment of truth “Do you say yes to this offer?”, Of course, it’s a “Yes”, who wouldn’t?

I was eagerly waiting to start my first day at the office on the 22nd January 2019. I came into the office early and, with all my strength, tried to open the office door but it was very difficult to open. Later I realised I should use the access card to open the door before 8.30 a.m. I remembered the famous quote “Difficult situations often lead to beautiful destinations”, therefore I knew in a couple of minutes I’m going to start an exciting career progression with BAPL.


Everyone at the office, starting from administration to the discipline managers, are very friendly and welcomed me with open arms. It’s been exactly 110 days since I started my new journey with BAPL and here are 3 main unique working cultures I really admire about the company:

1. Supportive management

The four leadership roles in BAPL are the CEO, Service Delivery Manager, Practice Manager and Engagement Manager. They each have a vast knowledge of or experience in the Business Analysis Domain. Each of them are friendly but what makes them unique is they always think from the employee’s perspective. Starting from conducting inductions to advising on how to deal with different stakeholders. They are cultivating and improving my Business Analysis skills and capabilities daily. They are mainly focusing on getting me the right exposure with the right client engagement. They actively support each consultant to produce the expected deliverables and monitor them continuously to ensure the consultant is motivated and satisfied. Now I know I’m in safe hands where I can learn from them and contribute to the company in return.

2. Experts around me

As I mentioned before, BAPL consists of amazing consultants, who consult across different domains, provide a wealth of expertise and experience. Sometimes, I feel like I’m carrying an encyclopedia. You have a question, you get the answer in a couple of minutes! Isn’t it amazing? I consider BAPL to be a community of people with the same interest, who are willing to share and learn together. BAPL also conducts business development sessions and training programs to help consultants. Also, as a BAPL Consultant we get annual IIBA membership and all the industrial connections.

3. Diverse domains to explore

For over a decade, BAPL has built a strong relationship with diverse organisations starting from government bodies to corporates to not-for-profit organizations. With a good reputation in the market along with the expert team, BAPL has worked with many top organisations in Australia. Therefore, it’s really a chance for each consultant to strike gold. I get to work with the experts as well as work across various domains. I am currently on engagement with one of Australia’s leading Superannuation firms, with amazing people around me, and supporting me.


I’m not only lucky enough to obtain my dream role in a couple of weeks after arriving in Brisbane; but also to get an opportunity to work with the industry specialists who are supportive, friendly and well, experts. I’ve just begun my journey with BAPL but I’m looking forward to working with this amazing team. I arrived in Brisbane with the dream and now experiencing my dream come true.

You Don’t Need To Have Authority To Be A Leader

by Henry Elisher,

Business Analysts Pty Ltd Consultant



Business Analysts as leaders

You don’t need to have a title to be a leader, but, it is a choice. In much the same way, leadership is not a rank. Some individuals may have the title of implied leadership, and in fact we do end up doing what they say because they are authorities, but, if it were a choice, there are some of those in authority that we wouldn’t choose to follow.

Leadership can exist anywhere, in your personal life and within your social circles, in the community, and at the office. These are the people that can provide us with a sense of safety, assuredness or vision. They can also educate, empathise and provide the opportunities that we need in order to achieve and be successful, for both themselves and the collective. We know who these people are. If we thought about it we could all recognise those in our daily lives that we categorise as leaders and quite often we seek them out by our own volition.

Having authority on the other hand does not automatically extend to leadership. Authority that is exercised is a kind of legitimate power, and people follow figures exercising it because their position demands it, but this is done irrespective of the type of person that is holding that position. Authority which we bend to out of necessity. That’s not to say that people in authority aren’t or can’t be leaders, but, not ALL people in authority are leaders.

Business Analysts as leaders

I was listening to a TED talk by Simon Sinek on ‘What makes a good leader’. His idea was that the art of leadership comes from a certain place, from what people feel. Primarily he suggested that it was an aspect of trust and having a sense of co-operation that made people want to follow a leader. In our modern day working environments we are commonly surrounded by things that can threaten our position. Be that technological evolution, organisational restructures, economic fluctuations or competition. These variables are beyond our control, but there are variables that can be controlled. They are the conditions that exist from within an organisation. It’s here where leaders have the capacity to set the tone, to utilise their skill-set in order to provide a sense of assuredness and have those around them to combine their strengths to work in the face of danger, or in the face of change.

In our working environment as BA’s we operate at the coal face of change. We become part of, and the advocates for the very thing that people are fearful of. Change fosters uncertainty and change can promote fearful actions in people, manifesting itself in ways that we don’t automatically realise as fear, such as disinterest, disengagement, anger or detachment.

As Business Analysts we are in the right position to help people overcome their fears. We have all the traits of leadership at our disposal, most of which are interwoven into the skills that are required to be a Business Analyst. We need to use our influence to get others to accomplish a certain range of tasks, and on many occasions, these are tasks that people don’t enjoy doing. To utilise words a line from Henry Kissinger on leadership:

The task of a leader is to get his people from where they are to where they have not been’

Our primary roles as BA’s are to do the analysis, elicit the requirements and assist with creating the product or the solution that will delight the customer and make tasks simpler whilst also benefiting the organisation as a whole. We also work with business users and technical team simultaneously. When we look at it we have a quite a large sphere of influence and hence by assisting in the understanding of what needs to be accomplished, by assisting in establishing a clear vision of where we need to get to and by allowing people to own the result through their contribution and collaboration, that is what will promote empowerment. The will to do things and accomplish for something greater and to feel safe to do so in a working environment can only be fostered by leaders. Once again, by our very position as Business Analysts, we occupy the prime position to lead. The choice is therefore ours.

Back your soft skills

In an earlier blog that I wrote entitled ‘The T shape of you’, I talked about the importance of soft skills to the Business Analyst. Leadership was one of the qualities I mentioned as being pivotal in being able to provide great business analysis. More importantly, it’s a quality that’s ‘ready made to carry’, meaning that its readily transferable from one role to the next. Leadership itself however has its own soft skill set that a business analyst can both tap into and develop in their everyday working environment in order to heighten their leadership skills. Some of those skills are:


Communication: Be concise, set the tone and be transparent. Having your message understood is a critical tool in creating the vision and establishing buy-in. Utilise this with stakeholders, establish influence and aid collaboration

Negotiation and persuasion: By understanding perspectives, viewpoints and the emotions of stakeholders we can understand their reasoning for hesitancy or support. We can harness the momentum of supporters and overcome resistance by creating the vision of success and what it means to the individual

Empowerment: Information transitions through the Business Analyst constantly. From end users, to development teams to managers, we facilitate the knowledge transfer and as we know, knowledge is power. The more knowledge you have, the less the fear of the unknown

Problem solving: Being in centre of where the business and technology meet on a puzzle will allow us to gain perspective, think differently and act, in some ways as a solution provider. Again, providing us with the support to create the vision

Gear shifting: In our roles we transition through small issues to large, with end users to board members, through a plethora of meetings with interactions on various levels, we establish relationship, build links in our working environment and gain trust by ‘shifting gears’ through our days

Focus: Overarching objectives, business politics, competing agendas, unimportant wants. We provide focus in environments where resources can be scarce and competition for them his high. Staying focused and dedicated to the vision is of utmost importance

The skills of a business analyst are aligned with those who lead. How we utilise those skills and how we develop them will manifest in the ways that others operate either with you, or indeed, against you. If you want to take a group of people to a place they’ve never been before, then you’ll need someone to lead. A Business Analyst can very much be that leader.

Pitfalls of Process Modelling – Part 3

by Adwait Kulkarni,

Business Analysts Pty Ltd Consultant



In general, all the wordings in a process map should be clear & concise; even the font type and size should be consistent with organisation’s template.

  1. Event name: An event name should always be written in past tense, with the verb at the end
    .e.g. Request received, Message sent, Exception generated, etc. (Note: Message sender or Message receiver need not be mentioned as that is mentioned in the object it is coming from / going to)
  1. Activity name: An activity should be written in current tense and should start with a verb. The noun component of the activity can refer to a data input or output. The knowledge of these inputs and outputs is vital from analysis perspective and also from potential system design perspective.
    .e.g. Process Request, Send Message, etc.

    1. Avoid actors in the name as they are denoted by lanes, e.g. Process Request – by customer care agents
    2. Avoid mentioning Automatically / Manually. This can be denoted by system lanes (automatic tasks).
    3. Avoid punctuation in the activity name e.g. full stops
    4. First letters in the word should be capital in an activity, makes it easier to read.
  2. Process name: Process name should cover the entire scope of the process and should start with a verb as well. e.g. Resolve Customer Enquiry, Update Customer Details etc.



BPMN 2.0 provides objects which can be used for a specific scenario. Not all the objects provided in the set need to be used for an organisation. The business or PCoE can select the appropriate objects which will be sufficient to model the business processes. Some common mistakes and inconsistencies can be avoided by using the correct objects to depict a scenario.

  1. Pools & Lanes: A Pool is a participant (organisation) in a process
    1. Elaborating external pools (e.g. Customer, Banks etc.) should be avoided as we have no control over activities outside our organisation
    2. System lanes should not be used. An activity is always a function of a certain department/team within an organisation
    3. Communication going in/out of collapsed pools must be shown by using message flows. A sequence flow cannot cross the boundary of a pool or sub-process Refer to diagram 1.1


diagram 1.1


  1. Activity: An activity is a generic term for work that the organisation performs.
    1. An activity must be used before an event or a gateway. Events merely represents the outcome. A gateway only depicts the split between multiple flows. Refer to diagram 1.2.


diagram 1.2


  1. Event: An event is something that “happens” during the course of a business process
    1. A message start event must have an incoming message flow.
      Refer to diagram 1.3.

diagram 1.3


  1. A message end event must have an outgoing message flow
  2. There should be a start and an end event in a process; otherwise it’s hard to understand where the process starts and when the process finishes after certain activities are completed. Start and end events should align to the purpose of the process. The end event should reflect the purpose of the process being achieved. If this was achieved earlier in the process, either the scope is wrong, or we are modelling the next process.
  1. Gateway: A gateway splits or combines multiple process flows
    1. When a process splits a gateway must be used.Refer to diagram 1.4.
      When multiple flows can trigger a single activity, a gateway may not be used. A scenario, where multiple conditions need to be met to trigger a task, cannot be shown without a parallel gateway.


diagram 1.4


  1. A gateway is not a task; it cannot make decisions, nor can it send out messages. A task must precede a gateway. Refer to diagram 1.5.


diagram 1.5 

  1. If a parallel gateway splits the process, another parallel gateway must be used where these flows merge together
  2. A parallel gateway cannot be used to merge flows which were originally split using an exclusive or inclusive gateway.

This situation will become a deadlock. Refer to diagram 1.6



diagram 1.6



It is important to show all the possible scenarios that can occur during the End to end process. Processes should not show only the happy path but also the escalations and exceptions. E.g. in the diagram above, if there are any exceptions in the order, we need to go back to the customer to request correct order details. Refer to diagram 1.6


The aim of process modelling is to convey meaning. At the end of the day if the process models are not understood by the audience, they are useless even though they are technically correct. An analyst should educate the audience by taking them through the process models at least initially such that they understand the scenarios, exceptions and direction of the process flow. Any changes to the business process due to external or internal influences, should be communicated to the process analysts, so that these are reflected in the process models and the processes are always kept up to date.


If you would like to learn more about process modelling, Business Analysts Pty Ltd will be releasing an online BPMN Training course very soon! If you would like to receive formal training on this important BA tool set, register your interest at training@busanalysts.com.au


Pitfalls of Process Modelling – Part 2

by Adwait Kulkarni,

Business Analysts Pty Ltd Consultant


How Much to Model

Analysts and SMEs can spend significant amounts of time and effort to model processes correctly. Therefore, each and every process does not need to be mapped out for value to be derived. Only those processes which are impacted by the current project, or that relate to core processes should be captured first. Businesses can then apply their continuous improvement focus to determine the value of modelling more of the business.

Additionally, businesses should be able to reuse any existing processes instead of creating them from scratch every time. (In that respect it is important to note that every organisation should have a process repository). The level of detail should also be dictated by the project. A work instruction can be used to elaborate a task. We should also make sure that the processes are aligned to a framework to identify the most valuable processes and ensure there is some sense and structure to what is being modelled to the project level



Alignment & Levels

Business processes should be mapped as mutually exclusive but complete End to End processes. We must make sure that there are no gaps within the End to End processes or duplication of activities within the lower level processes. The events connecting two processes should be exactly the same in order to maintain continuity. Refer to diagram 1.2.


Diagram 1.2




A good business process model should be logical and easy to read. The meaning of a complex business process model can be often lost in translation, so simplicity and readability over technical accuracy is a good guide in many situations. Additionally, longer process models which do not fit on one A4 sheet of paper, can be too long for certain audience.

To counter this, depending on the BPMN maturity of the organisation simpler notation can be used.  (e.g. Message sending / receiving activities instead of catch and throw events, avoiding complex notation such as event based gateways). Longer process models can be broken into subprocesses and elaborated as separate smaller process models. Refer to diagram 1.3

Diagram 1.3



Validation & Distribution

Process models should be validated before they are published. SMEs must understand the context and the meaning on the process models, as well as taking ownership for the correctness of the process. Process models can be published using a web interface (read only access) to everyone within the organisation. Businesses that enable employees to see the end to end processes for the delivery of products or services enable an environment of understanding (of upstream and downstream needs) and foster continuous improvement enabling processes to become more targeted, efficient, and effective over time. Remember continuous improvement is just that, continuous. It is not an end state, more of a mindset supported by improved insight into the business operations.



Sources: APQC


Pitfalls of Process Modelling – Part 1

by Adwait Kulkarni,

Business Analysts Pty Ltd Consultant


In this 3-part series we will dissect process modelling using BPMN for all of its strengths are of course the pitfalls modellers face along the way. In Part 1 we will focus on Process Governance, Part 2 delves into process levelling and process complexity, and Part 3 explores the Business Process Modelling & Notation (BPMN) object taxonomy and object semantics.

Business process modelling is an essential skill for a business analyst. During the initiation phase of project, the impacted current state processes can to be identified and modelled. The future state processes can be designed which depict the improvements made as part of the project analysis.

BPMN was introduced as a common standard for process modelling. It acts as a bridge between the business users and the software developers. The objective of BPMN is to represent complex business scenarios in an easy to understand, consistent language for all business users. The logic represented by process maps should also serve as a complete process guide to the software developers. End to End business processes can also be used for the process improvement projects to identify value in each activity of the business



Business processes are owned by the business units, but this can be supported by a centralised governance team, or Process Centre of Excellence (PCoE). The PCoE should also check if modelling conventions are used correctly & maintain a process repository in an appropriate tool, according to industry, or organisational standards to enable process re-use, drive continuous improvement initiatives, and align the business processes to the business strategic directions. refer to diagram 1.1.



Diagram 1.1

Reference APQC


There are some pitfalls of establishing and managing a PCoE. Depending on the size of the organisation and the number of processes being developed, the amount of effort required to ensure that the process repository remains current and to standards can be exhausting. As stated above, the business units own the business processes. As it is their artefact, it is theirs to update as they make changes to the way in which they deliver products or services.

PCoEs can either provide resources to assist in each of the changes, or train the business unit staff members on how to model processes, and provide more of a quality assurance service. To support this, the governance teams are advised to develop a process modelling standard and guide to assist the every day modellers, and reduce the number of changes required at the quality assurance stages. Some tools also provide quality checks via automated validation. The tool as well as peer reviews can be used for quality assurance purposes. The PCoE should ensure that the process models being uploaded into the repository meet the organisation’s standard, do not overlap and that there are no gaps in the end to end processes.

As the process repository grows and covers more of the business, more reporting and analysis can be provided to key stakeholders assisting them in making informed decisions. This is where the real value of a repository can be found, however the reporting capabilities are dependent on the data provided, and the power of the tool used.

Stay tuned for Part 2 – how much to model, process levelling, and model complexity.



by Henry Elisher,

Business Analysts Pty Ltd Consultant




So, how do we go about thinking differently? 

The reality of the matter is that to think differently we need to first if all be good at thinking. Sound fairly obvious when you say it like that, right?

To do this we need to be conscious of where our intellectual and emotional capabilities are initially invested and then knowing the time when to switch from where we’ve previously been entrenched. To think differently we need to think well and thus being smart or clever now becomes our ‘go to’ platform rather drawing from a pure informational base. This however involves changing how we fundamentally function, in terms of our perceptions & perspective.

The concept of the elasticity of the mind needs to start with our own conceptualised understanding of how our own perspectives are created. Without consciously thinking about it most of us will commence looking at a problem from the same vantage point on each occasion. Either out of habit, familiarity or tradition are standard starting point immediately forms assessment biases by our want to access our tried and true formulas for what previously worked. This would be akin to using the same route to climb a mountain over and over. What type of scenery and experiences do you miss by walking the same path time and again?

To expose your own singular ways of thinking and grow multiple perspectives you obviously need to be  self-aware, but then also, you need to have the presence of mind to put yourself in situations where you can grow these perspectives. You need to allow yourself to commence thinking on a problem that’s not inhibited by built in biases, to allow yourself to question your process. Why it is other people may think differently to me. All yourself to step into the mindset of others and then ask ‘what is different to how I arrive at explanations from the way my friends or colleagues do, how are they seeing what I see? How and why are they arriving at their conclusions?’’.

This style is commonly known as integrative thinking and commences from a place of consideration rather than a static position. It provides an openness to learning from other people’s ideas, especially those that may conflict with our own, but also, draws on our own numerous experiences that might formulate an alternate perspective to the puzzles placed in front of us.

Many times it’s the tension within conflict of ideas or methods that will allow us to entirely reframe the problem. It’s within this amorphous sense-making phase that we can reside within the converging and diverging perspectives, allowing us to consider all as valid without having to adopt a definite position. It’s the unbridling of inherent ‘starter’ biases that will provide us with the scope to think differently about problem.

The more we allow ourselves to function in this manner, the better we become at changing our thought processes, being more adaptive and formulating problems differently and uniquely.

Solving problems and drawing conclusions in existing frameworks are often a blend of analytical and elastic thinking, but, the manner in which we formulate new frameworks rely heavily on the elasticity and malleability of our thoughts, this becomes the real basis for thinking differently.

How does this apply to me?

In the 1999 movie, Any Given Sunday, Al Pacino’s character, Tony D’Amato, gives his players a motivational speech that includes the following lines;

One half step too late or too early, you don’t quite make it. One half second too slow or too fast and you don’t quite catch it. The inches we need are everywhere around us. They are in every break of the game, every minute, every second’.

To me the concept within those lines translates to the way I’d like to  be able to process information within my environment. The way I utilise that line is to think that the perspectives, ideas and innovations to do things differently exist all around me, they’re in the experiences I’ve had, the conversations I will have, the future insights I’ll gain from colleagues and the application of all those pieces in framing questions to issues.

I look at my own background in economics, law and real estate. Starting from a fundamental economist perspective that the economic actions of individuals are understood to be that people ‘behave rationally in their economic decision making’. I then access my knowledge of real estate, I know that quite often emotional value and attachment overrides intrinsic value and this can blind individuals when their emotional attachments are too high. In much the same way within the business analyst world these concepts also exist, it’s just that we have buyers and sellers of a solution operating in environments where there may be emotional value attached to the current modus operandi, or where significant cost may have already been sunk into the deployment of a barely adequate solution. It’s the value in accessing our other experiences and utilising them to form unique perspectives that will provide us with the opportunity to think outside of our common frameworks and reformulate questions to the puzzle, to think differently.

When I look back to what BAPL is striving to achieve, to challenge traditional thinking…and deliver exceptional business analysis, I understand now that the shift doesn’t need to be radical. Sometimes the most elegant, most simple answer only takes a slight shift in perspective to get to the right result that may been standing in front of you all along.



by Henry Elisher,

Business Analysts Pty Ltd Consultant


In this two-part blog we look at what the concept of ‘thinking differently’ means and how it applies within our BA practice.
Part A asks the question of what it means to think differently and asks the question of where our starting point should be if we want to change our mindset
Part B highlights the way we can make a conscious effort to think differently and touches on my own experiences and how I’ve been able to utilise them in looking at problems from different perspectives




A few months ago we at BAPL adopted a new email signature that also included the moniker of ‘think differently’, an informal label meant to draw attention to a particular attribute of what business analysts do at BAPL. Our CEO, Tim Coventry , when referring to BAPL stated;

Everything we do at BAPL, we believe in challenging the traditional thinking. We believe in  thinking differently. The way we challenge these traditional thoughts is by delivering exceptional business analysis, which is easily to implement and collaborative…’

Whilst that made sense to me, at times I would look at those two words, ‘think differently’, positioned in the email signature above my name and wonder what it really meant to me. Did it mean that I had to make a concerted effort to change everything I do? Did mean that I had to be more challenging or even antagonistic in my approach in order to challenge what was traditionally held to be the ‘correct way’ of doing things? I let the concept simmer for a while. What I understand now, after having that concept float around in my mind for a while, is that discovery and innovation simply doesn’t materialise out of nothing, it’s not some type of ethereal magic or gifted intellect that gets you to a destination. Simple ideas or even major breakthroughs arise from the association and recombination of what is already lying about in the corners of our minds.

Fast forward a couple of months from where initial thoughts began. I’m sitting at Crown casino listening to my boyhood idol, Steve Waugh, as he talked us through the most memorable moments of his career. Test debut against India at the MCG 1985, test average 51.07, test hundreds 32, test wickets 92. I knew all the stats, as I’m sure most of the audience did too. As the evening moved along we finished up with a 20-30 mins Q&A session. I sat back and thought about a question I’d like to ask, specifically cricket related, and also listened in to the typical cricket questions  being asked by other, all of which were as you’d expect, ‘What was your best innings?’, ‘Who was the most difficult bowler you faced?’, ‘What did you really say to Herschelle Gibbs?’, and then, this question, ‘What is your strategy when it comes to leadership, what is the most challenging aspect of being a leader and how did you manage so many large personalities?’

The moment the question was asked I just thought ‘how obvious, that’s a small stroke of genius’. Why wouldn’t you ask that question? One of the most high profile leadership positions in the country, asking Steve Waugh about his philosophy on leadership makes total sense, of course I’d like to know about that. It was a very simple question, quite astute, but also, it took some form of analytical thought, a move away from a linear train of steps. It wasn’t ground breaking but it didn’t have to be. Some of the greatest ideas are elegant, simple and to some degree obvious. They exist in plain sight, they’re the ones where you say, ‘I wish I’d thought of that’.

That’s how I got to here. I wanted to know how people actually go about thinking differently and, in the process, permit themselves to behave differently?

Where do we start?

As the world changes around us we have to be able to balance the concept of thinking differently to that of growing our expertise. When I say that, what I’m driving at are two types of approaches. First, there is your expertise or knowledge base. This is like an ever expanding tool kit, it’s your BABOK framework, your access to readymade business analyst techniques, learnings from previous studies. It’s your knowledge platform if you will. Personally I like to call this ‘steady state’ knowledge. It’s the body of evidence we use to perform in the manner in which we’re expected. Some people may have more, some people less but the critical thing to note is here we all draw from the roughly the same set of tools. What that should highlight immediately is that the idea or will to challenge traditional thoughtsand behave differentlywill not evolve from simply repeating or utilising what already exists. Using the same tools within the same framework won’t differentiate you as an individual, or as a collective for that matter. You may become more efficient by doing this through experience but it certainly won’t mean that you’re thinking differently.

Altogether different from your growth in expertise is the idea of your ability to make rapid decisions. This is the decision making we’re forced to utilise when it comes to the recognition of new patterns or the ability to connect two or more isolated points that don’t appear to be related. It’s our minds method we draw upon when delving into our complete library of knowledge and experiences in order to apply them to problems or situations that exist outside of our immediate sphere of reference. In this instance the ‘immediate sphere of reference’ I refer to is our roles as business analysts and our linear approaches to providing value to organisations, solving problems, removing waste, etc.

Recognising that our frameworks, methodologies and techniques are just a perspective or one of the options we can utilise to problem solving should be the trigger we can use to explore other avenues. No method or framework is perfect and each fact scenario we face can be viewed in a multi-faceted manner. Great thinkers go about searching for different ways at arriving at a solution, not editing or discarding them immediately when they initially appear impractical or too hard.





Cyber Security

by Henry Elisher,

Business Analysts Pty Ltd Consultant


What is the cyber security threat?

The internet is where we all now conduct our business. Electronic systems and digital information are essential for businesses to conduct a whole range of their day to day activities. The increased nature of connectivity also brings greater exposure to criminal activity and the opportunism for those with the desire to either steal, manipulate, damage or threaten by utilising the scope of connectivity

Recent cyber-attacks by cyber terrorists’ show that their targets can, and are, far ranging, from governments, to businesses and individuals. In a world where we are all connected the reach is extensive, not one organisation or individual is immune. People need to be aware of the evolving threat and the increasing level of sophistication by attackers as they employ cutting-edge techniques to breach the security barriers of organisations.

Even with this ever evolving and increasing threat, the cyber-security measures of organisations are too often reactive instead of being the cornerstones of a sound digital infrastructure. To add some perspective, in the Asia-Pacific region, companies on average identified that they were susceptible to, on average, 6 threats per minute but, they added, only 50% of those alerts would be investigated.

One major study on the Security Capabilities of the Asia Pacific region highlighted the following important findings.


  • In the Asia Pacific region companies can receive up to 10,000 threats per day
  • 69% of companies surveyed received more than 5,000 threats a day

Lack of Security Readiness

  • Regarding digital security infrastructure, up to 9% of respondents stated they do not have cyber-security professionals at their organisations and 13% stated they do not have executives that were responsible and accountable for cyber-security at their organisations

Economic and reputational fallout

  • In South East Asia alone 51% of cyber attacks resulted in a loss of more than $1million USD
  • Nearly 10% stated that cyber attacks had resulted in losses of greater than $10 million USD

Multi-pronged attacks

  • The changing nature of attacks means that attackers are not just targeting IT infrastructure but also operational technologies, 30% of organisations stated that they have seen cyber attacks along those lines

In comparison to counterparts in the Asia-Pacific it appears that in Australia more organisations are dealing with alerts with more vigour and gravity than their regional peers, 81% of companies are facing more than 5000 alerts per day, and 33% of organisations have stated they deal with 100,000 – 150,000 alerts per day

The cost of breaches in Australia is also the highest within the Asia-Pacific region with 52% reporting that attacks costs between $1-5 million USD, with 9% reporting costs of $10 million +, estimates in this sense relating to lost revenue, loss of customers, lost opportunities and out-of-pocket cost.

What is Cyber-security all about?

Successful cyber-security has multiple layers of protection that spreads across computers, networks, programs or the data that an individual intends to keep. In an organisation it is the people, processes and technology that must complement one another in order to provide the most effective defence


  • Must understand and comply with basic data security principles such as choosing strong passwords, being wary of attachments, and backing up data consistently


  • Organisations need to have a framework for how they deal with both attempted and successful attacks


  • Technology is essential if giving organisations and individuals the computer security tools they need to protect themselves from cyber-attacks. The three main entities that must be protected are endpoint devices like computers, smart devices, and routers; networks and the cloud. Common technology utilised to protect these entities are next-generation firewalls, DNS filtering, malware protection, antivirus software, and email security solution 

Types of security threats


  • This is a type of malicious software designed to extort money by blocking access to files on a computer system until a ransom is paid. Paying the ransom does not of course guarantee that the files will be recovered or restored


  • Is a type of software designed to gain unauthorised access or cause damage to a computer

Social Engineering

  • A tactic used to trick you into revealing sensitive information. From this attackers can solicit a monetary payment or gain access to your confidential data 


  • Is the practice of sending fraudulent emails that resemble emails from reputable sources. The aim is to steal sensitive data like credit card information and login information – this tends to be the most common type of cyber attack

Cyber crime mitigation

The Australian Cyber Security Centre (ACSC) is the Australian Governments lead on national cyber security, it brings together cyber security capabilities from across the Australian Government to improve cyber resilience of the Australian community and in support of economic and social prosperity of Australians in the digital age.

The ACSC also provides cyber security advice and assistance to Australian Government organisations, businesses and individuals. They have details on the types of strategies that companies can utilise in order to mitigate cyber security incidents.

With that said, whilst no single strategy, is guaranteed to prevent cyber security incidents, organisations are recommended to implement eight essential mitigation strategies, as listed below, in order to formulate a security baseline. This baseline will make it harder for attackers to compromise systems and will of course be much more cost-effective than being put in the position of having to respond to a large-scale cyber security incident

The essential eight strategies are:

Application Whitelisting – to control the execution of unauthorised software

Patching applications – to remediate known security vulnerabilities

Configuring Microsoft Office macro settings – to block untrusted macros

Application hardening – to protect against vulnerable functionality

Restrictive administrative privileges – to limit powerful access to systems

Patching operating systems – to remediate known security vulnerabilities

Multi-factor authentication – to protect against risky activities

Daily back-ups – to maintain the availability of critical data

Implementation of strategies – starting points for business analysts

  • Prior to implementing a mitigation strategy, organisations need to identify their assets, particularly their vulnerable assets, and perform a risk assessment to identifying the levels of protection required from various threats.
  • Building up support and increasing cyber security awareness requires ‘motivators’. Some of the ‘motivators’ that impart awareness and create urgency to cyber security are penetration tests, mandatory breach reporting & mandatory compliance.
  • A mitigation strategy should be implemented for high risk users and computers such as those that have access to (sensitive or high-availability) data and exposed to untrustworthy content, and then the strategy can be rolled out for all other users and computers.
  • Perform ‘hands on’ testing to verify the effectiveness of implementation and mitigation strategies
  • The four major threats to businesses/organisations are as listed below:
    • targeted cyber intrusion and external adversaries that steal data
    • ransomware that denies access for monetary gain, and external adversaries who destroy data and prevent computers/networks from functioning
    • malicious insiders who steal data such as customer details or intellectual property
    • malicious insiders who destroy data and prevent computers/networks from functioning
  • Incorporating the top 8 strategies are the most effective way for mitigating targeted cyber intrusions and ransomware – the ASD considers their implementation to be the security baseline for all organisations

Major threats – suggested mitigation strategy implementation

Below is listed the major type of security threats to organisations and the essential strategies to be adopted in combating these threats.

Targeted cyber intrusions (advanced persistent threats) and other external adversaries that steal data:

  • Implement “essential” mitigation strategies to:
  • prevent malware delivery and execution
  • limit the extent of cyber security incidents
  • detect cyber-security incidents and respond

Ransomware and external adversaries who destroy data and prevent computers/networks from functioning:

Implement “essential” mitigation strategies to:

  • recover data and system availability
  • prevent malware delivery and execution
  • limit the extent of cyber security incidents
  • detect cyber security incidents and respond

Malicious insiders who steal data:

  • Implement ‘Control removable storage media and connect devices’ to mitigate data exfiltration
  • Implement ‘Outbound web and email data loss prevention’
  • Implement “essential” mitigation strategies to:
  • limit the extent of data security incidents
  • detect cyber security incidents and respond

Malicious insiders who destroy data and prevent computers/networks from functioning:

  • Implement “essential” mitigation strategies to:
  • recover data and system availability
  • limit the extend of cyber security incidents
  • detect cyber security incidents and respond


Essential mitigation strategies

Some of eight essential mitigation strategies are outlined below with additional supporting strategies also specified.  Those that the Australian Cyber Security Centre (ACSC) consider ‘Essential’ or ‘Excellent’ are outlined below.


Relative security rating effectiveness                                                                  Migration strategy

Mitigation strategies to prevent malware delivery and execution

Essential          Application whitelisting or approved/trusted programs to prevent execution of unapproved/malicious programs including .exe, DLL, scripts (e.g. Windows Script Host, Powershell and HTA) and installers

Essential          Patch applications e.g. Flash, web browsers, Microsoft Office, Java and PDF viewers. Patch/mitigate computers with ‘extreme risk’ vulnerabilities. Use the latest versions of applications

Essential          Configure Microsoft Office macro settings to block macros from the Internet, and only allow vetted macros either in ‘trusted locations with limited write access or digitally signed with a trust certificate

Essential          User application hardening. Configure web browsers to block Flash (best to uninstall it), ads & Java on the internet. Disable unneeded features of Microsoft Office (e.g. OLE), web browsers and PDF viewers

Excellent           Automated dynamic analysis of email and web content run in a sandbox, blocked if suspicious behaviour is identified e.g. network traffic, new or modified files, or other system configuration changes

Excellent           Email content filtering. Whitelist attachment types (included in archives and next archives). Analyse/sanitise hyperlinks, PDF and Microsoft Office attachments. Quarantine Microsoft Office macros

Excellent           Web content filtering. Whitelist allowed types of web content and web sites with good reputation ratings. Block access to malicious domains and IP addresses, ads, anonymity networks and free domains

Excellent           Deny computers direct internet connectivity. Use a gateway firewall to require use of a split DNS server, an email server, and an authenticated web proxy server for outbound web connections.

Excellent           Operating system generic exploit migration e.g. Data Execution Prevention (DEP), Address Space Layout Randomisation (ASLR) and Enhanced Mitigation Experience Toolkit (EMET)


Mitigation strategies to limit the extent of cyber security incidents

Essential          Restrict administrative privileges to operating systems and applications based on user duties. Regularly revalidate the need for privileges. Don’t used privileged accounts for reading email and web browsing.

Essential          Patch operating systems. Patch/mitigate computers (including network devices) with ‘extreme risk’ vulnerabilities. Use the latest operating system version. Don’t use unsupported versions.

Essential          Multi-factor authentication including for VPN’s, RDP, SSH and other remote access, and for all users when they perform a privileged action or access an important (sensitive/high availability) data repository.

Excellent           Disable local administrator accounts or assign passphrases that are random and unique for each computer’s local administrator account in order to prevent propagation using shared local administrator credentials

Excellent           Network segmentation. Deny traffic between computers unless required. Constrain devices with low assurance e.g. BYOD and IoT. Restrict access to network drives and data repositories based on user duties.

Excellent           Protect authentication credentials. Remove CPassword values (MS14-025). Configure WDigest (KB2871997). Use Credential Guard. Change default passphrases. Require long complex passphrases


Mitigation strategies to detect cyber security incidents and respond

Excellent           Continuous incident detection and response with automated immediate analysis of centralised time-synchronised logs of permitted and denied: computer events, authentication, file access and network activity

Essential          Mitigation strategies to recover data and system availability

Daily backups of important new/changed data, software and configuration settings, stored disconnected, retained for at least three months. Test restoration liability, annually and when IT infrastructure changes.