Cyber Security

by Henry Elisher,

Business Analysts Pty Ltd Consultant

 

What is the cyber security threat?

The internet is where we all now conduct our business. Electronic systems and digital information are essential for businesses to conduct a whole range of their day to day activities. The increased nature of connectivity also brings greater exposure to criminal activity and the opportunism for those with the desire to either steal, manipulate, damage or threaten by utilising the scope of connectivity

Recent cyber-attacks by cyber terrorists’ show that their targets can, and are, far ranging, from governments, to businesses and individuals. In a world where we are all connected the reach is extensive, not one organisation or individual is immune. People need to be aware of the evolving threat and the increasing level of sophistication by attackers as they employ cutting-edge techniques to breach the security barriers of organisations.

Even with this ever evolving and increasing threat, the cyber-security measures of organisations are too often reactive instead of being the cornerstones of a sound digital infrastructure. To add some perspective, in the Asia-Pacific region, companies on average identified that they were susceptible to, on average, 6 threats per minute but, they added, only 50% of those alerts would be investigated.

One major study on the Security Capabilities of the Asia Pacific region highlighted the following important findings.

Breaches

  • In the Asia Pacific region companies can receive up to 10,000 threats per day
  • 69% of companies surveyed received more than 5,000 threats a day

Lack of Security Readiness

  • Regarding digital security infrastructure, up to 9% of respondents stated they do not have cyber-security professionals at their organisations and 13% stated they do not have executives that were responsible and accountable for cyber-security at their organisations

Economic and reputational fallout

  • In South East Asia alone 51% of cyber attacks resulted in a loss of more than $1million USD
  • Nearly 10% stated that cyber attacks had resulted in losses of greater than $10 million USD

Multi-pronged attacks

  • The changing nature of attacks means that attackers are not just targeting IT infrastructure but also operational technologies, 30% of organisations stated that they have seen cyber attacks along those lines

In comparison to counterparts in the Asia-Pacific it appears that in Australia more organisations are dealing with alerts with more vigour and gravity than their regional peers, 81% of companies are facing more than 5000 alerts per day, and 33% of organisations have stated they deal with 100,000 – 150,000 alerts per day

The cost of breaches in Australia is also the highest within the Asia-Pacific region with 52% reporting that attacks costs between $1-5 million USD, with 9% reporting costs of $10 million +, estimates in this sense relating to lost revenue, loss of customers, lost opportunities and out-of-pocket cost.

What is Cyber-security all about?

Successful cyber-security has multiple layers of protection that spreads across computers, networks, programs or the data that an individual intends to keep. In an organisation it is the people, processes and technology that must complement one another in order to provide the most effective defence

People

  • Must understand and comply with basic data security principles such as choosing strong passwords, being wary of attachments, and backing up data consistently

Processes

  • Organisations need to have a framework for how they deal with both attempted and successful attacks

Technology

  • Technology is essential if giving organisations and individuals the computer security tools they need to protect themselves from cyber-attacks. The three main entities that must be protected are endpoint devices like computers, smart devices, and routers; networks and the cloud. Common technology utilised to protect these entities are next-generation firewalls, DNS filtering, malware protection, antivirus software, and email security solution 

Types of security threats

Ransomware

  • This is a type of malicious software designed to extort money by blocking access to files on a computer system until a ransom is paid. Paying the ransom does not of course guarantee that the files will be recovered or restored

Malware

  • Is a type of software designed to gain unauthorised access or cause damage to a computer

Social Engineering

  • A tactic used to trick you into revealing sensitive information. From this attackers can solicit a monetary payment or gain access to your confidential data 

Phishing

  • Is the practice of sending fraudulent emails that resemble emails from reputable sources. The aim is to steal sensitive data like credit card information and login information – this tends to be the most common type of cyber attack

Cyber crime mitigation

The Australian Cyber Security Centre (ACSC) is the Australian Governments lead on national cyber security, it brings together cyber security capabilities from across the Australian Government to improve cyber resilience of the Australian community and in support of economic and social prosperity of Australians in the digital age.

The ACSC also provides cyber security advice and assistance to Australian Government organisations, businesses and individuals. They have details on the types of strategies that companies can utilise in order to mitigate cyber security incidents.

With that said, whilst no single strategy, is guaranteed to prevent cyber security incidents, organisations are recommended to implement eight essential mitigation strategies, as listed below, in order to formulate a security baseline. This baseline will make it harder for attackers to compromise systems and will of course be much more cost-effective than being put in the position of having to respond to a large-scale cyber security incident

The essential eight strategies are:

Application Whitelisting – to control the execution of unauthorised software

Patching applications – to remediate known security vulnerabilities

Configuring Microsoft Office macro settings – to block untrusted macros

Application hardening – to protect against vulnerable functionality

Restrictive administrative privileges – to limit powerful access to systems

Patching operating systems – to remediate known security vulnerabilities

Multi-factor authentication – to protect against risky activities

Daily back-ups – to maintain the availability of critical data

Implementation of strategies – starting points for business analysts

  • Prior to implementing a mitigation strategy, organisations need to identify their assets, particularly their vulnerable assets, and perform a risk assessment to identifying the levels of protection required from various threats.
  • Building up support and increasing cyber security awareness requires ‘motivators’. Some of the ‘motivators’ that impart awareness and create urgency to cyber security are penetration tests, mandatory breach reporting & mandatory compliance.
  • A mitigation strategy should be implemented for high risk users and computers such as those that have access to (sensitive or high-availability) data and exposed to untrustworthy content, and then the strategy can be rolled out for all other users and computers.
  • Perform ‘hands on’ testing to verify the effectiveness of implementation and mitigation strategies
  • The four major threats to businesses/organisations are as listed below:
    • targeted cyber intrusion and external adversaries that steal data
    • ransomware that denies access for monetary gain, and external adversaries who destroy data and prevent computers/networks from functioning
    • malicious insiders who steal data such as customer details or intellectual property
    • malicious insiders who destroy data and prevent computers/networks from functioning
  • Incorporating the top 8 strategies are the most effective way for mitigating targeted cyber intrusions and ransomware – the ASD considers their implementation to be the security baseline for all organisations

Major threats – suggested mitigation strategy implementation

Below is listed the major type of security threats to organisations and the essential strategies to be adopted in combating these threats.

Targeted cyber intrusions (advanced persistent threats) and other external adversaries that steal data:

  • Implement “essential” mitigation strategies to:
  • prevent malware delivery and execution
  • limit the extent of cyber security incidents
  • detect cyber-security incidents and respond

Ransomware and external adversaries who destroy data and prevent computers/networks from functioning:

Implement “essential” mitigation strategies to:

  • recover data and system availability
  • prevent malware delivery and execution
  • limit the extent of cyber security incidents
  • detect cyber security incidents and respond

Malicious insiders who steal data:

  • Implement ‘Control removable storage media and connect devices’ to mitigate data exfiltration
  • Implement ‘Outbound web and email data loss prevention’
  • Implement “essential” mitigation strategies to:
  • limit the extent of data security incidents
  • detect cyber security incidents and respond

Malicious insiders who destroy data and prevent computers/networks from functioning:

  • Implement “essential” mitigation strategies to:
  • recover data and system availability
  • limit the extend of cyber security incidents
  • detect cyber security incidents and respond

 

Essential mitigation strategies

Some of eight essential mitigation strategies are outlined below with additional supporting strategies also specified.  Those that the Australian Cyber Security Centre (ACSC) consider ‘Essential’ or ‘Excellent’ are outlined below.

 

Relative security rating effectiveness                                                                  Migration strategy

Mitigation strategies to prevent malware delivery and execution

Essential          Application whitelisting or approved/trusted programs to prevent execution of unapproved/malicious programs including .exe, DLL, scripts (e.g. Windows Script Host, Powershell and HTA) and installers

Essential          Patch applications e.g. Flash, web browsers, Microsoft Office, Java and PDF viewers. Patch/mitigate computers with ‘extreme risk’ vulnerabilities. Use the latest versions of applications

Essential          Configure Microsoft Office macro settings to block macros from the Internet, and only allow vetted macros either in ‘trusted locations with limited write access or digitally signed with a trust certificate

Essential          User application hardening. Configure web browsers to block Flash (best to uninstall it), ads & Java on the internet. Disable unneeded features of Microsoft Office (e.g. OLE), web browsers and PDF viewers

Excellent           Automated dynamic analysis of email and web content run in a sandbox, blocked if suspicious behaviour is identified e.g. network traffic, new or modified files, or other system configuration changes

Excellent           Email content filtering. Whitelist attachment types (included in archives and next archives). Analyse/sanitise hyperlinks, PDF and Microsoft Office attachments. Quarantine Microsoft Office macros

Excellent           Web content filtering. Whitelist allowed types of web content and web sites with good reputation ratings. Block access to malicious domains and IP addresses, ads, anonymity networks and free domains

Excellent           Deny computers direct internet connectivity. Use a gateway firewall to require use of a split DNS server, an email server, and an authenticated web proxy server for outbound web connections.

Excellent           Operating system generic exploit migration e.g. Data Execution Prevention (DEP), Address Space Layout Randomisation (ASLR) and Enhanced Mitigation Experience Toolkit (EMET)

 

Mitigation strategies to limit the extent of cyber security incidents

Essential          Restrict administrative privileges to operating systems and applications based on user duties. Regularly revalidate the need for privileges. Don’t used privileged accounts for reading email and web browsing.

Essential          Patch operating systems. Patch/mitigate computers (including network devices) with ‘extreme risk’ vulnerabilities. Use the latest operating system version. Don’t use unsupported versions.

Essential          Multi-factor authentication including for VPN’s, RDP, SSH and other remote access, and for all users when they perform a privileged action or access an important (sensitive/high availability) data repository.

Excellent           Disable local administrator accounts or assign passphrases that are random and unique for each computer’s local administrator account in order to prevent propagation using shared local administrator credentials

Excellent           Network segmentation. Deny traffic between computers unless required. Constrain devices with low assurance e.g. BYOD and IoT. Restrict access to network drives and data repositories based on user duties.

Excellent           Protect authentication credentials. Remove CPassword values (MS14-025). Configure WDigest (KB2871997). Use Credential Guard. Change default passphrases. Require long complex passphrases

 

Mitigation strategies to detect cyber security incidents and respond

Excellent           Continuous incident detection and response with automated immediate analysis of centralised time-synchronised logs of permitted and denied: computer events, authentication, file access and network activity

Essential          Mitigation strategies to recover data and system availability

Daily backups of important new/changed data, software and configuration settings, stored disconnected, retained for at least three months. Test restoration liability, annually and when IT infrastructure changes.

 

 

How To Best Leverage Robotic Process Automation

by Abe Magalong,

Business Analysts Pty Ltd Consultant

 

In an increasingly competitive environment where businesses are changing their internal operations to engage faster and become more personalised to their customers how can the introduction of Robotic Process Automation (RPA) assist this and what exactly is it? Robotic Process Automation is fast becoming an interesting software solution to routine, laborious, data intensive tasks (Boulton, 2018). This blog will describe RPA and apply business analysis techniques to increase the value of implementing an RPA solution within businesses. 

The use of RPA is being adopted across multiple business sectors (Boulton, 2018). At its core, RPA is the use of a software application which governed by business logic and structured inputs is designed to automate manual business processes that involve data entry and processing (Boulton, 2018). The impact of using such technology is that a business can configure RPA software to read data from an application and process a simple transaction which otherwise would be the responsibility of an human actor.

To help facilitate implementing an RPA solution, a Business Analyst can undertake a scoping exercise to identify which areas of the business can benefit from the adoption of RPA. Lessons learnt indicate that a more refined RPA scope that targets simple information is more effective than interpreting complex information derived from multiple scenarios as the human element will inevitably need to intervene (Smith, 2017).

An approach of identifying and refining scope is by choosing a business department with data intensive tasks and documenting which smaller processes can benefit from an RPA. By taking first a broad outlook and then focusing on the detail businesses can therefore quickly identify a scope to implement RPA. The use of a simple Suppliers, Inputs, Processes, Outputs, and Customers (SIPOC) framework, BPMN modelling and creating test scenarios from the processes can help facilitate analysis and design of an RPA solution

By starting at the highest level, the use of SIPOC can frame key characteristics of a bigger process, enabling a Business Analyst to quickly trace and highlight which tasks of a process are labour intensive. Once a task in the process is identified to be labour and data intensive the use of BPMN modelling can validate whether an RPA solution can be of best fit.

Modelling individual activities of a task allows a Business Analyst to validate what data entry steps in the process are repeatable and identifies which data attributes is consumed and outputted to an associated system. By going in to this detail a Business Analyst can further test whether their hypothesis of replacing a manual data entry task can benefit from an RPA solution as it shows low level task dependencies between data and associated consuming systems. Documenting the process again but in a to-be state whereby each manual data entry step is replaced by the RPA solution can therefore visually depict how the new process will work in the future state. 

Finally, to confirm whether the to-be model of implementing an RPA solution will achieve the intended outcome, the development of test plans which can easily be documented using the to-be model as a reference point can help facilitate this. The use of a test plan that details individual steps traced back from a to-be model allows a Business Analyst to meticulously plan how the new human removed data entry process achieves the same outcome. By doing this a Business Analyst can therefore record and analyse any test results and report any unexpected or unsatisfactory outcomes.

To capture which areas of the business is suitable for an RPA roll out a focused analysis which begins by looking broad and focusing in on the individual data entry steps can help identify which specific manual data entry processes can best leverage an RPA solution.

 

References

Boulton, C (2018). What is RPA? A revolution in business process automation. Retrieved from https://www.computerworld.com.au/article/641674/what-rpa-revolution-business-process-automation/

Smith, P (2017). Robotic process automation on demand as consultants get disrupted. Retrieved from https://www.afr.com/technology/robotic-process-automation-on-demand-as-consultants-get-disrupted-20170816-gxx6b0

BAs’ in the World of Data Governance

by Rob Miles,

Business Analysts Pty Ltd Consultant

 

Advancements in technology and reductions in bandwidth and storage costs mean that organisations now have the ability to capture and store large quantities of data on all sorts of processes, behaviours and systems. However, as an organisation’s data assets grow it has led to an interesting problem – they are beginning to realise that just capturing this information is not enough. Stockpiling information without clearly articulated business needs and explicitly defined requirements makes it difficult to find meaning and cut through the noise and clutter. Storing massive amounts of data with no meaningful purpose can both be a liability on the balance sheet and in the boardroom when it comes to making clear decisions. Data by itself is not an asset, knowing how to use the data is. Organisations must find a way to attribute value to their data so they can make meaningful decisions and learn.

Effective Data Governance provides numerous benefits to an organization. It can help to:

  • Decrease costs associated with Data Management
  • Ensure accurate procedures around regulation and compliance activities
  • Improve transparency and traceability of data-related activities
  • Embed best practice around the management of data assets
  • Standardize data systems, policies, procedures and standards
  • Resolve past and current data issues.
  • Facilitate monitoring and tracking of data quality
  • Ultimately increase the value of an organisation’s data, thereby increasing overall revenue.

The answer so far has been to make sure data kept is in specified locations, in controlled formats, marked with any appropriate information to help provide context or in short DATA GOVERNANCE.

 

Step one in the process is to figure out what type of information will help your organisation be better. To do this we go to the old BA fall-backs of Traceabilityand Strategic Direction. If an organisation knows where it is going, it is a lot easier for them to decide what data and information may be useful for making decisions. Our job as BA’s is to help the organisation understand both what they are currently doing and what questions they need to answer in order to continuously improve. Providing context to the sea of information allows you to see what data will provide actionable value vs background noise. It will also allow you to define a standardisedway of interpreting the information across the business.

So now we have a method to sort diamonds from rocks. How do we ensure that the process is relevant to our current needs? Enter the BA and the Data Steward. The Data Stewardis the SME assigned by the company to validate the information and ensure that the information is relevant to today’s needs. Usually the data steward is someone that has been with the company a long time and has the unenviable task of tidying the mess made by upstream data entry users so that management can see an accurate, meaningful report. A BA’s role is to work with data stewards to understand how they are cleaning up the information or applying business rules. Once again, this is a perfect opportunity for us to help the business mature. Using a combination of information tagging (Metadata), process mapping and automation of business rules, we should be able to move tasks to their correct point in the value stream to ensure the least amount effort for the biggest return.

So far we have;

  • Determined what information we need to make a decision.
  • Standardised how we interpret/apply the information.
  • Ensured the data we receive is appropriate and accurate

So where to from here? Well the short answer there is a lot left do. Ensuring information is current, relevant and appropriate is a continuous task. You must be able to adapt the processes and systems as organisations needs change and mature. As the process of gathering and interpreting data becomes faster/easier you will have more time to start asking more complex questions and generate greater wisdom.

One way to build data governance capability in an organisation is to adopt the GOVERN Process:

Get buy-in for data governance from senior management

Organise a committee to establish procedures, decision rights and accountability

Verify assumptions and constraints to address barriers to data governance

Ensure goals and objectives are aligned to the available resources

Report on performance of data governance initiatives by measuring results

Network for best practices to support continuous improvement

 

Hopefully has given you an insight into the world of data governance. There is no shortage of reading materials out there but it hard to go past the industry standard in DMBoK. If your organisation would like support in understanding this further, at BAPL, we love data.

Product Roadmap – A Script For Success

by Sunil Powle,

Business Analysts Pty Ltd Consultant

 

It was close to 4pm and George was staring at his third PowerPoint slide for more than an hour, adding and deleting content several times. He felt as if he had no more power left to make a point. George had been leading a lean product team working on a contract management system implementation in an Agile environment.

Jane, an experienced business analyst noticed a worried George and stopped by for a chat.

 

 

Jane: George, you look worked up, something the matter?

 

 

George: My stakeholders just don’t seem to get it. I’ve had several sessions with the leadership team and with the ground staff too, however, they never seem to align with the work we have done and the work we have in our pipeline. Despite several presentations, they seem unsure of our product’s vision.

Jane: Aah, a much familiar ground, it’s always a daunting task to bring stakeholders on the same page. Have you tried building a Product Roadmap?

George: Product roadmap! What is that, another management gimmick?

Jane: I understand your frustration George, but this thing works.

George: Well what is it? Can you enlighten me?

Jane: A product roadmap is a summary that plots the vision and direction of your product offering…umm contract management stuff in your context, over the implementation period. It can be a visual summary, a strategic document or a plan and can be tailored to your audience.

George: Tailored to my audience, what do you mean?

Jane: I mean, for the leadership team, your product roadmap can talk about the product’s vision and how it aligns with the organization’s strategic goals. However, for the ground staff, you can dive into details by focusing on specific product features and add further details. You work in an Agile project management environment, don’t you? So, you can consider including themes, epics, stories and features into your product roadmap.

George: So, the product roadmap will cover features, requirements or initiatives and will outline a path to deliver them over a period thereby describing the anticipated product growth?

Jane: That’s correct! Let me show you how it will look at a very high-level so that you get the gist of what I’m talking about.

Jane quickly scribbled a rudimentary sketch of the product roadmap on her tablet.

 

 

Jane: Look at this picture. You can spread the planned development of your product across the timeline. This way, your stakeholders will have a single view of what is being delivered when.

 

George:…and I will be able to communicate the direction and progress towards the vision for my product, both to the leadership and to the ground staff and thereby establish a shared view and understanding?

Jane: Correct again, you are a fast learner!

George: That sounds interesting, but tell me, how does it fit into an Agile working environment where we have continuous moving pieces

Jane: Good question. Its common knowledge that Agile environment values working solutions. A product roadmap focuses on product/feature/value delivered as against focusing on a milestone or checkpoint. Product roadmap enables iterative delivery by showcasing features that are being delivered currently and those that will be delivered next and at later period.

George appeared a bit confused.

 

George: Hang-on, this sounds like a product backlog, are we confusing the two?

Jane: An Agile expert you are, but there are key differences between a product backlog and a product roadmap. Typically, a product backlog is a translation of how your team will deliver the vision outlined on an Agile product roadmap. The backlog defines product features for near term, but a product roadmap provides a strategic view of where the product is headed over the mid to long term period. It is tied to the organization’s vision and strategic goals often for the next 12 or more months.

George: I am itching to get started! Any input on how should I structure the product roadmap?

 

 

 

Jane paused a while to think:

 

 

Jane: A funnel approach is what comes to my mind.

George: A funnel approach? Boy you’ve got some cool analogies but help me understand more.

 

 

 

 

 

 

 

 

 

Jane: The product roadmap should first tell your product’s story at the highest possible level, consider starting with themes and epics and then work its way down into the smaller, more detailed aspects of that story such as requirements, features or user stories.

 

Jane quickly scribbled the hierarchy on her tablet.

 

 

George: Themes, Epics, that’s right down my alley, but before I get started, are there any limitations to this that I should be aware of?

Jane: Unfortunately, yes. A product roadmap can prove ineffective if the organizational environment is such that it leads to frequently changing vision and desired outcomes. I have seen a few product owners misusing the roadmap as a milestone or a date-driven plan. You will need to be cautious on the level of detail you put into it as it can get very time-consuming to maintain if it is overly detailed or too many variations are made in an attempt to satisfy all stakeholder groups. The trick here would be to find the right balance of details that the stakeholder groups can relate to.

George: I will be mindful of these aspects Jane. I know it’s getting late, but are there any final inputs?

Jane: Well there are a few more things you should consider.

George: Always hungry for more, you have both of my ears Jane.

Jane: Ensure that you as a product owner take ownership of the product roadmap and have your team focusing on maintaining it. Make it a living document rather than a plan set in stone. Regularly discuss, prioritize, estimate, update and share the product roadmap. Ensure that the roadmap reflects the most current priorities and goals, is easily accessible to those who need it. Set expectations with your stakeholders that the roadmap is not a promise. And lastly, keep it simple.

George: You are a star Jane, thank you so very much.

Jane: You are most welcome George; a Business Analyst never shies away from helping where they can. I wish you all the very best!

 

 

Why I Work at Business Analysts Pty Ltd (BAPL)

by Patrick Leaupepe,

Business Analysts Pty Ltd Consultant

 

A couple of weeks ago on a camping trip with some mates, we were sitting around a camp fire and one of the boys asked me “Why do you work for Business Analysts Pty Ltd (BAPL)?” 

This question completely caught me off guard, because what separates one employer from another?

After hours of driving and a cold bevvy or two, I wasn’t able to provide a response that really represented my feelings. However, it did lead me down the path to reflect back on my career, and I would like to take this opportunity to share Why I work at Business Analysts Pty Ltd (BAPL)

I have been working at BAPL for the past three and a half years, and over that time, I’ve had a lot of great experiences and not so great experiences…life of a consultant, right? So, upon reflection, I managed to boil it down to three key reasons. I work for BAPL because we have amazing consultants, great managers and most importantly, a supportive and collaborative culture.

Fortunately for me, I’ve had the opportunity to work alongside a lot of amazing BAPL consultants on numerous projects. Each consultant brings their own style, experiences, knowledge, etc. to the table and regardless of age/gender/background we all respect each other. Due to the mutual respect, I’ve been able to learn new skills and techniques because everyone’s happy to share their knowledge and experiences. And I’ve also built strong relationships, so much so that I’ve made some great friends along the way.

In addition to having amazing consultants, we also have great managers. The managers at Business Analysts Pty Ltd  have been great to me, and the three main managers that I want to focus on are the Service Delivery Manager, Practice Manager and Engagement Manager. Each manager plays a vital role within the business, and I have the utmost respect for each.

 

  • Service Delivery Manager: The Service Delivery Manager is responsible for managing the consultant engagements and client relationships.
  • Practice Manager: The Practice Manager is responsible for training, career development, and resourcing.
  • Engagement Manager: The Engagement Manager is responsible for managing the sales pipeline and allocating resources for new opportunities.

 

Each of the managers above are great, but what makes them really great is that they work together to ensure that each consultant is placed into an engagement where he/she can succeed and be supported to produce deliverables that meet the client’s expectations.

The last point I want to talk about is the supportive and collaborative culture at Business Analysts Pty Ltd. I honestly believe that this kind of culture could not have been achieved without the amazing consultants and great managers in the BAPL practice. As aforementioned, there is a high level of respect amongst the practice and everyone is encouraged to ask questions, share feedback, bounce ideas, and provide their opinions. Whether you’ve been working at BAPL for years or if you’re a new starter, everyone’s contributions are highly valued and that’s what I believe helps drive a collaborative environment.

Furthermore, the support provided by the managers and consultants is second to none. On all of my client engagements to date, I have always felt comfortable to reach out for guidance. The managers are always there to lend a helping hand, and the consultants are happy to help out as well. I believe that having amazing consultants, great managers and a supportive and collaborative culture go hand in hand (in hand), and this is why I have thoroughly enjoyed my time at BAPL to date. So, the next time someone asks me why I work for BAPL, I’ll now be able to answer clearly.

The T-Shape of You

by Henry Elisher,

Business Analysts Pty Ltd Consultant

 

Why you should cross your T’s first

 

Over the past decade there has been a plethora of research done which has emphasised the idea that for professionals to grow, thrive and excel in their respective environments they needed to possess both a deep disciplinary knowledge in their chosen areas of expertise and also have a keen ability to communicate across social, cultural and economic boundaries. The concept of soft skills, those interpersonal (people) skills that are generally understood by the populous as being the ability to communicate, are in fact far more reaching. They are an extensive range of qualities and attributes that encompass such things as attitude, creative thinking, work ethic, motivation, problem solving and conflict resolution, amongst a host of others. These are the key components that allow for the facilitationof interactions between people. Understanding that the majority of us work within a variety of business organisms, that have their own worlds of unique social interactions, it’s fundamental to our success as business analysts to both recognise, embrace, and develop this skill set, especially knowing that the key to our own success lies in the relationships that we build with our stakeholders.

Knowledge and teachable abilities are of course core to the capacity of what an individual brings to a role but what differentiates the performance of one employee over another is their ability to prioritise their focus, to work effectively in a heavily networked and matrixed environment and understand how the informal mechanisms of business work. It’s these unmapped and quite often undefined social concepts that, when grasped and utilised by an individual, will allow them to be identified as a person with the talent and capacity to lead, innovate and drive change. Utilising a quote from Aaron McEwan, Advisory Leader at CEB, he says;

Most of the good stuff in terms of performance happens in the white spaces between people, not at their desks’

It’s an idea that often gets lost in working environments that demand metric driven, quantifiable results but in reality should be obvious to us all in the sense it’s the harnessed expertise in a variety of areas allow us to get to viable solutions. Promoting the culture of ideas through dynamic interaction doesn’t occur whilst staring at a monitor.

 

The T-Shaped Business Analyst

 

These days with a greater number of people undertaking higher education, professional certification and various forms of additional study, the attainment of disciplinary knowledge no longer becomes the genuine differentiator that it once was. Not only is it not a real differentiator but the nature of ‘information attainment’ within educational institutions, that are often one dimensional in their own approach, tend to produce ‘I-shaped’ professionals. By ‘I-shaped’ what I am referring to is a type of professional that has deep, extensive technical knowledge in their area of expertise but lacks the broadness and well roundedness to be able to cross disciplines or industries within their knowledge capacity. Referring directly to fig 1 – The T-shaped professional, the ‘I’ component is represented by the two vertical pillars that state ‘deep in at least one discipline’and ‘deep in at least one system’.  From a business analyst perspective this can be identified as having the requisite knowledge in requirements elicitation, requirements analysis etc.

 

what is the T

Fig 1 – The T-shaped professional

 

As business analysts we can very much fall into the trap of being the classical, ‘I-shaped’ professional. We may very well be comfortable with our core set of skills and have a deep knowledge of the fundamental areas that the IIBA outline in the BABOK but what impact does that this sole focus have on ability in the environments where we ply our trade? Generally it is understood that without a broader, more expansive, interactive outlook, the professional can become knowledge and skill-set bound, essentially trapped, interpreting their workplace as largely a competitive environment, existing within their disciplinary silos and not extending beyond the comfort of the visible horizon.

By comparison, the defining characteristic of the ‘T-shaped’ business analyst, is demonstrated by the horizontal bar in figure 1. This component demonstrates the ability of the individual to collaborate across a variety of different disciplines, to be able to contribute to creative and innovate processes and to ‘tap in’to the unmapped social concepts that exist in organisations. It’s the utilisation of these type of soft skills that will allow the business analyst to share the expertise of their discipline and craft, whilst also having the capacity to translate this knowledge to those that do not fully comprehend the scope of work that a business analyst undertakes, because, along with being successful collaborators we also need to be our own ‘sales representatives’ and become advocates of our own expertise. It’s this promotion of awareness that can break down the power of ignorance and support our cause, but, the unlocking of this potential is only made viable through the development and utilisation of soft skills.

The idea of this readily transferable skill-set of course has special importance in the business analyst world as we should be ready to confidently step across sectors, from entertainment to utilities, from financial services to mining. It’s this agility and adroitness, supported by our set of soft skills that will identify us as unique but also as being the vital promoters in the creation of the new mobile, agile and educated workforce, a factor that’s critical for the global digital economy to prosper and in itself critical to the positioning of business analysts within this economy.

Business leaders have readily acknowledged the criticality of the far-reaching capacity of soft skills. Matt Tindale, the Managing Director of LinkedIn for Australia & New Zealand states that the ‘demand for collaboration, teamwork, EQ, critical thinking, problem solving and conflict resolution …are immensely important enterprise transferable skills’.This is a statement which should appear obvious as these elements really stand as the common base amongst a variety of disciplines and act as both the mechanism and vehicle to drive innovation from disparate, but equally as important knowledge bases.

So, whilst we can identify ‘I-shaped’ analysts and understand that their level of knowledge can obviously be utilised to get the job done, the question arises, at what expense? Muted levels of soft skills means that collaboration, teamwork, conflict resolution and the motivation to drive towards a common goal quite often comes to the ‘I-shaped” analyst with a deal of stress, strain on working relationships and with much less of the dynamic interactions that ‘T-shaped’ analysts develop in natural, organic ways. It’s the ability of the ‘T-shaped’ analyst to find compromises and help motivate others towards solutions that separate the good business analysts from those that are great. It will also be these subjective types of skills that will not only hold the ‘T-shaped’ analyst in good stead for a long, healthy career but will also bring the diversity and necessary degrees of challenges to create well rounded individuals.

 

Analyse like a Boss

by Tanya Harlow,

Business Analysts Pty Ltd Consultant

Article 1 – Define Your Own Business Idea

As Business Analysts we tend to find ourselves working as consultants, contractors or permanent inhouse domain experts on enabling new opportunities or solving problems for medium to large businesses.

Have you ever thought of using your awesome array of BA skills and experience to create, operate and lead your own small business?

When you think about starting your own business the mind starts to boggle with the enormity of it all and it feels very daunting, scary and almost impossible to fathom.  Not knowing where to start and how to move forward is the biggest obstacle to overcome.

A manageable way to approach the creation of a new business venture is to break it down into small key milestones that when set out in a logical order make the enormity easier to digest and will give you a clear starting point.

After having your “Eureka” moment and forming the kernel of your business idea and concept you can leverage your existing BA toolkit and skills to do some research and get your concept down on paper.  Doing some high-level analysis and modelling does not cost anything but your time.  During this initial analysis you will learn a lot about your concept and its viability and takes you a step closer towards your potential new future venture.

Product/Service

  • Consider your product and its key point of difference
  • Create a prototype where possible or a strawman on paper
  • Go through a SWOT analysis (strengths, weaknesses, opportunities, and threats) to assist in seeing the bigger picture and potential risks to work through

Market

  • Analyse the potential market and buyers for your product, who are they, where are they, how old are they, what are their buying habits, how much is their disposable income, what social media do they use, how will you reach them?
  • Use free online census data for understanding customer demographics
  • Conduct competitor analysis and benchmarking, this is great way to see how other similar businesses operate.  How do they market their goods, what are their price points, what do they do well, what could they improve on, what can you learn from their experience?

Financials

  • Analyse the costs for your business start-up
  • Model profit and loss including start up expenses, projected growth targets for the first 5 years of business, cost to operate and sales targets to see how viable the idea is on paper
  • Think about how you might fund the venture, financial institution loan, business partner or give crowd funding a go!

Company Structure

  • Analyse the best company set up for your situation e.g. sole trader, company, partnership.  It is worth seeking advise from an experienced business accountant when assessing these options as they can provide expert taxation advise and can assist if required in the creation of a Pty Ltd company
  • Perform organisational modelling to determine the roles required for your business, size and budget
  • Determine what role you will play within the business.  Always leave room to work onyour business and not just in the day to day operation of your business
  • Define your company’s core values, what does your business stand for, what are your guiding principles
  • Think about your company’s persona, how do you want to present your image to your customers? Is your company cool and hip or friendly and trustworthy? Knowing how you want your company to be perceived is very useful when the time comes for creating marketing materials like logo’s and websites.

Skills and Experience

  • Analyse the key skills and experience you will need to be successful within the specific industry domain you are looking at entering
  • Rate your existing general business skills like accounting, marketing, sales, payroll etc
  • Perform a gap analysis of where you are now, what you need to learn and how you will close the knowledge gap to acquire the relevant skills to enable success
  • Close your education gap including internet research, training courses, work experience and finding a good mentor.

Key Business Processes

  • Process analysis is required to determine what business processes and underpinning forms, reports etc will be required
  • Define your key value stream using a process flow chart identifying points of value and points of waste within and between processes
  • Process benchmark information for specific industries is available from the APQC industry standard website and can help inform you of the typical processes your business may need
  • Create a SIPOC diagram (suppliers, inputs, process, outputs and customers) for all key processes to understand the inputs and outputs and suppliers you may need.

Tools

  • Define your requirements for software tools to manage your accounts, invoicing and payroll (or will you outsource this part of your business to a strategic partner?)
  • Document what marketing tools your company will need including a website, Facebook, Twitter, Instagram and graphic design software tools
  • What customer relationship management tools are available to manage your customer database
  • What financial sales tools will you need to manage point of sale or online ordering?
  • What physical tools do you require to create your product? are these tools best rented with maintenance contracts in place or purchased outright as an asset and depreciated?
  • This information will feed directly into your cost modelling for start-up and operation

 

After doing your analysis on paper you should have a reasonable idea of the feasibility of your business idea, the complexity and associated costs.

If your numbers initially stack up and you are still excited to take the next step with your idea proceed to Article 2 in the Analyse Like a Boss series – “Business Start Up”to understand some of the BA techniques and savvy you can leverage to put together the required deliverables to start up your new business venture.

Business Analysis is a Product Owner’s Best Friend

by Sohail Chatha,

Business Analysts Pty Ltd Consultant

 

A week back, I had a very wonderful corporate lunch with work colleagues. For my dish, I needed a fair bit of customisation. The waiter took all the details patiently even though some may have seemed rather quirky even by my own standards. After a 20 minutes wait, voila I have my dish served & I liked it so much I left a tip.

Once at home, still thinking about how perfectly it was executed, I wondered what if the waiter (BA) was not patient enough to carefully note all my wish-list (requirements) & present it to the Chef (product owner) promptly. Had the Chef not listened to the waiter’s input to make perfect meal (product), I (Customer) would not been able to return home in such festive mode (UX).

In the IT industry’s context, a Business Analyst & a Product Owner often have different deliverables but overlapping roles in an organization. For an enterprise to succeed these variable roles need to work collaboratively across all initiatives to deliver value, RoI.

Role Characteristics:

The BA is an inward looking role with a focus on the requirements and improving an enterprise’s internal processes as a result of a need, change or opportunity. Whereas the Product owner is an outward looking role responsible for realising the product, its vision and defining the evaluation metrics for the product’s success. In today’s competitive environment nobody would bet on success of the Enterprise which is not true to its core, inside and out.

A BA collaborates with various stakeholders to perform documentation/mapping of the processes to enhance efficiency whereas a Product Owner is responsible for product management, marketing, roadmapping, and ensuring the product is aligned to user expectations. If the internal processes are optimized & correctly mapped then a Product Owner would be in a better position to deliver a product efficiently within the timelines. Similarly, feedback loops from end-users & external stakeholders transferred from the Product Owner to the enterprise will help the Business Analyst in reshaping processes with a correct modelling of business dynamics. This will make organizations leaner & customer oriented.

 

Enterprise’s Model:

Often a Business Analyst is expected to work as a Product Owner as well, due to overlapping areas in their responsibilities. After working on the design and approach, a BA is given charge as a Product Owner to deliver the expectations into a real working solution.

Enterprises are very tempted to use these roles interchangeably as the transition path looks seamless. In limited scenario it has been quite successful. However for projects where the risk of failure is intolerable, requirements are subject to change and tight regulation is present, it is a tough challenge to cover both the bases with same resource without impacting the true potential of the product. As with changing circumstances it becomes more crucial than ever to maintain the sight of the business.

More and more organisations realise the face value of their existence is in the survival of their product, therefore after experimenting this model they are moving towards a settled approach which creates opportunities for the BA and Product Owners to work together rather than stretch the capabilities.

 

 

 

Collaboration Value:

Companies want their critical workforce to be agile, objective oriented, smart and product focused to maintain an edge over their competitors. Since the roles of a BA and Product Owner have the same objective, to deliver a product which delivers the desired value to their customer/end-user, the focus has shifted more on channelling these efforts into collaboration.

More than 50% of IT start-ups could not survive their first financial year because they failed to devise a collaboration model not only at individual levels but also at a process level. In absence of a proper handshake between a BA and a Product Owner, the understanding of the requirements remains invalidated. Agile models encourage the iterative collaboration between these two roles because in case of conflicting delivery the cost of the change and effort makes the product less viable for the market strategy. Due to these impacts, our industry is definitely in need of their friendship.

To create the “Rainbow effect” a Product Owner & a BA need to maintain communication, a working collaborative relationship to get to that illusive perfect product. Through their fostered friendship a successful product can be produced which is a recipe for business success in this lean & competitive business environment.

[1]

by Mike Starrs,

Business Analysts Pty Ltd Consultant

 

 

The role of a Business Analyst is broad, but typically it comes down to understanding business needs, value & requirements and assisting business to make informed decisions. These needs are often muddied by a multitude of internal and external factors.  In the end though, the goal is achieving organisational success.  As all organisations exist to provide products and services to customers the best way to achieve success is to incorporate design thinking and human-centred design.

Design thinking is a creative approach to solution-based problem solving that puts people at the centre, enabling solutions that people truly want and need[1].  While not a new concept, design thinking is making a comeback in the business world and producing a number of positive results.  Together with User Experience (UX) and Customer Experience (CX), design thinking lays the groundwork for innovation, development of products and services, and ultimately helps you as a Business Analyst deliver better, stronger and more thorough business analysis.

The main aspect of design thinking is that of a user-centric experience; what is the user thinking and feeling, what is their experience.  Business Analysts already consider these factors, but generally not at the level required to dig into design thinking.  To dig deeper, the Business Analyst must step outside of their analytical mindset (without disregarding it completely) and let their creativity flow.

By understanding the customer journey and experience, we can get clarity on what the real needs are, and options to address them.  Rather than interpreting and explaining what we think our stakeholders need, we can use design to clearly demonstrate what they need through the use of simple language that everyone can understand and use design artefacts to tell the story. When explaining complex issues to a business stakeholder, there’s an increased chance of confusion or misunderstanding if complex (or even mildly complex) approaches are used.  Walking a stakeholder through a complex BPMN is a good example of this. But have you tried simplifying that process into a context diagram that uses simple language and a visual approach to explain the process? By changing the way we communicate complex systems or processes to stakeholders using design thinking, we can turn this interaction into a success. As a Business Analyst, clear communication is a core underlying competency. If we just end up confusing stakeholders, we’re not doing our job.

We have broken our analysis technique into four phases that closely align to design thinking, aligning these to the three phases of human-centred design, and will use this series to explain how the various tools and methods available in the BABOK® can help make your business analysis effort much more effective, adaptive and responsive to a rapidly changing business environment.

Phase 1: Discover – We will look at the Inspiration phase of human-centred design and various BABOK® techniques to understand the current state and help develop a more effective discovery stage.  How can we use design thinking to understand the current state as fast as possible without adding risk?

Phase 2: Refine – Now that you have built a solid foundation and your as-is analysis is complete, how do we transition from Inspiration to Ideation?  How we validate the current state with the business, turn our value streams into epics, iterate our work, and define requirements?

Phase 3: Prototype and Build – At this point we start to look at the future state, what will the to-be processes be, how we move through the Ideation phase.  Prototyping of solutions, iterative building, role-playing and storytelling all play a part here.

Phase 4: Feedback – The Implementation phase of human-centred design, this is where a tangible product or service takes shape.  This phase will often loop iteratively with Build & Prototype, and even back to Refine on occasion.  Here we will be looking at our requirements and user stories to make sure they have been met and fine-tuning our processes to support the finished build.

My view of design thinking is an iterative process to Discover, Refine, Build & Prototype, and Feedback which helps deliver the business need, value and requirements.

 

Phase 1: Discover the current state through Inspiration

 

When we think of discovery, we understand there is a level of uncertainty or a realm of unknowns that we need to identify in order to deliver a successful project.  Unknowns lead to potential roadblocks later with scope creep, failing to properly identify or understand the problem/opportunity, and ensuring a solution is fit for purpose.  Through the use of a few techniques, we can better define the problem up front and ensure we have clear scope for the project.  To do this, there are three key stages a Business Analyst can use to do this well.

Stage 1:  Planning– The BABOK® has a chapter called Business Analysis Planning and Monitoring, so for the sake of brevity I won’t go into too much detail here.  In this stage, the Business Analyst should be laying the foundations for success, by planning the core activities, tasks and deliverables needed, usually in alignment to a schedule.  In the planning stage, the BA should also be performing initial stakeholder analysis activities such as Mind Mapping or creating Stakeholder Lists, Maps or Personas to understand which stakeholders are relevant to the outcome, what the BA requires from them, and the best way to engage with each stakeholder.  An early activity to complete with stakeholders is to identify and prioritise the expected business outcomes for the project.  Use Interviews, Mind Mapping, Value Stream Mapping or Workshops to identify the key business outcomes, and Grouping (high, medium, low) or negotiation to establish the priorities of the business outcomes. These outcomes will play a crucial role later in the project for traceability.

Stage 2:  Current state analysis– A key part of the discovery process is eliciting the current state. What product or services are being delivered to customers.  This is where most of the work should occur in this phase, and relies on a wide range of techniques. The purpose of this analysis is to understand what the intent of the project is, define scope for the project, understand the current processes, and validate everything with the stakeholders.  Current state analysis should always be done, from a new start-up to an existing business or service, there are always unknowns that need to be discovered. Some of the activities you may perform at this stage include:

  • Develop a problem or opportunity statement– Work with the key stakeholders to define and establish the problem in clear and agreed upon terms. This could include a context diagram of the problem, developed in a workshop on a whiteboard, or a mission/vision statement that provides verbal context to why the project is happening.  BABOK® “Business needs are the problems and opportunities of strategic importance faced by the enterprise.
  • Problem statements are about resolving an issue that exists, opportunity statements are about taking advantage of identified opportunities to enhance the organisation.A ‘How Might We’ statement can be used to help develop the problem or opportunity statement, and should ultimately describe an opportunity.  Other techniques available to establish a statement could include Brainstorming and the 5 Why’s.
  • Define a clear scope statement– As part of the same initiation workshop, the Business Analyst should work with the stakeholders to establish clear scope for the project. Use Post-It notes to assist in identifying assumptions, constraints, and dependencies.  Post-It’s can be placed into labelled buckets for anonymity or displayed on a board for all to see.  BA-led discussion should follow to assist in prioritising and establishing the final agreed upon scope.  Scope Modelling or a Business Model Canvas can be created to visually capture and validate scope statements.
  • Prepare for and elicit the current state– There is always a current state, even if the business or service is new & is in start-up mode. What is happening in the market, who are the competitors and what are they doing? These are all valid current state questions.  A successful Business Analyst will have a clear plan and toolkit ready for elicitation. Mind Mapping, User Stories, the use of Personas, Journey Mapping, Value Stream Mapping, and Collaborative Gaming are just some of the techniques available to help elicit the current state from your audience.  The stakeholders, problem or opportunity and scope have been clearly identified in previous activities, now it’s time to conduct your workshops, interviews and other techniques to elicit the current state.

Stage 3: Document the current state –Ensure the processes match products and service offerings.  The use of context models and diagrams, as well as process modelling will help to validate the current state with key stakeholders. The format and structure of the outputs should be agreed with the stakeholders in the planning stage, and distributed for feedback.

By planning, eliciting and specifying a current state, Business Analysts can ensure they are well positioned to capture requirements and develop a future state that is desirable, viable, and feasible for the organisation.  Finding this balance is where innovation generally occurs, which is something we should strive to achieve in everything we do.

 

Phase 2: Refine through Ideation

 

Now that we have defined our current state, it’s time to validate and refine it and start thinking about the future state.  This is where we elicit and prioritise requirements and finalise our scope.  We want to be sure what we’re doing is desirable, viable and feasible, and that we can trace our requirements back to our business outcomes.  There are several stages that can help us refine our work and prepare the Build and Prototype.

Stage 1: Validate the current state –Every Business Analyst should be familiar and comfortable with validation, it’s a core part of the job.  We can use techniques such as Interviews or Workshops and our process models to take stakeholders through the current state and validate that our understanding is correct. There are a wide variety of visual representations and models that can be created to support this stage, the most important part is choosing the right one for your audience.

Stage 2: Requirements Elicitation –Another core activity we’re all used to, we’re now starting to set the stage for our future state through requirements.  Using techniques like the 5 Why’s, User Stories, Epics, Finding Themes, Value Stream Mapping and ‘How Might We’ statements, we can work with our stakeholders to understand their needs and trace these requirements back to our business outcomes.  It is important to make sure requirements have traceability to verified business outcomes, otherwise, how can we be sure they’re adding value to our final product? How your requirements are presented will be determined by the project and acceptable delivery methods, but the techniques you can use will vary.  If you feel one method isn’t producing results, simply try another one or interchange multiple techniques.

Stage 3: Prioritise requirements –Working with your stakeholders, facilitate a workshop and get your audience to determine the priority of each requirement.  By using MoSCoW, 100 points technique, Monopoly money technique or value-based prioritisation, your requirements should all be given an agreed upon priority level during the workshop.  Keep in mind that requirement prioritisation should assess desirability, feasibility and viability in order to find that innovative sweet spot, along with the usual eye on your business outcomes, budget and scope.  Once requirements have been prioritised, they may be grouped into Themes using affinity mapping, and further prioritised and organised into Sprints for a Product Backlog.  With Themes and Sprints, development can be broken down into manageable chunks to achieve key deadlines or milestones more efficiently.

Stage 4: Finalise scope –Through the Discovery phase, work was performed to identify the scope of the project. Requirement elicitation usually captures some things that have been missed and can also confirm previous in-scope items as no longer necessary.  Review the Scope Models or Business Model Canvas that were previously created and validate them against the requirements and business outcomes with your stakeholders.  You may even want to create a quick Storyboard to help visualise scope in another way, and work with the stakeholders to put firm boundaries around the scope of the project.  This is the perfect time to use everything collected during Discover and Refine to ensure there is no scope creep during the development stages of the project.

As you work through each of these 4 stages, you’ll discover a pathway to your solution and future state is already starting to take shape.  The work that has been done throughout Discover and Refine have laid the groundwork for the really creative stuff to begin. Stakeholders have been thoroughly and actively engaged throughout the process so far, and moving into the Build and Prototype phase, they’ll be able to get their hands dirty and drive the direction of the product or service to be offered.

Phase 3: Prototype and Build

 

As we move into the final two phases of using Design Thinking for good Business analysis, let’s do a quick recap of what’s been covered so far.  In Phase 1 we discovered the current state through the Inspiration phase of Human Centred Design, using a range of planning techniques from BABOK® and design-based techniques to elicit, describe and capture the current state.  This strong foundation of knowledge and understand lead into Phase 2 where we used Ideation to look at the ideal future state and started to elicit our requirements.  Using techniques from Agile, Design Thinking and IIBA’s BABOK®, we have been able to create Sprints, wrapped our requirements into User Stories, and developed the product backlog that will take us through to the end of our journey. In the next two phases we will prototype, build, seek feedback, and complete our objective of delivering value through lean and quality requirements to address business needs.

With a full set of prioritised requirements organised in a Product Backlog, commence on finalising the future state process and building prototypes to support the process by transitioning from Ideation to Implementation.  Work on the future state should involve the intended product or service being delivered and how the customer or user will experience it.  How they will interact and use the service or product being created is critical for a successful delivery, and a number of techniques exist to help work this out.

Personas can plan a major role in reaching your destination.  Understanding the different types of users, the demographics of your customer base and what their goals and needs are will be important.  Using these Personas, development of Customer Journey Maps and Storyboards can provide additional tools in developing future state processes and prototypes.  If you have multiple Personas, split off into small groups and brainstorm ideas for each specific persona then re-group to look for common themes.  If your future state is developed enough at this stage, Rapid Prototyping may be used to understand the practical implications of your efforts and work can be undertaken to further refine and develop the product or service.

As your prototypes evolve and refined over multiple iterations, feedback must be consistently gathered to ensure the intended future state process is valid and the product or service remains desirable, feasible and viable.  This can be done through the use of a Build-Measure-Learn loop within the Prototype and Build phase where Concept Models and Prototypes can be used with targeted user groups, observing how they interact with the solution, and adapting changes based on the observations.  Your prototypes are the build, observation becomes the measure, and the outputs from observation become the learning that is then applied to making changes to your process and product or service. By repeating the cycle through a number of iterations until you are happy the process, product and/or service, you can be certain that valuable information is being assessed and implemented as needed to push you closer and closer to success.

Phase 4: Feedback

 

The transition from Prototype & Build to Feedback is not always a clear one and each project will be different. Developing a suitable MVP may be your trigger to move into the Feedback stage and final build, while others may want to spend considerable time with alpha or beta releases in Build & Prototype before they are happy going into Feedback to release a near-final product.

By now you have developed, evolved and refined a number of prototypes, your processes have been tailored, and you’re ready for the final push.  While it may seem like this final phase is repetitive, the intent is quite different to Prototype & Build.  Up to this point you have been working on somewhat of a proof of concept, getting ready for the final sprint to production release, and now you’re almost there.  Feedback is about testing, validation, retrospectives and release.

With requirements encapsulated in user stories in hand, quite possibly with acceptance criteria, thorough testing and validation of processes and product or service can occur.  Acceptance criteria can be used as a baseline for a vast range of test scenarios including system and user acceptance testing. The Product Backlog and requirements will also be used to create test cases and scripts to verify delivery is on track, as expected and defect free.  One method of writing these tests is by creating Given, When, Then (GWT) statements.  These statements are written in the following format:

Given a context or situation, When an action is carried out, Then an expected or specific observable outcome of the action occurs.

Techniques that can be used from BABOK in this phase include GWT and Acceptance Criteria mentioned above, plus Evaluation Criteria, Definition of Done, Process Modelling, and Story Decomposition. Working through Feedback also involves the Build-Measure-Learn loop from phase 3 to continue iterative development. This loop will help ensure testing and the solution is properly scrutinised and vetted, and that it continues to be desirable, feasible, and viable.

 

Conclusion:

 

Design Thinking and Human-Centred Design aren’t new techniques or ideas, and neither are the techniques to support them that have been called out from the BABOK® throughout this series.  What is a more recent development is that Business Analysts can combine these together to go beyond the basics and provide the skills and expertise to work in a rapidly evolving market where the customer is at the centre of everything.  Products often come and go, similar products compete in the market place, but more and more these days we’re seeing that service is a key determining factor in what success is.

By adapting BABOK® techniques and having a Design mindset, Business Analysts will be able to support organisations large and small in guaranteeing that the customer is never forgotten, that processes, products and services continue to centre around customers, and that solutions are built to be desirable, feasible and viable for not only the customer but the organisation delivering them.  The Business Analyst, ultimately, is the key to the innovation organisations are trying to achieve provided they use the tools and techniques available to them to deliver great business analysis.

[1]http://masteringbusinessanalysis.com/mba056-design-thinking-for-better-business-analysis/

Applying Design Thinking and Human-Centred Design to Support Good Business Analysis by Mike Starrs, Business Analysts Pty Ltd Consultant (Phase 3: Prototype and Build)

As we move into the final two phases of using Design Thinking for good Business analysis, let’s do a quick recap of what’s been covered so far.  In Phase 1 we discovered the current state through the Inspiration phase of Human Centred Design, using a range of planning techniques from BABOK® and design-based techniques to elicit, describe and capture the current state.  This strong foundation of knowledge and understand lead into Phase 2 where we used Ideation to look at the ideal future state and started to elicit our requirements.  Using techniques from Agile, Design Thinking and IIBA’s BABOK®, we have been able to create Sprints, wrapped our requirements into User Stories, and developed the product backlog that will take us through to the end of our journey.  In the next two phases we will prototype, build, seek feedback, and complete our objective of delivering value through lean and quality requirements to address business needs.

 

Phase 3: Prototype and Build

With a full set of prioritised requirements organised in a Product Backlog, commence on finalising the future state process and building prototypes to support the process by transitioning from Ideation to Implementation.  Work on the future state should involve the intended product or service being delivered and how the customer or user will experience it.  How they will interact and use the service or product being created is critical for a successful delivery, and a number of techniques exist to help work this out.

Personas can plan a major role in reaching your destination.  Understanding the different types of users, the demographics of your customer base and what their goals and needs are will be important.  Using these Personas, development of Customer Journey Maps and Storyboards can provide additional tools in developing future state processes and prototypes.  If you have multiple Personas, split off into small groups and brainstorm ideas for each specific persona then re-group to look for common themes.  If your future state is developed enough at this stage, Rapid Prototyping may be used to understand the practical implications of your efforts and work can be undertaken to further refine and develop the product or service.

As your prototypes evolve and refined over multiple iterations, feedback must be consistently gathered to ensure the intended future state process is valid and the product or service remains desirable, feasible and viable.  This can be done through the use of a Build-Measure-Learn loop within the Prototype and Build phase where Concept Models and Prototypes can be used with targeted user groups, observing how they interact with the solution, and adapting changes based on the observations.  Your prototypes are the build, observation becomes the measure, and the outputs from observation become the learning that is then applied to making changes to your process and product or service. By repeating the cycle through a number of iterations until you are happy the process, product and/or service, you can be certain that valuable information is being assessed and implemented as needed to push you closer and closer to success.