Category Archives: Business Analysis

Business Analysis by Stealth

Picture the scene: it’s been almost 2 years since you bought your last iPhone.

You’ve heard the rumours, seen the teasers on your newsfeed and tuned in for Tim Cook’s keynote at the launch event. You might even have joined a queue several hours before the opening of your local Apple Store to be one of the very first to get your hands on the latest incarnation of the world’s most coveted consumer product.

You feel the adrenaline coursing through your veins as you caress its perfect curves, run your index finger along its flawless casing, assess its reassuring heft in the palm of your hand, marvel at its magnificent display, and envision the myriad untold ways in which this gorgeous device is going to satiate your inner aesthete’s appetite, and give you the technology you need to unlock your latent brilliance. You get the feeling this is the start of something big, as you’re united with the equipment you need to pursue the true path of your destiny.

You catch the eye of a ‘Genius’, and point proudly at your chosen configuration, barely able to contain your enthusiasm.

And the Genius asks you:

“So tell me, what are you going to use it for?”

“Erm…I dunno….camera, music, internet?”

“Well, the iPhone 4 does that, and it’s cheaper!” she says.

“Yes but, I want it better…faster…on a bigger screen”

“Why?”

“What do you mean ‘why?’”

“Why does it need to be faster? How fast does it need to be?”

“Well, I just….I just want one”

“But where will you use it? What for? How many transactions will you do per hour? How much music will you store, and at what rate will that increase? Do you keep things in the cloud or on the device?”

“Erm….I DON’T KNOW! Can I just have the bloody phone?”

OK, so clearly this scenario would never happen, because that’s not how retail works! Consumer retail is driven by the satisfaction of customer desire, and there’s an entire apparatus of marketing to stimulate that very desire.

But how about if you were to approach the task more like a business analyst?

It’s been almost 2 years since you bought your last iPhone.

You sit on the sofa, centre yourself and reflect on how you used it: what worked well, what didn’t work so well so well, and document it all. You study the news and the stock market and think about how the world will look in 2 years’ time. You assess where you are on your mission, and think again about why you are trying to fulfil it. From this, you generate a set of goals that will recalibrate your focus and get you back on track.

You look at what you’ve documented and tease out the requirements.

You now know the features you’re looking for.

So you walk into the Apple Store, take the document from your briefcase, and lay it out on one of those standing-height tables. You catch the eye of a Genius, and beckon her over.

“I’m looking for something that weighs 174 grams, has an A11 bionic processor with 64-bit architecture and supports 4G LTE, GSM, CDMA, HSPA+ and 802.11a/b/g/n/ac WiFi. You wouldn’t happen to have anything like that in stock would you?”

“Er….come again?”

“Do you have anything that fits that specification?”

“Erm…I honestly…have….no…idea”

A different, but equally unlikely scenario, I’m sure you’d agree.

But both scenarios reflect situations the BA encounters on an almost daily basis. This is a dynamic I like to describe as ‘The Analyst’s Burden”. We can be seen by many as the designated driver, the sober judge, the passion-killer.

For we, the righteous of the project community, are bound by the rules of the procurement process.

The second scene is not actually a million miles away from how most procurements begin. A shiny stall at a trade fair, a charismatic business development manager, a complementary glass of bubbly and a fantasy of what your business area would look like if all your problems were solved.

Systems underpin all the functions in a modern business, so it’s child’s play for a salesperson to demonstrate that all your problems emanate from your crumbling legacy system, and logical for you to assume that they will therefore disappear as soon as you buy the ‘Client Mega-Invoicer 3000’ or whatever it is.

The sales rep dazzles you with technical specifications as if they were comparing the torque increase you get from a supercharged V6 to a flat 8. Mesmerised by their eloquent bluster, you pick up a few key phrases, but it doesn’t matter, because they hands you a brochure that looks like it was designed by Jonny Ive, with everything he’s just said encoded into perfect sculpted prose….for you to reproduce faithfully in your business case.

Then a BA comes along and starts asking whether you have indeed correctly diagnosed your problems, and starts suggesting that your problems are probably more to do with the fact that you have no documented processes so none of your people do the same thing in the same way, they come in and sit at a PC for 8 hours a day, day in day out, and the only thing they have in common is a determined focus on getting through each weekday as quickly and painlessly as possible. They point out that your customers don’t know whether they’re coming or going because there’s so much variance in the activities that build their experiences, and the finance people have been reduced to budgeting based on what you spent on resources last year, such is the diabolical complexity of your balance sheet.

They ask you for any data you have to evidence the activity you’re supposed to be performing, time your staff with stopwatches, then pull them into workshops that explore in lurid detail the full horror of your management style.

Needless to say, the BA’s invites start to dry up, and they’re tagged with the unshakeable reputation of a ‘blocker’.

And herein lies the problem: when it comes to procuring systems, the business analysis process is somewhat at odds with the retail process your stakeholders are involved in, so the principal set of resources a good BA must draw from in this scenario are from the well of soft skills.

In my experience, there are two types of BA. First is the ‘Type A’ – the BA technocrat. They’re likely an ISEB alumna, with a freshly acquired array of esoteric techniques, and desperate to bend any assignment into something that would warrant the use of one. They want to be regarded as an expert in the manner of a qualified accountant or solicitor, to be listened to by simple virtue of their qualification to speak, and therefore get frustrated when they encounter resistance. For this reason, they tend to hop from job to job, and with each new role comes a new depth to their cynicism.

It’s as if they’ve learned a martial art, but will only spar with other pure aficionados of that martial art – and only if they play by the rules. So if accosted by a hooligan with a baseball bat, they forget that the outcome is self-defence and instead start fretting that the hooligan hasn’t got the right stance, and his belt isn’t tied properly – and that that the Ippon Seoi Nage he’s attempting to throw you with is not a legal move.

“This clown has no idea when it comes to judo” they think, and promptly get clobbered.

This is the kind of BA who frequently proclaims that “this isn’t proper Agile”, produces reams of documentation that nobody ever reads, and concludes that it is the organisation, not them, that’s hopeless.

The second type of BA , however, ‘Type B’, is a campaigner. They recognise that the role is about helping the business to improve, and since no two businesses, or even two projects, are the same, their approach needs to be tailored. They understand that change is about influence, that influence is a function of trusting relationships, and seek to understand their stakeholders, not just what they do, but how they feel about it, and tailor their approach accordingly.

They’re a model of professionalism – they do what they say they’re going to do when they say they’re going to do it, explain every step of what they’re doing and why, coach the people they interact with, and follow up every meeting with a sincere ‘thank you’, conveying their intrigue in what they’ve learned.

They’d be a lot more likely to engage the baseball-batted skinhead, earn his trust, discover that his aggression is a self-defence mechanism he’s spent his life perfecting in lieu of being able to read, and take him back in the pub for a pint of mild and walkthrough of Peter and Jane, eventually becoming godparent to his child.

That’s because the campaigner understands that whether it’s the procurement of a new client invoicing system, or the purchase of the latest iPhone, the psychology is the same – it’s about how you make people feel. So sometimes it’s worth losing the odd battle, if the alternative is a pyrrhic victory. And it’s not so much about what you present, as how you present it.

They know that people have short attention spans – and people under pressure even shorter.

Many organisations are unfathomably complicated bundles of organic evolution, which need to show quarterly growth. The Type B understands the reality that facts are a limited weapon when it comes to getting your point across – and that what you really need to give people is confidence.

Campaigners think long term – they embrace difficulties as efficient opportunities for learning about company culture.

But the truth is, a world-class BA needs to be a blend of ‘Type A’ and ‘Type B’. Type A to work with your solution designers, Type B to engage your stakeholders.

But to quote a former employee who was very good at both, you need to learn how to “BA by stealth”.

Once I’ve mastered it, I’ll let you know!

GDPR: ‘Data Protection 2 – This Time It’s Personal’

It’s a tough gig. And the fact that the European Union Data Protection Regulation (to give it its full name), or EUGDPR (to give it its catchy short-name) is so obviously untarnished by the handiwork of marketeers, does not help.

So as Lead BA on my company’s GDPR readiness programme for the last 6 months, I’ve had the unenviable privilege of trying to make EU data protection legislation interesting and engaging to salespeople, warehouse operatives, computer programmers and accountants, so that they will tell me what personal data they hold, where it comes from, what it’s used for, who can access it, and where it’s kept.

This project is not generating a great deal of envy from my BA colleagues, I can tell you.

But tempted though I was to palm this off onto one of my new recruits, I thought I’d Do The Right Thing and Take One for the Team. So I set about reading the legislation and putting a briefing pack together to start engaging the business though a series of presentations.

Still finding my feet at this point, and conscious of the potential for frosty receptions and tumbleweed moments, the presentations have generally started with a sardonic introduction, along the lines of:

“I’m sure you were as enthralled to get an invite to an EUGDPR briefing as I was to be asked to put together 57 slides to explain it to you. I’m only joking of course – there are only 38 slides. But it’s probably fair to say that the content is a little on the dry side. Which, of course, it precisely how we need to keep it. Because when this sort of thing gets interesting, this is what it looks like. (Cue a slide of horror headlines of companies being hit with massive fines). We don’t want that, so our job is to keep this as boring as possible – and here’s how we’re going to do it”

Although I have been asked to rephrase ‘the right to erasure’ as ‘the right to be forgotten’ because one particular director couldn’t get the image of Andy Bell and Vince Clarke from the popular 90s musical duo from his mind, or indeed the resulting smirk from his face, to be fair, this approach has worked reasonably well so far.

Then again, no-one in the audiences has really had to do anything besides receiving a briefing – yet. And it’s possible that a warmer-than-expected reception was principally due to the fact that the further through it I was, the closer the end of it was getting.

When I put the slide-deck together, I hadn’t actually realised that the right to erasure and the right to be forgotten aren’t actually the same thing – but that’s by no means the most significant penny to have dropped when I recently took a course to qualify as a Data Protection Officer.

The truth is, concentrating on the fines is coming at the topic from the wrong angle – and misses the point of GDPR completely. The secret is this: it’s not about you as a professional and your role in the company – it’s about you as a person.

Because as a professional, it’s EU legislation, compliance, and an unappetising pile of non-value-adding administrative activity that everybody needs to take care of in order to avoid massive fines. There’s not a great deal for our marketeers to work with there – and even Simon Sinek might have trouble picking the bones out of that one.

But as a person, it’s about privacy. Your privacy. How comfortable you feel that the answers to the security questions that grant access to your accounts, your medical records, photos of your newborn child, the details of where you spend your money (and what on), who you associate with, your success in relationships, and where you go at any given second on any given day might be sat in a dataset of connected items in a US (or Russian…or North Korean) server farm. You, whether that’s as a customer, an employee or a contractor.

How happy are you at the prospect of an immensely powerful supercomputer consuming this information and making calculations that configure your life chances and serve them back up to you in the form of – say – a mortgage decision or a job offer?

The concept of private personal information is (obviously) not a recent phenomenon. Even our medieval forebears had qualms about the village medic being indiscreet with the finer details of their digestive difficulties – and that’s where the first privacy policies emerged in the form of professional codes of conduct. The invention of the Kodak camera created new privacy concerns as people started to see their images being published without editorial consent, and more recently the ubiquity of the camera-phone (and social media to publish it’s outputs on) has amplified this effect to the extent that many teenage students daren’t even drink alcohol for fear of uncompromising images being permanently etched into eternity on the Internet. Daren’t. Even. Drink. Alcohol. Can you imagine?!

But to a greater or lesser extent, we’re still in thrall to our smartphones – and use them to post unflattering pictures from the Christmas party when we’re a little the worse for wear, reactionary comments about current affairs on social media when the red mist descends, and make spontaneous online purchases on a Saturday night after a couple of glasses of wine. We love the convenience of being able to say “Hey Siri”, yet don’t often think about how our ‘black mirrors’ are able to establish that we said it. (Clue: they’re listening to us).

We’re delighted when the customer service agent knows our name without us having to rifle through shoeboxes full of bills to fish out our customer number, when our smartphone tells us we’re about 38 minutes away from the office under current traffic conditions, and when our newsfeed displays discounts on products we were literally only just talking about, just the other day.

Yet our inboxes are full of unsolicited marketing emails and our call histories full of unsolicited accident claims calls. When 96.8% of all the emails in your inbox are marketing emails, it begs an existential question – does it even qualify as a personal email account or has it now been repurposed entirely as a repository of tailored ads?

And now, more than ever before, our entire identities vulnerable to theft in ways we can barely even imagine.

If you’re a fraudster, a card number from an online purchase combined with a date of birth and a pet’s name from Facebook, and an address and postcode from the Post Office Address File, and you’d have a pretty good chance of hacking someone’s bank account.

But it’s not just the risk of nefarious activity we need to be wary of.

Big Data runs an eye-watering proportion of your life, largely invisibly, and certainly outside of any recognised structure of accountability. There are categories of personal data around today that simply didn’t exist when the the Data Protection Act came into effect (in 1998).

And there are even academics who believe that if this is left unchecked, we could be inadvertently accelerating towards a system of algorithmic governance that has the potential to make the law, government and democracy obsolete, and with it any human rights we currently enjoy, such as paid holidays. Scary stuff.

GDPR is about redressing the balance – about putting control of your private personal data back into your hands. It’s about rolling back the increasingly technocratic system of ‘managed outcomes’ concerned only with predicting and mitigating risk to financial institutions; and backfilling it with democracy – power to the people in the truest sense of the phrase.

It’s sobering to think that after 40 years of bingeing on increasingly detailed and available forms of personal data, corporations often know us better than we know ourselves.

But GDPR means they will now need to go on a strict data diet, or suffer stiff financial penalties. Do they really need that extra helping of postcodes? That side-order of dates of birth? That starter-portion of GPS coordinates? Or recordings of your private conversations for dessert?

From May, if they do, they’ll have to prove it, tell you what they have, give you access to it, and articulate exactly what they use it for alongside their legal basis for doing so. And for most of this, they’ll need your freely-given consent to continue.

That is, if you ask them about it.

The idea is that by enabling people to exercise their rights to privacy under the Universal Declaration of Human Rights, they will – and it will create an administrative burden for organisations which in turn will encourage them to slim down what they capture until it’s the minimum they actually need – and nothing else.

If organisations start receiving large numbers of Subject Access Requests under the right to privacy, the right to be informed, the right to object, the right not to be subjected to automated decision-making, and the right to erasure, capturing ever-more intimate forms of personal data will cease to be worth the effort, the risk or the cost.

Instead, they will need to anonymise, or ‘pseudonymise’ your data so that it is not possible – or very difficult – for someone to identify you from it.

And therein lies a wealth of opportunity for the business analyst, because it means organisations will have to become very deliberate about how they deliver change.

One of my BA bugbears is use of the phrase “requirements gathering”, which suggests that business requirements are strewn on the grass like conkers in autumn, and all a BA has to do is nip out and gather them in a wicker basket. I much prefer the term ‘requirements elicitation’, because that, to me, is much more reflective of the process of engaging stakeholders, understanding their business drivers and how their ways of working need to change to address them, challenging their perceptions and ’eliciting’ what they actually need, rather than simply writing down what they ask for.

This is business analysis in the literal sense of the phrase, and a BA often has to carve out the opportunity to do this on a project , usually in the face of resistance from impatient stakeholders who see BA techniques as unnecessary bureaucracy.

But GDPR means companies will have to map their data flows, which means mapping the business processes that acquire, process and output personal data. They will have to assess each processing activity for its legal basis, and design processes for fulfilling the right to be informed, the right to access, the right to object, the right to erasure and the biggie – the right not to be subjected to automated decisions making – all within the new stricter timescales.

Yet as every BA knows, if they commit to doing this properly, there are many business benefits associated with going through this process.

Firstly, eliciting business requirements by understanding the detail of business processes is the only reliable way of ensuring the completeness, consistency, accuracy and relevance of the resulting requirements. Better quality requirements mean better quality solutions.

Furthermore it will create the collateral to enable the business to achieve potentially dramatic improvements in efficiency through business process standardisation. If we think of business processes as simply a way of ‘drawing work’, for managers in the business, it means being able to work ‘on’ their business areas rather than ‘in’ them. That will enable better strategic management for the long-term health of the organisation.

It will also improve organisational decision-making through the governance structures that will be needed to ensure GDPR compliance, and will mean that no project-management shortcuts can be taken without also involving huge risk – a risk you can now put a reliable number on.

Any company wishing to compete on the basis of the enhanced customer experiences they provide will need to demonstrate, first and foremost, that they can be trusted with the personal data needed to enable them. And that will require a level of coherence between their communication channels that will require systems thinking to achieve.

So as we enter into the new year, taken as an opportunity rather than purely as the mitigation of a threat, GDPR can be a catalyst for a monumental spring clean of business activity. In many ways, it’s forcing companies to mature to the point of being responsible with what they know about us – and crucially, being able to demonstrate that.

And it’s not just the May 25th deadline they need to worry about – that’s just the beginning. As the ICO starts to exercise its ability to impose hefty fines  – 40 times what they were under the Data Protection Act – its resources will grow, and the imperative for organisations to demonstrate the coherence of their business models will grow accordingly.

That’s a massive incentive for companies to build robust scaffolding under their commercial growth, and operate is a more controlled and deliberate manner. And that in turn represents an awful lot of demand for the BA skill-set, which should keep us in analysis work for some time to come.