Mastering Business Analysis Versatility · VITINAR © 2019 VITINAR | All Other Rights Reserved Mastering Business Analysis Versatility Adjust Based on Risks Presented by Eugenia C

VITINAR © 2019 VITINAR | All Other Rights Reserved

Mastering

Business Analysis

Versatility

Adjust Based on Risks

Presented by Eugenia C. Schmidt PMP CBAP PMI-PBA

IIBA Southeast Wisconsin ChapterSeptember 24, 2019

1


JOURNEY TO

BUSINESS ANALYSIS VERSATILITY

7) Build Up the Tool

Chest

6) Bridge the

Capability Gap

5) Always Focus on

Value

4) Adjust Based on

Risks

3) Consider Uniqueness

2) Adapt to the Life-

Cycle Approach

1) Move to Enterprise Mindset

Presentation, figures and tables are based on the book“Mastering Business Analysis Versatility”

https://www.jrosspub.com/business/mastering-business-analysis-versatility.html

2

https://www.jrosspub.com/business/mastering-business-analysis-versatility.html


Presentation Abstract

Adjust Based on Risks identifies different risk classifications that may require the business analyst to modify either the business analysis approach or the overall project approach. Various responses to the risks are recommended depending on the approach.

3


Presentation Key Topics

Adjust Based

on Risks

Risk Key Concepts

Risks & Business Analysis

Risk & Life-Cycle

Approaches

Potential Risks by Initiative

Type

Other Risks (People, Business, Culture)

Not necessarily in this order

4


Risk Defined

• Risks are uncertain events with a possibility of occurring

• Changes may be made to decrease the likelihood or potential impact

• All initiatives have inherent risks regardless of approach

Level of Risk & Complexity

Nee

d fo

r M

ore

Con

tro

l

Adaptive

Hybrid

Predictive

5


Risk and Life-Cycle Approaches

Life

-cyc

le t

imes

ref

lect

ed a

s m

on

ths

6


Predictive Life-Cycle Risk Management

• Addressed formally

• Big picture perspective over longer life cycle

• Business analysis risks integrated into project management plans

• Detailed planning allows for integrating responses into the approach

• Progressive elaboration may uncover more risks

7


Hybrid Life-Cycle Risk Management

• Formally addressed like predictive, but has a fail fast philosophy like adaptive

• Introduces prototypes and releases for fail fast approach

• The use case is the recommended technique for requirements and risks are associated with each use case

8


Adaptive Life-Cycle Risk Management

• Fail fast philosophy helps to address risks early and frequently through the iterations

• Product backlog grooming can uncover high risk requirements moving them up the backlog

• Team members must remember to communicate risks during daily stand-ups and conversations because of lack of formality

9


Risk Management Process: BA Perspective

• Regardless of approach, a risk management process (formal or informal) is a necessity

• Collaboration with team members, stakeholders and project managers ensure appropriate balance of controls, responses and monitoring

5) Communi

cate

1) Identify

2) Analyze

3) Respond

4) Control

10


Risk Management Process: Step 1

• Tap into experience and history, similar situations

• Discuss stakeholder concerns during elicitation

• Consider general people and business risks

• Consider different risk types

• Review requirements for impacts

• Evaluate requirement attributes

• Initiative types

• Leverage the BACCM™

11


People Risks and Business Risks

• Gaps in competencies and capabilities

• Lack of domain knowledge

• Stakeholder resistance

• Lack of decision makers

• Unavailability key stakeholders

• Changing Business Environment

12


Risk Types

There are various types or classifications of risk the business analyst must address that affects the ability to successfully:

• Perform business analysis work

• Manage product scope

• Address requirement alignment expectations

• Implement each requirement

• Implement a set of requirements

• Address the uniqueness of initiatives

• Address the uniqueness of industries

13


Risk Types: Performing BA Work

Performing BA WorkRisks

Approach with Highest Risk

Reason for Occurrence

Lack of domain expertise Predictive, in-house build Learning time, access to domain information

Key stakeholder unavailability Hybrid, in-house build Schedule conflicts, priority conflicts

Stakeholder turnover Predictive, Enterprise-wide Organizational instability

Inability to get to solution agreement Predictive Different political agendas

Not getting what you need Predictive Too busy, doesn’t have information, not right person

Requirements continue to be too large

Adaptive Lack of backlog grooming and sizing discussions in sprint planning sessions

Can we successfully perform our BA work?

14


Example Adjustments for

Performing BA Work Risks

• Move to a different, more iterative or less iterative, approach

• Collaborate with experts

• Add additional tasks to project plan

• Add more formal controls or documents (e.g., a change control process)

• Include different or additional techniques

15


Risk Types: Managing Product Scope

Managing Product ScopeRisks

Approach with Highest Risk

Reason for Occurrence

Hidden scope expansion Predictive Lack of scope visibility, communication and validation

Constantly changing requirements Predictive External policies or regulations, unknown requirements

Misalignment with strategy or architecture

Adaptive Lack of access to information, lack of communication, lack of responsibility

Gaps in requirements Predictive Impacted stakeholders not identified, lack of allocated time for elicitation

Vendor misinterpreting requirements Hybrid – vendor package Lack of domain knowledge, requirements ambiguous

Gold plating- adding functionality not requested

Adaptive Team member passion, learn something new

Can we successfully manage product scope?

16


Example Adjustments for

Managing Product Scope Risks

• More visibility of scope through modeling techniques

• More communication of scope boundaries and context throughout approach

• Determining root causes of changes

• Including more prioritization and allocation to releases

• Always include an alignment approach

• Use a variety of elicitation techniques with cross verification

17


Risk Types: Requirement Alignment

Evaluate risks that may impact:

• Business Requirements – affecting the attainment of benefits or business value

• Stakeholder Requirements – affecting the stakeholder’s ability to use the solution

• Solution Requirements – affecting the system’s functionality, agreed upon quality attributes or transition

• Business Rules - Both behavioral and definitional business rules affecting the quality of processes, policies, regulations, and the integrity of information.

18


Risk Types: Evaluate Each Requirement

Consider trade-offs and tolerances for specific requirement risks based on:

• Cost, Schedule, Scope and Resources

• Legal

• Environmental

• Technology

• Benefit or Value

• Dependencies

Can we successfully implement EACH requirement?

19


Risk Types: Evaluate the Set of Requirements

Look at requirement attributes, have you captured the needed information to assess risks?

Can we successfully implement ALL requirements?

Business Impact or Complexity What if high percentage of requirements is HIGH impact, or HIGH complexity?

Schedule Constraint Can schedule constraints impact other requirements?

Priority What if high percentage of requirements is considered strategic?

Volatility What if a high percentage of requirements are likely to change?

Others – Cost, Size or Time Tolerances Would you change your business analysis approach or collaborate with the PM to change the project approach?

20


Risk Types: Addressing Uniqueness of

Initiatives

• Vendor Packages

• Process or Data-driven

• User-focused

• Enterprise-wide

• Technology-driven

Can we successfully implement THIS type of an initiative?

21


Risk Types: Vendor Packages Initiatives

• Missing Requirements

• Evaluating unproven vendor packages

• Not addressing the non-functional requirements

22


Nonfunctional Risks:

Quality Attribute Checklist

Classification Attribute Classification Attribute Classification Attribute

Operational Data Integrity Deployment Auditability Development Customizability

Performance Availability Efficiency

Reliability Data Retention Escrow

Robustness Flexibility (a.k.a. Code Protection)

(a.k.a. Fault Tolerance) Interoperability Maintainability

Security (a.k.a. Compatibility) Reusability

Usability Portability Testability

(+ Accessibility) Recoverability

(+ Disaster Recovery)

Scalability

Safety Factor

23


Risk Types: Process-Driven Initiatives

• Silo Thinking

• Change Management

• Process Failures

(Impact to behavioral business rules)

• Transition Failures

(Transitional requirements address possible failure points)

24


Risk Types: Data-Driven Initiatives

• Data Integrity

(Impact to definitional business rules)

– Lack of Data Definitions

– Duplication

– Data Decay

– No Standards

– Altered Data or Not Used as Intended

• Protecting Privacy

25


Risk Types: User-Focused Initiatives

• User-focused Methods

• User Behavior Variations

• User Skill Set Variation

26


Risk Types: Enterprise-Wide Initiatives

• Miscommunication of Requirements

• Getting to an Agreement

• Lack of an Enterprise Architecture

27


Risk Types: Technology-Driven Initiatives

• Review Quality Attributes

• Hitting Capacity

• Data Loss

• Security Vulnerabilities

28


Risk Types: Industry Uniqueness

• Government: policy and regulatory risks

• Non-profits: risk associated with funding, resource turnover and lack of formal structures

• Manufacturing: risks with enterprise-wide vendor packages and impacts to quality

• Services: security and privacy risks

29


The Risk Management Process: Step 2

• Assess probability – the

likelihood the risk will occur

• Determine impacts and tradeoffs

based on type of risk

• Quantify and score to help

prioritize- which do we focus on

and respond to?

30


Analyze Risks

Which risks should you respond to?

• Determine Risk Score

1) Analyze Probability

2) Analyze Impact

3) Probability X Impact = Risk Score

4 4 8 12 16

3 3 6 9 12

2 2 4 6 8

1 1 2 3 4

0 1 2 3 4

Pro

bab

ility

Impact

Higher risk scores will require actions

Lower risk scores will likely be accepted

31


Risk Management Process: Step 3

• Review results of analysis

• Assign ownership and responsibilities

• Plan responses to highly ranked risks

• Determine specific actions to implement the

chosen response

• Allocate budget and time for responses

• Develop contingency and fallback plans

32


Risk Responses

• Eliminate causeAvoid

• Shift to 3rd partyTransfer

• Split ownershipShare

• Reduce probability Mitigate

• Live with itAccept

• Reduce impactProvide Contingency or Reserve

33


Some Typical Business Analysis

Mitigation Actions

• Use a different technique (e.g. changing from interviews to a workshop)

• Add “fail fast” techniques (e.g. adding a prototype or proof-of-concept)

• Change approach (e.g. less or more iterative)

• More controls (e.g. add more traceability or formal procedures)

• More robust prioritization criteria and procedures

• Bring in experts

34


Risk Management Process: Step 4 & 5

• Did the response do what was expected?

• Every team member is responsible

for communicating risks

• Make risks transparent

• If potential severity is high, push for action

35


Risk Management Plan

Some risks identified by the BA are likely to be integrated into the overall project risks management plan owned by the PM, but the BA may be assigned to monitor them

Risk Management Plan – Option 1 1. (Column A) Identify the risk

2. (Column B&C&D&E) Assess the impact, quantify the weight of the impact, quantify the probability, calculate the severity

3. (Column F) Determine response options and list recommended actions - consider Avoid, Mitigate, Transfer, Accept or if a contingency may be needed

depending on impact

Risk (Column A)

Why it is a risk and what is the impact if realized? (Column B)

Impac

t (1

-5)

(Colu

mn C

)

Pro

bab

ility

(1-5

)

(Colu

mn D

)

Seve

rity

(pro

b X

Im

pac

t)

(Colu

mn E

)

Communication Action Or Additional Controls Needed

(Column F)

36


Risk Culture

STRONG RISK CULTURE

• Acknowledging the risk

• Encouraging transparency

• Ensuring respect for the risk

• Building up the culture to effectively deal with the risk

• Finding consensus on the risk

• Sustaining vigilance

WEAK RISK CULTURE

• Promoting “groupthink”

• Normalization of deviance

• Confirmation bias

• Escalating commitment

37


Summary

• Address risks that impact performance business analysis work, product scope and specific requirements

• Life-cycle approaches have various ways of dealing with risk

• Each type of initiative will inherently have their own associated risks

• Other risks may come from our external environment, people in the organization or business strategies

• Certain risk cultures can be detrimental to managing risk

38


Additional References and Resources

• Schmidt, Eugenia C., (2019), Mastering Business Analysis Versatility: Seven Steps to Advanced Competencies and Capabilities, J Ross Publishing, Inc. Plantation Florida.

• Aked, Mark. (November 3, 2003). Risk Reduction with the RUP Phase Plan. IBM. https://www.ibm.com/developerworks/rational/library/1826.html

• Gottesdiener, Ellen. (2003). The Software Requirements Memory Jogger, pp. 329-334. Goal QPC.

• Kaplan, Robert S. and Anette Mikes. (June 2012). “Managing Risks: A New Framework.” Harvard Business Review Article. https://hbr.org/2012/06/managing-risks-a-new-framework

• Krivkovich, Alexis and Cindy Levy. (May 2015). “Managing the people side of risk.” Mckinsey & Company Article. https://www.mckinsey.com/business-functions/risk/our-insights/managing-the-people-side-of-risk

39

https://www.ibm.com/developerworks/rational/library/1826.html

https://hbr.org/2012/06/managing-risks-a-new-framework

https://www.mckinsey.com/business-functions/risk/our-insights/managing-the-people-side-of-risk


BONUS

Example complexity and risk identification questions• Have team members done anything like this before (extent of experience)?

• Any of the solutions planned to be outsourced?

• Are there any political or other external influences impacting the requirement?

• How complex is the existing system process that the requirement impacts?

• How likely is the requirement to change during the solution development?

• Are there any dependencies with other solutions not yet implemented?

• How drastic will the requirement affect job procedures or user performance?

• Has this vendor solution been used with other customers?

• Are there legal ramifications if this requirement is not implemented?

• Has the integration of various technologies been done before?

• How well do the stakeholders understand the current process?

40


About the Presenter

Presenter - Eugenia C. Schmidt, founder and managingpartner of VITINAR. Eugenia is a well-known expert,consultant, instructional course designer, and trainer inbusiness analysis, project and program management,project recovery, program/project office setup,information systems, and life-cycle methodologies. Ms.Schmidt worked in various management and technicalroles – such as project and program manager, businessprocess manager, risk manager, business analyst, systemsanalyst, and architect – for several firms, including AT&T,PwC, Lighthouse Consulting Partners, before forming herown business.

The presentation is based on Eugenia’s new book,Mastering Business Analysis Versatility: Seven Steps toDevelop Advanced Competencies and Capabilities.

41

[email protected]/in/eugeniacschmidt

mailto:[email protected]

http://www.linkedin.com/in/eugeniacschmidt

Documents

Mastering Business Analysis Versatility · VITINAR © 2019 VITINAR | All Other Rights Reserved Mastering Business Analysis Versatility Adjust Based on Risks Presented by Eugenia C