Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
VITINAR © 2019 VITINAR | All Other Rights Reserved
Mastering
Business Analysis
Versatility
Adjust Based on Risks
Presented by Eugenia C. Schmidt PMP CBAP PMI-PBA
IIBA Southeast Wisconsin ChapterSeptember 24, 2019
1
VITINAR © 2019 VITINAR | All Other Rights Reserved
JOURNEY TO
BUSINESS ANALYSIS VERSATILITY
7) Build Up the Tool
Chest
6) Bridge the
Capability Gap
5) Always Focus on
Value
4) Adjust Based on
Risks
3) Consider Uniqueness
2) Adapt to the Life-
Cycle Approach
1) Move to Enterprise Mindset
Presentation, figures and tables are based on the book“Mastering Business Analysis Versatility”
https://www.jrosspub.com/business/mastering-business-analysis-versatility.html
2
VITINAR © 2019 VITINAR | All Other Rights Reserved
Presentation Abstract
Adjust Based on Risks identifies different risk classifications that may require the business analyst to modify either the business analysis approach or the overall project approach. Various responses to the risks are recommended depending on the approach.
3
VITINAR © 2019 VITINAR | All Other Rights Reserved
Presentation Key Topics
Adjust Based
on Risks
Risk Key Concepts
Risks & Business Analysis
Risk & Life-Cycle
Approaches
Potential Risks by Initiative
Type
Other Risks (People, Business, Culture)
Not necessarily in this order
4
VITINAR © 2019 VITINAR | All Other Rights Reserved
Risk Defined
• Risks are uncertain events with a possibility of occurring
• Changes may be made to decrease the likelihood or potential impact
• All initiatives have inherent risks regardless of approach
Level of Risk & Complexity
Nee
d fo
r M
ore
Con
tro
l
Adaptive
Hybrid
Predictive
5
VITINAR © 2019 VITINAR | All Other Rights Reserved
Risk and Life-Cycle Approaches
Life
-cyc
le t
imes
ref
lect
ed a
s m
on
ths
6
VITINAR © 2019 VITINAR | All Other Rights Reserved
Predictive Life-Cycle Risk Management
• Addressed formally
• Big picture perspective over longer life cycle
• Business analysis risks integrated into project management plans
• Detailed planning allows for integrating responses into the approach
• Progressive elaboration may uncover more risks
7
VITINAR © 2019 VITINAR | All Other Rights Reserved
Hybrid Life-Cycle Risk Management
• Formally addressed like predictive, but has a fail fast philosophy like adaptive
• Introduces prototypes and releases for fail fast approach
• The use case is the recommended technique for requirements and risks are associated with each use case
8
VITINAR © 2019 VITINAR | All Other Rights Reserved
Adaptive Life-Cycle Risk Management
• Fail fast philosophy helps to address risks early and frequently through the iterations
• Product backlog grooming can uncover high risk requirements moving them up the backlog
• Team members must remember to communicate risks during daily stand-ups and conversations because of lack of formality
9
VITINAR © 2019 VITINAR | All Other Rights Reserved
Risk Management Process: BA Perspective
• Regardless of approach, a risk management process (formal or informal) is a necessity
• Collaboration with team members, stakeholders and project managers ensure appropriate balance of controls, responses and monitoring
5) Communi
cate
1) Identify
2) Analyze
3) Respond
4) Control
10
VITINAR © 2019 VITINAR | All Other Rights Reserved
Risk Management Process: Step 1
• Tap into experience and history, similar situations
• Discuss stakeholder concerns during elicitation
• Consider general people and business risks
• Consider different risk types
• Review requirements for impacts
• Evaluate requirement attributes
• Initiative types
• Leverage the BACCM™
11
VITINAR © 2019 VITINAR | All Other Rights Reserved
People Risks and Business Risks
• Gaps in competencies and capabilities
• Lack of domain knowledge
• Stakeholder resistance
• Lack of decision makers
• Unavailability key stakeholders
• Changing Business Environment
12
VITINAR © 2019 VITINAR | All Other Rights Reserved
Risk Types
There are various types or classifications of risk the business analyst must address that affects the ability to successfully:
• Perform business analysis work
• Manage product scope
• Address requirement alignment expectations
• Implement each requirement
• Implement a set of requirements
• Address the uniqueness of initiatives
• Address the uniqueness of industries
13
VITINAR © 2019 VITINAR | All Other Rights Reserved
Risk Types: Performing BA Work
Performing BA WorkRisks
Approach with Highest Risk
Reason for Occurrence
Lack of domain expertise Predictive, in-house build Learning time, access to domain information
Key stakeholder unavailability Hybrid, in-house build Schedule conflicts, priority conflicts
Stakeholder turnover Predictive, Enterprise-wide Organizational instability
Inability to get to solution agreement Predictive Different political agendas
Not getting what you need Predictive Too busy, doesn’t have information, not right person
Requirements continue to be too large
Adaptive Lack of backlog grooming and sizing discussions in sprint planning sessions
Can we successfully perform our BA work?
14
VITINAR © 2019 VITINAR | All Other Rights Reserved
Example Adjustments for
Performing BA Work Risks
• Move to a different, more iterative or less iterative, approach
• Collaborate with experts
• Add additional tasks to project plan
• Add more formal controls or documents (e.g., a change control process)
• Include different or additional techniques
15
VITINAR © 2019 VITINAR | All Other Rights Reserved
Risk Types: Managing Product Scope
Managing Product ScopeRisks
Approach with Highest Risk
Reason for Occurrence
Hidden scope expansion Predictive Lack of scope visibility, communication and validation
Constantly changing requirements Predictive External policies or regulations, unknown requirements
Misalignment with strategy or architecture
Adaptive Lack of access to information, lack of communication, lack of responsibility
Gaps in requirements Predictive Impacted stakeholders not identified, lack of allocated time for elicitation
Vendor misinterpreting requirements Hybrid – vendor package Lack of domain knowledge, requirements ambiguous
Gold plating- adding functionality not requested
Adaptive Team member passion, learn something new
Can we successfully manage product scope?
16
VITINAR © 2019 VITINAR | All Other Rights Reserved
Example Adjustments for
Managing Product Scope Risks
• More visibility of scope through modeling techniques
• More communication of scope boundaries and context throughout approach
• Determining root causes of changes
• Including more prioritization and allocation to releases
• Always include an alignment approach
• Use a variety of elicitation techniques with cross verification
17
VITINAR © 2019 VITINAR | All Other Rights Reserved
Risk Types: Requirement Alignment
Evaluate risks that may impact:
• Business Requirements – affecting the attainment of benefits or business value
• Stakeholder Requirements – affecting the stakeholder’s ability to use the solution
• Solution Requirements – affecting the system’s functionality, agreed upon quality attributes or transition
• Business Rules - Both behavioral and definitional business rules affecting the quality of processes, policies, regulations, and the integrity of information.
18
VITINAR © 2019 VITINAR | All Other Rights Reserved
Risk Types: Evaluate Each Requirement
Consider trade-offs and tolerances for specific requirement risks based on:
• Cost, Schedule, Scope and Resources
• Legal
• Environmental
• Technology
• Benefit or Value
• Dependencies
Can we successfully implement EACH requirement?
19
VITINAR © 2019 VITINAR | All Other Rights Reserved
Risk Types: Evaluate the Set of Requirements
Look at requirement attributes, have you captured the needed information to assess risks?
Can we successfully implement ALL requirements?
Business Impact or Complexity What if high percentage of requirements is HIGH impact, or HIGH complexity?
Schedule Constraint Can schedule constraints impact other requirements?
Priority What if high percentage of requirements is considered strategic?
Volatility What if a high percentage of requirements are likely to change?
Others – Cost, Size or Time Tolerances Would you change your business analysis approach or collaborate with the PM to change the project approach?
20
VITINAR © 2019 VITINAR | All Other Rights Reserved
Risk Types: Addressing Uniqueness of
Initiatives
• Vendor Packages
• Process or Data-driven
• User-focused
• Enterprise-wide
• Technology-driven
Can we successfully implement THIS type of an initiative?
21
VITINAR © 2019 VITINAR | All Other Rights Reserved
Risk Types: Vendor Packages Initiatives
• Missing Requirements
• Evaluating unproven vendor packages
• Not addressing the non-functional requirements
22
VITINAR © 2019 VITINAR | All Other Rights Reserved
Nonfunctional Risks:
Quality Attribute Checklist
Classification Attribute Classification Attribute Classification Attribute
Operational Data Integrity Deployment Auditability Development Customizability
Performance Availability Efficiency
Reliability Data Retention Escrow
Robustness Flexibility (a.k.a. Code Protection)
(a.k.a. Fault Tolerance) Interoperability Maintainability
Security (a.k.a. Compatibility) Reusability
Usability Portability Testability
(+ Accessibility) Recoverability
(+ Disaster Recovery)
Scalability
Safety Factor
23
VITINAR © 2019 VITINAR | All Other Rights Reserved
Risk Types: Process-Driven Initiatives
• Silo Thinking
• Change Management
• Process Failures
(Impact to behavioral business rules)
• Transition Failures
(Transitional requirements address possible failure points)
24
VITINAR © 2019 VITINAR | All Other Rights Reserved
Risk Types: Data-Driven Initiatives
• Data Integrity
(Impact to definitional business rules)
– Lack of Data Definitions
– Duplication
– Data Decay
– No Standards
– Altered Data or Not Used as Intended
• Protecting Privacy
25
VITINAR © 2019 VITINAR | All Other Rights Reserved
Risk Types: User-Focused Initiatives
• User-focused Methods
• User Behavior Variations
• User Skill Set Variation
26
VITINAR © 2019 VITINAR | All Other Rights Reserved
Risk Types: Enterprise-Wide Initiatives
• Miscommunication of Requirements
• Getting to an Agreement
• Lack of an Enterprise Architecture
27
VITINAR © 2019 VITINAR | All Other Rights Reserved
Risk Types: Technology-Driven Initiatives
• Review Quality Attributes
• Hitting Capacity
• Data Loss
• Security Vulnerabilities
28
VITINAR © 2019 VITINAR | All Other Rights Reserved
Risk Types: Industry Uniqueness
• Government: policy and regulatory risks
• Non-profits: risk associated with funding, resource turnover and lack of formal structures
• Manufacturing: risks with enterprise-wide vendor packages and impacts to quality
• Services: security and privacy risks
29
VITINAR © 2019 VITINAR | All Other Rights Reserved
The Risk Management Process: Step 2
• Assess probability – the
likelihood the risk will occur
• Determine impacts and tradeoffs
based on type of risk
• Quantify and score to help
prioritize- which do we focus on
and respond to?
30
VITINAR © 2019 VITINAR | All Other Rights Reserved
Analyze Risks
Which risks should you respond to?
• Determine Risk Score
1) Analyze Probability
2) Analyze Impact
3) Probability X Impact = Risk Score
4 4 8 12 16
3 3 6 9 12
2 2 4 6 8
1 1 2 3 4
0 1 2 3 4
Pro
bab
ility
Impact
Higher risk scores will require actions
Lower risk scores will likely be accepted
31
VITINAR © 2019 VITINAR | All Other Rights Reserved
Risk Management Process: Step 3
• Review results of analysis
• Assign ownership and responsibilities
• Plan responses to highly ranked risks
• Determine specific actions to implement the
chosen response
• Allocate budget and time for responses
• Develop contingency and fallback plans
32
VITINAR © 2019 VITINAR | All Other Rights Reserved
Risk Responses
• Eliminate causeAvoid
• Shift to 3rd partyTransfer
• Split ownershipShare
• Reduce probability Mitigate
• Live with itAccept
• Reduce impactProvide Contingency or Reserve
33
VITINAR © 2019 VITINAR | All Other Rights Reserved
Some Typical Business Analysis
Mitigation Actions
• Use a different technique (e.g. changing from interviews to a workshop)
• Add “fail fast” techniques (e.g. adding a prototype or proof-of-concept)
• Change approach (e.g. less or more iterative)
• More controls (e.g. add more traceability or formal procedures)
• More robust prioritization criteria and procedures
• Bring in experts
34
VITINAR © 2019 VITINAR | All Other Rights Reserved
Risk Management Process: Step 4 & 5
• Did the response do what was expected?
• Every team member is responsible
for communicating risks
• Make risks transparent
• If potential severity is high, push for action
35
VITINAR © 2019 VITINAR | All Other Rights Reserved
Risk Management Plan
Some risks identified by the BA are likely to be integrated into the overall project risks management plan owned by the PM, but the BA may be assigned to monitor them
Risk Management Plan – Option 1 1. (Column A) Identify the risk
2. (Column B&C&D&E) Assess the impact, quantify the weight of the impact, quantify the probability, calculate the severity
3. (Column F) Determine response options and list recommended actions - consider Avoid, Mitigate, Transfer, Accept or if a contingency may be needed
depending on impact
Risk (Column A)
Why it is a risk and what is the impact if realized? (Column B)
Impac
t (1
-5)
(Colu
mn C
)
Pro
bab
ility
(1-5
)
(Colu
mn D
)
Seve
rity
(pro
b X
Im
pac
t)
(Colu
mn E
)
Communication Action Or Additional Controls Needed
(Column F)
36
VITINAR © 2019 VITINAR | All Other Rights Reserved
Risk Culture
STRONG RISK CULTURE
• Acknowledging the risk
• Encouraging transparency
• Ensuring respect for the risk
• Building up the culture to effectively deal with the risk
• Finding consensus on the risk
• Sustaining vigilance
WEAK RISK CULTURE
• Promoting “groupthink”
• Normalization of deviance
• Confirmation bias
• Escalating commitment
37
VITINAR © 2019 VITINAR | All Other Rights Reserved
Summary
• Address risks that impact performance business analysis work, product scope and specific requirements
• Life-cycle approaches have various ways of dealing with risk
• Each type of initiative will inherently have their own associated risks
• Other risks may come from our external environment, people in the organization or business strategies
• Certain risk cultures can be detrimental to managing risk
38
VITINAR © 2019 VITINAR | All Other Rights Reserved
Additional References and Resources
• Schmidt, Eugenia C., (2019), Mastering Business Analysis Versatility: Seven Steps to Advanced Competencies and Capabilities, J Ross Publishing, Inc. Plantation Florida.
• Aked, Mark. (November 3, 2003). Risk Reduction with the RUP Phase Plan. IBM. https://www.ibm.com/developerworks/rational/library/1826.html
• Gottesdiener, Ellen. (2003). The Software Requirements Memory Jogger, pp. 329-334. Goal QPC.
• Kaplan, Robert S. and Anette Mikes. (June 2012). “Managing Risks: A New Framework.” Harvard Business Review Article. https://hbr.org/2012/06/managing-risks-a-new-framework
• Krivkovich, Alexis and Cindy Levy. (May 2015). “Managing the people side of risk.” Mckinsey & Company Article. https://www.mckinsey.com/business-functions/risk/our-insights/managing-the-people-side-of-risk
39
VITINAR © 2019 VITINAR | All Other Rights Reserved
BONUS
Example complexity and risk identification questions• Have team members done anything like this before (extent of experience)?
• Any of the solutions planned to be outsourced?
• Are there any political or other external influences impacting the requirement?
• How complex is the existing system process that the requirement impacts?
• How likely is the requirement to change during the solution development?
• Are there any dependencies with other solutions not yet implemented?
• How drastic will the requirement affect job procedures or user performance?
• Has this vendor solution been used with other customers?
• Are there legal ramifications if this requirement is not implemented?
• Has the integration of various technologies been done before?
• How well do the stakeholders understand the current process?
40
VITINAR © 2019 VITINAR | All Other Rights Reserved
About the Presenter
Presenter - Eugenia C. Schmidt, founder and managingpartner of VITINAR. Eugenia is a well-known expert,consultant, instructional course designer, and trainer inbusiness analysis, project and program management,project recovery, program/project office setup,information systems, and life-cycle methodologies. Ms.Schmidt worked in various management and technicalroles – such as project and program manager, businessprocess manager, risk manager, business analyst, systemsanalyst, and architect – for several firms, including AT&T,PwC, Lighthouse Consulting Partners, before forming herown business.
The presentation is based on Eugenia’s new book,Mastering Business Analysis Versatility: Seven Steps toDevelop Advanced Competencies and Capabilities.
41
[email protected]/in/eugeniacschmidt