IT Governance Needs to Change to Gain a Competitive Advantage

Friday, May 7, 2010 by Aaron Whittenberger
Futurists have been fore-telling the look of the business enterprise and the IT Department for years.  The latest version from the Corporate Executive Board state that we are in for rapid, radical change.  It fore-tells that the IT Department in 5 years will bear little resemblance to the IT Department of today.  As business users become more tech savvy, the business units will absorb a lot of today’s IT functions.  Along with continued IT outsourcing, they predict that only 25% of today's IT professionals will still be in IT in 5 years.

The CTO blog does not forecast such a dismal future for the IT professional, but it also acknowledges the need for better alignment with business strategic goals and faster IT solutions delivery.

Whereas, I will not completely buy in to the idea that 75% of today’s IT professionals will not be working in IT in 5 years or that change will be so rapid or radical.  It is increasingly apparent that change in IT solution delivery is necessary, and that is where I suggest that business organizations start; in particular IT Governance. 

I hope to see today’s IT Governance Committee, which approve and prioritize IT business solutions projects, replaced with a Business Improvement Project Review Board who approve and prioritize all business improvement projects.  This new Governance Body will consider all business improvement projects; those with business solutions and those with IT solutions.  As I mentioned a few weeks ago this new board needs to better track all projects and continue to give its support to all projects at every stage of the project.  Once the cost of the project outweigh the benefits, or other external forces make continuance of the project unwise, the project can be stopped and decrease the expense to the organization.

Along with that we will see the idea of a Project Management Office (PMO) replaced with a Business Improvement Office (BIO).  The BIO will be staffed with people with business backgrounds and those with IT backgrounds; however, cross-training and best practices will require all members of the BIO to look for the best solution, considering both business and IT solutions, to meet the needs of the business.  The BIO will take over the project management, business analysis and quality assurance aspects of a project. 

Continued competitive pressures will force the BIO to change its practices in order to achieve faster solution delivery.  Some will embrace the Agile methodology; others will develop some hybrid methodology taking parts from both the Agile and Waterfall methodologies.  However they achieve it, continued pressures for competitive advantage will require continual improvement in the methodology to push for faster and faster delivery while not sacrificing quality.

Many references now forecast a change to IT Departments and IT staffing as we know it today.  It will be interesting to see the changes as they come about and see which forecast was most correct.

Death by A Thousand Cuts

Wednesday, May 5, 2010 by Matt Warman

My client has great code promotion rules. All code that changes gets system tested or it doesn’t get promoted. Code doesn’t change unless it has a bug tracking ticket. You say Matt, that’s great! Why is this a problem? The problem resides in the fact that everyone in IT is stretched to the limit, and deadlines are tight. Application development people are getting the code working with little refactoring, architects struggling to get the analysis piece out and little time for code review, and not enough testers. This situation makes it difficult for performance. As part of the performance team, I can review all of the code, and make some changes, but the problem is that if the code is not a part of the release, it will be impossible to get promoted due to time/resource constraints.
For example, a process was taking a long time to complete because of improper error handling, but the call is not necessary. The proper fix is to remove the call, but the fix going in only resolves the exception. Why? The low priority of the code, coupled with the testing constraints and lack of testers makes these changes common. Some application development people may say, "Well, the code is fixed". True the performance issue is resolved, but there is an unneeded call. If the attitude from application development people is "I would fix it, but it’s too much trouble to test", unneeded code can add up quickly. Extra code is in all projects, but if changes like this or, removing a variable passed to a method, or even changing code to remove unused variables don’t get fixed, the "extras" add up. Not one of these changes significantly affects performance, but all of them will. The solution is to work with management and your application development people to limit "extra" code. This can be done by reviewing and fixing code in your maintenance or enhancement project. Have a "refactoring time" built in to the project plan. The time put in up front will bring great dividends both in performance and future coding effort.

Making the Business Case for an Internal BABOK

Friday, April 30, 2010 by Aaron Whittenberger

As I move from client to client, IT shop to IT shop, the one think I notice is that most organizations do not have an internal BA Body of Knowledge.  There are several reasons that I can think of as to why organizations have not taken on the task of developing an internal BABOK:

    1. Companies are slow to embrace the idea and value of a BA Center of Excellence.
    2. Companies do not understand what an internal BABOK is and what should be in it.
    3. Companies have not realized the value of an internal BABOK.
    4. Not enough time, not enough resources.

So let’s take a look at these reasons.  First, creating a BA Center of Excellence would allow the organization to use their BA talent in a more strategic role within the organization.  It would allow them to move their BAs among the business units within the organization with a much less learning curve.  BAs leaving the organization don’t take valuable business knowledge out the door with them and just as important, new BAs have a much shorter ramp up time to become effective to the organization.  I believe once organizations realize the value that developing a BA Center of Excellence can have on the organization, they would all want one.

Secondly, there is reference material available that conceptually describes an internal BA Body of Knowledge, but you would have to dive deep into reading material to find it.  So, let me spell out for all to see what we are talking about when we say an organization should develop an internal BA Body of Knowledge.  This is a centralized, electronic copy of documents that define anything within the business.  This is a wealth of knowledge that all your BAs can draw from to better perform their duties.  This would allow a BA to learn a new area of the business quickly that they have not worked in before as they are assigned new tasks.  This BABOK would define the business organization, the business units with it and the interrelationships between those business units.  What did that sound like to you?  If you said an Enterprise Architecture, you are absolutely correct.  The first thing to include in your internal BABOK is the organization Enterprise Architecture, including all five parts of the architecture.  Also include the BA Career Ladder, BA Competence Model, BA Job Descriptions, new BA training material, BA departure review and BA reference material pertinent to the organization.

Thirdly, now that you understand what wealth of knowledge is included in an internal BABOK, I think you can realize the value of it without me saying a word.  Most organizations do not have an Enterprise Architecture, let alone an internal BABOK.  Those organizations that somewhat have one; usually have it dispersed all over the company network, which makes finding material very difficult.  Centralized, easy to access, electronic, included in the company’s backup and restore process adds tremendous value to the organization.

Lastly, this is always the reason that many good ideas do not take form.  Realize, that if you had an internal BABOK that your BAs used on a daily basis that research tasks take a lot less time.  This can decrease project schedules, freeing up more than just BA resource time.

That all sounds nice, but what does it mean to the organization?  Well, there are many benefits to having an Enterprise Architecture and internal electronic BABOK to the organization:

  1. Project portfolio in greater alignment with business strategic goals and initiatives
  2. Realization of BA talent in a more strategic role
  3. New BAs become more effective to the organization faster
  4. Ensure enterprise knowledge stays within the organization when BAs leave the organization
  5. Starting point for Enterprise Capability Gap Analysis
  6. Reference material for new product feasibility studies
  7. Reference material for competitive edge analysis
  8. Required material for new enterprise software impact analysis

There are many benefits to the BA practice within the organization:

  1. Reference material easily available without exhaustive searching
  2. Understand BA Competencies important to the organization
  3. Understand BA Competencies needed to achieve the next level on the BA Career Ladder
  4. Move within the business units of the organization with greater ease and knowledge
  5. Needed reference material for Enterprise Analysis activities

Now can your organization survive in these economic times without an internal BABOK?

 

Got Tools? Use Them!

Friday, April 30, 2010 by Matt Warman

I have a new client in Cincinnati. New clients are always interesting because you never know what issues and opportunities you will find. My client seems to have their act together. My application development friends will appreciate their setup; Maven 2 projects with built-in JUnit tests, a code coverage dashboard that show code complexity, code coverage, and Find Bugs reports. Things seem great, them why do they need a performance engineer?

The reason is common; who defines the duties of ITsets the rules. IT and the business need to be aligned to work on the common goals and increase productivity. If IT is too dominant, there is too much focus on technology and the business doesn’t get the tools they need to be productive. If the business unit is dominant, only projects that have a tangible return get done. In this case the business is more dominant, so projects like refactoring code, or cleaning up errors found by software like Find Bugs has a much lower priority. They do happen only if performance is an issue to the business. The performance team is set up like a clean up crew that comes in after the fact, to make things work better. There are coding style forms and best practices, but is up to the each developer to follow them. Since the focus is getting the project done on time, the developers are concerned on getting code that works,not what works best. The performance team is used to fix the worst performance offenders.To be fair, I have been at clients where IT treats the business units as a nuisance. The best tools are there, but little support for the business.
What’s the solution? IT needs select a technology that best suits the solving of business problems. The business should prioritize their issues, but work with IT to plan for fix releases. IT must utilize the tools that they have and encourage the usage of them. If you have the tools, use them!

Getting Some REST

Monday, April 19, 2010 by Matt Warman

After playing with JPA, I realized that I really don't want to directly hit the database from the client, because that would mean opening up the database port to potential attackers. JPA is really great, but either you hit the database locally, you hit the database directly from a remote location, or you access the database through a connection pool. JNDI is the best way to access a server resource, but it needs to be in a server container. I could not find a way to call JPA using a JNDI context from the client. All database servers have some mechanism to accept multiple connections. But besides the obvious security issue, I already have an application server and connection pool. I should let the connection pool do the work, and figure out plan B.

I reviewed all of my options. I am lucky because I can use the latest and greatest since this is all new. I am using Java 1.6, so I can use EE5 or EE6. Most application development people know that EJB has had a history of being complex, and at times, unwieldy. I could call JPA via servlet, but I was concerned about performance. I decided to use RESTful web services to push data to my JavaFX application. Using REST in JavaFX is quite easy, because the 1.2 specification has a HTTP request object. That means I can write all of my access and utility objects in JavaFX, instead of accessing a class library externally. The big drawback I have thus far is that all of the related objects are another link, and another call to a REST resource. For example, if you look up a specific Customer Record using REST, you will get the details in XML or JSON. To get the collection of Orders related to the Customer, the XML returns a link. You must make another call to get another XML/JSON to parse the related information. The parsing process would not be to big of a deal, except that everything is done asynchronously. I have a Table A object where one of the fields would be a collection of Table B objects. The Table B object contains a collection of Table C objects. In JPA, all of the related collection objects are there and ready for me. Since REST is asynchronous, It makes it very difficult to set up a Table A row object, because Table B is a separate call which will start and finish without Table A's call knowing anything about it. For my database application development people, the key is to de-normalize your relationships. Since this is a big departure to my original schema, I decided to create a whole new database in case I wanted to go back to JPA. After some trial and error, I have a way to asynchronously access and display REST resources in a JavaFX application. I now have to work on writing that data.


IT Skills in Demand for 2010

Wednesday, April 7, 2010 by Aaron Whittenberger
The Job Search website Dice.com recently released the top 20 IT Skills in demand in Today’s Market.  They also show the percentage increase in demand for that skill over March of 2009.  The list consists of:

1.  Informatica (database) 71%
2.  Virtualization 70%
3.  ETL (Extract, Transform and Load) 57%
4.  Python (web programming) 57%
5.  Service-Oriented Architecture (SOA) 55%
6.  Sybase (database) 52%
7.  WebLogic (application server) 50%
8.  SOAP (web programming) 48%
9.  Data Warehouse 47%
10.  SharePoint 41%
11.  MySQL (database) 40%
12.  E-commerce 39%
13.  JavaScript (web programming) 36%
14.  VMWare (virtualization) 36%
15.  CSS (web design) 36%
16.  Business Analysis 35%
17.  ITIL 34%
18.  Ajax 34%
19.  Perl (web programming) 33%
20.  Business Intelligence 33%

As you can see from the list Database, Virtualization and Web programming are still IT staffing skills very much in demand, as they have been these past few years.  The one IT staffing skill that I noticed that no longer makes the list is IT Infrastructure (Network Administrators, Network Engineer).

Building the Business Case for New Tools

Friday, March 26, 2010 by Aaron Whittenberger
A couple of weeks ago I wrote about the need to develop a Business Case document.  Soon thereafter I find this one-page Business Case document.  The first question that comes to mind is “how can you put all that needs to be in the Business Case document in one page?”  Believe it or not, they did it.  Of course, a lot of things were abbreviated.  You have to question the usefulness of such a document.

Of course, a one-page document is not what we experience in our IT Business Solutions projects today.  Instead, we have what Chris Gurney wrote for BA Times as the “Big Freakin’ Requirements Document”.  Chris outlines the various reasons that our requirements document has to be so freakin’ long:
  • To Communicate to all audiences
  • To Validate that Needs are Met
  • To Ensure Everything’s within in Scope
  • To Manage Changes to Requirements
  • To Meet Regulatory and Corporate Obligations
  • To Define Requirements Collaboratively

It has become common place in over the years to try to accommodate everyone with one document.  So language is included for executive staff.  Then we translate the requirements to a more detailed level for developers and testers.  We turn on “Track Changes” feature to retain the history of changes to the document; which then leads to descendent versions of the document.

What Chris is trying to point out in the article is that a Word document is no longer sufficient for collaborative development of requirements for our IT business solutions projects.  What you can expect to see is many vendors rush to provide software solutions to these shortcomingtools of the trades.  Currently, there are some solutions out there to address these issues.  I will not promote any current software solutions here, but you can expect to see more solutions from new vendors in this area.  You will also see great improvements in features in the solutions that are already on the market.  When business organizations migrate in groves to these solutions and away from Microsoft Word as the standard for “document” development then you will see this market grow rapidly.  Large organizations with large IT staffs and geographically dispersed enterprise application development teams should be first to make the move.  I think you will see Business Analysts within those organizations leading the charge, but with all “organizational shift” changes, convincing those that hold the purse strings of the value and need for new tools will be their greatest challenge.

The Rat Race?

Thursday, March 25, 2010 by Mark Murphy
I have an advantage over many coworkers, both male and female.  The cube walls in my workplace reach about an inch above my shoulders.  I don't think this is unusual as they are standard corporate cubicles.  I can see over the walls of the maze, unlike the rest of the rats that are running around in the trenches.  Sometimes I can see one pop it's head up over the wall to get it's bearings, but for the most part they follow familiar paths through the maze unable to see if it is the most efficient path to their destination.

Do you ever feel like you are running blind, following familiar paths, or following the crowd when making IT decisions?  There is a whole maze of options: open source, PHP, Java, .NET, Unix, Linux, Windows, IBM, Microsoft, ...  If you are in the Cincinnati, Ohio tri-state area, and want a boost over the wall, or want to talk to someone who can see over the walls of Information Technology, give Star Base a call.

Homeshoring, the new trend in IT Outsourcing!

Tuesday, March 16, 2010 by Aaron Whittenberger
According to an InfoWorld article this month, the U.S. IT market has added 25,000 jobs in the first two months of 2010.  This is the largest month-to-month gain in IT staffing jobs in the U.S. since 2008 according to U.S. Labor Department statistics.

A contributing factor to that increase may be a new trend in the IT Outsourcing called “Homeshoring” or “Onshoring”.  This is an alternative to offshoring your IT outsourcing by placing it in low-cost, non-urban U.S. areas.  Monty Hamilton, CEO of Rural Sourcing Inc., recently spoke at the 2010 Outsourcing World Summit, where the idea of homeshoring was well received.

As salaries in India increase because of past American offshoring IT strategies, rural America becomes more competitive.  This along with the other benefits, such as culture and the favorable time zone, may spark an increase in the coming years to homeshoring. 

Mr. Hamilton notes that Small to Mid-sized Businesses (SMB) are first to realize the benefits of homeshoring.  He also makes note that a few jobs may still be lower cost as offshore, such as moving stack A to stack B.  However, when it comes to IT staffing, enterprise application development and IT strategy consulting, homeshoring is the growing trend.

Building the Business Case for the Business Case

Thursday, March 11, 2010 by Aaron Whittenberger
In a BATimes article John Moore visits the need and proper use of a Business Case document to increase the success of IT business solution projects.  He demonstrates a failed project due to a competitor who released a competitive product in the market before our organization’s project completed.  The business manager showing the project failed because it did not deliver the projected ROI.  The IT project team noted that they delivered the project on-schedule, on-time and on-budget.  Was that risk that a competitor could beat us to the marketplace identified at project initiation or during the life of the project?  Were the proper stakeholders identified and included in the project communication plan?

John makes note how the Business Case document should be revisited several times during the project life cycle.  Doing so may have caught the changing environment and allowed the organization to mitigate the risk from the competitor.

John makes very valid points that I believe show an improper IT solution Project Delivery System.  Laura Brandenburg notes in her blog that the Business Case document is often created under another name, or as I have noticed in many organizations the Business Case document is created, then it is used to develop the Project Charter and Project Design documents.  These documents should not only be created but needs to visited by an IT Governance body during multiple steps in the IT solution Project Life Cycle; not just at project initiation.  At each point it makes a “go/no go” decision as to whether to continue the project.  This is where many organizations fail to follow through.

Take the simplified high-level Project Life Cycle that includes 5 phases: Initiation, Analysis, Design, Development and Implementation/Closure.  Most organizations will make the “go/no go” decision on an IT business solution project either prior to the Initiation phase that kicks off the project or at the end of the phase, depending on how the organization defines its Project Delivery System.  In most organizations that is the only time that the IT Governance body will rule on the value of the project.

If the IT business solution project had to go before the IT Governance body at the end of the Analysis, Design and Development phases as well as the Initiation phase then the organization has greatly increased its ability to mitigate risk in the project, especially from external forces.

As the project goes through each phase of the Project Life Cycle, the benefits, costs, requirements and risks are further defined.  In John’s example, if our competitor launched their product while we were still in Design then our IT solution project went before the IT Governance body for its next “go/no go” decision.  The IT Governance Body, being aware of the competitor’s product launch, can now say that the project benefits are no longer valid.  The risk mitigation plan can be executed, which may include dropping the project all together.  This reduces the cost to the organization as those resources can now move on to a more valid IT solution project.

So not only is it important to make sure that you build a Business Case document, by whatever name you may call it, but be sure it is visited several times during the project life cycle, by others outside of the project team, to ensure that the assumptions (benefits, costs, risks) therein contained remain valid.  This along with making sure the proper stakeholders are involved greatly increases ensuring that the IT solution project maintains its value to the organization.

Everything Old Is New Again

Monday, March 8, 2010 by Matt Warman

This post may shock you... the Java Rocker is going to talk about legacy iSeries and AS/400! Before you panic, and call it the end of the world, let me continue. This post is about running all of the cool new Web 2.0 things on your IBM hardware. Really! Even in Cincinnati! Many people, (myself included) thought the old IBM hardware was only for RPG and COBOL (shudders). It turns out that IBM has been adding functionality to run Linux on the box. That means Wikis, Ecommerce, blogs, and web applications are now there for iSeries-AS/400 people. The catch is that your iSeries needs to be up to date, which sadly for most organizations is not. My IT consulting colleagues at STAR BASE are good with taking your tired old hardware and doing the maintenance necessary for the modernization piece. They get your hardware and software cleaned up and ready, so I can help you with all of the cool new application development projects that I have been talking about.

Packaging Fun

Thursday, March 4, 2010 by Matt Warman
You probably noticed that I haven't written anything lately. I was dealing with a head pounding issue with my JPA/JavaFX application (yes, it's still awesome!). When using NetBeans to create a JavaFX application, it creates JNLP files, a JavaFX JAR file, and a default HTML page to run in the browser.  This is a great way to run standalone or on a browser within NetBeans, but the packaging is not so great when you want deploy it to an application server like Glassfish. I had problems using the command line to WAR up those files, so I created a web application project, and moved the files mentioned above in the Web Pages directory. As any web application development guy will tell you, any libraries used should go in the WEB-INF/lib directory. Since I am using JPA (I put my entity and controller classes in a JAR), I added the JAR file and deployed..  no dice. The application deployed, and was trying to run (no 404s, etc.). The error message was that the JNLP file was throwing a null pointer exception. After checking for the proper JPA/JNLP/Server configurations online, everything was in order. Fun note: when looking for some JPA help, my own post showed up. I finally found the error message (pressing "5" in the Java console) and found that it wasn't loading the JPA classes! Wait it's in the proper directory! It works standalone! after some therapeutic primal screaming, I refocused and looked at the structure. The JavaFX files are in a Jar file, and the manifest file has the classpath for the JPA files. The JAR file is a part of a WAR file, so it's a zipped file inside of a zipped file. The fix is to add the "lib" directory of the JavaFX project (it is added to dist directory if you are using NetBeans) to same directory as the JavaFX JAR file. Your web application will not need the JPA files in the library.

Business Analysis: Building the Bridge

Wednesday, March 3, 2010 by Aaron Whittenberger
A common reference I hear in business today is that the Business Analyst (BA) is the bridge between the business and information technology staffs within the organization.  This infers that the knowledge of getting from one to the other, or interacting with either is contained within the BA alone.  The BA should not be the bridge, but the bridge builder.  If the knowledge is contained only within the BA, if the BA should leave the organization, then the bridge is gone.  If the BA is the bridge builder, then if he/she should leave, the knowledge remains within the Organization.
 
As an IT Strategy Consultant developing IT solutions here in Cincinnati and Southwest Ohio, I go from organization to organization and see that turnover within the BA ranks inevitably causes a great learning curve; either to recover the knowledge that has just walked out the door or bringing the new BA up to speed and making them an effective contributor to the organization. 

What all these organizations lack is an Enterprise Architecture, a fundamental artifact of the Business Analysis profession.  This and other artifacts are the foundation of creating a Business Analysis Center of Excellence.  There is a maturity path that all organizations take from having a community of BAs that serve the organization with no continuity or conformity of service through a mature level in which that continuity and conformity of service is establish; into a BA Center of Excellence, where all BAs within the organization have a common standards of practice, tools and resources from which to draw knowledge.

Where is your Organization on the maturity path to a BA Center of Excellence?

What makes a good BA?

Friday, February 26, 2010 by Aaron Whittenberger
I have spent a lot of time talking about the duties of the Business Analyst (BA); now let’s talk about the characteristics that make up a good BA.  I find it interesting that Kupe wrote on this very subject this week, I guess great minds do think alike.  As Kupe notes, the IIBA call these underlying competencies and define these as “the skills, knowledge and personal characteristics that support the effective performance of business analysis”.

The BA performs an important role in the application development process and is tasked with the duty of ensuring that the IT business solution meets the needs of the business.  The BA develops and maintains the business and functional requirements that the IT business solution must contain in order to be deemed successful.

So we know the role and duties of the BA during a business application development project, so what “skills, knowledge and personal characteristics” does a person need to have to perform these duties.  As the duties of the BA entail eliciting requirements from stakeholders and working with an application development team, you can imagine that communication is at the heart of the competencies of a BA.  Good written and oral communication is necessary in order to be able to perform these duties.  Good communication is not only departing information, but taking in information, or listening.  This is often the skill that is over looked when we talk about skills or create a competency model.

Notice that when discussing competencies, that we not only are talking about “skills”, like Decision Making, Creative Thinking, Learning and Problem Solving; but we are also considering “knowledge” and “personal characteristics”.  As the BA has to work with both the business and information technology staff, they need knowledge of the organization, industry and technology.  What kind of personal characteristics would you want in a person that serves such an important role?  I am sure ethics and trustworthiness would make the top that list.

So if you’re a BA looking to advance your career, there are some competencies to work on.  If you’re an organization or manager looking to hire a BA, look not only at their skills and past performance, but develop some probing questions that will give you a look into their “underlying competencies”.

Where Does the BA Fit into My Small Organization?

Monday, February 22, 2010 by Aaron Whittenberger
In my previous two-part posts I discussed where the BA fits into the organizational structure.  Even Jeff Welsh notes how application software development has changed over the years and requires a team approach for successful implementation of IT business solutions.

But you are sitting there saying we are a small to medium size business (SMB), my entire IT staff is 10 or less, I do not have a Business Process Orgranization (BPO) or Project Management Office (PMO); where should the BA fit into my organization?

SMBs need to utilize the BA role within their project delivery methodology.  If the role is not being fulfilled then there is higher risk of failure of the project in that it does not meet the needs of the business.  I have worked on many small-to-medium IT staffs and can attest to the fact that when resources are few that people wear many hats.  There were projects where I served as the project manager, business analyst, developer and trainer.  On smaller staffs, where only one or two of the people will be doing the duties of the BA, it is even more important to make sure that those people are easily accessible by the business units that they support.  Have them sit in the vicinity of those business units instead of in the IT Department.  I still feel that the BA is an IT function and should report to IT management as opposed to business management, but making the BA readily available and accessible to the business adds value to their role and gains buy-in from the business people to assist the BA with their duties.

So when making the organizational chart keep the BA in the IT Department; but when divvying up office space, make room for the BA near the business unit(s) that they are to support.

Testquerade Part Two.

Monday, February 22, 2010 by Jeff Welsh

In Part one, I introduced the idea of Test Data Management or TDM.  TDM is not something unique to IT Applications in Cincinnati, Dayton or to Ohio. It’s something that will need to be addressed nationwide.  With more and more government regulations and data privacy concerns, it will be more and more important to not only manage production data, but also test data used for quality assurance as well. 

One of the aspects of good TDM is for the obfuscation (sometimes referred to as de-identification or masking) of data values from a production database in order to make the test instances “safe”.   One of the challenges is preserving data distributions and referential integrity–even across distributed database systems.  This is particularly important in the healthcare and financial industries where PHI (Personal Health Information), social security numbers or banking information could get exposed.

Another aspect is the challenge of maintaining security around the test databases themselves.   Many companies have tight security around production data, but next to none around test and developer data.   Often this data is just a copy of production data that is not masked in any way.   According to a Ponemon Institute study, data breach incidents cost U.S. companies $202 per compromised customer record in 2008, that is compared to $197 in 2007.  With the cases studied a range of 4,200 to 113,000 records that were affected. 

Do any of you reading this have a little twinge in your stomach?  Can’t anything be easy anymore?  Maybe some RX is in order.  That was EASY!!!!
 

Where Does the BA Fit into Your Organization? Part two

Friday, February 19, 2010 by Aaron Whittenberger
In my last post, I joined the discussion of “where does the BA fit into the organization?”  I concentrated on the first line BA that should develop the enterprise architecture and help cultivate the business requirements for business process improvements.   This BA would be part of a combined Business and IT staffed Business Process Organization (BPO).  The purpose of the BPO is to analyze business issues and make the business case as to which IT business solutions projects should be undertaken. 

Once a project is approved by the governance body it is turned over to the Project Management Office (PMO) to guide the project to completion.  The PMO will be staffed with project managers (PMs) and business analysts (BAs) that will guide the project the rest of the way through the project life cycle.  You may be asking why you would need BAs as part of the PMO, or project leadership team; after all the PM is responsible to see the project is completed on-time, on-budget and on-schedule.  Yes, but the BA would be responsible to see that the project is completed and the IT business solution meets the business requirements.  A business application development project will need functional and technical specifications that the BA should help develop.

The third role of the BA, I alluded to in my first post on this subject, is that of the Test or Quality Assurance Analyst.  One role of the BA is to support the system, quality assurance and/or user acceptance testing phase of the project life cycle.

So the answer to the question ‘where does the BA fit …?” is in many positions within the organization.  It depends on which BA role you wish to discuss, and whether the organization is large enough to have a BPO and/or PMO.

Any thoughts on the subject?

Testquerade Part One.

Thursday, February 18, 2010 by Jeff Welsh

I had lunch today with one of our Cincinnati customers and he made the comment that his company had eliminated a lot of costs via their IT applications.  He also said there was no more low hanging fruit in their IT applications.  Everything is integrated and there are no easy changes. I laughed and said there is nothing easy any more; even my easy button quit talking!

In today’s world some IT applications have grown quite complex.  It was not that long ago an application developer that knew business could do the business analysis, the technical design, program the application, test and implement it.
Enterprise IT applications today require a team of dedicated professional working together and a good process methodology.  Many members of the team are specialized in a particular skill or a part in the development process.

One of the things that is sometimes overlooked or gets glossed over is testing and quality assurance.  I have even heard developers say “why should I test, that’s what we have users for”.   Because systems have become so integrated and complex, quality assurance is not something to be taken lightly.  As a matter of fact, it is quickly becoming a specialty in and of its self.  There are many aspects to quality assurance, but one that I think we will be seeing a lot more of in the coming months and years is the notion of Test Data Management.   To be continued……….

 

Where Does the BA Fit into Your Organization?

Monday, February 15, 2010 by Aaron Whittenberger
I attended the CIO Speaker series sponsored by the Cincinnati Chapter of the IIBA®.  The January meeting showcased the CIO and Deputy CIO of FirstGroup America.  It was not part of their presentation, but a question was asked of them “should the BA report to IT or to the Business?”  This alludes to the bigger question “where does the BA fit into the organization?”

This is the question that many organizations are still trying to answer today.  Many organizations are just realizing the benefits of the BA role.  One thing to realize, is those of us in the BA arena today are in the forefront of an infantile and growing profession.  The International Institute of Business Analysis (IIBA)®, the professions governing body, was formed in 2004; incorporated in 2006.  There are 827 certified professionals (CBAP)® in the world.  Compared to the Project Management Institute (PMI)®, which was incorporated in 1969, offer five certification programs and has nearly 300,000 certified professionals.  You may say that your company has had BAs for the last 5 or 10 years.  Then I say your company is one of the forward-thinking organizations that has recognized the benefits that the BA role provides in developing IT business solutions.

Now I believe this discussion will go on for years; but as this is my blog, here I get to put my two cents in.  First, let’s define the role of the BA in which we discuss.  Many organizations have a quality assurance team, department or processes within the IT application development team.  As these people support system or user acceptance testing procedures, these people are Business Analyst.  For this discussion, I refer to the Business Analyst that works on the front end of the project life cycle.  Who develops the Enterprise Architecture, gathers business requirements for business process improvements and makes the business case for IT business solutions projects to make those improvements.

As the role of the BA is to develop requirements and make the business case for IT application development projects, this is an IT function; therefore the BA is an IT position and should report to the IT management as opposed to the Business management.  Although the duties that the BA performs may put him/her in front of external customers of the company, their goal is not to perform the business of the company but to recommend IT business solution projects to improve business processes within organization; this is an IT function.

If your organization is large enough to use terms such as Business Process Organization (BPO) and Project Management Office (PMO); then you should find the BA at the heart of the BPO.  The purpose of the BPO is to analyze and recommend improvements to business processes.  So now you say that in most organizations the BPO is a business team; I would reply that it should be a combination business and IT team.  The improvement to business processes may require a business solution, such as upgrade or replace business machinery or training; or an IT solution, such as application enhancement, system training or system upgrade.  Therefore, the BPO should be made up of business positions and IT positions working together to determine the best solution to business issues.

One thing that I would change in many organizations is that I believe the BA should sit more in the vicinity of the business unit(s) that they support as opposed to sit in the IT Department.  BAs will be much more effective when they fully understand the business processes in place, issues that business workers face and the daily going-ons within the business unit(s).  Also, easy approachability to the BA for the business gains buy-in to the duties and recommendations of the BA.

So there is my opinion on the subject, what is yours?

How to Get the Financing You Need

Monday, February 8, 2010 by Aaron Whittenberger
Any good Business Analyst will tell you that IT and business speak in different languages.  Good CIOs and IT Infrastructure Management know that CFOs have a language all their own.  “That being said, it is the money people who generally stand in the way of engineers and technologists and the spending required to accomplish great things with IT.”, according to an CTOEdge article.  CIOs generally don’t speak in the language of the CFO when making spending requests, so we walk away feeling that they “just don’t get it”.  Here are 10 areas where we, as the promoters of IT, can begin to communicate better with the CFO.

1.  Think TCO, not ROI

To the CFO, return on investment is how much money you’re going to give back to the company. Let’s face it. Most IT projects — no matter how compelling — don’t bring “return” to the organization like an additional sales person, a new marketing campaign, or a new product launch.  Preach total cost of ownership (TCO); repeat it until you are blue in the face.  Whether business application development, web application development, IT infrastructure investment; you can demonstrate “fiscal stewardship” through cost reduction or increasing customer satisfaction and loyalty.

2.  Cloud Computing

CFOs like what they hear about cloud computing as a cost saver. Don’t fight them on it.

3.  Green IT

Are you surprised when the CFO is not willing to pay a premium to keep the environment cleaner?  The reality is that no green projects exist unless they have a better TCO.  So whether to upgrade your IT infrastructure, better IT infrastructure cooling, or saving space for your IT infrastructure you can build a strong business case of the decreased TCO and community relations intangibles of being an “environmentally conscious” firm.

4, 5 and 6.  Virtualize, Virtualize and VIRTUALIZE

“This subject takes up three spots because there are three key virtualization targets -- servers, desktop and storage. But again, the key here is how to justify and how now NOT to justify.”  Again build your TCO case for virtualization, but be realistic in your cost savings estimates.  Many times virtualization projects are viewed as unsuccessful because they did not meet the upfront cost estimates.  Be sure to include high traffic times such as end-of-month close periods.

7.  Adopt IT-Centric Business Continuity

Over the years responsibility for business continuity have been put on IT management.  This needs to change.  Organizations need to understand that there are three phases to a business continuity plan; event response, disaster recovery and business continuity.  With the financial impact on the organization of disaster recovery and business continuity, business management must be involved and responsible for these areas.  It should not be IT management’s responsibility to determine which business units are most important.

8.  Align with the Big Picture

Along with TCO, build your requests showing how the request aligns with the business objectives and goals of the organization.

9.  Proactive Cost Reduction

Boy does that sound like another way to say TCO to you?  Take a proactive stance on reducing cost.  The article showed how to reduce cost of document retention.

10.  Reduce Data Center Costs

The organization’s data center is usually the center of the IT infrastructure, both in physical space and cost.  Just as in application software development, modular building of a data center can cut cost of the IT infrastructure through avoiding construction cost, reduced cooling cost and reduced capital expenditures.

“While the relationship between CFO and CIO can sometimes have more debits than credits, it is definitely worth the investment in time and effort to highlight IT projects in terms the CFO will understand.”