Of course, it's not, the message behind the slogan is valid all year round. It's just, you never hear the message at any other time.
Similarly, there was a flurry of activity and media attention around the EU's General Data Protection Regulation (GDPR) last year and rightly so. The consequences of being at the centre of a data breach, with a potential fine of 4% of turnover, meant most firms heard the message and acted to get their house in order.
Then GDPR Day came and passed and everyone stopped talking about it.
Until British Airways was told it faced a fine of £183m for a data breach in which customers’ credit card data was stolen.
GDPR got real then, didn't it?
Like those Christmas dogs, GDPR is for life and not just for that long-forgotten deadline day. A few friends have told me that they think that their firms have taken their eyes off the ball since last May and that IS a worry. The problem is - you might not know if you have let things slide until you get stung.
The bad guys are not operating at the level they were at when you addressed your GDPR responsibilities last spring. They are getting more and more sophisticated and so your systems and approach have to evolve to match them. To be clear, BA got hit by scammers at the top of their game, I mean, just imagine how much BA will have spent on data protection and how sure of their security controls they must have been. "Fort Knox," was how one security expert colleague had imagined them to be and I guess few would have disagreed.
I think that most people doubted that the Information Commissioner’s Office (ICO) would levy the maximum fine available to them. 4% of BA's annual turnover, rough calculation - that would have been a fine of about £500 million. That's a pretty unthinkable amount, especially given the fact that the highest fine before GDPR was half a million.
Indeed many thought that the level of security British Airways had and the speed with which they reported the breach would have meant a more lenient approach. GDPR stipulates that you have 72 hours to report a breach, three days, it took British Airways just one day to announce it had been compromised.
Ian Thornton-Trump, a cybersecurity expert was quoted by Forbes predicting a fine "in the £5 to 10 million range". Many observers thought even this may be on the heavy side, so when that £183m figure was announced the whole internet security and business community gave a collective gasp.
It's not just the fine, of course, a data breach brings claims for compensation from customers who might have suffered financial fraud as a result, and then there is the incalculable damage to reputation that a firm may suffer following a cyber-attack. Furthermore, in this case, BA was also threatened with a £500 million class-action lawsuit.
The high-profile cases, like BA, grab the headlines but it is another BA altogether that concerned CIOs that we’ve been talking to. Business Analysts became so sought after during the initial GDPR compliance preparations that firms were struggling to find them. Our sister company, Access Talent, the IT Project recruitment specialist, reported a surge in enquiries for this role post-GDPR too. As more businesses are needing BAs with regulatory experience to help create guiding principles on how their information is governed, hirers are increasingly toiling in vain to find business-facing talent to fill these roles. As a result, the Project Management as a Service market is doing a roaring trade in Business Analysts – this market should be your first port of call if you too are having difficulty finding BA talent to add to your staff headcount.
Another consequence of diverting attention and resources into projects initiated just to make firms GDPR compliant is that, often, something somewhere else in the portfolio has to suffer. Few project operations factored this in, few organisations had budgeted for extra resources, so it fell to the in-house IT team to do what in-house IT teams always do – they had to deal with it. This meant a lot of burning of candles at both ends which would have been OK for the short-term fixes that were being worked upon last May and June. Over a year later though, many firms still have longer term GDPR projects that are sapping resources needed elsewhere and strategic business change projects are falling behind or not delivering their full potential. The PMaaS market is geared up to help with this – you should ask your Project Management Services partner to take a look at your portfolio and recommend resources.
GDPR is having and will continue to have an impact on the efficiency of project teams. Based on the number of cases reported, attacks are trending upwards. By just August last year, the ICO revealed that data breach complaints were up 160% in the three months or so since GDPR had come into force.
Now, a year on from those figures, the ICO just published its Annual Report and it is clear that this was only the beginning. In this first Annual Report since GDPR took effect, the ICO reports complaints from the public almost doubled.
The ICO also reported a considerable increase in reports of data breaches that it received from companies, including 13,840 personal data breach reports under GDPR. This is more than four times the number received in 2017-18 and cybersecurity was cited as being at the root of many of these.
There is good news in the ICO’s Annual Report though, in more than one in eight (82%) of breaches, the reporting organisation had sufficient measures in place, or was taking appropriate steps to address the breach, that the ICO was not minded to take any further action. Furthermore, in fewer than 1% of cases, the ICO began proceedings beyond issuing recommendations or advising further action, and just 0.05% of cases resulted in financial penalty.
While it seems that UK businesses are over-reporting data breaches, the ICO states that this is a sign that organisations "are taking the requirements of the GDPR and DPA 2018 (Data Protection Act 2018) seriously" and, they say, "it is encouraging that these breaches are being proactively reported to us."
Less encouraging, but at the same time inevitable, is the increase in cyber attacks and the increasingly sophisticated tactics being used by the criminals but with just 0.05% of cases resulting in financial penalty, it’s not worth losing sleep over, right?
My old maths teacher had an interesting take on our perception of percentages, she would have said "0.05% is only a small number if you're part of the 99.05%. If you're part of the 0.05% it's ENORMOUS"
This is the take away from all of this! Take a regular walk with your German Shepherd guard dog around your perimeter fence to make sure that there no holes in your IT Projects and systems that these guys can exploit, and make sure that the measures that you have taken are not sapping energy from key business change initiatives.
Many of my friends are sharing a view that their firm walked the guard dog around the fence last May, but it has stayed in its kennel ever since.
Remember, that dog is for life! So is GDPR!
IT Project Nirvana.
Budgets are tight so often it's the latter that either gets sacrificed, usually merged into someone else's role.
Many Project Managers have in the past, had parts of their job description that look more 'BA' than 'PM', and have had to try to cover both roles. However, we need to recognise that Business Analyst (BA) is a vital discipline in its own right. Business and technology demands have changed the landscape and it is constantly evolving. Increased security threats, GDPR legislation, greater emphasis on return on investment, tighter budgets, less flexibility around delivery dates, all mean an effective Business Analyst has become an essential rather than a luxury.
Until now, a Business Analyst on every project has been viewed by many as just that - a luxury, nice to have, but not something that every organisation can afford. I did a quick ring round some clients and every single one who could see a marked benefit of having a BA said, that it was headcount that they could not justify.
As with most capability gaps, there is an opportunity here for an "as a Service" model.
Business Analysis as a Service (BAaaS) would work just like any other managed service. Just like the broader Project Management as a Service (PMaaS) which it is part of, BAaaS can offer fully skilled experts with a deep understanding of current technologies and methodologies that dovetail neatly with your own team.
If you are looking to increase your business analysis capability whilst reducing business costs it's worth considering.
Of course, the main reason that many project teams don't have a full-time Business Analyst is one of demand. Some projects need a BA more than others - any headcount that is crucial today, but later sits twiddling thumbs for three months until needed is an expensive resource. At its most flexible, BAaaS should be a provision that you can adjust according to your needs, you dial it up and dial it down depending on your demand.
Furthermore, your BAaaS partner should get to know your culture and business goals, as should any aaS provider actually, ensuring delivery of tailored technology solutions that fit your business and meet your specific needs.
BAaaS is not a new concept. I didn't invent it! I think I first heard the phrase coined in 2010 - so why is it SO relevant now?
Here are Six Reasons.
1 - Security
I already alluded to this, clients with a Business Analysis capability, either in-house or outsourced, report greater security confidence. It's certainly another line of defence. As Projects become more complex and more closely aligned to business strategy, the more attractive they become to hackers. IT Projects are increasingly being targeted by criminals seeking sensitive data. Business process and technical know-how are among the skills that make a great Business Analyst, and combined and deployed within your portfolio, these skills will help to mitigate some of these security risks.
2 - BAs Create Value
As IT project budgets tighten having a Business Analyst in place becomes more and more critical. When you consider that IT project Return on Investment (ROI) is measured by value achieved, minus the cost of implementation, it is easy to see how a BA can influence both sides of the equation. Deployed effectively, a BA will find the most cost-effective solution to your problems and challenges — outsourced BAs especially have a wider awareness and experience of cost-reducing options.
3 - BAs Facilitate Up-Scaling
As the business supported by your IT team grows, so too does the size and scope of your project portfolio. Systems that used to support you can start to creak under the pressure of increased stakeholders and dependencies, communication methods that worked fine when your team was small can become stretched. BAs can provide a framework in which to upscale to meet demand within the parameters of your budget.
4 - BAs Can Sniff Out Extra Business Benefits
I used the term 'sniff out' deliberately. One CIO recently referred to a BA hired through an "as a Service" offer as a "like a terrier". What he meant was that good BAs don't just report on projects, they actively search out opportunities for aligning IT solutions with business strategy and in doing so help the IT project team realise greater potential benefits.
5 - BAs Have Flexible, Transferrable Skills
When business budgets are tight, your team has to be staffed by the best multi-taskers! The Business Analyst role seems to attract talent with transferable skills and more varied project experience. One CIO told me having a Business Analyst was like a football manager having a defender who was happy running up the pitch and scoring a goal. I thought this a great way to put it! Solid at the back and prolific at the "glory end" of the project. BAaaS allows you to have this resource on tap!
6 - BAs Reduce Having to Start Over!
I asked a BA what she thought her USP was and she told that she was uniquely placed to help her team have a laser focus on what was important. IT projects, being subject to so many stakeholder and external forces, are prone to change. You factor this in and prepare contingency budgets, buffers and margins, but when project delays are caused by unforced errors, like poor communication or lack of clarity on requirements, it's really frustrating. Unnecessary change, having to rework portions of the project, or even start tasks over can all be reduced by having someone effective in the BA role.
In conclusion, I believe that it's never been more essential to have a Business Analyst, but I also appreciate that it has probably never been harder to justify the extra headcount. BAaaS could provide you with the hero that your portfolio needs at a cost it can afford. Why not talk to Stoneseed now?
Find out more about BAaaS as part of Project Management as a Service from Stoneseed]]>
The IT business analyst role has traditionally been one that facilitates communication between IT and business stakeholders. Subsequently, business analysts have always had great skills in this area, adept at both verbal and written communication. Which is why I am surprised that this talented group have been rather backwards in coming forward about the growing importance of the part they play in delivering business results through IT.
It has long been my belief that the BA has evolved, like much IT talent has, from "back office functionality" to pivotal strategic significance.
Looking for data to back up my hypothesis (where is a BA when you need one?!), I came across a piece written by Ben Harvey for BA Times called "The Business Analyst of Tomorrow". I'll share a link to this at the end because Ben hits nail after nail squarely on the head.
I was chatting with a CIO friend about this she pointed out that not only has the evolution of Business Analysts benefitted the organisations for whom they work but also (and more crucially) the clients of those businesses.
As Ben says, "We have adapted. We had to! We have gradually, painstakingly moved from the periphery into the centre of our Business and Customer worlds. Our jobs dictate that we are experts in people, process, and technology. We have created a space in this new world by collaborating, iterating and staying relevant." Couldn't have put it better myself Ben!
He is right, BAs had to evolve. Increasing globalisation, more complex IT Projects and more disparate IT infrastructures challenged the status quo of the BA, fortunately, most BAs I know were already challenging it themselves meaning that they were more than ready for what their changing environments were throwing at them. They became more flexible, more responsive and then, naturally, more proactive. BAs were often anticipating business need ahead of the business stakeholders they served.
The Business Analyst became the "go to" team member for many project and business change challenges. They became strategic thinking, drivers of change who improved processes. They took active responsibility for many of the things that previously they had "just" number crunched and communicated. I type the word "just" in inverted commas because that number crunching and communication that I prefaced with "just" has been the lifeblood of many of the most successful IT Projects of my career. I've always been very respectful of the role of the BA and acutely aware of the connection between their input and project output.
This is why the evolution of the BA is so exciting. Far from analysing data garnered by someone else, BAs increasingly now engage directly with stakeholders to first understand and then respond to their changing needs. This has given the whole process greater speed and agility. It stands to reason, from a technology point of view many BAs have talked the talk for years so it's a natural progression - rather than channelling communication, they are now leading it.
In a couple of instances recently I've seen BAs challenging and questioning high ranking stakeholders, for the benefit of an IT Project. I don't think that this would have happened even five years ago and it is a sign of both growing importance and growing confidence!
I think that there are several reasons why this happened.
My opening question, "Since When did BA Stand For Bloomin' Amazing?" is more than a flippant headline. It's a question that I have been genuinely meditating on of late. The systems analysts of the 1970s and 1980s are probably the origin of the species, but they didn't prescribe based on business need - they automated business functions and migrated businesses from paper to electronic systems and data storage, they improved business processes and systems - but not from a paradigm of business need consciousness.
Even the first IT business analysts of the late 1980s, 1990s and early 2000s were mostly coming at the question more from a technology point of view.
Sometime in the last decade something changed, BAs developed a deeper understanding of business requirement, they saw how stakeholder relationships affected outcomes and combining the two BAs became a potent part of the success of business IT delivery.
I suppose newer technology methodologies required a deeper grasp of both business need and IT. Services-oriented architecture (SOA), for example, would have emerged about the same time that I'm mentally positioning the birth of today's Business Analyst. Set this against a backdrop of changing business conditions and global economic slowdown and you can see how an opportunity was created that more than fitted the emerging skills and mindset of the BA. Someone in the business IT structure needed to give all of this their closest possible attention and in many forward-thinking organisations that someone was the BA.
This meant business analysts would work across various business areas and as they gained cross-silo experience so their influence grew. The best BAs of 2017 are not solely business focused or solely IT focused, they are not experts in marketing or sales or IT processes, they have a helicopter view of the lot and they also have two other key strengths.
1) Tech - BAs get it
I remember seeing a Business Analyst job advert about ten years back that included the line "Experience in IT not necessary". The successful applicant (and for that matter everyone shortlisted) had IT expertise. In fact, I'd say that every great Business Analyst I know has above average IT knowledge and skills.
This means that they can advise evidenced tech solutions based on business need ... largely because ...
2) Business Need - BAs get that too!
Most (if not all) change programmes need empathy with business needs - great BAs have this in spades too! Business analysts align requirements with processes.
And now, in 2017 the greatest CIOs are recognising this and raising the profile of business analysts within their organisation. They are realising that for business requirements and IT delivery to combine to spawn cutting edge business applications, for improved enterprise projects and more business case focussed systems development, the best person to unite business strategy and IT is their business analyst.
Some CIOs I know have been protective, possessive even about this, almost seeing BAs as a threat to their position as the pivotal bridge between business and technology functions - but most now see it is a complementary role and embrace it.
CIOs that have embraced it now have powerful allies in the business.