The BA and the Shiny Objects


diamond-1186139_1280A few weeks ago I was approached about working with an organization to help them put together a new SharePoint 2013 site to replace the one they currently have (SP2010). The business unit that approached me is responsible for engaging with stakeholders when the company wants to build infrastructure in their operating region; let’s call the unit EE (external engagement) for the sake of discussion.

Now, before I get all ranty and critical, you should know that EE wasn’t getting much love and attention from IT; this post is not about assigning blame to EE or their Business Analyst, with whom I’ll be working pretty closely. The fact is that there are problems in how IT engages with the business that are way beyond the scope of this post. As you read this post, keep in mind that a business case has been prepared and approved by IT (a VP) and EE (a Director and an SVP).

To enable [EE] to capture the benefits of SharePoint in our department, we need to revisit our existing 2010 [EE] Team site.” That quote is the first sentence of the main body of the approved business case for the project. The case goes on, in excruciating detail, to describe in non-quantifiable terms how implementing various features and functions available in SharePoint 2013 will benefit the department. What the case doesn’t contain is any sort of goal or objective from the business indicating why the project is necessary and what the measurable business outcomes ought to be. Nor does the case contain any criteria upon which project success will be based.

If I were to summarize the business case as it’s currently written, it would be something like “There’s a bunch of cool SP2013 stuff that isn’t being used and we think we can use it to make our site look pretty and show people what we’re doing and we’ve started a Proof of Concept (PoC) that we’re going to finish soon to show you just how pretty those SP2013 things will look on our site and we’re going to do whatever we want whether it’s standard or not even if it’s stuff that other projects and departments are really responsible for. Okay?”

In addition to containing a shopping list of SP2013 features to be deployed, the business case also makes assumptions about the way in which many of the features will be deployed. Now, having some insight into the organization, I can tell you unequivocally that many of those assumptions are incorrect because they don’t comply with standards and guidelines that the organization has adopted. To be fair, had IT paid more attention, these deviations would have been caught and much time and money would have been saved.

I, and others, have advocated for trying to get the most out of the technology organizations have on hand. However, that doesn’t mean that organizations should invent requirements that provide no discernable business benefits simply to make use of some feature that’s currently sitting on a shelf. What it means is that, once real business needs and benefits have been identified, organizations should look at the tools they have on hand before going out to acquire something else. Of course, this should all be bound by an organization’s standards and guidelines.

Fortunately, the business case has been approved only to get the business requirements done. The organization uses a pure waterfall, gated SDLC so I’m going to use that to our advantage and try to get things back on the right track. I’m also going to try and get the PoC descoped or killed altogether. Things aren’t so far down the path that they can’t be corrected, but it will take a fair bit of cajoling and coaching of the BA. We’ll also have to get IT more engaged but I have a pretty decent PM to help with that bit.

Things to take away from this story:

  1. Only deploy technology based on identified and accepted business needs;
  2. Have measurable outcomes defined so you can actually determine whether or not you’re succeeding;
  3. Business and IT are partners and must work together;
  4. If your BA isn’t that strong, make sure they are properly coached and supported;
  5. Don’t sign off on a business case that doesn’t contain business objectives, business drivers, or success criteria;
  6. If you’re not going to comply with corporate standards and guidelines, cool, but have solid justification for not complying[1];
  7. If the first sentence in your business case is something like “To enable [EE] to capture the benefits of SharePoint in our department, we need to revisit our existing 2010 [EE] Team site.”, you don’t actually have one;
  8. Shiny Object Disease is both preventable and curable.

 

[1] Many years ago I had a contract gig with a major airline. My sole responsibility was to evaluate non-standard IT requests to determine whether or not the provided justification was sufficient enough to warrant approving the request. I.e.: Standards and guidelines can occasionally be broken if there is valid justification.

Supreme Court of Canada Gets Privacy Call Right: Let’s Keep Going


Please note, I am not a lawyer, nor have I played one on TV (though I really liked Boston Legal). I’m also not a privacy expert, but I really value mine. Like, really value it. I mean it.

Earlier this week, March 27th to be precise, the Supreme Court of Canada ruled that authorities need a wiretap warrant to “intercept” text messages, the same as they need for listening in on phone conversations. You can read the full ruling here and you can check out CTV’s take on it here. For you non-Canadians, CTV is one of our national broadcasters.

In essence, the court opined that text messages are equivalent to an electronic conversation and should be afforded the same level of privacy. So far so good, but what I want to know is what makes communication a conversation? To my mind, a conversation occurs when one or more parties are interactively using their words and their ears. Whether the conversation occurs on the phone, in person, over computers … whatever, makes absolutely no difference. At the same time, what excludes electronic communication from being a conversation?

Is a chat via instant messaging not an electronic conversation much like text messaging? True, the devices may be different, but it was the court that stated that the technology should not matter. Are private/direct messages via social networking sites not private conversations? Is an email thread between specific individuals not sometimes a private, electronic conversation?

My point is this …

If we’re going to hold the authorities to a higher standard when they want to “listen in” on our conversations, we need to be very clear about what a “conversation” is. If text messages require a wiretap warrant (btw, what about texts stored on the device?), then so too should instant messages, private/direct messages, and some emails.

I’m in favour of providing the authorities with the tools they need to effectively deal with crime and criminals, but not at the expense of my privacy.

Communication Breakdown


http://www.youtube.com/watch?v=bZNkLyQSZVg

Let’s pretend you’re working on a major project that has multiple stakeholder groups, each with agendas, priorities, philosophies, etc. Now let’s also pretend that the project (it’s actually a program) has been envisioned by the CEO or some such all powerful being. Let’s agree that all the stakeholder groups, in order to keep their jobs, have bought into the CEO’s vision of the future. Why, then, is it that no two groups can actually agree on how to move forward? Why, in some cases, does one group actually try to diminish the value of another (it’s not a .net vs Java thing)? It’s because they don’t communicate effectively.

Communication is not about the loudest voice winning. Communication is about articulating your points in a manner that can be understood by your audience. Communication is also about LISTENING. The communication issues on this entirely fictitious project are really due to nothing more than a bunch of alpha dogs peeing on the same spot to mark their turf.

The reality is that they are going to have to find a way to communicate effectively; because this project is not going to be scrapped (someone would lose face – another communications gaffe). Coming in hard with an iron fist in a velvet glove isn’t going to work because there would be a massive backlash from the user community, resulting in really bad things happening to a lot of people.

One of my roles as a consultant is to facilitate communication between stakeholder groups. It’s my job to take everything in and send it back out in a way that offends no one (or offends everyone equally). The toughest thing to accomplish is to convince everyone that all the good ideas are theirs (fosters buy-in and ownership).

My point is this: if your project is being hit by internecine warfare, you need to do something about it. It’s all well and good to have a communication plan that includes posters, coffee mugs, cult-like rallies and all that blather, but if the people that have to define and build the solution can’t come to some sort of agreement the whole thing’s a waste of time.

If you don’t have the resources internally to fill the facilitation and liaison roles, engage a consultant.

The totally fictitious project is an ECM project, but poor communication will kill any type of project.

It’s Really About Communication


Whether tangible or not, all communication has an intended outcome.

The purpose of information is to inform and communicate. We want to communicate our achievements (financial results), our desires (purchase orders), our directives (policies), and our knowledge (whitepapers & case studies). We want our communication to be actionable (buy something from my company), informative (the news), and educational (achieve and grow).

We communicate in real time (over a coffee, via instant message, over the phone) and asynchronously (email, billboards, Twitter). We communicate with no-tech (talking, non-verbal), low-tech (TV, print), and high-tech (blogs, Facebook). Our communication can be targeted to an individual, to a group, to the world. We receive communication as individuals, as groups, and as organizations.

The information we communicate may be acted upon immediately, in the near-term, in the long-term, or far into the future. Worst of all the information we communicate may never be acted upon, which ought to cause us to evaluate the quality of the information and the effectiveness of our communication.

When we communicate something that has a positive outcome we’re golden. If, however, a negative outcome results from our communication … not so much golden; we are held accountable for our communication. This is as it should be.

Given that what we’re really doing is communicating, something we’ve been doing since the dawn of time, why is it so difficult to build effective accountability into our information and communication management practices?

Update the Policies

Policies that were created in the days when paper ruled need to be updated, not applied as-is to electronic content. In fact, some (most?) of these policies need to be scrapped altogether and completely re-written. Policies need to be crafted in a manner that leverages the intrinsic value of information, not in a way that subjugates information to the fear and paranoia of the risk managers and the legal system. This is not to say that we ought to ignore risk and legal issues, we just can’t continue to let them be the driving force. Unless and until we transform information governance from a risk based model to a model based on value, organisations will never see the true benefits of their information assets and knowledge workers will never reach their full potential.

In order to develop policies that encourage innovation, creativity, and productivity, without exposing organisations to unnecessary risk you first need to identify the reasons you communicate, your target audiences, and your communication channels. Information governance policies need to be tailored to support the purpose of the information and the communication channels employed to disseminate the information.

Use the Tools

As much as there’s been an explosion in the amount of information that we deal with every day, there has also been an explosion in the number and variety of tools available to deal with the information. I’m not referring to tools such as Facebook, Twitter, and other social tools, which are viewed by some as being part of the problem. I am referring to the variety of information management and security tools that are available today.

There has been an explosion in the number and types of tools available to us to manage information. These tools include email archival tools, content and records management tools, business intelligence tools, newsreaders, collaboration tools, and information rights management tools. The problem we have is not that we’re missing the tools; the problem is that we’re missing an holistic approach to deploying these tools through the organisation in a manner that focuses on value rather than control.

Change Corporate Culture

Much has been written about the lack of general adoption of social business tools in organisations. One factor that is inhibiting adoption is that there are as yet no effective governance models in place for dealing with social business on an enterprise scale. ARMA recently released a research paper that, I suppose, provides some guidance in this area. However, it is my belief that the paper actually exacerbates the problem as it continues to deal with control instead of value. (Cheryl Mckinnon has a pretty good take on the paper.)

Corporate culture needs to change. Organisations need to develop reward and recognition policies that encourage employees to actively participate in social business, as consumers and as contributors.

What If?

What if Information Management policies were more focused on the value of information rather than on controlling information? Is it possible that the 2008 economic meltdown could have been predicted, less severe, or prevented altogether?

Enough Already! We Get It.


RIM practitioners have been banging on about compliance, governance, and risk for ages, to the point where I think audiences have become desensitized to the messages. So what do we do about it?

Change the Tune

Instead of continuing to talk about Records and governance, which only resonates with a small percentage of stakeholders, change the focus to Information. Julie Colgan started things off with her probing piece on the AIIM Community forum. We need to switch from talking about the bad things that happen when you don’t manage records properly, to the good things that happen when you do manage information properly. This is not to say that records don’t need to be managed; my contention is that Records Management is subservient to Information Management and that information governance imposes constraints on users and the organizations they work for.

Just for fun I cruised through the table of contents of 17 issues of Information Management published by ARMA between July 2007 and January 2011. My goal was to find feature articles that were focused on the value of information and not on the governance of information; I found very few. Even articles (there were two, if I recall correctly) that were E2.0 (or social  networking or Web2.0 or …) specific focused more on how to govern organizations’ use of E2.0 than on the value and benefits to be gained. In the November/December 2009 issue, in an article titled “Equipping Your Organization For The Social Networking Game” the authors (Nancy Dupre Barnes, Ph.D. & Frederick R. Barnes, J.D.) provide 10 “Recommendations for Internally Designed Sites”. The blurb preceding the recommendations states “These recommendations apply, in a general sense, to social networking sites designed internally for an organization’s business use. As such, it is important for the organization to seek and obtain approval from appropriate legal advisors prior to go-live.” The recommendations are:

  1. “Pay attention to policy pertaining to logo, (trademark or service mark) usage.”
  2. “Use disclaimers.”
  3. “Discourage or do not allow anonymity on the site.”
  4. “Use a single sign-on directory infrastructure for employees’ site access.”
  5. “For publicly traded companies, become familiar with SEC regulations regarding the disclosure of financial data.” (I won’t take umbrage with the uniquely U.S. view that ignores us Canadians)
  6. “Post terms and conditions for the use of the site.”
  7. “Observe intellectual property and copyright laws.”
  8. “Respect user privacy.”
  9. “Create a guide that incorporates all aspects of use of the site.”
  10. “Create training materials and offer opportunities for individuals to educate themselves on appropriate use of the site.”

All of these recommendations are perfectly valid, but none of them are unique to E2.0 and most of them ought to be contained in an organization’s information management policies. However, the biggest fault of these recommendations is that they will likely be met with a resounding “who cares?” when presented to the folks that actually have to use the E2.0 tools to do their work. There is also one critical governance recommendation missing: Anything you write / publish as part of your job belongs to the organization, not to you.

Let’s face it; if we unleash E2.0 on the workforce and expect them to use it productively (however the organization defines productively) we better give them recommendations that they can use to do their jobs. Here is a list of recommendations that may be better received:

  1. Have your work reviewed before you publish it.
  2. Make your content relevant.
  3. All of you are smarter than one of you.
  4. Learn from each other, teach each other.
  5. Understand your audience and engage them.

My point is that by changing the message we will get better buy in. Focus the message on the value and nature of the information and rely on the common sense and good intentions of the majority of the users to do the right things.

Change the Audience

We need to stop talking primarily to the executives and start talking more to the users. We need to develop new communication strategies with appropriate messaging for the various target audiences. We need to look at the advertising and marketing industry for inspiration and guidance. After all, we are selling Information Management to a broad spectrum of consumers from varying demographic groups.

Change the Messenger

Vendors, consultants, risk managers, legal counsel, “the man”, … we all have been delivering the messages for what seems like forever. It’s true that we know what needs to be done and we think we know how to get it done. However, in many cases it’s not getting done the way it ought to be done, nor with the enthusiasm we thought would be there. How many times have we looked into the eyes of the users and thought they’re thinking “This is just more bullsh*t from management.”? The users are wrong, but I understand where they’re coming from.

If we really want information management to be accepted and succeed we need the users to deliver the message to their peers. If we can make this happen it will work; I know because I’ve seen it happen. The challenge for us is how to make it happen.

Last month I was talking to a counsellor at my son’s junior high school about educating kids about life online (my earlier post on the subject). She’s doing it the right way; she is identifying a core group of student champions, providing them with the right messages, tools, and guidance, and letting them educate & motivate their peers.

Rise to the Top

Information Management needs to be represented in the C-suite. You may say “It is, look at all the CIO’s out there”. It’s not. Most CIO’s are IT executives whose focus is on how to get the most out of an organization’s technology assets (servers, network infrastructure, applications, databases, etc.). A CIO needs to be focused on an organization’s information assets in the same manner that a CFO is focused on financial assets. The CIO’s focus must be on how to leverage information to the organization’s best advantage.

C-suite appointments need to reflect that technology exists to support business. However, we can never lose sight of the fact that technology also provides capabilities and opportunities that we may not otherwise have.

%d bloggers like this: