When my older son graduated from college, he worked as an intern for a professional sports team. At the end of his very first day of work he called me, puzzled.“I asked them what my responsibilities were,” he related, “and they said, ‘We need you to know what we are supposed to be doing’.”After a long pause he went on, “I wanted to ask them why they didn’t already know what they were supposed to be doing, but I didn’t think that would be such a great idea my very first day there.”Let’s see whether at some level that situation sounds familiar to you. It turns out his area of responsibility had to do with ensuring operational compliance with corporate sponsorship agreements.The sponsorships are quite expensive.You might think these agreements would be relatively simple, but of course, there’s no such thing as a truly simple business.A sponsorship contract:
Outlines a complex configuration of promotional and other benefits, some automatable and some not, all usually tailored specifically for the individual sponsor.
Is loaded with obligations, decision criteria, and computation formula (read ‘business rules’) to govern the sponsorship relationship.
Is amended frequently, both formally and informally (via hand-shake), owing to the dynamic nature of the sponsors’ marketing needs.
To continue the story of my son’s first day, they gave him a stack of contracts and amendments, operational schedules, and invoices and told him to see if they all matched. Of course they didn’t.Not by a mile.By the end of the first week, my son had become fairly fluent in the organization’s governance problems. (Ah, young minds!)The contracts and schedules were all produced by different people at different times.Some of the schedules were hand-done and some automated.But even the ones that were automated often didn’t match the contracts.The invoices were automated, but in many cases they too bore little resemblance to the contracts.The IT people were not much help either. “They seem to speak a different language,” my son reported naively.Bottom line:A number of the sponsors were becoming quite annoyed — not a good thing for a mediocre team in a mid-sized market.But there was still more. The sales reps were, shall we say, quite creative in what they offered the sponsors.Their terminology, which often found its way into the contracts, was highly idiosyncratic.Yet they were talking about the same shared resources (e.g., banner boards in the stadium) that had to be coordinated real-time across many sponsors.They seemed oblivious to some of the company’s rules — even though some, quite literally, were dictated by physics (e.g., a banner board can only say one thing at a time; there is only so much time during a game, etc.). By the way, my son went to one of the team’s games his first week at work. The team lost.Attendance was poor.Sponsors were unhappy.“I think it’s going to be a season,” he said.After a moment of reflection he added, “You know what really worries me is that I am going to figure all this out, then walk right out the door with all that knowledge. They’ll be right back where they started.Doesn’t seem to me like a very good way to run a business.”Welcome, my son, to the reality of business rule mismanagement in the 21st century!
It’s a shame to have to resort to a ‘meta’ discussion to have what should be a direct conversation about governance process(es). After all, what’s more fundamental to an organization than those?! Does the BPM space ‘get’ it? Recent discussion in social media makes me doubt it. So back to ‘meta’ we go. Here’s a recent wrong-headed post in social media that got my attention.
“I don’t see the appropriateness of labeling governance processes (e.g., business planning process, inventory policy process) as ‘meta’. They’re on a par with all the other business processes (i.e., request for proposal process, hiring process, product commercialization process, etc.). The process management process, on the other hand, is a meta process in that it stands above every one of the other processes, both governance and non-governance.”
My goodness! The process management process stands above governance processes? In what conceivable universe?! From a business perspective something is fundamentally flawed about a BPM approach that fails to recognize governance processes as above all others.Let’s think about it a bit. Some definitions …
I define ‘governance process’ as ‘process that governs other processes’. It’s ‘meta’ because both subject and predicate are the same kind of thing. (Merriam-Webster Unabridged Dictionary 3b.)
I define ‘meta-process’ as ‘process that transforms other processes’. Since ‘governs’ is a specialization of ‘transforms’, that makes governance process a specialization of meta-process. I recognize there can be other kinds (specializations) of meta-process.
In other words there is a governance variety of meta-process that is the class of all processes that govern other processes. One example or instance of that class is THE governance process (singular) that governs the organization as a whole.
Aside: I can’t believe I had to prove in theory that an organization has a governance process!
To take the analysis further, you could specialize governance meta-process beyond THE governance process (singular) for an organization as a whole to suit governance of individual business areas or processes. The results (outputs) of all other specializations, however, should be consistent with the results (outputs) of THE governance process (singular). That’s a fancy way of saying you want to ensure business alignment.In social media, I wanted to initiate a discussion of what form the results (outputs) from all governance processes should take. If you want to talk about process improvement for governance processes, wouldn’t that be a foremost question?! No luck. These BPM participants wouldn’t go there. It leads me to believe they don’t really ‘get’ that governance is always about setting business policies. Indeed, if you want to improve the governance process sooner or later you’ll have to come to grips with business rules.
Instead, they seemed satisfied to conclude the conversation with simply “a process is a process is a process”. I’m afraid not!
a process, organizational function, set of techniques, and systematic approach for creating and deploying business policies and business rules into day-to-day business activity
Our definition is based on Merriam-Webster Unabridged Dictionary [MWUD] definitionsfor governance 1, 2a, 4a, and 5. Why should any divergent definition be created?
1: the act or process of governing
2a : the office, power, or function of governing
4a: the manner or method of governing : conduct of office
5: a system of governing
And have a look at the MWUD definition of govern [1a]:
to exercise arbitrarily or by established rules continuous sovereign authority over; especially: to control and direct the making and administration of policy in.
Note the high-profile roles of rules and policies in that definition. ‘Governing’ a business involves coordinating how business policies and business rules are created (the making … of) and deployed (managed, distributed and monitored) within day-to-day business operations (administration). Clearly, business governance and business rules are directly linked. Why haven’t more people recognized the direct link between business governance and business rules?!2. Governance DecisionThe original decision to create a business policy or business rule is an example of agovernance decision. Governance decisions should be part of a special business process, the governance process, which also coordinates deployment and retirement of business rules. To support business governance you need a systematic approach, which is provided by a rulebook and general rulebook system (GRBS). These tools also provide the traceability needed to support compliance.3. Governance ProcessWe define governance process as follows:
a series of business actions and checkpoints indicating who should be doing what (business roles), and when, with respect to deploying business policy and business rules
That just follows naturally, doesn’t it?~~~~~~~~~~~
Excerpted from Building Business Solutions: Business Analysis with Business Rules, by Ronald G. Ross with Gladys S.W. Lam, An IIBA® Sponsored Handbook, Business Rule Solutions, LLC, 2011, 304 pp, http://www.brsolutions.com/bbs
United Airlines recently rolled out this new business policy regarding upgrades on one of its routes. Once you get past the fluff, it simply says its Houston-Lima route is no longer eligible for free upgrades. A practicable version of the business policy would be a bit wordier.
How easy would it be for your company to deploy a change in business policy like this to all relevant operations and IT systems? How long would it take and how much in resources would it consume? Would the results be traceable and reversible?
The ‘thinking’ part of changing business policies will never be easy. The goal of rulebook management is to make the discovery and deployment parts as easy as single clicks. Why not move toward smart governance today?!
United Airlines today rolled out this new business policy regarding upgrades on one of its routes. How easy would it be for your company to roll out a change in business policy like this to all operations and all systems with a single click?
You can find definitions and discussion of all terms inblueon Business Rule Community:http://www.brcommunity.com/BBSGlossary.pdf~~~~~~~~~~~~~~~~~~~rulebook:the collection of elements of guidance for a business capability, along with the terms, definitions, and wordings that support them
Discussion: The rulebook of a game enumerates all the do’s and don’ts (rules) of that game along with the terms and definitions (vocabulary) needed to understand the rules. Each participant in the game, whether player, coach, referee or umpire, scout, spectator, or media person, is presumed to understand and adhere to the rules to the extent his or her role in the activity requires. The rulebook sometimes suggests how to play the game to maximum advantage, but never dictates playing strategy.
Similarly, a rulebook in business includes the business rules (and advices) needed to perform day-to-day operational business activity correctly or optimally, along with the structured business vocabulary (fact model) needed to understand the business rules correctly. Each participant in the business activity must adhere to the business rules to the extent his or her role requires. The rulebook never dictates business strategy, but should reflect, enforce, and measure it.
Unlike the rules for a game, however, business rules change, often quite rapidly. Therefore knowing the original source of each business rule, its know-why, and its full history of modifications, as well as how and where the business rule is currently deployed, is essential in effective rulebook management.
rulebook management:the skills, techniques and processes needed to express, analyze, trace, retain, and manage the business rules needed for day-to-day business activitygeneral rulebook system (GRBS):an automated, specialized, business-level platform forrulebook management
Discussion: Key features of a general rulebook system (GRBS) include rich, interactive support for structured business vocabularies (fact models) and comprehensive traceability for business rules (not software requirements).
Unlike a business rule engine (BRE) a GRBS is not run-time. Think of a GRBS as more or less like a general ledger system, except for Business Analysts. Because of the potential of GRBS to support compliance and accountability, a GRBS is indispensable for improved business governance.
From Building Business Solutions: Business Analysis with Business Rules, by Ronald G. Ross with Gladys S.W. Lam, An IIBA® Sponsored Handbook, Business Rule Solutions, LLC, October, 2011, 304 pp, http://www.brsolutions.com/bbs
Guest Post by Kenneth WatmanDeputy Director, Systems Analysis
Office of Director of National Intelligence
Like so many people, I was fascinated and exasperated by Taleb’s book. But, when the book is summed up, I do not believe Taleb has defined “Black Swan” as anything special or remarkable. Near as I can tell, a “Black Swan” is an especially rare event, perhaps completely unanticipated with very large consequences. Well, had we discussed this question before 9/11 and the financial crash, I think we would have said, “Of, course.” If there are 100-year hurricanes, there probably are 500-year hurricanes. A relatively small asteroid has a 1-in-250 chance of hitting earth over some time period with unprecedented effects. So, if you want to label those “Black Swans,” why not?
There are two issues of consequence that Taleb doesn’t or cannot answer.
1. First, is there a systematic reason to believe we are underestimating risk and or consequences? That’s a matter of data and analytical methods, and there are lots of people trying to find out. We know that when disaster models are misused, like the financial models, they will tell us garbage with results that may shock us. Again, where’s the news in that. Don’t misuse the models and put into place precautions against doing so.
2. Second, even if the data suggest we need fatter tails (long-standing procedures exist to do that), there’s a policy/greed question. Will finance and insurance companies put enough in their reserves to reflect the risks they face? Or, as a matter of policy, lack of regulation, competitive market pressures, and self-deception, will they simply close their eyes, cross their fingers, and discount cognitively what low risk means, e.g. non-zero risk?
Reminding us of rare, high consequence events is fine. Calling them “Black Swans” doesn’t add anything substantively, although it’s an effective metaphor. But the greatest contribution is in answering the latter two questions I’ve posed.
~~~~~~~~~~~~~~~Have a look at my recent posts on Black Swans, strategy, and business rules … Search on “Black Swans”
Let me re-clarify what I am, and am not, saying about business rules and black swans. There’s been some confusion. I did not say that preparing for or responding to black swans is all about business rules. (I’m not that naive!)I did say, however, that business rules “… build robustness to negative [black swans] that occur and being able to exploit positive ones” [Taleb’s words].
My main point is this: If you don’t have ready access to your current business rules (i.e., know what they are in depth), then when a black swan occurs you can’t immediately undertake to respond to negative ones, and exploit positive ones. (See: http://goo.gl/Ny2Cn)
A colleague wrote: “For example, Taleb cites 9/11 as an example of a black swan. What business rules would prevent or allow successful response to that?”
I make no suggestions about prevention. Hindsight is 20-20.
But successful response? You need to quickly review what your current business practices (business rules) are …
Permissible carry-ons. Box-cutter knives? Immediately banned. Any other sharp items including silverware for meals, banned.
Access to the cockpit. Special barriers (food cart, steward(ess)) put in a blocking position when a pilot exits the cockpit to use the lavatory. Doors locks reinforced.
We learn as we go. Amounts of liquid over a certain threshold, banned. Shoes must be removed at security. Souvenir ‘blizzard’ globes, banned.
You want to roll out these new business rules fast(!). If you don’t know what business rules you already have in place, you simply can’t respond as fast you need to. Make no mistake, most businesses today sadly don’t really know what their current business rules are. That’s what I’m saying!
I’ve gotten a lot of excellent response to yesterday’s post on black swans. Let me summarize yesterday’s points and continue the line of thought.
a. Business rules cannot be used to help protect against unforeseeable events that have not already happened.
b. Business analysts can assess unforeseeable events (black swans) and develop business rules to cater for their potential recurrence.
c. If you don’t have ready access to your current business rules (i.e., know what they are in depth), then when a black swan occurs you can’t immediately undertake point b.
Point c is actually where my emphasis lies. The result is that the organization remains vulnerable for recurrence (and copycat malicious attacks) for a much longer period than necessary (or desirable).How long extra? At least days, more likely weeks, sometimes months.What most organizations don’t realize today is that they don’t actually know what their business rules are. Before they can even begin to rethink business practices in-depth they have to send out ‘scouts’ (business analysts and IT professionals) to discover their current business rules (from people’s heads, source code, procedure manuals, documentation, etc., etc.). When the scouts do find the current business practices (business rules), they have to sort through redundancy, inconsistency, gaps and conflicts. That’s simply no way to run a business! There’s no single-sourcing of business rules, no official, authoritative ‘rulebook’, no structured corporate memory. The result is huge loss of time and energy.The problem is so big it’s hard to see. We simply have to face up to the fact that current methodologies produce a crippled business governance process. And yes, the situation *is* that bad!~~~~~~~~~~~~~~~~~
P.S. To single-source business rules and retain corporate memory about them, we recommend a ‘general rulebook system’. See http://www.brcommunity.com/BBSGlossary.pdf (page 30) for quick explanation.
I’m kicking off 2012 with a couple of things I just don’t get. Here’s the third one: I haven’t been able to find anyone so far talking about agile governance. Why not?!
I recently posted this on an architecture and governance forum:
Is there such a thing as ‘agile’ governance’? What would it entail? Looking for ideas or experience in the matter … Here are a few thoughts. I think answers should touch on business policies and business rules. And put agile IT development into perspective. What am I missing? http://goo.gl/nCpPC
Guess what I got back? Thoughts on software platform governance, agile methods applied to business rule development, and more – everything except what I was looking for. Perhaps I’m partly to blame myself. There’s always going to be problems when you (me in this case) don’t define terms.
By ‘governance’ I meant *business* governance … the running of business operations. The running of the show.
On ‘agile’ I fudged a little. I really meant ‘agile’ simply in its real-world (dictionary) sense of “characterized by ready ability to move quickly and easily with suppleness and grace; characterized by quickness or liveliness of mind, resourcefulness, or adaptability in coping with new and varied situations”. But I knew ‘agile’ would probably invoke the IT sense.
So let me try again: Does anybody have any thoughts on *agile governance*? To be more clear this time what I mean by ‘agile governance’ …
Agile governance: the running of business operations in a manner “characterized by ready ability to move quickly and easily with suppleness and grace; characterized by quickness or liveliness of mind, resourcefulness, or adaptability in coping with new and varied situations” … where business rules, business policy, and rule management play a key role.
“We actively use the BRS business-side techniques and train our business analysts in the approach. The techniques bring clarity between our BAs & customers, plus more robust requirements for our development teams. We’ve seen tremendous value.”
Jeanine Bradley – Railinc
“I found the course interesting and will be helpful.
I like the pragmatic reality you discuss, while a rule tool would be great, recognizing many people will use Word/Excel to capture them helps. We can’t jump from crazy to perfect in one leap!
Use of the polls is also great. Helps see how everyone else is doing (we are not alone), and helps us think about our current state.”
Trevor – Investors Group
“Sessions flow together well and build upon the concepts for the series which makes the learning easy and better retention.
The instructor is knowledgeable and very attentive to the audience given the range of attendees skill and knowledge of the subject at hand. I enjoy her training sessions.”
Deborah – American Family Insurance
“Your work has been one of the foundations of my success in our shared passion for data integration. It has had a huge impact on innumerable people!”