British Government create Major Fraud Incident by using IT to save on human costs! 20+ million pounds lost.

Current benefit scam (Universal Credit) in the United Kingdom has yet again shown how any approval for money given out via online validation is risky. Since the money was provided quickly by the government, scammers jumped on the chance to coax personal information out of people and even to make up fake personal information so they could get access to the most money possible. Current estimates are that over 20 million pounds has been stolen by fraudsters.

To help gain people’s trust, scammers used social media heavily to sell the fraud. Scammers also did the online application so any warnings of what was being signed up for were not visible to the victims of the fraud.

If we look at the original honorable goal of the online application, it was to provide people with money until their benefits were reviewed / approved as the approval process was taking 5 weeks or more. Government thought it would be great to give people money (in a the form of a loan) that would be later paid for by the claimants benefits (if approved) or repaid by the claimant if not approved for benefits. This way, the claimant could avoid cash flow issues. Really, the problem was that the Government did not have enough staff to process the claims quicker. The IT solution along with the loan was a cheaper approach that was badly implemented.

What was completely missed by the IT department working for the British Government when setting up the solution was the implementing of all the rules that human employees would use to process an application. This was a complete failure on the part of the business analysts involved in this software development and has ended up costing the UK government millions.

Some of the functions a human employee would have done in processing the application:

  1. Is the applicant aware of what they are signing up for? – Scammers did the application on behalf of the applicant so the applicants never knew fully. Scammers also used social media to describe the money as coming from a grant and not a loan.
  2. Do I have confirmation that the applicant knows what they are signing up for? As the applicants were not on the web site, they never confirmed what was being done. Victims have found out after the case what was really done.
  3. Do I have some reliable proof that the claim is accurate? Scammers submitted whatever they wanted to state in the claim as the validation was done over the process of 5 weeks after the money had been sent.
  4. Does the applicant know the amount and fees (if any) associated with the claim? Scammers claimed a fee to fill in the application on behalf of the claimant but there were no fees in reality.
  5. Does the applicant know who is supposed to do the claim? Scammers jumped on the opportunity to do the claim as their was no biometric validation (as compared to being interviewed by the government employee) as it was done online.

Here are the functions that we should watch for in our projects that require special attention when we are providing money quickly based on online validation only:

  • We need to guarantee that the party receiving the money is who they say they are and they know exactly how much is their money. This could be done by ensuring they are using an already validated bank account. In this fraud, a lot of the victims actually received the money to their bank account but thought they were obligated to pay the scammers part of it as the scammers had completed the online application.
  • We need to guarantee that the applicant is the one completing the application online so that the applicants are aware of what they are doing. Any warning / informational messages associated with the claiming / providing of money as part of an online application, we have to be 100% sure that the party to receive the money (legally tied to the money) has seen them! A web page pop-up with click of “Yes” along with capturing of IP address is not enough to verify that the person who needed to see the warning / informational message actually saw them. We need to guarantee the person at the computer on the web site is the valid party involved. This is where biometric information or a chip style reader (as used in credit cards) for an identity card would come in handy. Some companies use validated phone numbers with text messaging to achieved this however if the phone number is hacked or changed by the scammer this does not work. With the current fraud, it is several weeks before the Government works out that the claimant never used the web site to complete the application and thus were not aware of what was being signed for.

In summary, the British Government got themselves into this position because they did not want to hire more staff to process claims quicker. It is the classic case of relying on Information Technology to speed up a process on the cheap without due considerations of the risks involved or the human functions being replaced by the computer. Whoever did the analysis and design of this payment solution was incompetent beyond belief.

Process improvement through nudging

As business analysts, we are called in often to look at ways to improve the current process. Measurable improvements desired by the business to justify the process improvement could be in:

  • Quality
  • Reductions in costs
  • Increase in processing per hour

Any process to be improved has a certain amount of dynamic variability to it. From a high level math perspective, the processes are looked at as “dynamic resource allocation” because of the variability factor. By controlling the variability with nudges we can improve the process.

  • NOTE: With the advent of stronger AI, in the future we will see more reliance on AI to advise as to the best way to improve a process and it will be left up to the Business Analyst to help put AI advice in place.

What is “nudging” and how is it used to improve a process?

Nudging is where we don’t force a change of process or add new processes to improve process but instead nudge the behavior of the participants in a the current processes to get the results desired. A current example of this is where financial institutions offer rewards to customers if they go paperless for their statements. Going paperless improves:

  • Percentage of outstanding statements processed per hour as smaller printing backlog.
  • Speed of delivery as they are delivered in hours instead of days.
  • Quality in the sense that the statement does not get delivered to the wrong address, does not get damaged in printing etc.
  • Cost reduction as less mailing costs.

You can see from the 4 bullet points above, that a lot can be achieved by just nudging the customer in the statement process to no longer expect a paper statement.

So the next time you are looking at improving a current set of business processes, ask yourself if you can make improvements by “nudging” the current users of the business process in a direction that would support measurable improvements for less cost than force implementing changes or building solutions that have to manage many variables.

VW a lesson in marketing versus regulations

By now you will be very aware of the VW diesel scandal where the software on the car detected when the car was being tested and controlled exhaust emissions to past the test.

Anyone that works in gathering requirements can easily see the problem here. There were two competing requirements Marketing and Regulatory and in the end the marketing side won out.

Big business is a game of cat and mouse. Laws are in place for a lot of things but for business the viewpoint of laws is the risk / cost of being caught and the benefit of not following the law. If the law is not enforced 100%, business will start to think of it as an optional law. There are numerous cases of settlements between car companies and the US government or consumers. The Titanic is a classic example of the law being met but the intent of the law being missed which was to have enough life rafts to save lives – the law had not been written in such a way as to force the life rafts to be enough to meet the number of passengers.

When gathering requirements for a solution, care must be taken to understand the implications of giving one set of requirements higher priority over another. Risk analysis is supposed to be done to ensure the VW, Titanic situation never occurs today. However profit is a powerful master and it will make people blind to that which is obvious.

Double check those requirements that fly in the face of morals to make sure you are not ignoring something that will later make you a headline.

 

The industrial revolution 2.0 – where Jane & John Doe programs make sense

If you ever saw pictures from the original industrial revolution (1790 – 1870) you would have seen machines producing goods that also required humans to keep them supplied with materials. In some cases it was dangerous work as the humans darted under the mechanism of the machine to keep it supplied. One wrong step and the human resource was injured or killed.

These machine in their own way were original pieces of programming. Basically the Steam Punk of code where the internal workings are completely visible. Humans basically made up the shortfall in what could not be replaced easily or affordably by machine.

Step forward into today and while the brass and iron has vanished we still have humans fulfilling the roles where machines have not caught up.

Amazon pickers is an example of the humans still meeting the need.

When do you ask does it make sense to replace the human programs (lets call them Jane & John Doe)?

NOTE: This article is a somewhat tongue in cheek consideration of the removal of humans from the workforce and is not meant to offend anyone who is worried about AI takeover.

Let’s first look at the benefit of our human Jane and John Doe programs:

1 – Easily programmed if task is not too complicated.

2 – Can be programmed by other existing programs.

3 – Adaptable interface – Buttons, levers, switches etc.. are not an issue.

4 – Can be replaced if failing.

5 – Low short term investment costs.

6 – Can be easily reprogrammed as tasks change.

7 – Multiple interface methods for programming – auditory, touch, visual.

 

The cons of Jane and John Doe:

1 – Program can leave of own accord requiring another program to be obtained.

2 – Program can be injured requiring maintenance costs to be paid even if another program replaces it.

3 – Not all programs are of equal ability which can cause quality issues.

4 – Limited amount of transactions per hour can be handled and there is risk of memory leakage if the task is too frequent or repetitive.

 

Now let us consider the attributes of the equation to determine when to replace the Jane and John Doe programs with actual computerized machines :

1 – Cost of your current Jane and John Does + cost to remove them from the role versus the cost of the computerized machine.

2 – Frequency of the transaction – more frequent or increasing frequency raises the number of Jane and John Does programs you require making a computerized alternative more attractive.

3 – Availability of Jane and John Does – if they are getting harder to find, their cost goes up.

4 – Complexity of the task – like point 3, if the complexity of the task is getting higher, the number of Jane and John Does that can do it get less, increasing their cost.

5 – Long term need for Jane and John Doe – if the task is not changing and going to be around a long time, programming a computerized alternative makes sense as the long term return can be seen.

6 – Reliability of the computerized alternatives or level of risk a single failure point can create. When you have a large human set of programs, there is a lot of redundancy built in if one fails. With a computerized machine, when it fails, there is no backup until it is repaired.

There are probably a multitude of other reasons to keep or replace Jane and John Doe. This article is just to make you think about it from a ROI point of view and how history repeats itself 200 years later.

To quote what the head of an IT operations once said to me back in the 1989 “As soon as the cost of the tape system comes down to being cheaper than the staff I will get rid of the operations staff.” By 1992 the operations staff were out of a job as a machine had replaced them – the cost had come down enough. Machines eventually get cheaper than their human counterparts.

 

When software kills due to incomplete requirements

If you are lucky, your software has not been responsible for the death of anyone to date. If you are unlucky then you know it.

When a analyst gathers requirements for a piece of software there is a tendency to focus on the happy path and ignore the surrounding paths that can lead to disaster. Unfortunately events can lead up to the identification of the missing requirements and sometimes death is a result.

To be fair, we humans can still kill ourselves without software such as with the mechanical loaded gun or the speeding car taking a bend too fast. However software seems to give people in some cases a false sense of security that does not exist. In other cases it can give them power to do something that should not have been possible if they were directly engaged with the physical which leads to disaster.

The article below refers to two cases where software enabled a pilot to do something they should not have been allowed to do with death being the end result.

Lessons from spaceship two’s crash

In the above article, the situation was different from my previous article about lack of tactile feedback. In both cases the pilots knew what they were doing, they just did it at the wrong time or too frequently for the specific vehicle to survive.

As an analyst, be it a system’s analyst or business analyst, it is not enough to think of just the happy path. Whenever you are gathering requirements you need to also think of what will keep us on the happy path. Whenever there is an interaction or a key data point, ask yourself if the event that causes this can be triggered at the wrong time or occur too many times.

Look for the ways that one can step off of the path and see if you can build either a metaphorical wall to keep us on the path or ways to get us back on the path before any damage is done.

Data handling – know when to bring the experts on board.

We all know about the Y2K incident with the 2 digit year however there are still examples of data storage length being inappropriate for the data to be stored.

If you are a Business Analyst that deals with data then it is important to always be questioning the data requirements to ensure that they meet the need of the business / application now and especially in the future.

Industries where data is critical to their function will probably leverage Data Modelers / Engineers / Scientists to manage data definition. As a BA we should not be afraid to state when the  data knowledge is beyond us and ask for the project to employ one of these specialists. Do not try and wing it because the end result can be expensive to the company.

To read up on some of the impacts of data, see this article below from the BBC:

Data Handling that led to disasters

14 tips for surviving Senior Level meetings.

At some point in your Business Analyst career you may be asked to meet with Board level staff. This should not frighten you if you follow some logical tips.

1 – Don’t go it alone.
Find someone to help you setup, run and share results/minutes of meeting.

2 – Make sure someone in the room can vouch for you.
Someone in the room of a senior enough level has to be able to support you when things get tough. If you don’t know anyone, reach out to at least one individual prior to the meeting to introduce yourself and get them on your side. Failure to do this could leave you in front of a firing squad.

3 – Know who the most senior people are in the room and respect their authority.
If you don’t know who a person is that has the power to end your job, better to find out before you challenge their meeting behavior or statements.

4 – Define the rules and objective of the meeting.
Always good to define the rules and objectives. Please note however, the higher the level of meeting the less the participants are willing to listen to the rules, in those cases you have to go with the flow.

5 – Dress to match the meeting participants.
If the meeting is a suit and tie affair, wear them.

6 – When things go astray.
Ask the participants if they are open to taking a break.

7 – Be Bold but not Reckless.
Be careful of how you control the meeting. Being respectful to participants is key and don’t get sucked into arguing with them. Note and accept their objections then move on.

8 – Meet one on one post meeting to resolve issues.
Since you avoided the argument, afterwards is when you meet with the individual or subordinate and work to resolve their issues.

9 – For long meetings, meetings at lunch or dinner make sure the food and drinks match the level of staff.
Quite often you can reach out to the personal admin of the highest of the participants and work with them to schedule the right food and drinks.

10 – Be flexible.
Senior level staff availability changes at the last minute. You may find your meeting getting shrunk or bumped. Often these people are used to meeting in the evenings post the regular work day.

11 – Learn the individual personalities before hand.
Knowing what to expect from the individuals involved in the meeting keeps the surprises to a minimum.

12 – Know the terminology / acronyms
Either learn the stuff before the meeting or have someone with you who can whisper / Instant Message you what is being said.

13 – Use IM to get live meeting feedback
If you or your companion is not presenting, have your senior friend in the room (point 2) let you know if you are going off track by Instant Messaging you feedback to the computer that is not presenting – don’t want the IM to appear on screen.

14 – Prepare psychologically.
Follow whatever routine you use to relax and stay relaxed during the meeting.
http://www.bbc.com/capital/story/20140904-jitters-act-like-a-starfish

Four components to measuring success of your product / release.

Whatever you are working on will eventually end up with a new or updated product being released. Prior to that release date, consideration should be given to how to measure success.

There are four components to measuring success:
1 – Determine what is to be measured.
What is the new or improved product supposed to achieve? Hopefully you already know the answer to this prior to even starting development.
A business should have clearly defined goals as to what is expected via the release of the new or improved product. These goals should be quantifiable in a mathematical way even if you have to hire a PHD mathematician to determine the formula that quantifies it.

Examples:
a – Game averages 1000 downloads per day over a 3 month period.
b – LED Lightbulb increases market share for our brand over others.
c – New website design increases revenue from marketing and attracts more visitors.

2 – Identify Channels to supply the measurement information.
Now that you know what you plan to measure for success, the next question is where to get this information from?
Channels of information can come in many different ways:
a – Data could be collected from social media site such as Facebook to see how many positive comments a new product gets.
b – Sales information could be tracked from online and physical stores.
c – Surveys could be performed on potential and actual customers.
d – Certain key words/phrases could be searched on in the Search Engines.

3 – Integrate and absorb the data from the Channels.
Once the source of the measurements has been identified, the next step is the actual integration of this data into your reporting system so that it can be sliced and diced to provide the measurement of success reports. Your PHD mathematician may also be needed here to weight the data accordingly so that no one channel skews the results unrealistically.

4 – Present the success data to the consumers.
Finally with all the data, reports can be designed / generated or data outputted for consumption by those who will make the determination that the goals have been achieved. At this point knowing who the consumers of the information is becomes critical as you need to present the data in a format that the consumers can understand and consume. You may need to engage UI/UX experts at this point if the presentation is using new technology so that they can help design the presentation.

Not knowing Business Terms can affect your hireability.

Since I have been working for so long at different clients I have gotten a good understanding of terms used in the business world. However others of you may not have the same experience. This lack of understanding can affect you doing your job and even getting hired in the first place since you may have to do a scenario interview.

To help you with this, I have added a link to a online dictionary of terms used in the work place to my blog and also provided it below.

Office Business Terms

Happy reading!

Project behind schedule it must be because of the Business Analyst

Often I hear a fellow Business Analyst say that the sponsors of his project and the project manager are complaining that they, the Business Analyst are taking too long.

Assuming that the Business Analyst is competent then why does this project delay occur?
1 – Business did not really know what they wanted or needed from the project but they thought they did.
2 – New Technology or unproven technology is involved.
3 – Project schedule was unrealistic to begin with.
4 – People that need to answer questions are not making themselves available or are not available.

Business Analysts need to determine the above issues as quickly as possible and bring them to management attention. Delay in recognizing these problems will lead the blame on project delay to be directed towards the Business Analyst instead of people working to find solutions to the obstacles.

Note: Not all managers are created equal! Business Analysts have to be aware of how a project runs and be willing to bring issues to management attention hopefully with recommendations on resolving them.

Next Page »