British Government create Major Fraud Incident by using IT to save on human costs! 20+ million pounds lost.

Current benefit scam (Universal Credit) in the United Kingdom has yet again shown how any approval for money given out via online validation is risky. Since the money was provided quickly by the government, scammers jumped on the chance to coax personal information out of people and even to make up fake personal information so they could get access to the most money possible. Current estimates are that over 20 million pounds has been stolen by fraudsters.

To help gain people’s trust, scammers used social media heavily to sell the fraud. Scammers also did the online application so any warnings of what was being signed up for were not visible to the victims of the fraud.

If we look at the original honorable goal of the online application, it was to provide people with money until their benefits were reviewed / approved as the approval process was taking 5 weeks or more. Government thought it would be great to give people money (in a the form of a loan) that would be later paid for by the claimants benefits (if approved) or repaid by the claimant if not approved for benefits. This way, the claimant could avoid cash flow issues. Really, the problem was that the Government did not have enough staff to process the claims quicker. The IT solution along with the loan was a cheaper approach that was badly implemented.

What was completely missed by the IT department working for the British Government when setting up the solution was the implementing of all the rules that human employees would use to process an application. This was a complete failure on the part of the business analysts involved in this software development and has ended up costing the UK government millions.

Some of the functions a human employee would have done in processing the application:

  1. Is the applicant aware of what they are signing up for? – Scammers did the application on behalf of the applicant so the applicants never knew fully. Scammers also used social media to describe the money as coming from a grant and not a loan.
  2. Do I have confirmation that the applicant knows what they are signing up for? As the applicants were not on the web site, they never confirmed what was being done. Victims have found out after the case what was really done.
  3. Do I have some reliable proof that the claim is accurate? Scammers submitted whatever they wanted to state in the claim as the validation was done over the process of 5 weeks after the money had been sent.
  4. Does the applicant know the amount and fees (if any) associated with the claim? Scammers claimed a fee to fill in the application on behalf of the claimant but there were no fees in reality.
  5. Does the applicant know who is supposed to do the claim? Scammers jumped on the opportunity to do the claim as their was no biometric validation (as compared to being interviewed by the government employee) as it was done online.

Here are the functions that we should watch for in our projects that require special attention when we are providing money quickly based on online validation only:

  • We need to guarantee that the party receiving the money is who they say they are and they know exactly how much is their money. This could be done by ensuring they are using an already validated bank account. In this fraud, a lot of the victims actually received the money to their bank account but thought they were obligated to pay the scammers part of it as the scammers had completed the online application.
  • We need to guarantee that the applicant is the one completing the application online so that the applicants are aware of what they are doing. Any warning / informational messages associated with the claiming / providing of money as part of an online application, we have to be 100% sure that the party to receive the money (legally tied to the money) has seen them! A web page pop-up with click of “Yes” along with capturing of IP address is not enough to verify that the person who needed to see the warning / informational message actually saw them. We need to guarantee the person at the computer on the web site is the valid party involved. This is where biometric information or a chip style reader (as used in credit cards) for an identity card would come in handy. Some companies use validated phone numbers with text messaging to achieved this however if the phone number is hacked or changed by the scammer this does not work. With the current fraud, it is several weeks before the Government works out that the claimant never used the web site to complete the application and thus were not aware of what was being signed for.

In summary, the British Government got themselves into this position because they did not want to hire more staff to process claims quicker. It is the classic case of relying on Information Technology to speed up a process on the cheap without due considerations of the risks involved or the human functions being replaced by the computer. Whoever did the analysis and design of this payment solution was incompetent beyond belief.

Process improvement through nudging

As business analysts, we are called in often to look at ways to improve the current process. Measurable improvements desired by the business to justify the process improvement could be in:

  • Quality
  • Reductions in costs
  • Increase in processing per hour

Any process to be improved has a certain amount of dynamic variability to it. From a high level math perspective, the processes are looked at as “dynamic resource allocation” because of the variability factor. By controlling the variability with nudges we can improve the process.

  • NOTE: With the advent of stronger AI, in the future we will see more reliance on AI to advise as to the best way to improve a process and it will be left up to the Business Analyst to help put AI advice in place.

What is “nudging” and how is it used to improve a process?

Nudging is where we don’t force a change of process or add new processes to improve process but instead nudge the behavior of the participants in a the current processes to get the results desired. A current example of this is where financial institutions offer rewards to customers if they go paperless for their statements. Going paperless improves:

  • Percentage of outstanding statements processed per hour as smaller printing backlog.
  • Speed of delivery as they are delivered in hours instead of days.
  • Quality in the sense that the statement does not get delivered to the wrong address, does not get damaged in printing etc.
  • Cost reduction as less mailing costs.

You can see from the 4 bullet points above, that a lot can be achieved by just nudging the customer in the statement process to no longer expect a paper statement.

So the next time you are looking at improving a current set of business processes, ask yourself if you can make improvements by “nudging” the current users of the business process in a direction that would support measurable improvements for less cost than force implementing changes or building solutions that have to manage many variables.

The Data Lake – understanding the concept

June 8, 2019 by · Leave a Comment
Filed under: Business Analyst Skills, Data 

As data capture has grown so have some of the techniques of handling the data. For about 10 years now, the Data Lake has started to appear in the business world as part of the data capture concept.

Originally when I started out, data was distributed all over the place with business analysts having to ask for extracts from various departments to get an overall view of the company. It was time consuming.

Next came the large data warehouse accepting in data from all over the company to a central store. However it could take years to get that data into the data warehouse. At one place I worked, it was a minimum of 2 years to absorb data into the data warehouse. Delay in getting data in was caused by the need to model the data and understand it completely before it could be absorbed. Data modelers would have to work out if new tables were needed and BAs would have to justify the business cost of storing the data. Add onto this that existing reports would be expected to use the data from the data warehouse and these reports would all have to be rebuilt to use the new data structure.

As companies have evolved to produce even more data, the data warehouse wait time was increasing significantly. Waiting for centralized data however did not tie in well with corporate strategy of being able to know what is going on around the company. At this point the Data Lake concept came into being. The Data Lake is basically a collection point for all data from around a company in any type of data structure. Data does not need to be refined to end up in the Data Lake. Good and bad data is collected. Visually the Data Lake term represents departments that generate data as streams that feed the lake.

As the data collects in the Data Lake, eventually some of it will make its way into the enterprise data warehouse based on need and cost justification. By creating a Data Lake approach, it has created a one source of data for people in a company to access. Data scientists can look at what is being captured and see if any of it is of use to what they are trying to analyze.

Pros of Data Lake:

  • Centralized repository of company data which in theory makes it easier to find data.
  • Quick to capture data into as not refined in anyway.
  • Allows the data source departments to focus on supporting their applications / business and not on providing formal data extracts that have to be absorbed by a data warehouse or other team.
  • Don’t have to wait on departmental availability of resources to get access to another department’s data.

Cons of Data Lake:

  • Resources have to be hired to support the collection of data into the data lake and the sharing of it.
  • Failure to get good searchable metadata on the data being store in the Data lake would prevent the data from being discovered at a later date.
  • Resources associated with the original data generation are not part of the Data Lake team which means the personal knowledge on the Data Lake team is limited to non-existent. Data knowledge is totally reliant on the metadata captured at the time the data is stored.
  • Useful and not so useful data is captured as the focus is capturing data.
  • Dependent on cheap storage to justify the large storage costs and the resources to support the physical storage / networks etc.
  • Secure data should not end up in a Data Lake due to risk that it may be exposed.
  • Not for operational reporting where reports have to be generated in 24 hours or less of data being created.

In summary, the Data Lake concept is just a fancy way of saying centralized raw data store created from data provided via different departments in a company. A Data Warehouse can pull data from the Data Lake for storage in the Warehouse at a later date once the need for it to be stored formally has been identified.

What kind of business are you in?

The question “what kind of business are you in?” seems simple enough and is a standard question that businesses ask themselves to stay relevant and not lose sight of their market. However as we know, the answers to simple open questions can end up being complicated. Looking at an example of a wrong answer for this question: railroad company thinks of themselves as a company in the railroad business, not realizing they are in the transportation business. An extreme example of bad decision making was Kodak not realizing they were in the memory / emotion capture business and instead they focused on providing film and print material because it had made them money for over 100 years. By the time they realized what business they were in, it was too late.

You might be wondering what direction I am taking this in. I want you to consider how you would answer this question in relation to your current career as a business analyst.

As a business analysts, I consider we are there to help generate improvement of profit and or reduction of costs for the companies we work at. However most employers (who are actually our customers) don’t see that in our role but instead look upon us to be specific in what we provide them in terms of knowledge and experience. Examples would be:

  • Payment handling
  • Healthcare data processing
  • General data analytics
  • Anti money laundering
  • Utilities
  • Mobile applications development
  • etc..

This narrow role definition by our customers puts us back into the mental mode of thinking that we are in the railroad business and not in transportation. Basically our customers are not going to tell us that they plan to make us obsolete with a new solution to their business needs or that they are losing market share in their industry (leading to job losses). We have to think beyond what we immediately provide to the customer and consider at least two things in our careers.

  1. Industry trends
  2. Tools we use

Industry Trends:

  • Is the Industry that we are working in shrinking or growing in our geographic location of work? Example – think of factories that get closed or corporate mergers either of which would reduce people needed in the industry.
    • To overcome, you would either need to gain experience / knowledge in a new industry or move location to where the work is (if that is an option).
  • Are there current or future disruptions to the way the work is being done in our industry that we need to be aware of? Example – looking at the railroad, the rails, trains and railcars are just a tool used in transportation. Certainly they help the railway business make money but as the railway companies found out in America after the interstate roads were built, new options for transportation by road upset the apple cart. Money invested in trains and railcars was lost because these tools did not work on the road. Basically being only in the railroad business was going to cause a loss of market share, decline in profits and decline in employment opportunities.
    • To overcome, you need to stay aware of advancements in technology / process that could impact your industry and seek knowledge / experience with the new and even considering changing industry if the new will make your industry obsolete and or reduce its market share causing a reduction in employment.

Tools We Use

  • Are the tools required to do your job changing? Example – with the move to more Agile IT work we are expected to have used formal tools for managing user stories, backlogs etc.. Reporting is another area where tools are continually evolving.
    • To overcome, you need to monitor the tools specified in job postings prior to your next job, have a budget set aside for training, get the training and if possible work out how to get experience with the tool/s.

In summary, don’t let your current success with customers blind you to the market. Stay current with what industries are doing (growing or shrinking) and what tools you need to do your job. That way you will continue to help companies improve their profits and reduce their expenses. Plan to budget for time and money to be spent to keep yourself marketable to customers. Be prepared to ditch an industry if the future looks grim. Don’t focus on pure profit, invest in yourself to stay in line with the market otherwise you may become the next Kodak.

3 Generic Certifications that help you get IT BA interviews!

There is no getting past it that the IT BA market has become saturated. It is no longer enough to be someone who has worked as a BA for years as the market is full of that experience. So the question becomes how do you make it to the interview pile instead of the reject pile?

Today I want to focus on 3 generic IT certifications that are not tied to an industry or solution that can help move your resume into the pile to be interviewed.

#3 Certified Business Analyst Professional or equivalent: This one has been around for quite a few years now. If you have been doing BA work as long as I have, it really does not bring much value in terms of knowledge. If you have less than 10 years of experience, this one is good to add onto your resume. However its value has somewhat diminished with Agile development.

Pros:

  • Shows that you have at least been educated as a BA.
  • Great for when you have limited real world experience.

Cons:

  • Has not become a job requirement like A+ certification (for pc repair).
  • BA roles differ from company to company so some companies add more or less weight to the certification.
  • Does not carry as much weight in the Agile development world.

#2 Certified Scrum Master: You can look on this certification as selling yourself to the client as two for the price of one. For the longest time, clients have liked to put their BA’s in the role of backup Project Manager, being a Scrum Master is the new flavor that Agile development has brought to us.

Pros:

  • Shows that you understand Agile development.
  • Makes you more appealing to the client as you can now fill two roles.
  • Could increase your salary as Scrum Masters can make more money than ordinary BAs.

Cons:

  • You may end up doing more Scrum Master work than BA work.
  • Could make your life busy as you juggle two roles.
  • You may not like being a Scrum Master.
  • Only applicable to Agile development. For non Agile, you could look to taking Project Management certifications instead.

#1 Certified Product Owner: You can look on this certification as being the natural career progression of the BA involved with Agile development. Any BA that wants to stay more in the BA world should look to get this certification sooner or later. It shows a client that you understand Agile and that you understand the BA role through the Product Owner viewpoint. With the advent of the Product Owner role, certain tasks normally performed by the BA have moved to the Product Owner and this is why it is not a large step for a BA to move into this role.

Pros:

  • Shows that you understand Agile development.
  • Makes you more appealing to the client as it shows you should be able to represent what the business wants.
  • Could increase your salary as Product Owners are more involved with the money making side of the business.

Cons:

  • More applicable to Agile development but does carry over into other types of development methods.
  • May not pay as well

In summary, if you are wondering how to get more interviews as an Information Technology BA, getting at least one of these generic certifications can help you move forward. What school or method you choose to get these certifications is not as important as actually having a certification that you can add to your resume.

From a long term perspective with these certifications, you will need to decide if you want to go more on the high paying Scrum Master side (which is more like the old Project Management) or look to move into Product Ownership which is the natural next step for Business Analysts.

Business Analysts who want to become Product Owners should know these two things.

As the market changes for business analysts and more consider the move into the product owner world, the question becomes, what is the difference between the role? Product owners can sometimes just be business analysts with a new job title and in other cases they are really product owners with full authority to make decisions.

Agile development has driven the growth of the product owner role. No longer do business partners have to wait months for development to implement new features / functions, instead they can be delivered in weeks. Since business partners usually have to run the business they don’t have time to spend on agile work so they delegate business representation to the product owner.

Now, let us consider two of the key differences in the product owner role vs business analyst:

  1. Industry knowledge – with the traditional BA role, there is usually time to get up to speed in the industry being worked in (Retail, Utility, Finance, Health, Transportation etc..) as the requirements are gathered. This means that having industry knowledge is not a deal breaker to being hired. In the product owner world, you had better know the industry as decisions have to be made quickly to keep the development moving. For example glass devices are not allowed in food processing plants, so developing a product solution that uses cell phone applications would be a bad decision for any industry that goes inside food processing plants because of the glass touch screen.
  2. Metrics / research – product owners need to make decisions on the priority of features / functions to be developed. As a product owner, you need to know how to justify the decision based on real world facts. This requires an understanding of the research options / data available and metrics desired in new development. Think Google Analytics, combined with any restrictions on data that can be collected / solutions that can be delivered. Business analysts on the other hand normally get this information and direction from their business partners.

How to get the skills needed to be a product owner?

  • Industry knowledge can be gained by either working as a business analyst in the industry for a period of time or getting a job on the business side. Both options will be good to getting the necessary experience.
  • Knowing research options / metrics to justify decisions is not always needed as not all companies expect this of their product owners. However for those product owners that do need to know the information, joining external groups in the industry, reading trade publications, staying on top of trends, working on the business side etc.. can all help to build up the knowledge required to justify decisions.

VW a lesson in marketing versus regulations

By now you will be very aware of the VW diesel scandal where the software on the car detected when the car was being tested and controlled exhaust emissions to past the test.

Anyone that works in gathering requirements can easily see the problem here. There were two competing requirements Marketing and Regulatory and in the end the marketing side won out.

Big business is a game of cat and mouse. Laws are in place for a lot of things but for business the viewpoint of laws is the risk / cost of being caught and the benefit of not following the law. If the law is not enforced 100%, business will start to think of it as an optional law. There are numerous cases of settlements between car companies and the US government or consumers. The Titanic is a classic example of the law being met but the intent of the law being missed which was to have enough life rafts to save lives – the law had not been written in such a way as to force the life rafts to be enough to meet the number of passengers.

When gathering requirements for a solution, care must be taken to understand the implications of giving one set of requirements higher priority over another. Risk analysis is supposed to be done to ensure the VW, Titanic situation never occurs today. However profit is a powerful master and it will make people blind to that which is obvious.

Double check those requirements that fly in the face of morals to make sure you are not ignoring something that will later make you a headline.

 

The industrial revolution 2.0 – where Jane & John Doe programs make sense

If you ever saw pictures from the original industrial revolution (1790 – 1870) you would have seen machines producing goods that also required humans to keep them supplied with materials. In some cases it was dangerous work as the humans darted under the mechanism of the machine to keep it supplied. One wrong step and the human resource was injured or killed.

These machine in their own way were original pieces of programming. Basically the Steam Punk of code where the internal workings are completely visible. Humans basically made up the shortfall in what could not be replaced easily or affordably by machine.

Step forward into today and while the brass and iron has vanished we still have humans fulfilling the roles where machines have not caught up.

Amazon pickers is an example of the humans still meeting the need.

When do you ask does it make sense to replace the human programs (lets call them Jane & John Doe)?

NOTE: This article is a somewhat tongue in cheek consideration of the removal of humans from the workforce and is not meant to offend anyone who is worried about AI takeover.

Let’s first look at the benefit of our human Jane and John Doe programs:

1 – Easily programmed if task is not too complicated.

2 – Can be programmed by other existing programs.

3 – Adaptable interface – Buttons, levers, switches etc.. are not an issue.

4 – Can be replaced if failing.

5 – Low short term investment costs.

6 – Can be easily reprogrammed as tasks change.

7 – Multiple interface methods for programming – auditory, touch, visual.

 

The cons of Jane and John Doe:

1 – Program can leave of own accord requiring another program to be obtained.

2 – Program can be injured requiring maintenance costs to be paid even if another program replaces it.

3 – Not all programs are of equal ability which can cause quality issues.

4 – Limited amount of transactions per hour can be handled and there is risk of memory leakage if the task is too frequent or repetitive.

 

Now let us consider the attributes of the equation to determine when to replace the Jane and John Doe programs with actual computerized machines :

1 – Cost of your current Jane and John Does + cost to remove them from the role versus the cost of the computerized machine.

2 – Frequency of the transaction – more frequent or increasing frequency raises the number of Jane and John Does programs you require making a computerized alternative more attractive.

3 – Availability of Jane and John Does – if they are getting harder to find, their cost goes up.

4 – Complexity of the task – like point 3, if the complexity of the task is getting higher, the number of Jane and John Does that can do it get less, increasing their cost.

5 – Long term need for Jane and John Doe – if the task is not changing and going to be around a long time, programming a computerized alternative makes sense as the long term return can be seen.

6 – Reliability of the computerized alternatives or level of risk a single failure point can create. When you have a large human set of programs, there is a lot of redundancy built in if one fails. With a computerized machine, when it fails, there is no backup until it is repaired.

There are probably a multitude of other reasons to keep or replace Jane and John Doe. This article is just to make you think about it from a ROI point of view and how history repeats itself 200 years later.

To quote what the head of an IT operations once said to me back in the 1989 “As soon as the cost of the tape system comes down to being cheaper than the staff I will get rid of the operations staff.” By 1992 the operations staff were out of a job as a machine had replaced them – the cost had come down enough. Machines eventually get cheaper than their human counterparts.

 

When software kills due to incomplete requirements

If you are lucky, your software has not been responsible for the death of anyone to date. If you are unlucky then you know it.

When a analyst gathers requirements for a piece of software there is a tendency to focus on the happy path and ignore the surrounding paths that can lead to disaster. Unfortunately events can lead up to the identification of the missing requirements and sometimes death is a result.

To be fair, we humans can still kill ourselves without software such as with the mechanical loaded gun or the speeding car taking a bend too fast. However software seems to give people in some cases a false sense of security that does not exist. In other cases it can give them power to do something that should not have been possible if they were directly engaged with the physical which leads to disaster.

The article below refers to two cases where software enabled a pilot to do something they should not have been allowed to do with death being the end result.

Lessons from spaceship two’s crash

In the above article, the situation was different from my previous article about lack of tactile feedback. In both cases the pilots knew what they were doing, they just did it at the wrong time or too frequently for the specific vehicle to survive.

As an analyst, be it a system’s analyst or business analyst, it is not enough to think of just the happy path. Whenever you are gathering requirements you need to also think of what will keep us on the happy path. Whenever there is an interaction or a key data point, ask yourself if the event that causes this can be triggered at the wrong time or occur too many times.

Look for the ways that one can step off of the path and see if you can build either a metaphorical wall to keep us on the path or ways to get us back on the path before any damage is done.

Testers working for nothing – why you should not go into testing as a career

Often Business Analysts will see in their job description the act of testing. True heavy testing requires special skills that do not tie in well with good Business Analysts skills.

Business Analysts often need to get out and communicate with a variety of people and dig beneath the surface of conversations to find the true requirements / processes.

Testing however relies on the information presented from the Business Analyst along with other documents and  industry standards to validate the work done. Testers effectively thrive in an atmosphere where communicating with a variety of people is not required.

While small amounts of testing such as a minor enhancement can be covered by a BA, care must be taken if the BA role requires more than that as it will weaken your BA skills over time.

Maybe the above is not enough to dissuade you from heading down a testing career path from your BA role but two trends should discourage you from heading into testing as a career:

1 – Outsourcing

Recently I saw a corporation completely outsource their Testing Department. Part of the reason behind this is the theory that the size of a testing department varies according to the work being done. A vendor was considered a better solution to handling the waves of work as opposed to having staff on hand.

2 – Testing for nothing in hope of potential rewards

This is the most worrying concern for anybody involved in testing. It looks like a Silicon Valley startup has ditched paying testers a wage. Testers have to compete to win cash by being the first to identifying bugs / issues that nobody else has identified. If they are not the first then they get nothing for their efforts. The prizes are also so small that only someone living in a country overseas could justify the risk of time and effort for little to no reward.

Next Page »