Categories
erwin Expert Blog

Documenting and Managing Governance, Risk and Compliance with Business Process

Managing an organization’s governance, risk and compliance (GRC) via its enterprise and business architectures means managing them against business processes (BP).

Shockingly, a lot of organizations, even today, manage this through, either homemade tools or documents, checklists, Excel files, custom-made databases and so on and so forth. The three main reasons organizations tend to still operate in this manual and disparate way comes down to three reasons:

  1. Cost
  2. Governance, risk and compliance are treated as isolated bubbles.
  3. Data-related risks are not connected with the data architects/data scientists.

If we look at this past year, COVID-19 fundamentally changed everything overnight – and it was something that nobody could have anticipated. However, only organizations that had their risks mapped at the process level could see their operational risk profiles and also see what processes needed adjustments – quickly.

Furthermore, by linking compliance with process, those organizations were prepared to answer very specific compliance questions. For example, if a customer asked, “Since most of your employees are working from home now, how can you ensure that my data is not shared with their kids?” Organizations with business process could respond with, “We have anticipated these kinds of risks and implemented the following controls, and this is how we protect you in different layers.”

Every company must understand its business processes, particularly those in industries in which quality, regulatory, health, safety or environmental standards are serious considerations. BP modeling and analysis shows process flows, system interactions and organizational hierarchies to identity areas for improvement as well as practices susceptible to the greatest security, compliance or other risks so controls and audits can be implemented to mitigate exposures.

Connecting the GRC, Data and Process Layers

The GRC layer comprises mandatory components like risks, controls and compliance elements. Traditionally, these are manually documented, monitored and managed.

For example, if tomorrow you decide you want ISO (International Organization for Standardization) 27001 compliance for your information security management system, you can go to the appropriate ISO site, download the entire standard with all the assessments with all the descriptions, mandates, questions and documents that you will need to provide. All of these items would comprise the GRC layer.

However, many organizations maintain Excel files with risk and control information and other Office files with compliance files and information in isolation. Or some of these files are uploaded to various systems, but they don’t talk to each other or any other enterprise systems for that matter. This is the data layer, which is factual, objective and, as opposed to the GRC layer, can be either fully or partly automated.

Now, let’s add the process layer to the equation. Why? Because that is where the GRC and data layers meet. How? Processes produce, process and consume data –information captured in the metadata layer. By following the process sequence, I can actually trace the data lineage as it flows across the entire business ecosystem, beyond the application layer.

Taking it further, from processes, I can look at how the data is being managed by my capabilities. In other words, if I do have a data breach, how do I mitigate it? What impact will it have on my organization? And what are the necessary controls to manage it? Looking at them from right to left, I can identify the effected systems, and I can identify the interfaces between systems.

Mitigating Data Breaches

Most data breaches happen either at the database or interface level. Interfaces are how applications talk to each other.

Organizations are showing immense interest in expanding the development of risk profiles, not only for isolated layers but also in how those layers interact – how applications talk to each other, how processes use data, how data is stored, and how infrastructure is managed. Understanding these profiles allows for more targeted and even preemptive risk mitigation, enabling organizations to fortify their weak points with sufficient controls but also practical and effective processes.

We’re moving from a world in which everything is performed manually and in isolation to one that is fully automated and integrated.

erwin instructs how to document and manage governance, risk and compliance using business process modeling and enterprise architecture solution erwin Evolve.

The C-Level Demands GRC Real-Time Impact Analysis

Impact analysis is critical. Everything needs to be clearly documented, covering all important and relevant aspects. No service, capability or delivery process is considered complete unless the risks and controls that affect it, or are implemented through it, are mapped and that assessment is used to generate risk profiles for the process, service or capability. And the demand for this to happen automatically increases daily.

This is now one of the key mandates across many organizations. C-level executives now demand risk profile dashboards at the process ,organizational and local level.

For example, an executive travelling from one country to another, or from one continent to another, can make a query: “I’m traveling to X, so what is the country’s risk profile and how is it being managed What do I need to be aware of or address while I’m there?” Or when a new legislation is introduced affecting multiple countries, the impact of that legislation to those countries’ risk profiles can be quickly and accurately calculated and actions planned accordingly.

erwin Evolve

GRC is more critical than ever. Organizations and specifically the C-suite are demanding to see risk profiles at different slices and dices of a particular process. But this is impossible without automation.

erwin Evolve is a full-featured, configurable enterprise architecture (EA) and BP modeling and analysis software suite that aids regulatory and industry compliance and maps business systems that support the enterprise. Its automated visualization, documentation and enterprise collaboration capabilities turn EA and BP artifacts into insights both IT and business users can access in a central location for making strategic decisions and managing GRC.

Please click here to start your free trial of erwin Evolve.

Categories
erwin Expert Blog

Business Process Can Make or Break Data Governance

Data governance isn’t a one-off project with a defined endpoint. It’s an on-going initiative that requires active engagement from executives and business leaders.

Data governance, today, comes back to the ability to understand critical enterprise data within a business context, track its physical existence and lineage, and maximize its value while ensuring quality and security.

Free Data Modeling Best Practice Guide

Historically, little attention has focused on what can literally make or break any data governance initiative — turning it from a launchpad for competitive advantage to a recipe for disaster. Data governance success hinges on business process modeling and enterprise architecture.

To put it even more bluntly, successful data governance* must start with business process modeling and analysis.

*See: Three Steps to Successful & Sustainable Data Governance Implementation

Business Process Data Governance

Passing the Data Governance Ball

For years, data governance was the volleyball passed back and forth over the net between IT and the business, with neither side truly owning it. However, once an organization understands that IT and the business are both responsible for data, it needs to develop a comprehensive, holistic strategy for data governance that is capable of four things:

  1. Reaching every stakeholder in the process
  2. Providing a platform for understanding and governing trusted data assets
  3. Delivering the greatest benefit from data wherever it lives, while minimizing risk
  4. Helping users understand the impact of changes made to a specific data element across the enterprise.

To accomplish this, a modern data governance strategy needs to be interdisciplinary to break down traditional silos. Enterprise architecture is important because it aligns IT and the business, mapping a company’s applications and the associated technologies and data to the business functions and value streams they enable.

Ovum Market Radar: Enterprise Architecture

The business process and analysis component is vital because it defines how the business operates and ensures employees understand and are accountable for carrying out the processes for which they are responsible. Enterprises can clearly define, map and analyze workflows and build models to drive process improvement, as well as identify business practices susceptible to the greatest security, compliance or other risks and where controls are most needed to mitigate exposures.

Slow Down, Ask Questions

In a rush to implement a data governance methodology and system, organizations can forget that a system must serve a process – and be governed/controlled by one.

To choose the correct system and implement it effectively and efficiently, you must know – in every detail – all the processes it will impact. You need to ask these important questions:

  1. How will it impact them?
  2. Who needs to be involved?
  3. When do they need to be involved?

These questions are the same ones we ask in data governance. They involve impact analysis, ownership and accountability, control and traceability – all of which effectively documented and managed business processes enable.

Data sets are not important in and of themselves. Data sets become important in terms of how they are used, who uses them and what their use is – and all this information is described in the processes that generate, manipulate and use them. So unless we know what those processes are, how can any data governance implementation be complete or successful?

Processes need to be open and shared in a concise, consistent way so all parts of the organization can investigate, ask questions, and then add their feedback and information layers. In other words, processes need to be alive and central to the organization because only then will the use of data and data governance be truly effective.

A Failure to Communicate

Consider this scenario: We’ve perfectly captured our data lineage, so we know what our data sets mean, how they’re connected, and who’s responsible for them – not a simple task but a massive win for any organization. Now a breach occurs. Will any of the above information tell us why it happened? Or where? No! It will tell us what else is affected and who can manage the data layer(s), but unless we find and address the process failure that led to the breach, it is guaranteed to happen again.

By knowing where data is used – the processes that use and manage it – we can quickly, even instantly, identify where a failure occurs. Starting with data lineage (meaning our forensic analysis starts from our data governance system), we can identify the source and destination processes and the associated impacts throughout the organization.

We can know which processes need to change and how. We can anticipate the pending disruptions to our operations and, more to the point, the costs involved in mitigating and/or addressing them.

But knowing all the above requires that our processes – our essential and operational business architecture – be accurately captured and modelled. Instituting data governance without processes is like building a castle on sand.

Rethinking Business Process Modeling and Analysis

Modern organizations need a business process modeling and analysis tool with easy access to all the operational layers across the organization – from high-level business architecture all the way down to data.

Such a system should be flexible, adjustable, easy-to-use and capable of supporting multiple layers simultaneously, allowing users to start in their comfort zones and mature as they work toward their organization’s goals.

The erwin EDGE is one of the most comprehensive software platforms for managing an organization’s data governance and business process initiatives, as well as the whole data architecture. It allows natural, organic growth throughout the organization and the assimilation of data governance and business process management under the same platform provides a unique data governance experience because of its integrated, collaborative approach.

Start your free, cloud-based trial of erwin Business Process and see how some of the world’s largest enterprises have benefited from its centralized repository and integrated, role-based views.

We’d also be happy to show you our data governance software, which includes data cataloging and data literacy capabilities.

Enterprise Architecture Business Process Trial

Categories
erwin Expert Blog

Internal Business Process Modeling: The Secret Behind Exponential Organizations

Strong internal business process modeling and management helps data-driven organizations compete and lead

In short, an internal business process is a documented account of how things should be done to maximize efficiency and achieve a particular goal.

In the book “Exponential Organizations” by Salim Ismail, Michael S. Malone and Yuri van Geest, the authors, examine how every company is or will evolve into an information-based entity in which costs fall to nearly zero, abundance replaces scarcity and only “exponential organizations” survive.

It’s not news that exponential organizations like Uber, Airbnb and Netflix have flipped the script on disrupting traditional industries like taxis, hotels and video rentals/TV viewing.

But now, even traditional industries like healthcare and financial services, which were historically slow to innovate, are transforming at breakneck speed.

Let’s face it, in today’s hyper-competitive markets, the traditional approach of relying on legacy strengths or inertia for survival just simply won’t work.

The days of enterprises focusing almost exclusively on rigid structures, centralized management and accountability; concentrated knowledge; service mainly to external customers; and reactive, short-term strategy alignment driven mainly by massive-scale projects are antiquated.

The information within your organization’s internal business processes is where the data your company collects, creates, stores and analyzes actually transforms into something that makes your company go, hopefully for the long haul.

Internal Business Process Modeling - Exponential Organizations

The Value of Internal Business Process Modeling

Organizations are built on a series of internal business processes. The complexity of modern data-driven organizations requires processes to work in tandem to create and sustain value.

The degree to which any individual internal business process drives value can vary, but even the most seemingly mundane processes are part of a collective sum, greater than its parts.

Therefore, it’s critical for organizations to map their internal business processes to understand how a given action relates to the organizations’ overall strategy and goals.

Such knowledge is at the core of exponential organizations. They understand how any given internal business process relates to value creation, making it far easier to assess what’s currently working but also identify areas for improvement as well as the potential for competitive differentiation.

Exponential organizations also are better positioned to respond and adapt to disruptive forces, such as 5G. This is because understanding what and how you do things now makes it easier to implement change in an agile manner.

5G Roadmap: Preparing Your Enterprise Architecture

How do you join the ranks of exponential organizations? And where do you begin your journey to becoming an information-based entity?

Attitude Adjustment

More and more organizations are realizing they need to adjust their traditional thinking and subsequent actions, even if just a bit, to gain strategic advantage, reduce costs and retain market dominance. For example:

  1. Structures are becoming more adaptable, allowing for greater flexibility and cost management. How is this possible and why now? Organizations are grasping that effective, well-managed and documented internal business processes should form their operational backbones.
  2. Business units and the departments within them are becoming accountable not only for their own budgets but also on how well they achieve their goals. This is possible because their responsibilities and processes can be clearly defined, documented and then monitored to ensure their work is executed in a repeatable, predictable and measurable way.
  3. Knowledge is now both centralized and distributed thanks to modern knowledge management systems. Central repositories and collaborative portals give everyone within the organization equal access to the data they need to do their jobs more effectively and efficiently.
  4. And thanks to all the above, organizations can expand their focus from external customers to internal ones as well. By clearly identifying individual processes (and their cross-business handover points) and customer touchpoints, organizations can interact with any customer at the right point with the most appropriate resources.

Benefits of Internal Business Process Modeling and Management

One of the main benefits of a process-based organizational engine is that it should be able to better handle outside pressures, such as new regulations, if they are – or are becoming – truly process-based. Because once processes (and their encompassing business architecture) become central to the organization, a wide array of things become simpler, faster and cheaper.

Another benefit is application design – the holy grail or black hole of budgetary spending and project management, depending on your point of view – is streamlined, with requirements clearly gathered and managed in perfect correspondence to the processes they serve and with the data they manage clearly documented and communicated to the developers.

Testing occurs against real-life scenarios by the responsible parties as documented by the process owners – a drastic departure from the more traditional approaches in which the responsibility fell to designated, usually technical application owners.

Finally – and most important – data governance is no longer the isolated domain of data architects but central to the everyday processes that make an organization tick. As processes have stakeholders who use information – data – the roles of technical owners and data stewards become integral to ensuring processes operate efficiently, effectively and – above all – without interruptions. On the other side of this coin, data owners and data stewards no longer operate in their own worlds, distant from the processes their data supports.

Carpe Process

All modern organizations should seize business process as a central component to their operations. Data governance as well, and cost management becoming a third driver for the enterprise machine. But as we all know, it takes more than stable connecting rods to make an engine work – it needs cogs and wheels, belts and multiple power sources, all working together.

In the traditional organization, people are the internal mechanics. These days, powerful and flexible workflow engines provide much-needed automation for greater visibility plus more power, stability and quality – all the things a machine needs to operate as required/designed.

Advanced process management systems are becoming essential, not optional. And while not as sexy or attention-grabbing as other technologies, they provide the power to drive an organization toward its goals quickly, cost-effectively and efficiently.

To learn how erwin can empower a modern, process-based organization, please click here.

Enterprise Architecture Business Process Trial

Categories
erwin Expert Blog

Why EA Needs to Be Part of Your Digital Transformation Strategy

Enterprise architecture (EA) isn’t dead, you’re just using it wrong. Part three of erwin’s digital transformation blog series.  

I’ll let you in on a little secret: the rumor of enterprise architecture’s demise has been greatly exaggerated. However, the truth for many of today’s fast-moving businesses is that enterprise architecture fails. But why?

Enterprise architecture is invaluable for internal business intelligence (but is rarely used for real intelligence), governance (but often has a very narrow focus), management insights (but doesn’t typically provide useful insights), and transformation and planning (ok, now we have something!).

In reality, most organizations do not leverage EA teams to their true potential. Instead they rely on consultants, trends, regulations and legislation to drive strategy.

Why does this happen?

Don’t Put Enterprise Architecture in a Corner

EA has remained in its traditional comfort zone of IT. EA is not only about IT …  but yet, EA lives within IT, focuses on IT and therefore loses its business dimension and support.

It remains isolated and is rarely, if ever, involved in:

  • Assessing, planning and running business transformation initiatives
  • Providing real, enterprise-wide insights
  • Producing actionable initiatives

Instead, it focuses on managing “stuff”:

  • Understanding existing “stuff” by gathering exhaustively detailed information
  • Running “stuff”-deployment projects
  • Managing cost “stuff”
  • “Moving to the cloud” (the solution to … everything)

Enterprise Architecture

What Prevents Enterprise Architecture from Being Successful?

There are three main reasons why EA has been pigeon-holed:

  1. Lack of trust in the available information
    • Information is mostly collected, entered and maintained manually
    • Automated data collection and connection is costly and error-prone
    • Identification of issues can be very difficult and time-consuming
  1. Lack of true asset governance and collaboration
    • Enterprise architecture becomes ring-fenced within a department
    • Few stakeholders willing to be actively involved in owning assets and be responsible for them
    • Collaboration on EA is seen as secondary and mostly focused on reports and status updates
  1. Lack of practical insights (insights, analyses and management views)
    • Too small and narrow thinking of what EA can provide
    • The few analyses performed focus on immediate questions, rarely planning and strategy
    • Collaboration on EA is seen as secondary and mostly focused on reports and status updates

Because of this, EA fails to deliver the relevant insights that management needs to make decisions – in a timely manner – and loses its credibility.

But the fact is EA should be, and was designed to be, about actionable insights leading to innovative architecture, not about only managing “stuff!”

Don’t Slow Your Roll. Elevate Your Role.

It’s clear that the role of EA in driving digital transformation needs to be elevated. It needs to be a strategic partner with the business.

According to a McKinsey report on the “Five Enterprise-Architecture Practices That Add Value to Digital Transformations,” EA teams need to:

“Translate architecture issues into terms that senior executives will understand. Enterprise architects can promote closer alignment between business and IT by helping to translate architecture issues for business leaders and managers who aren’t technology savvy. Engaging senior management in discussions about enterprise architecture requires management to dedicate time and actively work on technology topics. It also requires the EA team to explain technology matters in terms that business leaders can relate to.”

With that said, to further change the perception of EA within the organization you need to serve what management needs. To do this, enterprise architects need to develop innovative business, not IT insights, and make them dynamic. Next, enterprise architects need to gather information you can trust and then maintain.

To provide these strategic insights, you don’t need to focus on everything — you need to focus on what management wants you to focus on. The rest is just IT being IT. And, finally, you need to collaborate – like your life depends on it.

Giving Digital Transformation an Enterprise Architecture EDGE

The job of the enterprise architecture is to provide the tools and insights for the C-suite, and other business stakeholders, to help deploy strategies for business transformation.

Let’s say the CEO has a brilliant idea and wants to test it. This is EA’s sweet spot and opportunity to shine. And this is where erwin lives by providing an easy, automated way to deliver collaboration, speed and responsiveness.

erwin is about providing the right information to the right people at the right time. We are focused on empowering the forward-thinking enterprise architect by providing:

  • Superb, near real-time understanding of information
  • Excellent, intuitive collaboration
  • Dynamic, interactive dashboards (vertical and horizontal)
  • Actual, realistic, business-oriented insights
  • Assessment, planning and implementation support

Data-Driven Business Transformation

Categories
erwin Expert Blog

Business Architecture and Process Modeling for Digital Transformation

At a fundamental level, digital transformation is about further synthesizing an organization’s operations and technology, so involving business architecture and process modeling is a best practice organizations cannot ignore.

This post outlines how business architecture and process modeling come together to facilitate efficient and successful digital transformation efforts.

Business Process Modeling: The First Step to Giving Customers What They Expect

Salesforce recently released the State of the Connected Customer report, with 75 percent of customers saying they expect companies to use new technologies to create better experiences. So the business and digital transformation playbook has to be updated.

These efforts must be carried out with continuous improvement in mind. Today’s constantly evolving business environment totally reinforces the old adage that change is the only constant.

Even historically reluctant-to-change banks now realize they need to innovate, adopting digital transformation to acquire and retain customers. Innovate or die is another adage that holds truer than ever before.

Fidelity International is an example of a successful digital transformation adopter and innovator. The company realized that different generations want different information and have distinct communication preferences.

For instance, millennials are adept at using digital channels, and they are the fastest-growing customer base for financial services companies. Fidelity knew it needed to understand customer needs and adapt its processes around key customer touch points and build centers of excellence to support them.

Business architecture and process modeling

Business Architecture and Process Modeling

Planning and working toward a flexible, responsive and adaptable future is no longer enough – the modern organization must be able to visualize not only the end state (the infamous and so-elusive “to-be”) but also perform detailed and comprehensive impact analysis on each scenario, often in real time. This analysis also needs to span multiple departments, extending beyond business and process architecture to IT, compliance and even HR and legal.

The ability of process owners to provide this information to management is central to ensuring the success of any transformation initiative. And new requirements and initiatives need to be managed in new ways. Digital and business transformation is about being able to do three things at the same time, all working toward the same goals:

  • Collect, document and analyze requirements
  • Establish all information layers impacted by the requirements
  • Develop and test the impact of multiple alternative scenarios

Comprehensive business process modeling underpins all of the above, providing the central information axis around which initiatives are scoped, evaluated, planned, implemented and ultimately managed.

Because of its central role, business process modeling must expand to modeling information from other layers within the organization, including:

  • System and application usage information
  • Supporting and reference documentation
  • Compliance, project and initiative information
  • Data usage

All these information layers must be captured and modeled at the appropriate levels, then connected to form a comprehensive information ecosystem that enables parts of the organization running transformation and other initiatives to instantly access and leverage it for decision-making, simulation and scenario evaluation, and planning, management and maintenance.

No Longer a Necessary Evil

Traditionally, digital and business transformation initiatives relied almost exclusively on human knowledge and experience regarding processes, procedures, how things worked, and how they fit together to provide a comprehensive and accurate framework. Today, technology can aggregate and manage all this information – and more – in a structured, organized and easily accessible way.

Business architecture extends beyond simple modeling; it also incorporates automation to reduce manual effort, remove potential for error, and guarantee effective data governance – with visibility from strategy all the way down to data entry and the ability to trace and manage data lineage. It requires robotics to cross-reference mass amounts of information, never before integrated to support effective decision-making.

The above are not options that are “nice to have,” but rather necessary gateways to taking business process management into the future. And the only way to leverage them is through systemic, organized and comprehensive business architecture modeling and analysis.

Therefore, business architecture and process modeling are no longer a necessary evil. They are critical success factors to any digital or business transformation journey.

A Competitive Weapon

Experts confirm the need to rethink and revise business processes to incorporate more digital automation. Forrester notes in its report, The Growing Importance of Process to Digital Transformation, that the changes in how business is conducted are driving the push “to reframe organizational operational processes around digital transformation efforts.” In a dramatic illustration of the need to move in this direction, the research firm writes that “business leaders are looking to use process as a competitive weapon.”

If a company hasn’t done a good job of documenting its processes, it can’t realize a future in which digital transformation is part of everyday operations. It’s never too late to start, though. In a fast-moving and pressure cooker business environment, companies need to implement business process models that make it possible to visually and analytically represent the steps that will add value to the company – either around internal operations or external ones, such as product or service delivery.

erwin BP, part of the erwin EDGE Platform, enables effective business architecture and process modeling. With it, any transformation initiative becomes a simple, streamlined exercise to support distributed information capture and management, object-oriented modeling, simulation and collaboration.

To find out about how erwin can help in empowering your transformation initiatives, please click here.

data-driven business transformation

Categories
erwin Expert Blog

Once You Understand Your Data, Everything Is Easier

As a data-driven organization in the modern, hyper-competetive business landscape, it’s imperative that employees, business leaders and decision makers can understand your data.

In a previous article, I argued that business process management without data governance is a perilous experiment. The same can be said for enterprise architecture initiatives that traditionally stop at the process level with disregard for the data element.

Therefore, an organization that ignores the data layer of both its process and enterprise architectures isn’t tapping into their full potential. You run the risk of being siloed, confined to traditional and qualitative structures that will make improvement and automation more difficult, time-consuming and ultimately ineffective. However, it does not have to be this way.

I’m going to make a bold statement, and then we can explore it together. Ready? Without data governance, a process management or enterprise architecture initiative will result in a limited enterprise architecture and any efforts that may stem from it (process improvement, consolidation, automation, etc.) also will be limited.

So how exactly does data governance fit within the larger world of enterprise architecture, and why is it so critical?

Understand Your Data – What Lies Beneath

A constant source of unpleasant surprise for most medium and large-scale enterprise architecture and process management initiatives is discovering just how tricky it is to establish interconnectivity between low-level processes and procedures in a way that is easy sustainable and above all, objective.

Traditionally, most projects focus on some type of top-down classification, using either organizational or capability-based groupings. These structures are usually qualitative or derived from process owners, subject matter experts (SMEs) or even department heads and business analysts. While usually accurate, they are primarily isolated, top-down views contained within organizational silos.

But more and more enterprise architecture initiatives are attempting to move beyond these types of groupings to create horizontal, interconnected processes. To do so, process owners must rely on handover points – inputs and outputs, documents and, you guessed it, data. The issue is that these handover points are still qualitative and unsustainable in the long term, which is where data and data governance comes in.

By providing an automated, fully integrated view of data ownership, lineage and interconnectivity, data governance serves as the missing link between disparate and disconnected processes in a way that has always proved elusive and time consuming. It is an objective link, driven by factual relationships that brings everything together.

Data governance also provides an unparalleled level of process connectivity, so organizations can see how processes truly interact with each other, across any type of organizational silo, enabling realistic and objective impact analysis. How is this possible? By conducting data governance in conjunction with any enterprise architecture initiative, using both a clear methodology and specialized system.

Understand Your Data – Data Is Everywhere

Everyone knows that processes generate, use and own data. The problem is understanding what “process data” is and how to incorporate that information into standard business process management.

Most process owners, SMEs and business analysts view data as a collection of information, usually in terms of documents and data groups such as “customer information” or “request details,” that is generated and completed through a series of processes or process steps. Links between documents/data groups and processes are assumed to be communicated to other processes that use them and so on. But this picture is not accurate.

Most of the time, a document or data group is not processed in its entirety by any subsequent/recipient processes; some information is processed by one process while the remainder is reserved for another or is entirely useless. This means that only single, one-dimensional connections are made, ignoring derived or more complex connections.

Therefore, any attempted impact analysis would ignore additional dimensions, which account for most of the process improvement and re-engineering projects that either fail or present significant overruns in terms of both time and budget.

With data governance, data is identified and tracked with ownership, lineage and use established and associated with the appropriate process elements, showing the connections between processes at the most practical informational level.

In addition and possibly most important, process ownership/responsibility becomes more objective and clear because it can be determined according to who owns/is responsible for the information the process generates and uses – as opposed to the more arbitrary/qualitative assignment that tends to be the norm. RACI and CRUD matrix analyses become faster, more efficient and infinitely more effective, and for the first time, they encompass elements of derived ownership (through data lineage).

Process automation projects also become more efficient, effective and shorter in duration because the right data is known from the beginning, process interconnectivity is mapped objectively, and responsibilities are clearly visible from the initial design phase.

With requirements accompanied by realistic process mapping information, development of workflows is easier, faster and less prone to errors, making process automation more attractive and feasible, even to smaller organizations for which even the scoping and requirements-gathering exercise has traditionally proved too complicated.

Understand Your Data – More Upside to Data Governance

Data governance enables an organization to manage and mitigate data risks, protecting itself from legal and reputational challenges to ensure continued operation. And once data is connected with business processes through effective, proactive data governance, additional benefits are realized:

  • Process risk management and mitigation becomes more factual and less qualitative, making the organization more effective;
  • Process compliance also becomes more factual, empowering not only compliance efforts but also compliance control and assessment with easier impact analyses; and
  • Organizational redesign can be based on what groupings actually do.

While the above benefits may appear vague and far-removed from either a pure enterprise architecture or data governance initiative, they are more tangible and achievable than ever before as organizations begin to rely more on object-oriented management systems.

Combining the strategic, informational-level detail and management provided by data governance with the more functional, organizational view of enterprise architecture proves that one plus one really does equal more than two.

To learn more about how data governance underpins organization’s data strategies click here.

Categories
erwin Expert Blog

Avoiding Operational Disasters with a Process-Based Approach to Risk Management

Risk avoidance and risk management are hot topics that seem to govern decision-making – and with good reason. Risk comes with potentially massive operational, financial, reputational and legal repercussions, so it makes absolute sense to do everything possible to model it, understand it, analyse it and ultimately mitigate it.

But not all risk is created equal. Nothing illustrates this point better than recent research showing how much global financial institutions lost to different types of operational risk during the last six years. As shown in the chart below, they lost $210 billion between 2011 and 2016, with more than $180 billion of that amount attributed to execution, delivery and process management combined with clients, products and business practices.

So, major banks lost more money because of bad process management than all other risks combined. I’d argue that client, product and business practices, which comprise the largest risk category, essentially come down to process application and management as well.

Business Process-Based Approach to Risk Management

The Data Disconnect

Despite the actual statistics, we hear more about data/technology and compliance risk. While these are significant and justified concerns, financial institutions don’t seem to realize they are losing more money due to other types of risks.

Therefore, I want to remind them – and all of us – that managing operational risk is an ongoing initiative, which needs to include better risk analysis, documentation, process impact analysis and mitigation.

While dozens of methodologies and systems are available in today’s marketplace, they only focus on  or attempt to address the smaller, individual components of operational risk. However, all the risk categories listed above require an effective, practical and – most important – easy-to-implement system to address all the underlying components in a collaborative effort – not in isolation.

According to ORX, the largest operational risk association in the financial services sector, managing  and thereby reducing risk involves managing four different but interconnected layers: people, IT, organizational processes and regulations.

More and more organizations seem to believe that once IT embeds their applications with the necessary controls to meet regulatory requirements, then all is right with the world. But experience has shown that isn’t true. Without adapting the processes using the applications, training employees, and putting sufficient controls in place to ensure all regulatory elements are not only applied but applied correctly, then technical controls alone will ever be effective.

And many will argue that little can be done within an organization regarding regulations, but that’s not true either. While regulations are developed and passed by governments and other external regulatory bodies, what really matters is how organizations adopt those regulations and embed them into their culture and daily operations – which is where all the layers of risk management intersect.

Avoiding Heisenberg’s Uncertainty Principle in Risk Management

As part of his Nobel Prize-winning work, physicist and quantum mechanics pioneer Werner Heisenberg developed the eponymous uncertainty principle that asserts it is only possible to know either the position or movement of a particle but not both. This theory applies to many aspects of everyday life, including organizational operations. It’s difficult to know both an organization’s current state and where it’s headed, and every organization struggles with the same risk management question in this vein: how do we manage risk while also being agile enough to support growth?

ORX is clear that effective risk management requires implementing controls throughout the entire process ecosystem by integrating risk management into the organization’s very fabric. This means clearly defining roles and responsibilities, embedding process improvements, and regularly controlling process performance. Of course, the common thread here is more streamlined and controlled processes.

Make no mistake – effort is still required, but all the above is much simpler today. Thanks to new methodologies and comprehensive business process modeling systems, you can identify which risks are applicable, where they are most likely to occur, and who is responsible for managing them to reduce their probability and impact. Therefore, operational risk can be viewed and then addressed quickly and effectively.

In fact, erwin has worked with an increasing number of financial institutions launching process improvement, automation and management initiatives specifically designed to restructure their processes to promote flexibility as a growth driver without sacrificing traceability and control.

We can help you do the same, regardless of your industry.

To find out about how erwin can help in empowering your data-driven business initiatives, please click here.

Data-Driven Business Transformation whitepaper

Categories
erwin Expert Blog

Why Data Governance and Business Process Management Must Be Linked

Data governance and business process management must be linked.

Following the boom in data-driven business data governance (DG) has taken the modern enterprise by storm, garnering the attention of both the business and technical realms with an explosion of methodologies, targeted systems and training courses. That’s because a major gap needs to be addressed.

But despite all the admonitions and cautionary tales, little attention has focused on what can literally make or break any data governance initiative, turning it from a springboard for competitive advantage to a recipe for waste, anger and ultimately failure. The two key pivot points on which success hinges are business process management (BPM) and enterprise architecture. This article focuses on the critical connections between data governance and business process management.

Based on a True Story: Data Governance Without Process Is Not Data Governance

The following is based on a true story about a global pharmaceutical company implementing a cloud-based, enterprise-wide CRM system with a third-party provider.

Given the system’s nature, the data it would process, and the scope of the deployment, data security and governance was front and center. There were countless meetings – some with more than 50 participants – with protocols sent, reviewed, adjusted and so on. In fact, more than half a dozen outside security companies and advisors (and yes, data governance experts) came in to help design the perfect data protection system around which the CRM system would be implemented.

The framework was truly mind-boggling: hundreds of security measures, dozens of different file management protocols, data security software appearing every step of the way.  Looking at it as an external observer, it appeared to be an ironclad net of absolute safety and effective governance.

But as the CRM implementation progressed, holes began to appear. They were small at first but quickly grew to the size of trucks, effectively rendering months of preparatory work pointless.

Detailed data transfer protocols were subverted daily by consultants and company employees who thought speed was more important than safety. Software locks and systems were overridden with passwords freely communicated through emails and even written on Post-It Notes. And a two-factor authentication principle was reduced to one person entering half a password, with a piece of paper taped over half the computer screen, while another person entered the other half of the password before a third person read the entire password and pressed enter.

While these examples of security holes might seem funny – in a sad way – when you read them here, they represent a $500,000 failure that potentially could lead to a multi-billion-dollar security breach.

Why? Because there were no simple, effective and clearly defined processes to govern the immense investment in security protocols and software to ensure employees would follow them and management could audit and control them. Furthermore, the organization failed to realize how complex this implementation was and that process changes would be paramount.

Both such failures could have been avoided if the organization had a simple system of managing, adjusting and monitoring its processes. More to the point, the implementation of the entire security and governance framework would have cost less and been completed in half the time. Furthermore, if a failure or breach were discovered, it would be easy to trace and correct.

Gartner Magic Quadrant

Data Governance Starts with BPM

In a rush to implement a data governance methodology and system, you can forget that a system must serve a process – and be governed/controlled by one.

To choose the correct system and implement it effectively and efficiently, you must know – in every detail – all the processes it will impact, how it will impact them, who needs to be involved and when. Do these questions sound familiar? They should because they are the same ones we ask in data governance. They involve impact analysis, ownership and accountability, control and traceability – all of which effectively documented and managed business processes enable.

Data sets are not important in and of themselves. Data sets become important in terms of how they are used, who uses them and what their use is – and all this information is described in the processes that generate, manipulate and use them. So, unless we know what those processes are, how can any data governance implementation be complete or successful?

Consider this scenario: We’ve perfectly captured our data lineage, so we know what our data sets mean, how they’re connected, and who’s responsible for them – not a simple task but a massive win for any organization.  Now a breach occurs. Will any of the above information tell us why it happened? Or where? No! It will tell us what else is affected and who can manage the data layer(s), but unless we find and address the process failure that led to the breach, it is guaranteed to happen again.

By knowing where data is used – the processes that use and manage it – we can quickly, even instantly, identify where a failure occurs. Starting with data lineage (meaning our forensic analysis starts from our data governance system), we can identify the source and destination processes and the associated impacts throughout the organization. We can know which processes need to change and how. We can anticipate the pending disruptions to our operations and, more to the point, the costs involved in mitigating and/or addressing them.

But knowing all the above requires that our processes – our essential and operational business architecture – be accurately captured and modelled. Instituting data governance without processes is like building a castle on sand.

Rethinking Business Process Management

Modern organizations need a simple and easy-to-use BPM system with easy access to all the operational layers across the organization – from high-level business architecture all the way down to data. Sure, most organizations already have various solutions here and there, some with claims of being able to provide a comprehensive picture. But chances are they don’t, so you probably need to rethink your approach.

Modern BPM ecosystems are flexible, adjustable, easy-to-use and can support multiple layers simultaneously, allowing users to start in their comfort zones and mature as they work toward the organization’s goals.

Processes need to be open and shared in a concise, consistent way so all parts of the organization can investigate, ask questions, and then add their feedback and information layers. In other words, processes need to be alive and central to the organization because only then will the use of data and data governance be truly effective.

Are you willing to think outside the traditional boxes or silos that your organization’s processes and data live in?

The erwin EDGE is one of the most comprehensive software platforms for managing an organization’s data governance and business process initiatives, as well as the whole data architecture. It allows natural, organic growth throughout the organization and the assimilation of data governance and business process management under the same platform provides a unique data governance experience because of its integrated, collaborative approach.

To learn more about erwin EDGE, and how data governance underpins and ensures data quality throughout the wider data management-suite, download our resource: Data Governance Is Everyone’s Business.

Data Governance is Everyone's Business

Categories
erwin Expert Blog

Benefits of Process: Why Modern Organizations Need Process-Based Engines

In the current data-driven business climate, the benefits of process and process-based strategy are more desirable to organizations than ever.

Industry regulations and competition traditionally have driven organizational change, but such “transformation” has rarely been comprehensive or truly transformative. Rather, organizational transformation has come in waves, forcing companies and their IT ecosystems to ride them as best as they can – sometimes their fortunes have risen, and sometimes they have waned.

The advent of Brexit and GDPR have again forced today’s organizations to confront external stimuli’s impact on their operations. The difference is that the modern, process-based enterprises can better anticipate these sorts of mandates, incorporate them into their strategic plans, and even leapfrog ahead of their requirements by initiating true internal transformation initiatives – ones based on effectively managed and well-documented business processes.

Shifting Attitudes

Traditional organizations focus almost exclusively on rigid structures, centralized management and accountability; concentrated knowledge; service mainly to external customers; and reactive, short-term strategy alignment driven mainly by massive-scale projects. This traditional approach results in large, unwieldy and primarily reactive organizations that rely either on legacy strengths or inertia for survival.

But as technology evolves and proliferates, more and more organizations are realizing they need to adjust their traditional thinking and subsequent actions, even if just slightly, to gain strategic advantage, reduce costs and retain market dominance. For example:

  • Structures are becoming more adaptable, allowing for greater flexibility and cost management. How is this possible and why now? Organizations are grasping that effective, well-managed and documented business processes should form their operational backbones.
  • Business units and the departments within them are becoming accountable not only for their own budgets but also on how well they achieve their goals. This is possible because their responsibilities and processes can be clearly defined, documented and then monitored to ensure their work is executed in a repeatable, predictable and measurable way.
  • Knowledge is now both centralized and distributed thanks to modern knowledge management systems. Central repositories and collaborative portals give everyone within the organization equal access to the data they need to do their jobs more effectively and efficiently.
  • And thanks to all the above, organizations can expand their focus from external customers to internal ones as well. By clearly identifying individual processes (and their cross-business handover points) and customer touchpoints, organizations can interact with any customer at the right point with the most appropriate resources.

If business drivers are connected to processes with appropriate accountability, they become measurable in dimensions never before possible. Such elements as customer-journey quality and cost, process-delivery efficiency and even bottom-up cost aggregation can be captured. Strategic decision-making then becomes infinitely practical and forward-looking.

With this interconnected process – and information – based ecosystem, management can perform accurate and far-reaching impact analyses, test alternate scenarios, and evaluate their costs and implementation possibilities (and difficulties) to make decisions with full knowledge of their implications. Organizational departments can provide real-time feedback on designs and projects, turning theoretical designs into practical plans with buy-in at the right levels.

Benefits of Process

As stated above, one of the key benefits of process and a process-based organizational engine is that organizations should be able to better handle outside pressures, such as new regulations, if they are – or are becoming – truly process-based. Because once processes (and their encompassing business architecture) become central to the organization, a wide array of things become simpler, faster and cheaper.

The benefits of process don’t stop there either. Application design – the holy grail or black hole of budgetary spending and project management, depending on your point of view – is streamlined, with requirements clearly gathered and managed in perfect correspondence to the processes they serve and with the data they manage clearly documented and communicated to the developers. Testing occurs against real-life scenarios by the responsible parties as documented by the process owners – a drastic departure from the more traditional approaches in which the responsibility fell to designated, usually technical application owners.

Finally – and most important – data governance is no longer the isolated domain of data architects but central to the everyday processes that make an organization tick. As processes have stakeholders who use information – data – the roles of technical owners and data stewards become integral to ensuring processes operate efficiently, effectively and – above all – without interruptions. On the other side of this coin, data owners and data stewards no longer operate in their own worlds, distant from the processes their data supports.

Seizing a Process-Based Future

Process is a key axis along which the modern organization must operate. Data governance is another, with cost management becoming a third driver for the enterprise machine. But as we all know, it takes more than stable connecting rods to make an engine work – it needs cogs and wheels, belts and multiple power sources, all working together.

In the traditional organization, people are the internal mechanics. But one can’t escape visions of Charlie Chaplin’s Modern Times worker hopelessly entangled in the machine on which he was working. That’s why, these days, powerful and flexible workflow engines provide much-needed automation for greater visibility plus more power, stability and quality – all the things a machine needs to operate as required/designed.

Advanced process management systems are becoming essential, not optional. And while not as sexy or attention-grabbing as other technologies, they provide the power to drive an organization toward its goals quickly, cost-effectively and efficiently.

To learn how erwin can empower a modern, process-based organization, please click here.

Data-Driven Business Transformation whitepaper

Categories
erwin Expert Blog

Digital and Business Transformation Starts with Business Processes

The constantly evolving business landscape means digital and business transformation efforts must be made with continuous improvement in mind.

For Southern California Edison (SCE), detailed and comprehensive business process (BP) modeling is the only way to achieve continuous improvement. And because continuous improvement is one of SCE’s key corporate values, the company has chosen to rely on an efficient and effective BP management ecosystem to ensure success.

In today’s constantly changing environment, the old adage of change being the only constant holds truer than ever before, and it is this realization that sets SCE apart. Working from the base up with a focus on developing an accurate business architecture framework, combined with comprehensive information collateral, SCE can support targeted transformation initiatives along any axis the company requires.

Digital & Business Transformation

Business Architecture and Process Modeling

Planning and working toward a flexible, responsive and adaptable future is no longer enough – the modern organization must be able to visualize not only the end state (the infamous and so-elusive “to-be”) but also perform detailed and comprehensive impact analysis on each scenario, often in real time.  This analysis also needs to span multiple departments, extending beyond business and process architecture to IT, compliance and even HR and legal.

The ability of process owners to provide this information to management is central to ensuring the success of any transformation initiative. And new requirements and initiatives need to be managed in new ways. Digital and business transformation is about being able to do three things at the same time, all working toward the same goals:

  • Collect, document and analyze requirements
  • Establish all information layers impacted by the requirements
  • Develop and test the impact of multiple alternative scenarios

Comprehensive business process modeling underpins all of the above, providing the central information axis around which initiatives are scoped, evaluated, planned, implemented and ultimately managed.

Because of its central role, business process modeling must expand to modeling information from other layers within the organization, including:

  • System and application usage information
  • Supporting and reference documentation
  • Compliance, project and initiative information
  • Data usage

All these information layers must be captured and modeled at the appropriate levels, then connected to form a comprehensive information ecosystem that enables parts of the organization running transformation and other initiatives to instantly access and leverage it for decision-making, simulation and scenario evaluation, and planning, management and maintenance.

Breaking with Tradition

Traditionally, digital and business transformation initiatives relied almost exclusively on human knowledge and experience regarding processes, procedures, how things worked, and how they fit together to provide a comprehensive and accurate framework. Today, technology can aggregate and manage all this information – and more – in a structured, organized and easily accessible way.

Business architecture extends beyond simple modeling; it also incorporates automation to reduce manual effort, remove potential for error, and guarantee effective data governance – with visibility from strategy all the way down to data entry and the ability to trace and manage data lineage. It requires robotics to cross-reference mass amounts of information, never before integrated to support effective decision-making.

The above are not options that are “nice to have,” but rather necessary gateways to taking business process management into the future. And the only way to leverage them is through systemic, organized and comprehensive business architecture modeling and analysis. As Ryan Maddox, Process Improvement Manager at SCE explained, “[While] we could have generated the right procedures over time, we wouldn’t have had the analysis and simulation to make fully informed decisions or trained the right people and given them access to the correct information.”

Therefore, business architecture and process modeling are no longer a necessary evil. They are critical success factors to any digital or business transformation journey.

Focusing on Possibilities, Not Difficulties

Experts confirm the need to rethink and revise business processes to incorporate more digital automation. Forrester notes in a recent report, The Growing Importance of Process to Digital Transformation, that the changes in how business is conducted are driving the push “to reframe organizational operational processes around digital transformation efforts.” In a dramatic illustration of the need to move in this direction, the research firm writes that “business leaders are looking to use process as a competitive weapon.”

If a company hasn’t done a good job of documenting its processes, it can’t realize a future in which digital transformation is part of everyday operations. It’s never too late to start, though. In a fast-moving and pressure cooker business environment, companies need to implement business process models that make it possible to visually and analytically represent the steps that will add value to the company – either around internal operations or external ones, such as product or service delivery.

erwin BP, part of the erwin EDGE Platform, enables effective business architecture and process modeling. With it, any transformation initiative becomes a simple, streamlined exercise to support distributed information capture and management, object-oriented modeling, simulation and collaboration.

To find out about how erwin can help in empowering your transformation initiatives, please click here.

Data-Driven Business Transformation whitepaper