Tuesday 24 January 2012

The Basis of the Requirements-Driven Business


About a month ago I started working for a new three man startup business, Advised ICT Finland Oy (site is only in Finnish, for now) which offers primarily Enterprise Architecture and Information Architecture consultancy services.

Here's the thing, though: for many Enterprise Architecture seems to be something that only Big Businesses should care about: something massive, time consuming and expensive that does not even fit to concept of agile business. True enough, it can be all this - but it does not have to be. The concept of Information Architecture seems a little confusing, too as the definition tends to vary depending on the context.

At the heart of it all things are simpler than some might think.

Identify - Specify - Satisfy
The way I see it business is always driven by requirements. To have a requirements is to have a need; if there is no need making investments and changes simply does not make any sense.

The Requirement-Driven Business thinking is based on three logical steps:

Simple Basis of the Requirements-Driven Approach
Assume that there is a company that has existed for years and business has been reasonably good. Now the management has come to realise that the world is changing and if the company intends to stay afloat in the coming years it must change along with the world.


Identify Requirements
The company has served its customers well over the years, but it is no longer enough just to have a good customer service. Customers have begun to expect more, and the company also wants to have a more direct relationship with the customers in order to improve customer loyalty and the quality of products and services the company is offering, both of which would be good for business.

The management comes up with a list of what the company needs: an online service that integrates with the company's Customer Relationship Management system, offers variety of community features and is customisable over time. In other words, the company has just identified requirements.

In other words, identifying a requirement is as simple as saying "in order for our business to be successful we need..."


Specify Requirements
To say "I need this" is easy. To explain what it actually means in practical terms i.e. to specify a requirement takes a bit more effort.

The first step was to identify requirements. The next step is to specify requirements which will transform few high-level requirements into a list of specific, detailed requirements. A good requirement has qualitative and/or quantitative aspects that can be measured in a way of determining if the requirement has been satisfied.

There are three common types of requirements.
  • Business Requirements: the new online service must benefit the company's business; otherwise there is no reason to invest in it. The investment in time, money and resources must be justified (e.g. increase revenue by X per cent, increase productivity by reducing time it takes to get something done). On the other hand, business requirements must be realistic in order to have any value.

  • Functional Requirements: the new online service must enable users to accomplish specific tasks in an efficient and practical manner. There are also things the service must not allow the users to do. In some cases the service itself must be able to function autonomously. If the service does not satisfy functional requirements it is about as useful a broken window during winter.

  • Non-Functional Requirements: the new online service must operate and perform above specific limits. It is simply not enough to support 10 concurrent users if the service has 10 000 users with a thousand users logged in any given time. These requirements also address multitude of concerns such as reliability, maintainability, security, inter-system compatibility and so on.

Identifying Risks
Any system or operation involves risks which can be handled in one of two ways. Many choose to ignore the risks in order to save time and money in short term only to end up spending that time and money many times over when a risk inevitably becomes a reality. I recommend the opposite: spend some time and money now so that when things (again, inevitably) go wrong the fallout can be controlled.

For example, the Failure Mode and Effect Analysis (FMEA) can be used to identify potential risks and what effects realised risks might have. Risks have three metrics:
  1. The likelihood that a risk becomes realised.
  2. The severity of effects when a risk is realised.
  3. The difficulty of detecting what has happened in time.
Each metric receives an integer value which often is between 1 and 5. By combining these three values the risk priority value is determined.

Through risk analysis an additional set of requirements can be identified and specified. Most risks can be eliminated through careful planning and implementation, and by refining operational procedures. At very least there must be ways to exercise damage control to limit the effects.


Satisfy Requirements
Once the requirements have been identified and then specified in practical terms they can be satisfied. This is to say the hands-on implementation work can be started. This is when the new online service is developed, tested and finally taken to production.

With well-defined requirements the architects, developers and testers know exactly what the new system must do and how it must perform. Well-defined requirements will also make it more likely that when the new system is taken to production it becomes a valuable tool and resource for the company instead of colossal waste of time, money and resources.

However, this is not the end but just a new beginning: as the online service is used, world changes and the company evolves over time new requirements are identified and the cycle begins anew.

The iterative requirement driven cycle.


The Requirement-Driven Business is an iterative cycle of continuously identifying, specifying and satisfying requirements through various means. This is simple in principle but there are many ways to do this in practice:


Summary
Enterprise Architecture methodologies such as TOGAF help to control the business as a whole and through this identify various requirements. Through Enterprise Architecture modelling of business management can, for example, see how everything fits together, what could be improved, and how changes in one aspect of the business would affect other aspects of the business.

Information Architects often involve themselves with requirements specification work and risk analysis, but this is only a part of their work, which also involves activities such as high-level architecture design, data modelling, service concept design, and technical team leading. There is no single definition for Information Architecture that would be independent of context, but at least I personally prefer to accept a holistic view of it.

Technical Architects such as Software Architects, Network Architects, and Database Architects along with similar specialties of developers and testers come along when the practical, technology specific implementation work begins in order to satisfy requirements and create something that can be of value. Multitude of methodologies, processes, technologies and frameworks are available at this point and admittedly it is a measure of professionalism to be able to select the ones that best serve the purpose.

Tuesday 17 January 2012

Thoughts about The Occupy Movement (2/2)


Part 2: The Classic Model Corporation vs. the New Model Corporation

In my previous blog post I briefly looked into the Occupy Movement's organisational structure and how it might be represented as a network model. In this second part I will first have a quick look at classic model corporations, and then see what key characteristics a new model corporation might have.

The Classic (Old) Model Corporation

Pick any corporation at random** and if it includes more than one person it is a safe bet that it has a vertical, top-down -hierarchy where the people at the top have more power and control than people below them. This kind of organisational hierarchy is the same as the Tree topology (and a Tree without branches is a Line).



It is also likely that the people at the top are enjoying higher salaries and better benefits than people at the bottom, and in itself this is understandable: in many cases the people at the top made the initial investment in time, money and hard work (not to mention personal risk) to get the business started and then nurtured it to become a growing business with job opportunities for other people, thus also benefitting the society. Few would argue against the founders' right to claim a financial reward for their work, investment and risk.

And yet, as a corporation grows in size so typically does the gap between the top and the bottom. This becomes a special grievance with older corporations where the founders are no longer around and people begin to think that the current top management has not earned the right to receive millions in stock options, salary and other benefits solely by virtue of their position within the organisation, as opposed to actually improving things - especially if the corporation is laying off people or having other troubles at the same time.

(** In case you randomly picked a corporation with a matrix organisation please toss it away and wipe your hands clean. Matrix organisations obscure responsibilities and confuse matters of authority, and any corporation that has elected to utilise this organisational model deserves all the misery, confusion, frustration, angst and failure that follows.***)


(*** Its employees, on the other hand, don't.)

Vertical Hierarchy as a Social Structure

In a society vertical hierarchies can be seen e.g. in representational democracy at the best and in autocracy at the worst, so it is no wonder we see most corporations organised after the same model: the CEO sits at the top (or the Board of Directors, if one insists), and either micromanages everything or governs through directors and managers below him. The people at the top govern the organisation while the people at the bottom tend to handle the heavy lifting that keeps the business afloat. The people at the top determine who does what, and how they are compensated for their efforts, and in many cases also has control over how the careers and professional skills of the people below them are being developed.

And here's the rub: when people are given power over other people it is expected that they also assume responsibility over the same people. A good leader takes care of his/her people and encourages them to improve themselves by offering them opportunities and space to grow, and by rewarding success. The worst leaders are selfish exploiters who do not care what happens to people below them, as long as they personally prosper. Unfortunately I think there are too many of the latter kind in the corporate world.

It is also common that people who have power and wealth prefer to distance themselves from people who lack either. By doing so they lose a powerful resource, as the organisation's low ranking people often have the best understanding of practical problems and possible solutions concerning everyday busines operations, but without a practical way of communicating with the organisation's higher layers, this knowledge and the possibility of new innovations is lost (hint: suggestion boxes and other anonymous, impersonal methods simply do not work). Each managerial layer between employee and CEO increases abstraction and ambiguity as the message is repeatedly summarised and modified; signal-to-noise -ratio deteriorates.

For example, once when I was working as a consultant in a large international mobile phone manufacturer I counted thirteen layers of management between me and the CEO, and I don't think I was even at the bottom of the organisation. I often wondered how much of my key findings document would have remained if it had been sent up through the management by the time it landed on the CEO's table.

Having said that, I do not mean to imply that the classic organisational model is flawed. When the chain of command and issues of authority and responsibility have to be clear, the classic organisational model is often the preferred one. In an ideal situation it enables leaders to make quick decisions, and it naturally filters and aggregates information as that information travels upwards so the leadership is not overwhelmed by details. Unfortunately situations are rarely ideal and as the organisation grows and people change positions, problems begin to appear.

It also important how the people on top handle the people below them. The classic model can work very well for everybody involved when people matter: consider enlightened despot, the ideal wise, all-powerful ruler who cares for the people, while at the same time keeping society's wheels rolling. In modern times welfare capitalism plays an important part in people's lives, in the sense that corporations provide their employees with quality welfare services for free, in order to keep them happy and healthy since happy and healthy employees are more productive and loyal. This can be vitally important in those countries where government cannot or will not offer welfare services for all citizens - it can be a great recruitment tool, too.

The New Model Corporation

This is not about some non-profit legal entity but a full-blooded limited liability enterprise that exists to make profit. So what might the key characteristics be?

The Occupy Movement seems to have a self-organising horizontal hierarchy that considers all members equal. So instead of having leadership as a fixed position anyone can step up and try to convince others by making a good case in front of them. The executive authority belongs to the group as a whole - the General Assembly - and all members in the group have an equal voice. Positions within the group organisation are not assigned but instead people are allowed and encouraged to assume responsibility where they can make a meaningful contribution.

Characteristic #1: Since everybody has an equal vote and an equal share of responsibility, it follows that everybody in a new model corporation has an equal share of the company stocks.

Corollary: When a new member joins the company others must relinquish an equal portion of their personal shares so that the new member can have an equal standing, and share responsibilities and rewards alike. From this it also follows that company shares should not be owned by people who are not actively involved in the company's daily operations.


Characteristic #2: Instead of meeting once a year, the shareholders should meet regularly in order to set policies and to make executive decisions. A good frequency for these general assembly meetings might be once a week when things are running smoothly.

Note: This is akin to most agile project models. For example, in Scrum the team meets every day to coordinate their efforts and share key information, and most organisations would agree that it is good to have similar meetings at least once a week.

Corollary: The company should be careful not to grow too large too fast, and to be mindful of personalities that do not mesh, otherwise there is a risk of losing the ability to make decisions. The risk of this can be mitigated by moving from consensus decisions to super-majority decisions (e.g. 90%-60% majority). This is a trade-off between simplifying the decision-making process by lowering majority limits, and increasing the risk of degradation of group unity.


Characteristic #3: As tasks and duties are not assigned to individuals by others, the group must be mindful of who is invited or otherwise allowed to join the company: it is not enough for new members to have valuable skills and knowledge, they must also have the right attitude, the ability to identify what needs to be done, and a willingness to assume responsibility for getting those things done.

Corollary: While a person might be invited to join the group for a specific thing that person can do, the group also must allow that person to grow and take part in other activities as he/she learns new skills and finds meaningful ways to contribute.


Characteristic #4: Teams are formed ad hoc as new functions and areas of concern are identified. A team exists as long as it is needed, group members are free to join and leave teams according to their ability to contribute and group members can be part of multiple teams as long as they can keep themselves productive. The general assembly has the authority to form and dismantle teams, while each team has the authority to organise itself into sub-teams as they grow in size and complexity as a way of managing the work load.

Corollary: A project team is an obvious example, but other corporate functions can be handled by ad hoc teams as well, e.g. Human Resources, Accounting, IT Support and so on. Although group members are free to participate in multiple teams people like to focus on what they are good at. However, by allowing and encouraging people to become involved with other teams the company as a whole can benefit from know-how that might be missed in a classic model corporation.


This is hardly a complete list of possible new model corporation characteristics, but I would call it a start. I might return to the subject later, but in the meanwhile all comments are welcome.

Tuesday 10 January 2012

The Futility of Internet Censorship

Background
Starting today the customers of two Finnish Internet operators, Elisa and Saunalahti are no longer allowed to access The Pirate Bay website. This is because the District Court of Helsinki ruled in favour of the International Federation of the Phonographic Industry, IFPI Finland in October 2011 and ordered Elisa and Saunalahti to block access. However the court ruling did not address the other two major Internet service providers in Finland, TeliaSonera and DNA whose customers are still free to access The Pirate Bay for the time being.

The reason why Elisa was targeted by IFPI was because IFPI's statistics claim that more than a third of Elisa's customers were using The Pirate Bay. Although the court ruling compelled Elisa to block access, it has appealed the decision.

The reaction to this was what you might guess: some Elisa and Saunalahti users will change their ISP to one that does not censor their Internet usage while IFPI website and the website of Finland's Copyright Information and Anti-Piracy Centre apparently faced a denial of service attack and/or were hacked. Meanwhile most people simply won't care, although personally I think they should as this issue relates closely to Freedom of Expression.

YLE has a news article about the case: Pirate Bay block comes into force in Finland.

Personally I think the whole situation is completely and utterly stupid.

Why Internet Censorship Won't Help
The first obvious point is that blocking a static list of domain names and IP-addresses simply can't keep up with content providers. Within a day or so there will be a new domain that is not in the court's list of forbidden domains which will allow Elisa and Saunalahti customers to access The Pirate Bay content again. In the meanwhile, they can still access The Pirate Bay via the Estonian mirror site, thepiratebay.ee which for some reason or other was not blocked among the other Pirate Bay domains.

And then there are the anonymity networks such as The Onion Router (Tor). It takes only a moment to download the ready-to-use browser bundle and voilá, The Pirate Bay is available once more for Elisa and Saunalahti customers as Tor prevents ISPs from seeing what the target website is. Even if the operators would attempt to block access to the public Tor network, users can usually get around this by using Tor bridge relays. Well, I suppose the operator could cut the users completely off the Internet. Not that it would make much difference if the user is determined enough.

So the point is that attempts to force Internet censorship simply won't work in any practical sense. Even the Great Firewall of China leaks well enough and attempts to limit Internet communications during the Arab Spring were not all that successful. While failing all serious attempts to block determined users from accessing forbidden content, it is the common users and legal businesses that end up suffering for it.

So why not try to work with the people instead of against the people?

Appeal to Reason (free tip, no charge)
At least in Western countries there is no intrinsic value in listening to pirated music, watching pirated movies or playing pirated games. It is an effort to gain access and download the pirated content, there are many quality and security related issues and if there are any problems the user can't expect any help from customer support. So why do people do it then? One common reason probably is that they have no other access to the content they want (e.g. a TV series that isn't available in their own country) or the purchase price is simply too steep (60 € for a PC game?!).

Online piracy would become less common if the media producers were a little less greedy, while becoming a little more consumer friendly. Lower the prices a bit while making the content more widely available and more convenient to access it. Sure, the price per unit would be less but if more units are sold instead of being distributed illegally that should end up making a nice extra profit.

For example, I could download pirated copies of my favourite games but I actually prefer to pay for them in the Steam Store and Origin Store because it is much more convenient. Steam allows me to reinstall my games as many times as I want (because limiting the number of installations is just petty and unbelievably greedy); I can install them to as many computers as I want but that's ok because Steam only allows me to play on one computer at a time; my games have access to Steam Cloud that stores save games and settings while also accessing the Steam community so I can keep in touch and play with my friends easily. On top of that there are good discount offers, and I can donate extra copies to my friends for free. It is safe, easy and most of all, convenient and that is why I willingly buy my games from Steam instead of wasting my life with pirate copies.

Another good example comes from Manning Publications. I often buy books through their Manning Early Access Program, which allows me to buy a book for a discount fee while it is still being written. This enables the community to cooperate with the author, which in turn results in higher quality when the book is eventually finished. During the MEAP peried Manning sends me PDF work-in-progress copies of the book and when the book is completed I get the final version as a PDF. If I paid little extra I will also get the print copy in mail. When the eBook formats become available (.epub and .mobi) Manning sends me a friendly email with instructions how to download them for no extra charge.

So there are good examples how to provide good customer service with an open attitude, and still do good business. There are many ways to make media access more convenient for the consumers and here's the age old truth: people will give their money away and feel good about it if they can also feel that they are getting their money's worth in exchange.

So IFPI and the like around the world, instead of thinking that it is your God given right to strip people of their money whenever half an opportunity presents itself, why not think about how to give better value for money? A happy customer is a steady customer. Why not try to find ways to provide better services to the consumers, so that instead of running after free pirated copies they would choose convenience over effort for a modest fee? Let's just be sensible about it, alright?

And if you don't know how, just contact me, and for a reasonable fee I can solve your problems and make you feel good about the result ;-)