♜Strategic Management: Assurance (Definitions)

"All the systematic actions necessary to have the confidence that the target (process, program, project, outcome, benefit, capability, product output, deliverable) is appropriate. Assurance must be independent from what is being assured." (Paul C Dinsmore et al, "Enterprise Project Governance", 2012)

"An objective examination of evidence for the purpose of providing an independent assessment on governance, risk management, and control processes for the organization. Examples may include performance, compliance, system security, and due diligence engagements." (Sally-Anne Pitt, "Internal Audit Quality", 2014)

"A level of confidence that appropriate and effective IT controls are in place." (Weiss, "Auditing IT Infrastructures for Compliance" 2nd Ed., 2015)

"A measurement of confidence in the level of protection that a specific security control delivers and the degree to which it enforces the security policy." (Shon Harris & Fernando Maymi, "CISSP All-in-One Exam Guide" 8th Ed., 2018)

"Confidence that a system exhibits a stated set of properties." (O Sami Saydjari, "Engineering Trustworthy Systems: Get Cybersecurity Design Right the First Time", 2018)

"Grounds for confidence that the other four security goals (integrity, availability, confidentiality, and accountability) have been adequately met by a specific implementation. 'Adequately met' includes (1) functionality that performs correctly, (2) sufficient protection against unintentional errors (by users or software), and (3) sufficient resistance to intentional penetration or by-pass." (NIST SP 800-12 Rev. 1)

"Measure of confidence that the security features, practices, procedures, and architecture of an information system accurately mediates and enforces the security policy." (NIST SP 800-39)

"The grounds for confidence that the set of intended security controls in an information system are effective in their application." (NIST SP 800-27 Rev A)

♜Strategic Management: Assessment (Definitions)

"Evaluation of an an organization’s process performance capability against a model (e.g., Automotive SPICE PAM). The goal is the rating and improvement of processes (process capability)." (Lars Dittmann et al, "Automotive SPICE in Practice", 2008)

"(1) The comparison of the actual environment and data to requirements and expectations. (2) The first high-level step in the Information and Data Quality Improvement Cycle." (Danette McGilvray, "Executing Data Quality Projects", 2008)

"An appraisal that an organization does internally for the purposes of process improvement. The word assessment is also used in the People CMM in an everyday English sense (e.g., performance assessment)." (Sally A Miller et al, "People CMM: A Framework for Human Capital Management" 2nd Ed., 2009)

"A judgment about the implications of an influencer on either one or more means (such as particular courses of action) or one or more ends, such as particular desired results." (David C Hay, "Data Model Patterns: A Metadata Map", 2010)

"Activity of determination of quantitative or qualitative value of a product, service, activity, process in regard to given quality or acceptance criteria." (IQBBA, "Standard glossary of terms used in Software Engineering", 2011)

"Assessment is the process of evaluating or estimating the nature, ability, or quality of a thing. As a synonym for measurement, assessment implies the need to compare one thing to another in order to understand it. Assessment implies drawing a conclusion - evaluating - the object of the assessment (NOAD) whereas measurement does not always imply so." (Laura Sebastian-Coleman, "Measuring Data Quality for Ongoing Improvement ", 2012)

"Evaluation of an organization's successful execution of processes and standards. For OPM3, various tools to assess organizational project management maturity exist in the marketplace with variations of granularity." (Project Management Institute, "Organizational Project Management Maturity Model (OPM3)" 3rd Ed., 2013)

"The outcome of an evaluation of a process or event. Example: a scored exam constitutes an assessment of learning." (Gregory Lampshire, "The Data and Analytics Playbook", 2016)

"A systematic evaluation process of collecting and analyzing data to determine the current, historical or projected compliance of an organization to a standard." (ASQ).

"inspection and analysis to check whether a standard or set of guidelines are being followed, that records are accurate, or that efficiency and effectiveness targets are being met" (ITIL)

♜Strategic Management: Business Analysis [BA] (Definitions)

 "(1) The study of business processes, practices and business systems requirements. (2) The application of information to better understand business opportunities and challenges." (DAMA International, "The DAMA Dictionary of Data Management", 2011)

"A set of tools and methods used for execrating business insight making from the available data or system structure. It provide meaningful information with dynamic and sophisticate methods of problem solving such as optimization." (Shokoufeh Mirzaei, Defining a Business-Driven Optimization Problem, 2014)

"Business analytics is the combination of skills, technologies, applications, and processes used by organizations to gain insight into their business-based data and statistics to drive business planning." (K Hariharanath, "BIG Data: An Enabler in Developing Business Models in Cloud Computing Environments", 2019)

"Business analysis is the practice of understanding business needs and enabling change, including the recommendation of solutions." (Esta Lessing, "CCBA® and CBAP® Certifications Study Guide", 2020)

"It is the process of working with factual information in organizations, using suitable tools and techniques to identify the nuggets of wisdom (insights) from them that can have direct impact on influencing good decision making." (Tanushri Banerjee & Arindam Banerjee, "Designing a Business Analytics Culture in Organizations in India", 2021)

"Business analysis is a practice that involves understanding the current capabilities and needs of the business users, identifying gaps in the current processes, and enabling desired future capabilities to derive efficiencies, competitive advantage, and business benefits." (Srini Munagavalasa, "The Salesforce Business Analyst Handbook", 2022)

"Business analysis is the means through which operational problems and issues are systematically identified and investigated, different approaches are evaluated, and optimal solutions are determined." (Qlik) [source]

"Business Analysis is the practice of enabling change in an enterprise by defining needs and recommending solutions that deliver value to stakeholders." (IIBA)

"The set of tasks, knowledge, tools and techniques required to identify business needs and determine solutions to business problems" (Business Analysis BOK) 

♜Strategic Management: Risk Analysis (Definitions)

 "The evaluation, classification, and prioritization of risks." (Sandy Shrum et al, "CMMI®: Guidelines for Process Integration and Product Improvement", 2003)

"The process of identifying, characterizing, and prioritizing risks." (Richard D Stutzke, "Estimating Software-Intensive Systems: Projects, Products, and Processes", 2005)

"The process of assessing identified risks to estimate their impact and probability of occurrence (likelihood)." (Tilo Linz et al, "Software Testing Practice: Test Management", 2007)

"The process of measuring and analyzing the risks associated with financial and investment decisions. Risk refers to the variability of expected returns (earnings or cash flows)." (Jae K Shim & Joel G Siegel, "Budgeting Basics and Beyond", 2008)

"A formal definition of risks based on asset identification, threat enumeration, and consequence evaluation." (Mark Rhodes-Ousley, "Information Security: The Complete Reference" 2nd Ed., 2013)

"Systematic use of available information to determine how often specified events may occur and the magnitude of their likely consequences." (Chartered Institute of Building, "Code of Practice for Project Management for Construction and Development" 5th Ed., 2014)

"The process to comprehend the nature of risk and to determine the level of risk [3]" (David Sutton, "Information Risk Management: A practitioner’s guide", 2014)

"This is the part where we combine the impact and the likelihood (or probability) to calculate the level of risk and to plot it onto a risk matrix, which allows us to compare risks for their severity and to decide which are in greatest need of treatment." (David Sutton, "Information Risk Management: A practitioner’s guide", 2014)

"Determining the nature and likelihood of the risks to key data" (Nell Dale & John Lewis, "Computer Science Illuminated" 6th Ed., 2015)

"A process undertaken to comprehend the nature of risk and to determine the level of risk." (William Stallings, "Effective Cybersecurity: A Guide to Using Best Practices and Standards", 2018)

"The process of assessing identified risks to estimate their impact and probability of occurrence (likelihood)." (IQBBA)

"The process to comprehend the nature of risk and to determine the level of risk" (ISO Guide 73:2009)

♜Strategic Management: Risk Matrix (Definitions)

"A graph that compares the likelihood and severity of risks from highest to lowest." (Annetta Cortez & Bob Yehling, "The Complete Idiot's Guide® To Risk Management", 2010)

"A common way to determine whether a risk is considered low, moderate, or high by combining the two dimensions of a risk: its probability of occurrence and its impact on objectives if it occurs." (Cynthia Stackpole, "PMP Certification All-in-One For Dummies", 2011)

"A grid for mapping the probability of each risk occurrence and its impact on project objectives if that risk occurs. " (Project Management Institute, "The Standard for Portfolio Management" 3rd Ed., 2012)

"A graphical representation of impact versus likelihood used to assist in the prioritisation of risks" (David Sutton, "Information Risk Management: A practitioner’s guide", 2014)

[impact matrix:] "A method for assigning values to expected pressures from the macro-environment in order for an organisation to assess the future nature of its context for which it must design an effective strategy." (Duncan Angwin & Stephen Cummings, "The Strategy Pathfinder" 3rd Ed., 2017)

🧭Business Intelligence: Self-Service BI (An Introduction)

Introduction

According to Gartner, the world's leading information technology research and advisory company, Self-Service BI (aka self-service analytics, ad-hoc analysis, personal analytics), for short SSBI, is a “form of business intelligence (BI) in which line-of-business professionals are enabled and encouraged to perform queries and generate reports on their own, with nominal IT support” [1].

Reading between the lines, SSBI presumes the existence of an infrastructure made of tools to support it (aka self-service BI tools), direct or indirect access to row data and/or data models for the users, and the skillset needed in order to work with data and answer to business problems/questions.

A Little History

The concept of self-service is not new, it just got “rebranded” and transformed into a business opportunity. The need for business users to perform ad-hoc analyses was always there in organizations, especially in the ones not having the right infrastructure for harnessing their data. Even since the 90s with the appearance of products like MS Excel or MS Access in many organizations users were forced by the state of art to learn how to use such products in order to get the answers they needed from the data. Users started building personal solutions, many of them temporary, intended to fill the reporting gaps organizations had. With a little effort and relatively small investment users had the possibility of playing with the data, understanding the data, identifying and solving problems in the business. They acquired thus a certain level of business expertise and data awareness becoming valuable resources in the organization.

With time such solutions grew in scope and data volume, gained broader visibility and reached deeper in organizations, some of them becoming team, departmental or cross-departmental solutions. What grows uncontrolled with time starts to have negative impact on the environment. First tools’ management became a problem because the solutions needed to be backed-up and maintained regularly, then other problems started to surface: security of data, inefficient data processing as increasing volumes of data were processed on local computers and transferred over the network, data and effort were duplicated, different versions of reality existed as different numbers were reported, numbers that were reflecting different definitions, knowledge about the business or data-analysis skillsets. The management needed a more consolidated and standardized effort in order to address these problems. Organizations were forced or embraced the idea of investing money in modern BI solutions, in more powerful servers capable of handling a larger amount of requests, in flexible data models that facilitate data consumption, in data quality initiatives. Thus through various projects a considerable number of such solutions were converted into more standardized and performant BI solutions, the IT department being in control of the changes and new requests.

Back to Present

With IT in control of the reporting requirements the business is forced to rely on the rapidity with which IT is able to address new requirements. Some organizations acquired internal resources in order to build reports and afferent infrastructure in-house, others created partnerships with vendors, or approached a combination of the two. As the volume of requirements isn’t uniform over time, the business has to wait several days between the time a requirement was addressed to IT and a solution was provided. In business terms a few of days of waiting for data can equate with the loss of an opportunity, a decision taken too late, decision that could have broader impact.

A few years ago things started to change when the ad-hoc analysis concept was rebranded as self-service and surfaced as trend. This time vendors like Qlik, Tableau, MicroStrategy or Microsoft, some of the main SSBI vendors, are offering easy to use and rich functionality tools for data integration, visualization and discovery, tools that reflect the advances made in graphics, data storage and processing technologies (e.g. in-memory databases, parallel processing). With just a few drag-and-drops users are able to display details, aggregate data, identify trends and correlations between data. In addition the tools can make use of the existing data models available in data warehouses, data marts and other types of data repositories, including the rich set of open data available on the web.

Looking at the Future

Like its predecessors, SSBI seems to address primarily data analysts and data-aware business users (aka data citizens), however in time is expected to be adopted by more organizations and become more mature where already adopted. Of course, some of the problems from the early days more likely will resurface though through governance, better architectures and tools, integration with other BI capabilities, trainings and awareness most of the problems will be overcome. More likely there will be also organizations in which SSBI will fail. In the end each organization will need to find by itself the value of SSBI.

Previous Post <<||>> Next Post

Resources:
[1] Gartner (2016) Self-Service Analytics [Online] Available from: http://www.gartner.com/it-glossary/self-service-analytics
[2] Gartner (2016) Magic Quadrant for Business Intelligence and Analytics Platforms, by Josh Parenteau, Rita L. Sallam, Cindi Howson, Joao Tapadinhas, Kurt Schlegel, Thomas W. Oestreich [Online] Available from: https://www.gartner.com/doc/reprints?id=1-2XXET8P&ct=160204&st=sb

🧭Business Intelligence: Myths (Part I: Business Intelligence is Complex)

Introduction

While looking over “Business Intelligence Concepts and Platform Capabilities” Coursera MOOC resources for Module 2 I run into two similar articles from Solutions Review, respectively Information Age. What caught my attention was the easiness with which the complexity of BI “myth” is approached in both columns.

According to the two sources the capabilities of nowadays BI tools “enabled business users to easily identify and present trends in an impactful way” [1], and “do not require an expert at the helm” [2]. It became thus simpler for users to independently query data and create interactive reports and presentations [2]. In both columns one can read between the lines that the simplicity of using BI tools is equivalent with negating the complexity of BI, which from my point of view is false. In fact here are regarded especially the self-service BI tools, in trend nowadays, that allow users to easily perform ad-hoc analysis with a minimal involvement from IT. Self-service BI is only a subset of what BI for organizations means, and just a capability from the many BI capabilities an organization needs in theory, even if some organizations might use it extensively.

Beyond the Surface

A BI tool is not a BI solution per se, even if many generic BI solutions for different systems are available out of the box. This is one of the biggest confusion managers, users and unfortunately also BI professionals make. A BI tool offers the technological basis for creating a BI infrastructure, though it comes with no guarantees. It takes a well-defined IT and business strategy, one or more successful projects, skillful developers and users in order to harness the BI investment.

On the other side it’s also true that organizations can obtain results also from less, though BI doesn’t equates with any ad-hoc analysis performed by users, even if they use BI tools for this purpose. BI is not only about tools, reporting and revealing trends in the data. BI often implies a holistic knowledge about the business and certain data awareness, without which users will start aggregating and comparing apples with pears and wonder why they taste and look different.

If everything were so simple then why so many BI projects fail to deliver what’s expected? Why so many managers complain that they don’t have the data they need, when they need them? Sure maybe the problem lies in over-complexifying the whole BI landscape and treating everything from a high-level, though that’s more likely not it.

It’s a Teamwork Knowledge Game

BI is or needs to be monitoring and problem solving oriented. This requires a deep understanding about processes and business. There are business users and also BI professionals who don’t have the knowledge one needs in order to approach a business problem. One can see that from the premises they have, the questions they raise, the data they consider, the models they build, and the results.

From a BI professional’s perspective, even if one has a broad knowledge about various businesses, one often lacks the insight in a given business. BI professionals can seldom provide adequate BI solutions without input and feedback from the business. Some BI professionals rely too much on their knowledge, same as the business sometimes expects a maximum output from BI professionals by providing a minimum of input.

Considering the business users, quite often their focus and knowledge cover only the data boundaries of their department, while many problems extend over those boundaries. They know facts that are not necessarily reflected in the data. Even if they are closer to the data than other parties, they still lack some data-awareness (including statistical awareness) in order to approach problems.

Somebody was saying ironically when talking about users’ data and problem solving skills - “not everybody is a Bill Gates or Steve Jobs”. Continuing the idea, one can’t expect users to act as such. For sure there are many business users who are better problem solvers than BI consultants, though on the other side one can’t expect that the average business user will have the same skillset as an experienced BI consultant. This is in fact one of the problems of self-service BI. Probably with time and effort organization will develop such resources, though some help from BI professionals will be still needed. Without a good cooperation between the business and BI professionals an organization might not have the hoped results when investing in BI

More on Complexity

The complexity arises when one tries to make more with the data, especially the data found in raw form. Usually the complexity of raw data can be addressed by building a logical or physical model that allows easier consumption of data. Here is the point where the users find themselves overwhelmed, because for this is required a good knowledge of the physical data model and its semantics, the technical knowledge to build models and the skills to reengineer the logic available in the source systems. These are the themes BI professionals are supposed to excel in. Talking about models, they are the most difficult to build because they reflect various segments of the business, they reflect a breakdown of the complexity. It’s also the point where many BI projects fail as the built models don’t reflect the reality or aren’t capable to answer to business questions.

Coming back to the two columns, I have to point out that the complexity of a subject or domain can’t be judged based on how easy is to approach basic tasks. The complexity lies typically when one goes beyond the basics, when one dives into details. In case of BI its complexity starts when one attempts mixing various technologies and knowledge domains to model and solve daily business problems in an integrated, holistic, aligned, consistent and cost-effective manner. The more the technologies, the knowledge domains and constraints one has to consider, the more complex the BI landscape and solutions become.

On the other side this doesn’t mean that the BI infrastructure can’t be simplified, that BI can’t rely heavily or exclusively on self-service BI solutions. However for each strategy there are advantages and disadvantages and one more likely has to consider both sides of the coin in the process. And self-service BI has its own trade-offs, weaknesses that can be transformed in strengths with time.

Conclusion

When one considers nowadays BI tools capabilities, ad-hoc analyses are relatively easy to perform and can lead to results, though such analyses don’t equate with BI and the simplicity with which they are performed don’t necessarily imply that BI is simple as a whole. When one considers the complexity of nowadays businesses, the more one dives in various problems a business has, the more complex the BI landscape seems. In the end it’s in each organization powers to simplify and harmonize its BI infrastructure to a degree that its business goals aren’t affected negatively.

Previous Post <<||>> Next Post

Resources
[1] Information Age (2015) 5 Myths about Intelligence, by Ben Rossi, [Online] Available from: http://www.information-age.com/technology/information-management/123460271/5-myths-about-business-intelligence 
[2] SolutionsReview (2015) Top 5 Business Intelligence Myths Revealed, by Timothy King, [Online] Available from: http://solutionsreview.com/business-intelligence/top-5-business-intelligence-myths-revealed
[3] Gartner (2016) Magic Quadrant for Business Intelligence and Analytics Platforms, by Josh Parenteau, Rita L. Sallam, Cindi Howson, Joao Tapadinhas, Kurt Schlegel, Thomas W. Oestreich [Online] Available from: https://www.gartner.com/doc/reprints?id=1-2XXET8P&ct=160204&st=sb 
[4] Coursera (2016) Business Intelligence Concepts, Tools, and Applications MOOC, led by Jahangir Karimi, University of Colorado, [Online] Available from: https://www.coursera.org/learn/business-intelligence-tools

♜Strategic Management: Benefit (Definitions)

"Something of value as perceived by a customer." (Steven Haines, "The Product Manager's Desk Reference", 2008)

"As it pertains to products and services, what problem a product or service solves or what need it fulfills for customers." (Gina Abudi & Brandon Toropov, "The Complete Idiot's Guide to Best Practices for Small Business", 2011)

"The improvement resulting from outcomes perceived and expressed in terms of advantages for the organization, such as decreases in operating costs or product failures and increases in profit or productivity." (Paul C Dinsmore et al, "Enterprise Project Governance", 2012)

"An outcome of actions, behaviors, products, or services that provide utility to the sponsoring organization as well as to the program's intended beneficiaries." (Project Management Institute, "The Standard for Program Management" 3rd Ed., 2013)

"A description of a product advantage written from the perspective of the customer. Often includes emotional aspects." (Pamela Schure & Brian Lawley, "Product Management For Dummies", 2017)

♜Strategic Management: SWOT Analysis (Definitions)

"A scan of the business environment to identify the organization's strengths and weaknesses and the opportunities and threats it faces." (Teri Lund & Susan Barksdale, "10 Steps to Successful Strategic Planning", 2006)

"A general method used as an element of strategic planning. SWOT is an acronym for strengths, weaknesses, opportunities, and threats. Within the context of Product Management, SWOT is used to synthesize the many elements of the business environment for a product or product line (as opposed to a corporate or divisional entity). The generalized quadrant structure of the SWOT model is used." (Steven Haines, "The Product Manager's Desk Reference", 2008)

"A method of analyzing a situation or business to determine whether it’s viable." (Sue Johnson & Gwen Moran, "The Complete Idiot's Guide To Business Plans", 2010)

"A method that enables companies to view strengths, weaknesses, opportunities, and threats together." (Annetta Cortez & Bob Yehling, "The Complete Idiot's Guide® To Risk Management", 2010)

"A planning method used to evaluate the strengths, weaknesses, opportunities, and threats involved in a particular strategic direction for your business." (Gina Abudi & Brandon Toropov, "The Complete Idiot's Guide to Best Practices for Small Business", 2011)

 "A type of analysis that provides companies with both internal and external factors that could affect the long-term success of the company." (DAMA International, "The DAMA Dictionary of Data Management", 2011)

"An analysis used to determine strength and weak sides of the performance of an organization and to identify opportunities and dangers in the form of weaknesses and both internal and external threats. The four attributes of SWOT are: Strengths, Weaknesses, Opportunities, Threats." (International Qualifications Board for Business Analysis, "Standard glossary of terms used in Software Engineering", 2011)

"Involves the evaluation of strengths and weaknesses, which are internal factors, and opportunities and threats, which are external factors." (Linda Volonino & Efraim Turban, "Information Technology for Management" 8th Ed., 2011)

"Method of studying and identifying an organization's strengths, weaknesses, opportunities, and threats." (Leslie G Eldenburg & Susan K Wolcott, "Cost Management" 2nd Ed., 2011)

"This information gathering technique examines the project from the perspective of each project's strengths, weaknesses, opportunities, and threats to increase the breadth of the risks considered by risk management." (Cynthia Stackpole, "PMP Certification All-in-One For Dummies", 2011)

"A problem-solving or decision analysis technique in which strengths, weaknesses, opportunities, and threats to the project or organization are examined." (Bonnie Biafore & Teresa Stover, "Your Project Management Coach: Best Practices for Managing Projects in the Real World", 2012)

"A SWOT analysis is an approach to developing strategy that begins by identifying an organization’s strengths, weaknesses, opportunities, and threats (hence SWOT). From these categories, an organization can identify ways to build on its strengths, improve its weaknesses, take advantage of opportunities, and minimize the potential impact of threats." (Laura Sebastian-Coleman, "Measuring Data Quality for Ongoing Improvement ", 2012)

"An analysis process highlighting strengths, weaknesses, opportunities, and threats to an entity." (Joan C Dessinger, "Fundamentals of Performance Improvement" 3rd Ed., 2012)

"The analysis of strengths, weaknesses, opportunities, and threats of an organization, project, or option." (Project Management Institute, "Navigating Complexity: A Practice Guide", 2014)

"An analysis of the company’s strengths and weaknesses compared to the opportunities and threats in the market place." (Pamela Schure & Brian Lawley, "Product Management For Dummies", 2017)

"Analysis of strengths, weaknesses, opportunities, and threats of an organization, project, or option." (Project Management Institute, "A Guide to the Project Management Body of Knowledge (PMBOK Guide)", 2017)

"The main purpose of this analysis is to determine the extent to which an organisation 'fits' with the demands of its context." (Duncan Angwin & Stephen Cummings, "The Strategy Pathfinder 3rd Ed.", 2017)

"The SWOT framework classifies the factors relevant for a firm’s strategic decision making into four categories: strengths, weaknesses, opportunities, and threats." (Robert M Grant, "Contemporary Strategy Analysis" 10th Ed., 2018)

"Technique that reviews and analyses the internal strength and weakness of an organization, and the external opportunities and threats it faces" (ITIL)

♜Strategic Management: Management System (Definitions)

[strategic management system:] "A comprehensive system to lead, manage, and change our total organization in a conscious, well planned out, and integrated fashion, based on our core strategies (and using research that works) to develop and achieve our ideal future vision."

"A Business Management System is a set of tools for planning and implementing policies, practices, guidelines, processes and procedures that are used in the development, deployment and execution of business plans and strategies and all associated management activities."  (Black's Law Dictionary 2nd Ed.)

"Management Systems are systematic frameworks designed to manage an organization's policies, procedures and processes and promote continual improvement within." (BSI) [source]

"System to establish policy and objectives to achieve those objectives" (ISO 9000)

♜Strategic Management: Maturity (Definitions)

"The extent to which an organization has explicitly and consistently deployed processes that are documented, managed, measured, controlled, and continually improved. Organizational maturity may be measured via appraisals." (Sandy Shrum et al, "CMMI®: Guidelines for Process Integration and Product Improvement", 2003)

[process maturity:] "The extent to which an organization’s processes are defined, managed, measured, controlled, and continually improved. Process maturity implies continued improvement in the organization’s capability for performing its business activities, and indicates consistency in performing its processes throughout the organization." (Sally A Miller et al, "People CMM: A Framework for Human Capital Management 2nd Ed.", 2009)

[Organizational Project Management Maturity Model:] "A framework that defines knowledge, assessment, and improvement processes, based on Best Practices and Capabilities, to help organizations measure and mature their portfolio, program, and project management practices." (Project Management Institute, "Organizational Project Management Maturity Model (OPM3) 3rd Ed", 2013)

[Project Management Maturity:] "Project management processes measured by the ability of an organization to successfully initiate, plan, execute, and monitor and control individual projects. Project management maturity is limited to individual project execution and doesn't address key processes, Capabilities, or Best Practices at the organizational, portfolio, or program level. The focus of project management maturity is 'doing projects right'." (Project Management Institute, "Organizational Project Management Maturity Model (OPM3) 3rd Ed", 2013)

[Organizational Project Management Maturity:] "The level of an organization’s ability to deliver the desired strategic outcomes in a predictable, controllable, and reliable manner." (For Dummies, "PMP Certification All-in-One For Dummies" 2nd Ed., 2013)

"Within OPM3, maturity comprises not only the state of performance within portfolio, program, and project management, but also the organization's evolution toward that state as illustrated by SMCI." (Project Management Institute, "Organizational Project Management Maturity Model (OPM3) 3rd Ed., 2013)

"A measurement of the ability of an organization to undertake continuous improvement in a particular discipline." (Yassine Maleh et al, 'Strategic IT Governance and Performance Frameworks in Large Organizations", 2019)

"In relation to organizations or activities, the level of sophistication or development of a specific program or activity." (Sally-Anne Pitt, "Internal Audit Quality", 2014)

"(1) The capability of an organization with respect to the effectiveness and efficiency of its processes and work practices. (2) The capability of the software product to avoid failure as a result of defects in the software. [ISO 9126] See also reliability." (SQA)

"Measure of the reliability, efficiency and effectiveness of a process, function, etc." (ITIL)

♜Strategic Management: Benchmarking (Definitions)

"The process of comparison in which one set of metrics comes from the entity being measured and the other set of metrics comes from averages for an industry, specific configuration, or other common attributes." (Janice M Roehl-Anderson, IT Best Practices for Financial Managers, 2010) 

Benchmarks: "Objective measures of performance, often available from industry trade associations." (Linda Volonino & Efraim Turban, "Information Technology for Management" 8th Ed., 2011)

"A systematic process of comparing an organization to other organizations for the purposes of identifying better work methods and determining best practices." (Joan C Dessinger, "Fundamentals of Performance Improvement" 3rd Ed., 2012)

"Benchmarking uses external and internal comparisons to plan for future improvements." (John R Schermerhorn Jr, "Management" 12th Ed., 2012)

"A point of reference for measurement." (Information Management)

"A technique in which an organization measures its performance against that of best-in-class organizations, determines how those organizations achieved their performance levels and uses the information to improve its own performance. Subjects that can be benchmarked include strategies, operations and processes." (American Society for Quality)

♜Strategic Management: Risk Threshold (Definitions)

"Risk limits to be approached, but not exceeded." (Annetta Cortez & Bob Yehling, "The Complete Idiot's Guide® To Risk Management", 2010)

"Measure of the level of uncertainty or the level of impact at which a stakeholder may have a specific interest. Below that risk threshold, the organization will accept the risk. Above that risk threshold, the organization will not tolerate the risk." (For Dummies, "PMP Certification All-in-One For Dummies" 2nd Ed., 2013)

"The level of risk exposure above which risks are addressed and below which risks may be accepted." (Project Management Institute, "A Guide to the Project Management Body of Knowledge (PMBOK® Guide )", 2017)

"The level of risk beyond which an adversary is unwilling to go when considering an attack on a target." (O Sami Saydjari, "Engineering Trustworthy Systems: Get Cybersecurity Design Right the First Time", 2018)

♜Strategic Management: Business Impact Analysis (Definitions)

"The process of delineating the functions most critical to the survival of a business." (Yvette Ghormley, "Business Continuity and Disaster Recovery Plans", 2009)

"A management-level analysis which identifies the impacts of losing company resources. The BIA measures the effect of resource loss and escalating losses over time, in order to provide senior management with reliable data on which to base decisions concerning risk mitigation and continuity planning." (Mark S Merkow & Lakshmikanth Raghavan, "Secure and Resilient Software Development", 2010)

"A method or exercise to determine the impact of losing the support or availability of a resource." (Linda Volonino & Efraim Turban, "Information Technology for Management" 8th Ed., 2011)

"Aims to (a) identify critical business processes, stakeholders, assets, resources and internal/external dependencies and (b) assesses and evaluates potential damages or losses at business level that may be caused by a threat to IT landscape." (Ulrich Winkler & Wasif Gilani, "Business Continuity Management of Business Driven IT Landscapes", 2012)

"A process used to analyze the business and identify critical functions and services. The BIA also helps the organization determine the cost impact of losing these functions and services. Organizations use the results as part of an overall business continuity plan." (Darril Gibson, "Effective Help Desk Specialist Skills", 2014)

"The identification of services and products that are critical to the organization." (Manish Agrawal, "Information Security and IT Risk Management", 2014)

"The process of analysing activities and the effect that a business disruption might have upon them." (David Sutton, "Information Risk Management: A practitioner’s guide", 2014)

"An exercise that determines the impact of losing the support of any resource to an organization, establishes the escalation of that loss over time, identifies the minimum resources needed to recover, and prioritizes the recovery of processes and supporting systems." (Adam Gordon, "Official (ISC)2 Guide to the CISSP CBK" 4th Ed., 2015)

"A functional analysis in which a team collects data, documents business functions, develops a hierarchy of business functions, and applies a classification scheme to indicate each individual function’s criticality level." (Shon Harris & Fernando Maymi, "CISSP All-in-One Exam Guide" 8th Ed., 2018)

"The analysis of an information system’s requirements, functions, and interdependencies used to characterize system contingency requirements and priorities in the event of a significant disruption." (William Stallings, "Effective Cybersecurity: A Guide to Using Best Practices and Standards", 2018)

"A business continuity management activity which is mainly intended for defining the core business functions, the recovery priorities regarding these functions and the corresponding time required for the resumption of each function." (Athanasios Podaras et al, "Regression-Based Recovery Time Predictions in Business Continuity Management: A Public College Case Study", 2021)

"Activity that identifies the VMF and their dependencies" (ITIL)

"An analysis of an information system’s requirements, functions, and interdependencies used to characterize system contingency requirements and priorities in the event of a significant disruption." (CNSSI 4009-2015)

♜Strategic Management: Corporate Governance (Definitions)

"Corporate governance is concerned with holding the balance between economic and social goals and between individual and communal goals. The governance framework is there to encourage the efficient use of resources and equally to require accountability for the stewardship of those resources. The aim is to align as nearly as possible the interests of individuals, corporations and society." (Dominic Cadbury, UK, "Commission Report: Corporate Governance", 1992)

"The system by which business corporations are directed and controlled. The corporate governance structure specifies the distribution of rights and responsibilities among different participants in the corporation, such as the board of directors, managers, employees, shareholders, and other stakeholders, and spells out the rules and procedures for making decisions about corporate affairs." (Tilak Mitra et al, "SOA Governance", 2008)

"Rules and processses ensuring that the enterprise adheres to accepted ethical standards, best practices, and laws." (Linda Volonino & Efraim Turban, "Information Technology for Management" 8th Ed., 2011)

"This focuses on who the firm should serve, the distribution of power and relationships among different stakeholders, and the selection and conduct of senior management." (Duncan Angwin et al, "The Strategy Pathfinder: Core Concepts and Live Cases" 2nd Ed., 2011)

"Essentially, decision making and communications. The need for good governance stems from the need of organizations to make good decisions and to communicate them effectively. Often, when faced with poor outcomes, the organization needs to review how the decisions were made and then put into place structures that support better future decisions. It can be considered to encompass relationships among a company’s management, its board (or management team), its shareholders, and other stakeholders and to provide the structure through which the objectives of the company are set, as well as the means of attaining those objectives and monitoring performance." (Paul C Dinsmore et al, "Enterprise Project Governance", 2012)

"Corporate governance is a set of relationships framed by corporate bylaws, articles of association, charters, and applicable statutory or other legal rules and principles, between the board of directors, shareholders, and other stakeholders of a organization that outlines the relationship among these groups, sets rules how the organization should be managed, and sets its operational framework." (Christopher Donohue et al, "Foundations of Financial Risk: An Overview of Financial Risk and Risk-based Financial Regulation" 2nd Ed, 2015)

"This focuses on who the firm should serve, the distribution of power and relationships among different stakeholders, and the selection and conduct of senior management." (Duncan Angwin & Stephen Cummings, "The Strategy Pathfinder" 3rd Ed., 2017)

"The framework of rules, norms, and accepted practice established as an organizational infrastructure to enable strategic outcomes, accountability, transparency, oversight, and the management of data, risk, and relationships." (Kevin J Sweeney, "Re-Imagining Data Governance", 2018)

"The system by which companies are directed and controlled." (Robert M Grant, "Contemporary Strategy Analysis" 10th Ed., 2018)

"The systems and controls in place to protect the rights of corporate stakeholders." (Donald DePamphilis, "Mergers, Acquisitions, and Other Restructuring Activities" 10th Ed., 2019)

"The tangible and intangible way firms behave and relate with stakeholders. Many nations have codified the behavior and accountability expected of directors to provide equitable treatment all stakeholders." (Sue Milton, "Data Privacy vs. Data Security", 2021)

"The system by which enterprises are directed and controlled. The board of directors is responsible for the governance of their enterprise. It consists of the leadership and organizational structures and processes that ensure the enterprise sustains and extends strategies and objectives." (ISACA)