♜Strategic Management: Risk Assessment (Definitions)

"An evaluation of the risks and possible bad outcomes an organization faces and the likelihood these may occur." (Robert F Smallwood, "Information Governance: Concepts, Strategies, and Best Practices", 2014)

"identifying and aggregating the risks facing the organization." (Manish Agrawal, "Information Security and IT Risk Management", 2014)

"The overall process of risk identification, risk analysis, and risk evaluation." (William Stallings, "Effective Cybersecurity: A Guide to Using Best Practices and Standards", 2018)

"'analyze assets’ value, identify threats and evaluate their vulnerability to those threats" (ITIL)

"the overall process of risk identification, risk analysis and risk evaluation" (ISO Guide 73:2009) 

"The process of identifying risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system. Part of risk management, incorporates threat and vulnerability analyses, and considers mitigations provided by security controls planned or in place. Synonymous with risk analysis. (NIST SP 800-137)

"The process of identifying risks to agency operations (including mission, functions, image, or reputation), agency assets, or individuals by determining the probability of occurrence, the resulting impact, and additional security controls that would mitigate this impact. Part of risk management, synonymous with risk analysis, and incorporates threat and vulnerability analyses." (NIST SP 800-18)

"The process of identifying risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of a system." (NIST SP 800-171)

♜Strategic Management: Contingency Plan (Definitions)

"An identification of alternative strategies to be used to ensure project success if specified risk events occur." (Timothy J  Kloppenborg et al, "Project Leadership", 2003)

[contingency planning:] "A management process that analyses disaster risks and establishes arrangements in advance to enable timely, effective and appropriate responses." (ISDR, 2009)

"Specific planning designed to create a quick response after the occurrence of a risk event." (Annetta Cortez & Bob Yehling, "The Complete Idiot's Guide® To Risk Management", 2010)

"A plan that identifies alternative approaches to be used if the corresponding risk events occur." (Bonnie Biafore, "Successful Project Management: Applying Best Practices and Real-World Techniques with Microsoft® Project", 2011)

"A plan developed to mitigate the outcome of a risk, once the risk has materialised." (Mike Clayton, "Brilliant Project Leader", 2012)

"Mitigation plan alternative course(s) of action devised to cope with project risks." (Chartered Institute of Building, "Code of Practice for Project Management for Construction and Development" 5th Ed., 2014)

"A plan that allows an organization to respond appropriately to a specific type of unplanned event."(Rebecca Hamilton & Diane Brown, "Disaster Management and Continuity Planning in Libraries: Changes since the Year 2000", 2016)

"A plan for continued operation and execution of the most essential functions of a mission in the event of a disruptive failure, such as a natural disaster or a major cyberattack." (O Sami Saydjari, "Engineering Trustworthy Systems: Get Cybersecurity Design Right the First Time", 2018)

"A plan put in place before any potential emergencies, with the mission of dealing with possible future emergencies. It pertains to training personnel, performing backups, preparing critical facilities, and recovering from an emergency or disaster so that business operations can continue." (Shon Harris & Fernando Maymi, "CISSP All-in-One Exam Guide" 8th Ed., 2018)

[contingency planning:] "Management policies and procedures designed to maintain or restore business operations, including computer operations, possibly at an alternate location, in the event of emergencies, system failures, or disasters." (William Stallings, "Effective Cybersecurity: A Guide to Using Best Practices and Standards", 2018)

"A plan that is maintained for disaster response, backup operations, and post-disaster recovery to ensure the availability of critical resources and to facilitate the continuity of operations in an emergency situation." (NIST SP 800-57 Part 1)

"Management policy and procedures used to guide an enterprise response to a perceived loss of mission capability. The Contingency Plan is the first plan used by the enterprise risk managers to determine what happened, why, and what to do. It may point to the continuity of operations plan (COOP) or disaster recovery plan (DRP) for major disruptions." (CNSSI 4009-2015)

♜Strategic Management: Disaster Recovery Plan [DSP] (Definitions)

"A plan that establishes technical and organizational measures in order to face events or incidents with potentially huge impact that could even lead to the unavailability of data centers. The DRP development defines and ensures IT emergency procedures that intervene and protect the data relevant for the company activities and services. DRP is usually considered as the only part of the BCP in banking business continuity initiatives." (Vincenzo Morabito & Gianluigi Viscusi, "Information Technology Business Continuity", 2009)

"Generally a plan for enabling an organization to move to alternate system, network, and operational facilities in the event of an incident making the primary facilities unusable." (C Warren Axelrod, "Responsibilities and Liabilities with Respect to Catastrophes", 2009)

"A contingency plan that goes into effect after a full disaster occurs, used to reestablish basic capabilities and resources." (Annetta Cortez & Bob Yehling, "The Complete Idiot's Guide® To Risk Management", 2010)

"A written plan that explains how a company will recover its IT operations after a natural or man-made disaster that causes data or hardware loss." (Faithe Wempen, "Computing Fundamentals: Introduction to Computers", 2015)

"A plan developed to help a company recover from a disaster. It provides procedures for emergency response, extended backup operations, and post-disaster recovery when an organization suffers a loss of computer processing capability or resources and physical facilities." (Shon Harris & Fernando Maymi, "CISSP All-in-One Exam Guide" 8th Ed., 2018)

"Plans that document the steps you can take to replace damaged or destroyed components due to a disaster to restore the integrity of your IT infrastructure. " (Weiss, "Auditing IT Infrastructures for Compliance" 2nd Ed., 2015)

"A written plan for processing critical applications in the event of a major hardware or software failure or destruction of facilities." (NIST SP 800-82 Rev. 2)

"A written plan for recovering one or more information systems at an alternate facility in response to a major hardware or software failure or destruction of facilities." (NIST SP 800-34 Rev. 1)

"Management policy and procedures used to guide an enterprise response to a major loss of enterprise capability or damage to its facilities. The DRP is the second plan needed by the enterprise risk managers and is used when the enterprise must recover (at its original facilities) from a loss of capability over a period of hours or days." (CNSSI 4009-2015)

♜Strategic Management: Cost-Benefit Analysis [CBA] (Definitions)

"The process of comparing the cost of achieving a goal against the benefit to be gained by its achievement." (Dale Furtwengler, "Ten Minute Guide to Performance Appraisals", 2000)

"An analysis to determine whether the favorable results of an alternative are sufficient to justify the cost of taking that alternative. This analysis is widely used in connection with capital expenditure projects." (Jae K Shim & Joel G Siegel, "Budgeting Basics and Beyond", 2008)

"An evaluation that determines the value of an approach relative to its costs and benefits; used in risk management to evaluate mitigation strategies." (Annetta Cortez & Bob Yehling, "The Complete Idiot's Guide® To Risk Management", 2010)

"Comparison of the estimated value of business benefits over time to the estimated cost of expenditures required to realize these benefits." (DAMA International, "The DAMA Dictionary of Data Management", 2011)

"Investigation to determine whether the benefits exceed the costs for a proposed course of action. Often used to evaluate whether to add features or complexity to a cost accounting system or to choose a course of action in a business decision." (Leslie G Eldenburg & Susan K Wolcott, "Cost Management" 2nd Ed., 2011)

"Study that helps in decisions on IT investments by determining if the benefits (possibly including intangible ones) exceed the costs." (Linda Volonino & Efraim Turban, "Information Technology for Management" 8th Ed., 2011)

"A technique that weighs expected costs against expected financial and nonfinancial benefits (value) to determine the best (according to relevant criteria) course of action." (Project Management Institute, "The Standard for Portfolio Management 3rd Ed.", 2012)

"A financial analysis tool used to determine the benefits provided by a project against its costs." (For Dummies, "PMP Certification All-in-One For Dummies" 2nd Ed., 2013)

"An analysis of costs and benefits related to an expenditure. A CBA identifies and analyzes the costs and benefits to simplify the decision-making process." (Darril Gibson, "Effective Help Desk Specialist Skills", 2014)

"An estimate of the equivalent monetary value of proposed benefits and the estimated costs associated with a control in order to establish whether the control is feasible." (Adam Gordon, "Official (ISC)2 Guide to the CISSP CBK" 4th Ed., 2015)

"A method of determining the expenses and impacts for a given investment. Example: a cost-benefit analysis will be used to determine whether we engage in a specific investment." (Gregory Lampshire, "The Data and Analytics Playbook", 2016)

"A financial analysis tool used to determine the benefits provided by a project against its costs." (Project Management Institute, "A Guide to the Project Management Body of Knowledge (PMBOK Guide ", 2017)

"A tool used in decision support special studies that can assist in the allocation of capital. Cost–Benefit Analysis is a systematic, quantitative method for assessing the life cycle costs and benefits of competing alternatives. It identifies both tangible and intangible costs and benefits." (Ciara Heavin & Daniel J Power, "Decision Support, Analytics, and Business Intelligence" 3rd Ed., 2017)

"An assessment that is performed to ensure that the cost of a safeguard does not outweigh the benefit of the safeguard. Spending more to protect an asset than the asset is actually worth does not make good business sense. All possible safeguards must be evaluated to ensure that the most security-effective and cost-effective choice is made." (Shon Harris & Fernando Maymi, "CISSP All-in-One Exam Guide, 8th Ed", 2018)

♜Strategic Management: Disaster Recovery (Definitions)

"The ability of an organization to respond to a disaster or an interruption in services by implementing a disaster recovery plan to stabilize and restore the organization’s critical functions." (Disaster Recovery Journal & DRI, 2007)

"A process that is required after a major business disruption caused by the occurrence of a disaster." (Allen Dreibelbis et al, "Enterprise Master Data Management", 2008)

"The process of regaining access to data, hardware, or software after a computer based human or natural disaster." (Dwayne Stevens & David T Green, "A Strategy for Enterprise VoIP Security", 2009)

"This is a process that describes how to recover the IT environment after a disaster such as a fire destroying the IT building." (Martin Oberhofer et al, "The Art of Enterprise Information Architecture", 2010)

"the ability of an infrastructure to resume operations after a disaster. Disaster Recovery differentiates from Business Continuity Planning in that Disaster Recovery is primarily associated with resources and facilities, while BCP is primarily associated with processes." (Bill Holtsnider & Brian D Jaffe, "IT Manager's Handbook" 3rd Ed., 2012)

"The coordinated activity to enable the recovery of IT (and other) systems due to a disruption." (Sally-Anne Pitt, "Internal Audit Quality", 2014)

"The planning, preparation, and testing set of activities used to help a business plan for and recover from any major business interruption and to resume normal business operations." (Robert F Smallwood, "Information Governance: Concepts, Strategies, and Best Practices", 2014)

"the process adopted by the IT organization in order to bring systems back up and running." (Manish Agrawal, "Information Security and IT Risk Management", 2014)

"An area of security planning that aims to protect an organization from the effects of significant negative events. DR allows an organization to maintain or quickly resume mission-critical functions following a disaster." (William Stallings, "Effective Cybersecurity: A Guide to Using Best Practices and Standards", 2018)

"The planning for and/or the implementation of a strategy to respond to such failures as a total infrastructure loss, or the failure of computers (CommServe server, MediaAgent, client, or application), networks, storage hardware, or media. A disaster recovery strategy typically involves the creation and maintenance of a secure disaster recovery site, and the day-to-day tasks of running regular disaster recovery backups." (CommVault, "Documentation 11.20", 2018)

"Is an organization's method of regaining access and functionality to its IT infrastructure, to continue the delivery of services that support business processes, after a disruptive incident." (Nelson Russo & Leonilde Reis, "Methodological Approach to Systematization of Business Continuity in Organizations", 2021)

♜Strategic Management: Value Chain (Definitions)

"Sequence of processes that describe the movement of products or services through a pipeline from original creation to final sales." (Ralph Kimball & Margy Ross, "The Data Warehouse Toolkit 2nd Ed ", 2002)

"Framework for examining the strengths and weaknesses of an organization and for using the results of this analysis to improve performance." (Alan W Steiss, "Strategic Management for Public and Nonprofit Organizations", 2003)

"An end-to-end set of activities in support of customer needs, usually beginning with a customer request and ending with customer receipt of benefits." (DAMA International, "The DAMA Dictionary of Data Management", 2011)

"Sequence of business processes in which value is added to a product or service. Encompasses customers and suppliers as well as, in some cases, the customers' customers and the suppliers' suppliers." (Leslie G Eldenburg & Susan K Wolcott, "Cost Management" 2nd Ed., 2011)

"A linked set of value-creating activities that begins with basic raw materials coming from suppliers and ends with distributors getting the final goods into the hands of the ultimate consumer." (Thomas L Wheelen & J David Hunger., "Strategic management and business policy: toward global sustainability 13th Ed.", 2012)

"Composed of all the stakeholders (designers, suppliers, manufacturers, customers, and others) who add value to or receive value from specific products or services." (Joan C Dessinger, "Fundamentals of Performance Improvement" 3rd Ed., 2012)

"The set of both primary and support activities or processes that an organization sets up to perform in order to achieve its mission and goals." (Andrew Pham et al, "From Business Strategy to Information Technology Roadmap", 2016)

"A value chain is a set of activities that an enterprise operating in a specific industry performs to deliver a valuable product or service for the market." (by Brian Johnson & Leon-Paul de Rouw, "Collaborative Business Design", 2017)

"The linked set of activities/functions within a firm that interact to enable the final value-creating offering (product/service) of the firm. At the industry level, it can also mean the total set of value-adding links from the first supplier to the final user of a product/service." (Duncan Angwin & Stephen Cummings, "The Strategy Pathfinder 3rd Ed.", 2017)

"A sequence of vertically related activities undertaken by a single firm or by a number of vertically related firms in order to produce a product or service." (Robert M Grant, "Contemporary Strategy Analysis" 10th Ed., 2018)

"A value chain is a set of linked activities that transform inputs into outputs that in turn add to at least one of the ecological, societal or economic bottom lines and help create competitive advantages." (Rick Edgeman, "Lean and Six Sigma Innovation and Design", Encyclopedia of Information Science and Technology" 4th Ed., 2018)

"sequence of processes that creates a product/service that is of value to a customer" (ITIL)

♜Strategic Management: Decision-Making (Definitions)

[decision-making:] "The process of making choices in a project team environment. Several types of decision-making are useful in projects: consensus, leader-imposed, delegated, voting, and scoring models." (Timothy J  Kloppenborg et al, "Project Leadership", 2003)

[semistructured decisions:] "Decisions in which only some of the phases are structured; require a combination of standard solution procedures and individual judgment." (Linda Volonino & Efraim Turban, "Information Technology for Management 8th Ed", 2011)

[strategic decision:] "refers to a decision that exhibits the following characteristics: it is made in a situation of uncertainty, of incomplete information, in a complex environment, variable/mutating environment (as opposed to 'all things being otherwise equal'); it is not recurrent, therefore the decision maker is relatively deprived; it may have far-reaching (favorable or adverse) consequences that could jeopardize the survivability of the enterprise; it is systemic (many elements with many relationships among them); the decision maker does not have experience-proven models (we cannot resort to 'turnkey' mechanisms). " (Humbert Lesca & Nicolas Lesca, "Weak Signals for Strategic Intelligence: Anticipation Tool for Managers", 2011)

[strategic decisions:] "Decisions for sustained enterprise success and business growth." (Linda Volonino & Efraim Turban, "Information Technology for Management 8th Ed", 2011)

[tactical decisions:] "Decisions ensuring that existing operations and processes are in alignment with business objectives and strategies." (Linda Volonino & Efraim Turban, "Information Technology for Management 8th Ed", 2011)

[decision-making processes:] "Management processes that define objectives, study alternatives, analyze available data, and reflect on intuitive beliefs. They interpret findings and compare alternates to form a conclusion or make a choice upon which the organization may act." (Carl F Lehmann, "Strategy and Business Process Management", 2012)

[microdecision:] "A small decision made many times by many workers at the front line of the organization. They usually have a significant impact on organizational performance due to their sheer volume." (Evan Stubbs, "Delivering Business Analytics: Practical Guidelines for Best Practice", 2013)

[decision-making:] "How decisions are made, based on what types of resources, information, and specific processes are available." (Jim Davis & Aiman Zeid, "Business Transformation: A Roadmap for Maximizing Organizational Insights", 2014)

[decision-making] "the process of making choices or reaching conclusions, especially on important political or business matters." (Ken Sylvester, "Negotiating in the Leadership Zone", 2015)

[tactical decisions:] "broader decision questions than operational ­decisions, semistructured in nature, some but not all information ­necessary to make the decision is available, primarily internally focused and made by middle-level managers." (Daniel J. Power & Ciara Heavin, "Data-Based Decision Making and Digital Transformation", 2018)

[operating or function-specific decisions:] "day-to-day, routine ­decisions with a concise decision question and a clear, well-defined, and structured algorithm to make a choice among alternatives." (Daniel J. Power & Ciara Heavin, "Data-Based Decision Making and Digital Transformation", 2018)

[strategic decisions:] "complex, nonroutine, unstructured decisions involving many different and connected parts. Some variables may not be well understood, often information required to make the decision may be unavailable, incomplete, and in some situations information may be known to be flawed or inaccurate. These decisions usually involve a high degree of uncertainty about outcomes. If implemented, strategic ­decisions often result in major changes in an organization." (Daniel J. Power & Ciara Heavin, "Data-Based Decision Making and Digital Transformation", 2018)

♜Strategic Management: Business Value (Definitions)

"A concept that is unique to each organization and includes tangible and intangible elements. Through the effective use of project, program, and portfolio management disciplines, organizations will possess the ability to employ reliable, established processes to meet enterprise objectives and obtain greater business value from their investments. |" (Project Management Institute, "Software Extension to the PMBOK® Guide 5th Ed", 2013)

"The net quantifiable benefit derived from a business endeavor. The benefit may be tangible, intangible, or both." (Project Management Institute, "A Guide to the Project Management Body of Knowledge (PMBOK® Guide )", 2017)

"Entire value of the business; total sum of tangible (assets, fixtures, equity, utility) and intangible elements (goodwill, recognition, public benefit, trademarks): short, medium, or long term." (H James Harrington & William S Ruggles, "Project Management for Performance Improvement Teams", 2018)

♜Strategic Management: Business Continuity Plan [BCP] (Definitions)

"A plan for ensuring that businesses will be able to recover from the effects of a destructive incident and continue to operate at an acceptable level." (C Warren Axelrod, "Responsibilities and Liabilities with Respect to Catastrophes", 2009)

"An emergency contingency plan that spells out how to recover and restore functions that have been partially or completely interrupted." (Annetta Cortez & Bob Yehling, "The Complete Idiot's Guide® To Risk Management", 2010)

"The advance planning and preparations which are necessary to identify the impact of potential losses, formulate and implement viable recovery strategies, develop recovery plan(s) which ensure continuity of organizational services in the event of an emergency or disaster, and administer a comprehensive training, testing, and maintenance program." (Mark S Merkow & Lakshmikanth Raghavan, "Secure and Resilient Software Development", 2010)

"Plan that outlines the process by which businesses should recover from a major disaster. Also known as a disaster recovery plan." (Linda Volonino & Efraim Turban, "Information Technology for Management" 8th Ed., 2011)

"A methodology used to create a plan for how an organization will resume partially or completely interrupted critical function(s) within a predetermined time after a disaster or disruption. BCP differentiates from disaster recovery in that DR is primarily associated with resources and facilities, while BCP is associated primarily with processes." (Bill Holtsnider & Brian D Jaffe, "IT Manager's Handbook" 3rd Ed., 2012)

"Overall planning lifecycle dedicated to analysis, design, implementation, testing, and maintenance of various elements designed to keep the organization operating even after a significant outage. Business continuity planning is a continuous process." (Darril Gibson, "Effective Help Desk Specialist Skills", 2014)

"This refers to the documented procedures and information that enable the organization and or business unit/third party agent to respond to a disruption, recover, and resume critical business functions." (Sally-Anne Pitt, "Internal Audit Quality", 2014)

"A business continuity action plan is a document or set of documents that contains the critical information a business needs to stay running in spite of adverse events. A business continuity plan is also called an emergency plan." (Adam Gordon, "Official (ISC)2 Guide to the CISSP" CBK 4th Ed., 2015)

"Plans that document the steps to restore business operation after an interruption. BCPs, along with DRPs, enable you to recover from disruptions ranging from small to large." (Weiss, "Auditing IT Infrastructures for Compliance" 2nd Ed., 2015)

"Documented procedures that guide organizations to respond, recover, resume, and restore to a predefined level of operation following disruption." (William Stallings, "Effective Cybersecurity: A Guide to Using Best Practices and Standards", 2018)

"Business continuity plans are made up of documented procedures. Organizations use these procedures to respond to disruptive incidents, to guide recovery efforts, to resume prioritized activities, and to restore operations to acceptable predefined levels. Business continuity plans usually identify the services, activities, and resources needed to ensure that prioritized business activities and functions could continue whenever disruptions occur." (ISO 22301:2012, 2012).

"Plan defining the steps required to restore business processes following a disruption" (ITIL)

"The documentation of a predetermined set of instructions or procedures that describe how an organization’s mission/business processes will be sustained during and after a significant disruption." (CNSSI 4009-2015) 

♜Strategic Management: Assurance (Definitions)

"All the systematic actions necessary to have the confidence that the target (process, program, project, outcome, benefit, capability, product output, deliverable) is appropriate. Assurance must be independent from what is being assured." (Paul C Dinsmore et al, "Enterprise Project Governance", 2012)

"An objective examination of evidence for the purpose of providing an independent assessment on governance, risk management, and control processes for the organization. Examples may include performance, compliance, system security, and due diligence engagements." (Sally-Anne Pitt, "Internal Audit Quality", 2014)

"A level of confidence that appropriate and effective IT controls are in place." (Weiss, "Auditing IT Infrastructures for Compliance" 2nd Ed., 2015)

"A measurement of confidence in the level of protection that a specific security control delivers and the degree to which it enforces the security policy." (Shon Harris & Fernando Maymi, "CISSP All-in-One Exam Guide" 8th Ed., 2018)

"Confidence that a system exhibits a stated set of properties." (O Sami Saydjari, "Engineering Trustworthy Systems: Get Cybersecurity Design Right the First Time", 2018)

"Grounds for confidence that the other four security goals (integrity, availability, confidentiality, and accountability) have been adequately met by a specific implementation. 'Adequately met' includes (1) functionality that performs correctly, (2) sufficient protection against unintentional errors (by users or software), and (3) sufficient resistance to intentional penetration or by-pass." (NIST SP 800-12 Rev. 1)

"Measure of confidence that the security features, practices, procedures, and architecture of an information system accurately mediates and enforces the security policy." (NIST SP 800-39)

"The grounds for confidence that the set of intended security controls in an information system are effective in their application." (NIST SP 800-27 Rev A)

♜Strategic Management: Assessment (Definitions)

"Evaluation of an an organization’s process performance capability against a model (e.g., Automotive SPICE PAM). The goal is the rating and improvement of processes (process capability)." (Lars Dittmann et al, "Automotive SPICE in Practice", 2008)

"(1) The comparison of the actual environment and data to requirements and expectations. (2) The first high-level step in the Information and Data Quality Improvement Cycle." (Danette McGilvray, "Executing Data Quality Projects", 2008)

"An appraisal that an organization does internally for the purposes of process improvement. The word assessment is also used in the People CMM in an everyday English sense (e.g., performance assessment)." (Sally A Miller et al, "People CMM: A Framework for Human Capital Management" 2nd Ed., 2009)

"A judgment about the implications of an influencer on either one or more means (such as particular courses of action) or one or more ends, such as particular desired results." (David C Hay, "Data Model Patterns: A Metadata Map", 2010)

"Activity of determination of quantitative or qualitative value of a product, service, activity, process in regard to given quality or acceptance criteria." (IQBBA, "Standard glossary of terms used in Software Engineering", 2011)

"Assessment is the process of evaluating or estimating the nature, ability, or quality of a thing. As a synonym for measurement, assessment implies the need to compare one thing to another in order to understand it. Assessment implies drawing a conclusion - evaluating - the object of the assessment (NOAD) whereas measurement does not always imply so." (Laura Sebastian-Coleman, "Measuring Data Quality for Ongoing Improvement ", 2012)

"Evaluation of an organization's successful execution of processes and standards. For OPM3, various tools to assess organizational project management maturity exist in the marketplace with variations of granularity." (Project Management Institute, "Organizational Project Management Maturity Model (OPM3)" 3rd Ed., 2013)

"The outcome of an evaluation of a process or event. Example: a scored exam constitutes an assessment of learning." (Gregory Lampshire, "The Data and Analytics Playbook", 2016)

"A systematic evaluation process of collecting and analyzing data to determine the current, historical or projected compliance of an organization to a standard." (ASQ).

"inspection and analysis to check whether a standard or set of guidelines are being followed, that records are accurate, or that efficiency and effectiveness targets are being met" (ITIL)

♜Strategic Management: Business Analysis [BA] (Definitions)

 "(1) The study of business processes, practices and business systems requirements. (2) The application of information to better understand business opportunities and challenges." (DAMA International, "The DAMA Dictionary of Data Management", 2011)

"A set of tools and methods used for execrating business insight making from the available data or system structure. It provide meaningful information with dynamic and sophisticate methods of problem solving such as optimization." (Shokoufeh Mirzaei, Defining a Business-Driven Optimization Problem, 2014)

"Business analytics is the combination of skills, technologies, applications, and processes used by organizations to gain insight into their business-based data and statistics to drive business planning." (K Hariharanath, "BIG Data: An Enabler in Developing Business Models in Cloud Computing Environments", 2019)

"Business analysis is the practice of understanding business needs and enabling change, including the recommendation of solutions." (Esta Lessing, "CCBA® and CBAP® Certifications Study Guide", 2020)

"It is the process of working with factual information in organizations, using suitable tools and techniques to identify the nuggets of wisdom (insights) from them that can have direct impact on influencing good decision making." (Tanushri Banerjee & Arindam Banerjee, "Designing a Business Analytics Culture in Organizations in India", 2021)

"Business analysis is a practice that involves understanding the current capabilities and needs of the business users, identifying gaps in the current processes, and enabling desired future capabilities to derive efficiencies, competitive advantage, and business benefits." (Srini Munagavalasa, "The Salesforce Business Analyst Handbook", 2022)

"Business analysis is the means through which operational problems and issues are systematically identified and investigated, different approaches are evaluated, and optimal solutions are determined." (Qlik) [source]

"Business Analysis is the practice of enabling change in an enterprise by defining needs and recommending solutions that deliver value to stakeholders." (IIBA)

"The set of tasks, knowledge, tools and techniques required to identify business needs and determine solutions to business problems" (Business Analysis BOK) 

♜Strategic Management: Risk Analysis (Definitions)

 "The evaluation, classification, and prioritization of risks." (Sandy Shrum et al, "CMMI®: Guidelines for Process Integration and Product Improvement", 2003)

"The process of identifying, characterizing, and prioritizing risks." (Richard D Stutzke, "Estimating Software-Intensive Systems: Projects, Products, and Processes", 2005)

"The process of assessing identified risks to estimate their impact and probability of occurrence (likelihood)." (Tilo Linz et al, "Software Testing Practice: Test Management", 2007)

"The process of measuring and analyzing the risks associated with financial and investment decisions. Risk refers to the variability of expected returns (earnings or cash flows)." (Jae K Shim & Joel G Siegel, "Budgeting Basics and Beyond", 2008)

"A formal definition of risks based on asset identification, threat enumeration, and consequence evaluation." (Mark Rhodes-Ousley, "Information Security: The Complete Reference" 2nd Ed., 2013)

"Systematic use of available information to determine how often specified events may occur and the magnitude of their likely consequences." (Chartered Institute of Building, "Code of Practice for Project Management for Construction and Development" 5th Ed., 2014)

"The process to comprehend the nature of risk and to determine the level of risk [3]" (David Sutton, "Information Risk Management: A practitioner’s guide", 2014)

"This is the part where we combine the impact and the likelihood (or probability) to calculate the level of risk and to plot it onto a risk matrix, which allows us to compare risks for their severity and to decide which are in greatest need of treatment." (David Sutton, "Information Risk Management: A practitioner’s guide", 2014)

"Determining the nature and likelihood of the risks to key data" (Nell Dale & John Lewis, "Computer Science Illuminated" 6th Ed., 2015)

"A process undertaken to comprehend the nature of risk and to determine the level of risk." (William Stallings, "Effective Cybersecurity: A Guide to Using Best Practices and Standards", 2018)

"The process of assessing identified risks to estimate their impact and probability of occurrence (likelihood)." (IQBBA)

"The process to comprehend the nature of risk and to determine the level of risk" (ISO Guide 73:2009)

♜Strategic Management: Risk Matrix (Definitions)

"A graph that compares the likelihood and severity of risks from highest to lowest." (Annetta Cortez & Bob Yehling, "The Complete Idiot's Guide® To Risk Management", 2010)

"A common way to determine whether a risk is considered low, moderate, or high by combining the two dimensions of a risk: its probability of occurrence and its impact on objectives if it occurs." (Cynthia Stackpole, "PMP Certification All-in-One For Dummies", 2011)

"A grid for mapping the probability of each risk occurrence and its impact on project objectives if that risk occurs. " (Project Management Institute, "The Standard for Portfolio Management" 3rd Ed., 2012)

"A graphical representation of impact versus likelihood used to assist in the prioritisation of risks" (David Sutton, "Information Risk Management: A practitioner’s guide", 2014)

[impact matrix:] "A method for assigning values to expected pressures from the macro-environment in order for an organisation to assess the future nature of its context for which it must design an effective strategy." (Duncan Angwin & Stephen Cummings, "The Strategy Pathfinder" 3rd Ed., 2017)

🧭Business Intelligence: Perspectives (Part III: Self-Service BI)

Introduction

According to Gartner, the world's leading information technology research and advisory company, Self-Service BI (aka self-service analytics, ad-hoc analysis, personal analytics), for short SSBI, is a “form of business intelligence (BI) in which line-of-business professionals are enabled and encouraged to perform queries and generate reports on their own, with nominal IT support” [1].

Reading between the lines, SSBI presumes the existence of an infrastructure made of tools to support it (aka self-service BI tools), direct or indirect access to row data and/or data models for the users, and the skillset needed in order to work with data and answer to business problems/questions.

A Little History

The concept of self-service is not new, it just got “rebranded” and transformed into a business opportunity. The need for business users to perform ad-hoc analyses was always there in organizations, especially in the ones not having the right infrastructure for harnessing their data. Even since the 90s with the appearance of products like MS Excel or MS Access in many organizations users were forced by the state of art to learn how to use such products in order to get the answers they needed from the data. Users started building personal solutions, many of them temporary, intended to fill the reporting gaps organizations had. With a little effort and relatively small investment users had the possibility of playing with the data, understanding the data, identifying and solving problems in the business. They acquired thus a certain level of business expertise and data awareness becoming valuable resources in the organization.

With time such solutions grew in scope and data volume, gained broader visibility and reached deeper in organizations, some of them becoming team, departmental or cross-departmental solutions. What grows uncontrolled with time starts to have negative impact on the environment. First tools’ management became a problem because the solutions needed to be backed-up and maintained regularly, then other problems started to surface: security of data, inefficient data processing as increasing volumes of data were processed on local computers and transferred over the network, data and effort were duplicated, different versions of reality existed as different numbers were reported, numbers that were reflecting different definitions, knowledge about the business or data-analysis skillsets. The management needed a more consolidated and standardized effort in order to address these problems. Organizations were forced or embraced the idea of investing money in modern BI solutions, in more powerful servers capable of handling a larger amount of requests, in flexible data models that facilitate data consumption, in data quality initiatives. Thus through various projects a considerable number of such solutions were converted into more standardized and performant BI solutions, the IT department being in control of the changes and new requests.

Back to Present

With IT in control of the reporting requirements the business is forced to rely on the rapidity with which IT is able to address new requirements. Some organizations acquired internal resources in order to build reports and afferent infrastructure in-house, others created partnerships with vendors, or approached a combination of the two. As the volume of requirements isn’t uniform over time, the business has to wait several days between the time a requirement was addressed to IT and a solution was provided. In business terms a few of days of waiting for data can equate with the loss of an opportunity, a decision taken too late, decision that could have broader impact.

A few years ago things started to change when the ad-hoc analysis concept was rebranded as self-service and surfaced as trend. This time vendors like Qlik, Tableau, MicroStrategy or Microsoft, some of the main SSBI vendors, are offering easy to use and rich functionality tools for data integration, visualization and discovery, tools that reflect the advances made in graphics, data storage and processing technologies (e.g. in-memory databases, parallel processing). With just a few drag-and-drops users are able to display details, aggregate data, identify trends and correlations between data. In addition the tools can make use of the existing data models available in data warehouses, data marts and other types of data repositories, including the rich set of open data available on the web.

Looking at the Future

Like its predecessors, SSBI seems to address primarily data analysts and data-aware business users (aka data citizens), however in time is expected to be adopted by more organizations and become more mature where already adopted. Of course, some of the problems from the early days more likely will resurface though through governance, better architectures and tools, integration with other BI capabilities, trainings and awareness most of the problems will be overcome. More likely there will be also organizations in which SSBI will fail. In the end each organization will need to find by itself the value of SSBI.

Previous Post <<||>> Next Post

Resources:
[1] Gartner (2016) Self-Service Analytics [Online] Available from: http://www.gartner.com/it-glossary/self-service-analytics
[2] Gartner (2016) Magic Quadrant for Business Intelligence and Analytics Platforms, by Josh Parenteau, Rita L. Sallam, Cindi Howson, Joao Tapadinhas, Kurt Schlegel, Thomas W. Oestreich [Online] Available from: https://www.gartner.com/doc/reprints?id=1-2XXET8P&ct=160204&st=sb