Business Rules Governance and Management – Part X – Best Practices

This entry is part 10 of 10 in the series Business Rules Governance and Management

This post is part of a series on Business Rules Governance and Management for which the main article can be found here.

In previous posts, I have discussed almost all the topics I wanted to cover (so far) concerning Business Rules Governance and Management. This last post will look at the challenges to expect and some best practices.

Challenges

At DIALOG08, Pierre Berlandier made a presentation on the Challenges expected when implementing Business Rules Governance and Management Processes.

Here are a few :

  1. Staffing of the various roles
    • Staffing of roles is not considered a priority initially
    • Workers are performing other tasks at the same time (multi-tasking)
    • Mitigation:
    • Have a plan with realistic resource availability
    • Have staffing specific tasks in the plan
  2. Internal politics
    • The new, closer relationship between IT and business is difficult to manage
    • Mitigation:
    • This is one of the key benefits of having appropriate governance in place
    • Need to build mutual trust by having appropriate processes in place, and having well defined roles and responsibilities
  3. Lack of BRMS experience
    • Mitigation:
    • Hire outside help and take an incremental approach
    • Train your staff

Best Practices

James Taylor wrote a blog post called “Governance Change Control And Rules” based on a presentation he saw at DIALOG09.

Below is a list of the takeaways from the panel.

There are many things that can help improve the results of a governance implementation in a company. Some of these have been identified by different sources and are reported here to put emphasis on key items that will help implanting the governance process.

  • Executive sponsorship and active evangelism are key
  • Build expertise – centers of excellence – within the groups that are managing rules
  • Start early and iterate the process as you learn more
  • One size will not fit all – be flexible, classify different kinds of rule change and manage them differently
  • Give rule change authority to the people who are expert in the policy
  • People and process matter far more than tools

References

From http://blogs.ilog.com/events/2009/02/05/governance-change-control-and-rules/, by James Taylor

Live from DIALOG – Best Practices in Rule Governance, Blog Post by James Taylor On a Presentation By Pierre Berlandier at DIALOG08
http://jtonedm.com/2008/02/24/live-from-dialog-best-practices-in-rule-governance/

Business Rules Governance and Management – Part IX – Center of Excellence

This entry is part 9 of 10 in the series Business Rules Governance and Management

This post is part of a series on Business Rules Governance and Management for which the main article can be found here.

In previous posts I covered most of the main points relating to Business Rules Governance and Management.

I now want to put all of this work into context with an even bigger picture in mind.

Most of the business rules implementation will come through an initiative that is part of a project. An IT Project will look at what it needs to accomplish, do some research, decide they need a Business Rules Management System (BRMS) and implement one as part of the project.

The next phase will come when they are delivering the project and need to pass on the responsibility of the rules to operations in the organization. The need for management processes and governance is greater at that time and the work discussed as part of this series of posts is performed.

CoE-1

In the meantime, or as part of a separate project in the organization, another initiative that uses business rules is started. They had seen the success and benefits of the first business rules initiative and decided to start using the same approach. Eventually this new project will also need to instill management and governance processes.

CoE-2

As one can imagine, the evolution will probably not stop there and now is the time to think about how to take it to the next level.

Enters the Center Of Excellence (CoE). The CoE is the next step that the organization will probably have to take. The CoE’s mission should be to support any project that intends to use business rules.

The CoE should be the place where:

  • Business Rules specialists (Business and Technical) are united to support projects in a consulting role
  • Training for new people can be coordinated
  • Projects look to get additional resources for execution of the project plan
  • Best practices, Management Processes, Governance Processes are developed

I have covered some of this topic in a previous post called “BPM Center of Excellence applied to Business Rules” (https://www.primatek.ca/blog/2009/03/22/bpm-center-of-excellence/)

CoE-3

Once the Center of Excellence is in place, other projects can more easily benefit from the experiences of other projects.

CoE-4

Although the interactions are shown as “one way” in the diagram above, in real life the interactions are expected to be bidirectional.

In the next post, we will look at some of the challenges you should anticipate as well as some best practices to hopefully make your Governance and Management initiative a successful one.

Business Rules Governance and Management – Part VIII – Access Control

This entry is part 8 of 10 in the series Business Rules Governance and Management

This post is part of a series on Business Rules Governance and Management for which the main article can be found here.

In the previous article of the series, we discussed some of the more important management processes that are required for good business rules management. One of the topics that was touched on in previous articles relates to who can do what, when and the related approval processes.

Security and Access Control can end up playing a vital role in the management processes relating to business rules. There are many ways that your organization may need to control access and security but I will discuss 2 ways which should fit most organizations.

Controlling Access by Role

The list of roles created in previous steps, the life cycle of rules (states and transitions) and the processes might require that only people with specific roles are allowed to perform only specific operations.

For example, it might be unwise to let anyone push rules to production. Was the rule tested? Is it giving the right results?, etc. Similarly you may not want to let a Rule Administrator create or modify rules (their knowledge of the business and the rules might be insufficient).

Each organization will have different requirements for controlling these accesses. Each organisation will also have a very different environment in which these controls need to be implemented (from a technical point of view). It is therefore important that these topics be discussed so that appropriate control mechanisms can be put in place.

Controlling Access by Subject Area

In your organization there may be a need to limit access to specific Subject Areas or groups of rules or rulesets.

For example, all users might have the right to read all the rules, but only users from the marketing and sales area can change the business rules related to marketing and sales. Or if you have multiple product lines, you may want to limit access by product line. You may even want to break it down by rulesets within an subject area. It all depends on your organizations needs, the size of the team you are dealing with, how you are organizing work related to business rules, etc.

The Business Rules Management System (BRMS) that your organization is using should hopefully provide you with the tools or components required to fulfill your security requirements.

In the next post of the series, we will go back to a higher level view and discuss the next steps for implementation of business rules governance and management.

On Enterprise Decision Management

James Taylor and Neil Raden wrotea pretty good white paper on Enterprise Decision Management. I really like the informative contents of the paper which clarifies how the concepts relate to each other, the different layers of technology, etc. Great paper on the topic

It provides details on the technology used for operational decision making, introducing the available technology types and discussing what makes a technology product suitable. It also details the risks and issues involved in adopting Decision Management. How these risks might be mitigated is outlined, and an adoption scorecard to help select appropriate uses is proposed. A reference architecture and some definitions of terms complete the paper.

The original article can be found at the following link (registration required)

http://jtonedm.com/2009/11/30/teradata-magazine-online-prepare-for-impact/

Enjoy!