Thursday, 29 May 2014

Importance of SMART Goals for a Business Analyst

SMART is a mnemonic, giving criteria to guide in the setting of objectives. These could be objectives in project management, employee performance management and personal development. The letters broadly conform to the words specific, measurable, attainable, relevant and time-bound.

As a business analyst one needs to clarify business processes, improve them, identify clear requirements and get right information, document them and get agreement about what a software application needs to do to meet business requirements. A business analyst also needs to build a development plan like any other business professional.

Thus constructing SMART goals for a business analyst is critical as well as challenging at the same time for the success of an IT project. Measurable goals for business analyst should also include a focus on developing leadership skills.

Specific
Goals should be simplistically written and clearly define what you are going to do.  This means the goal is clear and unambiguous. To make goals specific, a business analyst must clearly identify and communicate what is expected, why is it important, who’s involved, where is it going to happen and which attributes are important. A specific goal will usually answer the five "W" questions: What, Why, Who, Where and Which.

Measurable
Goals should be measurable so that you have tangible evidence that you have accomplished the goal. Usually, the entire goal statement is a measure for the project, but there are usually several short-term or smaller measurements built into the goal. The thought behind this is that if a goal is not measurable, it is not possible to know whether a team is making progress toward successful completion. Measuring progress is supposed to help a team stay on track and reach its target dates. Measurable goals for business analyst should encourage seeking out innovative projects and keeping track of the number of stakeholders engaged.

Achievable
While an attainable goal may stretch a team in order to achieve it, the goal is not extreme. That is, the goals are neither out of reach nor below standard performance, as these may be considered meaningless. When you identify goals that are most important to you, you begin to figure out ways you can make them come true. You develop the attitudes, abilities, skills, and financial capacity to reach them.

Relevant
For a business analyst, relevance of a goal is the most important area that often gets neglected. One should make very sure that the goals identified and communicated clearly to all the stakeholders and make sure that all of them understand the relevance and approve of it. Achievable business goals are based on the current conditions and realities of the business climate. You may desire to have your best year in business or increase revenue by 50%, but if a recession is looming and 3 new competitors opened in your market, then your goals aren’t relevant to the realities of the market. Relevant goals (when met) drive the team, department, and organization forward. A goal that supports or is in alignment with other goals would be considered a relevant goal.


Time-bound
Goals should be linked to a timeframe that creates a practical sense of urgency, or results in tension between the current reality and the vision of the goal. Without such tension, the goal is unlikely to produce a relevant outcome. Business goals and objectives just don’t get done when there's no time frame tied to the goal-setting process. Whether your business goal is to increase revenue by 20% or find 5 new clients, choose a time-frame to accomplish your goal.

S.M.A.R.T. is an acronym for the 5 steps of specific, measurable, achievable, relevant, and time-based goals. It’s a simple tool used by business analysts to go beyond the realm of fuzzy goal-setting into an actionable plan for results. This acts as guiding principle for an analyst to approach its goals and achieve it in successful manner within the expected timeframe.

About Author:
Shweta Samudra is a consultant in Systems Plus Pvt. Ltd. Within Systems Plus, she actively contributes to the areas of Technology and Information Security. She can be contacted at: shweta.samudra@spluspl.com

Application Audit - Readiness

Has your organization ever thought of complying with appropriate standards for the application in use? Or are there any processes in place having checkpoints to test the controls implemented? If both questions answer to no then it is essential to have your internal team who would be managing the application follow certain steps that would help you understand the security, risk or threat levels caused by various factors to the information available. There would be a possibility that the support to this application would be outsourced to a support cell and they would be the best source for upholding the vigilance.

Prime objective to conduct IT Audits and assessing the application in place is to ensure data is secure, confidential and have a reasonable assurance that scope for fraudulent transactions is minimum. Audit is never a guarantee since it is based on sampling – auditing the whole population of date is nearly impossible and highly expensive process. So it is very important that the Audit scope is defined to measure the efficiency and effectiveness of the application and in turn the business controls since inappropriate measure to manage the IT risks leads to severe impacts on the business.

Major IT auditing organizations structure their practices and processes around Control Objectives for Information and Related Technology (COBIT) Framework and implement the controls in the processes that suit their needs. Below would be a few processes I feel that are important and common to majority applications from small scale to large scale - to what extent are the controls applicable depend on the requirements and suitability to the organization or department. Again the mentioned points are just the most commonly looked at   and touched areas, there could be many more to speak about but I would limit the blog to just add a flavor to the auditing sector for applications.

Change Management
It is essential that a certain workflow is followed to handle and manage change request of the business as well as users for the application. As per the type of change requests certain approvals should always be obtained for proof. Post the changes have been deployed sign-off from the requestor should be granted in order to close the request.

Security and Access control
A very important factor to be considered - is about the security of an application. A strong grip can be built by ensuring that the security structure and access control for the application designed and planned well. For example during audits when the vulnerability is checked it needs to be made sure that the application reflects the true scenarios in line with the business.
  • Users that no more exists in the organization or who do not work with the system need to be deleted from the application
  • When creating / deleting / modifying users some aspects about the authenticity of the request need to be validate and then accepted as a request to be worked upon
  • With the help of reasonable hierarchy and business need a matrix to access the application should be available and maintained

Problem Management
Problems are part and parcel for any support activity and can be identified and realized with a thorough assessments and analysis. To diminish the problems, they need to be escalated to the right people who are capable of taking appropriate steps. So in a gist, problems should be:
  • Identified, recorded and classified
  • Checking of trends and known problems to perform analysis
  • Tracking of problem tickets and arriving on a final solution
  • Problem Closure

Identify and Allocate Costing
As per the business necessities, a frequency should be decided to have a check on the cost allocation towards the applications in use. The various costs that could be incurred for an application is sustain cost, costs for changes and upgrades, network infrastructure maintenance to keep the system running – example if it is hosted by a 3rd party vendor and so on. Allocation of required costs and conducting a check against the same is helpful to understand the agreed-upon policy.

If an organization is prepared for IT Audit and with the help of control environment and the internal control framework, it becomes easier to see if expectations are realized. Also the extent of variations are highlighted and become an eye opener towards the calling changes needed to progress from point A to B. The policies that are outlined, the governance structure and strategic direction for system access controls can be examined and rectified if need be. By implementing these practices it assures the business of plan towards betterment and having an action plan in place for a successful compliance.

About Author:
Dimpy Thurakhia is a consultant in Systems Plus Pvt. Ltd. Within Systems Plus, she actively contributes to the areas of Technology and Information Security. She can be contacted at dimpy.t@spluspl.com

Wednesday, 28 May 2014

Overview on NOC - SOC teams

Rapid changes in technology have also brought in lot of risks with it. Organizations have tried to keep pace with technology and have implemented solutions like cloud / SAAS etc in order to meet business requirements. Along with these solutions network monitoring and security monitoring have also gathered importance. Organizations have set up network and security monitoring centers in order to ensure that issues can get addressed proactively. The issues can be related to day to day network / IT services operations or could be to address security concerns that an organization may face. It is worth having looking at an overview of what the difference is between an NOC and SOC and if an organization needs to have these two areas looked into separately.  A network Operation Center (NOC) as it is commonly known, primarily looks at network / IT services only. For example a NOC team would keep monitoring all the IT services being provided by the IT team. Review all the alerts that are being raised by the various systems and raise incidents where necessary. For example in case an alert is received about critical server nearing the CPU utilization capacity, the NOC team would raise an incident and ensure that proper communication is sent to business about the same. The ticket would be classified based on severity, appropriate remedial steps would be taken and status reports will be sent out to business. All communications etc would depend on the organization policy and the escalation mechanisms defined etc. A security Operation Center (SOC) on the other hand reviews all the logs that are being generated by the various servers / applications / network devices and tries to identify anomalies in behavioral patterns or deviations from the normal trend. For example if a server reboot normally takes about 30 secs but on a given day it takes about 45secs it would be an issue to investigate. The issue could be related to a virus attack or just corrupt OS files. However this needs to be reviewed and addressed so that appropriate action can be taken. What an organization needs to set up first NOC / SOC depends upon the requirements of the organization. NOC teams are more important where application uptime is of primary importance to the business but the organization does not deal with critical user / client information. SOC teams are more active in organizations which have a lot of confidential or IPR data which needs to be protected. Also the cost of setting up a NOC / SOC as opposed the returns that these teams can generate needs to be evaluated. Since they are not adding to the direct bottom line of the business the benefits that the NOC / SOC teams can only be measured in terms of the benefits business derives from them. For example NOC teams helps to ensure uptime of IT services thus providing business with the tools / applications that they require to perform at an optimum level. SOC teams ensure that there is no breach of security thereby ensuring business reputation is not hampered and increasing investor confidence in the organization. Also as a cost effective measure organizations cal also look at outsourcing the NOC / SOC service to vendors who can provide specialized services for the same These services can be signed up for on a dedicated / shared service model. Again the cost is major component in deciding how the services need to be procured. Also the in house knowledge of the organizations and its strategic vision will also be a deciding factor. In case the organization wants to grow these competencies internally, a huge investment may make sense. If not it would be more viable to outsource the NOC / SOC teams. Even open source tools can be used to meet the organizations requirements. Some of these can also be customized and paid version can be purchased at a minimal cost to get features as required by the organization

NOC / SOC teams have become very important for organization to ensure that business is not impacted by the technology threats and security issues are nipped in the bud. This has helped business to perform at an optimum level without having to worry about downtime and non availability of critical services.



About Author:
Mohini Bhandari is a consultant in Systems Plus Pvt. Ltd. Within Systems Plus, she actively contributes to the areas of Technology and Information Security. She can be contacted at mohini.b@spluspl.com 

2014 in Preview – Procurement and Outsourcing

2013 was a year where many things were predicted at the start but only a few things fell into the right space. It was said that governance would finally grow but it didn’t govern the distance. Other things that was predicted and which has proven to be right is that many customers chose the ‘Do-It-Yourself’ approach for outsourcing. And the last things which went on to make a difference were the role of domestic service providers which increased over the course of the year. The other things which were predicted for 2013 but didn’t do well were – third party deals didn’t do well, China still to become an outsourcing market and also backsourcing prevailed. Many customers are more likely to open their doors for their existing vendors rather than to other third party vendors. Hence third party outsourcing didn’t go well. China still lacking in the global IT services, lack of IT talent hence China is far away from becoming an outsourcing hub. Buyers these days are quite stringent when it comes to heavy outsourcing; hence they thought of backsourcing some of the stuff in-house which in turn will help create jobs. But due to lack of IT functions and knowledge that too didn’t go down well.

2014 is year to think wise and act wise. Below are the top 4 trends that will decide the 2014’s future in outsourcing-

Procure Systems on User experience

Many enterprises these days are actively seeking employee inputs while discovering or building a new product. This is because of the wide number of web and mobile applications floating in the market which are far more intuitive. These procurement systems act as mere purchase orders (PO) machines which are under-utilized and also don’t deliver much ROI. Therefore enterprises are seeking more and more feedbacks from end users and also enduring to more IT process which will be sustainable in the long. The key focus should be on user experience and applying those in your systems and web applications. This way more there will be more gains on your IT investments.

TBL approach

TBL approach basically incorporates the notion of sustainability through the three dimensions – social, environmental (or ecological) and financial (economical). Many enterprises are adopting these three dimensional approach in their business to assess their performance. Apart from the age old norm of corporate profit, organizations are also looking at the long run sustainability of their business. Enterprises are also complying with the government regulations for sustaining their sourcing and procurement methods. This also allows them to focus on their goals and have compliance with their suppliers. This may include defining and setting up metrics around suppliers and creating a sustainable scorecard to measure the suppliers and their ratings. This will help identify the impact on supplier sustainability strategies.

BYOD

Everyone needs information on the go. For this to happen, employee must have access to business critical information. One method to address this is to provide your employees with mobile access to enterprise applications. This is because of the exponential need and growth of the mobile device. Enterprises can also classify their business applications accessed by employees on their devices. They can also use data management tools to keep track of all the data flow and will also ensure device-based operations and processes. Also while implementing these mobile method policies, below are the questions that can be asked.
  • What can be done, where and how?
  • What information is needed for which action?
  • Where will the data be stored during the action?
  • How will this action translate into results?

Governance in mobile procurement

More and more mobile devices will be used while adhering to the BYOD policies. But enterprises will face challenges when it comes to governing these. They will need to formulate policies to identify and mitigate information and data leakages. The data is always important and a key factor to the any organization’s growth. For such risks and threats, enterprise will have to adapt to strict ‘zero tolerance policies’ on violations. At the same time, the employees will have to bear that responsibility and keep the data confidential to them and avoid violating any risks. Proper governance process needs to be set up to align with end-user needs for devices and also ensuring compliance and eliminating such risks.

Governance is and always has been a tough nut to crack it and use it as a process. Other key factors that will important as well in shaping up 2014 are –
  • Governance might get harder
  • Big deals may get smaller and small deals get bigger
  • India to go for better infrastructure
  • Adopt insourcing
  • Slow market in Cloud

About Author:
Mihir Sakhle is consultant and part of Systems Plus Pvt. Ltd. He is a part of consulting team that delivers Sourcing and Vendor Managementg Office projects. He can be contacted at: mihir.s@spluspl.com

Monday, 26 May 2014

SQL Stored Procedures

The purpose of this article to provide understanding and knowledge about SQL Stored Procedure. We will see how to create Stored Procedures in SQL Server. We will also explore Stored Procedures with INPUT/OUTPUT Parameters and Stored Procedures with Transactions and Cursors.

Stored Procedure is a group of T-SQL statements compiled into a single execution plan. It offers various functionalities like –
  • Modularity – Stored Procedures in SQL Server offers Modularity which allows us to divide the program/business logic into number of groups which can be recombined and reused as per our requirements.
  • Easy Maintenance – The required business logic and rules can be enforced and can be changed at any point of time as Stored Procedures are single point of control.
  • Reusability – Once you write a stored procedure, you can reuse the same over and over again in any application.
  • Improved Performance – The Stored Procedures are the compiled T-SQL blocks.
Likewise, there are number of benefits which we can achieve at database level by writing the stored procedures in SQL Server. Stored Procedures can be written with or without parameters to change the output and execute the business logic based on the conditional statements.

Open SQL Server Management Studio (SSMS) and open a New Query window. For this demonstration I will be using the Northwind database so it will help you to understand very easily.
Here are the tables which we will make use for querying the data in our stored procedures –

USE Northwind

GO
--Tables to be used during Stored Procedures
SELECT  * FROM    Customers
SELECT  * FROM    Employees
SELECT  * FROM    Orders
SELECT  * FROM    [Order Details]
SELECT  * FROM    Products
GO


A Simple Stored Procedure

We will start by creating a stored procedure which will fetch all the order details with product name and supplier details. Let’s write this code in our SSMS Query window –

CREATE PROCEDURE FetchAllOrderDetails
AS
    BEGIN
        SELECT  O.OrderID , MONTH(O.OrderDate) Order_Month ,  P.ProductName , P.UnitPrice , P.UnitsInStock ,
                S.CompanyName  FROM    Orders O
                INNER JOIN [Order Details] OD ON O.OrderID = OD.OrderID
                INNER JOIN Products P ON OD.ProductID = P.ProductID
                INNER JOIN Suppliers S ON P.SupplierID = S.SupplierID
    END

    EXEC FetchAllOrderDetails

The output of the above stored procedure is as follows –
Add caption









Stored Procedure with a Parameter

Now we will write another stored procedure to fetch the product details and category details of the products purchased by the customer. We will input a customer ID to our stored procedure.


CREATE PROCEDURE CustomerProductDetails
    (
      @p_CustomerID NVARCHAR(10)
    )
AS
    BEGIN
        SELECT  CAT.CategoryName ,  CAT.[Description] ,  P.ProductName ,  P.UnitPrice ,  P.UnitsInStock  FROM    Customers C
                INNER JOIN Orders O ON C.CustomerID = O.CustomerID
                INNER JOIN [Order Details] OD ON O.OrderID = OD.OrderID
                INNER JOIN Products P ON OD.ProductID = P.ProductID
                INNER JOIN Categories CAT ON P.CategoryID = CAT.CategoryID
        WHERE   C.CustomerID = @p_CustomerID
    END

    EXEC CustomerProductDetails 'QUEEN'


The output of above stored procedure is as shown below –


Stored Procedure with INPUT and OUTPUT parameter

We will vary the stored procedure we just wrote, this time with an INPUT and OUTPUT parameters. We will try fetching the product details which are supplied by a given supplier ID and will return the supplier’s Contact Name and Company Name. Let’s write the below code in our query pad –

CREATE PROCEDURE FetchSupplierProducts
    (
      @p_SupplierID INT ,
      @p_SupplierName NVARCHAR(30) OUTPUT ,
      @p_CompanyName NVARCHAR(30) OUTPUT
    )
AS
    BEGIN
        SELECT  P.ProductID ,  P.ProductName ,   P.UnitPrice   FROM    Products P
        INNER JOIN Suppliers S ON P.SupplierID = S.SupplierID  WHERE   S.SupplierID = @p_SupplierID
        SELECT  @p_SupplierName = ContactName ,  @p_CompanyName = CompanyName  FROM    Suppliers
        WHERE   SupplierID = @p_SupplierID
    END

To test the stored procedure, write the following code – 

DECLARE @v_ContactName NVARCHAR(30)
DECLARE @v_CompanyName NVARCHAR(30)

EXEC FetchSupplierProducts 1, @v_ContactName OUTPUT, @v_CompanyName OUTPUT
SELECT  @v_CompanyName CompanyName ,  @v_ContactName SupplierName


The output of the above stored procedure is as shown below – 














Stored Procedure using a Cursor

The next stored procedure we will write will make use of CURSOR to modify the number of rows one by one. The stored procedure fetches each employee one by one and checks if the salary of an employee is greater than the manager’s salary. If the salary is greater than the manager’s salary, the job of an employee will be updated to Manager.

For the next demonstration, we will create three tables and add some dummy data in the same. Write below following code to create the three tables and insert some data –


CREATE TABLE tblDepartment
    (
      IntDeptNo INT PRIMARY KEY ,
      Name VARCHAR(20) ,
      Location VARCHAR(20)
    )

CREATE TABLE tblEmployee
    (
      IntEmptID INT PRIMARY KEY ,
      EmpName VARCHAR(20) ,
      Job VARCHAR(20) ,
      MgrNo INT ,
      Sal DECIMAL(8, 2) ,
      IntDeptNo INT REFERENCES tblDepartment ( IntDeptNo )
    )

CREATE TABLE tblUpdatedSalTable
    (
      IntEmptID INT PRIMARY KEY ,
      EmpName VARCHAR(20) ,
      Job VARCHAR(20) ,
      MgrNo INT ,
      Sal DECIMAL(8, 2) ,
      IntDeptNo INT REFERENCES tblDepartment ( IntDeptNo )
    )

INSERT  INTO tblDepartment VALUES  ( 10, 'Sales', 'East' )
INSERT  INTO tblDepartment VALUES  ( 20, 'Cashier', 'West' )
INSERT  INTO tblDepartment VALUES  ( 30, 'Investigation', 'North' )
INSERT  INTO tblDepartment VALUES  ( 40, 'Income', 'South' )
INSERT  INTO tblEmployee VALUES  ( 1008, 'Pushkar', 'Vice President', NULL, 1200, 10 )
INSERT  INTO tblEmployee VALUES  ( 1000, 'Kalpesh', 'Manager', 1008, 3200, 10 )
INSERT  INTO tblEmployee VALUES  ( 1001, 'Vijay', 'Sales Rept', 1000, 2200, 10 )
SELECT  FROM    tblDepartment
SELECT  * FROM    tblEmployee
GO

CREATE PROCEDURE UpdateJobOfWorker

AS
    BEGIN
        DECLARE @UpdateSal NVARCHAR(20)= 'Salary Update Transaction'
        BEGIN TRY
            BEGIN TRAN @UpdateSal
           
            DECLARE @ENO INT
            DECLARE complex_cursor CURSOR FOR
           
            SELECT WORKER.IntEmptID  FROM dbo.tblEmployee AS WORKER
            WHERE Sal>  (SELECT Sal FROM dbo.tblEmployee AS MANAGER  WHERE WORKER.MGRNO = MANAGER.IntEmptID)
           
            OPEN complex_cursor ;
            FETCH NEXT FROM complex_cursor INTO @ENO ;
            WHILE ( @@FETCH_STATUS = 0 )
                BEGIN
                    SELECT  @ENO
                    UPDATE  dbo.tblEmployee  SET     JOB = 'MANAGER'  WHERE   IntEmptID = @ENO ;
                    FETCH NEXT FROM complex_cursor INTO @ENO ;
                END
            CLOSE complex_cursor ;
            DEALLOCATE complex_cursor ;
            COMMIT TRAN @UpdateSal
        END TRY
        BEGIN CATCH
            SELECT  ERROR_MESSAGE() , ERROR_NUMBER() , ERROR_SEVERITY()
            ROLLBACK TRAN @UpdateSal
            CLOSE complex_cursor ;
            DEALLOCATE complex_cursor ;
        END CATCH
    END

EXEC dbo.UpdateJobOfWorker


About Author:
Pushkar Rathod is a consultant in Systems Plus Pvt. Ltd. Within Systems Plus, he actively contributes to the areas of Technology and Information Security. He can be contacted at pushkar.r@spluspl.com