Data overload is becoming a huge challenge for businesses and a headache for decision makers.
Public and private sector corporations are drowning in data — from sales, transactions, pricing, supply chains, discounts, product, customer process, projects, RFID smart tags, tracking of shipments, as well as email, Web traffic and social media.
Enterprise software, Web and mobile technologies are more than doubling the quantity of business data every year, and the pace is quickening. But the data/information tsunami is also an enormous opportunity if tamed by the right organization structure, processes and platforms.
A business intelligence (BI) center of excellence (CoE) – also called BI Shared Services or BI Competency Centers – is all about enabling this disciplined transformation along the information value chain:
Raw Data - Aggregated Data - Intelligence - Insights - Decisions - Operational Impact - Financial Outcomes - Value creation.
A BI CoE can improve operating efficiencies by eliminating duplication and streamlining processes.
In this article we are going to look at several aspects of executing a BI CoE:
- What does a BI CoE need to do?
- Insource or outsource the BI CoE?
- Why do BI CoE’s fail?
- BI CoE iImplementation checklist
What do BI CoEs need to do?
BI and analytics has come of age, but all the technological advances haven’t minimized the pain of trying to manage a tangle of platforms, tools, data silos and implementations.
Best practice organizations attempt to focus on the data and “use cases” in addition to the platforms, tools and technology. A structural way of getting the people, process and technology aligned is the BI CoE structure.
A BI CoE does the following:
- Establishment of overall governance framework
- Clear SLAs that the business units will get
- Ensuring the provision of appropriate infrastructure
- Project planning and progress reporting
- Establishment of key milestones and deliverables
- Rigorous project management methodology
- Proactive risk and issues management
- Change management, communications and training
- Quality assurance
Insourcing or outsourcing? What is the right structure for a CoE?
This is a tough question. Insourcing is all about control. You typically want to insource for the following reasons:
- Greater control over resources
- Greater ability to control intellectual property
- Increased visibility of accountability within the organization
- Have confidence in your team to do meticulous planning and flawless execution
Outsoucing to a vendor or a cloud platform is all about leverage. You want to outsource for the following reasons:
- Access to resources and expertise quickly without a long recruiting cycle
- Different cost structure (less Capex and more Opex) and quicker startup
- The vendor brings a broad-based perspective that, if leveraged properly, can be quite invaluable
The best option is usually a hybrid model – a mix of insourced and outsourced models. The metrics you typically want to optimize in any structure are cost, quality, productivity, innovation and speed to market.
In a hybrid model, think through which resources are in house and which resources can be outsourced – executive sponsors, BI leadership, program and project managers, business analysts, architects, administrators, developers, data stewards, data modelers and data warehouse analysts.
Also, when data is governed by various Data Privacy laws (see list of International and U.S Data Privacy Legislation below), think about which enterprise-wide data integration initiatives can be in house vs. outsourced – data warehousing, data migration, data consolidation, data synchronization, and data quality, as well as the establishment of data hubs, data services, cross-enterprise data exchange, and integration competency centers.
Think through different types of data and which laws impact each by geography – personal privacy data, client data, internal process data, and B2B data.
Why do BI CoEs fail?
Based on our experience, typical reasons why BI CoE (Shared Services or Competency Centers) fail include:
- Lack of visible sponsorship
- Lack of baseline/metric/system to measure progress
- Unclear, ineffective decision making process
- The right people not involved
- Not anticipating and proactively managing people issues
- Skills for new roles or jobs are assumed and not tested/assessed
- Planned organizational rationalization is not achieved
- Different departments are resistant to “letting go”
- Lack of understanding about data privacy laws
The proper execution and implementation strategy must specifically address each of these issues.
BI CoE implementation checklist
- List and prioritize the business drivers for establishing BI CoE as a shared-services model
- List and analyze the benefits expected to be derived out of the BI CoE set-up
- Determine a budget for the setting up BI CoE
- Set a time frame for realizing benefits out of BI CoE
- Assign a person and establish a team to drive the BI CoE initiative
- Assign the designation of the person heading the BI CoE initiative
- Determine if the setting-up of BI CoE operations will require the involvement of an external consultant
- List and prioritize activities that can transferred to BI CoE
- Select activities that logically fit together
- Analyze if the activities are strategic or transactional in nature
- Analyze the level of customization the activity will require
- Analyze and determine if the organization will need to procure technology to deliver services through BI CoE
Insource vs. outsource checklist
Analyze the cost of maintaining the technology in-house.
- Evaluate the benefits of outsourcing versus maintaining in-house BI CoE Estimate the cost savings that would result from setting up of a BI CoE
- Estimate the improvement in service-delivery time that would result from BI CoE
- Evaluate the changes in organizational structure that would result due to the setting-up of the BI CoE
- Evaluate if stablishing the BI CoE would lead to any reductions or changes in existing jobs
Change management checklist
- Secure senior management commitment to act as a sponsor of the BI CoE initiative
- Identify all stakeholders that will be affected by BI CoE implementation and assess the degree of impact
- Align the setting up of shared services with the current organizational culture
- Assess if the existing HR policies, practices and processes (e.g., compensation, benefits, performance) support BI CoE implementation
- Assess if the organization has the infrastructure to support and enable employees, i.e., provide them with the appropriate tools and training
- Establish a process for managing conflicts in case they arise
Establish a framework and process for measuring the success of the BI CoE initiative
1) See The Nielsen Company BI COE: A Case Study, which was presented at IBM Cognos Forum 2009. This case study describes the challenges in designing and implementing a BI COE. You’ll see how The Nielsen Company leverages internal staff in the BI COE to support a total of 30,000 employees and a distributed global Cognos development environment.
2) See Managing a Business Intelligence Center of Excellence with Business Objects: A Case Study at Amtrak. This describes how Amtrak implemented a BI COE around SAP Business Objects.
Personally Identifiable Information in a CoE Structuring a CoE in some businesses that handle Personally Identifiable Information (PII) might require some additional attention to various data privacy laws. We provide below some links to International Data Privacy Laws and U.S Data Privacy Laws.
International Data Privacy Laws The following list contains a number of international privacy related laws by country and region. Wherever possible, these hyperlinks reference an English translation of the law. Some laws in the U.S with Data Privacy language are listed below.
Argentina: Personal Data Protection Act of 2000 (aka Habeas Data) http://www.bcra.gov.ar/pdfs/marco/iHabeas%20Data.PDF
Austria: Data Protection Act 2000, Austrian Federal Law Gazette part I No. 165/1999 http://www.dsk.gv.at/site/6274/default.aspx Australia: Privacy Act of 1988 http://www.privacy.gov.au/law/act
Belgium: Belgium Data Protection Law and Belgian Data Privacy Commission Privacy Blog http://www.privacybelgium.be/privacy_belgium/laws_and_regulations/
Brazil: Privacy currently governed by Article 5 of the 1988 Constitution.
Bulgaria: The Bulgarian Personal Data Protection Act, was adopted on December 21, 2001 and entered into force on January 1, 2002. More information at the Bulgarian Data Protection Authority – http://www.cpdp.bg/ Canada: The Privacy Act – July 1983
Personal Information Protection and Electronic Data Act (PIPEDA) of 2000 (Bill C-6) http://www.parl.gc.ca/HousePublications/Publication.aspx?Pub=Bill&Doc=C-6&Language=E&Mode=1&Parl=36&Ses=2
Chile: Act on the Protection of Personal Data, August 1998 Colombia: Two laws affecting data privacy – Law 1266 of 2008: (in Spanish) and Law 1273 of 2009 (in Spanish) http://www.ibls.com/internet_law_news_portal_view.aspx?s=latestnews&id=2199 Also, the constitution provides any person the right to update their personal information
Czech Republic: Act on Protection of Personal Data (April 2000) No. 101 http://www.uoou.cz/uoou.aspx?menu=4&submenu=5&lang=en
Denmark: Act on Processing of Personal Data, Act No. 429, May 2000. http://www.datatilsynet.dk/english/
Estonia: Personal Data Protection Act of 2003. June 1996, Consolidated July 2002. http://www.legaltext.ee/en/andmebaas/tekst.asp?loc=text&dok=X70030&keel=en&pg=1&ptyyp=RT&tyyp=X&query=data%2BprotectionLink
European Union: European Union Data Protection Directive of 1998 http://www.cdt.org/privacy/eudirective/EU_Directive_.html EU Internet Privacy Law of 2002 (DIRECTIVE 2002/58/EC) With a discussion here.
Finland: Act on the Amendment of the Personal Data Act (986) 2000. http://www.finlex.fi/pdf/saadkaan/E9990523.PDF
France: Data Protection Act of 1978 (revised in 2004) Germany: Federal Data Protection Act of 2001 http://www.iuscomp.org/gla/statutes/BDSG.htm
Greece: Law No.2472 on the Protection of Individuals with Regard to the Processing of Personal Data, April 1997. – http://www.freedominfo.org/regions/europe/greece/
Guernsey: Data Protection (Bailiwick of Guernsey) Law of 2001 http://www.gov.gg/ccm/navigation/home-department/data-protection-commissioner/2001-law/
Hong Kong: Personal Data Ordinance (The “Ordinance”) http://www.privacy.com.hk/contents.html
Hungary: Act LXIII of 1992 on the Protection of Personal Data and the Publicity of Data of Public Interests (excerpts in English). http://abiweb.obh.hu/dpc/index.php?menu=reports/1995/I
Iceland: Act of Protection of Individual; Processing Personal Data (Jan 2000) http://www.personuvernd.is/information-in-english/greinar/nr/438
Ireland: Data Protection (Amendment) Act, Number 6 of 2003 http://www.irishstatutebook.ie/2003/en/act/pub/0006/index.html India: Information Technology Act of 2000 http://www.mit.gov.in/content/cyber-laws
Italy: Data Protection Code of 2003 http://www.dataprotection.it/codice_privacy_english.htm Italy: Processing of Personal Data Act, January 1997
Japan: Personal Information Protection Law (Act) (Official English Translation) Law Summary from Jones Day Publishing http://www.jonesday.com/newsknowledge/publicationdetail.aspx?publication=2920 Japan: Law for the Protection of Computer Processed Data Held by Administrative Organs, December 1988 Korea – Act on Personal Information Protection of Public Agencies Act on Information and Communication Network Usage http://unpan1.un.org/intradoc/groups/public/documents/APCITY/UNPAN025694.pdf
Latvia: Personal Data Protection Law, March 23, 2000 http://www.dvi.gov.lv/eng/legislation/pdp/
Lithuania: Law on Legal Protection of Personal Data (June 1996) http://www3.lrs.lt/pls/inter3/dokpaieska.showdoc_l?p_id=208886
Luxembourg: Law of 2 August 2002 on the Protection of Persons with Regard to the Processing of Personal Data http://www.cnpd.public.lu/fr/decisions-avis/index.html
Malaysia – Common Law principle of confidentiality Personal Data Protection Bill (Not finalized) Banking and Financial Institutions Act of 1989 privacy provisions http://www.kehakiman.gov.my/judgment/fc/latest/2009/MPRS.02-50-2006(W)DatoAnthonySeeTeowGuan.pdf Malta: Data Protection Act (Act XXVI of 2001), Amended March 22, 2002, November 15, 2002 and July 15, 2003 http://ec.europa.eu/justice/policies/privacy/docs/implementation/malta_en.pdf
Morocco: Data Protection Act http://www.moroccobusinessnews.com/Content/Article.asp?idr=18&id=1590 Netherlands: Dutch Personal Data Protection Act 2000 as amended by Acts dated 5 April 2001, Bulletin of Acts, Orders and Decrees 180, 6 December 2001 http://www.dutchdpa.nl/Pages/en_ind_wetten_wbp_wbp.aspx
New Zealand: Privacy Act, May 1993; Privacy Amendment Act, 1993; Privacy Amendment Act, 1994 http://www.legislation.govt.nz/act/public/1993/0028/latest/DLM3456800.html?search=qs_act_medicines_resel
Norway: Personal Data Act (April 2000) – Act of 14 April 2000 No. 31 Relating to the Processing of Personal Data (Personal Data Act) http://www.ub.uio.no/ujur/ulovdata/lov-20000414-031-eng.pdf
Philippines: No general data protection law, but there is a recognized right of privacy in civil law and a model data protection code http://www.trustsg.org.sg/downloads/Data_Protection_Code_v1.3.pdf
Portugal: Act on the Protection of Personal Data (Law 67/98 of 26 October) http://www.cnpd.pt/english/bin/legislation/Law6798EN.HTM
Romania: Law No. 677/2001 for the Protection of Persons concerning the Processing of Personal Data and the Free Circulation of Such Data http://www.avp.ro/indexen.html Poland: Act of the Protection of Personal Data (August 1997) http://www.polishlaw.com.pl/pct/fileakty_prawne31_0.pdf
Singapore – The E-commerce Code for the Protection of Personal Information and Communications of Consumers of Internet Commerce. Other related Singapore Laws and E-commerce Laws http://www.ida.gov.sg/Policies%20and%20Regulation/20060418214814.aspx
Slovak Republic: Act No. 428 of 3 July 2002 on Personal Data Protection http://www.dataprotection.gov.sk/buxus/generate_page.php3?page_id=449
Slovenia: Personal Data Protection Act, RS No. 55/99 South Africa: Electronic Communications and Transactions Act, 2002 http://www.internet.org.za/ect_act.html
South Korea: The Act on Promotion of Information and Communications Network Utilization and Data Protection of 2000 http://unpan1.un.org/intradoc/groups/public/documents/APCITY/UNPAN025694.pdf
Spain: ORGANIC LAW 15/1999 of 13 December on the Protection of Personal Data https://www.agpd.es/portalwebAGPD/english_resources/regulations/common/pdfs/Ley_Orgaica_15-99_ingles.pdf
Switzerland: The Federal Law on Data Protection of 1992 http://www.admin.ch/ch/e/rs/235_1/index.html Sweden: Personal Data Protection Act (1998:204), October 24, 1998 http://www.datainspektionen.se/sv/in-english/legislation/the-personal-data-act/
Taiwan: Computer Processed Personal data Protection Law – applies only to public institutions. (English Translation) http://www.coe.int/t/dghl/standardsetting/dataprotection/National%20laws/Taiwan-CP-DPLaw.pdf
Thailand: Official Information Act, B.E. 2540 (1997) for state agencies. (Personal data Protection bill under consideration) http://www.oic.go.th/content/act/act2540eng.pdf
United Kingdom: UK Data Protection Act 1998 Privacy and Electronic Communications (EC Directive) Regulations 2003 official text, and a consumer oriented site at the Information Commissioner’s Office http://www.legislation.gov.uk/ukpga/1998/29/contents Vietnam: The Law on Electronic Transactions 2008 http://www.asialaw.com/Article/2004303/Channel/17441/The-law-on-electronic-transactions-and-information-a-general-outline.html
United States Privacy Laws The following list contains a number of United States federal and state laws that have provisions for data privacy. Also see our list of International Privacy Laws.
Americans with Disabilities Act (ADA) – Primer for business http://www.eeoc.gov/laws/statutes/ada.cfm Cable Communications Policy Act of 1984 (Cable Act) http://www.law.cornell.edu/uscode/html/uscode47/usc_sec_47_00000551—-000-.html
California Senate Bill 1386 (SB 1386) – Chaptered version http://info.sen.ca.gov/pub/01-02/bill/sen/sb_1351-1400/sb_1386_bill_20020926_chaptered.html
Children’s Internet Protection Act of 2001 (CIPA) Children’s Online Privacy Protection Act of 1998 (COPPA) http://www.ftc.gov/ogc/coppa1.htm Communications Assistance for Law Enforcement Act of 1994 (CALEA) – Official CALEA website http://www.askcalea.net/calea/
Computer Fraud and Abuse Act of 1986 (CFAA) law summary. Full text at Cornell http://www.justice.gov/criminal/cybercrime/cc.html
Computer Security Act of 1987 – (Superseded by the Federal Information Security Management Act (FISMA) http://csrc.nist.gov/drivers/index.html
Consumer Credit Reporting Reform Act of 1996 (CCRRA) – Modifies the Fair Credit Reporting Act (FCRA). http://epic.org/privacy/fcra/
Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act of 2003 law overview. Text of law at Cornell library Electronic Funds Transfer Act (EFTA) Summary http://www.fdic.gov/regulations/laws/rules/6500-1350.html
Fair and Accurate Credit Transactions Act (FACTA) of 2003 http://www.ftc.gov/os/statutes/fcrajump.shtm
Fair Credit Reporting Act (Full Text). http://www.ftc.gov/os/statutes/031224fcra.pdf
Federal Information Security Management Act (FISMA) http://csrc.nist.gov/drivers/documents/FISMA-final.pdf
Federal Trade Commission Act (FTCA) http://www.ftc.gov/ogc/brfovrvw.shtm
Driver’s Privacy Protection Act of 1994. Text of law at Cornell http://epic.org/privacy/drivers/
Electronic Communications Privacy Act of 1986 (ECPA) http://www.law.cornell.edu/uscode/html/uscode18/usc_sup_01_18.html
Electronic Freedom of Information Act of 1996 (E-FOIA) Discussion as it related to the Freedom of Information Act http://thomas.loc.gov/cgi-bin/query/z?c104:H.R.3802.ENR: http://www.fcc.gov/foia/
Family Education Rights and Privacy Act of 1974 (FERPA; also know as the Buckley Amendment) http://www2.ed.gov/policy/gen/guid/fpco/ferpa/index.html
Gramm-Leach-Bliley Financial Services Modernization Act of 1999 (GLBA) http://business.ftc.gov/privacy-and-security/gramm-leach-bliley-act Privacy Act of 1974 – including U.S. Department of Justice Overview http://www.justice.gov/opcl/privacyact1974.htm
Privacy Protection Act of 1980 (PPA) – http://www.law.cornell.edu/uscode/html/uscode42/usc_sec_42_00002000–aa000-.html Additional discussion at http://www.epic.org/privacy/ppa/
Right to Financial Privacy Act of 1978 (RFPA) http://www.fdic.gov/regulations/laws/rules/6500-2550.html
Telecommunications Act of 1996 http://transition.fcc.gov/telecom.html
Telephone Consumer Protection Act of 1991 (TCPA) – http://transition.fcc.gov/cgb/consumerfacts/tcpa.html Text of law at http://www.law.cornell.edu/uscode/47/227.html
Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 (USA PATRIOT Act) http://thomas.loc.gov/cgi-bin/bdquery/z?d107:h.r.03162: Video Privacy Protection Act of 1988 discussion and overview. Text of law at: Cornell Law Library. http://epic.org/privacy/vppa/
Shirish Netke is EVP Business Analytics Solutions at Saama Technologies, where he focuses on building business-specific analytics solutions. Ravi Kalakota is Managing Director at Alvarez & Marsal, a restructuring, turnaournd, performance improvement, and business consulting firm.
This article was originally published at Business Analytics 3.0.