Skip to main content

Executing a BI CoE (BI Shared Services or BI Competency Center)

By May 24, 2011Article

Data overload is becoming a huge challenge for businesses and a headache for decision makers.

Public and private sector corporations are drowning in data — from sales, transactions, pricing, supply chains, discounts, product, customer process, projects, RFID smart tags, tracking of shipments, as well as email, Web traffic and social media.

Enterprise software, Web and mobile technologies are more than doubling the quantity of business data every year, and the pace is quickening. But the data/information tsunami is also an enormous opportunity if tamed by the right organization structure, processes and platforms.

A business intelligence (BI) center of excellence (CoE) – also called BI Shared Services or BI Competency Centers – is all about enabling this disciplined transformation along the information value chain:

Raw Data – Aggregated Data – Intelligence – Insights – Decisions – Operational Impact – Financial Outcomes – Value creation.

A BI CoE can improve operating efficiencies by eliminating duplication and streamlining processes.

In this article we are going to look at several aspects of executing a BI CoE:

  • What does a BI CoE need to do?
  • Insource or outsource the BI CoE?
  • Why do BI CoE’s fail?
  • BI CoE iImplementation checklist

What do BI CoEs need to do?

BI and analytics has come of age, but all the technological advances haven’t minimized the pain of trying to manage a tangle of platforms, tools, data silos and implementations.

Best practice organizations attempt to focus on the data and “use cases” in addition to the platforms, tools and technology. A structural way of getting the people, process and technology aligned is the BI CoE structure.

A BI CoE does the following:

  • Establishment of overall governance framework
  • Clear SLAs that the business units will get
  • Ensuring the provision of appropriate infrastructure
  • Project planning and progress reporting
  • Establishment of key milestones and deliverables
  • Rigorous project management methodology
  • Proactive risk and issues management
  • Change management, communications and training
  • Quality assurance

Insourcing or outsourcing? What is the right structure for a CoE?

This is a tough question. Insourcing is all about control. You typically want to insource for the following reasons:

  • Greater control over resources
  • Greater ability to control intellectual property
  • Increased visibility of accountability within the organization
  • Have confidence in your team to do meticulous planning and flawless execution

Outsoucing to a vendor or a cloud platform is all about leverage. You want to outsource for the following reasons:

  • Access to resources and expertise quickly without a long recruiting cycle
  • Different cost structure (less Capex and more Opex) and quicker startup
  • The vendor brings a broad-based perspective that, if leveraged properly, can be quite invaluable

The best option is usually a hybrid model – a mix of insourced and outsourced models. The metrics you typically want to optimize in any structure are cost, quality, productivity, innovation and speed to market.

In a hybrid model, think through which resources are in house and which resources can be outsourced – executive sponsors, BI leadership, program and project managers, business analysts, architects, administrators, developers, data stewards, data modelers and data warehouse analysts.

Also, when data is governed by various Data Privacy laws (see list of International and U.S Data Privacy Legislation below), think about which enterprise-wide data integration initiatives can be in house vs. outsourced – data warehousing, data migration, data consolidation, data synchronization, and data quality, as well as the establishment of data hubs, data services, cross-enterprise data exchange, and integration competency centers.

Think through different types of data and which laws impact each by geography – personal privacy data, client data, internal process data, and B2B data.

Why do BI CoEs fail?

Based on our experience, typical reasons why BI CoE (Shared Services or Competency Centers) fail include:

  • Lack of visible sponsorship
  • Lack of baseline/metric/system to measure progress
  • Unclear, ineffective decision making process
  • The right people not involved
  • Not anticipating and proactively managing people issues
  • Skills for new roles or jobs are assumed and not tested/assessed
  • Planned organizational rationalization is not achieved
  • Different departments are resistant to “letting go”
  • Lack of understanding about data privacy laws

The proper execution and implementation strategy must specifically address each of these issues.

BI CoE implementation checklist

  • List and prioritize the business drivers for establishing BI CoE as a shared-services model
  • List and analyze the benefits expected to be derived out of the BI CoE set-up
  • Determine a budget for the setting up BI CoE
  • Set a time frame for realizing benefits out of BI CoE
  • Assign a person and establish a team to drive the BI CoE initiative
  • Assign the designation of the person heading the BI CoE initiative
  • Determine if the setting-up of BI CoE operations will require the involvement of an external consultant
  • List and prioritize activities that can transferred to BI CoE
  • Select activities that logically fit together
  • Analyze if the activities are strategic or transactional in nature
  • Analyze the level of customization the activity will require
  • Analyze and determine if the organization will need to procure technology to deliver services through BI CoE

Insource vs. outsource checklist

Analyze the cost of maintaining the technology in-house.

  • Evaluate the benefits of outsourcing versus maintaining in-house BI CoE Estimate the cost savings that would result from setting up of a BI CoE
  • Estimate the improvement in service-delivery time that would result from BI CoE
  • Evaluate the changes in organizational structure that would result due to the setting-up of the BI CoE
  • Evaluate if stablishing the BI CoE would lead to any reductions or changes in existing jobs

Change management checklist

  • Secure senior management commitment to act as a sponsor of the BI CoE initiative
  • Identify all stakeholders that will be affected by BI CoE implementation and assess the degree of impact
  • Align the setting up of shared services with the current organizational culture
  • Assess if the existing HR policies, practices and processes (e.g., compensation, benefits, performance) support BI CoE implementation
  • Assess if the organization has the infrastructure to support and enable employees, i.e., provide them with the appropriate tools and training
  • Establish a process for managing conflicts in case they arise

Establish a framework and process for measuring the success of the BI CoE initiative

1) See The Nielsen Company BI COE: A Case Study, which was presented at IBM Cognos Forum 2009. This case study describes the challenges in designing and implementing a BI COE. You’ll see how The Nielsen Company leverages internal staff in the BI COE to support a total of 30,000 employees and a distributed global Cognos development environment.

2) See Managing a Business Intelligence Center of Excellence with Business Objects: A Case Study at Amtrak. This describes how Amtrak implemented a BI COE around SAP Business Objects.

Personally Identifiable Information in a CoE Structuring a CoE in some businesses that handle Personally Identifiable Information (PII) might require some additional attention to various data privacy laws. We provide below some links to International Data Privacy Laws and U.S Data Privacy Laws.

International Data Privacy Laws The following list contains a number of international privacy related laws by country and region. Wherever possible, these hyperlinks reference an English translation of the law. Some laws in the U.S with Data Privacy language are listed below.

Argentina: Personal Data Protection Act of 2000 (aka Habeas Data)

Austria: Data Protection Act 2000, Austrian Federal Law Gazette part I No. 165/1999 Australia: Privacy Act of 1988

Belgium: Belgium Data Protection Law and Belgian Data Privacy Commission Privacy Blog

Brazil: Privacy currently governed by Article 5 of the 1988 Constitution.

Bulgaria: The Bulgarian Personal Data Protection Act, was adopted on December 21, 2001 and entered into force on January 1, 2002. More information at the Bulgarian Data Protection Authority – Canada: The Privacy Act – July 1983

Personal Information Protection and Electronic Data Act (PIPEDA) of 2000 (Bill C-6)

Chile: Act on the Protection of Personal Data, August 1998 Colombia: Two laws affecting data privacy – Law 1266 of 2008: (in Spanish) and Law 1273 of 2009 (in Spanish) Also, the constitution provides any person the right to update their personal information

Czech Republic: Act on Protection of Personal Data (April 2000) No. 101

Denmark: Act on Processing of Personal Data, Act No. 429, May 2000.

Estonia: Personal Data Protection Act of 2003. June 1996, Consolidated July 2002.

European Union: European Union Data Protection Directive of 1998 EU Internet Privacy Law of 2002 (DIRECTIVE 2002/58/EC) With a discussion here.

Finland: Act on the Amendment of the Personal Data Act (986) 2000.

France: Data Protection Act of 1978 (revised in 2004) Germany: Federal Data Protection Act of 2001

Greece: Law No.2472 on the Protection of Individuals with Regard to the Processing of Personal Data, April 1997. –

Guernsey: Data Protection (Bailiwick of Guernsey) Law of 2001

Hong Kong: Personal Data Ordinance (The “Ordinance”)

Hungary: Act LXIII of 1992 on the Protection of Personal Data and the Publicity of Data of Public Interests (excerpts in English).

Iceland: Act of Protection of Individual; Processing Personal Data (Jan 2000)

Ireland: Data Protection (Amendment) Act, Number 6 of 2003 India: Information Technology Act of 2000

Italy: Data Protection Code of 2003 Italy: Processing of Personal Data Act, January 1997

Japan: Personal Information Protection Law (Act) (Official English Translation) Law Summary from Jones Day Publishing Japan: Law for the Protection of Computer Processed Data Held by Administrative Organs, December 1988 Korea – Act on Personal Information Protection of Public Agencies Act on Information and Communication Network Usage

Latvia: Personal Data Protection Law, March 23, 2000

Lithuania: Law on Legal Protection of Personal Data (June 1996)

Luxembourg: Law of 2 August 2002 on the Protection of Persons with Regard to the Processing of Personal Data

Malaysia – Common Law principle of confidentiality Personal Data Protection Bill (Not finalized) Banking and Financial Institutions Act of 1989 privacy provisions Malta: Data Protection Act (Act XXVI of 2001), Amended March 22, 2002, November 15, 2002 and July 15, 2003

Morocco: Data Protection Act Netherlands: Dutch Personal Data Protection Act 2000 as amended by Acts dated 5 April 2001, Bulletin of Acts, Orders and Decrees 180, 6 December 2001

New Zealand: Privacy Act, May 1993; Privacy Amendment Act, 1993; Privacy Amendment Act, 1994

Norway: Personal Data Act (April 2000) – Act of 14 April 2000 No. 31 Relating to the Processing of Personal Data (Personal Data Act)

Philippines: No general data protection law, but there is a recognized right of privacy in civil law and a model data protection code

Portugal: Act on the Protection of Personal Data (Law 67/98 of 26 October)

Romania: Law No. 677/2001 for the Protection of Persons concerning the Processing of Personal Data and the Free Circulation of Such Data Poland: Act of the Protection of Personal Data (August 1997)

Singapore – The E-commerce Code for the Protection of Personal Information and Communications of Consumers of Internet Commerce. Other related Singapore Laws and E-commerce Laws

Slovak Republic: Act No. 428 of 3 July 2002 on Personal Data Protection

Slovenia: Personal Data Protection Act, RS No. 55/99 South Africa: Electronic Communications and Transactions Act, 2002

South Korea: The Act on Promotion of Information and Communications Network Utilization and Data Protection of 2000

Spain: ORGANIC LAW 15/1999 of 13 December on the Protection of Personal Data

Switzerland: The Federal Law on Data Protection of 1992 Sweden: Personal Data Protection Act (1998:204), October 24, 1998

Taiwan: Computer Processed Personal data Protection Law – applies only to public institutions. (English Translation)

Thailand: Official Information Act, B.E. 2540 (1997) for state agencies. (Personal data Protection bill under consideration)

United Kingdom: UK Data Protection Act 1998 Privacy and Electronic Communications (EC Directive) Regulations 2003 official text, and a consumer oriented site at the Information Commissioner’s Office Vietnam: The Law on Electronic Transactions 2008

United States Privacy Laws The following list contains a number of United States federal and state laws that have provisions for data privacy. Also see our list of International Privacy Laws.

Americans with Disabilities Act (ADA) – Primer for business Cable Communications Policy Act of 1984 (Cable Act)—-000-.html

California Senate Bill 1386 (SB 1386) – Chaptered version

Children’s Internet Protection Act of 2001 (CIPA) Children’s Online Privacy Protection Act of 1998 (COPPA) Communications Assistance for Law Enforcement Act of 1994 (CALEA) – Official CALEA website

Computer Fraud and Abuse Act of 1986 (CFAA) law summary. Full text at Cornell

Computer Security Act of 1987 – (Superseded by the Federal Information Security Management Act (FISMA)

Consumer Credit Reporting Reform Act of 1996 (CCRRA) – Modifies the Fair Credit Reporting Act (FCRA).

Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act of 2003 law overview. Text of law at Cornell library Electronic Funds Transfer Act (EFTA) Summary

Fair and Accurate Credit Transactions Act (FACTA) of 2003

Fair Credit Reporting Act (Full Text).

Federal Information Security Management Act (FISMA)

Federal Trade Commission Act (FTCA)

Driver’s Privacy Protection Act of 1994. Text of law at Cornell

Electronic Communications Privacy Act of 1986 (ECPA)

Electronic Freedom of Information Act of 1996 (E-FOIA) Discussion as it related to the Freedom of Information Act

Family Education Rights and Privacy Act of 1974 (FERPA; also know as the Buckley Amendment)

Gramm-Leach-Bliley Financial Services Modernization Act of 1999 (GLBA) Privacy Act of 1974 – including U.S. Department of Justice Overview

Privacy Protection Act of 1980 (PPA) ––aa000-.html Additional discussion at

Right to Financial Privacy Act of 1978 (RFPA)

Telecommunications Act of 1996

Telephone Consumer Protection Act of 1991 (TCPA) – Text of law at

Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 (USA PATRIOT Act) Video Privacy Protection Act of 1988 discussion and overview. Text of law at: Cornell Law Library.

Shirish Netke is EVP Business Analytics Solutions at Saama Technologies, where he focuses on building business-specific analytics solutions. Ravi Kalakota is Managing Director at Alvarez & Marsal, a restructuring, turnaournd, performance improvement, and business consulting firm.

This article was originally published at Business Analytics 3.0.

Copy link
Powered by Social Snap