The implementation of packaged enterprise software changes the dynamics of the relationship between the business and IT, creating new opportunities, risks and challenges. The business gains the control and flexibility to tune business processes more quickly and easily, as well as the power to integrate those processes end to end across the enterprise. But these advantages also shift responsibility for validation from IT to the business, introducing new risks and organizational challenges.
The integration and configurability that make enterprise applications powerful and flexible increases the risk of unintended impact when changes are made. This risk is compounded by the velocity of change; more, faster changes raise the probability of errors. The challenge is that the business rarely maintains a testing organization; validation is typically performed manually on a spot basis with business process experts recruited from the functional silos directly affected by the changes. This results in a project-centric focus that lacks the continuity and the broad coverage necessary to expose unexpected impact that may compromise critical operations.
What is missing is an enterprise level function that links departmental processes to an end to end view that assures that any changes anywhere in the landscape do not adversely affect operations. This article undertakes to identify the challenges of establishing such a function and proposes a practical solution for supplying this missing link.
Despite available tools for modeling and/or documenting business processes, the fact remains that once they reach production most processes go native. That is, they are quickly and constantly adapted to the ongoing needs of the business and changes to the system. The original models or documents are rarely updated, with the result that knowledge ultimately resides with individuals. These individuals, in turn, gain their expertise through experience in the context of their daily tasks, which are necessarily focused on the responsibilities of the area or department in which they work.
This reality expresses itself in the approach to validating changes. Usually business process experts are recruited from the directly affected areas for modifications or new capabilities. In this context they manually execute and verify the business processes with which they are familiar. Broader changes, such as service packs or upgrades, might involve experts from across the enterprise, but the coordination among their efforts is loose at best and absent at worst.
Compounding this lack of cohesion is the scale of the effort that is required to make such validation effective. The impact of business rules and user decisions can create multiple variations of any given process. For example, sales orders can be created through multiple channels and interfaces for various goods and/or services, and each combination may have specific rules that govern pricing, shipping, credit and other factors. These variations, in turn, have multiple downstream effects on fulfillment, delivery and invoicing. In one medium-sized manufacturing firm, over 75 variations of order to cash had to be validated spanning five different users and departments, requiring five says to accomplish.
Not only does the diversion of precious expert resources from operations to validation take a heavy toll on the business, but the accelerated cycles that are promised and expected in a competitive environment rarely permit the schedule delay that comprehensive coverage would require. As a result, the business trades higher risk for lower costs and faster delivery. The irony of this trade-off is that it can result in higher costs and slower delivery if errors or failures occur in key business processes. At the least resources may be distracted to respond to unplanned outages, causing loss of productivity and delays in planned activities, and at the most revenue and customer relationships may be compromised.
In addition to the operational risks and costs associated with enterprise process assurance, the current regulatory climate imposes an additional dimension of requirements and risks. The need to audit the internal controls that govern business processes and enable regulatory compliance superimposes a layer of formality and potential liability that reaches the boardroom and beyond. Yet the detailed audit trail that is necessary adds tedium and time to an already overburdened approach.
Test automation has historically been touted as the solution to these challenges, yet it remains an unfulfilled promise with less than 5% of enterprises reporting successful automation, and even in those cases coverage is less than 15-20%. This is largely because traditional test tools were designed for technical developers of custom applications, and as such depend on the programming and maintenance of custom script code. These tools simply cannot survive the shift to packaged enterprise applications: the scale and complexity of the functionality is too great, the rate of change is too fast and the required skills and resources are simply not available.
While these challenges are real and increasing every day, the good news is that they are not intractable.
Providing effective, efficient and affordable enterprise process assurance is achievable by following the same thought process and adopting the same technology model that led to the implementation of packaged enterprise applications in the first place. This means that the business must take ownership of end to end business process validation at an enterprise level, treat its business processes as the assets that they truly are, and reject custom automation code in favor of a solution that relies on the configuration of data instead. The most compelling – and surprising – benefit of following this approach is that it adds less time and cost than it saves. The solution can be realized in four simple steps:
Organize and Enable
The business must establish an enterprise process assurance function that is supported by an automation capability and process. This function requires minimal but dedicated staffing whose role is to coordinate the capture, configuration, execution and maintenance of end to end business processes. The team is responsible for validating critical end to end processes against any and all proposed changes to assure they will not compromise operations, and for analyzing changes to determine when the process inventory requires modification, enhancement or expansion. In a nutshell, the enterprise process assurance team assures operational stability, process availability and accuracy across a constantly changing technology landscape.
This team must be enabled by an advanced automation capability that mirrors the enterprise software model in that it is based on a data model that does not require any code to be generated, written or maintained. This type of approach is exemplified by the class/action framework. Furthermore, it must be supported by a change detection process that can quickly identify differences between the existing system and any proposed changes and determine the impact on the business processes. This is the only approach that can withstand the high rate of change in the enterprise environment without requiring excessive resources, skills and time.
Capture and Configure
The enterprise process assurance team recruits business process experts from each department to contribute their knowledge to a central repository that links every step of every process to a data model of the application. These processes are captured in a standard, structured data format that can be automatically executed, documented and maintained. The link between the processes and the application data model enables automated change detection, impact analysis and update of business processes.
Based on the captured business processes and related business rules as defined by the individual process owners, the enterprise process assurance team configures the variations necessary to exercise each business rule outcome and then assembles end to end mega processes and supporting data values that enable validation across the enterprise. For example, order to cash, procure to pay, forecast to stock, or hire to retire, and all variations of each. The team can further construct a matrix of processes against security roles to assure that only authorized users are able to perform them as defined by internal controls.
Analyze and Update
For every proposed change, regardless of scope, the enterprise process assurance team analyzes the nature of the change(s) and assesses the impact on the business process inventory. If the changes include configuration changes to the software, the business process owners for the associated functional area may be consulted to identify revisions to existing processes or rules or requirements for new processes or variations. If the changes affect master data, the validation data values may be modified or expanded. The goal is to keep the enterprise business process inventory and supporting data elements synchronized with all changes.
Validate and Document
Once the changes are moved into a staging instance, the enterprise process assurance team automatically executes the end to end mega processes and validates that each and every process and rule results in the correct expected result. This execution creates an audit trail that documents every step of every process with actual and expected results, providing objective evidence of compliance. Screens can be captured to further document results.
The audit trail created by the validation effort can be repurposed as detailed documentation of business processes for user training and reference. This documentation is always current and always accurate, as it is validated every time changes are introduced. New users or those who must substitute for others who are temporarily unavailable will have access to complete, step-by-step business process procedures that guide them through any desired task.
Packaged enterprise software yields compelling benefits by enabling the business to be quickly responsive to competitive pressure and operational imperatives. These benefits introduce risks, however, that must be managed by an enterprise process assurance approach that can assure the ease and rapidity of changes does not compromise critical operations. This approach can only be effective if the business takes responsibility for validation using a solution that employs the same advantages that make enterprise software effective.
About the Author
Linda Hayes Linda Hayes is the founder of WorkSoft, Inc., developer of next-generation test automation solutions. She is the founder of three software companies including AutoTester, the first PC-based test automation tool. Linda holds degrees in accounting, tax and law and is a frequent industry speaker and award-winning author on software quality. She has been named as one of Fortune Magazine’s People to Watch and one of the Top 40 Under 40 by Dallas Business Journal. She is a regular columnist and contributor to StickyMinds, Automated Testing Institute and Better Software magazines, as well as a past columnist for Computerworld and Datamation, author of the Automated Testing Handbook and co-editor Dare to be Excellent with Alka Jarvis on best practices in the software industry. Her article “Quality is Everyone’s Business” won a Most Significant Contribution award from the Quality Assurance Institute and was published as part of the Auerbach Systems Development Handbook. You can contact Linda at firstname.lastname@example.org.