Wednesday, April 08, 2009

Some Process Re-engineering Principles for Identity Management Projects (part 1)

I'm in the early stages of working with a colleague on a whitepaper on guidelines for business process re-engineering for provisioning projects, and thought I'd share some of our thoughts to see if I could get some feedback. (If we use anyone's feedback, we'll make sure we reference you.)

1. The first point is to put some parameters around the re-engineering effort. The most common mistake that IDM focused re-engineering efforts make is to overdo it. Once a current state process diagram is put together (preferably in BPMN) - many consultants find way too much to optimize, usually because of complaints from the customer. It's important to keep your scope in mind, otherwise the project can quickly turn into a much larger endeavor than you (and the client) had previously anticipated. It's important to focus primary re-engineering efforts on areas that can positively impact identity data. It may be tempting to re-engineer an inefficient interviewing sub-process of the onboarding process, but will most likely not impact your identity data either way. Furthermore, provioning platforms were not created to solve that problem (more on this later). On the other hand, re-engineering a self-registration process to prevent duplicate accounts will have a significant impact on your identity data. The lesson: pick your process re-engineering battles wisely.


(to be continued...)


Deborah Volk said...

You mean it's a good idea to manage scope and avoid boiling the ocean? Yes, I agree :) We tried to go the BPMN route and as much we like it because of its formalism, we found that most people in the IDM project prefer 'simple' Visio diagrams.

Ashraf Motiwala said...

I think the point is *how* to manage scope effectively. Someone who looks at a current state diagram of process flow will find a lot of places to optimize. I think there is a misconception that optimization=automation, which shouldn't be the primary goal of optimization in an identity project. The primary objective in my opinion is data integrity, while automation is a nice side-effect.