Monday, February 01, 2010

The Unified Performance, Risk, and Compliance Model - Part IV - Model and Optimize

This is the fourth in a four part series on the Unified Performance, Risk, and Compliance ModelPart I covered the strategize and prioritize phase, Part II covered the plan and execute phase
, and Part III covered the monitor and analyze phase.  In the model and optimize phase of the Performance Management Lifecycle, we strive to assess the drivers of performance and risk at a deep level to understand the various alternatives we can pursue with the goal of making the best decision given a certain set of constraints.  This phase is depicted graphically below:


Modeling falls into three categories.

Revenue, Cost, and Profitability Modeling. Modeling the costs, revenue, and profitability implications of performance management, risk management, and compliance management activities and their drivers can be achieved at a very detailed level using activity-based costing and associated methodologies.

Scenario Modeling. Scenario modeling can be applied to financial and operational modeling and focuses on creating different business scenarios. Simple scenario modeling can include creating a base case and then high and low cases based on changes made to input variables, such as market growth rates or inflation rates. This technique is often used in modeling market and business opportunities and creating business plans.

Simulation Modeling. More advanced modeling including Monte Carlo simulation supports creating a broad range of scenarios based on multiple iterations of input assumptions and combinations. With this technique, probabilities can be assigned to the various outcomes. These techniques allow the uncertainty associated with a given forecast to be estimated and to reduce risk by applying sensitivity analysis, correlation, and trend extrapolation. By simulating the effect of uncertainty, it becomes possible to answer questions such as, “How certain are we that a given project (or group of projects) will result in a minimum outcome of x?” Or, conversely, “What’s the minimum outcome that we can be, for example, 90% certain of achieving?” Simulation also makes it possible to identify and rank the various contributors to overall uncertainty.


The goal at this phase of the PM lifecycle is to determine the optimal way to achieve objectives by taking into account the entire context of the problem, including all relevant constraints and assessments (costs, benefits, risk, labor and time), as well as business strategies, objectives, risks, and compliance factors. Optimization can be done both through human evaluation as well as through advanced algorithmic techniques.

Wrapping Up

From a process unification perspective, risk and compliance management operating in tandem with performance management will become differentiating capabilities in the management of an organization. By effectively communicating and deploying strategy across the enterprise, proactively identifying and mitigating risks and integrating them with goals and plans, and doing so in a fashion compliant with external regulations and internal policies, the enterprise can be confident that it is maximizing performance in the context of its risks while adroitly responding to a dynamic market.

From a technology unification perspective, business intelligence can be conceptualized as the base of the pyramid upon which performance management and governance, risk, and compliance are built, since it provides the basic technology capabilities and infrastructure that serve as a foundation for the higher layers of the pyramid. Connecting governance, risk and compliance capabilities with performance management capabilities through a common business intelligence platform establishes a single, unified, cleansed repository of information and common semantics on top of that information, which is critical to enabling risk-aware performance management business processes. Without this common foundation, it is impossible to obtain any synergies that extend beyond deploying any one of these capabilities in isolation.

Excerpted from Driven to Perform: Risk-Aware Performance Management From Strategy Through Execution (Nenshad Bardoliwalla, Stephanie Buscemi, and Denise Broady, New York, NY, Evolved Technologist Press, 2009). Copyright © 2009 by Evolved Media, LLC

Monday, January 18, 2010

The Unified Performance, Risk, and Compliance Process Model - Part III - Monitor and Analyze

 In the first installment of this series, we laid out the performance management lifecycle and its four phases.  We also explored in detail the first phase of the PM lifecycle, strategize and prioritize, where we develop and set the strategy, plan risks and set KRIs, plan compliance and set controls, and put together strategic action plans and initiatives. In the second installment in this series, we laid out the next phase, planning and execution, getting into the details of planning the strategic initiatives both from a financial and operational standpoint with an eye to risk.  In this post, we'll examine the third of the four phases, monitoring and analyzing.  In the monitor and analyze phase of the risk-adjusted PM lifecycle, you monitor to understand what is happening in the business, analyze to understand why it is happening, and for those things not on track, adjust to improve the situation relative to your goals.  A visual depiction of this phase is shown below:


The presentation of information to be monitored is crucial in order to facilitate decision-making. Risk monitoring is aligned directly to KRIs across the source systems that provide transactional data for the KRI. Dashboards linked with risks should help identify and manage key risks versus overall risks that are being prioritized based on exposure through quantitative/qualitative assessment. Dashboards are effective ways of combining the events, trends, and intelligence monitoring patterns across all of the major facets of the business to be monitored, including the key business dimensions like customers, products, projects, and employees and the related KPIs, KRIs, controls, and incidents and losses.

     Monitor performance. You can evaluate the KPIs you’ve set to identify progress made toward achievement of objectives and trends.
     Monitor initiatives. You can also evaluate which initiatives are failing or behind schedule.
     Monitor risk. You can then evaluate important key risk indicators to identify:

  • What and where are our top risks?
  • What are the changes to the risk levels for key activities and opportunities?
  • Are risks being assessed in accordance with company policy or according to industry best practices?
  • Are our mitigation strategies effective in reducing the likelihood or impact of a risk?
     Monitor internal controls. Report key control deficiencies, approvals, verifications, and reconciliations to mitigate risk. For example, how clean is our access control? Have there been major organizational shifts that require that we reexamine our roles? Do we need to add another layer of sign-offs?
     Monitor any incidents and losses. What incidents or losses have occurred? If risks or losses have occurred, or external events are affecting the department, document this information, even if you haven’t been
tracking it in the system yet.

No matter how diligent you are, manual monitoring can be very inefficient. Automated monitoring can proactively identify out-of-tolerance conditions, associated with a KPI, KRI, or a control, and then alert the responsible party. This should take into account forecasting, trending, and modeling capabilities so that if a metric falls out of range of a trend or budget/plan, then the appropriate alert is raised, along with the workflow process to get the investigation under way.


     Analysis is a key step in which you not only look at where you are, but what is happening (or what has happened) and why. The techniques for analysis can range from highly manual and simple to fairly automated and complex in terms of the usage of statistical techniques.

     Analyze performance. For KPIs, perform analysis to understand why they are increasing or decreasing.
     Analyze initiatives. To evaluate initiatives, perform analysis on the initiative to understand why it is succeeding or failing.
     Analyze risk. For KRIs, perform analysis to understand why they are increasing or decreasing.
     Analyze controls. When analyzing internal controls, you perform analysis on their effectiveness. For example, you notice that a control seems to generate a lot of incidents and find that the thresholds are set too low, creating false positives. You conclude that your controls have lost their effectiveness and analyze why.
     Analyze root causes of incidents or losses. If incidents or losses occur, perform analysis on the root causes and trends.
     In all of these cases, analysis was done with human intervention. However, it is important to note that this does not necessarily have to be the case. With the volume and complexity of data in the enterprise today, it is becoming increasingly difficult for humans to mine through the data and come to intelligent conclusions. Using data mining techniques, it is possible to have software determine the likely root causes and even suggest recommended actions to remediate.


After monitoring to know what has happened and analyzing to understand why it happened, for those things not going according to plan, it is time to set the business back on course by taking what you’ve learned and
using that information to adjust the settings across the enterprise. However, you must always consider the impact of your goals, risks, and compliance concerns when making decisions to adjust your actions.

     Adjust performance. If you see KPIs trending in the wrong direction, once you have analyzed the root causes, it should be clear what actions to take to set things back on course. However, it is critical to remember that KPIs are interlinked, and you must optimize your performance goals in the context of risk objectives without violating your compliance objectives.
     Adjust initiatives. For initiatives that are not going as planned, it becomes essential to rapidly take remedial action or cancel them. For example, if an initiative is failing and you determine the root cause to be the MBOs for the key employees staffing the initiative, the simplest thing is to change the MBOs to see if this gets the initiative back on target.
     Adjust risk. For KRIs trending in the wrong direction, once you have analyzed the root causes, it should be clear what actions to take to set things back on course, often by putting the appropriate mitigating controls in place to stabilize them. The following types of actions can be performed to adjust risk: treat it (mitigation), tolerate it (accept it), transfer it (to another entity), or terminate it (closing down the activity that is exposing the plan to risk). However, it is critical to remember that KRIs are interlinked, and you must optimize your risk goals in the context of performance objectives without violating your compliance objectives.
     Adjust controls. For controls violations, adjustment takes the form of remediation and certification.
     Adjust after incidents or losses. For incidents and losses, the correct adjustments typically involve reexamining if we are tracking the right risks and have put the appropriate controls in place to mitigate them.  Keep in mind that not every risk can be adjusted or mitigated; in some cases, you must simply accept the risk based on the established controls.

In the final installment of this series, we'll take a look at the final phase of the PM Lifecycle:  model and optimize.

Excerpted from Driven to Perform: Risk-Aware Performance Management From Strategy Through Execution (Nenshad Bardoliwalla, Stephanie Buscemi, and Denise Broady, New York, NY, Evolved Technologist Press, 2009). Copyright © 2009 by Evolved Media, LLC

Monday, January 11, 2010

The Unified Performance, Risk, and Compliance Process Model - Part II - Plan and Execute

In the previous installment of this series, we laid out the performance management lifecycle and its four phases.  We also explored in detail the first phase of the PM lifecycle, strategize and prioritize, where we develop and set the strategy, plan risks and set KRIs, plan compliance and set controls, and put together strategic action plans and initiatives. The next phase, planning and execution, gets into the details of planning the strategic initiatives both from a financial and operational standpoint.  The details of this phase can be depicted as such:
Align Corporate Budget to Departmental Budget and Link Corporate and Departmental Initiatives

The budgeting process takes each of the outcomes or actions from the planning process and aligns revenues and expenses against them. Decisions regarding investment priorities and resource allocations define how the company will operate and set the bar for measuring performance.

To create risk-adjusted budgets, incorporate the range of possible revenues and costs of each action into the budget at the appropriate organizational level. A risk-adjusted budget is one that responds to changing circumstances, providing the financial capability to react to events in a planned, proactive manner. Align risk adjusted budgets with contingency plans should risk events occur, or if risks exceed the acceptable threshold to achieving budgets.

Align Departmental Budget to Departmental Operational Plans

The operational planning process links the financial budget to specific operational factors. Plan out each step of each initiative. Consider what risks you have in each area of the operational plan. For example, in a risk-adjusted operational plan, for every decision to allocate resources to one set of operational activities versus another, you determine the impact and probability of the highest priority operational risks on those individual line items and use this to set a range of expected and forecasted values instead of fixed values. If the risk materializes, you would want a contingency plan in place that showed the performance and risk implications if we moved the budget from one initiative to another.

Forecast Performance and Risks

Create rolling, risk-adjusted forecasts of the budget (revenues and costs) and operational plan (including number, capacity, and cost of resources necessary to achieve plan) so that you can see trends over a rolling time horizon for those risks whose probability, consequence, and resiliency over time. That way if you have to make adjustments, you can see where you’ve been and the direction in which things are likely to go. Predictive analytic techniques can be a particularly powerful tool for building risk-adjusted forecasts by modeling the impact previous risks had on previous forecasts.

Execute Plans

This step is essential but obvious; put the plan into action. Be prepared to execute on the type of risk associated with the plan once the threshold or tolerance is exceeded.

In the next installment, we'll look at the the monitor and analyze phase, which is most traditionally associated with reporting and dashboarding capabilities in the business intelligence arena.

Excerpted from Driven to Perform: Risk-Aware Performance Management From Strategy Through Execution (Nenshad Bardoliwalla, Stephanie Buscemi, and Denise Broady, New York, NY, Evolved Technologist Press, 2009). Copyright © 2009 by Evolved Media, LLC

Tuesday, January 05, 2010

The Unified Performance, Risk, and Compliance Process Model - Part I - Strategize and Prioritize

The classic performance management lifecycle that most theorists and practitioners use to describe the continuous cycle of performance improvement consists of four phases: strategize & prioritize, plan & execute, monitor & analyze, and model & optimize. This lifecycle represents the natural stages that most companies go through over and over again as they improve their performance management practice. Part of the science of performance management is determining which of the areas is in most need of attention.  This is a visual depiction of the performance management lifecycle:

As I wrote in this post, one of the aspects of Driven to Perform that I'm most proud of is how we unified performance, risk, and compliance into a coherent strategic management process framework.  What led us to do this?  There are numerous reasons, but let's consider the following for starters.  In the process of setting business strategy, the development of strategic and operational plans should include the identification and assessment of risks to short- and long-term objectives and plans. Interfacing strategy with risk management to assess the vulnerability and impact of risks inherent in alternative strategies is integral to scenario analysis. Additionally, prioritizing inherent risks may demand risk mitigation tactics that will need to be factored into the annual plan and budgeted for during the planning process. 

While the model above is simple and serves as a useful starting point, the realities of the processes underneath, especially when risk and compliance concerns are addressed, become more complex, as depicted in this diagram that summarize the entire unified model:

In this post, let's double-click on the strategize & prioritize phase, depicted in detail below:

We'll provide prescriptive guidance in how to put all the pieces together in our model so you can try it yourself in your own organizational context.

Understand the Corporate and Departmental Contexts

     Review the corporate strategic goals, strategic plans, initiatives, and metrics. Contextualize them to the implications they have for the departments and use this context to drive the PM lifecycle.

Develop and Set the Strategy

     First, review the environment. To get a holistic picture of risk, understand where you currently stand and assess the internal environment and properly define and prioritize the most important risks with the greatest impact and likelihood of occurrence (risk type, impact, probability, timeframe, and mitigation strategy/costs). Be sure to assess external as well as internal risks. External risks include capital availability, competitors, shifting customer needs, economic downturns, legal or regulatory actions, shareholder relationships, disruptive technologies, and political unrest. Internal risks relate to process, management information, human capital, integrity, and technology, as well as financial concerns.
     Next, get a holistic picture of the full set of compliance initiatives you will intersect with, such as SOX, OSHA, data privacy laws, and global trade regulations.
     The next step is to set the mission, values, and vision:
  • Define mission (the fundamental purpose of the entity, especially what it provides to customers and clients). Example:  "Make every information asset in the company add value to every business process"
  • Define core values (the attitude, behavior, and character of the organization). Example:  "Show willingness to do whatever it takes to help customers succeed"
  • Define the vision. A vision is a concise statement that defines the 3- to 5-year goals of the organization. Example:  "By 2012, be consistently ranked in the top 10% of customer satisfaction as a value-added partner for every business unit in the company."
     Next, set the goals. Define a strategy and set business objectives using risks as a key variable for deciding which strategies to pursue. With all that contextual information in hand, set a strategy to follow. Consider using a strategy map to display the cause and effect relationships among the objectives that make up a strategy. A good strategy map tells the story of how value is created for the business.

Assign KPIs to Goals and Set the Right Targets

     Define KPIs and targets that translate strategy into performance expectations. Identify value drivers (those elements that contribute to the value in your organization). Value drivers and related performance tolerances (KPIs) have risks associated with their achievement. Identify these risks and establish tolerance levels (KRIs). This connectivity between a value driver and a relevant KPI and KRI is an important bridge from a strategic view of risk—which can have a time horizon of three or more years—to a more focused budgetary view of risk, which is often applied to a single year.

Perform Additional Risk Analysis and Set KRIs

     Now look again at risks to see what could keep you from meeting your goals. For each risk, decide what your risk appetite is. Can you afford to take that risk? What’s the worst-case scenario? What is the contingency plan?
     Set a response strategy for the risk (treat, tolerate, transfer, or terminate).  Decide whether you can afford the worst-case scenario presented by that risk from a performance management perspective. Could it bring down some critical value-generating mechanism for the company?
     Define KRIs and risk thresholds and tolerances for those risks. Key risk indicators, like KPIs, are the early warning signals that define the threshold at which a risk could occur.

Perform Additional Compliance Analysis

     Define your compliance requirements. Define policies, procedures, and controls that must be in place to ensure that you can meet the compliance requirements. Make sure that this applies not only at the main business process level but also to all subprocesses including and perhaps especially those related to partners. Define control targets that translate compliance expectations into performance.

Work on the Strategic Action Plan and Initiatives

     The strategic initiatives help define the exact methodology (the roadmap) for achieving the various goals. The results of this planning may require revisiting the strategy.
     First, develop the roadmap (sequence of actions) for achieving performance, risk, and compliance expectations.
     Next, define critical success and failure factors for all initiatives. Every project or investment must, in addition to defining the critical factors for its success, also define its critical “failure factors,” that is, those circumstances under which the project or investment is no longer likely to be successful. These failure factors can then be translated into metrics that serve as an early warning mechanism, allowing the organization to restructure or cancel a project before good resources and money are thrown after bad.
     Finally, develop different risk-adjusted scenarios with contingency plans should risks to achieving plans materialize.

Cascade Accountability

     Cascade accountability of KPIs, KRIs, and controls throughout the organization and ultimately into individual MBOs for alignment.  Each KPI, KRI, and control and its target should be owned by some department or group. The MBOs of the staff must reflect the KPIs, KRIs, and controls you set. This sounds obvious, but frequently performance is measured at an individual level in a way that does not in fact relate directly to corporate goals and strategies.

In the next post, we'll look at how the unified process model plays out in the second phase of the performance management lifecycle: planning and execution.

Excerpted from Driven to Perform: Risk-Aware Performance Management From Strategy Through Execution (Nenshad Bardoliwalla, Stephanie Buscemi, and Denise Broady, New York, NY, Evolved Technologist Press, 2009). Copyright © 2009 by Evolved Media, LLC

Tuesday, December 01, 2009

The Top 10 Trends for 2010 in Analytics, Business Intelligence, and Performance Management

In the wake of the long-running massive industry consolidation in the Enterprise Software industry that reached its zenith with the acquisitions of Business Intelligence market leaders Hyperion, Cognos, and Business Objects in 2007, one could certainly have been forgiven for being less than optimistic about the prospects of innovation in the Analytics, Business Intelligence, and Performance Management markets.  This is especially true given the dozens of innovative companies that each of these large best of breed vendors themselves had acquired before being acquired in turn.  While the pace of innovation has slowed to a crawl as the large vendors are midway through digesting the former best of breed market leaders, thankfully for the health of the industry, nothing could be further from the truth in the market overall.  This market has in fact shown itself to be very vibrant, with a resurgence of innovative offerings springing up in the wake of the fall of the largest best of breed vendors.

So what are the trends and where do I see the industry evolving to?  Few of these are mutually exclusive, but in order to provide some categorization to the discussion, they have been broken down as follows:

1.  We will witness the emergence of packaged strategy-driven execution applications. As we discussed in Driven to Perform: Risk-Aware Performance Management From Strategy Through Execution (Nenshad Bardoliwalla, Stephanie Buscemi, and Denise Broady, New York, NY, Evolved Technologist Press, 2009), the end state for next-generation business applications is not merely to align the transactional execution processes contained in applications like ERP, CRM, and SCM with the strategic analytics of performance and risk management of the organization, but for those strategic analytics to literally drive execution.  We called this “Strategy-Driven Execution”, the complete fusion of goals, initiatives, plans, forecasts, risks, controls, performance monitoring, and optimization with transactional processes.  Visionary applications such as those provided by Workday and with embedded real-time contextual reporting available directly in the application (not as a bolt-on), and Oracle’s entire Fusion suite layering Essbase and OBIEE capabilities tightly into the applications' logic, clearly portend the increasing fusion of analytic and transactional capability in the context of business processes and this will only increase.

2.  The holy grail of the predictive, real-time enterprise will start to deliver on its promises.  While classic analytic tools and applications have always done a good job of helping users understand what has happened and then analyze the root causes behind this performance, the value of this information is often stale before it reaches its intended audience.  The holy grail of analytic technologies has always been the promise of being able to predict future outcomes by sensing and responding, with minimal latency between event and decision point.  This has become manifested in the resurgence of interest in event-driven architectures that leverage a technology known as Complex Event Processing and predictive analytics.  The predictive capabilities appear to be on their way to break out market acceptance IBM’s significant investment in setting up their Business Analytics and Optimization practice with 4000 dedicated consultants, combined with the massive product portfolio of the Cognos and recently acquired SPSS assets.  Similarly, Complex Event Processing capabilities, a staple of extremely data-intensive, algorithmically-sophisticated industries such as financial services, have also become interesting to a number of other industries that can not deal with the amount of real-time data being generated and need to be able to capture value and decide instantaneously.  Combining these capabilities will lead to new classes of applications for business management that were unimaginable a decade ago.

3.  The industry will put reporting and slice-and-dice capabilities in their appropriate places and return to its decision-centric roots with a healthy dose of Web 2.0 style collaboration.  It was clear to the pioneers of this industry, beginning as early as H.P. Luhn's brilliant visionary piece A Business Intelligence System from 1958, that the goal of these technologies was to support business decision-making activities, and we can trace the roots of modern analytics, business intelligence, and performance management to the decision-support notion of decades earlier.  But somewhere along the way, business intelligence became synonymous with reporting and slicing-and-dicing, which is a metaphor that suits analysts, but not the average end-user.  This has contributed to the paltry BI adoption rates of approximately 25% bandied about in the industry, despite the fact that investment in BI and its priority for companies has never been higher over the last five years.  Making report production cheaper to the point of nearly being free, something SaaS BI is poised to do (see above), is still unlikely to improve this situation much.  Instead, we will see a resurgence in collaborative decision-centric business intelligence offerings that make decisions the central focus of the offerings.  From an operational perspective, this is certainly in evidence with the proliferation of rules-based approaches that can automate thousands of operational decisions with little human intervention.  However, for more tactical and strategic decisions, mash-ups will allow users to assemble all of the relevant data for making a decision, social capabilities will allow users to discuss this relevant data to generate “crowdsourced” wisdom, and explicit decisions, along with automated inferences, will be captured and correlated against outcomes.  This will allow decision-centric business intelligence to make recommendations within process contexts for what the appropriate next action should be, along with confidence intervals for the expected outcome, as well as being able to tell the user what the risks of her decisions are and how it will impact both the company’s and her own personal performance.

4.  Performance, risk, and compliance management will continue to become unified in a process-based framework and make the leap out of the CFO’s office.  The disciplines of performance, risk, and compliance management have been considered separate for a long time, but the walls are breaking down, as we documented thoroughly in Driven to Perform.  Performance management begins with the goals that the organization is trying to achieve, and as risk management has evolved from its siloed roots into Enterprise Risk Management, it has become clear that risks must be identified and assessed in light of this same goal context.  Similarly, in the wake of Sarbanes-Oxley, as compliance has become an extremely thorny and expensive issue for companies of all sizes, modern approaches suggest that compliance is ineffective when cast as a process of signing off on thousand of individual item checklists, but rather should be based on an organization’s risksAll three of these disciplines need to become unified in a process-based framework that allows for effective organizational governance.  And while financial performance, risk, and compliance management are clearly the areas of most significant investment for most companies, it is clear that these concerns are now finally becoming enterprise-level plays that are escaping the confines of the Office of the CFO.  We will continue to witness significant investment in sales and marketing performance management, as vendors like Right90 continuing to gain traction in improving the sales forecasting process and vendors like Varicent receive hefty $35 million venture rounds this year, no doubt thanks to experiencing over 100% year over year growth in the burgeoning Sales Performance Management category.  My former Siebel colleague, Bruce Cleveland, now a partner at Interwestmakes the case for this market expansion of performance management into the front-office rather convincingly and has invested correspondingly.
5.  SaaS / Cloud BI Tools will steal significant revenue from on-premise vendors but also fight for limited oxygen amongst themselves.  From many accounts, this was the year that SaaS-based offerings hit the mainstream due to their numerous advantages over on-premise offerings, and this certainly was in evidence with the significant uptick in investment and market visibility of SaaS BI vendors.  Although much was made of the folding of LucidEra, one of the original pioneers in the space, and while other vendors like BlinkLogic folded as well, vendors like Birst, PivotLink, Good Data, Indicee and others continue to announce wins at a fair clip along with innovations at a fraction of the cost of their on-premise brethren.  From a functionality perspective, these tools offer great usability, some collaboration features, strong visualization capabilities, and an ease-of-use not seen with their on-premise equivalents whereby users are able to manage the system in a self-sufficient fashion devoid of the need for significant IT involvement.  I have long argued that basic reporting and analysis is now a commodity, so there is little reason for any customer to invest in on-premise capabilities at the price/performance ratio that the SaaS vendors are offering (see BI SaaS Vendors Are Not Created Equal ) .  We should thus expect to see continued dimunition of the on-premise vendors BI revenue streams as the SaaS BI value proposition goes mainstream, although it wouldn’t be surprising to see acquisitions by the large vendors to stem the tide.  However, with so many small players in the market offering largely similar capabilities, the SaaS BI tools vendors may wind up starving themselves for oxygen as they put price pressure on each other to gain new customers.  Only vendors whose offerings were designed from the beginning for cloud-scale architecture and thus whose marginal cost per additional user approaches zero will succeed in such a commodity pricing environment, although alternatively these vendors can pursue going upstream and try to compete in the enterprise, where the risks and rewards of competition are much higher.   On the other hand, packaged SaaS BI Applications such as those offered by Host Analytics, Adaptive Planning, and new entrant Anaplan, while showing promising growth, have yet to mature to mainstream adoption, but are poised to do so in the coming years.  As with all SaaS applications, addressing key integration and security concerns will remain crucial to driving adoption.

6.  The undeniable arrival of the era of big data will lead to further proliferation in data management alternatives.  While analytic-centric OLAP databases have been around for decades such as Oracle Express, Hyperion Essbase, and Microsoft Analysis Services, they have never held the same dominant market share from an applications consumption perspective that the RDBMS vendors have enjoyed over the last few decades. No matter what the application type, the RDBMS seemed to be the answer.  However, we have witnessed an explosion of exciting data management offerings in the last few years that have reinvigorated the information management sector of the industry.  The largest web players such as Google (BigTable),Yahoo (Hadoop), Amazon (Dynamo), Facebook (Cassandra) have built their own solutions to handle their own incredible data volumes, with the open source Hadoop ecosystem and commercial offerings like CloudEra leading the charge in broad awareness.  Additionally, a whole new industry of DBMSs dedicated to Analytic workloads have sprung up, with flagship vendors like NetezzaGreenplumVerticaAster Data, and the like with significant innovations in in-memory processing, exploiting parallelism, columnar storage options, and more.  We already starting to see hybrid approaches between the Hadoop players and the ADBMS players, and even the largest vendors like Oracle with their Exadata offering are excited enough to make significant investments in this space.  Additionally, significant opportunities to push application processing into the databases themselves are manifesting themselves.  There has never been the plethora of choices available as new entrants to the market seem to crop up weekly.  Visionary applications of this technology in areas like metereological forecasting and genomic sequencing with massive data volumes will become possible at hitherto unimaginable price points.

7.   Advanced Visualization will continue to increase in depth and relevance to broader audiences.  Visionary vendors like TableauQlikTech, and Spotfire (now Tibco) made their mark by providing significantly differentiated visualization capabilities compared with the trite bar and pie charts of most BI players' reporting tools.  The latest advances in state-of-the-art UI technologies such as Microsoft’s SilverLight, Adobe Flex, and AJAX via frameworks like Google’s Web Toolkit augur the era of a revolution in state-of-the art visualization capabilities.  With consumers broadly aware of the power of capabilities like Google Maps or the tactile manipulations possible on the iPhonethese capabilities will find their way into enterprise offerings at a rapid speed lest the gap between the consumer and enterprise realms become too large and lead to large scale adoption revolts as a younger generation begins to enter the workforce having never known the green screens of yore.  

8.  Open Source offerings will continue to make in-roads against on-premise offeringsMuch as Saas BI offerings are doing, Open Source offerings in the larger BI market are disrupting the incumbent, closed-source, on-premise vendors.  Vendors like Pentaho and JasperSoft are really starting to hit their stride with growth percentages well above the industry average, offering complete end-to-end BI stacks at a fraction of the cost of their competitors and thus seeing good bottom-up adoption rates.  This is no doubt a function of the brutal economic times companies find themselves experiencing.  Individual parts of the stacks can also be assembled into compelling offerings and receive valuable innovations from both corporate entities as well as dedicated committers:  JFreeChart for charting, Actuate's BIRT for reporting, Mondrian and Jedox's Palo for OLAP Servers, DynamoBI's LucidDB for ADBMS, Revolution Computing's R for statistical manipulation, Cloudera's enterprise Hadoop for massive data, EsperTech for CEP, Talend for Data Integration / Data Quality / MDM, and the list goes on. These offerings have absolutely reached a level of maturity where they are capable of being deployed in the enterprise right alongside any other commercial closed-source vendor offering.

9.  Data Quality, Data Integration, and Data Virtualization will merge with Master Data Management to form a unified Information Management Platform for structured and unstructured data.  Data quality has been the bain of information systems for as long as they have existed, causing many an IT analyst to obsess over it, and data quality issues contribute to significant losses in system adoption, productivity, and time spent addressing them.  Increasingly, data quality and data integration will be interlocked hand-in-hand to ensure the right, cleansed data is moved to downstream sources by attacking the problem at its root.  Vendors including SAP BusinessObjects, SAS, Informatica, and Talend are all providing these capabilities to some degree today.  Of course, with the amount of relevant data sources exploding in the enterprise and no way to integrate all the data sources into a single physical location while maintaining agility, vendors like Composite Software are providing data virtualization capabilities, whereby canonical information models can be overlayed on top information assets regardless of where they are located, capable of addressing the federation of batch, real-time and event data sources.  These disparate data soures will need to be harmonized by strong Master Data Management capabilities, whereby the definitions of key entities in the enterprise like customers, suppliers, products, etc. can be used to provide semantic unification over these distributed data sources.  Finally, structured, semi-structured, and unstructured information will all be able to be extracted, transformed, loaded, and queried from this ubiquitious information management platform by leveraging the capabilities of text analytics capabilities that continue to grow in importance and combining them with data virtualization capabilities.

10. Excel will continue to provide the dominant paradigm for end-user BI consumption.  For Excel specifically, the number one analytic tool by far with a home on hundreds of millions of personal desktops, Microsoft has invested significantly in ensuring its continued viability as we move past its second decade of existence, and its adoption shows absolutely no sign of abating any time soon.  With Excel 2010's arrival, this includes significantly enhanced charting capabilities, a server-based mode first released in 2007 called Excel Services, being a first-class citizen in SharePoint, and the biggest disruptor, the launch of PowerPivot, an extremely fast, scalable, in-memory analytic engine that can allow Excel analysis on millions of rows of data at sub-second speeds. While many vendors have tried in vain to displace Excel from the desktops of the business user for more than two decades, none will be any closer to succeeding any time soon.  Microsoft will continue to make sure of that.

And so ends my list of prognostications for Analytics, Business Intelligence, and Performance Management in 2010! What are yours? I welcome your feedback on this list and look forward to hearing your own views on the topic.