When I blogged about Jim Sinur’s session “Business rules are king” at the Gartner BPM Summit I provoked a very thoughtful response from Tom Graves – On business rules. While Tom strongly agreed with the basic implication that organizations need discipline around business rules he identified three concerns, all of which seem to me to deserve a response.
- placing all the business-rules into an automated system will lead to a ‘fit and forget’ attitude unless there is a very strong emphasis on rule-maintenance – one of many ‘human factors’ that were forgotten about in BPR’s rush to ‘IT-ise’ all business processes
- identification and codification of business-rules assumes that the rules that can be derived from the people who run the existing processes are sufficient, invariant, accurate and complete – which, as early-generation knowledge-management also discovered, they rarely are…
- the viability of using automation for decision-making is dependent on the context – a fact of which frighteningly few IT-system designers seem to be aware
Let’s take these in the order Tom wrote them.
His first point is both true and absolutely crucial for successful adoption of decision management as an approach and of business rules as a technology. Indeed one of, if not the, key reason for adopting decision management and a business rules management system to manage the rules behind the decisions being managed is to ensure that the rules are not “fit and forget”. Unlike the alternative (coding something), the use of a business rules management system ensures that business experts can participate in maintaining the business rules in the system, that the business rules are clear and explicit not buried in code and that changes can be made, validated, verified and deployed quickly and easily. The value of adopting business rules technology and a decision management approach is much greater during maintenance and evolution than it is during development. I am a strong believer in business rules largely for this reason.
His second point is a little bit less on the money. Firstly, as noted above, the very ease with which rules can be found, changed and re-deployed when we find out we were wrong about the rules (or when the regulations change or whatever) is critical. Business rules people don’t assume that rules derived from experts are sufficient, invariant, accurate or complete. In fact we regularly supplement the rules they tell us with rules derived directly from the regulations they are supposed to be following and rules derived analytically from the data about what we did in the past and what worked or did not work. It is also off the mark because many business rules-based decision making systems do not attempt to handle 100% of the cases but 80% or 90% – the ones where we can determine the rules – and leave the others for a person to work. And again, remember the alternative. If the decision for which we are attempting to capture the rules is high volume, must be made in less than a second or delivered through an automated channel (as many decisions must be) then we must either capture these rules or write code. And, frankly, everything Tom says about rules is much worse when applied to code that the business experts can’t read!
Back to his third point and he is right again. In fact I am very explicit when identifying the kinds of rules that you should use the approach on – high volume, low individual value, operational execution decisions. In fact I think there is a sliding scale between decision support and decision management along which any given decision can be put to see how much automation is sensible (this is a concept Neil and I introduced in Smart (Enough) Systems)
As I continued in Tom’s post it seemed like a lot of his concerns came down to wondering about “using IT for all decision-making”. He even accuses me, indirectly, desiring the automation of all decisions (something that is absolutely not true, as anyone who has read the book or this blog would know). I would respond to Tom, and anyone else worried about this, to go look at your business and see who makes the decisions now. High volume, low latency decisions are made by systems – by IT. They are made poorly. They are made the same for everyone (when they should be customer-centric). They are made following out of date regulations and policies (because it takes too long to change the system and anyway the business people don’t understand the system enough to tell IT what’s wrong). They are out of the business’ control, can’t be explained or updated and are generally not managed. Adopting business rules technology and managing decisions can improve this. Recommending this does not mean I think that “everything can be reduced to simple binary rules” or that you don’t need “real people” who “can handle decision-making in .. those contexts [where] there are no rules”. It just means that you should manage the operational decisions at the heart of your day to day business.