Business Analyst Articles: Business Analysis & Systems Analysis

» April 2014 (3)
» March 2014 (7)
» February 2014 (6)
» January 2014 (6)
» December 2013 (7)
» November 2013 (4)
» October 2013 (5)
» September 2013 (6)
» August 2013 (8)
» July 2013 (8)
» June 2013 (7)
» May 2013 (8)
» April 2013 (8)
» March 2013 (4)
» February 2013 (6)
» January 2013 (6)
» December 2012 (5)
» November 2012 (7)
» October 2012 (6)
» September 2012 (6)
» August 2012 (5)
» July 2012 (9)
» June 2012 (5)
» May 2012 (9)
» April 2012 (7)
» March 2012 (7)
» February 2012 (5)
» January 2012 (7)
» December 2011 (6)
» November 2011 (6)
» October 2011 (8)
» September 2011 (6)
» August 2011 (8)
» July 2011 (7)
» June 2011 (7)
» May 2011 (5)
» April 2011 (8)
» March 2011 (6)
» February 2011 (5)
» January 2011 (6)
» December 2010 (5)
» November 2010 (9)
» October 2010 (5)
» September 2010 (6)
» August 2010 (8)
» July 2010 (6)
» June 2010 (6)
» May 2010 (10)
» April 2010 (5)
» March 2010 (8)
» February 2010 (7)
» January 2010 (7)
» December 2009 (7)
» November 2009 (7)
» October 2009 (6)
» September 2009 (8)
» August 2009 (10)
» July 2009 (9)
» June 2009 (5)
» May 2009 (10)
» April 2009 (5)
» March 2009 (12)
» February 2009 (8)
» January 2009 (6)
» December 2008 (9)
» November 2008 (8)
» October 2008 (9)
» September 2008 (4)
» August 2008 (6)
» July 2008 (8)
» June 2008 (17)
» May 2008 (12)
» April 2008 (7)
» March 2008 (21)
» February 2008 (16)
» January 2008 (13)
» December 2007 (9)
» November 2007 (25)
» October 2007 (2)
» September 2007 (23)
» August 2007 (12)
» July 2007 (11)
» June 2007 (7)
» May 2007 (6)
» April 2007 (9)
» March 2007 (5)
» February 2007 (3)
» January 2007 (2)
Articles and White Papers
Monday, February 18, 2013
3750 Views 0 Comments 9 members voted Article Rating

Three questions regarding breaches of business rules should be addressed by Business Analysts: enforcement level, guidance message, and breach response. The goal is context-dependent, pinpoint reaction to breaches in real-time. Addressing breaches intelligently is key to creating friendly, agile, secure business solutions, ones that can evolve rapidly in day-to-day operation.

Preview from the new 2013 4th edition of Business Rule Concepts: Getting to the Point of Knowledge by Ronald G. Ross 

Fundamental to business analysis with business rules is the assumption that breaches of business rules can be detected. If you can’t detect breaches, how can you run the business?! To say it differently, if you can’t detect breaches of a business rule, but you can still run the business, perhaps you don’t need the business rule at all(!).

Breaking the Rules:  Breach QuestionsWhat should happen when a breach of a business rule is detected? Business Analysts need to answer three basic questions in that regard:

1. How strictly should the business rule be enforced?
2. What message is appropriate?
3. What response is needed?

Simple defaults can be assumed for these three questions (see Table 1), but these answers will never be adequate for all business rules. Developing a friendly, secure business solution requires more selective answers for many business rules. It should also be possible to easily change or evolve the answers (including defaults) after deployment of the business rules, thus permitting the business capability to become incrementally smarter.

Table 1. Defaults for the Breach Questions

enforcement level strictly enforced
guidance message the business rule statement itself
breach response none


Breach Question 1. Enforcement Level

How strictly should a behavioral rule be enforced?

Example …

Business Rule: A service representative must not be assigned to good customers in more than 3 states or provinces.

Ask: How strictly should this business rule be enforced?

Enforcement Level: Override by pre-authorized actor

Table 2 lists the most common enforcement levels for behavioral rules.[2]

Table 2. Common Enforcement Levels for Behavioral Rules

Enforcement Level Description
strictly enforced Violations are disallowed in all cases – achieving some new state successfully is always prevented.
override by pre-authorized actor The behavioral rule is enforced, but an actor with proper before-the-fact authorization may override it.
override with explanation The behavioral rule may be overridden simply by providing an explanation.
guideline Suggested, but not enforced.

Be sure not to overlook the last enforcement level Table 2. A business rule that is actively evaluated, but not enforced, is (literally) a guideline. Guidelines are business rules too!

Breach Question 2. Guidance Message

What message should be returned when a breach of a business rule occurs?

When a business rule is breached, somebody, often a business actor directly engaged in a business process, needs to know about it. The breach means the work being conducted has strayed outside the boundaries of what the business deems acceptable or desirable. From a business perspective an error has been made, so some error message should go out. What should that error message say?

As a default, we like to say that the business rule statement is the error message. From a business point of view, that equivalence must always be true – what else are business rules about?! Rather than saying ‘error message’ (which sounds technical) or ‘violation message’ (which sounds harsh, especially for guidelines), we say guidance message.

Generally, guidance messages should be as friendly and as helpful as possible. For example, guidance messages can be written in a more personal, informative style. More explanation or suggestions can be appended or substituted as desired. Perhaps a link to other media (e.g., a how-to video) can be provided. Sometimes the best guidance message takes the form of some icon or signal (e.g., a warning light turning to yellow or red).

Guidance messages frequently need to be specific to the circumstances in which a breach occurs (e.g., what role or user produced it). In all cases, guidance messages should be made available only to people who are qualified and capable.

Breach Question 3. Breach Response

Does the breach response for a business rule need to be more selective, rigorous, or comprehensive than simply a message?

Example …

Business Rule: A cursory review of a received engineering design must be conducted within 5 business days from the date received.

Ask: What breach response is appropriate for this business rule?

Breach Response: The received engineering design must be brought to the attention of the manager of the department by the morning of the next business day.

Breach responses can take any of the following forms:

• business rule (as illustrated above), or set of business rules
• processes or procedures
• sanctions or penalties
• operational business decisions
• special notifications, displays or instructions

Multiple breach responses might be desirable for a business rule. They might also need to be specific to the circumstances in which a breach occurs (e.g., what particular part of a process is being performed). Usually, breach responses serve to increase user-friendliness. In cases of potential fraud or malicious business behavior, however, breach responses should be much more aggressive.

Author: Ronald G. Ross is recognized internationally as the ‘father of business rules.’ He is Co-founder and Principal of Business Rule Solutions, LLC, where he is active in consulting services, publications, the Proteus® methodology, and RuleSpeak®. Mr. Ross serves as Executive Editor of and as Chair of the Business Rules Forum Conference. He is the author of nine professional books, including his latest, Building Business Solutions: Business Analysis with Business Rules with Gladys S.W. Lam (2011,, and the authoritative Business Rule Concepts, now in its third edition (2009, Mr. Ross speaks and gives popular public seminars across the globe. His blog: . Twitter: Ronald_G_Ross

[1] This breach question applies only to behavioral rules. Since definitional rules must always be true, they are in essence strictly enforced.
[2] Table 12-1 in the 2013 4th edition of Business Rule Concepts: Getting to the Point of Knowledge discusses additional enforcement levels. It also provides tips for designing procedures with business rules.

Rate this:


Only registered users may post comments.

Do you twitter?: If you want short updates on what's going on in the BA world and at, simply follow us on Twitter:

Featured Digital Library Resources 

Big Data Analytics for Dummies
Finally, a Big Data book written for business analysts, BI professionals, and data scientists!  Big Data Analytics for Dummies is a valuable resource that addresses the practical dilemmas surrounding Big Data...

A Buyer’s Guide to Customer Analytics
Discover the five crucial criteria of a customer analytics platform in A Buyer’s Guide to Customer Analytics now.

Free Analytics software: Alteryx Project Edition
Alteryx Project Edition provides you with a single solution that delivers the data blending, analytics, and sharing capabilities of Alteryx with just enough allowed runs of your workflow to solve one business problem or to complete one project.

The Business Analyst's Guide to Hadoop
Get started with Hadoop using this whitepaper, "The Business Analyst's Guide to Hadoop".

Copyright 2006-2013 by Modern Analyst Media LLC