Persona Pyramids
At a recent event, we were asked about the persona pyramid. In this post Enrique Brands explains how the persona pyramid is a concept that can be used to determine how your requirements, development stories and output of those can impact user personas both above and below you.
By utilising this pyramid, we can determine which personas either need to be involved in the story development, be consulted or those that are consequently impacted.
When it comes to IRM, we typically have the following key personas:
1. SLT (Senior Leadership Team)
2. Head of Development
3. Process Managers (Compliance, Risk, Audit Managers)
4. Process Analysts (Compliance, Risk, Audit Analyst)
5. Employees (Control/Risk Owners, Issue Owners etc)
An requirement
An example requirement we tend to encounter within an IRM implementation would be
“I would like to have a MI dashboard that will show how many controls are compliant against non-compliant, how many attestations are outstanding and how many active issues we have against broken controls.”
In this case, we can use the persona pyramid to examine how many personas are impacted by this requirement.
“I would like to have a MI dashboard that will show how many controls are compliant against non-compliant, how many attestations are outstanding and how many active issues we have against broken controls.”
In this case, we can use the persona pyramid to examine how many personas are impacted by this requirement.
SLT
They will need visibility of reports, widgets and indicators on a dashboard of our control compliance for our reporting against “xyz” regulatory body.Head of Department
The Head of Department will need to work with the ELT on KPI’s, KRI’s and other metrics that will satisfy the reporting requirements listed by the SLT.Process Manager
The process manager will need to understand how we can capture the data and if necessary, get their process tailored on the platform to cater for the reporting requirement.Process Analyst
The process analyst will need to work on ensuring the controls/attestations/issues are worked on and progressing against the KPS’s, KRI’s and other metrics.Employees
The employee is ultimately responsible for the input of data for control attestations which in turn drive control compliant status and ultimately is issues need to be generated.
By using a Persona Pyramid, we can see that this requirement has implications for all personas and would need to be given more time for development and analysis which makes it a perfect tool when it comes to implementations.
