Community Spring Cleaning week is here! Join your fellow Maveryx in digging through your old posts and marking comments on them as solved. Learn more here!

Engine Works

Under the hood of Alteryx: tips, tricks and how-tos.
pmaier1971
Alteryx
Alteryx

Alteryx is an awesome data analytics and productivity tool, uncovering up entirely new possibilities for users to employ data analytics. As the population of Alteryx users grows, one topic becomes increasingly important: how are we ensuring that Alteryx workflows are well controlled and governed?

 

Governance can mean many things, ranging from how to properly enable and train users to ensuring analytics is ethical and accurate to governing data or building in workflow checks and controls (we may expand on these issues in subsequent posts). Here, we want to focus specifically on building a plan for governing Alteryx workflows that would be subject to an Audit or Compliance review with the goal of getting an enthusiastic nod of approval.

 

Many of our clients have developed their own best practices for governing Alteryx workflows, often aligned or inspired by policies and standards around change management, software development, or (statistical) model usage. Below we summarize some of the best practices we have gathered from amazing practitioners and ask you to add your own.

 

We acknowledge that not all analytics need audit-proofing. To maintain the ability for rapid innovation and flexible execution while providing safeguards for workflows in production, some customers use a risk classification framework and a tiered risk approach designed to replicate core elements of typical change management policies.

 

The exact definition of what constitutes a low vs. high-risk workflow will depend on the institution, but a common guiding principle can be whether an error in a workflow could result in a material financial impact or substantial reputation risk. Also, manipulations of confidential and sensitive data (like patient records, client information, etc.) are indications of a potential risk. Assuming that we have two risk tiers (high/low), the infographic below highlights some of the questions one may ask to determine the risk rating of a workflow.

 

Lower vs Higher risk infographic (1).png

 

Once the risk classification of workflows has been established, a governance “checklist” can be put together. While details may vary across industries, sectors, and use cases, some common guiding principles we observe among our clients include:

 

  • Elements of good governance for lower-risk workflows are detailed documentation, independent reviews, and a formal sign-off/approval process. Specifically, we consider it helpful to document the calculation logic (either in the workflow or in an independent document, like a desktop procedure), an independent review process (within the team or by an outsider), tracking manager sign-offs, and a change log with evidence of review. Some of our analytic professionals leverage customer-managed telemetry to generate views of data sources and outputs; others leverage third-party applications like the WAM tool
  • For higher-risk workflows, we recommend separate development and production environments with a formal process to promote to production, a formal review process for existing workflows (depending on risk, either continuous monitoring or a routine cadence like re-validation 1x per year), having separate user ID’s for workflows (not IDs of individual developers), and control points with automated pass/fail triggers that stop execution if an error occurs.

 

Good Governance Infographic V2 (800 × 2500 px) (1).png

 

In many cases, it is useful to ask questions such as:

 

  • In the face of unexpected staff turnover, how can we ensure that the workflow can be executed?
  • How can we expedite new team members to step in and familiarize themselves with workflows and underlying logic? 
  • Do our policies and standard ensure data to be correct, updated, and fit for purpose?

 

Lastly, while governance requirements can vary, we can probably all agree that we should make it easy for users to remember and facilitate adherence to them. To ensure that every Alteryx user is aware of best practices, consider handing out a “governance summary” during the onboarding process (or enable users to print a "checklist" they can run through as they complete their workflow), much like the document attached at the bottom of this article.

 

Let's hear from you! In this post, we described just a few of the techniques we hear from analytic professionals around the globe. What do you think? Do you have other tips or tricks to ensure that every user contributes to ensuring that good governance practices are implemented and followed?

 

Please let us know in the comments!

Comments
bkclaw113
9 - Comet

Great to see all of these Best Practices collected in one place. It took a lot of trial and error to come to some of these same conclusions and this would have been a good resource when we started on our Alteryx journey.

alyssam
Alteryx
Alteryx

Thanks for posting this Philipp! I know this is a hot topic and there is a big need for more guidance around governance. This checklist is a huge help, keep it coming!

esoden
8 - Asteroid

Great article and checklist! Thanks for mentioning WAM! It can't automate the entire checklist, but it can certainly assist with 1/2 to 2/3 of the items! Here's a webinar with one of our clients talking about how they use WAM for workflow documentation: https://capitalizeconsulting.com/webinar/wam-governance-maintenance-reporting-challenges-are-solved/

 

We've done quite a few projects recently working through some of the "sign-off" type processes you mention, and we'll be releasing our "Alteryx Lifecycle Governance" offering soon. Setting up standard operating procedures and other checks and balances is key to helping IT and Audit feel comfortable with Alteryx as a business-critical application.

dheissner
Alteryx
Alteryx

Governance conversations should include "do I need to start using some SDLC best practices?".  For more complex workflows that function as applications and have many dependent components, placing all of your application related files (workflows, configuration files, other resources used by the app, etc..) under version control and creating labels for groups of application components under version control should be considered.  Then use these labels to manage and document builds and releases. This will save you time and ensure that your workflows will function as they should for the long haul. 

 

Also consider standing up a formal testing environment. You can then use the version-controlled files and labels within your promotion procedures (the procedures that move your builds through environments such as creation/dev, testing/QA and the final production environment).

AbhilashR
15 - Aurora
15 - Aurora

Thank you for brining up this topic and logically breaking it down for us! The points you raise definitely help validate (or learn from) our individual governance practices around Alteryx.

 

In addition to the points mentioned, educating the user base to leverage the Performance Profiling feature within Designer is something I have found beneficial over the long run. It gives users a guard rail to ask pertinent questions around workflow optimization, which in-turn influences their design patterns, and has a knock on effect on the overall governance.

 

Definitely a bottom-up approach but positively contributes to the cause.

MeganDibble
Alteryx Community Team
Alteryx Community Team

I wanted to let everyone who is following this article know that we updated the infographic and checklist to include three required Alteryx governance elements. Thanks @pmaier1971