A couple articles ago, I talked about a business deficit. It’s only fair we consider one on the other side of the line.
Let’s look at a common mistake on IT’s part. How many organizations have a requirement for “centralized” data, yet have full knowledge that users – the business community – are storing data on local (c:, etc.) computer drives or on desktops? Even the most sophisticated organizations, and the most tightly controlled environments, have this condition. This goes on even in organizations where it violates a document retention and content management policy – policies that are often imposed or required by outside regulatory agencies, or other bodies (that is, boards, classes of customers/clients, and so on). Yet, if business members and leaders insist that it’s a necessary “work-around,” IT goes along. This can be a major mistake on IT’s part. Let’s leave the document retention/content management considerations aside for the moment, and look at the situation from a simple backup and recovery standpoint.
IT’s position in any organization should be that all data is secure: accessible according to authorization; safely and securely maintained in the technical environment; recoverable in the case of loss in the production environment through any reason. Too often, users are responsible for backing up their own local drives. This is wrong. If there is genuine business data that is not coming under the umbrella of IT’s backup domain, then that is a wrong situation and you cannot profess to have complete security. You are at risk. You can hash out in the BIT forum as to how to expose peripheral data, and how to manage it, secure it and back it up – at a minimum you must document exceptions to policy and put them on record. Many important caches and swaths of data have been lost by organizations because the central, qualified, authority for the safekeeping of data (IT) was unaware of it. So, there was no central authority guaranteeing its safekeeping under these circumstances.
Let’s look at one more area where IT is frequently remiss. Increasingly, organizations are responsible for anything and everything that happens within. We see where large judgments have been made in favor of employee plaintiffs who had complaints regarding offense and damages over electronic content containing porn, offensive jokes, illegal advocacy, and other inappropriate content. This is content that has long been defined as this kind of liability by courts. Remember too that just because some content may be “legal” in the broader sense, it can still violate your organization’s best interest. Should your organization’s data be subpoenaed, you wouldn’t want negative characterizations of business partners or critical evaluations of members made public, for example. Most organizations have policies to guard against inappropriate use of business resources and to explain the consequences of harboring improper content, but many don’t adequately reinforce the policy. Further, it’s apparent that a lot of IT departments haven’t picked up their responsibility, or perceived their own liability, in this area.
Let’s be clear: One thing you don’t want to have happen is that something blows up into an embarrassing exposure, with people asking how “IT” could have let inappropriate content broach your business-technology environment. For it is IT that implements spam-guards, monitors storage, and has the means (even if only under special permission by Business) to do a comprehensive review of data. The mechanics of, and the burden in, running a “clean” environment is IT’s. While it is true that Business must cooperate and contribute to a clean environment, and that this is reinforced by policies both Business (HR) and IT – no business person has the authority to look across the board at data and content on a regular basis. No business person is tasked to have knowledge superior to IT’s regarding best practice protections and best software solutions. This is a “behind the screen” faculty. If you’re an IT staff member, and your IT department is not comfortable in answering to your organization’s content, you need to get this into the BIT agenda quickly.
Next, we’ll discuss putting activity where it belongs.
According to a recent ruling by the New Jersey Supreme Court, a former employee’s past company should not have read e-mails that she sent from a private, password-protected, web account.
The employee was using company resources (computer, internet access, and indeed company time), but the Court ruled that she had a reasonable expectation of privacy for the account, being that the company’s policy regarding computer use was that “occasional personal use is permitted.”
Various states have differing views of workplace privacy: Most, if not all, have ruled that company-owned, corporate, e-mail accounts belong to the company – including all data that is contained – business related or otherwise. Many have ruled that any data on a workplace computer belongs to the company, “personal” passwords and allied info notwithstanding. But in gray areas, companies and individuals alike need to thoroughly understand Acceptable Use policies and to grow and amend those policies as necessary based on precedents and local rulings. Some predict that workplace expectations of privacy vis-à-vis differing locales and laws will ultimate settle into a uniform judgment as the issue inevitably makes its way to the Supreme Court.
But there’s another consideration here: Who might be accessing your e-mail and any other personal data in the workplace that you may not know about, and will never know about? Someone could be surveying your workplace computer right now – for entertainment purposes, or for judgment in your suitability for promotion, or even further employment. Can this be done in secret? Of course. Is it? Well… for certain environments and for anyone who understands enough about human nature… the answer comes back again, “…of course.”
For a little background, the following article by Susan K. Vivio at NJ.com is of interest: N.J. Supreme Court upholds privacy of personal e-mails accessed at work.
This much is certain: If you’re in the policy-making arena (whether IT or Business policy), be sure your Acceptable Use and Content Management policies are thoroughly up-to-date and that staff is apprised of your organization’s expectations. If you are a workplace user of resources (again, whether IT or Business staff), be sure you are thoroughly familiar with all policies affecting use of computer and allied resources – and be certain that any people you may manage are also fully educated and current.
In all regards, it is always wise to carefully consider what you may be saying and storing on workplace computers.
Once upon a time, a business director approached to introduce himself. After his name, his very first words were “I’m ‘computer-illiterate’”. He went on to explain that he would be IT’s “best customer” because he required frequent help. He joked of being proud on mornings when he could just remember how to turn his computer on. He had a smile on his face, and he most likely thought that his confessed ignorance would be seen as a friendly sign. But, it was very dismaying – as his ‘illiteracy’ turned out to be true.
He was also positioned critically; his department relied on external technical subscription services and critical agreements with solutions partners in forwarding the organization’s business. Working with this person, although nice enough, presented difficulties. So, how is it that, in this new millennium, a person of otherwise high standing still has a comfort level in divulging ignorance regarding technical matters? This is an extreme limitation for any organization, regarding any job or position.
Thought of another way: Suppose you approach your CFO – you’re new to the organization. You’re a department head, a business leader, someone who is expected to set an example – a manager, director, or even a VP. You smile and make a confession: “I sure hope I don’t have to prepare or balance any budgets around here – I’m ‘financially-illiterate!’ In fact, I can’t even balance my own checkbook! Numbers just aren’t my thing.”
Every organization’s managers are required to maintain budgets and to know how to manage them. Presumably they are hired with some basic skills: knowing how to add and subtract, and having some common understandings of basic budgets and the required accounting principles. Just because a staff member doesn’t work in Finance & Accounting doesn’t mean they’ll never have to perform some nuts and bolts finance and accounting. Likewise, it is not too much to expect that managers and users have some basic computer skills.
That expectation is quickly morphing into the outright need that these people understand and promote their own use of technology in its relation to the business. After all, most people who enter an organization that has a Business-Technology Weave are the sort of people who have computers at home, or have used them in school. No one is allowed to get away with “computer-illiteracy” any more, or even a stagnant appreciation of technology. Your organizational culture must evolve to one whereby users and managers are imaginative thinkers when it comes to using and growing the organization’s use of technology. They should employ the same imagination and judgment when partnering on the use and plan of technology that they use when partnering with Finance on the organization’s budget.
Next: An IT Deficit
In the case of Expositions’ codes, IT delivered a business module requiring new finance codes. It was up to Expositions to then take action – the act of “filing” in this case was the act of creating the codes, coordinating their approval with finance, and then inputting and administering the codes – these were all Business requirements.
How many IT departments are producing reports from end-user software that should be produced by someone in the business element? How many IT departments are orienting incoming hires for entrenched business software – the specific use of which is better explained by someone that is in the business department making the hire? How many IT departments are breaking out, coding and tracking mobile connectivity charges for business? Lots. Aren’t those an administrative duty better performed by someone in Finance or the actual departments?
In other words, look for situations where “filing cabinets” have been delivered, but where the duty of “filing” is not being effectively picked up out in the business arena. Making effective use of technology is a profit-enhancing lever, and the user community needs to “file” effectively. Do what is necessary: deliver training, place the expectation, and let Business set up and run their “filing cabinets.” This frees IT to fulfill its obligations in other rapidly expanding arenas – Security, to name one. Content Management to name another. Planning and fulfillment on future, accelerating, business and technical requirements to name more.
Next, let’s look at one additional example on the Business side of the equation before we look at some IT challenges.
Let’s examine an organization that is implementing a new Association Management System. The senior director of the Expositions department needs to identify finance codes used for her department; these codes help track revenue and expense in relation to conference booths, hotel rooms, and services, etc. Subsequently, the Chief Financial Officer needs to approve the codes. The IT department can then test them – but ultimately Expo will even have the authority to edit and configure their own codes.
The project manager with overall responsibility for managing the AMS project has asked the Expositions director to create the codes, submit them, and to then meet with the CFO and PM by a certain date in order to have an approved set of codes ready for IT’s input. However, the Expo director has failed in this task, missing several adjusted dates for completion. It is now incumbent on the PM to make this happen by setting a meeting for these two and ensuring that they do actually meet and hammer out the codes. It matters not whether the Expositions director has valid reasons for missing the assignment or not. It matters not whether the CFO has made himself available for consultation as requested.
It is the PM’s responsibility to move the process along in ensuring that the codes get created for input. Regardless who owns each incremental task – the PM is the ultimate owner and will answer to each success. In other words, the creation of the codes is an issue in the project management context. The PM’s job is to bump along the Expositions Director’s (or delegate’s) creation of the codes – an important task supporting a project – the implementation of a new association management system. The Expositions department is the task’s owner: The action of creating the codes is that department’s responsibility, with a shared component. That was creating them in compliance with the Finance department’s oversight of all finance codes. Let’s look at the “why” of the task’s ownership by the Expositions department.
Part of the lag in the code creation turned out to be the Expositions Director’s insistence that this was IT’s responsibility. However, IT is not the generator of the codes. Nor does IT maintain them – or use them. The syntax and format of the codes is defined largely by Finance. Further, the Expo Department is intimately familiar with their (Exposition’s) financial tracking needs. They know how many codes and definitions are needed in the conduct of their business. They also know the character and number of codes that exist in the old AMS – for various conference booths, hotel rooms, services, etc. Having IT survey a business situation that Expositions is responsible for is not a correct placement of effort or responsibility; nor is it efficient.
IT effort in this regard would mean: IT must perform the administrative drill of creating the codes for approval by Expositions. This would engender a review, any necessary adjustments, and resubmittals with another Expo review. This would be followed by IT’s arrangement for review with Finance. This is inefficient: Expo can drive and complete this process, in its entirety, in less time. Otherwise, it takes IT people away from doing the things that only IT can do. It engages them on a largely administrative task that should be assigned within the Expo department. Expo should not require IT to maintain their finance codes any more than IT can expect Expo to maintain IT’s finance codes.
Once Expositions creates their codes as tasked, they must let the project manager know they’re ready. The PM can schedule a sit down with Finance for review of the codes. Once Finances approves them, the PM (or a delegate) can train Expo on how to enter the codes into the AMS. The Expo department should have the authority to maintain their codes in the AMS so as to match their authority in maintaining the codes in the business sense.
Ask yourself here: who is responsible for knowing Exposition’s codes in order to exercise Exposition’s business? It is within that party, or group, where action must transpire. Today’s employment of “systems” or technology is not an excuse to defer ability, responsibility, or activity. In any circumstance, an oversight authority from Business or Technology can simply ask: who is the relevant party that knows, or should know, the “business” of what is under consideration? That party must be empowered in every possible sense so as to match activity to the root of knowledge.
In short: IT delivers the system – Business must utilize the system.
Next: Empower Business; Free IT…
It’s been said that understanding what things are like… is a large step toward understanding what things are.
Let’s take a break from the topic of False Solutions… I’d like to return to it and wrap up a few more concepts and tips, but we’ll do that a little later.
Today, let’s talk about responsibilities and where they lie. In many business-technology endeavors there blooms a confusion as to who should do what. This is especially true when going down a new and unfamiliar path. Business frequently thinks that anything involving a technical support structure means that most of the responsibility and activity belongs in the IT department. IT frequently thinks that Business should be responsible for some things that in fact are better reserved for IT’s exercise and judgment. We know there is a mutual dependency, but when are lines appropriate and where do we draw them? What answers does the Weave yield?
Let’s look at a couple examples that will highlight some areas, then discuss a simple way to illuminate any area for solution. You will then be able to employ this model to answer your own questions in cases where you’re proceeding onto unfamiliar ground, and unsure as to where to place specific activity and responsibility. You can also look at your existing placements of effort, and in many cases make better assignments in cases where certain efforts have been poorly positioned.
The Filing Cabinet Analogy
Your office is cluttered – you have documents all over the place. The paperless office of the future has not yet arrived, will never arrive, and your hardcopy papers are necessary, important, and accumulating. You must get them filed for safekeeping, and you require ready reference of the content. You call up your supply department and order a filing cabinet. A few days later, a supply clerk rolls your cabinet in, asking where you would like it.
As the clerk wheels his empty dolly toward your door, you say, “Wait! You’re not finished.” Bewildered, the clerk asks you what you mean. You politely gesture to all the stacks of paper on your desk, your table, your office floor. You tell him that he needs to label the drawers. He needs to create tabs for various subjects, projects and tasks. He needs to alphabetize and categorize your paper documentation and file it in the appropriate place in the new cabinet.
What is wrong here? This: You, the recipient of the filing cabinet, expect the supply clerk to do your filing – which is not the supply clerk’s job. The supply clerk has delivered a system for filing – the recipient must file, or delegate that to relevant department staff. But realize too: the cabinet’s recipient must not only use the “system,” the recipient must do some configuring and setup of that system. After all, it is the recipient who best understands the business requirement of that system (the labeling, categorization, content for the drawers, etc. that is necessary).
Now, we know that no one would ask the supply clerk above to do filing – or configuring – yet IT finds itself in that very position as it delivers its “filing cabinets”.
Next: Determining the “Why” for Who Does What…
All organizations must know where they are. This sounds simple and obvious, but many organizations don’t know their own staffs’ capabilities, capacity for learning, willingness to learn, and the various measures of tools and enablements that the company owns – as just some ideas for “Where We Are.”
Tell me how to get to Chicago. Um, you’d better ask a question before you have me embarking on a trip: “From where are you starting?” Any organization embarking on an IT-business solution (destination) had better know exactly where it is before plotting that destination. Ahhhhh.
In the case of XYZ, several ‘where we are’ factors were missed. No destination can be reached if you don’t understand the point from which you’re trying to progress. Here, the point of origin was thought to be one of missing automation, a lack of tools, a lack of enablement. There actually were inadequacies, as there generally are when seeking solutions. However, they were misidentified. This led to false statements of need, a misidentification of requirements, and misdirected actions. XYZ arrived at a destination that did not serve them.
There wasn’t a simple lack of automation or tools for their appraisal process. In actuality, there was a quite robust set of general automation and tools – with a wonderfully low “overhead” of maintenance being that these tools served a broad array of effort and work product. The organization just had to use these resources, and within the discipline that is required of any effort (business or otherwise, technically assisted or otherwise). The point of origin here – the organization’s “Where We Are” – included the lack of priority, discipline and accountability.
The inadequacies were in the organization’s failure to state clear expectations for fulfillment of the appraisal process, and the application of discipline and accountability in order to secure the managers’ serious attention and fulfillment of their appraisal delivery. Understanding this point of origin would have yielded a completely different path; a route to a real solution of the appraisal problem. For example, any manager’s late submission of an appraisal could yield a mention on their appraisal, with corresponding rating impact.
Another part of the path would be the emphasis on the organization’s reliance on the appraisals: What can be more important than placing, developing, and promoting the right people in creating the best organization possible?
Timely appraisal documentation is key: That is the destination, and the True Solution.
So, what ultimately happened with XYZ’s appraisal system? XYZ Corporation eventually threw out the new system, and went back to the old. A fresh set of eyes looked at the appraisal process and saw an opportunity for cost cutting. The vendor and their associated product were simply removed from the environment – saving training costs, upgrade costs, support costs, and eliminating wasted time. Managers were held accountable by their supervisors for timely and correct submission of appraisals, and those supervisors were held accountable, and so on up the line. In other words, this corporation put the push where it belonged – in the general areas of discipline and accountability.
Here too is an important understanding: IT people often don’t want to appear as a “block” to initiatives, and can remain mum on ideas that they see as unwise. Business must recognize this and foster an open dialog on needs and solutions in sponsoring a civil debate on what is best for the organization all around. A well-defined business-implementation team (BIT) is a great forum. Leaders’ responsibility – Business and IT – will be to weigh what they hear during feedback in making decisions. At the same time, IT must maintain solid credibility so that their counsel on the business end of “solutions” is weighed and considered with proper weight and focus by Business.
One important concept that IT can expose is what the false solution does to economy of scale. Any time you remove specific business from common resources and supports, such as wide serving networks, common end-user apps such as e-mail and wordprocessing, you chip away at an economy of scale because almost always there is a parallel deployment of a “specialized” resource, asset, application, platform, etc. You now build a new area of overhead and recurring cost. Be very wary in these circumstances. Before you bring in the “new,” examine the “old” and its supposed deficiencies very carefully.
Keep in mind that the phenomenon of the False Solution is very real. You may have experienced it in full, or perhaps to some lesser degree. Consider that often times you may achieve a strange parity: a “solution” that works, but is no more efficient or enabling than what preceded it. In those circumstances you live with the squander of resources in simply delivering something different. The organization may yet suffer a poor return going forward, as stakeholders in a new system make erroneous or wasted effort in trying to squeeze out advantages that are simply not there. In all cases, remember the adage to “measure twice, cut once.” Take very careful measure of needs, “solutions,” and vendors so as to create proper definitions and deliveries.
Let’s next examine the XYZ case to see where people frequently go wrong, and the red flags to look for. There are always red flags to indicate that you may be embarking on a False Solution.
To drive the point completely home, let’s look at the beauty and simplicity of what XYZ Corporation had in place prior to this “improvement” – this “solution”:
They had a very effective word processing template for the employee appraisals. It contained all of the major areas for evaluation of employees. There was a very effective instruction set that had been constructed and improved upon over time. Also, most managers had a ready history for position objectives and employee performance. It was already “online” as a reference – readily available in past year’s appraisals.
Reusing and repurposing this information should be a routine part of XYZ Corporation’s effective leverage of business content. Consider: Even for new employees (without a performance history), there still exists the position description and objectives from the former incumbent’s appraisals, as an assist to new employees appraisals. For brand new positions, neither system offered much assist – new positions require, and deserve, a fresh document set all around.
During XYZ’s “appraisal season,” expectations for completion of drafts, and submission dates for completed appraisals, were well articulated and communicated via existing tools – namely, the e-mail system, all-staff meetings, and bulletin boards – things which were still employed, by the way, with the implementation of the “automated” system.
From time-to-time we’ll get back to “XYZ Corporation” and look at their “simplified” employee evaulation process… be sure to read the first and second False “Solutions” posts:
In continuuing – XYZ’s first red flag should have been the assertion, or assumption, that the managers could not write. The corporation couldn’t possibly have hired managers without some kind of writing skills. The matter of poor writing was more a human failing on some part to hold managers accountable for their quality of writing. The posit that “managers can’t write” should have been rejected outright. The focus then should have been to set an expectation, a bar, for managers to clear for the quality of their writing. HR, and anyone supervising a poor writer, should think about this condition as exposing a vulnerability, so as to expose a potential strength. If you want your organization to write well, make that a goal. What could HR’s next steps be? Perhaps to sponsor a managers’ plan to get necessary people to training. Perhaps to issue, or direct attention to, an organizational “style guide.” The really important thing: hold people accountable for their writing – rate them on it in their own appraisals. Judge their performance. Trust me: They’ll improve.
Therefore, for XYZ Corporation, there was no technical component, no technical solution, required for this element of the appraisal problem. It is a problem of discipline and accountability, solved by senior managers, in holding people accountable for the quality of their work. No computer or technical system is going to fix your business culture, or overcome lax attitudes.
There was also the flawed analysis in the matter of automated reminders. No technical assist here helped an adherence to schedule. The only leverage that counts is how the reminders influence the receivers – the managers. Could the appraisal software’s e-mail reminders do anything that HR’s former e-mail reminders could not? In fact, there was no leverage to be had on the problem. The managers’ response to the “new” reminders was the same – to largely ignore or overlook them. HR viewed the automatic send-out of reminders from their own perspective: the efficiency standpoint of the sender (HR), not from a consideration of what the managers would do. Again, getting users to respond to reminders is a matter of discipline and accountability outside of any computer or technical solution.
We’ll weave in and out of various topics, but we’ll be returning on a recurring basis to False “Solutions” – they are an ongoing problem for many, many organizations.