All Posts in Policies and Procedures

|In: Industry Commentary|Last Updated:

With the election over, the world’s opinionators have switched their opining from comparing candidates’ horse-race strategies and tactics to pointless post mortems on the same subject.

Pointless because the correct analysis is, what was Clinton thinking, setting up her own email server instead of using Gmail like everyone else?

Last week I promised to get back to business. I am. Because if you filter out all the noise, the Clinton Email Fiasco provides plenty of guidance for the world of organizational dynamics.

Start with an excellent long-form piece by Politico’s Garret Graff titled “What the FBI Files Reveal About Hillary Clinton’s Email Server” (9/30/2016). According to Graff, the FBI’s investigation documents “… depict less a sinister and carefully calculated effort to avoid transparency than a busy and uninterested executive who shows little comfort with even the basics of technology, working with a small, harried inner circle of aides inside a bureaucracy where the IT and classification systems haven’t caught up with how business is conducted in the digital age.”

In broad brush if not detail, the story should sound familiar. Start with Clinton’s technical illiteracy. She apparently doesn’t even know how to use a personal computer. For email, she once learned to use a Blackberry and that was the beginning and end of her tech savviness. Even her staff’s attempts to move her to an iPad or iPhone died on the vine.

Couple that with the sheer volume of emails she had to contend with — you’ll recall they numbered in the hundreds of thousands. Next mix in that the State Department’s secure email facilities were clumsy and antiquated. And that in addition to her Blackberry, Clinton managed much of her email traffic by having aides print out messages for her to read and hand-write responses. But outside the State Department’s facilities this couldn’t be done, so her staff forwarded emails to her private server as a workaround so they could be printed.

The punchline: Substitute your own company’s less-than-tech-savvy executives for Hillary Clinton. Substitute inconvenient or hard-to-use information technology for the State Department’s secure email system. Substitute Gmail and Dropbox for a privately managed email server.

And finally, substitute your technology-use policies for the State Department’s technology-use policies, and your insufficient technology refresh budget for the State Department’s insufficient technology refresh budget.

Get the picture?

Outrage is easy when someone in authority violates the policies everyone else is expected to follow. Empathy is harder.

But as any good business analyst will tell you, empathy is the essential ingredient in information technology design. “Documenting requirements” only gets you so far, as anyone knows who has documented the requirements for secure passwords will tell you. Those requirements are precisely what cause employees to write down their passwords on easily-found Post-It notes.

People have work to do. Executives are people too, often with bigger piles of work than anyone else. And character flaws notwithstanding, your typical executive mostly gets it done.

Executives are, if anything, even more impatient than anyone else regarding obstacles that keep them from doing it.

Regrettably, in my experience at least, at a personal level more executives see information technology as obstacle than see it as an assist, so while they might not be so extreme as to not know how to use a PC, there are plenty who won’t take the time to learn (for example) how to track changes in Word; to use SharePoint in its usual IT-friendly/user-unfriendly configuration; or to use the company’s web conferencing system’s whiteboard feature to facilitate mixed in-person/remote participant meetings.

Not to mention … it’s a whiteboard. How many employees at any level have PCs that let them use a stylus to draw on the whiteboard?

Answer: Very few, because of the rarely recognized chicken/egg nature of so many IT requirements: Few people ask for something because they don’t know it exists; IT doesn’t offer it because nobody asks for it.

So … where does the Clinton Email Fiasco take us?

It’s past time for businesses of all kinds to recognize that inconvenient IT, especially when coupled with a lack of technology savviness, constitutes a significant risk to the business.

Even more, it’s long past time to recognize that dealing with most risks by establishing policies are little more than CYA strategies. They’re pretty much worthless when it comes to preventing or mitigating the risks themselves.

While in your case the fiasco will be less obvious and visible, the lesson is nonetheless just as consequential when profits and brand are at stake as for more minor matters like appealing to voters.

Comments

|In: Industry Commentary|Last Updated:

Last week I enjoyed my freedom from political correctness by ridiculing New Jersey for the state of its roads (D+ grade from the American Society of Civil Engineers), its correlatively low gas tax, and the consensus among its governor, legislature and citizens that tax increases are off the table.

Who to ridicule this week? I know … most of the private sector, because if you think this sort of behavior is limited to public governance, you aren’t paying attention to your own backyard.

For example …

I know of an insurance company that’s grown through acquisition to the point that it now has eleven functionally equivalent underwriting/policy administration systems. And no, it isn’t run as a holding company.

Whenever there’s a change to business logic, it has to make that change eleven different times in eleven different ways.

From all reports, the company’s IT department has become quite good at coordinating and implementing business logic changes. As it should, because when it comes to deciding what capabilities your organization needs it’s good to concentrate on what the business is likely to need from you.

The only choice that would be better would be to retire ten of the eleven systems.

Except that by just about every reasonable measure, the company in question is extraordinarily successful.

This is the sort of thing that keeps management consultants awake at night. If you’re metaphorically inclined, it’s as if, by policy, a state limited road maintenance to dumping asphalt into potholes and still became one of the nation’s primary transportation hubs.

But that isn’t what this week’s column is about. This week it’s about planning for the obvious and how organizational dynamics so easily prevents it.

Planning for the obvious first: If you add something to your fund of stuff, whether it’s a house or car for your household, or a machine, information system or facility if you’re a business, you’re going to have to spend money in the future to maintain it.

Otherwise your fund of stuff (from here on in, FoS) will deteriorate, losing its value or performance over time.

It’s a simple, inarguable equation: FoS increases, maintenance costs increase too, or else FoS value steadily decreases.

As a nation, during the Eisenhower administration we built our interstate highway system, and, in 1956, created the Highway Trust Fund, supported by a penny per gallon federal gas tax increase (to 3 cents, which, in case you care, is equivalent to 24 cents today, compared to the current federal gas tax rate of 18.4 cents).

Meanwhile, I’d bet good money (enough to pay five gallons worth of New Jersey gas tax) most KJR readers work in companies that, when they implement new information systems, don’t increase the IT budget by enough to cover the easily predicted need for ongoing maintenance.

Why not, given that any meteorologist would kill to be able to make predictions with this level of confidence?

Based on my exposure to and experience in quite a few businesses over the course of my career, it’s because of:

  • ROI computation: Proposed projects are usually evaluated on their financials. Include the cost of maintenance and the financials look worse, making the business case less attractive. Better to conveniently forget about them.
  • Tradition: This isn’t just the opening number for Fiddler on the Roof. If nobody else had to include maintenance costs in the past, why should my pet project be burdened with them now?
  • No good deed going unpunished: We haven’t increased the IT budget to support maintenance yet, and yet IT has managed to maintain everything so far. What’s changed?
  • Wishful thinking: Maintenance is a separate spending bucket. If IT needs to maintain a system, the maintenance will have to be cost-justified on its own merits.
  • Baumal’s Cost Disease: Everyone else is expected to continuously improve. Instead of increasing IT’s budget, IT should continuously improve enough to cover the difference.
  • Reality Distortion Fields: We can’t increase IT’s maintenance budget because we’re going to need this money to invest in new strategic initiatives.
  • Distrust: If we increase IT’s budget by enough to cover maintenance of this system, how do we know IT will actually spend the money on this system? (Several correspondents from New Jersey explained their anti-gas-tax-increase position on this basis.)
  • Siloes: If we increase IT’s budget by x to cover the cost of maintenance for someone else’s system, that will leave less on the table to cover the cost of the new systems and system enhancements I’m going to want.

Against these forces, the CIO is armed with nothing beyond logic and maybe a Gartner study or two.

It’s time to buy more asphalt.

Comments