>We’ve all been there asking why we missed the signs while others saw them head-on and benefited in some way. This happens with financial investments (e.g. I should’ve sold before this recent meltdown like my good buddy did), business opportunities (e.g. I should’ve opened up a chain of coffee stores like Starbucks before Howard Shultz got to it), military strategy (e.g. we should’ve seen the attacks on Pearl Harbor and 9-11 coming and been better prepared to try and stop them) and other numerous “should’ve” moments—and no I’m not talking about that” I should’ve had a V8!”
Why do we miss the signs and misread information?
Obviously, these are important questions for IT leaders, enterprise architects and IT governance pros who are often managing or developing plans for large and complex IT budgets. And where the soundness of decisions on IT investments can mean technological superiority, market leadership and profitability or failed IT projects and sinking organizational prospects.
An article in MIT Sloan Management Review, Winter 2009, provides some interesting perspective on this.
“Organizations get blindsided not so much because decision makers aren’t seeing signals, but because they jump to the most convenient or plausible conclusion, rather than fully considering other interpretations.”
Poor decision makers hone in on simple or what seems like obvious answers, because it’s easier in the short-term than perhaps working through all the facts, options, and alternative points of view to reach more precise conclusions.
Additionally, “both individual and organizational biases prevent…signals from getting through” that would aid decision making.
How do these biases happen?
SUBJECTIVITY: We subjectively listen almost exclusively to our own prejudiced selves and distort any conflicting information. The net effect is that we do not fully appreciate other possible perspectives or ways of looking at problems. We do this through:
Filtering—We selectively perceive what we want to and block out anything that doesn’t fit what we want to or expect to see. For example, we may ignore negative information about an IT investment that we are looking to acquire.
Distortions—Information that manages to get through our mental and emotional filters, may get rationalized away or otherwise misinterpreted. For example, we might “shift blame for a mistake we made to someone else.”
Bolstering—Not only do we filter and distort information, but we may actually look for information to support our subjective view. For example, “we might disproportionately talk to people who already agree with us.”
GROUPTHINK: “a type of thought exhibited by group members who try to minimize conflict and reach consensus without critically testing, analyzing, and evaluating ideas.” (Wikipedia)
“In principle, groups should be better than individuals at detecting changes and responding to them. But often they are not, especially if the team in not managed well, under pressure, and careful not to rock the boat.”
Interestingly enough, many IT investment review boards, which theoretically should be helping to ensure sound IT investments, end up instead as prime examples of groupthink on steroids.
If we are going to make better IT decisions in the organization then we need to be honest with ourselves and with others. With ourselves, we need to acknowledge the temptation to take the simple, easy answer that is overwhelmingly directed by personal biases and instead opt for more information from all sources to get a clearer picture of reality.
Secondly, we need to be aware that domineering and politically powerful people in our organizations and on our governance boards may knowingly or inadvertently drown out debate and squash important alternate points of view.
If we do not fairly and adequately vet important decisions, then we will end up costing the enterprise dearly in terms of bad investments, failed IT projects, and talented but underutilized employees leaving for organizations where different perspectives are valued and decisions are honestly and more comprehensively vetted for the betterment of the organization.
If we shut our ears and close our eyes to other people’s important input, then we will miss the planning mark.
IT governance is often implemented with the establishment of an IT Investment Review Board (IRB) and Enterprise Architecture Board (EAB); but to get these to really be effective you have to win the hearts and minds of the stakeholders.
Here are some critical success factors to making IT governance work:
- Management buy-in and commitment—this is sort of a no-brainer, but it’s got to be said; without senior management standing firmly behind IT governance, it won’t take root and IT projects will continue to fly under the radar.
- Prioritizatuion and resourcing—EA, IT Strategic Planning, and IT governance compete with IT operations for resources, management attention, and prioritization. More often than not, many not so savvy CIOs value putting some new technology in the hands of the end-user over creating strategic IT plans, developing transition architectures, and implementing sound IT governance (they do this at risk to their careers and good names!)
- Policy and procedures—IT governance needs a firm policy to mandate compliance to the user community; further the procedures for users to follow need to be clear and simple. IT governance procedures should integrate and streamline the governance processes for authorizing the project, allocating funding, conducting architectural reviews, following the systems development life cycle, managing the acquisition, and controlling the project. End-users should have a clear path to follow to get from initiating the project all the way through to close-out. If the governance mechanism are developed and implemented in silos, the end users have every reason in the world to find ways to work around the governance processes—they are a burden and impede timely project delivery.
- Accessibility—Information on IT governance services including the process, user guides, templates, and job aids needs to be readily available to project managers and other end users. If they have to search for it or stick the pieces together, then they have another reason to bypass it all together.
- Enforcement—there are two major ways to enforce the governance. On the front end is the CIO or IRB controlling the IT funding for the enterprise and having the authority to review, approve, prioritize, fund, monitor, and close down IT projects. At the back-end, is procurement; no acquisitions should pass without having demonstrated compliance with the IT governance processes. Moreover, language should be included in contracting to enforce EA alignment and compliance.
- Cultural change-Organizations need to value planning and governance functions. If operations always supersede IT planning and governance, then both business and technical stakeholders will feel that they have a green light to ignore those functions and do what they want to do without regard to overall strategy. Further, if the culture is decentralized and governance is managed in silos (one manager for SDLC, another for EA, yet another for requirements management), then the processes will remain stove-piped, redundant, and not useable by the user community.
- Communication plan—the governance process and procedures need to be clearly communicated to the end users, and it must address the what’s in it for me (WIIFM) question. Users need to understand that their projects will be more successful if they follow the IT plan and governance processes. Those are in place to guide the user through important and necessary project requirements. Further, users are competing for resources with other important IT projects, and user will benefit their projects by making the best business and technical case for them and following the guidelines for implementing them.
The Privacy Act of 1974 states: “no agency shall disclose any record which is contained in a system of records by any means of communication to any person, or to another agency, except pursuant to a written request by, or with the prior written consent of, the individual to whom the record pertains.”However, there are certain exception for statistical, archival, and law enforcement purposes.
What is privacy?
In MIT Technology Review, “The Talk of The Town: You—Rethinking Privacy In an Immodest Age” (November/December 2007), by Mark Williams, the author states Columbia University professor emeritus of public law Alan F. Westin defines privacy as, ‘the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to others.’”
Do we have privacy?
Already in 1999, Sun Microsystems chairman Scott McNealy stated, “You have zero privacy anyway. Get over it.”
These days, there is no illusion of privacy, as young people routinely put their biographical details and images online at a myriad of social-networking websites. Moreover, “kids casually accept that the record of their lives could be Googled by anyone at any time…some even considered their elders’ expectations about privacy to be a weird, old-fogey thing–a narcissistic hang-up.”
Privacy is certainly not an absolute, especially since we need to balance the right to privacy against the first amendment guarantee of free speech. However, when people think their rights to privacy has been abused they have recourse to tort, defamation, and privacy law.
EA’s role in privacy:
User-centric EA supports the Investment Review Board selection, prioritization, and funding of new IT investments with architecture reviews and assessments; these EA reviews include a detailed appraisal of everything in the “information” perspective, including information management, sharing, accessibility, assurance, records, and of course privacy issues.
Furthermore, more detailed privacy impact assessments (PIAs) must be conducted, according to the the E-Government Act of 2002, “when developing or procuring IT systems or projects that collect, maintain or disseminate information in identifiable form from or about members of the public.”
Although Generation Y does not particularly seem to value their privacy as you’d expect, EA, along with the privacy officer and the chief information security officer, plays a critical role in monitoring and ensuring the privacy of information managed by the enterprise.
In the Harvard Business Review (HBR) whitepaper entitled, “Harnessing Our Inner Angels and Demons” by Milkman, Rogers, and Bazerman, the authors describe the “conflict when deciding whether to behave responsibly or indulge in impulsivity”, what the authors call the want/should conflict.
How do we define want and should?
“Some options are preferred by the should self (e.g. salads, documentary films, trips to the gym, etc.), while others are preferred by the want self (e.g. ice cream cones, action films, skipping the gym, etc.).”
How do we decide between the want and should options?
“The optimal choice between want and should options requires summing the short-run and long-run utility that would be gained from each option and selecting whichever provides more discounted net utility. Although should options have more long-run benefits than want options, in many cases the short-run benefits of a want option may be significant enough to outweigh the long-run benefits of a should option.”
While salad is a should option, and pizza a want option, we frequently chose the pizza, because the short-term instant gratification of the pizza outweighs the perceived long-terms health benefits of the salad.
How does this should/want conflict impact EA?
User-centric EA is all about making choices and trade-off decisions. The enterprise has limited resources and so must chose between IT investment options. Some of these investment may be want options and others may be should options. For example, user may want to upgrade their desktops with the “latest and greatest” computer model and options every year or two. However, the enterprise should invest in business intelligence or customer relationship management software, for example, that will yield significant long-term utility to the organization. Which option does the Investment Review Board choose? Which option is called for in the EA target architecture and transition plan? The HBR whitepaper shows us to measure the utility and make decisions based on the net utility to the enterprise. In this way, the organization gets the greatest good for its IT investment dollars.
Enterprise Architecture is a combination of developing and using organizational insight and managing sound oversight.
Boeing Company’s recently announced six-month delay of its new 787 Dreamliner jet shows defects in both their EA insight and oversight.
The Wall Street Journal, 7 December 2007 reports that “layers of outsourcing slow 787 production…a look inside the project reveals that the mess stems from one its main selling points to investors—global outsourcing.”
How did global outsourcing reveal the breaks in both effective insight and oversight at Boeing?
- INSIGHT—EA is the synthesis of business and technology to improve organizational decision-making. EA develops information products, so that the organization has the information it needs to improve mission execution, and so that business is driving technology. In the case of Boeing, they were so focused on getting the technology of the new jet right, that they overlooked the underlying business problems. “It figured the chief risk lay in perfecting a process to build much of the plane from carbon-fiber plastic instead of aluminum. Boeing focused so hard on getting the science right that it didn’t grasp the significance of another big change; the 787 is the first jet in Boeing’s history designed largely by other companies,” and this has been plagued with problems ranging from language barriers to their contractors subcontracting out key tasks, such as engineering. Boeing’s focus on the technology led them to ignore important aspects of the business of designing and producing the new planes. Boeing did not have sufficient insight into the business side (versus the technology) of managing this tremendous endeavor.
- OVERSIGHT—EA involves IT governance, so that IT investments are made based on sound principles of business alignment, return on investment, risk management, and technical compliance. Generally, the Investment Review Board, the EA Board, and the Program Management Office sees to it that IT projects are reviewed and managed in terms of cost, schedule, and performance parameters. In the case of Boeing, they did not ensure adequate EA oversight for the 787 jet. “Boeing overestimated the ability of suppliers to handle tasks that its own designers and engineers know how to do almost intuitively after decades of building jets. Program managers thought they had adequate oversight of suppliers but learned later that the company was in the dark when it came to many under-the-radar details.” Boeing’s general expertise in project oversight was outsourced along with the engineering and production tasks, and this led to, what an executive of one major supplier has called, chaos.
The Boeing 787 Dreamliner may well end up being a true “dreamy” jet plane, but from a User-centric EA perspective, the 787 has been a real nightmare and a example of ineffective EA insight and oversight!
To manage IT, you’ve got to have investment reviews, but when is it too much or not effective?
There are a number of executives (CXO’s) with a stake in the success of IT projects and a responsibility to review and manage them:
- Chief Financial Officer (CFO)— is interested in the investment’s alignment to the mission and its return on investment
- Chief Information Officer (CIO)—looks at IT projects in terms of technical alignment and compliance with the enterprise architecture, systems development life cycle, IT security, and other areas like privacy, accessibility, records management, and so on
- Chief Procurement Officer (CPO)—reviews projects for contractual issues to protect the organization and ensure that “it gets what it’s paying for”
- Line of Business (LOB) Program Officials—must review projects in terms of their project management and to control cost, schedule, and performance and ensure that the organization “controls” its investments
Usually, each of these executives has boards to carry out these review functions, and they are redundant, inefficient and drive the end-user crazy answering questions and checklists.
Part of the problem is that the executives and their review boards do not limit themselves to reviewing just their particular domains, but look across the management areas. So for example, EA often not only looks at technical alignment, but also will review business alignment and performance measures.
Moreover, not only are the review boards’ functionality often redundant between CXO’s, but even within the domain of a CXO, there will be duplicative review efforts such as between EA, SDLC, and IT security reviews.
Additionally, when an organizational component of an organization needs to conduct these reviews at their level and then again all the same reviews at a higher overall organization level, then the already inefficient review process is now doubly so.
In the end, with all the requisite reviews, innovation gets stifled, projects hamstrung, and the end-user frustrated and looking to circumvent the whole darn thing.
Obviously, you must review and establish checks and balances on IT investments, especially with the historical trends of people spending extravagantly and wastefully on IT solutions that were non-standard, not secure, not interoperable, did not meet user requirements, were over-budget, and behind schedule.
The key from a User-centric EA perspective is to balance the needs for governance, oversight, and compliance with helping and servicing the end-user, so they can meet mission needs, develop innovative solutions, and manage with limited resources. Asking users the same or similar checklist questions is not only annoying, but a waste of valuable resources, and a great way to spark an end-user revolt!
Remember it’s a fine line between EA and governance showing value to the organization and becoming a nuisance and a hindrance to progress.