Changing IT culture – killing heroes and slaying bureaucrats
The IT sector has a secret shame; it is still full of heroes who are really bad at managing the risk of change in conflict with bureaucrats trying to stop them by tying them up in convoluted authorisation cycles.
Through the eyes of a hero In my dynamic world, change is a fact of life: moving house, crossing the road, getting married, all change and all something I do in my stride without process. At work, I am an expert, I am master of my world. I know what I’m doing, process and paperwork is a feeble attempt by bureaucrats to slow me down in delivering. Therefore, I comply where I must but know in my heart that I should be living free.
Through the eyes of a bureaucrat We prosper as a team, process is there to ensure that the team functions. Heroes act without thinking, causing collateral damage which cripples the team. Therefore, I must bind the Heroes, control them, master them and herd them into the team and if the herd walks slowly then so should the hero.
Both are looking at the same world but set in motion an adversarial cycle of conflict that is crippling business and as our environments get more complex it’s going to get worse.
Most industries have woken up and are leaving the IT industry behind. Even the construction industry has managed to half the number of incidents in the last decade.
The airline industry is the poster boy and shows how things can be done. Up to the 1970s fatalities and incidents were increasing until a series of horrific accidents jolted the industry to change.
They changed a hero-culture of pilots who did things the way they thought best and brought in procedures, reviews, checks and slowly they changed the culture, reduced risk, improved safety and reduced costs; and whilst total miles flown has increased exponentially since the 1970s the incidents per mile flown has been reducing year on year and the total annual fatalities are a quarter of the worst years from the 1970s.
The big difference is that they have recognised and accepted that it’s about risk management and to manage risk you need great processes, minimal bureaucracy and a collaborative culture.
Don’t believe me? I bet I know the earliest process you learned – The Green Cross Code. It is taught to you as soon as you can walk and is there to help reduce the risk of crossing the road and even when we’re adults, we may not say it but we still use it. It’s a way of instilling the knowledge and experience of the many into a simple process that can be used repeatedly to reduce risk.
The important bit is that as soon as you can show that you are using it and competent at using it, you are allowed to, without bureaucracy, although you are still monitored to ensure that you are…as my mother demonstrated to me last year when I crossed without looking.
In the airline industry, the culture they built is called no-blame and it’s their way they focus on what’s important – Keeping passengers safe through great, repeatable, processes.
A no-blame culture moves the focus so that if you’re following the process and it goes wrong then it’s the process that’s at fault and the aim is for EVERYBODY to work together to fix the process.
Blame is only due if the person doesn’t do their job properly and the beauty is that once people are working together and the risk understood then authorisation is delegated, allowing more and more change to be initiated locally, removing bureaucracy.
Creating a no-blame culture takes time and I would propose the following 4 steps are essential:
1. Make it clear what’s expected - clear terms of reference, policies, working practices, expected behaviours need to be described and given to EVERYBODY as we’ve got to respect each other and what we do.
2. It needs to come from the top and it needs to be visibly adhered to - you can’t expect a technical staff member to change their behaviour if the first time a big incident occurs they are hung out to dry by their manager or the CIO. Everybody needs to feel SAFE that if they follow the process it is valued and they will not be punished.
3. Audit to ensure that the right behaviour is rewarded - It’s easy to show if the technical experts are proceduralising their work….you’ll be able to ask for them to show you the documentation. How about the managers and business accepting these to allow the technical teams to use them without the bureaucracy? Once a process is clearly documented and the risk managed, the authority needs to be delegated, otherwise what’s the point?
4. Measure what’s important - this is going to take time, so don’t start by measuring the whole and expect it to change the month after you start. Measure how much has been proceduralised and the benefit of this and use these results to incentivise.
In summary, follow the process, risk will reduce, bureaucracy will stop slowing the herd and you’ll find you have to run to keep up; Because as Keith Prowse said, ’Always use the Green Cross code as I won’t be there when you cross the road’