COMMENTARY— Progressive Disclosure

Peter Gallagher | Change in the time of process

Process control can rob organizations of the flexibility they need to change

We all know change is the lifeblood of the information technology industry. It is the one thing IT can depend on. It’s what makes the industry challenging. And change demands flexibility.

However, we also know that change elevates the threat of disruption, especially for complex legacy applications. And too much change, too much flexibility, will certainly increase risk.

It has been an IT passion to battle the risks of change by incorporating the controls promised by improved process management. Obsession is not far off as a description of our passion for process control frameworks with names such as PMBok (Project Management Body Of Knowledge), CMMI (Capability Maturity Model Integration) and ITIL (Information Technologies Infrastructure Library). We have fallen madly in love with process control. Every organization is searching for that perfect set of process control documents, for things like configuration management, testing or quality, to guarantee consistent delivery and operational support. Implementing process control has been a growth business for many people, especially those in IT security.

But has the desire for a rigorous, documented process blinded us to the reality of change?

Another sector that is also going through change, the automotive industry, may have some lessons for IT. Auto manufacturing is the birthplace of the masters of process control, with the Toyota Production System (TPS) standing as an exemplar. The much-studied TPS connected suppliers and processes in unimagined ways to create high quality at the lowest cost. However, TPS proved hard to copy. Even though the company's competitors developed similar specifications, TPS somehow kept Toyota ahead.

The history of these automotive production systems demonstrates that it is a mistake to confuse the process tools or specifications with the functioning of the system itself.

For example, at Toyota continuous change is the root driver of rigorous process specifications guided by TPS. The Toyota example illustrates how an evolving process model that is owned by the people performing the tasks, with guidance from strong technical leaders, can create value. Each iteration of a process is really an experiment that needs to be evaluated and improved upon. Making change consistently in a scientific way is what the TPS process is all about. Agility and flexibility is the goal rather than rigid procedure. Controlling change, not finalizing a procedure, is the real objective.

Everyone agrees that continuous improvement is a good thing, but should it be at the core of what we do when it comes to process management for IT systems?

The seductive promise of uniformity and perfection transmitted through process control has reached the point where it is making us weaker. We need to understand change for what it is – it's what we do every day. Empowering people to make changes in a controlled manner, improving the flexibility of our teams and allowing room for some failures are all things we need to embrace to stay competitive.

Giving up the hierarchical control embodied in the enforcement of an “official” standard operating procedure in favor of shared learning and individual or group responsibility is the challenge of change in the Web 2.0 world – not just for IT, but for the entire government. Rigid process can even inhibit innovation -- which, given IT’s reliance on change, is something we have to, well, change.

About the Author

Peter Gallagher, now a partner at Unisys in the Federal Civilian group, has been working to promote the use of open source software and open standards for government since the late 1990s.

inside gcn

  • cybersecure new york city

    Cybersecurity for smart cities: Changing from reactionary to proactive

Reader Comments

Wed, Feb 18, 2009 Peter Gallagher Reston, VA

Author Comment: I appreciate your comments re. the risk in generalized process experts trying to make systems more secure, or any process more effective. The point of the column really supports your point of view. Rather than a "free-for-all" by process gurus, a controlled yet more flexible process control with the domain experts as owners is _exactly_ what the Toyota Production System is all about. The column in no way suggests what you assert or Toyota would be out of business. And, BTW, "contractors" are also concerned about the security of this nation - that is the point.

Fri, Feb 13, 2009

The whole six sigma, continuous improvement - flatten the hierarchy and bring in amateurs to replace experts is what caused the generalized breakdown of quality and security of systems both in the public and private sector. Now a contractor is suggesting a free-for-all - everybody just go buy what you want. Great idea for future business - for contractors. Lousy idea if there is any concern for the security of this nation - which at this point is a real question in my mind.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group