As one of Infracore’s vCIO resources, I’m often brought into various companies to perform top-down assessments of internal IT departments. In this capacity, I’ve seen a myriad of different ways IT departments exist and function – and not surprisingly, some of them are more efficient and effective than others. My assessments typically leverage the People, Processes and Technology (PPT) Framework.
It’s not uncommon for me to quickly identify significant communication challenges between the IT performers and those making executive decisions. I typically find frustration on both sides – often with tension, and even degrees of resignation; many times, both parties are unable to see how their situation can improve.
My Assessment Approach
I enjoy interviewing the IT talent and listening to the issues they would change – if only they could! Having started my career as a technical performer, I am typically empathetic to their current reality. It’s not unusual for them to express their feelings of overwhelm and lack of appreciation for what they do (and yes, IT can be a thankless job). I’ve found just stopping for a moment to think of a new future can help to shift the negative mindset, and it can help uncover opportunities for improvement.
When I talk with business process owners, department heads and executive teams, I inquire about their IT needs – what’s working, and what’s not. Their concerns and frustrations are aired, and one common theme often emerges: the perceived lack of progress being made by IT, and the ineffective communication of progress and activities.
The best part of my consultation roles is often making people feel “heard”; I enjoy empowering internal teams with an effective communication approach, and then helping them develop a path forward.
A Lack of Trust
One common cause of communication breakdown is a lack of trust. Both sides are right, and both sides are wrong. The missing link? More often than not, it’s the lack of strong middle management (someone who can effectively manage expectations and manage the IT talent). But sometimes, it’s the simple fact that the right conversations aren’t being held.
Engineers typically thrive with defined structure; they have a strong desire to deliver what is asked, but they also suffer from linear thinking. They usually have tremendous pride in the work they do, while typically underestimating how long tasks can take. As a result, engineers are often trapped by being in a state of overwhelm, and they can suffer from a need to enroll others into their line of thinking, often overexplaining the effort to achieve success.
Conversely, executives want concise action plans and accountability, and don’t appreciate what goes into a specific task – nor should they!
I find this mixing of engineers and executives can be similar to attempting to combine oil and water.
IT Management Triangle
To give you context, we need to understand the IT Management Triangle, which consists of the three main charters of IT:
- Firefighting: IT is expected to deal with technical issues and emergencies with little notice. Some examples include recovering a failed system, an out-of-cycle on-boarding of a new hire, or a network emergency.
- Project Work: Includes items that are scheduled and scoped, and the management of expectations. This could be an intranet development effort, a platform upgrade, or the launch of a new ERP solution. These efforts are usually more visible.
- Recurring Tasks: The Daily / Weekly / Monthly / Quarterly / Annual tasks (DWMs) are the tasks all IT departments must perform to keep things operational. Some examples include checking the backup processes, reviewing the security logs, performing routine system maintenance, adding new users, process development, etc. Typically, these are tasks done behind the scenes.
Of these three legs, the recurring tasks are usually underappreciated by both sides, and are often the first to be neglected when one of the other legs become an unexpected priority.
There are certainly consequences to underperforming the recurring tasks, including incurring tech debt, reducing or eliminating risk mitigation efforts (such as system patching) and generally not devoting enough time to “tend to the store”. These consequences only increase the likelihood of broken commitments, and of trust being lost. This further grinds IT engineers down, often to a state of resignation and overwhelm.
Accordingly, if you don’t streamline the processes or improve systems through project work (or adequately perform the recurring tasks), IT will always be in constant firefighting mode. This mode is the least desirable in most circumstances (although it’s true that some IT professionals prefer this “hero mode” as their daily existence).
The first step towards creating alignment is to work with the technical team to define all of the commitments for which they are responsible – both implied and assigned. This exercise is usually an eye opener as it defines what the technical team has struggled to articulate and quantifies the amount of effort required to meet their obligations (including all the “tech debt” weighing on them).
This is not a trivial task, but it nearly always identifies the missing pieces. Some typically-uncovered shortfalls include capacity, technical ability, organizational structure…or even clarity of what the conditions of satisfaction are for an executive team to be happy with their IT team. This exercise allows us to distill the capacity that the team has available to perform project work. Not surprisingly, the amount of project capacity is usually insufficient to meet the demand.
Another typical challenge is when engineers internalize a statement as forever true (internally, we refer to this condition as “holding onto a story too tightly”). For example, I was helping an organization perform a security audit, and as we walked through their technology stack, I quickly identified several legacy operating systems running in critical production roles. It was a clear cybersecurity risk, as their security policy requires all operating systems must be running vendor-supported versions.
When asked why, the security engineer indicated he had been told not to worry about it – it wasn’t a priority to remediate. This “tech debt” was weighing on the technical team: they understood the risks, but felt they had no recourse to remediate.
When I asked when and who gave that direction, it was clear the conversation was several years prior, and had come from a mid-manager.
In this case and others, I recognize part of my value as a consultant is to help resolve issues, and also use some of the uncovered items as teaching moments. Risks should constantly be addressed and communicated up the chain of command. In this case, our fix was to implement an exception approach, which requires an executive to sign-off on the risk each year. Amazingly, the upgrade project was quickly made a priority.
During another engagement, we were assisting with the aftermath of a cybersecurity incident. We identified breakdowns in the IT approach; an engineer was told by a mid-manager that, under no circumstances, could IT have a negative impact on the sales and customer care groups. As a result, it was deemed acceptable to skip the enhanced security practices – they would be dealt with later.
During the after-action review, the CEO asked me, “Why didn’t they tell me of the risk? I would have paid to fix the issue.” Well…for a significantly higher cost in the end, we were able to backtrack and resolve the issue. And I was gifted another lesson to pass on as to the importance of effective IT communication, and having shared concerns when it comes to managing risk within an organization.
This blog post originated out of a discussion regarding common challenges I encounter during my consulting work. And it boils down to a few things: IT is hard. And running a company is hard. But it’s not impossible to build processes and structure to empower IT professionals to manage their commitments and capacity, while empowering them to have the right conversations and create alignment to unlock the company’s potential.
Sometimes you just need to be pointed in the right direction…and appreciate how effective listening can be.