Showing posts with label Best Practices. Show all posts
Showing posts with label Best Practices. Show all posts

December 10, 2019

Training With Paper Airplanes

So I was in an Agile and Scrum Management class yesterday. 

Always looking for new best practices and efficiencies for what we are doing in software development. 

We did one exercise to compare the old Waterfall methodology with Agile. 

And the instructor had us as a team build paper airplanes one way and then the other so see the difference in output and outcome. 

Lo and behold, we had almost 40 planes in agile and only 6 in waterfall. 

What you see in the photo is the testing phase: we actually had to see if they could fly at least 10 feet without taking a nosedive.  ;-)

(Credit Photo: Andy Blumenthal)
Share/Save/Bookmark

November 18, 2019

Types of Project Management Office

This is a quick breakdown of the 3 types of Project Management Offices (PMOs).

  • Enabling (Supportive) — Provides best practices, templates, and tools “as needed,” and compliance is voluntary.
  • Delivery (Controlling) — Adopts framework or methodology, policy, and repeatable procedures, and a certain level of the standards are enforced.
  • Compliance (Directive) — Establishes strict standards, measures, and control over projects, and these are highly regulated.

A good place to start is with an enabling/supportive PMO and then progress to a more delivery/controlling model. Generally, a compliance/directive PMO is for more highly regulated organizations.

(Credit Graphic: Andy Blumenthal and concept via CIO Magazine and Gartner)
Share/Save/Bookmark

September 21, 2019

OFNR Communications Model


This is a useful 4-part communications process (developed by Dr. Marshall Rosenberg):

1. Observations:  Tell the other person the behavior you observe from them that is making you uncomfortable. 
When I Observe...

2. Feelings:  Explain how the person's behavior makes you feel (happy, sad, angry, annoyed, excited, worried, scared, hurt, embarrassed, confused)
I feel...

3. Needs: Describe what you need from the other person (physiological, safety, social, esteem, self-actualization)
Because I need...

4. Requests: Ask them specifically what you'd like them to do.
Would you be willing to... 
It's a way to make your feelings and needs known and ask nicely what you'd like from others. 

This provides a mechanism to give feedback and work with other people without being confrontational, threatening, dictatorial, or nasty. 

When I see you reading my blog, I feel happy, because I need to try to be a good person and good influence in this world. Would you be willing to share my blog with others? ;-)

(Credit Photo: Andy Blumenthal and Colleague from Work)
Share/Save/Bookmark

May 9, 2019

@National Cybersecurity Center of Excellence



So good today to visit the NIST Cybersecurity Center of Excellence (NCCoE).

The cybersecurity solutions developed are aligned to the well-known Cybersecurity Framework (CSF). 

Got to see some of the laboratories, including demonstrations for securing the Healthcare and Energy Sectors. 

Interesting to hear about examples for securing hospitals records and even things like infusion pumps.  

The medical devices are tricky to secure, because they are built to potentially last decades and are expensive to replace, but the underlying technology changes every couple of years. 

Also, learned more about securing the energy sector and their industrial control systems.  

One scary notable item mentioned was about the "big red button" for shutdown in many of these facilities, but apparently there is malware that can even interfere in this critical function. 

It is imperative that as a nation we focus on critical infrastructure protection (CIP) and continuously enhancing our security.

Time is of the essence as our adversaries improve their game, we need to be urgently upping ours. ;-)

(Source Photos: Andy Blumenthal)
Share/Save/Bookmark

March 28, 2018

Technology and Human Capital--They Go Hand-In-Hand

So there are some mighty impressive places to work that really shine in terms of the technology they use and the constant desire to upgrade and improve their capabilities. 

Usually, these are also the places that value and respect their human capital because they view them as not just human pawns, but rather as strategic drivers of change. 

Then there are the places that are "so operationally focused" or just plain poorly run that they can't be bothered to think about technology much at all or the people that make up the organization and its fiber. 

In many cases, the wheel may be turning, but the hamster is dead: 

There is no real enterprise architecture to speak of. 

There are no IT strategic or operational plans. 

There are no enterprise or common solutions or platforms. 

There is no IT governance or project/portfolio management. 

Even where there are some IT projects, they go nowhere--they are notions or discussion pieces, but nothing ever rolls off the IT "assembly line."

How about buying an $800 software package to improve specific operations--that gets the thumbs down too. 

Many of these executives can't even spell t-e-c-h-n-o-l-o-g-y!

It's scary when technology is such an incredible enabler that some can't see it for what it is. 

Rather to them, technology is a distraction, a threat, a burdensome cost, or something we don't have time for.

Are they scared of technology?

Do they just not understand its criticality or capability?

Are they just plain stupid? 

Anyway, organizations need to look at their leadership and ask what are they doing not only operationally, but also in terms of technology improvement to advance the organization and its mission. 

Look to the organizations that lead technologically, as well as that treat their people well, and those are ones to ogle at and model after.  ;-)

(Source Photo: Andy Blumenthal)
Share/Save/Bookmark

November 22, 2016

Good IT Gone Bad

So over and over again, good IT goes bad in a flawed decision-making process. 

Even with the best laid plans and governance processes in place, somehow decisions get politicized, go bad, and projects fail. 

Here are some of the popular reasons why this happens:

1) Someone has something to prove - Often their is a person incoming to power who wants to show off what they can do. Instead of focusing on what is best for the organization's mission and people, they put themselves first. IT becomes not a tool for efficiency and effectiveness, but rather as some project rushed through for someone's resume and narcissist career progression. Time to add another notch on your IT belt!

2) Someone used it, saw it, or heard of it someplace else - So why follow a structured decision-making and vetting process for new technology, when Joe Schmoe already has the answer of what we can use and what we should do. Perhaps, Joe Schmoe used the technology in another place and for another reason, but that's what he knows and instantaneously, he's the maven, subject matter expert. Or maybe, Joe Schmoe attended a vendor conference or read a trade mag on the airplane and now he is guess what, the all-knowing on the topic. Get ready to pull out your wallets to pay for the wrong thing for your needs and organization, but it's okay becuase Joe Schmoe assured you it's great!

3) Someone wants to use technology like a Swiss army utility knife - Let's just buy this amazing tool; it can slice, dice, chop, mince, or Julienne; actually there is nothing this IT tool can't do. Buy it and use it for all your technology projects and needs. Why buy specialized tools, when you can have one that does everything--it will be your data warehouse, cloud provider, handle all your transactions, and be your artificial intelligence all in one.  Don't worry about the complexity, integration, training, support or how good it does any specific thing--just trust us!

In general, it shouldn't be so easy for leadership to get sold and fooled by the wrong people with the wrong agendas. Yet, these things seem to take off like a speeding locomotive, and if anyone tries to step in front of it, career splat for some unfortunate well-meaning character!

Some leaders and organizations only seem to learn by making the same IT mistakes again and again--it's costly to their mission and to their stakeholders, but someone is making out like a bandit and it's on their dime. ;-)

(Source Photo: Andy Blumenthal)
Share/Save/Bookmark

September 26, 2015

When In Doubt

I like this sign that I saw in a local place of business that buys and sells goods. 

"When in doubt--PASS!"

How many times are we faced with a challenging situation, and we are not quite sure what to do.

We hem and haw and go back and forth in our minds whether we should really do it?

But like my wife and I came to with decision-making in general a while ago, "If it isn't yes, then it's no."

When that little something inside is giving you pause, doubt, and holding you back...there is usually a very good reason. 

STOP yourself right there--listen to your gut and instinct.

If you don't, you'll pay the price afterwards for making a bad call that you knew deep down was a big no-no to begin with. ;-)

(Source Photo: Andy and Dossy Blumenthal)
Share/Save/Bookmark

June 10, 2014

I Like That Technology

Christopher Mims in the Wall Street Journal makes the case for letting employees go rogue with IT purchases.

It's cheaper, it's faster, "every employee is a technologist," and those organizations "concerned about the security issues of shadow IT are missing the point; the bigger risk is not embracing it in the first place."


How very bold or stupid? 


Let everyone buy whatever they want when they want--behavior akin to little children running wild in a candy store. 


So I guess that means...


  • Enterprise architecture planning...not important.
  • Sound IT governance...hogwash.
  • A good business case...na, money's no object.
  • Enterprise solutions...what for? 
  • Technical standards...a joke.
  • Interoperability...who cares? 
  • Security...ah, it just happens!

Well, Mims just got rids of decades of IT best practices, because he puts all his faith in the cloud.

It's not that there isn't a special place for cloud computing, BYOD, and end-user innovation, it's just that creating enterprise IT chaos and security cockiness will most-assuredly backfire. 


From my experience, a hybrid governance model works best--where the CIO provides for the IT infrastructure, enterprise solutions, and architecture and governance, while the business units identify their specific requirements on the front line and ensure these are met timely and flexibly.


The CIO can ensure a balance between disciplined IT decision-making with agility on day-to-day needs. 


Yes, the heavens will not fall down when the business units and IT work together collaboratively. 


While it may be chic to do what you want when you want with IT, there will come a time, when people like Mims will be crying for the CIO to come save them from their freewheeling, silly little indiscretions. 


(Source Photo: Andy Blumenthal)

Share/Save/Bookmark

October 23, 2013

Healthcare.gov - Yes, Yes, and Yes


Healthcare.gov was rolled out on October 1. 

Since then there has been lots of bashing of the site and finger-pointing between government overseers and contractors executing it. 

Some have called for improvements down the line through further reform of government IT.

Others have called for retribution by asking for the resignation of the HHS Secretary Sebelius. 

Publication after publication has pointed blame at everything from/to:

- A labyrinth government procurement process

- Not regularly using IT best practices like shared services, open source, cloud computing, and more

- An extremely large and complex system rollout with changing requirements

And the answer is yes, yes, and yes. 

Government procurement is complex and a highly legislated functional area where government program managers are guided to hiring small, disadvantaged, or "best value"  contract support through an often drawn-out process meant to invoke fairness and opportunity, while the private sector can hire the gold standard of who and what they want, when they want, period. 

Government IT is really a partnership of public and private sector folks that I would image numbers well in the hundreds of thousands and includes brand name companies from the esteemed defense and aerospace industries to small innovators and entrepreneurs as well as a significant number of savvy government IT personnel. Having worked in both public and private sector, I can tell you this is true--and that the notion of the government worker with the feet up and snoozing is far from the masses of truth of hardworking people, who care about their important mission serving the public. That being said, best practices in IT and elsewhere are evolving and government is not always the quickest to adopt these. Typically, it is not bleeding edge when it comes to safety and security of the public, but more like followers--sometimes fast, but more often with some kicking and screaming as there is seemingly near-constant change, particularly with swirling political winds and shifting landscapes, agendas, lobbyists, and stakeholders wanting everything and the opposite. 

Government rollout for Healthcare.gov was obviously large and complex--it "involves 47 different statutory provisions and extensive coordination," and impacted systems from numerous federal agencies as well as 36 state governments using the services. While rollouts from private sector companies can also be significant and even global, there is often a surgical focus that goes on to get the job done. In other words, companies choose to be in one or another business (or multiple businesses) as they want or to spin off or otherwise dislodge from businesses they no longer deem profitable or strategic.  In the government, we frequently add new mission requirements (such as the provision of universal healthcare in this case), but hardly ever take away or scale back on services. People want more from the government (entitlements, R&D, secure borders, national security, safe food and water, emergency response, and more), even if they may not want to pay for it and seek the proverbial "smaller government" through less interference and regulation. 

Is government IT a walk in the park, believe me after having been in both the public and private sectors that it is not--and the bashing of "cushy," federal jobs is a misnomer in so many ways. Are there people that take advantage of a "good, secure, government job" with benefits--of course there are some, but I think those in the private sector can look in the offices and cubes next to them and find quite a number of their colleagues that would fit that type of stereotype as well.

We can learn a lot from the private sector in terms of best practices, and it is great when people rotate from the private sector to government and vice versa to cross-pollinate ideas, processes, and practices, but the two sectors are quite different in mission, (often size and complexity), constituents, politics, and law--and not everything is a slam dunk from one to the other. However, there are very smart and competent people as well as those who can do better in both--and you fool yourself perhaps in your elitism if you think this is not the case. 

Are mistakes made in government IT--definitely yes. Should there be accountability to go with the responsibility--absolutely yes. Will we learn from our mistakes and do better in the future--the answer must be yes. ;-)
Share/Save/Bookmark

September 28, 2013

Insuring Against Cyber Attacks

More and more, our technology is at risk of a cyber attack. 

In fact, just today the Wall Street Journal reported that Iran has hacked into the Navy's unclassified network. 

While we can fix the computers that were attacked, the damage done in terms of data exfiltration and malware infiltration is another matter.

To fix the computers, we can wipe them, swap out the drives, or actually replace the whole system. 

But the security breaches still often impose lasting damage, since you can't get the lost data or privacy information back or as they say "put the genie back in the bottle."

Also, you aren't always aware of hidden malware that can lie dormant, like a trojan horse, nor can you immediately contain the damage of a spreading computer virus, such as a zero-day attack. 

According to Federal Times, on top of more traditional IT security precautions (firewalls, antivirus, network scanning tools, security settings, etc.), many organizations are taking out cybersecurity insurance policies.

With insurance coverage, you transfer the risk of cybersecurity penetrations to cover the costs of compromised data and provide for things like "breach notification to victims, legal costs and forensics, and investigative costs to remedy the breach."

Unfortunately, because there is little actuarial data for calculating risks, catastrophic events such as "cyber espionage and attacks against SCADA industrial controls systems are usually not covered. 

DHS has a section on their website that promotes cybersecurity insurance where they state that the Department of Commerce views cybersecurity insurance as an "effective, market-driven way of increasing cybersecurity," because it promotes preventive measures and best practices in order to lower insurance premiums and limits company losses from an attack. 

Moreover, according to the DHS Cybersecurity Insurance Workshop Readout Report (November 2012) cybersecurity insurance or risk transfer is the fourth leg of a comprehensive risk management framework that starts with risk acceptance, risk mitigation, and risk avoidance. 

I really like the idea of cybersecurity insurance to help protect organizations from the impact of cybersecurity attacks and for promoting sound cybersecurity practices to begin with.  

With cyber attacks, like with other catastrophes (fire, flood, accident, illness, and so on), we will never be able to fully eliminate the risks, but we can prepare ourselves by taking out insurance to help cover the costs of reconstituting and recovery. 

Buying insurance for cybersecurity is not capitulating our security, but rather adding one more layer of constructive defense. ;-)

(Source Photo: Andy Blumenthal)
Share/Save/Bookmark

June 5, 2012

SDLC On Target

I found this great white paper by PM Solutions (2003) called "Selecting a Software Development Life Cycle (SDLC) Methodology."

The paper describes and nicely diagrams out the various SDLC frameworks:

- Waterfall
- Incremental
- Iterative
- Spiral
- RAD
- Agile


It also provides a chart of the advantages and disadvantages of each framework. 

Finally, there is a simple decision cube (D3) based on time horizon, budget, and functionality for selecting an SDLC framework. 

This is a very useful and practical analysis for implementing SDLC, and it aligns closely with the guidance from the National Institute of Science and Technology (NIST) Special Publication (SP) 800-64, "Security Considerations in the Systems Development Life Cycle" Appendix E that states:

"The expected size and complexity of the system, the development schedule, and the anticipated length of a system's life may affect the choice of which SDLC model to use."

While NIST focuses on the time horizon and complexity versus the PM Solutions Decision Cube that uses time horizon, budget, and functionality, the notion of tailoring SDLC to the project is both consistent and valuable. 

Just one more resource that I found particularly good is the Department of Labor IT Project Management guidance (2002)--it is a best practice from the Federal CIO website.

I like how it integrates SDLC, IT Project Management, IT Capital Planning and Investment Control (CPIC), and security and privacy into a cohesive guide. 

It also establishes project "thresholds" to differentiate larger or more significant projects with greater impact from others and calls these out for "more intensive review."

Even though these these resources are around a decade old, to me they are classic (in a good sense) and remain relevant and useful to developing systems that are on target.

(Source Photo: Andy Blumenthal)

Share/Save/Bookmark

September 25, 2010

Rethinking Topgrading

Topgrading is a best practice for hiring top performers, developed by Dr. Bradford Smart, and used by many leading companies.

According to Dr. Smart—managers have only a 25% success rate in hiring star performers:

  • 1 in 4 hires end up actually being a high performer (“A players”)
  • 2 of 4 disappoint as mediocre (“B players”)
  • 1 in 4 turns out being low performers (“C players”)

Smart blames this on ineffective hiring techniques—resumes, traditional competency/behavioral interviews, and candidate selected references—where candidates can provide incomplete information, play up accomplishments, downplay negatives, and deceive interviewers.

Instead, Smart’s practice of Topgrading calls for a much more thorough screening process and therefore one that yields up to 90% success rates; the techniques used include:

  • Reference calls specifically with former bosses, not just anybody provided by candidates.
  • Complete career histories including salaries, ratings, likes/dislikes, and reasons for leaving.
  • Competency/behavior interviews (same as in traditional hiring), but augmented by a second chronological interview that walks through with candidates all of their jobs (from the first to the last) in somewhat painstaking detail and includes all of the following: success/accomplishments, failures/mistakes, appraisals by bosses, and key decisions and relationships.

Topgrading also calls for Tandem interviewing—using 2 interviewers at a time. Again, the idea is to be thorough and thereby more careful in the hiring process to yield better results.

While I certainly agree with improving our hiring competencies and doing everything we can to hire the “best and brightest,” I think the premise of having everyone be an A player, all the time, is really more than a little naïve.

People are not things, like gems or coins that you trade and collect and see who has the shiniest, most valuable collection. Rather, people are human beings, and they come to work, as they do to all aspects of their lives, imperfect.

While I understand that Smart means by A player is not someone who is perfect, but “one who qualifies among the top 10 percent of those available,” and that we should of course strive to hire the top qualified available people for all our positions, I also believe that people come in all shapes and sizes and finding top quality is not a one size fits all (i.e. like a caste system), rather we need to find and match the right person to the right job.

Many will say, that prior successful behavior is the key determinate to future success, however, if your not failing, your probably not trying hard enough—so I think we need to look at people as a composite of who they are, what they’ve done, what their potential is, where do their interests lie, is it a god fit, and so on. It’s more than just are they “top 10” (grades, schools, appraisals, etc.). Remember the movie Rocky, he didn’t start out a top 10, but ended up the world champion.

In the end, we are all a lot more than our career histories and reference checks, and timing and fit have a huge impact on whether we are successful in a particular endeavor.

I know that I have certainly seen top performers from one job “fall on their face” in another job that was just wrong for them, and vice versa, people who failed miserably in one job (due to a misfit in culture, organization, boss, duties, etc.), thrive when they are in a better suited opportunity.

So Topgrading’s scientific approach to hiring has the potential of missing the finer point that people are complex organisms. The quantifiable approach is helpful, but only when coupled with qualitatively looking at the fit being the particular organization, job, person, place, and time.

Moreover, in searching only for the A players, Topgrading has the potential to perpetuate the way of thinking that we must only look for those who are robotic, conformists that get the best grades and appraisals, rather than breaking the mold and looking for those that are non-conformist, innovative, and put everything into question. Who will reward someone like that? Not everyone. So in some cases, it may actually be the A players that are the worst players—it actually depends on the situation.

In summary, I would say yes, Topgrade to do due diligence as a leader and manager in looking for and hiring the best talent, but recognize that people have ups and downs—sometimes due to the job, sometimes due to factors completely outside the job, and sometimes its their own undoing—but don’t expect that every one you hire will be perfect, are you?


Share/Save/Bookmark

July 31, 2010

Listening to Each Other to Succeed as a Team

There is an oft-cited best practice for conflict resolution called the speaker-listener technique—in which the speaker explains their position and the listener repeats back to the speaker what he heard him say. Then the speaker and listener switch roles.

After both sides have had a chance to express themselves, and the other side has repeated what they heard, both parties are ready to resolve their differences with greater understanding of each other.

The Wall Street Journal, 27 July 2010, in an article called “Fighting Happily Ever After” promotes the speaker-listener technique for improving couples communications and making happier, longer-lasting relationships.

I believe that the speaker-listener technique works not only because it improves the actual information flow and understanding between people, but also because it improves the perception that people have towards each other—from being adversarial to being collaborative.

In the sheer act of reaching out to others through genuine listening and understanding, we establish the trust of the other person that we want to work toward a win-win solution, as opposed to a clobber the other guy with what you want to do, and go home victorious.

In contrast, think of how many times people don’t really talk with each other, but rather at each other. When this occurs, there is very little true interaction of the parties—instead it is a dump by one on the other. This is particularly of concern to an organization when the speaker is in a position of authority and the listener has legitimate concerns that don’t get heard or taken seriously.

For example, when the boss (as speaker) “orders” his/her employees to action instead of engaging and discussing with them, the employees (as listener) may never really understand why they are being asked to perform as told (what the plan is) or even permitted to discuss how best they can proceed (what the governance is).

Here, there is no real two-way engagement. Rather, workers are related to by their superiors as automatons or chess pieces rather than as true value-add people to the mission/organization.

In the end, it is not very fulfilling for either party—more than that when it comes to architecture, governance, and execution, we frequently end up with lousy plans, decisions, and poorly performing investments.

Instead, think about the potential when employers and employees work together as a team to solve problems. With leaders facilitating strategic discussions and engaging with their staffs in open dialogue to innovate and seeking everyone’s input, ideas, reactions. Here employees not only know the plan and understand it, but are part of its development. Further, people are not just told what to do, but they can suggest “from the front lines” what needs to be done and work with others from a governance model on where this fits in the larger organizational context.

Speaking—listening—and understating each other is the essence of good conflict management and of treating people with decency and respect. Moreover, it is not just for couple relationship building, but also for developing strong organizational bonds and successfully planning and execution.

To me, creating a framework for conflict resolution and improved communication is an important part of what good enterprise architecture and IT governance is all about in the organization. Yet we don’t often talk about these human factors in technology settings. Rather the focus is on the end state, the tool, the more impersonal technical aspects of IT implementation and compliance.

Good architecture and governance processes help to remedy this a bit:

With architecture—we work together to articulate a strategic roadmap for the organization; this provides the goals, objectives, initiatives, and milestones that we work towards in concert.

With governance—we listen to each other and understand new requirements, their strategic alignment, return on investment, and the portfolio management of them. We listen, we discuss, we understand, and we make IT investment decisions accordingly.

Nevertheless, at this time the focus in IT is still heavily weighted toward operations. Research on IT employee morale shows that we need to better incorporate and mature our human capital management practices. We need to improve how we speak with, listen to and build understanding of others not only because that is the right thing to do, but because that will enable us to achieve better end results.


Share/Save/Bookmark

July 5, 2010

A Winning App Is Not Only an App Winner

In the government, just getting an “app winner” doesn’t necessarily mean you have a “winning app.” But that’s not stopping us “govies” from making progress!

As we all know, the Apple iStore has become hugely successful, with over 225,000 apps and the Android Market with almost 90,000 apps.

These marketplaces have grown fast and furiously because there is a simple and direct road from building the app to commercializing it. In the case of Apple, for example, I understand that the developer walks away with 70% of the revenue, Apple gets 30%, and the consumer can simply download the apps and start using it. Presto!

The government has attempted to capitalize on this apps development strategy by putting government data out there (i.e. data.gov) and letting the developers do their thing (i.e. create apps that are supposed to be useful to citizens).

In distinction to the private sector, the government doesn’t have a marketplace where developers simply make their apps “available” for use. While in the Apple store, any developer can post an app for use, in the government there is no open store like that.

To spur apps development, a number of government agencies have been hosting contests for best applications, but despite the fanfare, many do not get past the initial stage.

Government Technology Magazine (July 2010) in an article titled “Life After Apps” quotes Chris Vein, the CIO of San Francisco, who states that “just because it [an app] wins doesn’t mean the jurisdiction actually gets to use it.

Jay Nath, the innovation manager of San Francisco explains that “because applications submitted in the competitions don’t go through normal procurement channels, cities cannot use them as ‘official’ apps.”

Whether this changes at some point down the road, I do not know, but it seems like something for government procurement specialists to look at, because there may be an opportunity here to save money and serve taxpayers more effectively.

Even Washington, D.C., which became famous for its 2008 apps contest, is rethinking the “apps craze.” The city has discontinued its annual Apps for Democracy competition due to concerns over “sustainability and value of apps produced.” The District wants to look again at how to engage entrepreneurs to “solve core government problems.”

Nevertheless, there are signs that government interest in developing apps through contests remains strong. For example, “Apps for Army,” a contest for Army personnel, launched on March 1.

In a similar vein, the General Services Administration recently announced that they are using “ChallengePost” to announce contests and have the public suggest, discuss, and rate ideas. This is now being used for AppsForHealthyKids.com, a competition sponsored by First Lady Michelle Obama as part of her important campaign to end childhood obesity.

Overall, there is a lot of innovation out there in government, and a strong desire to collaborate with the public. DC and San Francisco and other major cities as well as the federal government are taking the conversation about apps development to the next level in terms of governance best practices for getting value from them and ultimately bringing the apps to the users who need them.


Share/Save/Bookmark

June 5, 2010

Reorganization Best Practices

Sometimes a leader has to consider and implement a reorganization (“reorg”) as this can benefit a organization.

Organizations are not a static environment, but rather are dynamic systems. To survive, organizations must adapt to changes in the external environment and from changing forces within, by reorganizing in ways that improve the organization’s ability to perform.

Harvard Business Review, June 2010, has a couple of important articles on this topic (the articles are actually in reverse order in the issue):

1) “Change For Change’s Sake” by Vermeulen, Puranam, and Gulati

2) “The Decision-Driven Organization” by Blenko, Mankins, and Rogers

In the first article, the authors assert that “even successful corporations have to shake things up to stay ahead of the competition.”

  • Sometimes, this can be driven by changes in the competitive landscape necessitating that we adapt to meet these head on.
  • At other times, it is because of internal organization dysfunctions such as where: routines are stifling innovation, silos are hampering collaboration, and resources have become entrenched with the powerful few—these will hamper performance and potentially destroy the organization if not disrupted.

In the second article, the authors recommend that reorganizations should focus on better decision-making, i.e. on structures that “improves the organization’s ability to make and execute key decisions better and faster than competitors.”

  • Reorgs are seen as necessary for creating the right structure to perform: “Like Generals, they [CEO’s] see their job as putting the right collection of troops in the right place…Nearly half of all CEOs launch a reorg during their first two years on the job.”
  • Results of reorgs are generally poor: According to a Bain and Company study of 57 reorganizations, “fewer than one-third produced any meaningful improvement in performance. Most had no affect, and some actually destroyed value.”
  • Start with a “decision audit”: “Instead of beginning a reorg with an analysis of Strengths, weaknesses, opportunities, and threats [SWOT], structural changes need to start with what we call a decision audit. The goals of the audit are to understand the set of decisions that are critical to the success of your company’s strategy and to determine the organizational level at which those decision should be made and executed to create the most value.”
  • Align organizational elements to optimize decision-making: Organize assets, capabilities, and structures to “make the essential decisions and get those decisions right more often than not.” Similarly, align “incentives, information flows, and processes with those related to decision-making.”
  • Avoid conducting reorgs that degenerate into turf battles and horse-trading: “Powerful managers grad decision rights they shouldn’t really own while weak ones surrender rights they really should own. [Further,] people end up with responsibilities hat are defined too broadly or too narrowly, given the decision they need to make…without a focus on decisions, these power struggles too often lead too creeping complexity in an organization’s infrastructure.”

In my opinion, reorganizations are likely to be most successful when they have specific goals such as adapting to changes, creating new opportunities, closing gaps, and fixing misalignments. Simply “shaking things up” is not enough reason.

Secondly, aligning the organization around execution is as important as better planning/decision-making. Therefore, we should restructure around two areas—strategy (i.e. planning and decision-making) and operations. For example, in Information Technology, we could restructure and align the organization to improve:

1) Strategy formulation: This involves reorganizing to improve architecture and planning, investment decision-making, project management oversight, customer relationship management, and performance measurement. (Reference: The CIO Support Services Framework)

2) Operational execution: This involves reorganizing to improve IT execution of network and operations, systems lifecycle, information management, and information assurance.

Thirdly, success depends on implementing the reorg with people, funding, and other tangible changes that will help the reorg to meet its goals. This advances it from “redrawing the map” to giving it “the legs” to work on the ground, and is the most exciting stage in seeing the vision be fulfilled.

By reorganizing with specific goals, focusing on better decision-making and execution, and on fully implementing the reorganization with enabling structural and process changes, executives can broadly and deeply impact the performance of the organization for the better.


Share/Save/Bookmark

February 10, 2010

Damned If You Do, Damned If You Don’t

Frequently employees face double-bind message in the workplace and these not only impair morale, but also can result in poor decision-making.

One example has to do with whether we should apply tried and true, best practices or be creative and innovative. This manifests when employees bring innovative approaches to the table to solve problems are told, “there’s no reason to recreate the wheel on this.” And then when the employees take the opposing track and try to bring established best practices to bear on problems, they are told disparagingly “ah, that’s just a cookie cutter approach.”

Another example has to do with when and how much to analyze and when to decide, such that when employees are evaluating solutions and they hustle to get a proposal on the table, only to be told they haven’t done enough work or its superficial and they need to go back, “do due diligence, and conduct a more thorough evaluation.” Then when the employees go back to conduct a thorough analysis of alternatives, business case, concept of operations and so on, only to be told, “what is taking you so long? You’re just getting bogged down in analysis paralysis—move on!”

I am sure there are many more examples of this where employees feel like they are in a catch 22, between a rock and a hard place, damned if they do and damned if they don’t. The point is that creating contradictions, throwing nifty clichés at employees, and using that to win points or get your way in the decision process, hurts the organization and the employees that work there.

What the organization needs is not arbitrary decision-making and double-bind messages that shut employees down. Rather, organizations need clearly defined, authoritative, and accountable governance structure, policy, process and roles and responsibilities that open it up to healthy and informed debate and timely decisions. When everyone is working off of the “same sheet of music” and they know what is professionally expected and appropriate to the decision-making process, then using clichés arbitrarily and manipulating the decision-process no longer has a place or is organizationally acceptable.

We can’t rush through decisions just to get what we want, and we can’t bog down decisions with obstacles, just because we’re looking for a different answer.

Sound governance will help resolve this, but also necessary is a leadership committed to changing the game from the traditional power politics and subjective management whim to an organization driven by integrity, truth, and genuine progress based on objective facts, figures, and reason. Of course, changing an organization is not easy and doesn’t happen overnight, but think how proud we can be of our organizations that make this leap to well-founded governance.


Share/Save/Bookmark

January 22, 2010

Checklists: Safety Nets or Strangleholds

Many functions in government are guided, if not driven by checklists. For example, federal information technology management has many checklists for enterprise architecture reviews, capital planning and investment control, IT acquisition reviews, configuration management, systems development life cycle, IT security (FISMA), Privacy, Section 508, and more.

One of the frequent criticisms is that these functions are just compliance-based and are not focused on the real-world task at hand—whether it be planning, governing, executing, servicing, securing, and so on. For example, many have said that FISMA needs to be amended, because our IT security staffs are so busy with their compliance checklists and reports that they are not adequately focused on strategically or operationally securing the enterprise from attack. Similarly, EA review boards have been criticized for being an almost thoughtless checklist of architecture alignment to the FEA and not of real planning value.

Yet, inherently we know that checklists are valuable and that is why they have been so heavily mandated and incorporated into our processes. Without the checklists, we know from past experiences with failed IT projects, poor IT investment decisions, and security issues that many of these could have been prevented if only we had thought to ask the right questions, and so these questions got codified—and we learned from some of our mistakes.

With regard to this, there was a fascinating book review in the Wall Street Journal on a book called “The Checklist Manifesto” by Atul Gawande.

The author:

Mr. Gawande makes the case that checklists, plain and simple, save lives and we need them. He cites examples of “how stupid mistakes in surgery can be largely eliminated through pre-operative checklists” and how “checklists first became the norm in aviation, where pilots found that minor oversights in sophisticated planes led to tragic crashes.”

Overall, the book’s author maintains that “checklists seem to be able to defend everyone, even the experienced against failure in many more tasks than we realized. They provide a kind of cognitive net. They catch mental flaws.”

The reviewer:

The reviewer points out the important flip side to checklists as follows: “Bureaucracy is nothing but checklists. That’s part of what’s wrong with government—officials go through the day with their heads in a rulebook, dutifully complying with whatever the lists require instead of thinking about what makes sense.”

The reviewer makes the point that someone in authority needs to use judgment and that means: “relying on individual creativity and improvisation—the opposite of a checklist.”

The review goes on to then try and address the seeming contradiction between the need and value of checklists and the stifling effect that it can have by pointing out that “The utility of formal protocols [i.e. checklists, standard operating procedures (SOPs), etc.] varies with the nature of the activity—some activities are highly systematized, like engineering and other dependent on the judgment and personality of the individual. Spontaneity and imagination are important in many jobs.”

So there you have it—checklists—are helpful in defined, routine, almost mechanized areas where we can identify and itemize the necessary tasks, they are common to its performance, and they are proven to help avoid frequent oversights and mistakes. But where agility and innovation is called for, checklists can lead to either bureaucracy and/or missing the mark in getting the job done.

So are checklists helpful or hurtful with technology?

On one hand, technology is a fast-changing, innovative field that drives organizational transformation and thus it cannot primarily be a checklist function. Technology requires visionary leaders, talented managers, and customer-driven staffs. There isn’t a checklist in the world can inspire people, build meaningful customer relationships, and solve evolving, large and complex business problems.

On the other hand, there are common IT operational functions that need to get done and well-known pitfalls, and for these areas checklists can help us not make the same dumb mistakes again and again. For example, we can check that we are not making redundant IT investments. We can verify that appropriate accessibility for the handicapped has been provided for. We can safeguard people’s privacy with appropriate assessments.

The place for checklists in IT is pretty clear:

· STRANGLEHOLDS—Checklists cannot be a stranglehold on our business performance. They are not a substitute for thinking and doing. They cannot replace dedicated, talented, hardworking people addressing challenging and evolving business requirements with new and improved processes and technologies.

· SAFETY NETS—Checklists are safety nets. They are codified best practices and lessons learned that help us in not making routine, yet costly mistakes again.


Share/Save/Bookmark

August 18, 2009

DHS OIG Report on My User-centric EA Implementation at the Coast Guard

Just learned of new Department of Homeland Security (DHS) Office of Inspector General (OIG) Report documenting the significant progress of Enterprise Architecture and IT Governance program at the U.S. Coast Guard, which I led up to and during the majority of the audit.

I am pleased at the recognized progress and at the terrific work that my team accomplished there--I am very proud of all of them!

Of course, there is more work to be done, but the right EA infrastructure has been put in place to accomplish the goals and objectives set out.

Here is the link to the report: http://sites.google.com/site/thetotalcio/Home/links/EAOIGReport-July2009.pdf?attredirects=0

"The Coast Guard has made progress in developing its enterprise architecture by defining its enterprise architecture framework [User-centric EA] in alignment with both federal and DHS architectures. In addition, its enterprise architecture is aligned with the Coast Guard's IT strategy. These achievements have been possible because of executive support for the enterprise architecture effort."
Share/Save/Bookmark

May 11, 2009

Innovation Goes Both Ways


A soldier with an iPod mounted on his wrist takes aim with his assault rifle

http://www.independent.co.uk/news/world/middle-east/iphones-in-iraq-ndash-the-us-armys-new-weapon-1682655.html


It used to be the military technology often found application in the consumer world (like the development of the Internet from DARPA). Now, consumer technology is being used in battlefield theatre (for example, iPods and iPhones).

Enterprise architecture is being turned upside down in terms of the traditional migration path of technological innovation.

Perhaps, the practice of applying technological innovation to other areas regardless of from where they originate is the best model of them all!

In this way, we share and match the best and brightest ideas and product designs to new areas of applicability, opening up more uses and markets for successful product launches.

Share/Save/Bookmark

March 21, 2009

Challenges of a Change Agent

I have always been fascinated by leadership and how to grow an organization in spite of a broad variety of obstacles to change and maturity.

Indeed, as I have studied, read, watched, and practiced leadership and change initiatives for over two decades, I am always intrigued at the role of the change agent.

Certainly, it is hard to be a change agent for so many reasons. It is hard to change yourself let alone to get others to change. It is hard to exist in an environment where you see new and different possibilities, but others see only their way or the highway. It is hard to see others jockey for power and revel in the humiliation and shame of their peers. Change is only for the strong-hearted.

It’s interesting to me that change agents are often alone in the enterprise. They are specifically brought in fix highly ingrained problems that very often culturally rooted and that are damaging to the continuing maturation and success of the enterprise. But the change agent is coming in with “fresh eyes” and accompanying toolkit of best practices from outside the insular dynamics of the dysfunctional organization.

But the change agent is alone, or relatively so as they may be others who are “bucking the trend,” to try to bring a new openness and flexibility to the stagnant corporate culture and decaying ways of doing business that descend like death over complacent or arrogant organizations that think that once on top of the world, always on top.

Applause to the organizational leaders who are aware of processes, products, and ways of thinking that are broken and recognize the need for change and attract the agents of change and agility.

But the change agents run against the tide. They are new and are viewed as not knowing anything about the organization. Moreover, they are perceived as a danger to the comfortable long-standing held beliefs and ways of doing things. And moreover, they are seen as a threat to the incumbents. So from the incumbents perch, the change agents need to be shamed, humiliated, thwarted at almost any cost. And the change resisters in the established hierarchy “revel” in every obstacle they throw up.

There is an interesting article in the Wall Street Journal, 21-22 March 2009 about a website where people “revel in each other’s humiliation.”

The French site www.viedemerde.fr has 70,000 readers and it has “become a phenomenon in France…it receives a thousand or so new stories a day from which three young men who run it pick a dozen or so to post…the site now has 7,200 vignettes picked from nearly 400,000 sent in.”

It started a couple of years ago by the founder who “started posting stories online about the frustrations of modern life.”

The stories of life difficulty that are shared and read by others is closely aligned with Schadenfreude, a German word which means “One’s person’s misfortune is another’s happiness.” Or another version for the popularity of the site is that “one person’s misfortunes reassure another.”

Whichever explanation you adhere to for the popularity of people posting and reading about other people’s misfortunes and shame, points to people’s need to open up and release thoughts and feeling that are shameful and painful; people have a need to share, commiserate, and gain acceptance and to know that they are not alone.

Now there is an English language version of the popular website www.fmylife.com and “stories are flooding in. But the content is often similar. ‘It’s like there is a kind of solidarity among all countries when it comes to misfortune. We are all in a big, international pile of crap—but we’re in it together.”

The enterprise, its diehard stalwarts, and the change agents are also in it together. And they will either sink or swim. Hopefully, they decide on the latter.


Share/Save/Bookmark