This week in my classes at UTS, I put up this quote in a lecture on Agile Methodologies and Lean Thinking:
As our companies turn into highly focused software organizations, we must change the way we manage them. A continuous learning environment fueled by round-the-clock customer insight and feedback demands teams, environments, decision-making structures, and funding models that exhibit the true meaning of the word agility — resilience, responsiveness, and learning. – Jeff Gothelf, Bring Agile to the Whole Organization, Harvard Business Review
The point the Gothelf makes is an important one; that companies need to react more to the changing world around them. But the issue that stops people from truly embracing agile methods in their business has more to do with their incapacity to accept that every organisation is becoming a software organisation. I’ve had long arguments with people who stubbornly claim that the software they use is “just a tool” and that their core business remains steadfastly technology-free and that considering themselves as a software company would compromise their customer relationships. Some have even noted that until forced to change their methods by legal instrument, they will refuse to adopt software solutions to support business functions, because they have customers who don’t want them to change. They say that customer privacy, equity of access to technology resources and legal barriers to use compel them to resist change. And more recently they point to the #CensusFail in Australia as ‘proof’ of the unreliability of technology.
I’d argue that these self-proclaimed custodians of traditional business processes have placed undue trust in the security and integrity of their methods. And they misunderstand the issues of technology management.
Let me illustrate with an example from my local post office branch. When I have a package delivered to my apartment, there’s no way to store it in our tiny letterboxes, so I get a card in my letterbox to collect from my local agency. My local agency keeps an exercise book with my name and address written in, including the code of the parcel and its position in my post office. When I come to collect a parcel, they have to look up my name in the book, and once they locate my parcel, they just run a line through that entry in the exercise book. Now I don’t doubt this has been working for some years as a method. And I’m fairly sure the post office is well managed. But it’s an exercise book. What happens when they fill it up? Do they shred that document to get rid of the addresses? Or do they just chuck it in landfill? Who has access to that exercise book? How sure are they that no-one is inappropriately accessing it? As it is, when they open the exercise book, I can see the names and addresses of dozens of other people who have packages they are picking up from that office. Technically by allowing me to see that data, the office is already breaching the privacy of the other patrons. The whole notion of manual parcel tracking being a mechanism to protect privacy is deeply flawed. A screen that is turned away from a customer, with password access to authorised users, and processed with a barcode entry, would be both more private and more efficient.
There’s no doubt that technology management requires expertise to ensure that the sort of technology failure that occurred at the Census doesn’t happen again. But a lot of the reporting around data being stolen is fear-mongering. And as was demonstrated in the weeks following the failure, traditional government procurement processes which favour very large enterprises can act as a barrier to efficiency. For instance in the case of the Census, a (legitimate but misinformed) concern over data privacy meant that the system used to store and handle entries was insufficient to deal with the number of people connected to the server. The structure of the system purchased was largely at fault. And as students proved in the hackathon on 13-14 August in Queensland, it could have been built for 0.0005% of the price actually paid by the ABS for the system.
Organisations also need to properly understand the legal risks over data. So often, middle management workers will assume they can’t provide access to data and materials when actually they have no real reason set these barriers. And more often than not, companies that profit from existing systems of data storage are actually contributing to misinformation about data security and privacy. It’s essential that firms do a better job of informing teams over how data should be handled. Barriers shouldn’t be set because it’s easier to prevent access than discover the way in which data can be shared. Barriers should rather be a worse case scenario – rather than the default for business practice.
Every organisation needs to be better informed about what they do. To be better informed, governments and companies do need to do as Gothelf suggests: they need to change the way they work. Older systems of business are actually putting businesses at risk. Every company *is* becoming a software company. And rather than resisting change, it’s time for firms to take some responsibility for their operations and to be better informed about what they do. Otherwise they are putting us all at risk.