< "Up to Date" isn't the same as "Knowledgeable" | In Defence of Vulnerability Researchers >
Divide Labour Cautiously
In large companies very many support departments and people exist to deal with specific functions of the business. What baffles me is how these departments usually serve to create more work, not less, and it seems the original intention has been lost. For example, at my $previous_employer each manager was responsible for their own invoicing and billing even though people existed to specifically manage this process. What happened was that those people had to report on how the process was running to their higher ups, and so spent their time devising ways for them to manage their reporting. This resulted in additional fields or forms that we needed to complete when doing our billing, instead of someone taking the burden of billing from us.
What's more is that these groups tend to optimise for their limited view of the world or for specific reporting requirements that upper management would like to see. So while it may make sense to them to recover as much money from clients by having staff members allocate every single phone call to a current engagement, the actual burden placed on the staff isn't understood.
This lead me to come up with some guidelines:
- Recognise that reporting on a process, and performing the process are two different tasks.
- Don't give a group the role of managing a process if they won't be fully responsible for it, the entire task should be handed over to the group, not just pressured by the group (Keep the group in check by aligning externalities).
- Balance the needs of upper management with the burden placed on staff, trade off some "nice to have reporting" against "nice to have staff".
With all these support departments requiring to report on this or that statistic, came a small amount of administration for each. Much like how each bird in a flock, or each fish in a school is a small part of the flock/school, so is each piece of admin. However, when taken as a whole, emergent behaviour is observed, which in the case of a flock in a pretty formation, but in the case of admin is late nights performing work that irritates your staff, results in no innovation, no new work and seemingly never ends when viewed over a lifetime.
The impact of this is that in the short term, the admin may be bearable, but in the long term the cumulative weight of it becomes a strong disincentive to remain at the company.
And so, the guidelines:
- Optimise administration across support departments, and ensure a complete view of the burden placed on staff.
- Provide support staff whose role it is to perform the administrative work in its entirety and not report on it beyond the reporting that was previously occurring.
At some companies, there's an idea that you start out technical, then grow out of it. This is represented by the seniority distribution of staff. If all your managers "don't really do that anymore" and all the junior staff do the actual work, then you've screwed the pooch. You end up with "managers" performing expensive administration being paid better than staff performing billable work with the only means of progression being to become better at performing expensive administration. This has tons of knock on effects, you keep loosing your most experienced technical staff, your innovation only comes from junior/inexperienced staff and the ability to create services and consistently deliver them is lost.
- Encourage staff to do what they're good at. If what they're good at isn't what you want them to be good at, consider terminating the relationship.
- Reward staff for doing what they're good at, don't limit monetary "progression" to a specific style.
Big companies love making standards and policies, even if those policies are untenable, unenforced and piss off staff. This is most prevalent in the internal IT division. For example, at my last employer the policy stated that we were only allowed to store 40Mb of personal data in "My Documents". Nobody did this. Worse still, there were several hundred ways to bypass corporate proxies because of the over excited webfilter (the post office was blocked as a porn site and this blog as "social media"). Instead the rules are used only when leverage is required. What's more, they irritate staff. Facebook can actually be a business tool, sure you can waste time on it, but you can equally waste time with a good book in your car. Leave people management up to line managers not IT. Being in security is even worse, because we need to run all the tools and visit all the sites you aren't supposed to.
What's particularly strange is the reaction when it is found nobody is following a rule. Most often a school teacher "eat your vegetables" approach is applied. There is hardley ever any analysis of "why" nobody is following the rule, or how to incentivise people to follow the rule.
What to do:
- Set rules when you need to, make sure there are generic enforcement rules in line with required legal things, but don't take it to the level of representing an arbitrary rule at a technical level unless there's a good reason for it.
- Set rules people will actually follow, if a mistake is made and nobody is following a rule, don't issue several reports "naming and shaming" at least try find the root cause and/or incentivise staff.