Was it just a simple database query?

So the sensitive personal details of 25m people has been lost and there is a huge political furore over it. Whose fault is it? As far as I can see, (and this is my personal opinion,) blame must lie with IT, specifically the IT contractor and either the contract they work with or the perception of that contract.

The National Audit Office asked HM Customs and Excise for child benefit in “desensitized form”. Sensitive details were specifically asked to be removed, ostensibly to make the file size smaller. This would require a bespoke query to be run. It was deemed too costly so it was assumed that a full extract of the data would do. The fact that this was then burned to a CD, posted unregistered mail and lost is not the point (that is stupidity). What is the point is the IT contract prohibits the business (in this case the governmental offices) to do their job properly.

What sort of contract demands extra payment for a simple database query for “NI numbers, child benefit numbers and children’s names in order to select a risk-based sample of cases to audit as part of anti-fraud work“?

Surely this is an extra request that an experienced database analyst could easily run in the course of a day? If not you must ask why not – is it because the database is badly designed with nested tables and stored procedures and stuff that would make a decent DBA go eugchhh (I’ve seen that happen). If this is the case, the IT contractor has done a bad job; if an electrician worked in your house and left a mess of an electrical installation, would you keep employing them, even if they were cheap?

Maybe however it would not have incurred a cost and this was just the perception; “we must not… run additional scans/filters that may incur a cost to the department”. If this was case it suggests a breakdown in the relationship between the business and IT, with tendency towards the confrontational and transactional rather than co-operation and partnership.

Organisations that outsource their IT often fail to realise what the true costs are. Anything outside the terms of the contract is a change request. It is not unusual for the request itself to incur a cost (someone has to write the documentation, specifiy the design, estimate the effort) before a line of code is written. (At one organisation I worked with that had outsourced their IT function, I was told that to add some basic client-side field validation to a single field on an application form on their website was likely to cost in the region of £60k). The business starts to believe that everything costs and IT becomes a hindrance and a vicious cycle commences.

How could things have worked differently? Let’s say the HMRC IT department was run on more lean/ agile lines. With agile it embraces change. The request comes in (let’s assume such requests are not regular occurances) and in the morning stand-up the BA describes the request and asks the developers for its feasibility in a word. Someone says “yes, I ran a simiar querry last month, it’ll take me ten minutes”. (In reality double or treble that estimate), but it will not have an imact on the developers ability to get thier prioritised work completed. Alternatively the developers say “given the database structure we have inherited that’s a lot of effort” or the project manager says “another request?! pritoritise it like the others!” and it is prioritised in the weekly iteration planning meeting (pushing something else out) and then it gets done.

My hope is that when the inevitable investigation takes place, they don’t just look at the policies and procedures, but also at the underlying structure of the way that IT is managed.

Banking hasn’t moved on

My Great grandfather worked in a bank. He probably witnessed the introduction of the adding machine. Even then his work life would have revolved around the quill and ink; double entry book keeping, maintaining the accounts in journals and ledgers. In those days they were real journals and ledgers. And in balancing the books he would be reconciling data from one paper record to another.

Almost 100 years later and I recently found myself working for a bank… And I’m talking to people whose work lives, like my Great Grandfather’s, revolve around journals and ledgers. Only now their adding machines and the books have been replaced by systems.

Yet 100 years later their jobs remain similar to my Great Grandfathers. They are still reconciling data from one paper record to another. But it is no longer the journals themselves they are reconciling; now they are reconciling printouts of excel spreadsheets.

If IT was supposed to automate banking processes, take away “human error” and do away with reconciliation differences, IT professionals have failed to deliver on the promise. Indeed they’ve made things worse. The books may balance in one system, but add a few more systems, across the globe then things go a bit 1910. Manual reconciliation is still someone’s day job. It’s a sad fact that banking hasn’t really moved on in all that time.

What is your business?

Should “the business” care about IT? Should an investment bank trader know anything about XML, or a marketeer know anything about SQL? Probably not. Even less so should they be talking to their IT colleagues of their requirements in these terms. The business should speak to IT in a language of value driven requirements rather than implementation detail. Yet in many organisations (where IT has historically had a track record of failure), the business has taken a greater interest in IT delivery. They start talking the language of the techie. When this starts to happen business operations no longer see the clarity of their business. They see systems. In an investment bank setting: the trade is booked in Zeus. Settlements are handled by Minotaur, payments by Socrates. Corporate actions are handled in Hades. Depending upon the geographic region, client management might be handled by Tomsys, Dicksys or Harrysys. You ask a business person what do they do and they talk in terms of systems. Getting down to the underlying requirements of what they actually want to do is hard. Innovation and creative thinking are hard because we always return to what the limitations of the current systems are. Why there is a requirement for a Reconciliation System rather than asking why there needs to be any reconciliation in the first place.

So here’s a suggestion. Act dumb. Forget everything you know about the way you do things and go back to first principles. How would things be if we were starting from scratch. How would you describe your business intent (not the what you do now, rather what would you do) if you had to explain it to a novice who was starting a competitive business to put your business out of business. I doubt the word system would come into the description.

Joined up experience

The “customer” agenda has moved beyond CRM. “Customer experience” is being taken ever more seriously; some more enlightened organisations have customer experience representation at the board level. It’s all about thinking in terms of the experience customers have with us- considering every touch point – understanding the journey the customer takes from first becoming aware of our brand, through researching and purchasing our products to developing them as a loyal and profitable advocate of ours.

Sadly the IT that underpins many organisations doesn’t get the customer journey. It is routed in organisational silos and delivery channels that mean everything to the organisation but nothing to the business.

We know how successful our web channel is: we’ve got webmetrics. We know how successful our telephony channel is: we’ve got a sales force motivated to sell, and a dashboard that tell us their success. We know how successful our stores are: we’ve got sales data, we even measure footfall in our stores.

But is it joined up?

I go into a store and a salesperson helpfully shows me the product, but I’m not yet ready to commit. She offers me a great deal, I’m tempted, but I want to check it out on the web. I search the competitors, the salesperson was right, she was offering me a really good deal. So I got to their online shop and there is nothing like the tailored deal I was offered in the store. There’s a number on the website and I get through to the call centre. I start all over again. I get the same sales patter I got in the store and saw on the web. I’m offered a deal that is similar to that in the store. I’m ready to commit… but they don’t have any in stock, I’ll have to wait seven day. So can’t I buy it now and pick it up in the store tomorrow? I don’t think so.

Where is the driver to improve things? Each channel has contributed to the sale but each is a silo that has its own reporting lines. They are in competition with each other, each wanting the sale none of them recognising the other in the journey that led to that sale. Yet ultimately their failure to work together is destroying the brand value.

3 of 3