Something rotten…
Imagine a world in which surgeons routinely remove the wrong limbs yet face no retribution; where engineering contractors build unstable structures yet their order books remain full.
Such chaos is, of course, unthinkable. Our society relies on the close regulation of suppliers of professional services.
Whether it's an accountant, lawyer, surgeon or civil engineer, professional qualifications ensure that both service delivery and working practices are regulated. Incompetent practitioners are either disbarred or face imprisonment.
So why do no universally recognised professional standards apply in an industry that supports virtually every other profession and commercial enterprise - the IT industry?
We are all reliant on IT. No organisation, public or private, could function without it. The support services that feed into our businesses and government are dependent on IT for their very survival. What would be the impact of a global IT failure? It hardly bears thinking about.
All too often we read of IT systems that collapse, projects that fail to deliver and systems that are delivered late or grossly over budget. What happens to the perpetrators? Very little. Customers may seek commercial remedies, but the reasons for failure are usually so obscure that it’s difficult to attribute blame.
Employers move the culprits to other jobs, only for them to reappear on other projects with the same level of incompetence. The credibility of the service providers may suffer a temporary dip, but they continue to operate unchallenged.
How has the industry got away with it? Well, this is still a young industry. The early computer specialists brought professionalism from their own disciplines, so had an understanding of good and safe practice.
However, the extraordinary pace of change in IT means that the world is now dependent on an industry that hasn't had time to set mandatory standards and enforce professional codes of conduct and execution.
Of course, some would argue that there are probably more standards in the IT industry than any other. But these are not standards for safety or project success, and they aren't mandated by any but the most intelligent clients.
A team of IT staff delivering a £500m project is probably working in an environment where their desks, chairs, electricity sockets and even lunchtime sandwiches have mandated standards. But the programs they write have no standards at all - except for the standards that reputable service suppliers impose on their staff.
And let's be honest about how many IT projects evolve. It's just like a customer who wants a new conservatory. He or she knows roughly the objectives and scope of what they want. But they don't understand their requirements in detail.
The customer might, for example, want a 20ft unsupported span of glass for the ceiling. In these circumstances, the architect will say 'not possible' and 'if that's what you want, then I'm not the person for the job'.
The software salesman, on the other hand, will just press on with the sale. Then the implementation team starts on the job and gets told: 'we want it delivered in two months'. The project manager has only run one project before, looks at the supposed requirements, worries about his fee and says 'OK'.
Two weeks into the job, it becomes apparent that the requirements need an extra element to address the business issue. It was a fixed-price contract and the project manager, worrying about the profit target says 'OK'.
Finally, an IT architect joins the team because the designer has some technical difficulty with fitting the package to the requirements. The architect, who has never worked on a system of this type before, says: 'we'll code a bit here, add a bit there, it ought to work' - and goes on to another project.
What's happened here? No-one has had the courage or professional integrity to tell the client that, given the constraints of time and resources, they were asking for the impossible. Only once it's too late does the spectre of a claim appear over the horizon.
So the problem gets swept under the covers, contingency is eaten up, people work unpaid overtime, mistakes are made and unfortunately the art of system development is so difficult to judge that it is only when the system is delivered and fails that the awful truth emerges.
This is the grim state of the IT industry today. And something must be done.
Fumigating the industry…
The solution is quite simple: enforce the need for those who take responsibility in IT to have professional certification. That's quite a challenge given that the 1.3 million people who work in the UK IT industry cannot currently measure their professional standing.
In industries with established professions, consumers of services expect people to hold professional qualifications.
They may not demand them from suppliers, but employees hold these qualifications to enable the supplier to practise; they are valued by consumers and suppliers alike.
Not only do these qualifications confirm skills and experience, they bind practitioners to a code of conduct.
The IT industry needs a similar code of conduct. A consumer of IT services should expect a supplier's practitioner-employees to have appropriate training and experience; to have a demonstrable and successful track record; to have been independently assessed; and to be shown to abide by a code of conduct.
This means that these people have been independently assured to perform a particular role with competence. This idea of combining skills and experience with a code of conduct embodies the notion of professionalism.
IBM has always believed that professionalism is critical to a company that provides both products and services to the IT marketplace.
More than ten years ago, we established our own IT 'professions' with various disciplines and specialities to provide a professional development framework.
The professions span the organisation across the world and are independent of its structure. Entry and progression is assessed through peer review.
We believe that the value of professions is enhanced by their assessment by independent professional institutions such as the BCS.
We in the IT industry must not neglect the bigger picture. The business climate has changed in the wake of corporate failures. All stakeholders now expect and demand enforceable regulation of corporate conduct - via Sarbanes-Oxley, for example.
In the UK public sector, the Intellect-sponsored 'IT Supplier Code of Best Practice' has defined ten commitments that suppliers are expected to follow. Commitment ten specifically refers to 'Individual Skills and Professionalism'.
The IT industry must address the need for assessed professionalism. We at IBM believe that the behavioural nature of a code of professional conduct (rather than Sarbanes-Oxley's regulatory approach) will lead to a practical and rapid implementation for the IT industry.
We must remove the common acceptance of IT failure. This means a change of mindset across business and government. And the same standards of professionalism need to be adopted by the consumers of IT services.
The initiatives announced recently by the E-Government Unit to develop a profession for IT staff in the civil service are an excellent stimulus to make the professionalism agenda a reality, with public and private-sector organisations working together to bring about change.
With improved professionalism, the industry can control malpractice and thus reduce incompetence. The benefits flowing from this will include increased project success, better service management and increased customer satisfaction.
The IT industry must wake up, become more mature and start taking real responsibility.
Chris Nott, CEng MBCS CITP with acknowledgements for contributions to Chris Winter, CEng FBCS CITP, Graham Knight, FBCS CITP and Richard Lanyon-Hogg, FBCS CITP.
in a nutshell
- The IT industry supports virtually every other profession and commercial enterprise.
- Early computer specialists brought professionalism from their own disciplines, but the pace of change in IT means that the world is now totally dependent on an industry that hasn’t had time to set mandatory standards.
- The solution is quite simple: enforce the need for those who take responsibility in IT to have professional certification.
- A consumer of IT services should expect a supplier's practitioner-employees to have appropriate training and experience; to have a demonstrable and successful track record; to have been independently assessed; and to be shown to abide by a code of conduct.