Process Standardization is Key

Our IT frameworks and methodologies have one thing in common.  They all call for the development and standardization of processes.  These processes must become ritualistic.  A ritual is simply a highly precise behaviour that you do at a specific time so that it becomes automatic over time and no longer requires your conscious intention or energy.  These routines reduce the number of decisions you need to make (as well as reducing worry).  Consequently you will find it easier to use your limited resources to avoid, rather than solve, problems. 

Think of an airline pilot.  Would you want that your pilots wing it (pardon the pun) every time they get in the cockpit?  Or would you prefer they had a well-established, time-tested, standard routine they followed?  Well, I for one prefer the latter.  These routines help the pilot focus.  Pilots support their routines with objectives (arrive safely, on-time and at the correct airport), metrics (outcome measures like arrival time and performance metrics like airspeed and altitude), flight plans, strategies, policies (for example, lock the cockpit) and procedures (for example, checklists).

When you standardize you remove from your process the day-to-day little decisions that absorb most people for a significant part of their day.  President Obama professed he only wears gray or blue suits—one less decision he says he has to make.  Research shows the simple act of making decisions degrades one’s ability to make further decisions.  When you spend energy making too many little decisions, you’ll have less energy to make the more important decisions.  So standardize your processes so that employees need make fewer decisions, follow a standard routine and have less opportunity to fail.  The Japanese understand this and put into practice poka-yoke, which is any process mechanism aimed at avoiding mistakes.  Some call this mistake-proofing, fool-proofing or idiot-proofing.  I remember the old coaxial network connector labeled a BNC (Bayonet Neill-Concelman) connector, which was euphemistically called the British Naval Connector by the other services because they claimed even the Navy couldn’t get it wrong.  Some companies, like Google, understand this.  They have organized so employees have to make fewer decisions.  Think of Club Med and how relaxing it is not to make too many decisions.  You want your employees to be more productive at complex problem solving not figuring out how to do simple tasks.

Standardized work routines lead to a consistency in process performance, which leads to improved productivity without added stress resulting in better-quality, efficiency and cost-effectiveness.  Productivity also improves as you have a decline in variation through a reduction or elimination of errors and mistakes; that is, you have fewer defects and less rework.

Standardization also defines what information the process requires.  Anecdotally, I could tell you that most people do not like to document their process or their work.  But there is a real benefit to doing so.  You know that COBIT 5 defines inputs and outputs for each governance and management practice.  A paucity of information and you probably cannot do your job properly.  But what happens when you have too much information?  Well information consumes the attention of its recipients.  Therefore, an abundance of information creates a scarcity of attention, requiring you to allocate your attention efficiently among the overabundance of information sources.  Something has to give.

Some argue that standardization stifles innovation.  You are not trying to diminish or discourage the free-thinkers in your organization.  You just want to channel their thoughts in the right way: being creative when creativity is needed.  Again, the Japanese use Kaizen events for this, which involves quickly identifying and resolving process problems.

A world-class organization understands that process standardization is paramount.  Moving from ad hoc practices to standardized processes may seem daunting or not worthwhile, but organizations that invest the time and energy to do so will reap long-term benefits.  As Zig Ziglar said “You don’t have to be great to start, but you have to start to be great.”

By Peter T. Davis, CISA, CISM, CGEIT, COBIT Foundation, COBIT Implementation, COBIT Assessor, COBIT INCS, CISSP, CPA, CMA, CMC, ITIL FC, ISO 9001 FC, ISO 20000 FC/LI/LA, ISO 27001 LI/LA, ISO 27005/31000 RM, ISO 28000 FC, ISTQB CTFL, Lean IT FC, Open FAIR FC, PMI-RMP, PMP, PRINCE2 FC, SSGB, RESILIA FC is the principal of Peter Davis+Associates, a management consulting firm specializing in IT governance, security and audit. He currently teaches COBIT 5 Foundation/Implementation/Assessor, ISO 27001 Foundation/Lead Implementer/Lead Auditor, ISO 31000/ISO 27005 Risk Manager (RM), ISO 20000 FC/LI/LA, ISO 22301 Foundation, ISO 9001 Foundation and Project Management Institute Risk Management Professional (PMI-RMP) courses.


Category: Processes


Post new comment

The content of this field is kept private and will not be shown publicly.