It's not unusual for a user with some degree of familiarity of PCs and programming to come to IT with a request - "I need help developing an Access database to analyze ZZZZ". You know that the Access database could be done quickly and you know that the database would be beneficial. You also have some concerns about security, documentation, testing, backup and support with these user developed systems. Due to resource constraints it will be at least 6 weeks before you can provide an IT solution compared to a few days if you help them develop the database on their own.
How do you respond to this request?
"Help" photo by Cobber99
Got a question you'd like me to post for future discussion? Email it to me using the "Email Mike" link in the left hand column.
Excellent scenario...and I'm not sure if I have an answer.
This is the type of thing that creates the environment of 'shadow IT' (which you've written about considerably). If IT doesn't help the user in a manner in which they feel has provided them value, then they could very easily walk away and do things on their own.
Looking forward to seeing responses from others.
Posted by: Eric Brown | July 18, 2007 at 08:33 PM
As I am always tipping the IT apple-cart, my response is that they, in most cases, get the Access DB.
However, here is the slight caveat.
When you indicate that security is a risk, you have to ask, how much of a risk really? We open security risk all the time - balancing security versus ease of access/functionality.
Sometimes the worry about Shadow IT is founded, other times, if shadow IT results in a useful tool used for a short-period of time, thank goodness there are people who can prototype and develop something we might build on in the future.
If it provides extreme value to management in the short-term, and makes our life (IT departmental) harder down the road, so be it - the business need/value is the user, isn't it?
Of course, I'm biased. I make much of my living in the Shadow IT world these days - creating tools for departments that their IT group cannot or will not take on.
Heck, I'm not even a real programmer anymore. I love Access.
Don't let me in the door. ;-)
Posted by: Matthew Moran | July 19, 2007 at 08:43 AM
I worked at a company where one division developed an Access database to duplicate (rather, complement, with a lot more features) the ERP/Financial system. It was very intricate, and Corporate wasn't really jazzed about it.
But corporate wasn't meeting their needs. It was out of their hands. This attitude prevailed in what was supposed to be a centralized organization, where it was better (cheaper, faster, more appropriate). As the IT Manager I couldn't do anything but laugh ... in essence they came up with something that was BETTER for them than we had (well, the folks before me).
It's a darn shame that so many people feel unempowered in their jobs because they have to wait for months and months to get a functional tool from IT... especially now days with such simple yet powerful technology.
Of course, this was a few years ago, maybe my CIO thinking is rusty :p
Jason Alba
CEO - http://www.JibberJobber.com
:: self-serve career management ::
Posted by: JibberJobber Guy | July 19, 2007 at 04:03 PM
Eric, Matt, Jason
Thanks for commenting. This one is a tough call. As Matt says managing risk is a balancing act. Depending on the severity of the risk I guess I'd tend to okay the Access database - at least until we could replace with regular IT systems.
Mike
Posted by: Mike | July 19, 2007 at 08:08 PM
I have a high powered "Business Information Analyst" that works for sales and marketing, but has a really good relationship with the CFO and CEO. They had been complaining about lack of reporting solutions my IT group was providing, and that IT was a mess.
I got him to agree to taking an Access/SQL programmer on a 6 month contract. I essentially gave him 6 months to develop his own solution, placating his needs, but maintaining control of the IT environment around SQL and Access.
After 6 months, there was no finished product, my guys were not to blame, and the accountability was on the "Business Information Analyst".
The issue of "reporting" is still a hot button, but the political mess and negative perception is over, and the issue is now a very coplex one, that needs IT involvement, and cannot be solved by 1 guy.
Posted by: Dave | July 23, 2007 at 02:06 PM
Hi Mike,
I think it's important to manage the business needs. They may not be aware of the security risks, etc. but they can be made aware. Stakeholder management is the key.
I remember delivering a business solution in skunkworks mode at a tenth of the price quoted via the formal IT process. We built according to usual SLDC and called it a prototype/project phase 1.
Everyone was told that the system would have a short life and that it would not be stable and that a second (phase 2) project needed to be run to migrate it to a more stable and secure enironment.
The IT manager and business owner then had to business case the cost of the migration which they did. The system was then migrated at a marginal cost.
THe end result; the business got what they wanted quickly, the IT team got what they wanted a bit later.
It's an experience that I have taken with me as an important option when considering solutions, just like outsourcing development raher than using the in house team.
Craig
Better Projects Blog
Posted by: Craig Brown | July 24, 2007 at 08:49 AM
Dave,
That's an effective way to illustrate the issues. I wouldn't necessarily recommend it all the time but is certainly effective.
Mike
Posted by: Mike | July 24, 2007 at 09:20 AM
Craig,
Excellent suggestion on an approach to meet both the immediate needs of the business and the IT concerns. Sometimes we have to show a little flexibility and creativity as your example shows.
Mike
Posted by: Mike | July 24, 2007 at 09:21 AM