06 Jul Managing the health of process and technology change #1
I have held back from commenting for a little while now, but it has been over three months and the story continues with recriminations and reports. Of course, I am referring to the Queensland Health payroll situation. I will focus on just one aspect of it, the number one and often repeated error of our top five oversights associated with major failures of this type.
This error is the biggest threat to successfully adopting process and technology system change, such as Payoll implementations. That error is in not recognising the organisational risk at stake. Let’s face it, for a payroll implementation the major risks should be clear, i.e. not paying your hard working staff.
So given the troubles that have been encountered let’s start with the management of risk. Apparently, as reported in The Courier Mail on the 14th April, there was some debate over whether a memo made its way to the Minister in charge of the Health portfolio. There have been many questions about what advice was provided to whom as you would expect. But this kind of misses the point.
Whether the memo got there or not shouldn’t matter. For all large organisations, changing payroll is a high risk activity. It should be so high that those in charge should be obtaining the necessary assurances to ensure it is under control, not waiting to be told if it is not. This is where too many process and technology change programs go awry…poor recognition of the organisational risk at stake by those at the more senior levels. No this is not “an IT thing” this is, as in most “IT” these days, a business thing.
We must assume that the Minister and significant others knew of the project. After all, it would have likely required Cabinet approval. And with a change to a payroll system that pays approximately 1/3 of the Queensland public service it should rank high on the risk profile.
As such it should have resulted in pro-active verification from the executives and stakeholders, with specific questions being asked and specific standards being defined, not a call me if you need me approach. The QAO report defines some of these standards such as governance, testing etc. The lack of them, while being tangible, is a symptom of not understanding the risk, rather than the root cause of these situations.
Maybe I am going out on a limb here but I really don’t think so. This remains an industry wide issue. There are way too many “failures” still happening with regularity, and too many senior business (and government)players who still think of these situations as an “IT thing” instead of a major risk to the success of their business, for anyone in this latest situation to feel singled out. They have too many friends from those who have preceded their path to feel that way.