Hacking Work and Why It Is a Horrible Practice in IT

Bill Jensen and Josh Klein wrote a book title “Hacking Work – Breaking Stupid Rules for Smart Results”. It challenges readers to confront stupid rules that interfere with productive work. When it comes to taking on bureaucracy, an entity that perpetuates unless actively fought and monitored for needless expansion, this concept is a valid one. We currently have so many laws and regulations that there is a book titled “Three Felonies a Day” regarding all the laws you probably break. We have a moral obligation to fight the insanity of rules and regulations that exist for special interests, especially those that exist only to grow the bureaucracy. However, hacking work is a horrible practice in IT. Let’s look at the reasons why.
• Hacking work and finding shortcuts circumvents the IT policies intended to protect corporate data. And those who do not want to be inconvenienced may create holes through which malicious hackers may enter.
• There should be a clear process of submitting process improvement ideas in IT. No one should literally or figuratively hack the IT department’s hardware, software or work practices. People should have an avenue for suggesting improvements and better work methods long before they strike out on their own.
• Look for rules put in place to solve a problem and are growing into a mess. Focus on fixing the problem, instead of issuing rules. And regularly review your rules to look for those that are no longer needed.
• Convoluted processes may exist as the work-around for legacy software or conflicting work practices relative to software application workflow. When the software or work process changes, design a smooth workflow for both application and user to avoid hacking / shortcuts.
• Review your rules regularly. There is a tendency to solve poor judgment by requiring management review and/or approval. Instead, look for rules that maximize autonomy while minimizing risk. Instead of requiring management review of all proposed changes, use a CCB and multi-voting. If most of the reviewers vote down the change, the manager is never inconvenienced.
• Never permit employees to engage in shortcuts that compromise security or auditability. One employee logging in as a power user and permitting everyone else to work ruins the audit trail and opens the door to problems that are harder to correct.
• “Work hacks” should not violate the separation of responsibilities put in place to prevent fraud. For example, drafting and configuration management are two separate roles, so that drafters don’t automatically approve their own work. The financial staffers who write checks and the person who authorizes the expenditure should be separate individuals. IT systems should ensure that people cannot assign these tasks to the same person in the workflow management software or even assign all of the approval tasks to themselves in an effort to speed up the process.
• “Work hacks” are less likely if employees understand the “why” of a process, such as reviews and approvals being put in place in response to mistakes or fraud.

Advertisements
Filed under: An IE in IT

About the Author

Posted by

Tamara Wilhite is the IE in IT blogger for the IISE. She is a Six Sigma green belt with experience in IT, PDM software, the defense industry and recycling industries.