If you talk with staff members in relatively new projects at large organizations, especially governmental organizations, you may discover an interesting pattern. When the group is formed, it is given a vision of what it is supposed to do. The team jumps on board and does everything they can to achieve that vision, based on their skills, knowledge and budget.
However, at some point the auditors turn up. They evaluate the “proper” use of budgetary funds and issue guidelines on what can / cannot be done, based on their view of the financial constraints. That is normally the beginning of the end of true efficiency for that group.
Here is an example;
A contractor was hired to remove graffiti reported by the people in town. They did an awesome job! Everyone was amazed about how quickly graffiti disappeared from view. However, the auditors showed up and slapped them down. Evil people that they were, they were spending city money to clean up private spaces and property belonging to other government organizations. City money cannot be used that way. Now, when their staff shows up at the location of some reported graffiti, they must first evaluate who can remove it. If the graffiti is on the wrong wall or building or property, they are only allowed to document it and report it to the correct organization. Even though they are there, with the tools needed to clean it up, they cannot remove it. However, they do get the pleasure of telling the person who originally reported the graffiti, that it has now been reported to another organization, and the ticket has been closed.
The other side of the coin can be just as bad;
I had a friend who was assigned to a three year stint in an auditing group of a large, private corporation. He was a computer technology researcher. On his first audit, he ran a scan of the network to verify what computers were actually hooked up in the site’s datacenter. Unfortunately, there was an old, fragile Windows NT system that crashed when his software sweep found it. It turned out that undocumented system was critical to the factory’s operations and the production line was down for three hours.
Management’s response was simple. Attack the messenger for running an unregistered software tool on their local network. Thereafter, he restricted his exploration of the networks to reading the documentation and running software that had been approved by local managers in advance. Software scanning tools were never approved.
I really don’t know how to fix these problems, given that auditing spending is what auditors do, and restricting access to the networks is what data managers do. Somehow, these organizations need to come up with ways to authorize actions outside of the “normal”, in the name of efficiency, security or productivity. Good luck with that!