Decision Maker

Is Change Control Killing Your Business?

Change control can sound good on paper, but it can also be used to shut down change entirely. Here's the process controls you'll want to implement to make sure innovation stays alive and keeps you (and your employer) happy.

More and more of today's businesses are adopting change-control and IT-management frameworks. There are great reasons to do so; after all, change is the leading cause of problems and failures in IT, so putting some brakes on change -- and properly managing it -- can help add a lot of stability to an environment.

However, as I work with customers on consulting projects, I often see change control being used as a hammer to shut down change entirely. "Oh, you want a new virtual machine spun up, do you? Well, that's going to have to go through the [insert spooky voice] change-control process! Bwa ha ha!"

Why Use Change Control?
Typical change management processes look like this -- at least on paper:

  1. Someone in the business asks for a change in the environment.
  2. IT has to review the change and prioritize it.
  3. Someone else in IT develops the change, and a third person in IT might review it for accuracy.
  4. A final person in IT approves the change for deployment, and the change is implemented.

This process has three important components: First, changes are scheduled, meaning they're happening at a known time, presumably when there will also be time to deal with unforeseen negative consequences that may arise. Second, changes are deliberate, meaning one or more people think about them and what might go wrong, and try to implement the change in a way that won't break anything. Finally, changes are documented, so if something negative does happen, there's a written trail of what might have caused it.

Let's face it: We in IT have always used our superior technical knowledge to repress our users. If we could get away with wearing burlap robes with rope belts, chanting Latin in the datacenter, you know we'd do it. We know that some of the stuff our businesses ask of us is annoying and inefficient, and we just don't want to do it.

Change control, unfortunately, provides a wonderful shelter when IT just doesn't want to do something. We shunt users through endless forms and query cycles.

I recall one example, where a client of mine wanted a virtual machine (VM) that would host a Web site. After six months and back-and-forth with IT and its change-management process, the business unit paying for the VM decided to get a hosted server at GoDaddy. It was cheaper, and it was running in a couple of hours. That's a horrible thing for IT to drive the business to do.

Kinder Change Control
The solution is to put some controls on change control. While change control is absolutely beneficial, it shouldn't be stopping the business from getting what it needs. Consider adopting a "Business Bill of Rights" that outlines some key protections that the business can use to override spurious change-control objections such as this:

  • The change-control process will be as smooth and as easy as we can make it for the business, and it will not consume time without a tangible reason that can be mapped to a business benefit.
  • If the business is willing to pay for it, then the business can have it in a timely fashion.
  • When IT tells the business how much something will cost, IT will use real numbers based on actual costs -- not made-up numbers that reflect IT's unwillingness to do the work.
  • Security risks by themselves are no reason not to do something. Dig to find the underlying business reason, such as, "We can't expose that kind of data because we'll be fined by the government." Then let business decision makers pit the competing business requirements against each other.

Today's businesses need to wring more and more out of IT, and sometimes IT resents it. Don't: The more work you're doing, the more you're needed and the safer your job is. Never say "never," and never use change control as a way of saying "no" without saying it.

About the Author

Don Jones is a 12-year industry veteran, author of more than 45 technology books and an in-demand speaker at industry events worldwide. His broad technological background, combined with his years of managerial-level business experience, make him a sought-after consultant by companies that want to better align their technology resources to their business direction. Jones is a contributor to TechNet Magazine and Redmond, and writes a blog at ConcentratedTech.com.

comments powered by Disqus
Upcoming Events

Redmond Tech Watch

Sign up for our newsletter.

I agree to this site's Privacy Policy.