I have just been reading a blog 'Big organisation optimisation for small projects' from Bankervision. It raises some interesting questions about how accessibility needs to be integrated into small projects. You can read the whole blog but I will prescis it here so I can respond.
"My team and I are busy rolling out a new innovation... Yesterday... an email from one of our accessibility experts... had we done the mandatory testing... I'd not been aware of the mandatory requirement... I'd not budgeted for any such requirement... we will find a compromise...
However this situation brings something to the fore... The big project model requires lots of systems and processes... But the small project is one that can't afford much process... It is an endless flip-flop between not enough control and too much... But one thing is certain: process and controls are about controlling change, about slowing down responses so that things become predictable. They are never about moving fast."
I have some sympathy for James trying to run a project and being hit by some extra work late on but I completely disagree with his conclusion at the end. Process and control should be about moving a complete project ahead faster. They should be about two things:
- Getting things right first time so there is less rework later.
- Providing a framework for managing the project, thereby letting the project concentrate on the implementation and not having to think about how to manage and control the project.
The most important thing to 'get right' is to ensure that the project adheres to the policies of the business. For example any enterprise, especially a bank, will have business policies on security, privacy and business conduct, these are policies emanating from the CEO. The IT organisation will have developed IT policies to ensure any IT implementation adheres to and supports the business policies. It makes no difference if the project is big or small, nor if it is main stream or innovative, it has to adhere to and support the policies. The only way to make sure that happens right first time is for there to be process and controls for all projects.
You may have noticed that I did not mention accessibility policy in the last paragraph. I only did that to make a point. I do not believe that anyone would argue that security, privacy and business practice policies exist and need to be followed. I am sure that James's project took careful note of them and ensured compliance. The problem is that not everyone knows that the bank has an accessibility policy (I happen to know which bank James works for and I know it has such a policy). The policy is a business, not an IT, policy and basically says 'the Bank will make its services accessible to its customers and staff'. There are obviously IT processes and controls that support this business policy.
I am not sure why James got into this situation.
The first possibility is that he ignored all the process and controls related to projects in the Bank. In that case how can anyone be certain that there are not substantial security and privacy shortcomings in the system that is about to be delivered. Let alone concerns about performance, reliability, usability and fitness for purpose. I sincerely hope for his sake that this is not the case.
Another possibility is he did follow the relevant process and controls but that they did not include accessibility. If that is the case the processes need to be updated to include the necessary controls to ensure accessibility is baked in to all projects.
What is clear is that getting rid of the processes and controls is not the way to ensure that new systems comply with the policies of the business.
James is Head of Innovation and Research at the Bank I would recommend that he uses some of his effort to ensure that the policies of the bank are complied with using the minimum of effort.
Obviously this is a specific story with specific individuals but the same principles must apply to any organisation in any industry. Are you sure that your enterprise has got the right business policies and related processes and control in place?
I am posting my reply here but will also post it on the original blog.