«    »

Are Organizational Standards Harmful?

As a senior architect I work with and in some cases help create a wide variety of organizational I.T. standards:

  • Architectural guidance
  • Build and deployment standards like semantic versioning
  • Development practices like unit testing and continuous integration
  • Enterprise libraries, components, or services providing reusable functionality
  • Enterprise infrastructure like single sign-on, backups, or corporate desktop support
  • Documentation templates
  • ITIL processes like configuration management or problem management
  • Technologies (languages, frameworks, and 3rd party libraries)

I am very conflicted, however, as to whether all these standards are actually beneficial to the organization. On numerous occasions I have seen standards go 'bad' in one of several ways:

  1. The standard is ignored by the majority of the organization.
  2. Extensive management time and sometimes in addition audits are used to enforce overly detailed standards that end up consuming a lot of organizational effort for aspects of work that don't seem to matter in the big picture.
  3. An organizational unit ends up being a bottleneck, either to approve that work was done according to the standard, or to action a request. On several occasions I have been forced to wait multiple months for something that could have been accomplished in days if the standard didn't exist.

So why do organizations bother with standards? There seem to be three reasons that are most commonly cited:

  1. Promote the use of best practices which leads to better productivity or reduced risk, or which ensures compliance with mandatory external standards.
  2. Reuse code, infrastructure, or approaches which leads to reduced effort and cost.
  3. Achieve consistency between teams which leads to easier management oversight and reduced transition for people switching teams.

Unfortunately, there is no free lunch. Organizational standards suffer from a number of fundamental drawbacks:

  1. The local context of a specific team or even individual often requires some level of variation or customization of the standard for optimal performance. As one of the principles of context-driven testing states, "There are good practices in context, but there are no best practices".
  2. Standards require organizational effort to implement. The introduction of a standard can be modeled as changing the organization to a more ordered state with a corresponding reduction in entropy (chaos). This requires organizational energy to achieve and maintain. Having a standard solidly embedded within an organization's culture can significant reduce the maintenance effort but will not eliminate it entirely. In other words, standards come with a cost, both initial and ongoing.
  3. Standards often introduce bottlenecks or queues, which as lean theory tells us introduces waste in terms of unnecessary effort or delays. Unlike the prior two points, I can think of no theoretical reason why standards must exhibit this behavior, and can come up with hypothetical standards that avoid this problem (e.g. a standard mandating the use of a static code analysis tool). In practice, unfortunately, I have seen the opposite all too often.

Given that standards are not without costs, any evaluation of a standard should be based on a cost-benefit analysis that includes the following factors:

  • The essential purpose and expected benefits of the standard. This is especially important in allowing deviation / customization: every standard should have a rule stating that if the essential purpose of the standard cannot be met by following it, then the standard must be ignored in order to achieve the purpose another way.
  • The level of promotion or enforcement of the standard, which significantly impacts cost. Ensuring a standard is used by everyone is a costly endeavor, not only in terms of the initial rollout but also in terms of ongoing monitoring / auditing. Some companies like Google instead make all usage of common infrastructure optional - each team is empowered to make its own decision. (In this case, the term 'standard' only applies in a loose sense.)
  • The level of detail or ease of use of the standard. Very prescriptive or difficult-to-use standards drive up costs. For process or practice standards, one easy way to assess the level of detail is to use the page count of the document describing the standard.
  • What unintended consequences might arise from this standard? Will it introduce inefficient bottlenecks or queues? What new risks are introduced?

In some cases a standard may be based on a good idea, but becomes harmful in its implementation. For example, at one organization focused on a single business domain the longevity and usability of data was important for multiple reasons, so the organization introduced a naming standard for database tables and columns to be applied across all custom-built applications. One of the expected benefits was to make it easier for data analysts to use the data, especially when combining data from multiple applications. In implementing the standard, however, the decision was made to have a few people approve all names based on a complex naming standard and extensive documentation, which of course led to a bottleneck that negatively impacted development projects and led to excessive effort spent producing and reviewing all this documentation.

Standards may start off beneficial but become harmful over time, as conditions change. I have seen some standards be evaluated on a regular basis, but in many cases I have seen standards widely perceived as harmful persist, with no attempt made to discard or revise them. I think it would be an interesting experiment to add termination clauses to every standard (E.g. This standard is in effect for one year from its last review date.). Such standards would then need to be regularly reviewed to prevent them from expiring.

That is what I think - what is your take on standards?

If you find this article helpful, please make a donation.

One Comment on “Are Organizational Standards Harmful?”

  1. Eltjo Poort says:

    Great post on the need for a cost/benefit analysis of standards. I have been in a kind of “standards enforcement” role the last few years, and I think a key success factor in such a role is awareness that there is no such thing as a “universally applicable standard” or “best practice”. The only thing that works in applying standards is context awareness. Know when something is a “best fit practice” and forget about “best practice”.
    What helped us in developing RCDA: http://www.jot.fm/issues/issue_2007_07/column5.pdf?
    Ivar Jacobson “Enough of processes – let’s do practices”

«    »