Lack of Change Management – Human error is introduced via changes to production systems. When changes are not properly managed then risks to production and the business increases.
Development on Production Systems – Changes can and do fail. If development is allowed to change a production system directly then the odds of human error negatively impacting the organization increases.
Functional Silos – When functional areas are allowed to design services without the enterprise’s interests taken into account, then the level of variation and complexity in the environment will increase.
Inability to Criticize – In organizations where review and constructive criticism are stifled, the levels of unplanned reactive activities will only increase. Review should be designed into formal change management processes.
Lack of Communication – When modifications to systems are planned in isolation then the chances of dependencies causing incidents increases.
Lack of Documentation – When complex systems are not documented then it becomes increasingly difficult to train new people, understand the potential impacts of changes, etc.
Lack of Standards – As variation increases, the more people must try to learn and memorize increases. For example, it is easier to gain deep knowledge of three platforms versus 30. Similarly, for several processes versus differences between every employee.
Lack of Shared Objectives – If the objective for doing something isn’t clearly articulated and understood then the chances of individuals drifting from the intended objective increases.
Lack of Training – If people are not adequately trained on a new service, or specific system, then how can they possibly operate or support it without introducing errors?
Lack of Understanding Causality – When groups do not understand historical outcomes and formally track cause and effect then how can the culture evolve and risk behaviors be avoided?
Lack of Control and Process Knowledge – IT has long focused on technology to solve problems. Now, to enable the attainment of functional area objectives and organizational goals in a sustainable manner then proper control and process design must be coupled with the right people and technology.
Without proper controls and processes, then risks from human error and other vectors will only increase.
The above is just a partial list intended to invoke discussion. What we have witnessed during consulting engagements is some organizations may have multiple behaviors that, when combined further, increase risk levels.
Organizations must take a careful look at their culture and processes to understand and subsequently manage the level of human error being introduced. If we want to help safeguard the organization and its goals, then it is essential to understand what causes human error levels to increase and correspondingly, what can be done to reduce those levels.
George Spafford is a Principal Consultant with Pepperweed Consulting and a long-time IT professional. George’s professional focus is on compliance, security, management and overall process improvement.