Thursday, October 13, 2016

Disruption is often simply a failure to prepare and evolve

Digital disruption is one of the buzz terms of the last few years, underscoring the increasingly rapid changes in society, industries and governments as new ideas and techniques enabled by digital technologies take hold.

Photo by Tsahi Levent-Levi
While some embrace this disruption (generally those doing the disrupting), for many it remains an unsettling or even negative concept.

Disruption implies a disturbance or breakdown in the existing order, a situation where the status quo is overturned in an unpleasant way. To disrupt a process is seen as interfering with the ordinary course of events, and 'disruptors' of events or organisations are rarely looked on in a positive light.

While many disruptions are predictable, they are often not avoidable - such as the impacts of a natural disaster or the consequences of a terminal illness.

Equally disruptions in business and governance, through new technologies, ideas and approaches, can often appear to come rapidly out of 'left field', even when they can have been expected for a long time.

However in many of these cases, disruption has a much greater impact on societies and organisations than it needs too, not because it was unexpected or not discussed, but because leaders refused to see the writing on the wall, and begin a process of communication, adaptation and evolution soon enough.

A classic example is Kodak Eastman - the inventor of the digital camera, whose business was destroyed by the product it originally designed and marketed.

Kodak did not go bankrupt because no-one within or outside the company could see the impact of digital cameras, or their widespread adoption into mobile phones, laptops, tablets, drones and more. The company failed because the company's leaders chose to believe that their business could not be disrupted, that their name, reputation and products would allow them to survive no matter where the market went.

As a result they adapted too little and too late to the 'digipocalypse', where film cameras rapidly disappeared and even the digital camera market fell as people started using other devices as their primary photographic tool.

When I hear business and government leaders speak of disruption, of new industries replacing old or new thinking flushing out the old, I often wonder how much is just talk and how much actual action is taking place in their organisations to adapt to new realities.

Few disruptions are truly unpredicted, although their course may be unpredictable, with some technologies being rapidly adopted and others festering amongst early adopters for decades.

Organisations that are truly committed to survival and growth don't talk about the 'disruption' due to digital, but of the opportunity to re-imagine their business models and redesign their operations, preparing for and adopting innovations and new ideas in an evolutionary manner.

By preparing early and evolving continuously these organisations never actually face actual disruption, because they are almost always in the right place at the right time, with the talent, tools and techniques at hand to move with the market, rather than trying vainly to keep up.

When these organisations are tripped up by market or social change, it's due to velocity, not disruption, and they remain well-equipped in talent and tools to pivot their operations to minimise any disruption.

If your organisation is facing digital disruption, consider why that might be the case.

Was the disruption truly unpredictable? Or did your management fail to watch the market closely, or ignored advice on the basis of their belief that the status quo was unshakeable?

Is the disruption due to a lack of preparation in the face of a clear and present danger? Or due to an unwillingness to change, even at the point of extinction?

While change is a constant feature of business and social environments, disruption is simply what happens to organisations who fail or fear to face change. Organisations that do not design structures, generate strategies or train and recruit staff who can lead and support the internal transition in a prepared and evolutionary way.

Therefore any organisation that has been disrupted should first look inwards, not outwards, for the cause, and take appropriate steps to ensure that, if it survives, it never makes the same mistake again - to inadequately prepare itself for environmental and market change.

And any organisation that foresees disruption ahead should be preparing now. In order to turn a potential disruptive event into a much less impactful, evolutionary step, that causes far less disruption or damage and buoys the organisation to greater future success. 

Read full post...

Thursday, October 06, 2016

Free range 'strike teams' of specialists are a long overdue innovation for Australia's public service

I'm very pleased to see that the Australian Public Service Commission is finally considering the introduction of 'free range' teams of public servants, unattached to specific agencies, who can provide specialist skills as and where needed.

I proposed this type of team while I was working within government almost ten years ago now, as I could see that there were a range of skills that agencies did not require continuously, but were needed across the public service all the time.

This included experienced community engagement professionals, a range of digital talents as well as design and implementation specialists.

Until now the hierarchies of the public sector have been designed against such free-roaming talent, able to converge as 'strike teams' to assist agencies when they need it, and move on to other assignments when the need wanes.

There's still the strong (almost feudal) hierarchies in place, but it seems that the innovation agenda, combined with diminishing resources and an increasing need for specialists, are helping to wear away the resistance to the recognition that it's all one federal public service.

I always found it peculiar that senior public servants were adamant that they served the government of the day, but chose to do so by building rigid organisations that made it harder for skills to move around, to be 'lent' or 'shared', but instead hoarded people as jealously as they hoarded data.

This always seemed a sub-optimal strategy for government, but one with very deep roots.

There's still a number of challenges ahead for the APSC in realising this idea. It still has to navigate the hierarchies of power - some agencies might wish to hold onto talent for too long, with brush fires between agencies that need similar resources at similar times. There's also likely to be all kinds of power struggled between agency 'owned' resources and the floating specialists, who may be seen as fly-by-nights, dropping in to offer their wisdom, then leaving the mess behind for agency staff to clean up.

The APSC must find public servants with the right psychology and mindset to move around, without having a 'fixed abode' or a hierarchy to protect their position and career progression.

Many people who work in this way already are contractors or consultants and may see little benefit in giving up salary for supposed job security, while new entrants from the private sector, who might be more used to mobility, may not find public service cultures or approaches congenial to their working styles.

However I'm glad the APSC is making the attempt, and hope it will be widely supported, particularly by smaller agencies with less capacity to hire or contract the specialist skills they need.

Read full post...

Friday, September 30, 2016

Australian government ePetitions compared to international models

Australians might be surprised to learn that the Australian parliament only agreed to formally accept ePetitions in July 2015.

That was five years after it was formally recommended to parliament and follows a trend towards epetitions set by other digitally advanced democratic nations, such as the UK and USA.

In September 2016 the Australian Department of Parliamentary Services launched its epetition site allowing people to create and sign epetitions at aph.gov.au/Parliamentary_Business/Petitions/House_of_Representatives_Petitions/Petitions_General - yes that is quite a mouthful.

I've reviewed Australia's site compared to comparative sites released in the US, UK and Canada to form some conclusions on how well we've done.

However, unfortunately for Australians, the model used for Australia doesn't measure up well.

UK - ePetitions

The UK's epetitions site launched in August 2011 at petition.parliament.uk and has been restructured several times over the last five years.

Today it is a sleek, easy to access platform that hides all the technical mechanics the UK parliament requires for petitions behind a usable and simple step-by-step process.

It's very simple to find and sign a petition, with the process for responses explained clearly on each petition's page. 

Sharing tools are embedded to make it simple to encourage others to sign. It's easy to view signatures geographically by electorate (great for parliamentarians and respondents alike).

The data for each petition is immediately available via a standards-compliant data format.

The process for creating new petitions is also simple and seamless.

It uses plain English and employs a range of assistive approaches to ease first-time petitioners through the process. This includes examples of how to write a petition and flagging information that will be required in later steps so the petitioner can pre-prepare.

The site uses text matching to find similar petitions so that a petitioner can choose to sign a pre-existing petition, rather than create a near-identical one - a step that saves effort for both petitioners and for the public servants who need to manage the system.

There's clear warnings when a petitioner reaches irrevocable steps, and the system supports and encourages sharing - to help the petitioner get the petition to audiences who may wish to sign.

All in all it's a solid and well-thought out system with excellent usability - very important when considering that most people rarely petition government and need a helping hand to navigate what can be a complex and seemingly irrational process for those who do not think like bureaucrats or politicians.

USA - WethePeople

The US's epetitions site is similarly five years old - launching in September 2011. Named WethePeople and located at petitions.whitehouse.gov, the site is structured differently, but is just as simple to use, as the UK's version.

While the site doesn't offer the same geographic mapping as the UK site does, it does provide very clear step by step instructions for both signing and creating petitions and is equally clear on the goal number of signatures required for consideration.

The government's responses to epetitions (which must reach 100,000 signatures to get a response) are clearly provided with the petitions themselves, making it easy to understand what was asked and how it was responded to.

The US system requires that people creating a petition must create an account - a small barrier to entry, but one that helps with screening. 

It also makes it easy to track repeat petitioners - a useful thing for a government, if slightly invasive in privacy terms for an individual.

Something I don't like about the site is that after creating an account it sends a confirmation email with a randomly assigned password in plain text. People who don't respond straight away could easily get caught out with identity theft, although the site does force you to change it after you confirm your email.

However when changing your address the site does provide an idea of how strong your password is and makes helpful suggestions on how to improve it (something I think all government sites requiring login should do by default).

Once a petitioner has an account they also get a dashboard to track their petitions, though unfortunately it doesn't also track petitions they have signed or autofill your details when you choose to sign a petition. This may be done for privacy reasons, but there's also huge convenience and utility in these steps.

The process for creating a petition is brilliant - laid out step by step.  

The ability to look at past successful petitions as examples is a nice touch and very helpful for first-time petitioners, and the filtering approach helps guides people to structure their petitions well. 

Later in the process petitioners also get to tag their petitions by topic, providing a useful way of filtering them to the appropriate agency and providing useful statistics for the government on the 'hot topics' for citizens.

The system doesn't have the matching of similar petitions as the UK system does, but nevertheless it's very polished and well executed.

Canada - e-Petitions 

Now the Canadian epetition system is interesting as it debuted in December 2015, less than a year before Australia's system. As such it hasn't had the same amount of time as US and UK sites to refine and restructure based on use. but has the opportunity to learn from their experiences to implement the best of both sites in a Canadian context.

The site is very simply named petitions.parl.gc.ca, similar to the US and UK epetition platforms, but has taken a different approach to either the US or UK sites.

There's no ability to see the latest petitions on the main page, users must use a search tool or click to see all live petitions. This shifts the propensity for people to browse and choose to sign by adding a small 'one click' barrier to the visibility of petitions.

When a user clicks on 'View all petitions', what they see doesn't really provide enough information to decide whether to sign. Another click is needed to view the details of any specific petition. However the screen does help people refine down to a topical area quickly, unlike the US and UK sites and the keywords by petition are useful, if perhaps put ahead of more useful information such as the title and summary of what a petition is asking.

The language, unfortunately, is a touch more bureaucratic than in the US and UK sites, with petitions titled by number and reference. These may be useful to bureaucrats, but have limited meaning for users and could have been hidden from petitioners and respondents.

Petitions provide a numerical breakdown of respondents by provinces, but no map view and no easy way to download the data without screen-scraping.

Responding to a petition is slightly more complex than in the US and UK epetition sites, with it being mandatory to provide an address and phone number as well as the usual name, email address and confirmation that you're really a resident of the country. The response form is also less friendly than the other sites, using now old-fashioned red asterisks to denote mandatory fields.

Creating a petition involves an equally complex sign-up form, where a user must avow they're a Canadian - so I've not looked into the creation process. I do anticipate that it would not quite be as sleek and refined as the US and UK versions.

The responses to petitions, like in the US site, include all petition information and those that have been responded to can be found easily through the top menu of the site. However the responses are provided as PDFs rather than within the page. This adds an extra step to the process of reviewing a response and most are only one page long, so I feel this is a poor approach, adding complexity with no benefit for users.

Australia - e-Petitions

Similar to the Canadian site, Australia's epetition site is quite new, so some rough edges can be expected. 

However I did not expect as many rough edges as I found, given there's some excellent examples above to learn from.

Also as the code for WethePeople is available as opensource, it is it relatively quick and easy to start with all the US's experience and build from there. 

To start with, Australia's epetitions site doesn't have a short web address like petitions.aph.gov.au, it is deeply buried in the site at www.aph.gov.au/Parliamentary_Business/Petitions/House_of_Representatives_Petitions/Petitions_General

Now it could be argued that as Senate, House of Representatives and Committees might all accept petitions but operate differently, it needed to be buried within each of these section of the site. 

However this could have been easily handled through a single multi-choice question in a petitions process, leaving all petitions to live at the same simple petitions.aph.gov.au address - without requiring petitioners to do the hard work of understanding how government operated.

On top of this the petitions process doesn't come up in the first page of search results when looking for 'petitions' - a critical but easily fixable mistake. 

This type of simple oversight dominates the entire Australian epetitions process, with it being pretty clear than the work was done with little reference to international benchmarks or usability testing.

Moving on to the actual processes, there's currently no petitions listed so it's not possible to analyse the process for signing a petition. I would have expected that the APH would have done some work to ensure there were a few petitions at launch, as other governments did. 

Clearly this wasn't the case, with the APH potentially taking more of a 'build it and they will come' approach rather than promoting the availability of the site widely before and during its launch. The impression that leaves me is that the APH didn't really want to create this site and doesn't really welcome petitions - they'd prefer to not hear from citizens or have the hard work of dealing with any resulting work.

Regardless of whether this was the case - the impression, or perception, is the thing - and the lack of any petitions to sign at launch reflects badly on the site.

Moving on to the creation process, the process for doing so is well explained in the first page (image above) - though with far more text than is necessary (as illustrated by the other epetition sites above).

Some of the steps on this page, and later pages, are not well communicated, using very subjective and bureaucratic terms - such as "Language (must be moderate)". 


I'm not sure what 'moderate' actually means and I doubt most Australians would be able to guess what a bureaucrat would consider 'moderate language'.

However using more words to explain these types of terms would be a mistake - instead the entire page should be written in plain English, aimed at about the 5th grade level. 

In fact I quickly tested the language on the main page, and it scored at a current grade level of 10.5 - well above what is considered acceptable. The subsequent creation pages score even higher, with terms bandied around that are rarely used outside of Canberra's bureaucracy and would serve to confuse, frustrate or even upset many Australians.

The process for filling in an epetition is OK, clearly stepped out, but with far too many steps (and words) on each page. There's no way to compare your petition with existing petitions - as the UK site does - though as there's no existing petitions to compare with I'm not too concerned about this as yet.

It will become a source of additional work for public servants and frustrations for users down the track however.

There's a lot more questions and information requested than in other epetition processes - with a lot of form fields to complete, which will effectively deter many people from establishing an epetition. Whether this is a good thing, however, depends on whether you're a bureaucrat first or a citizen first (I think it's a poor approach).

Nowhere could I see clarity on the thresholds at which you might get a response to a petition, making the entire process seem like a black box - a digital black box, but a black box nonetheless.

The entire process felt very cold and impersonal, unlike the UK and US experiences - which were warm and inviting.

Given parliament serves citizens, I think it is better to strive to leave users feeling they were important welcomed guests rather than nuisances and intruders into a hostile space.
This lack of warmth was particularly characterised by the final 'thanks for submitting a petition' page - which neither thanked the petitioner, nor gave them a feeling they were important and valued. 

Even the title of the page remained 'Request a new e-petition' rather than thanking the petitioner for their engagement in Australia's democracy.

Given how often politicians and public servants complain that Australians are disengaged from politics and democracy, the way this entire epetition creation process was constructed makes it very clear that the government itself holds a lot of responsibility for pushing people away, rather than welcoming their contribution.

Summary

So given my review of the four epetition processes, from Australia, Canada, the UK and US, I can say that I'd happily and enthusiastically recommend both the US and UK approaches, slightly favouring the UK due to it's maps and sharing tools.

Canada's site is OK for a first attempt. It doesn't appear to have learnt a great deal from the US and UK experiences and asks more than it needs from citizens, but it remains usable and functional if not inviting.

Unfortunately Australia's epetitions site is a very poor effort, and reflects poorly on the government, our public service and Australia's claims of being innovative and digitally progressive.

About the most positive thing I can say about it is that at least we now have the site - so there's a starting point to improve from.

However any competent usability designer would not have built the site in the way it has been built - and it seems more of a 'tick and flick' developed with internal resources on little or no funds (not that it would have cost a great deal to have done a good job).

I'm very disappointed at the APH's efforts - and have created an epetition for people to sign accordingly (though I doubt it will make it through the APH's scrutiny process - which is far more involved than for any other jurisdiction compared).

I truly hope the APH spends more time looking at benchmarks internationally and can convince the government that epetitions are a key interaction tool with citizens, so having them feel invited and effective is critical for supporting a positive view of government.

I'll be looking in on the site from time to time to see how its going - and would happily help the APH improve the site if asked (in fact I reached out last July, but never heard from them).

This isn't just a box that government has to tick, it's a vital avenue for citizens to engage with government and an advanced democracy like Australia should recognise the importance of doing it well.

Read full post...

Tuesday, September 27, 2016

Party time for GovCMS as it hits 102 sites, well ahead of target

It's party time at the Department of Finance as GovCMS continues its growth surge, from 78 sites less than a month ago to 102 sites this week.

This means the Drupal-based platform is tracking 70% ahead of its 2016 targets, demonstrating how successful a well-engineered and supported digital platform can be in government if well designed and supported.


While some of the growth may have come from agencies shifting away from GovSpace, which shuts down next year, part is also coming from state, territory and local governments who are beginning to consider the platform seriously.

While mandating a single webCMS and platform might be a step too far for Australian governments, the approach of providing a cheap and effective platform, with full standards support, a growing developer base and interoperability of plugins and modules (which can be reused across agency sites), is providing a strong 'pull' effect.

This 'pull', rather than a 'push' (mandated) approach to service design is one that government can also apply to citizen and business services, so I'm hopeful that the GovCMS experience is demonstrating to agencies how the carrot can be more powerful than the stick.

Given that even the Digital Transformation office has now fallen into line, after the DTO initially considered building its own WebCMS for the Gov.au site, GovCMS has been a massive success for government in Australia, and for the Department of Finance in particular.

GovCMS is supported by Acquia, the commercial entity created by the developers of the open-source Drupal platform, with a variety of local development partners involved in the development of specific agency sites.

Read full post...

Friday, September 23, 2016

Innovative leadership involves walking in the rain

I've rarely seen a better example of leadership in action than in the juxtaposition of these two photos, kindly shared on LinkedIn by Jean-Michel Wu of McCann Worldwide.


Now let's be clear up front - these are carefully selected images, presenting single moments in time - so they aren't necessarily representative of the style of either leader represented, either the US's political leader, Barack Obama, or business leader (and Republican Presidential nominee) Donald Trump.

However the notion of a leader who shields himself, at the expense of others, as compared to a leader who shields others before themselves, is one that anyone aspiring to leadership or in a leadership role should reflect on.

We've seen many examples of 'leaders' who fail to take responsibility for their own actions, or for the actions of those under their direction. These so-called leaders shield themselves while actively or passively allowing others to take the blame for actions or inaction that they were ultimately responsible for.

Example abound of this practice. In government there's functionaries falling on their swords to protect their Ministers, and senior public servants pushing the blame downhill, to junior staff, or to vendors.

In the private sector there's many examples of this type of behaviour, although it is not as often on public display. However it is sufficiently common that it has become an advertising punchline.

When this type of behaviour is displayed by leaders it erodes trust and respect - in them and in the organisations they lead.

When the behaviour becomes public it can be devastating to an organisation's brand and reputation - but even if it remains hidden within the walls, it can significantly affect an organisation's performance over time.

One of the casualties is likely to be innovation and invention, as employees witnessing 'scapegoating' or 'passing the buck' behaviour by their leaders will be less inclined to take risks in order to avoid getting the blame.

Another casualty is organisational culture, which will tend to become more secretive as staff hide potential mistakes and fearful, as staff worry about being made the next example.

Whereas a leader who shields others, 'running interference' and supporting their staff will foster a very different culture. Staff will be more inclined to innovate as they know they won't be blamed for failure, and their managers will ensure they get credit for their successes.

A shielding approach also gives teams the room to solve problems rather than hide them, paying enormous dividends in the long-run.

Cultures will be more open and inclusive with this second type of leader. Staff more collaborative and sharing, rather than hoarding information to protect their roles.

Of course there must still remain appropriate mechanisms for managing poor performance - but these will be seen as fair and equitable, rather than vindictive or aimed at protecting the upper echelons from their own decisions and actions.

Organisations that encourage, foster and employ leaders who choose to shield their staff, even sometimes at personal expense, will ultimately be more successful - more innovative and more adaptable.

So if your organisation is trying to foster an innovation culture, a good start is for its leaders to walk the talk by walking in the rain.

Read full post...

Wednesday, September 21, 2016

Breakthrough or Buddy-up - Two Strategies for Chief Digital Officers

Growth of the Chief Digital Officer (CDO) role has been incredibly rapid over the last few year, reflecting the increasing importance of technology to organisational success and survival.

However not all CDO roles are created equal, with enormous variation in their responsibilities, resourcing and capability to generate change, in the form of digital transformation, in the organisations they serve. Some have direct responsibility for business lines and IT teams, others serve primarily as advocates and influencers in the C-suite, with little in the way of direct reports or operational responsibilities.

The candidates appointed as CDOs have also vary enormously in background, some from 'pure' IT careers, others from a mix of IT and business and still others from business-based disciplines.

 An additional complication is that due to there being so many new CDO roles emerging, in many cases both the organisation and candidate are new to the role. This means the definition of the role might not be as clear as for well-established and understood roles, organisations may be less clear on what characteristics they require.

 A new CDO must also find their way and negotiate their position in the C-suite in a game of reverse musical chairs, where other executives may be looking for ways to gain advantage from the new seat and player at the table.

(Graphic courtesy of CDO Club.
Keep an eye out for the Chief Digital Officers Worldwide update for 2016)

In many cases CDOs have been external hires, including from international sources. Some public sector organisations have brought in experience from the private sector, though I've not seen the reverse as yet.

This can add additional complexity to the role. An 'outsider' brings their own cultural and workplace practices, which is often an advantage in a CDO role, but can require a significant adaptive phase for both the Officer and organisation. New CDOs from different environments can require some time to build the relationships and alliances necessary to achieve results and to learn how to navigate an organisation's formal and informal decision-making processes.

When it comes to performing the role successful, there's a spectrum of strategies available to a new CDO.

At one end of the scale there's the 'breakthrough' approach, where the CDO mandates and forces change on an organisation.

At the other end is the 'buddy-up' approach, where the CDO functions as an expert adviser and councillor, supporting colleagues and staff to make change themselves.

I've been fortunate enough to observe both approaches in practice, witness the comparative successes and failures over time.

In this post I wanted to provide a little insight into how these strategies can, and are, applied, the potential outcomes for the choice a CDO makes and what organisations should look for when hiring the right CDO for them.

Looking at the 'breakthrough' approach first - in its purest form this is a 'no holds barred', even violent, way to stimulate organisational change by actively pushing through any barriers to digital transformation.

It requires a forceful and driven CDO with massive resilience who is prepared to take on personal consequences for their strategic approach. Within an organisation it often results in adversarial situations where a digital transformation is imposed on unwilling business and IT areas, ending careers and bruising many survivors.

Internationally many CDOs who have adopted this strategy to a significant extent have had quite short tenures, coming into an organisation and driving digital transformation relentlessly for a year or two, then either moving on to the next appointment or requiring a personal break to rebuild their resilience.

It is not a tactic for executives who wish a long-term career with a specific organisation, or even in a specific industry or country, as the crash through tactics are not congenial to building good long-term relationships and alliances.

Used strategically this approach can break down long-term barriers to change and innovation, squeeze out old-fashioned and outdated thinking and renew an organisation to move forward in a more cost-effective and digital way. Some organisations may require this 'shock treatment' to shift from their current track to a more sustainable one, whereas the buddy-up approach would not provide significant impetus for them to transform.

Used poorly, this strategy can alienate potential allies, damage competent individuals and generate a 'winners and losers' culture, where people feel forced to choose sides. Any resulting digital transformation can be short-lived, reliant on the CDO remaining in their role, with other executives and middle-managers rolling back to their comfort zone after the CDO is gone.

A common tactic for individuals who oppose this approach is to simply wait until the CDO moves on, although sometimes repairing the damage a breakthrough strategy does to trust and respect within an organisation can take years.

The buddy-up approach is far more collegiate and is built on alliances and expertise rather than direct power and force. This strategy is better attuned to patient executives who are willing and able to spend the time building trust and leading executives and staff to a place where they feel empowered to choose adopt digitally transformational changes, rather than having these changes forcefully imposed on them.

The approach builds good long term relations and suits executives who wish to build a long-term career in an organisation or across a sector. It works well in situations where a CDO has little direct power (direct responsibilities or budget) but is a respected key influencer, with peer-level access to others in the C-suite.

The speed of digital transformation achievable using this strategy tends to be far slower, particularly in the initial stages, than via the more aggressive breakthrough approach and may not suit organisations that require a rapid transformation. However, in the longer term, the pace of change can accelerate rapidly as it no longer must be solely driven by the CDO but has become embedded in how the organisation operates.

For organisations with firmly bedded down cultures, there's a risk that the buddy-up approach will get lost in the mix, with the CDO's efforts absorbed into the organisation rather than propagating change. We've seen this many times in the past, where the introduction of a new approach becomes so diluted within the existing culture that, like a drop of ink in a glass of water, it vanishes without a trace.

Used strategically the buddy-up approach is very effective at bringing the organisation with a CDO, generating a deep-rooted top-to-bottom change in culture over time. By avoiding adversarial and 'winner take all' situations, staff across the organisation retain their unity in being on the same team without aggressive competitive, or even bullying, behaviours.

Used poorly the buddy-up approach can be ineffective, with the CDO ignored, or their efforts co-opted and absorbed into business as usual without the level of digital transformation required by an organisation. Also, due to a slower ramp up as trust relations are built, the approach can be too slow for organisations facing imminent threats to their survival.

Fortunately many CDOs understand that their role involves using a blend of the strategies above, based on their resources, influence and environment. Knowing when to apply a breakthrough strategy rather than a buddy-up strategy is the real art of being a CDO, and organisations should be careful to select executives who have demonstrated a careful balance of both, even in situations where one strategy needs to be dominant.

The real danger for organisations - and CDOs - is when they rely too heavily on either the breakthrough or buddy-up strategy.

An over-reliance on breakthrough risks any digital transformation successes being short-term, poorly embedded in an organisation and leading to a 'pushback' that can damage digital initiatives in the organisation for years to come.

An over-reliance on buddy-up can conversely result in a failure to implement the digital transformation required, leaving an organisation in a worse position as its rivals and markets shift.

When hiring CDOs, it's important to not just look at their past short-term successes in transformation, but also their record of fostering enduring digital transformational change and strong relationships.

Those who rely too much on breakthrough tend to have shining successes to their credit, but poor senior relationships and a trail of past engagements where organisations cannot demonstrate significant lasting business value from the CDO's efforts.

CDOs who prefer buddy-up approaches can appear to have less spectacular careers, with most of their successes shared, but come well-recommended and respected. Again it is important to consider if their past engagements have resulted in lasting business value to the organisations they have served.

For those aspiring to be a Chief Digital Officer, it is important to develop the capability to apply both breakthrough and buddy-up strategies, and particularly the emotional intelligence to know which is appropriate to apply. Having experience using both strategies effectively is of enormous benefit when seeking a CDO role.

It's also critical for those stepping into a CDO role to understand and negotiate the use of breakthrough and buddy-up strategies, to ensure that the CEO, Board and other executives understand why the CDO is taking a particular course at a particular time.

A CDO more experienced with buddy-up strategies will need to communicate clearly why the alliance approach to collective change is being applied when working in an organisation that took on a CDO to aid in a rapid digital transformation.

Conversely a CDO selecting breakthrough tactics will need to make it clear why they are choosing an aggressive approach to digital transformation to avoid alienating other executives and staff who may feel trampled or excluded, and losing their mandate before the transformation is embedded.

Most importantly for any prospective or new CDO is the ability to know your own strengths and weaknesses, and seek opportunities where your personal attributes are beneficial to your role.

Using myself as an example, in my roles in large organisations I've often strayed too far into breakthrough territory, reflective of my past experience in business startups, where speed of outcomes is paramount over relationships or process. I've also had several roles where breakthrough was the only viable strategy due to the timeframe and environment.

I have learnt from others, who have mastered the approach, to apply more buddy-up tactics - particularly during my experience in government, where strategic alliances are essential to foster deeper and longer-term digital transformation.

However my natural inclination is more towards breakthrough, and I perform better in environments where, on balance, I can use this strategy more often.

Others may find they naturally prefer to apply buddy-up strategies, or are evenly balanced between the two.

Whatever your personal preferences, you'll likely do best in a role that reflects how you operate.

However regardless of whether you're applying breakthrough or buddy-up strategies, keep in mind the ultimate goal - to redesign organisations to be successful in a digital world.

Organisations live or die by their people, and selecting the right match of CDO and organisation, and the right blend of buddy-up and breakthrough strategies is essential for their digital transformation and success.

Read full post...

Thursday, September 15, 2016

Farewell to GovSpace.gov.au - a bold and successful government initiaitve

On the 25th August the Department of Finance in Canberra announced that its bold experiment in providing a central website infrastructure for agencies, Govspace, was coming to an end after almost seven years.

I still remember feeling excited at the original launch of Govspace.

At the time I was working in the Department of Health as Online Communications Director.

I was theoretically responsible for the department's entire web presence, although many of the 150+ websites operated by the department were directly controlled by the business area funding their development.

It was still a time when business areas wanted a new website for every new initiative and would pay through the nose for those sites.

Business areas would often spend tens or even hundreds of thousands of dollars to digital agencies, or our internal IT team, to have each new site built.

It was a frustrating time for me as there wasn't a simple way for the department to procure low cost sites. We didn't have the capability to easily build or buy websites based on open source web content management systems (WebCMSes), such as WordPress, that used free or cheap themes rather than hand-crafted custom-designed graphical interfaces.

Even Health's internal IT team had to charge six figure sums for simple websites due to the costs they had to incur and offset when using the department's mandated internal web content management platform (Lotus Notes) to deliver them. Each internally built site had to be custom coded and designed by experienced IT staff, making it a relatively slow, as well as expensive, process.

So when the Australian Government Information Management Office (AGIMO) in the Department of Finance unveiled Govspace in March 2010, the floodgates opened.

Suddenly every agency could access a low-cost open source webCMS on pre-approved secure government infrastructure. It could be used to deliver both small specialist websites as well as services such as blogs.

Finance were trusted, reliable, secure and a central government agency - one of 'us' (government) not one of 'them' (private sector companies).

Govspace launched with a single pilot site, the Department of Treasury’s Standard Business Reporting blog. The platform expanded quickly, reaching 25 sites using the platform in a year.

I was one of the first to leap on. I worked within Health to dissuade one of our Communications teams from paying a digital agency at least $40,000 for a new website for an information campaign and convinced them to trust me (and Finance) to make use of the Govspace infrastructure - which at the time came at the very attractive price of 'free'.

Finance was able to spin the site up in a matter of weeks, WordPress was easy to use, so the Comms team was able to directly put the content in place. We had the website live within six weeks - compared to a 3-6 month process with a digital agency.

In the end we did spend some public money, about $42 on a custom WordPress theme, but saved the department over $35,000.

At an internal planning day shortly after the site went live the Comms team proudly shared how easy it had been to get the website in place. This lead to a flood of interest from other area.

That one site raised the internal awareness that the Department had been paying too much for websites, leading to enormous savings over time.

Govspace wasn't designed to cater for every site - it was primarily a platform for simple Gov 2.0-style sites, with blogs and other interactive features. Even so my team helped put at least another half-dozen new websites onto the platform over the next few years.

Even when Finance had to bite the bullet and start charging agencies for the costs they incurred for the platform, Govspace remained one of the lowest cost website options for government.

You can read the posts from the first birthday of Govspace, from AGIMO's then Branch Manager, Peter Alexander (now COO for the Digital Transformation Office) and from AGIMO's Mike T (with my comment still below).

Govspace continued to grow in use over several years, with over 110 government sites using the platform at some stage. The chart below shows the traffic for periods I've been able to source data for.



Over the last few years the site has seen a natural decline as agencies shifted to GovCMS, Drupal or their own lower cost WebCMS frameworks.

Today Govspace hosts 26 live public sites - virtually the same number as the platform had after 12 months.

With Finance's decision to close the platform all those sites will have to move to their own infrastructure by the start of 2017. After that, Govspace will be no more.

While this makes me sad, I support the decision by Finance to close down the GovSpace platform. It had a good run. However Govspace is fast being replaced by more modern web platforms, particularly GovCMS.

I'd like to personally thank all the relevant staff at the Department of Finance for how diligently they ran and maintained the platform, even after AGIMO was disbanded and running a whole-of-government infrastructure stopped being an important role for the department.

While for many inside and outside government the closure of Govspace might be seen as just the termination of a 'surplus to needs' service, I believe this is the end of an era for government IT.


Govspace was instrumental in revolutionising many aspects of how Australian government viewed digital.

The platform helped transform how Australian government agencies looked at website development and costs.

The use of WordPress for a public whole-of-government platform also widened the door for open source software to be considered by agencies.

Govspace helped propel government web sites from a 20th century 'brochure-ware' approach to become more engaging and interactive.

The impact of Govspace has echoed across government, and will continue to echo for years to come as agencies continue on their digital transformation journeys.

Farewell Govspace and thank you to everyone involved with the platform. Your contribution to government's digital transformation has not been overlooked.

Read full post...

Monday, September 12, 2016

Confusing innovation with outcomes

I've been involved in an interesting Facebook chat around the definition of a startup, which has coalesced my thoughts on the approach of organisations towards innovation.

Innovation has become a buzzword in the last few years, with both corporations and governments focused on the notion that they need innovation to remain effective and relevant.

I've been fundamentally uneasy with a lot of the views expressed around this notion. From the Australian Government's '#ideasboom' to the notion that appointing an Innovation Director who in some way takes 'ownership' of innovation for an organisation, will solve an organisation's competitive and cost-efficiency challenges.

I also have my concerns about the ideation processes springing up across government and the private sector.

It's great to see the flood of ideas and the unclogging of the old-fashioned 'suggestions box'. However these processes need to be well-supported with training and capability to assess the ideas and then help people to realise them in practical trials, to really determine which really do solve problems or improve outcomes.

Don't get this wrong - I'm a big proponent of innovation.

The process of identifying a problem (that often others do not see), of finding a new solution (whether involving old or new technology) and of then testing and trialling that solution until it becomes clear whether it's an improvement or not is essential to every organisation who wishes to continue to exist.

However focusing on the ideas and innovation is a confusion of process and goal.

Ideas and innovation are tools to solve problems. They are not ends in themselves.

Ideas are a thousandth of a bitcoin a dozen and anyone who sets out to 'innovate' is starting with the wrong end of the stick - the process, not the desired outcome.

Instead organisations should focus on the other end, the problems, preferably invisible and painful ones. They can be considered 'big' or 'small', this doesn't matter - what matters is that there's significant pain caused by it, and significant benefit to solving it. Solving a problem that costs every employee only 5 minutes each day will save an organisation with 1,000 people 416 hours per week - the equivalent of ten staff, or 1% of their headcount.

Often the best problems are invisible to most people in the organisation, they simply work around the problem, using manual steps to bridge processes, walk the long way around an obstacle and eventually forget that it is there.

'Managing' the problem becomes part of the basic experience, the social norm, of working there, just like the example in the video below - and very few question it.


The real innovator is the person who both thinks - why is that obstacle there? AND then acts to remove it.

A simple test that can be performed in any organisation is to put a chair with a sign 'Please do not move' on it in the middle of a regular walkway.

Look at who walks around the chair, versus those who complains about the chair being there, versus those who actually take an action to remove the chair as an obstacle.

You want people who are prepared to address the obstacle on your problem-solving team. They are the people prepared to ask 'why is this so' (identifying the problem), then experiment with potential solutions to remove the problem from the equation.

For organisations that wish to set a higher bar, change the sign to read, ''Please do not move. By order of the CEO - this area is monitored by CCTV'.

Now you'll really find out who is willing to take a risk to achieve a better outcome.

Ideas and innovation remain critical tools for problem-solving, and fostering both within organisations is critical, but avoid the trap of confusing them with the improved outcomes that their use is designed to achieve.

Treat them as tools, not goals and avoid building complex systems and hierarchies around who is 'allowed' to use them within an organisation.

Everyone in your organisation has ideas. Everyone can innovate. Not everyone can identify the problem, visualise a better outcome and use ideas and innovation as tools to turn that visualisation into reality.

Use ideation processes and Innovation Directors to foster an environment where problem-identification and solving is the social norm for your organisation.

To foster an environment where the reaction to a new problem or inefficiency is to take action to address it, trying different approaches until the optimal solution is found, rather than to kick it upstairs, ignore it or simply 'walk around' it with more staff and expense.

The most successful organisations - public and private - will be those that foster active problem-solving, not nebulous 'ideas' or 'innovation'. Those that remain clear on what are the goals and what are the tools.

Read full post...

Wednesday, September 07, 2016

Don't ask for more information than you need (and make it clear why you're asking what you're asking)

I've just become aware of the ACT Government's consultation for a new license plate slogan.

Hosted at Your Say, the government is asking for ideas for a 30-character or less slogan, with the best ideas to be put to a public vote later this year.

I support this type of consultation approach - it provides for broad public input, with a screening step (via a panel of judges) to manage any inappropriate suggestions before a public vote.

The consultation also does a great job of explaining the process timeframe; when the decision will be made and when the license plate will be released.

One of the 'tricks of the trade' for consultations - and and engagements - is to ask the minimum number of questions required to meet the purpose of the process.

While there's often temptation to ask a few additional questions, where data might be interesting but is non-essential to the consultation's purpose, each additional question can reduce the response rate significantly.

These additional non-essential questions can also call into question what the consultation is actually designed to achieve. This can, at worst, lead to suspicion and loss of trust, but at minimum is likely to cut the honesty and number of responses, potentially damaging the ability of the consultation to achieve its purpose.

Sometimes, of course, there can be questions that appear non-essential but are necessary for the consultation to achieve its goals. In this case, the organisation engaging should make it as clear as possible why the questions are being asked, without damaging the engagement process itself.

Unfortunately it seems that the ACT government hasn't fully thought this through in its license plate slogan consultation.

Alongside asking for the slogan and where the respondent lives (important for getting ideas expressly from Canberra residents), the slogan also asks for the name and a contact number/email, as well as age and gender.

While the consultation does a good job of explaining why name and contact information might be useful, so that the finalists and winning respondent can be contacted, it's unclear why either age or gender are required in this process.

Age is a compulsory field while Gender is optional, but realistically neither is important information in the review process, nor is there an explanation as to why the ACT government would need this information.

Now this might seem a trivial thing to the agency involved in the process, after all age and gender aren't hugely personal information and, in the case of gender, is often determinable from name alone.

However by adding these fields - whether compulsory or not - the response form becomes that much more complex, and can discourage some people from responding.

That doesn't mean that this process won't get a good response rate, but it is likely to be less than it would otherwise be.

Of course it's hard to prove this in this case, as we don't have the luxury of an AB test to compare approaches - but from experience, overall responses go down when additional (and unnecessary) questions are asked.




Read full post...

Wednesday, August 31, 2016

Have you been pawned? What could Australian governments do to reduce the frequency of data breaches

Data breaches at major organisations have become a weekly event, but don't always make it into the public eye for months, or even years, after they happen.

This is both because it can take some time for an organisation to become aware it has been breached and because few organisations are forthcoming about security concerns.

This lack of willingness to communicate breaches can be because many fear a loss of respect or trust if they admit a breach has occurred, and in certain cases companies may even be liable for fines or damages in a class action.

Of course, not declaring breaches can also come with a sting in the tail. Individuals might find some of their other accounts become compromised, or experience monetary or identity theft - in extreme cases people can find themselves in debt, their property sold, or even be gaoled.

Governments in Australia have been slow to put measures in place to protect citizens in these circumstances - even forcing citizens to take them to court to rectify these situations, as a Canberra homeowner recently had to do.

Unfortunately in Australia it's not even mandatory for data breaches to be reported, so there's limited information about how widespread the threat or cost actually is, making the situation even harder to deal with.

I subscribe to a service (Have I Been Pawned?) that alerts me when a service I use is reported as hacked - but even this is largely limited to international online services and it remains very slow to discover when these hacks occurred.

The example below shows how Dropbox has only in the last few weeks acknowledged a hack in 2012 which exposed the details of over 60 million people - that's more than twice Australia's population. Their information (including mine) has been traded online by the hackers.
Dropbox breach

Now some people might consider this a normal part of living and doing business in the internet age - but should we?

There's a number of steps that both governments and commercial organisations can take to reduce the impact of these types of breaches and help ensure they occur far more rarely.

The first step is a mandatory requirement to publicly notify everyone who may be affected by a breach within a week of it being detected, with a mandatory public announcement of the breach within two weeks.

If the notification is made on a timely basis, organisations should not face a significant fine from the government, but if notification is late, they should face a fine equivalent to a significant portion of their gross income for the previous year.

Where organisations are breached, they should be legally required to, at their own cost, identify the cause and rectify it, putting in place appropriate security measures to prevent recurrence and fix any other identified security issues with their system.

Organisations should also be put on a three-year watch list, where if they suffer another breach and cannot demonstrate that they maintained their security infrastructure to a sufficient standard, are subject to that very significant fine detailed above.

This should apply across both private and public organisations - with government agencies held to the same high standard of conduct. In fact it could be argued that government should be held to an even higher standard due to being required to maintain public trust and how certain agencies may compel information from individuals and store it for their lifetime.

Governments should also set up positive security regimes, where people are rewarded for identifying and reporting security holes in government properties. Corporations could also be provided with incentives to do the same, such as subsidising rewarding and rectifying appropriate security issues in a similar way to R&D subsidies.

The government needs to work with governments around the world to ensure that laws punishing identity theft - fraud - are sufficiently strong to create a strong disincentive for anyone who might be caught either perpetrating a hack or benefiting from it. There's already a base in place for this, but there's ways to strengthen it and treat identity theft with the degree of severity it requires.

Finally governments need to ensure they are appropriately educating citizens through a variety of channels - providing educational content, ensuring that no government agency allows users to create weak passwords, training their own staff (essential for national security), training police forces to understand and engage appropriately with citizens who report identity theft and rewarding companies who educate their staff and customers for reducing the overall risk.

Now it is important to be realistic about the situation. Australians use a variety of foreign online services and it is impossible to secure them all, all of the time. Hackers will find ways in via mistakes in ICT configurations, slow maintenance, zero day exploits and social engineering.

However the incident and severity of the data breach risk can be greatly reduced if Australian governments stop turning a blind eye to the issue and begin seriously engaging with it.

At minimum governments need to broaden their cyber security policies to recognise that it's not just the government itself at risk. From here, there's many opportunities, such as those described above, for governments to be more proactive about protecting their citizens from the risk of data breaches, from enemies both domestic and foreign.

Read full post...

Tuesday, August 30, 2016

Digital Transformation Office launches beta for their Digital Marketplace

Earlier this week the Digital Transformation Office (DTO) launched the beta version of their Digital Marketplace, a directory of vendors offering specialist digital services across a range of role categories.

The explicit reason for the Digital Marketplace was to make it easier for small and medium enterprises to engage with government, particular within large ICT projects. It is supposed to do this by allowing agencies to break down large projects into small stages which smaller companies are able to fulfil.

At this stage the Digital Marketplace is primarily a list of vendors - over 220. Most are small businesses, with a smattering of recruitment agencies (Horizon, Hudson, Randstadt, Talent International, The Recruitment Hive) and larger companies (such as Deloitte).

Right now it's possible for agencies to make both open and select requests to the list for skills via a briefing process, with additional approaches to market, such as an ideation approach both for buyers (roughly 'I have this problem, how would you solve it') and sellers (roughly 'I have this idea to solve a government problem - will anyone fund the work'), still under development.

The beta allows for fourteen role categories, covering a wide range of skills in the digital area, with more to come as the marketplace beds down and grows. The current roles are close to the DTO's core business of promoting and incubating digital transformation, which seems a reasonable place for them to start.

While the marketplace provides the information in a different way to most government procurement panels, it is governed in the same way - under a standing contract arrangement. At this stage all the innovation is at the front end and it will be interesting to see whether other agencies with whole-of-government panels (particularly Human Services and Immigration) see value in this way of displaying vendors and in the additional features the DTO plans for the site.

I've had a good look through the initial Digital Marketplace - in fact I'm affiliated with one of the participating vendors (as would be most private sector digital people in Canberra) - and it was interesting to see how many companies claim to have access to talent that government needs in the digital space.

Most government panels have been far more restrictive in the number of vendors they allow on the list, which has led to significant 'horse trading' of panel access and the development of services like SME Gateway to facilitate companies without a panel presence, whereas the DTO has gone for a 'bucket list' of any company that can demonstrate they meet the required criteria.

I've done a little analysis of the vendors in the Digital Marketplace and found a few interesting insights as to the responses the DTO received.

Firstly, half the approved vendors offer four or fewer of the fourteen role categories in the marketplace, with only 8% (generally recruitment companies) offering the full 14.


This suggests a lot of specialist providers have joined the service - companies which may otherwise struggle to meet procurement requirements without extensively partnering or contracting their services through larger providers.

The most popular role offered by vendors was Business Analyst, provided by 123 (or 55%), whereas the least popular was Ethical Hacker, provided by only 51 vendors (23%), followed by Inclusive Designer (Accessibility Consultant) by 58 (26%) of vendors.

This isn't surprising. Business Analyst is a standard role that has been around for a long time in ICT, whereas Ethical Hacker is relatively new as a role type and Accessibility remains an underrated area by government (with many practitioners struggling to find sufficient paying work).

It was interesting how many vendors offered personnel in the Digital Transformation Advisor role, which was second behind Business Analyst (113 vendors or 51%) despite being a very new role type.

I'm still sifting through the data and expect to find more interesting insights - particularly from the pricing (for which the DTO has published the ranges by role). This was an interesting decision by the DTO as it may encourage organisations to migrate pricing from below the given range upwards, and once in the range toward its top.

A lot of the data exposed in the marketplace has commercial significance, so I may not be able to share all of it, but the site is already gold for organisations seeking to understand the landscape servicing government. Couple the information in the site with industry knowledge and published tender amounts and it becomes relatively easy to identify the high and low price vendors.

Read full post...

Friday, August 26, 2016

How to shut down the easiest path for hackers into your organisation

In the news today is a story about how the Department of Prime Minister and Cabinet has issued guidance to staff on how to manage their personal profiles on Facebook.

According to the The Age's article, 'Nanny state!' New crackdown on public servants' Facebook the department "now insists its public servants lock their personal Facebook accounts with the tightest possible privacy settings and tells them how to configure their passwords".

Based on The Age's article the policy states that "Profiles must use a robust and secure password to protect the account from brute-force hacking attempts".

"This password must be at least seven characters long and contain a mixture of punctuation and alpha-numeric characters".

The policy apparently threatens disciplinary action and even dismissal for non-compliance for both staff and contractors.

I've not yet read the policy so can't comment on the details, and there's also apparently some other parts of the policy dealing with what public servants can comment on, which I don't expect to agree with.

However, I find the advice on security and passwords as fair, long overdue, and something that all organisations should consider providing to their staff.

Hacking is fast emerging as one of the most significant commercial risks for corporations and public agencies, with organised crime and nation-states mobilising sophisticated teams of computer hackers in the search for commercial and political advantage.

Few weeks go by without a major international company or online service being hacked for data, and alongside this the growth of ransomware - where hackers lock organisations out of their own systems and demand money for access - is proving to be a challenge worldwide.

Many large organisations have extensive security provisions in place to protect their data and services against hackers and security advisors are working as hard to keep their system protected as hackers are to find new ways in, in a cyber cold war.

However IT systems are not the only way into an organisation's data heart. 'Social engineering', a term referring to coercing staff to create a chink in an organisation's security armour, is increasingly one of the easiest ways for hackers to sidestep security professionals.

Social engineering takes many forms.

Leaving USBs with malware at a location where staff might pick them up and unsuspectingly put them into an organisational system, sending them email attachments supposedly containing cute kittens (with a cyberworm inside), fooling them with a fake email from security into believing they need to reset a system password by clicking on a link - which gives a hacker access.

There are many many ways in which employees can be fooled, even the most highly intelligent people, and used to evade or break their organisation's security.

Even if people can't be fooled, there's ways to get critical information about them which can provide clues to passwords, or provide blackmail opportunities.

For example, many people still use memorable passwords - children's names and dates of birth, anniversaries, pet and street names, achievements and more. With a little digging through publicly available information, or even information compromised from a weaker external service, hackers can quickly create a potential password list which might give them a route into a more secure system.

Unfortunately many organisations have been slow to address this threat by educating and supporting staff on protecting ALL their information online - from their secure employee logins, to their Facebook accounts and random mailing lists they sign up to.

This education is important not simply for the organisation's security, but for the personal security of individual staff members, who are also at risk from hackers who simply want to steal from them.

In fact there's every reason to believe that well constructed advice to an organisation's staff on protecting themselves online will be well received. It not only protects the organisation, it protects each individual staff member and often their families as well.

So what PM&C is doing with suggestions on passwords and locking down Facebook isn't a 'Nanny State' act - it's a sensible step that every organisation should be doing to protect their commercial information and client data, and to protect their employees.

Now a 'policy' may not be the best structure for this education - I strongly recommend that every organisation should have a 'security awareness' module in their induction program, and ensure that all existing staff receive regular training on how to protect themselves and the organisation they work for from external hacking threats.

This needs to be regular, not once-off, because of the rapid evolution of hacking and IT systems. New threats emerge regularly, as do new social engineering attacks.

Training all staff on how to secure ALL their online accounts is becoming vital for organisations that are serious about security.

In fact I believe that organisations who lose control of personal, private or confidential client, staff or government data should be penalised more harshly if they've not taken steps to guard against social engineering through staff training.

So if your organisation wants to continue to improve your security, don't simply invest in new IT systems and security advisors. Regularly train your staff on how to protect themselves online and they'll help you protect your organisation.

Read full post...

Thursday, August 18, 2016

PM&C sets a new benchmark for public engagement in Open Government Partnership membership process

This morning the Department of Prime Minister and Cabinet (PM&C), through its ogpau.govspace.gov.au site, put out a call for stakeholders to express their interest in joining an Interim Working Group to help co-draft Australia’s National Action Plan (NAP) for the Open Government Partnership (OGP).

The approach that PM&C confirmed this morning is a very innovative and progressive one. I believe it is a model for government/civil society engagement in Australia that other agencies should pay close attention to.

PM&C proposed forming an Interim Working Group to decide which actions to put to the government for final sign-off and inclusion in the NAP.

The Group is expected to have up to 12 members, comprised of equal representation between government officials and civil society stakeholders. It will be co-chaired by a senior government official and a civil society representative.

Anyone can submit an expression of interest to join the Group, with expressions to outline relevant experience and expertise related to supporting transparency, accountability and open government.

It is extremely rare for government agencies in Australian to agree to 'share power' with external stakeholders in this manner during a decision-making process. The usual approach is to invite feedback from outside, but make decisions inside agencies, usually in a 'black box' manner.

The collaborative approach outlined by the OGP team in PM&C is a far more transparent and engaging one. It shows respect by granting near equal standing to external stakeholders and, through sharing decision-making responsibility, is more likely to result in shared ownership and ongoing commitment to implementing the decisions made.

The Interim Working Group announcement is the first public step progressing Australia's membership of the OGP  since the federal election. It follows a multi-stage consultation process which has included:

  • initial stakeholder information sessions run in Brisbane, Sydney, Melbourne and Canberra in December 2015 (Disclosure - I ran them on behalf of DPM&C, the presentation slides are here and a video of one of the sessions here).
  • a dual consultation process in February/March 2016 involving both an external wiki collecting action ideas for Australia's NAP  (over 200 collated ideas here) and an internal consultation with government agencies to identify actions they could commit to.
  • a Canberra-based co-creation workshop in April 2016 involving roughly 60 attendees from civil societies, agencies and individual stakeholders which aimed to aggregate and filter the collated ideas into 10-15 actions for the NAP (outcomes here). My report on the workshop, which I attended is here.
I'm very optimistic about this process, as the Department of Prime Minister and Cabinet has demonstrated significant engagement and commitment to the outcome and a willingness to listen to and involve external stakeholders throughout the decision-making process.

I hope other agencies keep a close eye on this process and the outcomes and consider where a similar approach might help them achieve public goals in a more effective and sustainable way.

Read full post...

Friday, August 12, 2016

What follows #CensusFail

I think it is now safe to say that, technically at least, #CensusFail has peaked, with the ABS and IBM successfully restoring most access for the Census 2016 site.

While there are still scattered reports of failures, not recognizing JavaScript is turned on, issues in some browsers and variable levels of access for people with VPNs, by and large the site is limping home.

Increasingly it appears that there was no large denial of service attack on the ABS, just a cascading series of issues which made the census service vulnerable to demand peaks, with perhaps a small attack being sufficient to drive it over the edge.

The repercussions and fallout for the incident will occur for a long time. Several official reviews are already in motion, all of IBM's advertising in Australia remains offline, and the ABS has not changed its engagement and communications course in any perceivable respect.

The ABS is likely to be feeling the initial impacts of the next demand spike - not of census traffic, but of Freedom of Information requests, with journalists, privacy advocates, IT experts and others all interested in understanding what decisions were made, where and by whom.

Hopefully the ABS will scale its capability effectively, unlike the Census experience, or take the high road and proactively release information, including server logs (anonymised of course) that allow external parties to understand the progression of events and clarify what occurred and the good work the ABS did to protect the data of Australians (their key commitment) throughout the incident.

The real risk now is that politicians and ABS management will try to switch back to business as usual too quickly, answering to official enquiries about the incident but refusing to answer to their real owners - Australian citizens. There's a tendency in most organisations to spring back into normal operations to quickly after a crisis, forgetting that the collective external memory is often longer than insiders expect.

The consequences of #CensusFail are likely to have ripples affecting every major government IT project, significantly reducing political and public trust in digital initiatives by many federal agencies, as well as impacting on state and local government initiatives.

In many other digital projects politicians and citizens will ask for additional safeguards to protect against a potential #CensusFail, no matter how unlikely it may be. This will add cost and time to these projects, pushing up IT expenditures at a time when budgets are being cut, causing agencies to delay and defer the more expensive or ambitious projects and attempt to keep limping along on existing infrastructure for just a year or two more.

In extreme cases this may increase risk, with already old systems pushed beyond their commercial lifespans, in broader cases it will harm innovation and cause governments to fall further behind their peers elsewhere in the world.

This seems a bleak picture, but I don't blame the ABS for this. It is a consequence of the lack of political IT expertise we continue to see across many Australian governments and of the risk-averse cultures that continue to flourish across governments despite the increasing downside risk of this stance.

It takes a long time to turn a big ship, and in this instance the ship is Australia. We are not educating our children or adults adequately to master a digital world and we do not have the level of IT knowledge or capabilities we need as yet to sustain a first-world infrastructure.

This flows through our corporations, our public service and our political leadership and it cannot be solved by the import or outsourcing of expertise.

I wish the ABS well in rebuilding their reputation following #CensusFail. In five years when the next Census is held the organisation will still be dealing with the fallout from 2016.

However the real failure and fallout in 2021 will be much greater if Australians have not invested in building our collective digital expertise to the levels we require to continue to grow our national wealth and economy, to sustain our standards of living and maintain our place as a first world democracy.

Read full post...

Bookmark and Share