Conference 7.286::digital

    I had a buddy that owned a Radio Shack store once, and he explained
    their 'auditing' or Quality assurance process to me...
    
    On a regular basis (yearly I think) a smartly dressed individual
    would walk into the store, shop around a bit, look a stereos, look
    a component racks, allow a sales person to assist them, and end
    up buying something worth about $30.00, like a calculator.  As it
    turned out, this person was a Tandy employee, and was conducting
    an 'audit' of the store.  The person left, and supposedly, the store
    manager and employees wouldn't know that they had just been audited.
    
    Later, a report would arrive, and the store manager would discuss
    it with the district manager.  In other words, any problems were
    discussed between the manager and his/her direct supervisor, and
    no one else.  Store manager then implemented whatever corrective
    actions were necessary.  Confrontations between the auditor's and
    the tandy employees were unknown, because the auditor didn't reveal
    himself, or his purpose.  He just left graciously and wrote up a
    report, which was filed and sent to the district manager.
    
    Interesting to note that my friend said he could spot the auditors
    a mile away by the way they acted (wanted to see the *entire* store).
    
    Also...he got a report that listed one of his employees (who was
    a little balding) as the store manager, and listed him as the junior
    employee...oh well....
    
    I wonder if we could suggest a different approach to performing our 
    audits.  Like keeping the results undisclosed, writing them up,
    and submitting them to management.  This might work a little better
    than ...
    
    	'AHA! Found your account logged in and sent a note to your
    	manager! Bet you'll never do THAT again, sweetie!'.

    ...the latter method would turn ANYBODY off!
    

    First - I am not now nor have I ever been an auditor.  HOWEVER,
    this note has already taken an extremely biased point of view. 
    Auditors are employed to enforce procedures.  They don't write the
    procedures.  You are complaining about stupid accounting rules and
    business practices, not the auditing process.
    
    I may think the 55 mph speed limit is stupid, but I don't blame
    the local cops!

    -dave

    re: .2
    
>    Don't blame the cops!
    
    True, we should not be blaming auditors for enforcing rules they
    did not create.
    
    But, neither should we expect an auditor (or any other Digital
    employee) to act in such a manner as to insult or embarass other
    employees when such action is not necessary.
    
    It is one thing when a policeman gives you a speeding ticket.  It
    is something else if a policeman gives you a ticket and makes you
    stand on a street corner wearing a sign that says "I AM A FOOL"
    so that all may see.
    
    Most problems can best be resolved when rational thinking and level
    heads prevail.  If the auditing process does not encourage this,
    but instead encourages petty showmanship (such as nailing someone
    to the wall in a public meeting without prior notice), then the
    process needs to come under _serious_ scrutiny.
    
    In order to maintain security and profitability, Digital needs the
    cooperation of every employee toward common goals.  We don't need
    good employees to become embittered because they made a simple mistake
    and weren't given the opportunity to correct it with their dignity
    intact.
    
    What would happen if every bug which came out of Engineering resulted
    in the public humiliation of the responsible Engineer?  How long
    would we maintain the wealth of talent we have in Engineering?
    
    If the process _really does_ cause the pain which some have alluded
    to, then should we not seek to change it?  Has anyone experienced
    this process _without_ seeing adverse effects?  Is this a problem
    with the _process_ or with a few isolated individuals?
    
    -- Russ

    re: .3--``What would happen if every bug which came out of Engineering 
    resulted in the public humiliation of the responsible Engineer?  How long
    would we maintain the wealth of talent we have in Engineering?''
    
    Engineers vary as much as anyone else, so I'm just speaking for myself.
    My "public" is very small: my peers in my development group.  They are
    the only people whose opinions about me are important to my ego.  When
    I screw up, they all know about it.  For example, last Friday, due to
    insufficient testing on my part, I caused a significant piece of our
    product to not work.  A co-worker came in on the weekend, diagnosed
    the problem, and corrected it, thus enabling the group to do useful
    work on Monday.  I posted a public apology in our internal conference,
    and credited my friend with fixing the problem.
    
    Hay, that's life in Engineering.
        John Sauter

re: .3:

    re: .3--``What would happen if every bug which came out of Engineering 
    resulted in the public humiliation of the responsible Engineer?  How long
    would we maintain the wealth of talent we have in Engineering?''

You mean, we're going to hire Gordon back again? ;-)

Getting back to the topic; the auditors should be worrying about the
important rules at Dec: "Do the right thing in all situations" and
"problems should be handled at the lowest levels."  Ridicule is
not appropriate behavior when dealing with any employee.

Martin.

    re: .5
    
    I agreed, John, that errors may be apparent to others.
    
    But, did anyone go out of their way to humiliate you for the error?
    It doesn't sound that way.  I know what it's like to be working
    a key piece of code and have a major bug occur -- everyone knows
    about it.  But, in a _good_ work setting, everyone accepts the error,
    helps with the resolution (as in this case), and goes on.
    
    It doesn't sound like anyone wrote your manager and said "John screwed
    up and I trust that you'll see that this never happens again!".
    Neither did I hear you say that someone took you to task in a group
    meeting or conference.  It was an error and it was resolved.
    
    The observations regarding the audit process seem to indicate that
    undue attention is being given to those who err.  The emphasis seems to
    be that a "public flogging" of the individual(s) will prevent the
    reoccurance of the problem, rather than the pangs of guilt which
    a normal, responsible individual might naturally feel when informed
    of their own failure.
        
    Do I read this incorrectly?
    
    -- Russ

	My group has been security audited and our lab was safety audited
	by different groups. I don't recognize anything like them from the
	notes here.
	
	After both kinds (security & safety) a few people were talked to
	quietly off line as it were (I was asked about a couple of accounts
	that I had created for my own use of for the temporary use of other
	developers debuging for example). No one was given any grief publicly.

				Alfred

    re .2, about this note taking a biased point of view, and don't blame
    the cops....
    
    I'm the author of the base note and you bet I'm biased.  To add balance
    to this topic, let's hear from somebody who disagrees with me.
    
    Any auditors out there who want to present your point of view?  Any
    financial analysts?  How about you managers?  Am I nuts?  Does the DEC
    world look to you the same way I see it?
    
    Since I also own this reply, I'm going to reveal some more of my bias.
    I'm mad about the auditing process as I see it, and I'm also mad about
    the consequences as I see them.
    
    I think we've always had stupid accounting rules and business
    practices.  It's just that lately, we seem to be enforcing them.  For
    example, I can't tell the Minnesota Timberwolves in writing that we 
    won't charge them an extra 20 percent above the hourly consulting rate
    for work beyond the standard 9 - 5 Mon thru Friday.  I can't change a
    single word from the standard SWS terms and conditions without getting 
    into lots of trouble - even if some of these directly contradict what
    we want to do with this customer.
    
    Used to be, we just wrote a letter stating what we would do and the
    price, got the "owning" unit manager to approve it, and that was it.
    
    I keep hearing all kinds of creative ideas, but then somebody says we
    can't do them "because of the auditors".  If a customer calls and wants
    a couple days of consulting, I have to spend a *bunch* of time and put
    together a business package signed and approved by all the correct
    layers of management.  Only then can I make any kind of commitment to
    that customer.  By then, the customer - and Sales - is likely so mad
    at our bureaucracy that they won't come back.
    
    So, from where I sit, it looks to me like it costs us more money to
    administer our business than it's worth, and it takes soooo long to
    get all the correct approvals that the customer will go somewhere else
    while we fight among ourselves to get things right "for the auditors".
    
    But, then again, I haven't been in the Sales Support world very long. 
    Maybe I'm just now seeing what's been going on for a long time.  And
    maybe I just have a natural bias against "them dad-blamed bean-counters".
    
    But you have a point.  I think I'll change the title from "The auditing
    process" to "The auditing process and its consequences."
    
    
    - Greg Scott

    In the UK, we have a "Project Gulliver". Its purpose is to reduce
    beurocracy. Every new procedure introduced *requires* the cancellation
    of 2 existing procedures. If wasteful procedures are known, the MD
    wants to know.
    
    Whilst I have no idea how effective this is, it seems a very good idea.

    re: .7---It is certainly true that in the case I was referring to there
    has been no humiliation.  I was informed by electronic mail of my
    screwup (by two co-workers, not my management), and, because it was
    corrected over the weekend, my management may not even be aware of it.
    
    There has been no "flogging".  Indeed, I cannot think of a time when
    anyone in our group has been "flogged" in front of others.  Such an
    action would, I think, prevent recurrence only by driving the flogee
    out of the company.
    
    Therefore, I think I agree with the point of this topic, now that I
    understand it better: Public chastisement is not a good management
    (Grace Murray Hopper would say "leadership") technique.  If someone
    won't respond to private consultation, move him to a position of lesser
    (or no) responsibility.
    
    I am impressed by the example from Tandy, in which this technique seems
    to have been practiced.
        John Sauter

> < Note 763.9 by NCCODE::SCOTT "Greg Scott, Minneapolis SWS" >

You're not arguing "auditing practices," you're arguing "business practices."
I'm not an auditor, never have been, but I know that the ability to commit
the Company to business actions needs to be carefully controlled.
News reports indicate that the tanker that went aground in Valdez harbor
last weekend was being piloted by an unauthorized third mate.
What will that do for the oil company for which he and his captain worked?
Will they take the fall?  Probably, but their company is going to get hit 
really hard for it too.

Trading field service for football tickets may be common in the industry, 
but it opens the Company (and the team) to serious federal tax consequences.  
It's called "bartering," and if it's off the books, it's probably tax evasion.

Some of the rules as you describe them do sound counterproductive.  
So push back on the rules, go up the line until you understand
why a local manager doesn't have the authority to change the price book
on overtime services.  Demonstrate that it costs more to get the business
than it will earn.  Maybe there is a threshold for minimum business that
a company of our size can address.  I don't know, but you can find out.

- tom]

    I think the rigid business practices are symptomatic of a growing
    trend within Digital, and that is a lack of trust.  I know of no
    one (at least in the Field organization) who manages a organisation
    without 2 or 3 people looking over his shoulder.  The simplest
    consulting proposal seems to require approval clear up to the area
    level.  Sales support CLARS are monitored by someone on the area
    staff ( that's 2 levels above the first-line manager).  A lot of
    this seems to be justified by our "matrix" organization, but to
    me it's just plain bureaucracy.  
    
    Before joining DEC, I worked for a moderately large Fortune 500
    company.  We did things a bit more simply.  If you were responsible for
    producing something, you were given control of the resources to do it
    and then left alone.  If you repeatedly failed to deliver you got
    fired.  Managers spent their time managing their groups, not preparing
    CYA reports for 4 levels of overseers. 
    
    I think the Digital way of working could use a bit of simplification.
    
    -dave 
    

    re .12
    
    Yes, I'm talking about business practices.  I think our new rigid
    business practices are a consequence of the auditing process.  After
    the auditors came thru our area, the procedures seemed to get alot more
    complicated and we lost lots of flexibility as a district to operate. 
    We had a guy give a presentation of all our new business practices, and
    they were so complicated that nobody understood them.
    
    Did this happen everywhere or just where I live?
    
    Now, there's a whole notebook that explains our business practices, in
    language that I just don't understand.  I think it's one of those
    flowchart dealy-mabobs that's supposed to cover all possible cases -
    and it looks like it covers just about everything except creative stuff 
    we want to propose.
    
    I think all this stuff is a direct consequence of the auditing process. 
    I think we have more incentive right now to have an "acceptable" audit
    than to win in the marketplace.  And I think this often means following
    business practices that don't appear to my mind to make any sense.
    
    And I think these rigid business practices are a contributer to why 
    we're hurting badly for business.  Opinions?  Am I the only one that
    thinks this way?
    
    OK, I've bitched enough about the consequences of our auditing process. 
    
    I would also like to read more from people about the process itself. 
    Is the process adversarial all over?  A few earlier replies talked
    about constructive, good, stuff within an engineering group.  I need to
    look at those again to see if they were about actual audits or informal
    peer group stuff.
    
    BTW, on the trading Field Service for box seats:  This is 2nd hand, but
    I think the auditors' problem was that the correct permissions weren't
    given in writing by the appropriate area people.  I don't think they
    had a problem with the bartering itself.  The paperwork wasn't
    acceptable to the auditors and so the business arrangement had to be
    terminated.  Since then, it took a couple years, but now I think the
    arrangment is back in place with all the appropriate permissions
    granted.  But this needs to be verified by people who dealt first hand
    with the auditors.
    
    - Greg Scott
    

        Greg, it might help us understand your concerns if we understood
        your role in negotiating and delivering SWS business.
        
        I don't think the auditors are responsible for creating the new
        business practices; rather, they are responsible for checking to
        see whether organizations are implementing the practices that are
        prescribed by management. 
        
        I suspect that what you're seeing is an increased focus on our
        profitability, on cost containment, and on consistency in our
        business relationships with all of our customers.  I very much
        doubt it's the goal of the managers developing the business rules
        and procedures to make us less profitable or harder to do business
        with, but that could be a result if the rules are poorly thought
        out or poorly communicated. 
        
        If the relationship you're having to the auditors is adversarial,
        it could be because the auditors are inhuman and can't be worked
        with as normal human beings (which is possible -- auditing is a
        job that involves control, and may appeal more to some personality
        types than to others, just as, for example, police work appeals
        more to some personality types than others), or it may be that you
        and your group have a bad attitude about the auditing process and
        set up an adversarial situation.  From a distance, it's impossible
        to tell.
        
        If you find the new business rules hard to understand, why don't
        you use the open door process to work with your management to get
        clarification of the rules? 
        
        Tom

    Having received auditing training and performed a few audits
    I feel qualified to enter my .02c in here.
    Audits come in 3 main types. First there is an internal
    compliance audit. The audit checks that  we do what we say
    we do by looking at the published procedures and comparing them
    with what people are actually doing. If people have a problem
    with that because, "no one does it that way around here!" then update
    the procedure to show what really happens. This also helps new
    people with understanding how to do things.
    Secondly there is a full audit where an auditor goes into an
    area and assesses the way business is being done. This then
    results in a report identifying problem areas and recommending
    where improvements could be made.
    Lastly an audit can be performed at a supplier where the auditor
    judges whether that company has its business in control so that
    we do not run unacceptable risks of supply or quality for example
    when buying from them.
    
    The main thing an auditor should have in mind when auditing is,
    "Will this practice/process/method have a negative affect upon
    the final product?", where product can of course be service,
    software, tin boxes or whatever.
    The auditor should not be a policeman with a big stick, he or she
    is an impartial observer seeking to provide objective facts about
    the way things are done and recommending changes if necessary.
    Unfortunately some individuals get a kick out of power and abuse
    it. This happens in many other fields than auditing though.
    
    Calvin
    

    re .15 - I work for SWS Sales Support in the Minneapolis office. 
    Having worked in the Delivery side of the house for several years, I
    still consider myself as a rookie to Sales Support.
    
    My role in negotiating our services with customers is the same as what 
    other Sales Support people do around the country, near as I can tell. 
    I've been in on a few large Sales efforts in the last year, and I've
    also been part of some large delivery efforts.
    
    I'm a concerned DEC employee, and I'm mad about what I see as the
    business practices and the atmosphere I see being created as a
    consequence of our auditing process.
    
    
    re .16:
    
    I think SWS went thru a full audit last year.  As the process was 
    explained to me by our financial people, the auditors can find minor 
    infractions or major infractions.  Some number of minor infractions
    (don't remember the number) add up to one major infraction.  Some
    number of major infractions, and management teams can get booted out.  
    I'm not making this up - this is what I was told.  If the auditors find
    a minor infraction this year, and they come back again and find the
    same minor infraction the next time, it counts a major infraction.
    
    The absolute best that can happen from an audit is a district is found
    "acceptable".
    
    There are a bunch of checks and balances built into the system to make
    sure that nobody gets screwed.  For example, the district management
    team must sign the audit report that goes back to New England.
    
    The process I saw was definitely adverserial, and different than was
    described in .16.  Maybe we had a bad attitude, maybe the auditors did. 
    But, the *consequence* now is, I think we're all operating in a way to
    please the auditors and not take any risk.  And I'm worried that we're
    gonna get our butts kicked  in the marketplace.

    I survived an internal audit of SWS recently by following these
    simple steps:
    
    1.  Clean up your office (normally six months overdue anyway). 
    Do not leave _anything_ on your desk.  Everything gets filed and
    locked away.
    
    2.  Make sure you have the only keys to your desk/filing cabinet(s).
    
    3.  Visit every customer you know/do lots of PSS until the auditors
    go away.
    
    4.  Resume business as normal.

    I think that there are two separate issues here that are 
    getting confused and need to be separated:
    * Attitudes and practices of auditors (public humiliation, etc.)
    * Business policies and how they are implemented in light of audits.
    
    As to how much local management does business around the possibility
    of audits, what would _you_ do if your job was on the line based on 
    how well your team adhered to the rulebook?  I have *seen* an entire
    management team in a field district from UMs (all) up through the DM
    replaced as the result of an audit.  Consider that when you bend rules
    you may be jeopardizing your manager's job.  
    
    This is entirely separate from whether the business policies make
    sense:  If they don't, find out why they exist.  If there is really no
    good reason (that you can see), try to change them.  If the rule is
    changed, there is no issue of following it.
    
    Kevin