Sunday, May 29, 2005

Don't Tell The Auditor

One of the things that delights me about my marriage -- something that's delighted me for years -- is that we have thea conversations.

When we were recently married, my wife was asked by a sister what it was about me that attracted her. She replied that she liked that we had theoretical conversations, and said that surely her sister had those in her own marriage. Her sister laughed and replied that she didn't have theoretical, theological, or thea - anything conversations.

We do. And though its not a big part of our life, we both like it. Would it be arrogant to say that it lets us be smart? Well, perhaps 'smarter than we normally get a chance to be' would be more appropriate. We're not intellectuals, but we like to think. This time, we were thinking about auditors.

There is an international standard called ISO9000, part of a series of standards that have to do with how a product is created. In theory, ISO9000 is applicable to any production environment; in practice, it seems a lot more applicable to environments that produce tangible output, unlike our industry, which produces software and software environments. Thats not to say that it can't be made to work with us. It just seems pretty unlikely, based on our experience.

When it started, we thought that it meant that we would clearly document how we created what we created. We would document our processes, showing how we made the decisions for product creation and delivery. We would analyze the steps along the way along with the output from each step, and from that we would determine the best way to do it -- the best way to create and deliver our software product. After a couple of years, we'd be pretty amazingly consistent in the level of our quality.

What actually happened is that we developed a set of standards that could be summarized as Do Stuff. There would be some more detail than that, but not a lot more, because we found that if there was detail, then the auditors would pick at it like vultures tearing apart carrion. Far from helping us understand our environment, their only goal would be to nail us. So we deleted details as much as possible, made standards that no one could fail to follow, and, every year, just before the auditors would show up, we'd pull out the ISO documentation -- what Dilbert referred to once as a big honkin' binder -- and we'd brush up on how it was that we said we did what we did. We would most emphatically not be looking to improve our processes. The goal would be to Pass The Audit. If along the way we improved how we did things, fine, but that wasn't the goal of this exercise. The goal here was to Pass. The. Audit.

The other day I asked a coworker who the support person for a given software discipline on a given system was. He told me a name, and I said gee, thats not what my doc says. Must be an out-of-date copy. I paused, and said, with a smile: Don't tell the ISO auditor. I won't, he replied gravely.

Somewhere, I want to believe, ISO9000 works for software people, and makes their product better. Is that too much to ask?

Yup.

No comments: