Blogs > Abrahams Accessibility

Accessibility and process and control - a response to a blog

Peter Abrahams By: Peter Abrahams, Practice Leader - Accessibility and Usability, Bloor Research
Published: 6th July 2008
Copyright Bloor Research © 2008
 Logo for Bloor Research

I have just been reading a blog 'Big organisation optimisation for small projects' from Bankervision. It raises some interesting questions about how accessibility needs to be integrated into small projects. You can read the whole blog but I will prescis it here so I can respond.

"My team and I are busy rolling out a new innovation... Yesterday... an email from one of our accessibility experts... had we done the mandatory testing... I'd not been aware of the mandatory requirement... I'd not budgeted for any such requirement... we will find a compromise...

However this situation brings something to the fore... The big project model requires lots of systems and processes... But the small project is one that can't afford much process... It is an endless flip-flop between not enough control and too much... But one thing is certain: process and controls are about controlling change, about slowing down responses so that things become predictable. They are never about moving fast."

I have some sympathy for James trying to run a project and being hit by some extra work late on but I completely disagree with his conclusion at the end. Process and control should be about moving a complete project ahead faster. They should be about two things:

  • Getting things right first time so there is less rework later.
  • Providing a framework for managing the project, thereby letting the project concentrate on the implementation and not having to think about how to manage and control the project.

The most important thing to 'get right' is to ensure that the project adheres to the policies of the business. For example any enterprise, especially a bank, will have business policies on security, privacy and business conduct, these are policies emanating from the CEO. The IT organisation will have developed IT policies to ensure any IT implementation adheres to and supports the business policies. It makes no difference if the project is big or small, nor if it is main stream or innovative, it has to adhere to and support the policies. The only way to make sure that happens right first time is for there to be process and controls for all projects.

You may have noticed that I did not mention accessibility policy in the last paragraph. I only did that to make a point. I do not believe that anyone would argue that security, privacy and business practice policies exist and need to be followed. I am sure that James's project took careful note of them and ensured compliance. The problem is that not everyone knows that the bank has an accessibility policy (I happen to know which bank James works for and I know it has such a policy). The policy is a business, not an IT, policy and basically says 'the Bank will make its services accessible to its customers and staff'. There are obviously IT processes and controls that support this business policy.

I am not sure why James got into this situation.

The first possibility is that he ignored all the process and controls related to projects in the Bank. In that case how can anyone be certain that there are not substantial security and privacy shortcomings in the system that is about to be delivered. Let alone concerns about performance, reliability, usability and fitness for purpose. I sincerely hope for his sake that this is not the case.

Another possibility is he did follow the relevant process and controls but that they did not include accessibility. If that is the case the processes need to be updated to include the necessary controls to ensure accessibility is baked in to all projects.

What is clear is that getting rid of the processes and controls is not the way to ensure that new systems comply with the policies of the business.

James is Head of Innovation and Research at the Bank I would recommend that he uses some of his effort to ensure that the policies of the bank are complied with using the minimum of effort.

Obviously this is a specific story with specific individuals but the same principles must apply to any organisation in any industry. Are you sure that your enterprise has got the right business policies and related processes and control in place?

I am posting my reply here but will also post it on the original blog.

Reader Comments

We are no longer accepting comments against this item. We suggest contacting the author directly.

7th July 2008: 'James Gardner' said:

Your analysis is instructive. And of course I agree with most of your points. There is a bandwidth issue involved, however.

Would you insist on the full raft of policy for a system that would be used by 3 people and built on Access?

On a paper process for a workgroup?

On an excel model?

What is the difference between end-user computing solutions and small projects?

My point, though I perhaps did make it well, was that without a level of flexibility in the application of policies for small systems with limited audiences, you don't get small systems for limited audiences at all.

James.

Reply to James Gardner?

7th July 2008: 'Peter Abrahams' (Author) said:

James
Thanks for your quick and interesting response.
Even a three user access system needs to abide by company policy. For example if it kept personal information about customers it will need to follow certain rules. If it had no security and inadvertently left an entrance for unauthorised users that could be critical.
If all the users are known then accessibility might not be critical but it would still be worth asking the question in case a fourth user is added, besides the fact that a little consideration of accessibility often assist the usability of the system. The question is how do you design a system that ensures policy is adhered to without it becoming over onerous.
One possibility is to provide a series of technologies that can be used for these small projects which have checks for security, privacy and accessibility built into them. That kind of flexibility we should all agree with.

Reply to Peter Abrahams?

7th July 2008: 'Ben' said:

I can only respect and empathise with your stance, however, without victimising, how do you cope when you have departments on a perceived crusade to block what they can without compromise, often to the detriment of the original manifesto or design thus negating the anticipated impact or effect

Reply to Ben?

The messages above were all contributed by IT-Director.com readers. Whilst we take care to remove any posts deemed inappropriate, we can take no responsibility for these comments. If you would like a comment removed please contact our editorial team.