IT Responsibility – Informed Consent

“We are fighting fires everyday! Why did you build such a brittle system?” exclaimed the support engineer.

“We had a tight timeline. I presented the options to the business and they chose this. If you want to point a finger, point it their way,” defended the developer.

“This is not worth it! Why would they do that?” screamed the engineer.

The infamous, business. Sound familiar?

It is too easy to demonize those who work outside of the technology department. You establish an us versus them mentality and then stop even referring to them by name. They become the boogeyman. You believe that they are unreasonable and demand all three parts of the triangle; good, fast, and cheap.

The business, also known as, every one else who works for the company, are not demons. The dialog above represents an inappropriately deferred responsibility.

Back to school

“How long will it take you to write an essay on this topic?” asks the professor.

“About three days,” responds the student.

“That is not fast enough, I need to submit these by end of day tomorrow.”

“Well, if I write it myself it will be 3 days but if I plagiarize, I could have it done in a couple hours.”

“Great, I will come pick it up after lunch.”

Informed consent

From reading the analogy, I believe that most people would intuitively understand that plagiarizing is being presented as an option, but it is not a real option. Following that path is unethical and, in some cases, illegal.

The professor, whom is an authority figure, is giving consent to this negative action. But what if, we extended the scenario and stated that the professor does not know what plagiarism is? What if the professor is unclear as to the nature of that path?

Is stating the facts and negative nature of the choice even enough? Or, is it important that the professor actually understands the choices, in order to grant informed consent?

Doctors and the medical industry deal with the issue of informed consent daily. I do not believe many in the technology industry think about it much, however.

In the dialogue which opened this article, the company is dealing with the negative consequences of a choice. There is not enough information to know whether the choice was the best choice or not. However, the engineer clearly believes it was the wrong choice and is lost to understand their decision. It is likely, that this mysterious business person never understood the consequences of the choice to begin with.

Often decisions only appear terrible when you have enough information to assess them. Just as often, decisions are made with little information available to the party deciding. In fact, we praise leaders for being decisive, which is conflated with simply making authoritative decisions without enough information. This is why it is important for technology counter-parts to do one of two things.

  • Ensure that the decision maker truly understands the affects of all possible options.
  • Retain the responsibility for making the correct decision yourself.

If the decision maker does not understand the situation, to a sufficient degree, then you cannot transfer the burden of responsibility to them for no other reason than that they are an authority figure willing to sign their name under the illegible fine print.

Responsibility vs. authorization

Does the professor’s authority absolve the student of their responsibility to act appropriately?

No, it does not. In the case of plagiarism, it is a well known fact that the student should not plagiarize and the professor’s consent would not save the student from their consequences. So, why would it absolve the developer of their responsibility to build good systems?

In each of the scenarios, the student, the doctor, and the developer; the shades of grey shift with how clear, good enough, is defined. We know, without dispute, that the good enough bar is above plagiarism. Therefore, the essay will take three days and there is no other acceptable choice to be made. In the case of the developer, that bar is not defined in our example. That is because, most often, the good enough bar is not defined in a technology department or even in a single development team. The developer, in this case, is defining good enough as, “anything that the business decides.” But, there is a high chance that consent was given but not informed consent.

It is the responsibility of all technology professionals to understand where the bar resides within their team, their department, and their company. Then it is important for them to not even present options which are unacceptable. Even in the case of a doctor, who is bound by strict laws around transparency, the doctor is not going to present complete removal of the heart as a treatment for a tumor on the heart. If you took the whole heart out, the tumor would be gone. However, you would not survive. Death is clearly below the bar of good enough, therefore, the doctor does not even mention it as a possible option.

We, as technical professionals, need to do the same. There are many fast options which would cause a significant burden to the company and to the IT department. If the option is below the acceptable bar, explain to them that the essay will take three days to write and that there is no way to do it any faster.

Owning the problem

It may seem as though I am advising you to disregard the business’ need for speed to market or lowering costs of delivery. I am not. I am pointing out that short cuts, even if approved by the business, are not acceptable. You do, however, retain the responsibility of delivering within acceptable business parameters. If the option on the table is too slow or costs too much. It is your duty to find a solution to the problem without lowering your standards below acceptable levels. Allowing the business to choose a sub-par solution is equivalent to you giving up on the problem and demonizing them rather than owning the problem and solving it for them, the right way.






Leave a Reply

%d bloggers like this: