Chief information officers gathered at the CIPS Informatics conference May 17 to 19 sent a clear message to any end-user departments thinking about doing their own IT work: Tell us up front what you are doing and be prepared to share the cost.
That advice came at a panel called “”Shadow Departments””
intended to address the problem of hosts of non-IT workers performing tasks that should be done by the central IT department.
Mark Farrow, director of IT of Hamilton Health Sciences, said he knows of a few shadow IT workers, and it’s a big issue in his organization.
“”Previously, we had pockets of information that departments had created. A patient would come back in again and we had no idea this other system had been built and had captured information from a previous visit,”” he said. “”That creates lots of problems for us.””
Farrow said there is also the issue of privacy.
“”Sometimes the shadow IT department is thinking more about how the applications are developed, rather than how the information is protected.””
According to Farrow, putting limits on shadow IT departments is not about control but ensuring that standards are met. “”The problem always comes about when (end-users) have done the work, and come and tell us after the fact,”” said Farrow.
Gord Lalonde, CIO of the Town of Oakville said, “”while shadow departments can be a good thing, ultimately the projects they develop should come home to reside in IT.””
While end-users are often enthusiastic in the early stages of a project, what happens is “”they don’t want to maintain it, nor do they don’t want to take calls in the middle of the night to support it. It’s our job to take those things over and put them into a production environment,”” said Lalonde.
Lalonde says he encourages any end-user body who is thinking about doing development work “”to have a conversation with us early.””
Renato De Tina, director of information systems and process automation at Dofasco, said the company has 20 independent business units with one central IT department that looks after networks, security, disk storage, databases, certain business applications and desktop tools.
End-user departments can implement a non-standard package or develop a new application but they must pay those costs themselves. “”That’s one way to encourage them to use a central service instead of doing their own,”” he said.
“”Over time, these applications may not work anymore because let’s say we upgraded the desktop, then they knock on our door and say, ‘Can you look after it?’ Is this the most efficient way of doing things? Probably not.””
There are also other risks that end-users are not aware of. “”Disaster recovery, backup, security, error tracking, version control are a number of issues we have encountered,”” he said. “”On the one side, (end-user) creativity is a good thing but I wonder do we need different databases for each department. There’s a balance there.””
Debbie Barrett, CIO of McMaster University said shadow departments are necessary because people in the field have a better understanding of what needs to be done.
“”I come back to freedom with boundaries. As long as there is a process in place, with someone who is accountable and who pays, then it’s perfectly appropriate.””