Hiding behind certification

Professional circumstances have twice required me to become an “instant expert” on certification. The first time involved grasping the byzantine ins and outs of health care plan accreditation. The second time required understanding the politics (and economics) of how different universities granted diplomas and certificates for their business, technical and professional extension courses. I learned far more than I bargained for.

Both experiences recalled Bismarck’s famous epigram that one should never see either laws or sausage being made. I was shocked. Professional certification and accreditation turned out to be processes as messy, political, misleading and dysfunctional as most enterprise software development and implementation initiatives. The critical difference, of course, is that testing software quality is easier and less ambiguous than testing the quality of a certification.

That’s why I’ve been struck by the seemingly pathological need so many CIOs have for the certification of skills and accreditation of organizational performance. I find this craving misguided and pathetic. What does it really say when someone is Microsoft certified? Or has a certificate in “network engineering” from a quality university? Or if a development organization has a Capability Maturity Model Level 3 rating? Or is ISO 9000 compliant?

In many respects, these questions are as pointless and silly as asking, “What does it mean to graduate summa cum laude from Harvard in English?” Or, “How good a lawyer will you be if you performed brilliantly on the multistate bar exam?” Or, to be a total jerk about it, “How superior an executive would you be if you had an MBA from a top-20 school?”

Unfortunately, these silly and pointless questions are templates for the questions so many CIOs ask themselves when they seek to outsource development or weigh the quality of their own human capital investments. For reasons I fully understand but totally reject, many CIOs increasingly look to certification and accreditation standards as “market signals” indicative of professional quality and reliability. This represents the laziest and most dangerous kind of cover-your-ass thinking by C-level executives.

The truth — as we all so bitterly know — is that the IT world is filled with certified, credentialed and accredited idiots. I bet you’ve hired a few. I know I have. The fact that someone has an aptly named BS from Harvard topped off with a misleadingly named master’s from MIT does not a good developer (or employee) make. We have to ask ourselves why we make the assumptions we do about individuals with “elite” credentials. The answer says far more about our personal biases than their professional attitudes, aptitudes and skills. Shame on us.

Similarly, the fact that an organization is CMM Level 3 or even CMM Level 5 may be far less revealing about its development capabilities than the Software Engineering Institute (SEI) had in mind.

What does this have to do with the challenges of IT implementation? Everything. To put it politely, we look at credentials and certifications as brands and risk management investments. After all, how incompetent could a Harvard or MIT graduate be? How incompetent could a CMM Level 4-rated Bangalorean development shop be?

But regular readers of this column know I’m not polite: The business reality is that credentialed brand names are little more than shortcuts for executives who are either too busy or too lazy to do their homework. Don’t get me wrong — I have nothing against shortcuts. The question should be, is this a good shortcut or a bad shortcut?

A dangerous delusion

I asked several senior-level IT folks who had overseen significant outsourcing of their operations how much time they actually spent with their new contractor. Slightly over half of these executives said they spent more than a day visiting the actual work sites of their outsourcer and not one spent a cumulative week there before signing the contract. We’re talking tens to hundreds of millions of dollars here.

To a person, these executives waxed on about how these companies were filled with supremely well-educated engineers from the finest schools and CMM Level 3+ ratings, and so on. To be sure, their references were excellent too. But when I asked these IT execs if there had been a lot of communication between the in-house folks and the outside company to assure cultural and organizational compatibility, the answers were shockingly similar: “We’re outsourcing so that we don’t have to worry about cultural compatibility; we just want the best technical systems and the best possible price.”

Actions speak louder than credentials

Sorry, folks, but this is a post-industrial recipe for disaster. An overreliance on certification credentials as an IT investment criterion is as professionally dangerous as an overreliance on IQ as a hiring criterion. Frankly, I’m with the school of economic thought that argues that the real value of credentials and certifications like CMMs and MBAs is not that they indicate greater skill, but they signal to the market that these individuals and organizations will jump through hoops to demonstrate how much they care about being seen as top-notch.

In other words, the willingness to procure credentials can reveal more about attitude than aptitude. That can be critical.

One insurance company IT executive told me about how a development shop itched him long and hard about how much it wanted to do some of his company’s cutting-edge development work. The shop’s credentials were impeccable. The client references said the organization was technically excellent but a bit arrogant.

So the IT exec invited the shop to send three of its developers to a morning “code walk-through” to see what each side might contribute and learn. The development shop CEO immediately tried to talk him out of that invitation. “At that moment,” said the insurance IT exec, “I knew I would never hire them.”

Actions speak louder than certifications

Unless the act of getting that certification (or not getting that certification) truly says something important about the individual or the organization, CIOs are foolish to give them weight in any meaningful decision process. After all, what does certification really buy you in this development and deployment marketplace?

My observation is: not nearly as much as promised. The dubious quality of so many certifications and credentials inherently mismanages expectations. Few things at C-level IT investment management are costlier than mismanaged expectations. I’m comfortable arguing that, on average, the costs associated with credential-driven IT decision making consistently outweigh the benefits.