Marking Your Own Homework


The concept of segregation of duties is deeply ingrained in the enterprise and for very obvious reasons. Some very high profile bad things were possible because one person was able to play more than one role.

Segregation of duties is an important principle of control and is enshrined in all sorts of institutions from the checks and balances of the American Constitution to the procurement procedures of your own organisation. And I guess it’s why you need several people with several keys to launch missiles.

Unfortunately, segregation of duties also seems to be the motivation for some dubious defenses of siloed approaches to test and deployment that go against the DevOps way of delivering software.

Time and time again, I hear people object to collapsing costly divisions of labour or removing wasteful governance processes on the grounds that depending on unified delivery teams to meet the same goals would be “like checking your own homework” or “marking your own homework”.

This is a strangely compelling argument. It appeals to intuition by evoking common experience, and it is prima facie applicable to the case of software delivery in the enterprise because of the possibilities of fraud and error.

However, it doesn’t take much pressure to push the simile to breaking point.

To start with, you absolutely would and should expect people to check their own homework. That’s simply one of the traits of a successful student. The appeal is rather that a student’s double-checking their own work should not be blindly accepted as valid by the teacher. i.e. it doesn’t count as “marking” or “grading”. To accept the student’s grading would leave the process open to abuse and error.

That’s fair enough.

But would the appeal to our intuition be quite so compelling if our student’s self-marking procedure was:

I don’t think it would.

In fact, in that circumstance it’s hard to see how the student could actually get any questions wrong at all.

Which is exactly the point.

Segregation of duties protects against error or subterfuge in the realm of manual execution by sacrificing efficiency for increasing the number and diversity of the people who would need to be compromised for errors to pass through.

In the realm of automation, equivalent protection is available through checks that are collaboratively defined, automatically executed, automatically audited, and automatically evidenced, all of which is consistent with adherence to sensible access control and least-privilege policies. And diverse duties, responsibilities, silos, missile-key-holders can clearly be involved in auditing the pipeline and its execution.

Photo: flickr