Summary
Organizations embracing digital technology rightly see many opportunities, but are gradually discovering that it also entails major risks, both for users and for the organization itself.
These major risks are increasingly identified separately, and are often managed in silos. The challenge now is to anticipate them, manage them and turn them into assets for improving organizations.
In this article, I describe these sources of major risk, show how and why companies need to learn how to keep them under control, and propose the term QSE-IP for integrated Quality, Safety, Environment, Inclusion and Privacy management approaches.
Risks and opportunities
Most organizations have already embarked on an in-depth digital transformation process. The potential gains are enormous, and the market for digital transformation is also considerable. On the other hand, as always, the advocates of these initiatives tend to exaggerate the benefits and opportunities, and minimize the importance of the associated risks and pitfalls.
Yet they are there, they exist, and it’s far better not to wait and deal with them now, rather than discovering them through complaints, claims, lawsuits, reputational problems or financial losses:
- Quality assurance for online services
- Security of IT systems
- Ecodesign and digital sobriety
- Inclusion and accessibility for disabled people
- Preservation of personal data
Of course, there are many other sources of risk, but these are particularly tricky to manage, and can pose major problems for both organizations (internal risks) and customers (external risks).
What are these risks, and what do they mean?
Privacy
Since 2018, the GDPR (General Data Protection Regulation) has applied to all companies dealing with citizens of the European Union, and concern about privacy continues to grow worldwide. Personal data is any information relating to an identified or identifiable natural person. This implies direct or indirect identification, or the cross-referencing of information. How can we provide information and respond to requests? What data is involved, why and for how long?
Inclusion and accessibility
Accessibility is both a fundamental right and a legal obligation for the State, local authorities and their public establishments, as well as for private companies whose sales exceed a threshold set by decree. There is an international WCAG standard. At the same time, in France, five million people are totally excluded from the digital world, and there are between fifteen and twenty million people who have difficulty with it.
Security
In 2020, according to govtech.com, there was a 141% increase in the number of security breaches compared to 2019, with the average cost of a security breach being $3.86 million in 2020. (Source: IBM).
Eco-design and digital sobriety
Eco-design involves integrating environmental protection right from the design stage of goods or services. Its aim is to reduce the environmental impact of products throughout their life cycle: extraction of raw materials, production, distribution, use and end-of-life. Digital energy consumption now accounts for 1.8% to 3.7% of all carbon emissions (depending on the measurement/study approach).I could also mention the considerable environmental impact of spam and mail marketing, online advertising and bitcoin, not to mention the massive and increasing impact of artificial intelligence in terms of energy resources, mining and water consumption.
Quality management
As an example, in 2018, and just in France, no fewer than 20 million parcels had to be delivered a second time or collected by customers from a relay point. For 53% of companies, the cost of non-quality is between 1% and 5% of sales. For 34% of companies, the cost of non-quality is more than 5%, or even more than 10% of sales (Source: AFNOR – French standardization organization).
What are the difficulties?
To begin with, entities have to reckon with the non-quality costs associated with each of the above sources of risk. These include the cost of resolving and dealing with defects, indirect costs for teams, direct loss of sales and reputation, commercial costs, communication costs and, of course, direct costs for customers. These non-quality costs are not necessarily measured, but they are visible and very real.
By tackling the management of quality, accessibility, environmental impact, security and the preservation of personal data, organizations can tap into a considerable reservoir of non-quality costs. On the scale of an organization, this opportunity would already be enough to take action, but there are many other reasons to tackle the problem.
Organizations have already identified the existence of major digital risks. To do this, they have created silos at different levels. These entities are called upon to manage these requirements in parallel, without necessarily having the global steering elements needed to work together.
As a result, operational standards or requirements (accessibility, quality, eco-design, privacy, security…) are deployed at multiple levels that do not necessarily speak or understand each other. This can result in requirements fighting for priority over others, disputed budgets, unshared tools and a lack of overall management.
Of course, this has a direct impact on the user experience, as users are often confronted with interface problems, or even unable to use them at all.
The digital sector already uses many standards, but they are perceived as operational tools. As a result, the key issues of accessibility, inclusion, data privacy, security and web quality assurance are only slowly making their way up the management ladder.
To use an analogy, we have nails and hammers, but not many people to decide where and in what order to hammer them.
QSE-IP: integrated management of digital activities
These subjects are supported by standards. They are essential for companies, which have no choice but to take them up and deal with them. Quite logically, to manage similar requirements, it quickly became logical and rational in industrial approaches to bring the management of these activities under the same umbrella called QSE (Quality Safety Environment). Far from being detrimental to quality, safety or environmental specialists, this approach has made it possible to hold on to the highest levels of management and decision-making, pooling resources, tools, decisions, approaches and skills. Above all, they have made it possible to share management.
These approaches, known as integrated approaches, are used on a large scale in industry. It’s time, therefore, to create integrated approaches for the web. It’s tempting to copy the industrial QSE (Quality Safety Environment) approach, but in my view it’s not sufficient to meet the challenges of the digital age: two major subjects are not covered, or are poorly covered, by QSE or QHSE approaches: inclusion and accessibility for disabled people must be present as major pillars of our approaches.
Privacy and the protection of personal data are also essential.
This is why we are proposing the creation of management entities called QSE-IP. Their mission: to steer the digital management of quality, inclusion and accessibility, security, privacy and the environment.
What’s the difference?
The role of QSE-IP approaches is to bring existing operational approaches up to management level. The aim is to add a steering dimension to approaches that are perceived as technical or operational. In contrast to current approaches, where the various subjects are dealt with in parallel and in competition, from the bottom up, the aim is to add a dimension that starts at the management level and works its way down to the operational level (top down), depending on resources, priorities and context.
Experience in industry has shown that the various components do not lose their relevance or importance; they continue to be relevant, but they gain in cross-functionality and efficiency, and carry more weight in the steering and decision-making of organizations.
In practice, these elements cannot be dealt with in isolation, as they impact all business lines and all levels of the company that are required to contribute to or use digital tools. In a context of transformation, this means nothing less than almost the entire company.
Each individual subject represents a vast amount of information and skills to be mastered. It’s impossible to make the whole organization aware of all these issues. We therefore recommend raising awareness and establishing a minimum base of knowledge and skills on each of these different subjects. I’ll come back to this at the end of the article, but Opquast training and certification is one possible action, as is the training of future managers.
In terms of management, we have two options: attach digital activities to existing QSE departments, or create QSE-IP management units and positions to take charge of the subject and oversee it. The second solution seems simpler to deploy initially.
For the organization, the first challenge is to reduce and control risks. This is directly associated with a reduction in non-quality costs and an increase in productivity. At the same time, when the organization takes these issues in hand, it contributes directly to improving its impact and its approach to corporate social responsibility (CSR).
And last but not least, they improve the quality of service provided to users, reach a wider target audience, limit discrimination, respect fundamental rights – in short, they are better able to carry out their missions.
And what about Opquast?
Opquast is a company with a mission to make the web a better place. The first aim of this article is to get people thinking and moving. Ideally, I’d like the experts in the various subjects covered in this article to understand that we need to move forward as a group, and that, far from being diluted, our subjects are stronger when they are taken up transversally at the highest level of organizations. I would also like it to encourage decision-makers to question their role in the emergence of these cross-functional approaches.
If this article contributes to all that, it will be enough.
To return to Opquast’s role in these approaches, we have a range of training courses that could be useful:
- The role of the Opquast training and certification is to promote acculturation and transversality for all teams involved in web projects.
- The Web Quality Assurance manager course is one of the prerequisites for launching a QSE-IP approach. This is the course best suited to creating the function.
- Finally, the subscriptions we offer to key accounts and digital services companies are gradually being expanded to include a range of services and tools designed to improve the management of this type of approach. If you’re interested, get in touch with us and let’s discuss your projects.
We’re just getting started. If you’d like to learn more with us, or if you’d like to comment on this article, we’d love to hear from you.
Notes:
- this post has beeen translated with the help of deepl.
- Thanks Aaron Mendez for his comments and suggestions