6.2. Conducting the ONA
We conducted our ONA with the help of a management consulting firm. This not only gave us access to the consultant's expertise but also created a neutral party. We found that people would speak candidly to a consultant, whereas in many cases they wouldn't to their peers or managers.
Figure 6.1. OVERALL APPROACH
Because our department is relatively small, we were able to develop the ONA fairly quickly. The consultant conducted a series of short interviews with a cross-section of ITSec to hear what people thought were the department's key issues. Then, working with the department's senior managers, they developed a short automated survey for the full team. The goal was for the survey to take no more than 30 minutes to complete. In developing the survey, we needed to decide whether to make it anonymous. On the one hand, being able to identify the survey takers would let us follow up with them to ask deeper questions about their responses and understand the results more fully. On the other hand, we believed that people would be more candid if their responses were anonymous. Ultimately, we decided to make the survey anonymous.
The responses to the survey generated two reports: a personal results report showing the size and makeup of each person's social network within ITSec, and a departmentwide report that showed the overall network. In practice, the personal reports were not particularly useful. In a small unit like ours, everyone knows everyone else, and thus most people's social network diagrams looked exactly alike.
However, the departmentwide report was very useful and set the direction for the work that followed. In short, it confirmed what many people already felt in their bones. First, trust was high within the subgroups but low between them. Figure 6.2 shows the density of information-sharing links among people in the four subgroups. The size of the circles reflects the relative size of the groups (for example, Subgroup B is roughly twice the size of Subgroup A). The percentages within the circles show the information-sharing links that exist within subgroups out of a possible total of 100 percent (if everyone in the subgroup were connected to everyone else). The arrows extending from the circles show the percentages of information-sharing links between groups (e.g., of all the information-sharing relationships that Subgroup A could have with Subgroup B, 26 percent existed).
This diagram and others confirmed that insularity was a problem: Every group had dramatically better internal information-sharing networks than external ones. Such a finding would not be surprising in a large organization, but ours was a department of only 40 people, all working in the same hallway. The analysis demonstrated that people were unable or unwilling to engage peers who were located only a few doors away. This strongly suggested an overall lack of trust. Other analyses of the ONA data that directly measured trust (such as survey questions asking people to rate how much they trust each of their coworkers) confirmed this.[]
Second, the study showed that we were not making efficient use of information "hubs"—people who serve as transmitters of information or guidance within the department. Figure 6.3, in which each diamond represents a person who serves as an information hub, depicts the number of people who named each individual as a key information source as well as the number who said they need even more access to the person.
Figure 6.2. INFORMATION SHARING WITHIN ITSEC
The scatter-plot clearly shows that several information-sharing hubs in the group were overburdened. For instance, the person at the top of the chart was already a critical information source for 25 out of the 40 people in the department, yet 21 people reported that they needed even more from him or her! (Ideally, we would have known who the hubs were. However, because the survey was anonymous, we didn't have this information. The consultant did tell us, though, that managers were strongly represented among the most overburdened hubs.)
Figure 6.3. INFORMATION HUBS IN ITSEC
The small number of overburdened hubs told us that in the absence of trusting relationships among peers, people tended to over-rely on the formal management structure for information and guidance. Thus, information flow within ITSec needed to be democratized, and the department needed to rely less on a centralized command-and-control structure and more on a self-led structure.