This posting is a culmination of information about IT organizations in Japanese corporations gathered over the past nine years that I have been working in IT audit, security, and consulting in Japan. Before we start a project at a Japanese company, I always remind myself of the challenges, then we engage the work and I remind myself to write such a blog posting. The details outlined here do not apply to certain globalized Japan firms, but they generally apply to most; including many that are globalized. The only exception are those globalized firms that have recruited foreign talent at the CEO or CIO levels – difficult to throw names around in my current job.
No Central IT Authority
The existence of a CIO within an IT organization in Japan is rare. If a CIO does exist, he/she is a figure-head that sits on the board, is very senior, and probably does not know the difference between Linux and Windows, has never produced a line of code, or cannot even setup his own printer. Believe me, this sounds like badgering, but is still an understatement. The outline below is a typical Japanese IT organization. Do you see anything wrong with this picture?

• IT Operations
• IT Planning and Strategy
  • IT Budgeting
• IT Risk and Security
  • IT Security Operations
• IT Development
• Various Corporate Departments
  • Department IT Operations
  • Department IT Development

In a typical western firm, within an overall IT organization there would be specific ties to the various business organizations for service level agreement maintenance, development project management, and infrastructure project management. That’s all – the top executive, CIO, would run all the budgeting, oversee development, maintain necessary security between development and production, and be the czar of the organization; inherently assuming all RESPONSIBILITY.
On the other hand, in Japan, across the IT organization are various parallel functions. When there is a security breach, or systems go down because of a release issue, or any other issue/question that may come up within an audit, there is a lot of finger-pointing and round-robin chasing of the person responsible. There is a very, very low level of definitive accountability in the typical Japan IT organization.
Excessive Bloat and Discombobble
I just had to use the word ‘discombobble’, which perfectly describes the situation on various levels. While there is an IT planning and strategy department, which is very powerful in most Japan IT organizations, because they control an overall budget for new, large projects that would affect the organization overall, other segments have budget too. Thus, defraying the very reason for having a central planning department in the first place. The IT planning directors are the people that consultants and security firms want to know, because they control the largest budget and wield the most power. However, the bloat and discombobble is exposed in the fact that all of the other IT organizations get their own budget to make independent decisions upon, and the individual business departments get their own IT budget – only sometimes dictated by a central IT planning department. We have seen bloat in IT organizations here in many ways, and one good example is a project we worked on – a 65-person crew is hired from an outsourcing company to do nothing but ID and access control management –  for a company of about 5,000 people (bloat). Other examples include all of the IT operations being outsourced to the tune of US$10 million per year, while maintaining a payroll of so-called IT ‘engineers’ in excess of US$20 million per year. In the later situation, we looked at the scenario and asked ourselves, “Who is doing what?” (discombobble)
Honor and Accountability
Here is the key to a lot of the bloat that most can appreciate – the Japanese tendency to deflect responsibility and accountability in order to protect ‘honor’. The keys to this tactic often employed at all levels of a Japan firm are:

1. Ask for more detail – detail you should already know, is common sense, or can easily be researched
2. Ask for training – training that can be obtained with a couple hours of Google, MS Support, Redhat Support, or other research methods
3. Ask for help or hire someone to do it – what that person was hired to do in the first place
4. Refer to your job description, then request all of the above – Japan labor law protects them this way
5. When the above four do not work, make the task more granular and do all of the first three
6. Outsource or hire a consultant

Number two above deserves more elaboration – there are cases in the face of a major project where formal training is required and the internet resources will in no way suffice. In Japan, however, this comes up so often for even the most simple tasks that I know a visit to my del.ici.ous page will answer.
In most western firms, when you hire an Exchange Connectivity Engineer, and you tell him he has to manage a new project for connecting a new Singapore office, you usually get a person (qualified or unqualified but willing to try) that will at least attempt to find the detail – Google or otherwise research the necessary knowledge – make a formal request for the necessary personnel requirements, and ultimately not revert to four thru six listed above. In fact, it is usually the CIO or some other manager that decides that certain projects may need outside help. If a Japanese engineer were to do all of this himself and ‘direct’ the effort, then if something went wrong, he would lose his ‘honor’ and have to assume responsibility for any minute failure….. Ridiculous! Immature! Infantile! Call it what you want. Just had to say it…. but that is the bottom line in organizational bloat within Japanese firms. It also explains why consulting companies here get away with regurgitating results from interviews without having to actually look into a system for the real problem, or to deliver the real solution that the client hired them to develop in the first place.

73s… any comments, agreeing, opposing, elaborating are very welcome!