"making individuals within a company responsible for what goes wrong within that company’s IT systems" seems patently ridiculous, especially without "paying individuals in proportion to value generated by IT systems". Otherwise, you have an unlimited downside, and a hard capped upside, which, personally, means I quit IT and start serving coffee for a living.
It gets a bit murkier with executive positions, in my opinion, since the unlimited upside does start coming in to play.
If companies want to hold engineers resposible to that extend, they would also need to give them a way out. Meaning that if a developer, regardless of deadlines, do not believe that his code is production ready, then you either delay launch or the responsibility now shifts to the manager who choose to ignore the developers concern.
As developers and engineers we’re responsible for letting management know if a project is not on track. What they choose to do with that information is their problem.
I'd imagine they'd rush delivery of items (going lower quality) and work just like we do to get something finished before the city enacts a fine for delays. Look at Mopac in Austin..
This is exactly why software developers shouldn't call themselves engineers. Real engineers (structural, mechanical) are legally bounded to denounce unsafe or incorrect design or practices
There's a whole lot of EE's and ChE's that'll be disappointed to learn they're not "real" engineers.
And even for structural and mechanical engineers, not everything requires reporting. Even when the project is subject to it, any number of institutional and social factors can make that essentially impossible.
The idea is that this would apply to executive positions. Right now, CFOs are required to sign off quarterly on the company's financial statements. If those financial statements are later found to be misleading or fraudulent, the CFO is personally responsible, and can face fines or jail times. What the article is proposing is that IT be held to a similar standard. A CIO should be held personally liable if an IT failure causes an outage that materially affects the finances of the firm or causes customers to lose money.
Nice idea in theory but it can (and will) be gamed. For instance, the CIO will have an auditor sign off on a master checklist of yes/no items which the engineers will then be forced to self-certify any changes against. Any failures after that are "provably" due to engineering not being accurate in their assessment of checklist compliance.
What items might we see on such a list? Oh, I don't know... 100% test coverage, perhaps?
In the UK this is called Governance. Fancy word for what is, effectively, liability avoidance.
The question with this kind of thing is what happens when you are ordered to do something that is outside your personally acceptable risk. Including threats of retaliation.
I’m not sure how that related to your original question. If your boss is instructing you to do something that you deem to be unacceptably risky, make sure they are aware of and take ownership of the risks. Large and especially regulated organisations (like banks) will have processes to track things like risk ownership. If you communicate risks like this, then not only have you covered your own ass, you’ve also done the responsible thing of notifying the correct stake holders. If they choose to act irresponsibly in light of that, then that’s on them.
I’ve done a lot of work in banks and this story sounds very, very familiar to me. Change the details of the system and it could be any number of projects that I’ve personally worked on. I’ve been brought into a number of projects like this at the ‘near completion’ stage, and each time I’ve reported on what I thought the risks were, suggested how they should address them, and advised them to delay delivery until they do. Some of those projects worked out well, some of them completely bombed, but I’ve never been put in a situation where I was made even partially accountable for somebody else’s poor decision making. So if your question is “how do I protect my own interests when my boss wants to be an idiot?”, then that’s the serious answer for how you do it.
I think the labour market would change the compensation too in this regulation scenario. Maybe it would go well, maybe badly (lawyers and liability insurance imposing conditions...)
Companies should give people the option to "sign off" that a project will succeed, and then ONLY those people should get the reward or punishment. This would be for everyone not just IT, and it'd require people to asses others skills and trust them on the job.
I'm thinking it would apply to the CTO and similar high-level employees? It wouldn't make sense to punish random leaf-node engineers; they don't know the full state/readiness of the system and aren't the one making the go/no go decision anyway.
It gets a bit murkier with executive positions, in my opinion, since the unlimited upside does start coming in to play.