back to article Ex-McKinsey IT director claims he was fired for whistleblowing

A former IT director at McKinsey & Co filed a complaint yesterday claiming it wrongfully terminated him after he blew the whistle on alleged disaster recovery issues within the consultancy. Kamran Niazi alleges in the lawsuit, filed in Massachusetts on May 22 and seen by The Register, that he was put on a performance …

  1. OhForF' Silver badge

    Communication issue

    Was the communication issue that he did not understand his job was to get McKinsey certified with minimal expense and not actually investing all the efffort and money necessary to have a working disaster recovery?

  2. Eclectic Man Silver badge

    'Disruption Resilience'

    In my day, DR was "Disaster Recovery". Unfortunately I too have experienced the:

    "DR capabilities were virtually non-existent in the Client Capabilities technology landscape."

    Basically, to 'save' money, a senior manager 'decides' not to bother with paying for effective DR facilities, despite what the contract says, because otherwise there'd be insufficient 'profit' on the deal, and the manager might not get that shiny bonus. This, of course, does fall foul in the event that an honest person does an audit or, Heaven forfend, there is one of your actual disasters*.

    That's the trouble with honesty and integrity, it can land you in an awful lot of trouble.

    I wonder whether McKinsey & Co. can provide documentation of invoices for the DR equipment, its installation and maintenance contracts, rosters for the DR staff, accounts showing how it was all paid for in time, electricity bills showing that it was, in fact operational during the time in question and that Mr Niazi was not factually correct in his assertions. Time and the courts will tell, assuming they do not settle before trial.

    *Say, one of your data centres, build out of shipping containers goes 'phoom'.

    1. werdsmith Silver badge

      Re: 'Disruption Resilience'

      That's the trouble with honesty and integrity, it can land you in an awful lot of trouble.

      Definitely, and any whistle blower in any circumstances goes out on a limb, if nobody listens to the whistle or the businesses closes ranks then you've blown it. Might as well clear your desk.

      There are many potential whistle blowers out there who will not risk picking up the old Acme Thunderer.

    2. Anonymous Coward
      Anonymous Coward

      Re: 'Disruption Resilience'

      That's the trouble with honesty and integrity, it can land you in an awful lot of trouble.

      Yup. I flagged a project we were supposed to simply backfill the documentation because the client would have wasted several millions implementing it without ever seeing the benefit of it. The problem: it appeared some of my superiors had already been planning to acquire a good deal of that, so doing the ethical thing and speaking up went the way of a lead balloon.

      The lead on the job tried to entrap me by having me present the issue to the most consulting hating person they could find with the idea they could continue as before after I got shot down, only that didn't happen because aforementioned hater didn't hate me on account of being direct, clear and concise (read: avoiding the sort of BS language that caused his hate in the first place) - I was even complimented.

      So they found some excuse to put me on a PiP (their standard tactic to avoid having to pay redundancy), and that I sank too by laying the facts and evaluation on the table and announcing that they could choose between paying me properly or face a court case for constructive dismissal. They caved when they realised I knew full well a constructive dismissal conviction would end their acces to any further government pork - it was the cheaper option..

      Personally, I have found that the biggest problem with any consulting: the bigger the company gets, the more likely they drift off the pure facts. I just liked solving problems, the politics and dishonesty is what made me leave.

      “Somebody once said that in looking for people to hire, you look for three qualities: integrity, intelligence, and energy. And if you don’t have the first, the other two will kill you. You think about it; it’s true. If you hire somebody without [integrity], you really want them to be dumb and lazy.” - Warren Buffett

      1. Mike 137 Silver badge

        Minority position

        “Somebody once said that in looking for people to hire, you look for three qualities: integrity, intelligence, and energy. And if you don’t have the first, the other two will kill you. You think about it; it’s true. If you hire somebody without [integrity], you really want them to be dumb and lazy.” - Warren Buffett

        That's definitely a minority opinion. In my experience, the primary quality desired is complaisance -- a talent for accepting without making waves whatever is handed down from above. I was once "responsible" for incident response planning for a multinational, where, despite my advice, the UK HQ "DR kit" finally consisted of a self-contradictory policy document and a cardboard box of stuff on the top of a filing cabinet in the IT office. The plan was never tested for real -- the execs just sat down once a year with an external "consultant" and discussed how they would evacuate the building or something equally trivial, regardless of the current threat landscape. I'm really glad this was before the ransomware age.

        1. Anonymous Coward
          Anonymous Coward

          Re: Minority position

          the execs just sat down once a year with an external "consultant" and discussed how they would evacuate the building or something equally trivial,

          Certificartion costs whatever exorbitant amount partly because of the certification authority taking the blame and their insurance taking the financial loss.

    3. Anonymous Coward
      Anonymous Coward

      Re: 'Disruption Resilience'

      That the executives euphemise "disaster recovery" as "disruption resiliance" shows they are mentally and/or morally incapable of facing truth and dealing with it in a rational way.

      "'Disaster' sounds too scary. Let's call it something else."

      1. Anonymous Coward
        Anonymous Coward

        Re: 'Disruption Resilience'

        It *is* scary, "it" being the recovery part!

  3. Peter2 Silver badge

    Ah, the age old management method of "solving" a problem by shooting any messengers providing bad news, to ensure that everybody falsifies data so that everything looks great on paper. The shortcoming with that approach is that while paper reports look great nothing actually works in practice, and the higher management has (by their own a deliberate policy of not wanting to know what the actual situation is) no idea what's actually going on in the company and so any plans they make are near certainly based on false premises and almost certainly undeliverable.

    One hopes that they now actually sort out their disaster recovery systems, preferably before they need to recover from a disaster and discover that they can't.

    1. Eclectic Man Silver badge

      Peter2: "One hopes that they now actually sort out their disaster recovery systems"

      LOL, that's a good one, that would mean admitting to a 'mistake', can you see McKinsey & Co doing that?

      1. Anonymous Coward
        Anonymous Coward

        Say it ain't so

        People from McKinsey would never do anything untoward. Just ask Puneet Dikshit, Navdeep Arora, Rajat Gupta, and Jeffrey Skilling.

        1. Phones Sheridan Silver badge

          Re: Say it ain't so

          $588 million in fines https://violationtracker.goodjobsfirst.org/parent/mckinsey, and a whole page of dodgy dealings being tracked by ProPublica https://www.propublica.org/series/mckinseys-rules

          1. Insert sadsack pun here

            Re: Say it ain't so

            Don't forget about the criminal charges in South Africa over McKinsey's engagement with the Gupta crime family!

            https://www.ft.com/content/63385e68-e1ce-4c10-9a62-cb1be1ca30e5

  4. Anonymous Coward
    Anonymous Coward

    Disruption Resilience (DR)

    No, no, no, no, NO!

    DR is already "Disaster Recovery" which is already regularly confused with "Business Continuity" we don't need another acronym that is the same as an existing acronym that fuckwits already fail to understand.

    In fact this whole article reads like the usual confusion caused when a disaster recovery planning meeting is called.

    Disaster Recovery (DR) is what you do after a "disaster" to bring the business back to where it was.

    DR is essentially, your backups of backups of backups at different sites, dimensions and realities.

    Business Continuity is what you invoke during a "disaster", or before if it is a natural event you know is going to happen (hurricane, heavy rain leading to floods, pandemic etc), to ensure the business can keep operating at an agreed minimal level.

    BC is essentially, your failover...like a second site, work from home policy etc etc...it's what you invoke to allow your DR to actually be invoked and to ensure as few people as possible are sat around waiting for shit to be fixed that climb up your ass every 20 minutes asking "are we nearly there yet?".

    Conflating the two is never a good thing.

    Also, if the pandemic taught us anything, it's that in most cases...business continuity plans were probably mostly overkill...I can only speak from my own experience, but for me personally, when locks downs hit etc...transitioning pretty much all of my clients to work from home was pretty seamless and the "urgent meetings" to "discuss the strategy" were laughably over dramatic.

    CEO: Shit! Lockdowns...we need to get around a table to discuss business continuity...what do we need, how much will it cost...how long will it take to roll out?

    Me: We need nothing, it will cost nothing, and it's already setup...you've had VPNs for years.

    CEO: So...

    Me: That's right, business as usual...

    CEO: But...

    Me: I know, but business is slower because you're at the mercy of how long it takes your clients to transition, and there is nothing you can do about it.

    CEO: Ah...

    Me: No, I will not support your clients for free.

    CEO: In that case...

    Me: Yes, go home, relax...use the VPN as you have done for the last 10 years, everyone else here already is, I've diverted the phones to mobiles, the hunt groups all work, we tested it a week ago...it's all good.

    CEO: Ok...

    Me: Good boy.

    CEO: But the...

    Me: It's ok, I'm a key worker, I'm allowed to be in the office, but you aren't. I'll steer the ship from here. Go home. It's the law. IT guys, nurses, doctors and engineers run the world now. We'll check in...say...two years? Go away, spend some time working on how you can still have garden parties and play golf without technically breaking the rules. That's what CEOs do now. Chief External Officers.

    CEO: The other execs?

    Me: Furlough baby! Fuck them off for a couple of years, save some money...have a good time.

    Then every month for two years...

    CEO: How's it going?

    Me: Fine.

    CEO: Is there anything I can...

    Me: Nope, nothing. Ever. In fact weirdly, productivity is up, costs are down and staff morale is at an all time high. Weird right?

    CEO: Yeah...?

    Me: So yeah, go away.

    CEO: I've heard rumours you've been saying you're the CEO now.

    Me: Me? No! How can I do that? You're the CEO! I could never do your job, I'd have nobody to manage because I can look after my own calendar. See?

    CEO: Oh yeah, good point.

    Me: See everything is fine. Now go and eat out to help out.

    CEO: Ok, catch up in a month.

    Me: Sure. I'll have my new PA put a reminder in your calendar.

    CEO: New PA? Why did we hire someone new?

    Me: We didn't, it's Sally...you remember?

    CEO: Oh yes, my PA.

    Me: Sure they are. Speak to you in a month. *click*

    1. deadlockvictim

      CI/CD

      DR is already "Disaster Recovery"...

      Do you mean that it is a bit like what CI/CD means?

      Our communications team and developers both this term to radically different things.

      1. Anonymous Coward
        Anonymous Coward

        Re: CI/CD

        DevOps isn't a real thing dude. Its feature creep designed to increase the workload of an infrastructure engineer for no extra money.

    2. Eclectic Man Silver badge
      Meh

      Re: Disruption Resilience (DR)

      "CEO: Shit! Lockdowns...we need to get around a table to discuss business continuity...what do we need, how much will it cost...how long will it take to roll out?"

      I wrote an initial BC/DR plan for a major telecoms company (regular readers of The Register will have heard of them) for a possible Avian Influenza pandemic. When presenting it to the director (he was not an Operating Committee Director, just a 'minor' sort of Director) I did sort of point out that in the event of a potentially fatal disease spread by breathing, getting senior staff together in one room for long meetings would tend to be a very bad idea, and that, as we were a telecoms company, we really should be able to do this sort of stuff remotely, particularly as we sell this very capability to those wonderful entities called clients who literally pay our bills. (OK, I was much more diplomatic than that, but I got the message across.)

      I even explained about waves of infection requiring long term planning, rather than your usual 'Oh! There's been a disaster, we now have to pick up the pieces and return to some sort of normal operating model.' Plus, of course considering the sad fact that some of those off sick would never return to work due to death (either of themselves or of close family).

      My manager's manager called it "brilliant", naturally my actual manager* decided he was the 'brains'...**

      *I would not even trust him to buy my shoelaces, let alone tie them, but that is ancient history now.

      **I'm not bitter, not at all, in any way

      1. anothercynic Silver badge

        Re: Disruption Resilience (DR)

        Classic management. Delegate down and take the credit for the delegated work? Or was it not even delegated down in your case?

    3. Mike 137 Silver badge

      Re: Disruption Resilience (DR)

      "BC is essentially, your failover"

      Business should always be continuous -- not just in the aftermath of an incident. So BC is ideally a key component of your risk minimisation. It should engender resilience that minimises the likelihood and consequences of incidents before the fact as well as carrying you tolerably safely through those that occur despite your pre-emptive efforts.

  5. aerogems Silver badge

    Can't really comment on any of the specifics except to say his version of events sounds like a pretty textbook case of retaliation on the part of the company. Doesn't necessarily make it true, but it definitely makes it plausible.

  6. Eclectic Man Silver badge
    Joke

    I wonder ...

    When McKinsey needs external consultancy, do they hire themselves to consult on who to consult with?

    Sorry, feeling frivolous this afternoon.

  7. Anonymous Coward
    Anonymous Coward

    I bet he did Niazi that coming.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like