Because traditionally the database was managed by IT, not by engineering. IT came up with the idea that it should take forever to approve changes to the database, so engineering invented ways around their can-don't attitude. Can you imagine any CTO approving a web-based signup page being allowed to change the users to the database?!
Note that IT has good reason for the complex change rules: if they make ANY change to the data base, everyone needs to change. The change itself is simple, but in many cases thousands of programs access the database. If taxes don't go out on time because the program that runs once a year at tax time didn't get updated - the best case is the CTO goes to prison, things get worse quickly. When prison is a very real risk of approving a database change would you approve it?
> Note that IT has good reason for the complex change rules: if they make ANY change to the data base, everyone needs to change.
Only if the DB is used by multiple apps and not designed correctly for that use (e.g., all apps use direct access to base tables rather than app-specific views.)
Unfortunately, this is more common than it should be, but the solution is to stop doing that.
Nobody ever went to jail because a software defect made their tax filing late. Don't be ridiculous. It's this sort of over-aggrandizement of IT's supposed responsibility that is the cause of the problem. IT acts like they are a thin, red line single-handedly holding compliance and hackers at bay. The god complex needs to end.
IT is still a risk. High level executives can go to prison for some failures, and tax issues are on the list. It isn't clear if courts will accept software issues as an excuse.
