HomeCognitive Enterprise

Alternatives to governance

Like Tweet Pin it Share Share Email

Culture is the new governance, and where it isn’t, it should be.

As my co-author Scott Lee and I pointed out in The Cognitive Enterprise, culture provides metaphorical lane markers. Formal governance mechanisms are more akin to guard rails — it you make contact with either one, something’s gone badly wrong.

Only sometimes, even culture is overkill.

Take posted speed limits. If you obey them because otherwise you might get a speeding ticket, that’s governance. If you drive five miles an hour faster than the posted limit, that’s culture — following an unwritten but near-universally accepted modification to what formal governance requires.

But when it comes to the choices drivers make about their velocity, governance and culture only matter when a far more powerful regulatory force isn’t in play — traffic.

When embedded in traffic, governance, culture, and personal driving preferences don’t matter. If the posted limit is 50 mph but the cars surrounding you are moving at a uniform 30 mph, you’ll drive at 30 mph.

It’s akin to states of matter. Light traffic is parallel to how gases behave — each molecule (car) moves along on its own with only infrequent interactions with other molecules. On public roads we don’t want these interactions to happen — they’re called “collisions” — which is why we have posted speed limits.

Heavier traffic is akin to the liquids, where fluid flows supplant individually independent molecular action. Driving in traffic is liquidity in action.

Add even more traffic and we discover how water molecules must feel when the temperature drops below freezing. Traffic jams and solid matter have a lot in common — nobody, whether drivers or molecules, is going anywhere.

(Physics minded readers might be wondering how the fourth state of matter — plasmas — fits into the picture. At the risk of beating the metaphor to death … race tracks?)

How does this fit into the broader subjects of culture, formal governance, and the decisions and results you, as an enlightened driver … no, wait, as an enlightened business leader … want to accomplish?

Heck, I don’t know. I just like the metaphor.

Not good enough? Okay, let’s poke at this and see where it takes us.

Most of us, most of the time, think about governance in such contexts as boards of directors, business change steering committees, and architecture review boards. At their best they help the organization maintain a fluid state, where everyone’s efforts pretty much line up with everyone else’s efforts, moving forward without a lot of high-impact collisions to disrupt the smooth flow of things.

Except that, for the most part, when the organization is already in a fluid state, traffic and culture make governance superfluous.

Part of effective governance is recognizing when not to say yes. Saying yes too much is like letting too many cars onto a road not designed to handle so much traffic. Effective governance tries to keep things in a fluid state so the organization doesn’t freeze up into solid-state immobility.

What counts as organizational gas? Consider so-called “shadow IT,” where business departments implement applications they need but that IT lacks the capacity to deliver (see “saying yes too much,” above).

Most of the German autobahn legendarily has no speed limits — it’s a gas.

But from Wikipedia: Any person driving a vehicle may only drive so fast that the car is under control. Speeds must be adapted to the road, traffic, visibility and weather conditions as well as the personal skills and characteristics of the vehicle and load.

When it comes to shadow IT, this isn’t bad guidance. We might imagine shadow IT governance following this sort of model, where driver’s education courses take the place of speed limits. You don’t want a shadow-IT free-for-all any more than Germany wants insane driver behavior on its roads.

On the other hand, forbidding business departments from using suitable information technology because IT lacks sufficient bandwidth amounts to … well, forget the metaphor. Refusing to allow business departments to operate at maximum effectiveness because that’s how your governance works changes risk management from one enterprise good among many to the only factor taken into consideration.

As for plasma: How about research and development? You want to encourage it, but in a safe environment … a metaphorical race track … where only trained drivers are allowed.

I’ve probably pushed this metaphor beyond its limits.

Still and all, I think it’s fair to say that too often, governance devolves into stifling, choking bureaucracy. With the right culture it’s needed far less often than it’s imposed, and when imposed it focuses on reducing costs and risks much more than on increasing revenue and opportunity. And often, traffic makes it unnecessary.

Comments (6)

  • Interesting column. But, what is the physics equivalent of bad actors, whose personal agenda, conscious or unconscious, is dysfunction?

    Are they akin to catalyst? A catalytic reaction that generates dysfunction? How do you see bad actors in relationship to governance, culture, and traffic?

    • Heck, I dunno. Maybe radon molecules in the atmosphere?

      I’m open to suggestions.

      • For bad actors in the highway metaphor, how about traffic-endangering weather?
        . snowstorms, from 1-inchers up to 2-foot blizzards.
        . golf-ball-sized hail, that can cause cosmetic damage to cars, but can also startle and distract drivers into driver errors that can lead to traffic accidents.
        . sleet and ice storms, causing everything from slippery pavement up to invisible “black ice”.
        . ordinary rainstorms, causing everything from ordinary slippery pavement up to flash floods.

        Remedies/mitigation methods, that should ALL be standard operating procedure:
        . purely technical defenses, e.g. antivirus, firewall, VPN (winter tires, snow chains).
        . education campaigns, e.g. phishing stings (driver ed, public service ads).
        . environmental/”public health” type measures, e.g. hacker hunts by the government (snowplows, road salt and trucks to distribute it, drainage).
        . dreary, boring old maintenance, e.g. device-driver updates, antivirus signatures (the pothole-fixer’s work never ends!)

        The point being: bad actors, like bad weather, are a simple fact of life in the environment that MUST be addressed.
        . They MUST be planned for and budgeted for before any actual useful work begins.
        . Don’t slash the budget because “hey, nothing bad happened after all! it was wasted money!”.
        . Extremely large, extremely improbable “black swan” bad actors may be difficult to plan for and impossible to get funding for preventing (e.g. “the flood of the century” happens 3 times during the last 15 years).
        . prevention/mitigation that is partial/incomplete is nonetheless far better than nothing at all, and MORE of it will always defend better against black swans than LESS of it (e.g. Chicago’s “Deep Tunnel” flood-control project did NOT completely absorb, but DID greatly mitigate, several less-than-capacity-sized floods while it was still under construction and not yet operating at full capacity).

      • Whew! And here I thought I’d pushed the metaphor hard for states of matter. This is a full-on view for risk management.


  • Budgeting for bad actors..

    Intriguing. Budgeting for bad actors in a project sort of seems like the inverse of a corporation setting aside a certain amount for R & D in that both actions address the unknowable, yet both are necessary.

    I wonder what a good bad actor percentage for a project might be? Maybe someone at Stanford or University of Michigan or Mayo Clinic might know. Maybe one of your readers?

    • Understand, I have little in the way of special expertise in this area…

      Project managers generally maintain a list of risks and contingency plans. Bad actors would seem to be a risk and would be dealt with that way.

      More generally, this would seem to be a subject for enterprise risk managers (ERM) to oversee. The general formula for risks is that you can prevent them (reduce the odds), mitigate them (reduce the damage), insure against them (protect against their financial damage), or accept (live with the possible consequences). I’m guessing this is dealt with somewhere in the ERM literature.

Comments are closed.