Tag Archives: Risk

Governance and the myth of the static

Here’s a word every college and high school student should learn: Governance. While it has that authoritative “govern”, it needs to be disarmed and understood as the instable farce it actually represents.

Much of my non-debating time in spent in a professional world known as “governance, risk and compliance.” While I try to limit the radiological exposure to the last term, the first and second comprise a lot of my interest and attention. To debaters who find epistemology and, in particular, meta-epistemology (which I define as the practice of creating meaning-and-interpretation production systems) interesting, this is a remarkably engaging place to work that is most likely not listed on your career survey listings. To give you a sort of aggressive explanation of governance and risk, let’s work with the idea that governance is what we do and what we get when we try to model out a system, based on our best estimates of how a system would seem to work well and keep itself well maintained, and risk is what you get and have to deal with when you ultimately fail at the former exercise. If you’re working for a Sandwich Artistry company, governance would be related to the effort to figure out what procedures and policies make sure you make good sandwiches, don’t give your customers food poisoning, and make sure you don’t over-compensate and cause the company to lose money and go out of business. Risk is the practice of dealing with how you might have gotten it wrong, either in what you did or didn’t realize might happen.

Notice I’ve neglected that third term: compliance. That’s the world of busy bodies with clipboards and checklists who check to make sure a governance approach that becomes promoted into the realm of sovereign interpretation (e.g. becomes a law or some sort of a regulatory requirement) is being practiced based on the interpretation of the clipboard police. While these people are vital to the functioning of systems, they tend to be arbitrarians who don’t understand the very nature of their existence. To them, the law is. It always has been. If you’ve seen the movie Pleasantville, these are the black and white types who are terrified of the ambiguity and complexity of color. They require certainty. The belief in rules assures that bad things will never, ever happen, just as long as all those deviant rule-breakers are punished and kept at bay. Compliance with rules is a very special thing, as it defines their sole purpose for collecting a paycheck. We subsequently find compliance professionals in the socially popular fields of speed enforcement, tax auditors and other folks who live within the mythology that the law is reality. While they might be dreadfully simple people, verging perhaps on the side of embracing totalizing ideas that gladly eradicate difference and exterminate those they can’t quite understand, we need these simple individuals when appropriately deployed to ensure that we architects of process haven’t made boneheaded assumptions that could crash the whole damn system.

Yet this presents a problem for us, especially for those of us who either deal with the creative act of governance construction, or work in the abstract “world of the gap” of systemic risk management. Professionally, we often struggle with our compliance peers as they take that which we constructed to be doxological truth (as if God passed the rules off to Moses and we are left to accept it without question). I’ll be the first to admit that many (most?) architects of process are guilty of inattention and distraction. Once something’s built, it’s no longer interesting. We need Ward Churchill’s “little Eichmanns” of compliance to monitor the heat of the engines we made, given the good chance that the whole damn thing will blow up if we didn’t get a little detail right. Or worse, reality changes on us (as it usually does). But who’s going to tell these nasty, anti-intellectual structuralists that the whole system has changed, let alone manage them? This is ugly business, indeed.

I first faced this “puzzle of the compliance structuralists” in 1999, when I was the head of service development for a mid-sized Latin America and Middle Eastern digital telecom startup. My boss, the chief operating officer of the company, would throw assignments at me that consisted of things like defining and constructing a new billing practice or a new network engineering practice out of thin air. Consulting with him on “strategic direction” (sort of a vision thing that you need to connect with to inform your approach), we’d make policies, procedures, standards, and other things that would construct the particular practice. Words became real.

A year after creating a billing practice, I encountered a problem. We’d hired a bunch of people from a former Regional Bell Operating Company (aka a phone monopoly) known then as US West (which became Qwest and, through the powers of other poststructural architects employed by capitalists in the realm of Hardt and Negri’s Capital, transcended to its current state of CenturyTel) and some of the mid-level managers were running in circles, all confused and unable to do their jobs. It turned out that something in the policy and procedure documents I had written the year prior was causing them serious grief, something unanticipated and quite normal as a company moves through supernormal growth and pushes even the best models you could create at the time. I recall joining the meeting in our large conference room and encountering “Joe” and “Marci” who were both exhausted with stress. They explained to me that they had run into a dreadful problem: they were trying to carry out some activity but it simply was impossible due to the fact that the policy prohibited it. They were absolutely stumped.

I responded “Well, it looks like we have to change the policy.” The reaction I got was akin to Moses saying “Well crap, it looks like that particular commandment sucks. Let’s toss it out and write a new one.” There was an implied sovereign diety implicated in each of the codified policies, according to Joe and Marcy. To change the law, or even question it, was an act of heresy. (Note: For those playing the home version of Radical Realism, the application of the potential to the real, this is a reason we study the problematic German philosopher Carl Schmitt in spite of all of his problems. Schmitt’s Political Theology, for instance, gives a remarkable accounting of how theological things we’d otherwise expect to be rational can be, such as governance and compliance processes).

I won’t go into the theories of why Joe and Marcy believed so faithfully in the “truth” of those policies (that’s an aspect of a lot of the theory I’m subsequently working on now), but I do want to share the realization from that conversation as it unfortunately seems to be consistently found across our various systems, practices and governance approaches. When I had the required humility to confess the failure of my best effort in constructing a particular aspect of the policy (specifically, a “policy control” I had engineered to attempt to keep some specific bad things we were worried about at the time from happening, and subsequently prevented a process from evolving through stresses that temporarily pushed that control space), I discovered I had two colleagues who felt as if they had just seen the Wizard behind the screen. They saw the glimpse of the fiction of governance, being told that this Sovereign Law they believed limited their very existence and practice was nothing more than a fiction that had become real. A mere hyperstition I got wrong.

Given the willing admission and confession that I blew it when my boss and I made that policy control, we quickly moved on and made the company better. But curiously, many controls and governance specifications we encounter in society are guarded by lesser creatures: incompetent policemen who know nothing of the originary fiction of the control’s half-assed narration. They’re the bureaucratic frauds who have assumed the mantel of a practice they know nothing respective to its original purpose, subsequently doxologizing the routine they inherited from their predecessors. Accidental movements become ritual: an incidental, accidental action constructed in response to a singular specific becomes a theological doctrine, imposed with the power of Inquisitional Authority by those who have an utter lack of comprehension of the actual purpose of the initial need.

The conclusion I’d suggest is this: every governance artifact, every rule, law, code, bylaw or expectation, is a consequence of someone else’s past. It might have been useful to them in their negotiation of reality in their time, but there is absolutely no certainty that it matters to yours. In fact, it may kill you, or make you seriously sick. In this world, you can’t coast. You can’t defer your responsibility for questioning the reality you’re confronted with and doing your best to build a model that seems to help you survive it. Failing to think, and assuming you live in a static universe where prior experiences predict the future, only ensures you will have an exceptionally painful and quite possibly fatal experience in a universe indifferent to the general laziness and incompetence of universalizing humans.

Think, engage, model and adapt. And never, ever assume the map handed down to you by a prior generation will get you through life’s minefield.

Self-Evidence in Existential Risk: Libretto of the Politic and the Song of Procedure

A recent conjecture I’ve been working through relates to the nature of proximity in amplifying institutional existential risk. Two predominant dynamics appear to have significant responsibility in complicating the institutional ontological perception of risk: Politic and Procedure.

Politic: By nature, corporate programs become political. Politic predominates the corporate landscape, as executives compete for attention, promotion and provide for the acquisition and protection of scarce resources. While presumably amplified within the institution, politic is far from exclusive to the corporate entity. Elements of politics dominate our households, community sports leagues and are even visible in primitive form on a pre-school playground. Detached from its everyday reference, politic encompasses the culture of interface between our collective organizations, between human resources and information technology as well as between kindergarten and first graders on the playground. Politic is the libretto of the border.

Procedure: Defined processes, whether formal or ad hoc, are the song of the inner organization. Certain tonality, orchestration and structure is predictable within the construct of the procedure, akin to the slave songs of the plantation. Right and wrong notes are intuitively recognized as many a new departmental employee is quick to discover. Through the song of procedure, the volatility and uncertainty of the individual is synchronized to the motion of the group, pushing and pulling in close unison. Perception is collectivized through the group’s key signature and meter, creating pleasing melodies and harmonies. Dissonance becomes disruptive and is subsequently sought out and eliminated.

It would appear that both realms enhance a certain self-evidence within an organization. Both format the institutional template, creating a consistency and predictability that enhances the familiar. Management and workers construct and reinforce the Silo, the department’s perimeter which is built of political brick, protecting the inner song of procedure from the cacophony of the outside. Polytonality is most unwelcome.

However, such employment of Politic and Procedure in the realm of of the organization would likely lead to the increase in proximity to the self-evident, complicating and potentially damaging the capacity of the organization to accurately assess and forecast risk. Heidegger writes in The Essence of Truth that this very problem of of nearness impairs our capacity to assess truth:

How is it that the apparently self-evident turns out, upon closer examination, to be understood least? Answer: because it is too close to us and because we proceed in this way with everything close. We take care, for example, that this and that is in order, that we come here with pen and exercise book, and that our propositions, if possible, correspond with what we intend and talk about. We know that truth belongs in a certain way to our daily affairs, and we know quite naturally what this means. It lies so close to us that we have no distance from it, and therefore no possibility of having an overall view of it and comprehending it.

Heidegger’s observation represents a significant challenge to the methodology in which institutions attempt to manage risk. Upon examination of the existential failures of Long-Term Capital Management (LTCM), Amaranth and others, it is highly evident that this proximity to self-evidence destroyed the institution’s capacity to uncover risk. Indeed, in most organizations, the Song of the Auditor is a highly precise composition, in which the musicians are required to adhere specifically to the score, whether the song be a Sarbanes-Oxley, Payment Card Industry or CoBIT Information Technology assessment. While often creating a song of great elegance and harmonious beauty, it is a song of the familiar and self-evident. For LTCM, this libretto and song corresponded to the elegance of gaussian distributions and statistical certainties. Discordant models of leptokurtic possibilities sung by solo analysts were quickly escorted off stage. Indeed, with a board of directors that included quantitative geniuses Myron Scholes and Robert Merton, investors and financial markets were enthralled by a performance akin to the Three Tenors. That was, until the harsh and discordant antiphonal solo of the Third Parasite arrived, uninvited in proper Michel Serres form, destroying LTCM and nearly taking the global financial markets along with it.

Alternatives to the problem of self-evidence through politic and procedure appear to exist, and are likely to be found in polytonal forms. Autonomous risk organizations which seek no comfort in a predictable and consistent libretto and song are clearly more likely to uncover the existential risk. A successful risk program may be more akin to a performance of Charles Ives “Central Park in the Dark“, embracing rather than avoiding polytonality and dissonance, and subsequently recognizing signal and noise without the distortion of self-evident proximity. Additionally, further exploration needs to evaluate the nature of which truth is being assessed as it strongly appears that most formalized risk management practices evaluate “correspondence-to” truth and not “unhiddenness” truth.