Platt Perspective on Business and Technology

Building a business for resilience 17 – open systems, closed systems and selectively porous ones 9

Posted in reexamining the fundamentals, strategy and planning by Timothy Platt on November 5, 2016

This is my seventeenth installment to a series on building flexibility and resiliency into a business in its routine day-to-day decisions and follow-through, so it can more adaptively anticipate and respond to an ongoing low-level but with time, significant flow of change and its cumulative consequences, that every business faces in its normal course of operation (see Business Strategy and Operations – 3 and its Page 4 continuation, postings 542 and loosely following for Parts 1-16.)

I focused in Part 16 of this, on the first of three to-address points of the following list of issues, as they have become significant to this series:

1. Intentionally controlling access to sensitive and confidential information and the overall conversation that includes it in a business, and how that has to be seen as a dynamic process.
2. Information technology options and how they can be used to facilitate that, and certainly where inappropriate information sharing creates risk. (In anticipation of this point, I will discuss rules-based automated access control systems and how they are being developed as artificial intelligence systems.)
3. And human behavior, and the development and enforcement of best business practices and behavior that are needed in order to support the goals of Points 1 and 2.

I turn here in this posting to consider the oft-presumed magic bullet of automated algorithm and artificial intelligence based rules systems, as access control gatekeepers for securing and managing critically sensitive business information, and customer and other information that a business might not own but that it holds and that it can be held responsible for.

There are two approaches that I could take in addressing that complex of issues:

• The first that comes to mind is one that is most commonly cited and pursued when considering these systems: their current and emerging capacity to flexibly set and enforce established rules-based practice, according to risk management rules that a business has formally reached agreement upon. This is where the “magic bullet” of my above descriptor enters this narrative, as both fixed algorithmic and more flexible artificial intelligence based systems become more powerful, flexible and adaptive, and capable.
• The second approach goes back to a point that I pursued in Part 16, and even further back than that, to an adage that I first learned as a teenager when working on a then state of the art mainframe computer: “garbage in, garbage out.”

A key unspoken word in making any type of information access system work is “monitoring.”

• When critical business decisions such as information access control are taken out of direct human oversight and management, that in practice can mean removing carelessness and inconsistency as different managers with different training and different levels of experience, make information access decisions on the basis of differing levels of attentiveness to what can prove to be essential details, and according to differing goals and priorities. Automation can mean carefully planned out consistency in how policy is understood, interpreted and applied.
• But effective use of this type of system is generally predicated on an assumption that it is being followed and to the letter, and that all necessary input information that might be required by it in making next step decisions is being provided to it and in a sufficiently timely manner (i.e. that business systems friction does not enter into its functioning.)
• It is assumed that information access decisions made will always be followed exactly, so further decisions made can be based on a true understanding of who already holds and can access what of the information under consideration here.
• And automated decision making systems still show a lack of flexibility where the unexpected and unplanned for have to be responded to.

No, I am not arguing that automated systems cannot work and I am not arguing that they should not be used, and certainly as general functional frameworks and for routine work flows and their management. And I am not, on the other hand arguing that humans should be taken out of the equation for any of this either. I am arguing that all business systems in place require ongoing monitoring, and that this means monitoring that tracks complete decision cycles and their consequences. This means thinking and monitoring and evaluating from initial decisions made, to process implementation of them, to results achieved, to evaluation of those results, and back to (now next step) decision making. And while this becomes more overtly necessary and more apparently so when exception handling requirements enter this narrative, that can be just as important for more routine work flow too and certainly over time and in complex business systems that have to function in the face of change and uncertainty.

As an exception handling case in point example here, and to help take this discussion out of the abstract, consider a situation where the confidential business intelligence under consideration is normally only accessible to one accounts manager for some large corporate client (where approval for that access might be arrived at by any type of information access system up to here.) But that professional is suddenly out and unavailable and completely unexpectedly due to a personal health crisis. The clock is running, and this large client has to see a crucial-to-them transaction that your company manages, completed by the end of the day – or they will be very upset and you might lose them as a client. Now, someone has to be given access to their relevant information and on the fly so they can take over and complete this task. An effective more-automated system should be able to handle this, because I have intentionally set up a scenario that should, at least in principle be generically anticipatable, and in fact anticipated as to its basic resolution requirements too.

But what should you do when a less anticipatable and even completely unexpected contingency arises, where for example an entire local office is shut down, and you have to quickly farm out everything that it has been doing to other teams at other facilities – including a seemingly open-ended array of tasks that require access to sensitive information? What should you do if key networked systems become suspect due to a perceived security breach? Suddenly, rapid response and recovery become a demanding critical consideration. At least some of the details of what is done and by whom and why and with what specific authorization can and usually will get lost track of, in the type of overall sudden switchovers and recoveries now required, and for who has access to what information as much as for anything else – and particularly when the managers in place for this have always taken basic information access control for granted and have not thought out how to effectively manage this on a more emergency basis, and on the fly for their immediate work contexts.

Here, and to perhaps belabor the obvious – if normal business as usual operations for information access control are usually automated, and no one at this business with management responsibilities specifically has reason to think and plan in terms of it in their own work and for most functional areas of the business, they are not going to suddenly be up to speed on this complex of issues when and if a crisis hits. And more automated algorithmic and artificial intelligence systems in place are not likely to include in their basic code, all of the possible process contingencies that might be tried and followed here.

• Oversight and monitoring are vital, as are planning and they will be as long as people are in fact involved in business systems and in decision making in them.
• And human decision making still offers levels and types of out of the box insight and reasoning potential that more rules-based automated systems cannot match.
• So combinations of automated and human management oversight and decision making are going to be called for and even where real effort is made to automate where that would offer greater value.

And I write this posting on October 5, 2016 – still early in the 21st century, fully aware of the irony as to how dated it might seem and in just a matter of the next few decades of this century. I write this posting with a full awareness of how dated it is all but certain to become. But for now as I write this, its main points still hold. And this brings me to Point 3 of my above list, “and human behavior, and the development and enforcement of best business practices and behavior that is needed in order to support them.” I began addressing the above repeated three discussion points with what might be considered a preview consideration of this third point and its set of issues, in Part 15 of this series, but I will explicitly and more fully turn to consider it in my next series installment.

Meanwhile, you can find this and related postings and series at Business Strategy and Operations – 4, and also at Page 1, Page 2 and Page 3 of that directory.

I also include a link to this posting as an addendum to Section VI of my Reexamining the Fundamentals directory: Some Thoughts Concerning a General Theory of Business. And I add in that context that the points that I raise here, and my acknowledged time limit for their currency and relevance, offer at least a measure of justification for my plan to more fully consider automation and its artificial intelligence expansion into the decision making process in that series too, and into what would have to be addressed in a general theory of business.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: