Platt Perspective on Business and Technology

Finding virtue in simplicity when complexity becomes problematical, and vice versa 14

Posted in social networking and business by Timothy Platt on December 13, 2018

This is my 14th installment to a series on simplicity and complexity in business communications, and on carrying out and evaluating the results of business processes, tasks and projects (see Social Networking and Business 2), postings 257 and loosely following for Parts 1-13.)

I began actively discussing a brief to-address list of topics points in Part 12 that I repeat here for smoother continuity of narrative as I continue addressing its issues. And I have at least preliminarily discussed the first two of those points in that posting and Part 13, leading up to here:

1. Bringing a business’ own house into order through improved communications and information sharing.
2. Explicitly bringing business-to-business collaborations into this narrative.
3. And then I will delve into at least some of the issues of larger contexts that businesses in general have to be able to function in: regulatory law and its implementation included.

My primary goal for this posting is to at least begin to actively discuss the issues raised by Point 3. But doing so will call for a continuation of my discussions of Points 1 and 2 here as well, just as I continued raising Point 1’s issues when considering Point 2. I will begin addressing all of this by repeating an anticipatory note that I offered at the end of Part 13 of this series, that serves to introduce if not fully clarify what I will delve into here:

• I have just made some significant, essentially axiomatic assumptions in this posting that bear further consideration. The basic, conservative risk management approach that I have offered here can prove sound in day to day practice. But it is not necessarily a best approach and it is certainly not the only one that businesses can pursue when working together, that would still meet their respective due diligence needs.
• I will at least briefly outline an alternative understanding of what I have just addressed in Part 13 and will suggest a process and an operational mechanism that would enable and enact it according to mutually agreed to due diligence understandings. This means that I will at least briefly consider some alternatives for at least one of the basic business model assumptions that can and should be (re)considered for this type of business-to-business context, and why.

Regulatory and related oversight focus in large part on how businesses interact with each other and both supportively and antagonistically (e.g. in price fixing and anti-monopoly contexts), as well as addressing more internal matters for businesses under review (e.g. when reviewing compliance with legally mandated accounting standards and certainly for publically traded businesses.) Point 1 of the above list focused on communications and information sharing as a matter of at least potential risk management concern, doing so from a single organization, within-the-business perspective. Point 2 adds in business-to-business interactions, and the information sharing that can and at times must take place between them, and certainly for businesses that enter into supply chain or related collaborations where that means carrying out joint business processes and transaction flows. These three perspectives: those of Points 1, 2 and 3, intersect and in fact help to shape each other in many ways, and certainly when sensitive or confidential information as held by at least one of the businesses involved, might in some way cross the boundaries between them and either by design and intent or as unintended spillover.

This brings me directly to the issues raised in my above-repeated anticipatory note and the question of precisely what assumptions I made in Part 13. The approach to information management offered in that posting presumes as a given, what is essentially a single strictly standardized, highly compartmentalized communications approach to managing any potentially sensitive, risk-potential creating situation that might arise involving specific data or processed knowledge that are held, and both within the single organization and when working with partner businesses. While I did at least briefly raise the possibility of exceptions and exception handling in this, and certainly on a case by case basis, I have not in any way offered anything systematic in the identification, evaluation of, or handling of such exceptions: here in this series and up to now.

I make note of that orienting perspective for what I have been writing here, in contrast to an approach that I have offered repeatedly in this blog for better supporting a more innovative workplace, and I add for when identifying, characterizing and responding more effectively and quickly to the disruptively unexpected too. Both of those exception sources call for proactive planning and preparation and both for keeping businesses involved as effectively in control of what they face and do as possible, and for supporting faster, more agile reactive responses where they would be needed.

• If a business treats its potential for innovation here as a loosely defined arena for exception handling in its information management and communications systems, with any exception handling entered into, addressed on a strictly ad hoc basis,
• It is essentially certain that it is going to be reactive, and delayed-reactive at that when faced with emerging innovative opportunity. And that will create delays and disconnects for that organization that can only serve to limit if not foreclose what could be real benefits and real sources of value for it and from avoidable delays and an increased chance of what should be avoidable missteps if nothing else.
• And the same challenges apply at least categorically and the same can be expected as consequences of them, when addressing emerging competitive pressures and certainly when that source of potential risk remains largely undefined and unplanned for and when responses there would be more ad hoc as a result, too.
• I have couched this up to here in large part in terms of the individual business, and as such in Point 1 terms, to clarify the orienting framework offered so far in this posting. But the same also applies in larger collaborative contexts too, where both businesses in a simplest case two business supply chain system have to be effectively organized for managing sensitive and confidential information, individually, and where mechanisms have to be in place for coordinating such information sharing as required between them too. (The same set of basic principles as just expressed here in simplest-case terms, applies in larger and more structurally complex business-to-business collaboration networks too.)
• Returning to the simplest two business example of above, the information management approach that I espouse here is easiest to set up and maintain when both businesses hold to single standardized information management systems, and both for what types of information would require special management and handling and for who would have access to what of that, and under what conditions. Then this becomes an at least relatively simple matter of rules of access, and participation list coordination, where the people who manage risk management in both businesses know what is being shared, who can be involved in this activity and the details of how this is carried out – and with all of the key details of that formally spelled out and mutually agreed to. (I will explicitly discuss this bullet point and its issues as I more fully address Point 3 and its issues, as a source of unifying standards and operational systems in place, for managing sensitive and confidential information, and one that can be followed by businesses and even by entire business sectors as an agreed to norm.)
• The challenge is in standardizing at least a capacity for better identifying and managing realistic exceptions to any such routine standardized rules-based systems, so exception handling does not run the risk of violating the risk management driven due diligence processes for all businesses so involved – and with increased risk of violating mandated regulatory rules in place too.

And this brings me very specifically to Point 3 as offered above, and outside regulatory systems and their rules based approaches to how sensitive information such as personally identifiable customer information would be identified as such, organized, accessed and by whom, stored and deleted, and used. I begin analyzing and discussing that with the obvious: outside regulatory law serves to limit and shape information management and its risk management and related due diligence oversight within individual businesses, and in any larger business-to-business collaborations that they enter into and certainly where sensitive information might be shared between them within supply chain or similar organized systems. But regulatory law is not simple and clear-cut. It is generally both complex and convoluted and in ways that can very legitimately lead to at least the appearance of possible conflicting interpretations of what is required, and even in what can best be seen as their key provisions. More than that, any given “regulatory law” essentially always consists of two categorically distinct components: the law itself as formally drafted and passed into law through a ratification process, and an implementation framework as is generally developed at a government agency level, by subject matter expert bureaucrats. Think of the law itself as offering a detailed outline of intent and think of the implementation rules that are developed from it as outlining the How details of that law as required to actually implement and enforce it. And on top of that, and certainly were a combination of mandating law and implementing rules-based interpretations of it might raise issues of ambiguity, or where a regulatory law might arguably conflict with other law in place, this is all subject to review and to interpretation and reinterpretation by the courts. And court rulings can and do force a re-understanding of those laws and their implementation rules, and what should be done and how.

To add one more point of complication to this, consider the implications of global supply chain and market reach, where a same business might operate in two or more nations, each with their own information management and security regulatory laws in place, and their own rules for implementing them and their own courts that might interpret them and even judge their overall legality. And with all of this in place, I turn from the more easily considered and implemented, single standardized approach to add in the greater complexities inherent to exceptions handling and its consideration. I will simply add here that the more constraining complexities are added in, the greater the pressure what all involved businesses will face for enacting and following pre-planned standardized operational processes here.

I am going to continue this discussion in a next series installment where I will at least selectively delve into some of the details of the issues raised in the two immediately preceding paragraphs. And my focus on that will be on simplifying the systems in place in the businesses involved in all of this, as a due diligence necessity. In the course of addressing Point 3 of the above list from that perspective, I will of necessity return to Points 1 and 2 again, as well. Meanwhile, you can find this and related material at Social Networking and Business and its Page 2 continuation. And also see my series: Communicating More Effectively as a Job and Career Skill Set, for its more generally applicable discussion of focused message best practices per se. I initially offered that with a specific case in point jobs and careers focus, but the approaches raised and discussed there are more generally applicable. You can find that series at Guide to Effective Job Search and Career Development – 3, as its postings 342-358.

One Response

Subscribe to comments with RSS.

  1. Alan Singer said, on December 13, 2018 at 7:15 am

    In Japan Shibui refers to an aesthetic of simple, subtle, and unobtrusive beauty. Shibui objects appear to be simple overall but they include subtle details, such as textures, that balance simplicity with complexity.

Leave a Reply to Alan Singer Cancel reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: