Platt Perspective on Business and Technology

Finding virtue in simplicity when complexity becomes problematical, and vice versa 16

Posted in social networking and business by Timothy Platt on April 21, 2019

This is my 16th installment to a series on simplicity and complexity in business communications, and on carrying out and evaluating the results of business processes, tasks and projects (see Social Networking and Business 2), postings 257 and loosely following for Parts 1-15.)

I have been discussing regulatory law, and the implementation rules and guidelines that would be developed from it in order to convert its more general principles into detailed day-to-day enforcement-level practice, in Part 14 and Part 15 of this. And I wrote Part 15 with a goal of at least preliminarily presenting and outlining a side to that story that can become a source of decision making and follow-through conflict for businesses and for collaborative partnerships of them (e.g. supply chains, etc) that have to effectively meet those regulatory requirements while still remaining as competitively effective as possible, and as flexibly and adaptively so as they seek to navigate change and its uncertainties.

• On the one hand, most any business, and certainly any that functions in a highly competitive environment, would seek to pursue business processes that are as lean and effective as possible so they can make the most effective use of the resources that they have available. And as a key part of this, they would seek to develop and use simple and direct communications channels and communications protocols, and with opportunity in place for people who need to directly communicate with each other to do so; they would in fact seek such direct and automatic communications between stakeholders on any given issue that a term such as “communications protocols” would never even cross their minds, leaving the de facto communications rules and processes in place for them and actually followed more ad hoc in nature than explicitly thought through and planned – at least unless and until problems arise from their following that approach.
• But on the other hand, those same businesses would see a correspondingly significant level of need to develop and pursue in-house communications and information sharing practices, and certainly where sensitive or confidential information might be involved, that would in-house implement all of the restrictions and all of the allowances for action that are codified in the regulatory laws in place and in their implementation rules.
• Think of this as an intentional attempt to balance agility and freedom of action against outside regulatory constraints on that, and think of this as an outside-imposed and an outside parametrically defined risk management balancing act on the part of these businesses too.

This simplistically stated dichotomy and comment point only takes on value, or even just the possibility of raising a measure of interest in a reader, when you consider at least something of the details that would go into shaping it and fleshing it out on a practical day-to-day level. And it is my primary goal for this posting to offer an at least opening step outline of some of those details, at least generically stated as would be applicable across a range of business model types.

I begin that discussion by drawing a distinction between accurately, consistently meeting the business process guidelines and regulatory rules in place, and effectively, clearly, consistently documenting that this is being done so as to meet the requirements of any likely compliance audit. And to take that out of the abstract, I propose two specific instances of how a business might, and in most cases would seek to meet this challenge: one on the implementation side and one arguably drawn from the documentation side:

• Setting up a regulatory law compliant office for managing and documenting information security access and use that is organized and operated in accordance with any and all pertinent law in place, and with court rulings if any that might have added new layers of enforceable interpretation onto that framework.
• And a largely automated rules-based system that would both serve as an access recording system for tracking the flow of sensitive information, and as a gatekeeper for matching access authorization with the security requirements status of specific data types requested access too.

The first point that I would make here would be to note that both of these points might arguably fit, and entirely so into the legally mandated implementation side of the bipartite distinction that I have just proposed here. But I offer the rules-based tracking and monitoring second bullet point example here, as an example of how a business can self-protectively address outside regulatory requirements by meeting and even exceeding the documentation component of their more operational-level rules, as a risk management and a potential liability minimizing exercise.

That said, this type of compliance plus risk management cushion effort can be expected to add in intermediating gatekeeper layers to any communications flows that are allowed, while challenging any possible novel sharing or use of information that might be restricted in this type of system. And it would be expected to add in delays too.

How and where can a business more effectively balance the trade-offs of the dichotomy of conflicting needs and pressures that I offered above, where a business would simultaneously seek to keep everything simple and direct, while at the same time protectively adding in complications to that too? Ultimately, any real answer to that is going to have to be built into, or added into the basic business model in place and certainly insofar as it seeks to translate a business’ mission and vision into action.

This series as a whole is all about finding and achieving a balance between simplicity and the direct, and complexity and the more intentionally managed and indirect, and both from an overall competitive excellence perspective in the face of change and its challenges, and from a risk management perspective where both internally sourced and externally imposed factors can intervene there. I am going to continue this discussion in a next series installment where I will step back to reconsider the issues that I have been raising here, from a broader more overall strategic perspective, where I have been primarily focusing on a more operational level of consideration for this, up to here. Meanwhile, you can find this and related material at Social Networking and Business and its Page 2 continuation. And also see my series: Communicating More Effectively as a Job and Career Skill Set, for its more generally applicable discussion of focused message best practices per se. I initially offered that with a specific case in point jobs and careers focus, but the approaches raised and discussed there are more generally applicable. You can find that series at Guide to Effective Job Search and Career Development – 3, as its postings 342-358.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: