Fluid IT
This is a perfect case for what I have been ruminating on in the new era of fluid IT.
The technology is well suited to produce governance systems of astounding efficiency - let us just hope and pray that those who are at the helms of these systems are beings of pure intention.
However, at this point, the narrative is about winning, as if it is a competition, and the winner takes the prize - which, at the juncture, seems to be essentially money, with all else taking second place. But if this becomes the only driving force in social contexts as well, then eventually it will become a means of subjugation and not of freedom and sovereignty.
Here, in a cutting-edge book on DevOps in the modern enterprise, the opening quote is about the mitigation of risk - as if that is the core driver behind the need for governance. While that might be in the DevOps space - and that is debatable, especially if the risk is essentially financial and not whether the original product goals were achieved or not. (I believe it is called "pivoting").
However, in developing social governance systems, it is certain that risk cannot be the main driving factor. It has to be something else. For the risk and costs of not succeeding in improving our governance systems might be far more than investing in them.
The big question what is that (or those) foundational factors upon which such systems should be fashioned?
Governance, risk, and compliance. (external)
Most organisations typically apply governance, risk, and compliance (GRC) in an uncoordinated and nonaligned fashion. In Measuring and Managing Information Risk, A FAIR Approach,
Jack Freund and Jack Jones describe a more specific overview of GRC as follows:
Governance
Ultimately, leadership is expected to cost-effectively govern the organization’s risk landscape.
Accomplishing this requires setting and communicating expectations, overseeing and facilitating the achievement and maintenance of those expectations, and managing conditions that don’t align with their expectations.
GRC solutions are supposed to assist with this by providing a way to report where these expectations are and are not being met, within a meaningful business context.
Risk
This objective is all about making better-informed risk decisions, which boils down to three things:
- identifying ‘risks’,
- effectively rating and prioritising ‘risks,’ and
- making decisions about how to mitigate ‘risks’ that are significant enough to warrant mitigation.”
Compliance
On the surface, compliance is simply a matter of identifying the relevant expectations (e.g., requirements defined by Basel, Payment Card Industry (PCI), SOX, etc.), documenting and reporting on how the organisation is (or is not) complying with those expectations, and tracking and reporting on activities to close any gaps.”
Risk
Well here is a shot at fashioning these risk related statements in a more human orientated fashion:
“Ultimately, leadership is expected to cost-effectively govern the organisation’s risk landscape..."
This is the first statement regarding "governance". It sets the basic framework within which the game is required to be played. What if we looked at this crystal from a different perspective? Firstly, why is the game a leadership game? If the "leadership" gains by cost effective governance, that would be its focus - of course. Just as it is with our social/political systems too. Even our political system is riddled with risk analysis - only the risk this time is losing your seat, or political standing.
What if risk was measured in terms of output vs input weighed by cost (as, for instance, disturbance, or damage, or dislocation). Output is measured by what the goal(s) is(are). Input is measured in what it will take (energy wise) to implement the system, and how large is the error estimate.
For each system will fall due to its error in manifesting the reality that is. Any human system can only be an approximation of the perfect system. There will always be a margin of error in any representation of reality, and thus risk. The real test of any system is how well it responds to its own errors (and those of the people)—the human side of life.
Propagation of Error
In any system there will be an inherent "error" — and that will propagate through time. The sooner that the error is recognised and the system reorientated, the easier will be the readjustment. However, those in power, those in control of the system, are always fearful of losing it — because it is not true power, gained by deed and principle, but often stolen or granted, not "earned". Thus it is propped up and protected by military power. For true power is Divine power and only the representatives of this power have true power.
In these dense systems, it is very difficult to adjust/change to heal that error and its consequences. It takes a superior man, or someone who is in such pain that they have no choice but to reassess and change direction. However, if there are economic or other narcissistic rewards to propogating the error, it becomes quite toxic. Once embedded in the system, it will require an upgrade and reboot of the system, else it will result in a system crash.
I have to mention that this is similar to an entity taking possesion of someone. There has to be an error in the person that the entity exploits as a means of entering the person. Once embedded, they affect the person's behaviour, and unless removed, will result in an eventual system crash.
Are you certain of your information? A small error at the source will propagate to become a huge error at scale. It will, in time, become embedded in the narrative impacting anything that emerges from it. Eventually, it will become such an integral part of the system, that the host will not be able to survive without it — similar to an addiction. At that stage it has become self-sustaining, sharing the hosts energy, and is able to reproduce and grow from all the energy that is sustaining it.