Policy: Difference between revisions

From The Jolly Contrarian
Jump to navigation Jump to search
No edit summary
No edit summary
 
(22 intermediate revisions by the same user not shown)
Line 1: Line 1:
:''“Many policies are organizational scar tissue — codified overreactions to situations that are unlikely to happen again”''. <br>
{{a|devil|}}{{quote|Many policies are organizational scar tissue — codified overreactions to situations that are unlikely to happen again.
::- {{author|Jason Fried}}
:{{author|Jason Fried}}}}
{{quote|
A typical reaction to failure is prefectural overspecification—patching observed holes in an operation with increasingly detailed or tightly targeted rules, that respond specifically to just the latest incident.
:—{{author|Sidney Dekker}}, {{br|The Field Guide to Human Error Investigations}}}}
{{drop|P|olicy is the}} sheep they’ll hang you for. It is the dominant ideology of modern management theory. Policy, and process, is seen as practically inviolate, or immovable.


Policy is organizational scar tissue<ref>{{br|Rework}}</ref>. It's the sheep they’ll hang you for.  
Management orthodoxy is predicated on policy and process being the fundamental layer of organisational competence. So, for example, a [[root cause analysis]] using the 5 why's method is intended to reveal as the root cause the policy which had not been complied with.
 
Policy is the mountain; the workers are Mohammed. So calling out substandard performance in the workforce is orthodox business management practice. But calling out substandard process or, heaven forfend, [[policy]] — to allege [[executive failure]], that is — is a kind of sedition. Yet history tells us catastrophic failures are far more likely a result of [[executive failure|executive]] than [[operational failure]].<ref>Let me cite some examples from {{author|Charles Perrow}}’s magnificent monograph {{br|Normal Accidents}}: [https://en.wikipedia.org/wiki/Mount_Erebus_disaster Air New Zealand’s Erebus disaster] in 1978. [[Enron]]. The Three Mile Island. Chernobyl. The S&L scandal. Theranos. Madoff. List continued on page 94.</ref>
====Policy and subversion====
{{drop|B|ut policy is}} a [[proxy]]. It is a [[second-order derivative]] of the intractably complex life of a modern organisation. “Compliance with policy” is a quantifiable thing that [[internal audit]] can glom onto; can ''monitor''. It requires no qualitative assessment, no [[subject matter expert]]ise and no judgement. It is a simple enquiry with a binary answer.
 
{{quote|
“It says here you must do this. Did you?” }}
 
“No, but does it matter?” is no defence.
 
''Ignoring'' policy is for [[substance]] to challenge ''form''. It threatens an organisation’s integrity. It subverts its governance. To break its rules. It invites censure by [[internal audit]]. A thoughtful employee faced with a situation to which a policy applies will not be prepared to override it.
 
“[[no-one got fired for hiring IBM|No-one got fired for complying with policy]]”: that’s a truism. “No-one died because someone complied with policy” — ''not'' such a truism.
 
====We don’t rigorously follow policy====
{{work to rule capsule}}
====Why we don’t disclose policy to customers====
{{policy no disclosure capsule}}
 
====Policy and the production line====
All this assumes that the commercial landscape your policy is meant to cover is a fully-scoped production line where all inputs, all outputs and all contingencies are mapped. No frontiers, no [[known unknowns]] are in sight.
 
Here, a policy is prudent, but — in these [[Artificial intelligence|artificially intelligent]] times — policy compliance, too, ought to be coded and automated. There is little for [[internal audit]] to see: these processes, by nature, present trivial risks and add limited value.
 
And therein lies the rub: any fully-scoped process, where we know every possible input, output, and contingency, is ''necessarily'' one of limited risk and limited value. Easy wins for [[internal audit]], but nothing much at stake.
 
====Policy and the wild frontier====
{{drop|W|here are the}} big risks? With the big rewards, at the wild frontier. Over the horizon, where “[[here be dragons]]”. Where there are [[known unknowns]] and [[unknown unknowns|''unknown'' unknowns]]. Where, by definition, we are beyond the comforting porch-light of a fully worked-out production line.  Where there is maximum opportunity to add value: in a commercial context, to make, or lose, money. In a social one, to improve, or ruin, lives.
 
Hypothesis: where t[[here be dragons]], a policy is your worst enemy.
 
We are all familiar with the ghastly tale of Grenfell Tower and its infamous “stay put policy”.
 
The British Standard Code of Practice of 1962 introduced the first national standard requiring tall residential blocks to provide one hour’s fire resistance so firefighters could fight flames inside the building. Each flat would act as an individual “compartment” containing any fire for at least an hour. This would enable firefighters to put out one fire in one flat rather than face a whole building ablaze. To work, the building must be able to withstand the spread of flames beyond compartments, and there must be clear access so affected residents can escape and firefighters can get in quickly. Part of ensuring that clear access involved discouraging ''un''affected residents to evacuate, exposing them to risk of smoke, clogging up the firefighters’ access or impeding affected residents’ exit. Opening doors of other flats was expected to undermine the “compartmentalisation”. In 57,000 high-rise fires between 2010 and 2017 only 216 (0.4%) required more than five residents to evacuate. It was a policy that worked in tens of thousands of fires over sixty years with minimal casualties. The Grenfell report describes the policy — unsurprisingly — as an “article of faith” within the London Fire Brigade “so powerful that to depart from it was to all intents and purposes unthinkable”.
 
Put yourself in the position of the fire service personnel on the ground at Grenfell as the situation was unfolding. There is total confusion. You do not know anything for sure. The fire is not behaving as it should do. There are conflicting reports. Information and communication lines are scrambled. The one thing you do know is that there is a stay-put policy is in place, it generally works — it is an article of faith, after all — ''and you ignore it at your own peril''. When you are in a crisis situation with all kinds of unknowns unfolding around you, what you do not do is question the things you ''do'' know.  Not only could they not know what would happen if they complied with the advice; they could not know what would happen if they had ''not'' complied with that advice.
 
The point here is not to defend the fire service, but identify what is happening. The fire service is facing a new, unexpected situation. They are unexpectedly at a frontier, whereas they are expected to be on a production line. They are armed with a policy designed for the production line.


{{draft}}
{{draft}}
{{Seealso}}
{{sa}}
*[[doctrine of precedent]]
{{gb|{{br|The Unaccountability Machine}}
*[[elephants and turtles]]
<li>[[Beware of shorthand]]
<li>[[doctrine of precedent]]
<li>[[elephants and turtles]]
<li>{{br|The Black Swan: The Impact of the Highly Improbable}}
<li>{{br|Rework}} - {{Author|Jason Fried}}}}
{{ref}}

Latest revision as of 10:58, 5 November 2024

In which the curmudgeonly old sod puts the world to rights.
Index — Click ᐅ to expand:
Tell me more
Sign up for our newsletter — or just get in touch: for ½ a weekly 🍺 you get to consult JC. Ask about it here.

Many policies are organizational scar tissue — codified overreactions to situations that are unlikely to happen again.

Jason Fried

A typical reaction to failure is prefectural overspecification—patching observed holes in an operation with increasingly detailed or tightly targeted rules, that respond specifically to just the latest incident.

Sidney Dekker, The Field Guide to Human Error Investigations

Policy is the sheep they’ll hang you for. It is the dominant ideology of modern management theory. Policy, and process, is seen as practically inviolate, or immovable.

Management orthodoxy is predicated on policy and process being the fundamental layer of organisational competence. So, for example, a root cause analysis using the 5 why's method is intended to reveal as the root cause the policy which had not been complied with.

Policy is the mountain; the workers are Mohammed. So calling out substandard performance in the workforce is orthodox business management practice. But calling out substandard process or, heaven forfend, policy — to allege executive failure, that is — is a kind of sedition. Yet history tells us catastrophic failures are far more likely a result of executive than operational failure.[1]

Policy and subversion

But policy is a proxy. It is a second-order derivative of the intractably complex life of a modern organisation. “Compliance with policy” is a quantifiable thing that internal audit can glom onto; can monitor. It requires no qualitative assessment, no subject matter expertise and no judgement. It is a simple enquiry with a binary answer.

“It says here you must do this. Did you?”

“No, but does it matter?” is no defence.

Ignoring policy is for substance to challenge form. It threatens an organisation’s integrity. It subverts its governance. To break its rules. It invites censure by internal audit. A thoughtful employee faced with a situation to which a policy applies will not be prepared to override it.

No-one got fired for complying with policy”: that’s a truism. “No-one died because someone complied with policy” — not such a truism.

We don’t rigorously follow policy

There is an often-stated but still wildly optimistic idea that all policies are complied with. Not only are they not, but they are disregarded explicitly. All concerned understand that optimal — even basically acceptable performance requires turning a blind eye to the rules. There is no better example than the work-to-rule: a form of industrial action adopted by those who are, by regulation, not permitted to go out on strike. The work-to-rule involves, literally, insisting rigorously on complying with every aspect of every prescribed policy as a means of frustrating the commercial objectives of the organisation.

What does it mean? It means that if people don’t want to or cannot go on strike they say to one another: “let’s follow all the rules for a change!” Systems come to a grinding halt. Gridlock is the result. Follow the letter of the law, and the work will not get done. It is as good as, or better than, going on strike.

Sidney Dekker, The Field Guide to Human Error Investigations

The vibe is: “Oh, I see, Mr. Employer, is that it? Are we being dicks about out employment relationship? Well, two can play at that game.”

Why we don’t disclose policy to customers

Being a high-modernist preference for form over substance, policy carries some “transubstantiation” risk. If we take it that a policy is a heuristic designed to simplify and financialise the infinitely variable ways of doing business for the betterment of the organisation who creates it, it follows that the organisation should maintain abolute control over the change or cancellation of the policy. Sometimes we make mistakes or times change.

The last thing an organisation wants, therefore, is to be beholden to outsiders for the rules of its internal governance. It is one thing to tell staff this is how we expect you do to things: to tell customers is to convert an internal heuristic designed to keep your organisation straight into a contractual straight jacket that it must follow on pain of litigation if it does not.

The risk — somewhat chicken-lickeny but yet compelling — is that by doing so you inadvertently represent that the policy is meant to benefit the customer and find that adhering to it is now a contractual obligation, whereas it was only ever meant as an internal governance mechanism. It was not meant to be a rod for the organisation’s own back, that is to say.

Therefore, you will often see it declared by legal eagles that internal policy must not be disclosed to customers or external parties except where required by regulation.

An example from the annals of employment law:

The law requires employers to be substantively and procedurally justified when disciplining employees. They must follow a fair process when deciding to discipline an employee. Employers who do not give an employee a fair chance to explain herself, improve or provide mitigating factors may be liable for unfair dismissal even if, on the substance, its decision was justified.

Many HR departments therefore formulate a generic internal policy setting out recommended steps when conducting a disciplinary procedure. Of course, every situation is different: If it is to cover all kinds of incidents, a standardised process will, in many cases, be over-engineered. Plainly one could conduct a fair process without religiously following every step.

Now, if that policy is incorporated into the staff handbook or employment contracts it then becomes a contractual term which must be followed and any failure to follow it to the letter will be a formal breach of process. It would be prudent, therefore, not to incorporate such a policy into terms of employment, or even disclose it to all staff, where regulations do not require it.

Where a policy is of interest to a customer or a third party, you might create a public summary document outlining the terms of the policy, but noting that it is a non-binding summary, may be changed or removed without notice and is not intended to create any contractual obligations between the firm and any third party.

For example, FCA regulations require firms to disclose details of their best execution and order handling policies, but not the policies themselves.

Policy and the production line

All this assumes that the commercial landscape your policy is meant to cover is a fully-scoped production line where all inputs, all outputs and all contingencies are mapped. No frontiers, no known unknowns are in sight.

Here, a policy is prudent, but — in these artificially intelligent times — policy compliance, too, ought to be coded and automated. There is little for internal audit to see: these processes, by nature, present trivial risks and add limited value.

And therein lies the rub: any fully-scoped process, where we know every possible input, output, and contingency, is necessarily one of limited risk and limited value. Easy wins for internal audit, but nothing much at stake.

Policy and the wild frontier

Where are the big risks? With the big rewards, at the wild frontier. Over the horizon, where “here be dragons”. Where there are known unknowns and unknown unknowns. Where, by definition, we are beyond the comforting porch-light of a fully worked-out production line. Where there is maximum opportunity to add value: in a commercial context, to make, or lose, money. In a social one, to improve, or ruin, lives.

Hypothesis: where there be dragons, a policy is your worst enemy.

We are all familiar with the ghastly tale of Grenfell Tower and its infamous “stay put policy”.

The British Standard Code of Practice of 1962 introduced the first national standard requiring tall residential blocks to provide one hour’s fire resistance so firefighters could fight flames inside the building. Each flat would act as an individual “compartment” containing any fire for at least an hour. This would enable firefighters to put out one fire in one flat rather than face a whole building ablaze. To work, the building must be able to withstand the spread of flames beyond compartments, and there must be clear access so affected residents can escape and firefighters can get in quickly. Part of ensuring that clear access involved discouraging unaffected residents to evacuate, exposing them to risk of smoke, clogging up the firefighters’ access or impeding affected residents’ exit. Opening doors of other flats was expected to undermine the “compartmentalisation”. In 57,000 high-rise fires between 2010 and 2017 only 216 (0.4%) required more than five residents to evacuate. It was a policy that worked in tens of thousands of fires over sixty years with minimal casualties. The Grenfell report describes the policy — unsurprisingly — as an “article of faith” within the London Fire Brigade “so powerful that to depart from it was to all intents and purposes unthinkable”.

Put yourself in the position of the fire service personnel on the ground at Grenfell as the situation was unfolding. There is total confusion. You do not know anything for sure. The fire is not behaving as it should do. There are conflicting reports. Information and communication lines are scrambled. The one thing you do know is that there is a stay-put policy is in place, it generally works — it is an article of faith, after all — and you ignore it at your own peril. When you are in a crisis situation with all kinds of unknowns unfolding around you, what you do not do is question the things you do know. Not only could they not know what would happen if they complied with the advice; they could not know what would happen if they had not complied with that advice.

The point here is not to defend the fire service, but identify what is happening. The fire service is facing a new, unexpected situation. They are unexpectedly at a frontier, whereas they are expected to be on a production line. They are armed with a policy designed for the production line.

See also

References

  1. Let me cite some examples from Charles Perrow’s magnificent monograph Normal Accidents: Air New Zealand’s Erebus disaster in 1978. Enron. The Three Mile Island. Chernobyl. The S&L scandal. Theranos. Madoff. List continued on page 94.