Everyone wants to believe that upper management Always Knows What Must Be Done. Unfortunately, Business Reporter’s resident U.S. blogger Keil Hubert reminds us that companies are made up entirely of ordinary people, and most people can’t see far enough into the future to get out of their own way.
People want to believe that our lives are governed by something other than just random chance. We yearn for proof that a cadre of wise and omniscient leaders are somehow controlling events to ensure that they unfold as they’re meant to, according to a just and benevolent plan. This isn’t just a religious concept – it’s a core motivator in secular life as well. Normal, everyday people want to believe that the mega-corporations where they work operate like a cross between a Swiss timepiece and a benevolent order of monks: tireless, compassionate and irrefutably rational. People want to believe that the bizarre and seemingly random things that plague them at work actually happen for specific and justifiable reasons. Why? Because the idea that a massive international organization is actually be managed by a bunch of half-asleep frat boys is, well, terrifying.
This notion – that the world doesn’t work the way we all expect it to – was one of the themes that science fiction great Philip K. Dick liked to explore in his stories. He looked at the world and speculated on just how terrifying it might be if an ordinary person learned that everything that he thought he knew about reality was very, very wrong. PKD’s work can be a little hard to grapple with, but it’s all worth reading. His stories inspired blockbusters like Blade Runner, two versions of Total Recall, and Minority Report, as well as lesser-known films like Screamers, Imposter, Paycheck and The Adjustment Bureau.
That last film is of particular interest because of its premise: imagine that all of reality is secretly controlled by a near-omniscient and prescient bureaucracy that struggles to engineer geopolitical events so that they unfold according to a complicated and largely benevolent plan. The organisation’s field agents use distractions and interruptions – from a barking dog to a beverage spill – to ‘nudge’ key people from coming into contact with one another in order to pre-empt what they perceive as unacceptable decision-tree branching. It’s a beautiful premise, one rich with possibility. Imagine a world where someone had effective foreknowledge and the ability to interject him- or herself into everyday live with just enough influence to avert horrible mistakes before they start.
The reality we actually live in has no such omniscient bureaucracy.  If it wasn’t already obvious, please be aware that there is no central agency responsible for making everything work out correctly. Just lots and lots of public and private agencies who clumsily try to apply well-meaning (if wholly inadequate) doctrines to people’s over-complicated lives. We have massive agencies (like the NHS) and massive companies (like IBM) which are made up of generally well-meaning people. Most of these are folks who want to do the right thing, but have almost no ability to accurately predict the future. Even when they do guess right, they usually have very limited ability to control the present, since their governing regulations were written to solve problems that no longer exist with solutions that would only have worked for circumstances that no longer apply.
As an example: a while back, I was tasked to coordinate the activation of a new tech support centre in Eastern Europe. I wasn’t given any actual authority over the team – the owning executive kept all of the decision-making power strictly to himself. I joined the initiative months after it had been launched, and learned (much to my horror) that no one was coordinating the operation. Instead, a dozen different business groups had negotiated a general consensus on how to proceed without any formal documentation or consistent vision. I spent my first few weeks on the job struggling to learn what had already been accomplished so that I could assemble a rudimentary project plan.
Our mandate was to duplicate – down to the last detail – the working conditions we had in our US support centres, I called all over the company looking for someone who might have the authority to purchase the end user equipment that we’d need for the brand-new buildings that we had under construction. After several false starts, my VP  idly mentioned that a team from the company’s UK office had already taken care of all the procurement work. I dutifully called the listed head of said UK team and learned (see previous, re: horror) that none of the actual purchasing had been done. Instead, the UK team had been waiting for a guarantee of funding from my VP before they started any tasks. Since no one had been in charge of the project, there had been no one following up to ensure that key activities were getting accomplished.
It took two weeks to get a working funds authorization code so that the US office would reimburse the UK office. Another week slipped by before I learned that the UK office didn’t – despite what the VP had told me – actually have a list of specific equipment to order. They were waiting for a list of required equipment, and hadn’t bothered letting anyone know that they were idling. Frustrated as hell, I asked the procurement team if they had a standard build-out for our division’s engineers, since we had several based in different EU nations. The procurement director admitted that they did have a standard load-out, so I asked him to re-create that exact setup for 100 new seats.
Too many weeks later, we learned that most of our new gear wouldn’t arrive for months, as it was being held up in customs… because for reasons I could never understand, it was all bought from the US. We coordinated with the new centre’s facility managers to borrow some PCs and desk phones that were being held in reserve for a different project. That got us part-way towards equipping the first batch of new hires. As various bits of newly-purchased kit arrived, the site leader was supposed to integrate the new gear as best he could.
A month after the first new hires started, I received a frantic call from the new site manager claiming that they’d been severely dressed down by a passing ‘security inspector’ for ‘employing forbidden equipment’. It took me a week to track down the smarmy little git who’d done a drive-by on our centre in order to work out what he was on about. It turned out that he’d assessed the agents’ wireless telephone headsets to be a ‘grave security threat’… because of his loose interpretation of a five year-old security regulation that ostensibly governed our company’s ‘overseas’  facilities.
I called the inspector and got an earful from him about how we were all terrible people for having endangered the company’s cyber security posture. How? By introducing dangerous and forbidden equipment into a ‘secure’ processing environment. I couldn’t get a word in edgewise with the fellow, so I escalated the matter up to his supervisor… and still couldn’t have a coherent conversation. I eventually got to the department head… and couldn’t have anything close to a rational discussion.
At its heart, the obsolete facilities control reg that the inspector was waving about had strictly forbidden the use of all of ‘remote access’ technologies… like dial-up modems. The telephone headsets that our company used worldwide each had a Bluetooth chip in them that allowed a user to pair his or her mobile phone with their headset as a convenience feature. The security people told me that the mere presence of a data networking chip exposed our data network to Ev1l H@kk0r$.
I spent three weeks trying to make the security goons see reason. The control standards that the facility already had in place made the Bluetooth vulnerability impossible to violate. In order to make use of the Bluetooth connection, a user had to physically bring a mobile phone into proximity with the headset’s base station and run a manual pairing procedure. That couldn’t happen because every employee entering the facility was patted down by guards and had their personal devices locked up (prison-style) before they were allowed into the workspace. Yes, there was a theoretical vulnerability, but it was effectively mitigated. There was near-as-makes-no-difference zero risk. 
The top security bloke got angry with me and gave me an earful about daring to question the omnipotence of his holy regulation. Then he doubled-down and accused me of deliberately bypassing mandatory procurement regulations. If only I’d purchased from the ‘authorized equipment lists’, no ‘unauthorized’ gear could ever have been bought. I politely countered that I hadn’t bought a damned thing: the central European procurement office had bought the wireless headsets for the site based on their common equipment standard that was on their official ‘authorised equipment list’ for all European offices. If security had an issue with an official company standard, then they’d need to take it up with the head of European operations. Not with me.
I asked to see a copy of this fellow’s ‘master list’… and in a beautiful act of circular logic got referred back to the exact same five year-old regulation regarding the construction of new overseas facilities. When I pointed out that this list of things that one shouldn’t put in a building was not the same as a list of specific devices that one was allowed to purchase, he hung up on me.
It went on like this for what seemed like forever. The security group wouldn’t budge. They didn’t have to, after all. Their mandate allowed them to interject themselves into any other business group’s operations at any time. They were also allowed to retroactively invalidate anything that struck their fancy. They weren’t obligated to the company or to the customers to find acceptable solutions, either. This gave the lot of their staff an… let’s say ‘unhelpful’ attitude.
Meanwhile, my poor tech support engineers were caught in a Catch-22: they had the equipment that they needed to use, but were required to lock it all up. They couldn’t buy replacement kit because they had no purchasing authority of their own. The people who had purchasing authority wouldn’t budge because they’d already bought the right kit. Corporate security wouldn’t budge because it wasn’t their problem whether or not the new support centre was operational. We went round and round on this problem for months and never got anything resolved. Throughout it all, I could never get our executive to apply his authority as the business function owner to force all of the players to come up with a mutually acceptable solution.
The poor engineers staffing the new support centre thought that they’d joined a circus. I heard from them every day: I thought a company this large would have its *%* together. The workers I spoke to were confused, frustrated and angry… just like me. They were right: a global mega-corp with tens of thousands of personnel should have been able to recreate something that it had already done without a bunch of unnecessary drama. We already knew what needed to happen.
Unfortunately for everyone caught in the mess, the truth was… embarrassing. Those plans and designs and rules for how to stand up a new support centre didn’t really exist. Every one of those previous successful operations had been performed as a rushed one-off job by well-meaning people who were frantically making things up as they went along.
There was no omniscient, omnibenevolent central authority that had all of the answers regarding how to do the job right. There were just a bunch of affiliated workgroups scattered all over Hell and creation, each staffed by decent people who only ever held slivers of the total operational picture, and who had no incentive at all to cooperate with one another. As I pointed out in my exit interview, passive-aggressive obstructionism was the culture’s default optimal tactic for everything, even when people knew that it was counterproductive. The place was completely mad.
What we needed, really, was an Adjustment Bureau of our own… We desperately needed a prescient element that possessed the foresight to be in just the right place at just the right time to cause that lone unwanted and unnecessary security inspector to miss his appointment at the new support centre facility while the new wireless headsets were being delivered. If that one meddling guy had been hit by a train – okay, fine, how about distracted by a barking dog? – then none of the gratuitous drama that followed from the interloper’s snit would ever have manifested. The tech support agents would have gone on to do their jobs well, no company information would ever have been compromised and about 18 businesspeople wouldn’t have wasted a collective total of 437 person-hours arguing fruitlessly about who was to blame for a non-existent threat.
Writers like P.K. Dick frighten us with their speculative stories about alternate realities and ‘what-if’ possibilities because we all want to believe that our lives are governed by something other than just random chance. The prospect that our lives might be entirely in thrall to chaos and petty irrationality is deeply disquieting. Perhaps not as terrifying as it is in science fiction – more depressing than terrifying, really. Depressing and unnecessarily expensive.
It’s amazing what we might accomplish if we could only see the ‘big picture’ and stop fighting over insignificant administrivia. But then, if we could really do that, we probably wouldn’t be human anymore. I think PKD would get a laugh out that.
 To be clear, I’m referring only to secular agencies here. I’m not touching on the theological implications of predestination from divine source. That’s out-of-scope for a business publication.
 A bloke you might remember as ‘Mongo’.
 ‘Overseas’, in this context, meaning everywhere on earth other than the USA.
 From a NIST SP 800-30 standpoint, the impact of the risk existed, but the likelihood was so small (after the existing control practices were executed) that the residual risk was effectively nil.
POC is Keil Hubert, firstname.lastname@example.org
Follow him on Twitter at @keilhubert.
You can buy his books on IT leadership, IT interviewing, horrible bosses and understanding workplace culture at the Amazon Kindle Store.
Keil Hubert is a retired U.S. Air Force ‘Cyberspace Operations’ officer, with over ten years of military command experience. He currently consults on business, security and technology issues in Texas. He’s built dot-com start-ups for KPMG Consulting, created an in-house consulting practice for Yahoo!, and helped to launch four small businesses (including his own).
Keil’s experience creating and leading IT teams in the defense, healthcare, media, government and non-profit sectors has afforded him an eclectic perspective on the integration of business needs, technical services and creative employee development… This serves him well as Business Technology’s resident U.S. blogger.