Checklists: Safety Nets or Strangleholds

Many functions in government are guided, if not driven by checklists. For example, federal information technology management has many checklists for enterprise architecture reviews, capital planning and investment control, IT acquisition reviews, configuration management, systems development life cycle, IT security (FISMA), Privacy, Section 508, and more.

One of the frequent criticisms is that these functions are just compliance-based and are not focused on the real-world task at hand—whether it be planning, governing, executing, servicing, securing, and so on. For example, many have said that FISMA needs to be amended, because our IT security staffs are so busy with their compliance checklists and reports that they are not adequately focused on strategically or operationally securing the enterprise from attack. Similarly, EA review boards have been criticized for being an almost thoughtless checklist of architecture alignment to the FEA and not of real planning value.

Yet, inherently we know that checklists are valuable and that is why they have been so heavily mandated and incorporated into our processes. Without the checklists, we know from past experiences with failed IT projects, poor IT investment decisions, and security issues that many of these could have been prevented if only we had thought to ask the right questions, and so these questions got codified—and we learned from some of our mistakes.

With regard to this, there was a fascinating book review in the Wall Street Journal on a book called “The Checklist Manifesto” by Atul Gawande.

The author:

Mr. Gawande makes the case that checklists, plain and simple, save lives and we need them. He cites examples of “how stupid mistakes in surgery can be largely eliminated through pre-operative checklists” and how “checklists first became the norm in aviation, where pilots found that minor oversights in sophisticated planes led to tragic crashes.”

Overall, the book’s author maintains that “checklists seem to be able to defend everyone, even the experienced against failure in many more tasks than we realized. They provide a kind of cognitive net. They catch mental flaws.”

The reviewer:

The reviewer points out the important flip side to checklists as follows: “Bureaucracy is nothing but checklists. That’s part of what’s wrong with government—officials go through the day with their heads in a rulebook, dutifully complying with whatever the lists require instead of thinking about what makes sense.”

The reviewer makes the point that someone in authority needs to use judgment and that means: “relying on individual creativity and improvisation—the opposite of a checklist.”

The review goes on to then try and address the seeming contradiction between the need and value of checklists and the stifling effect that it can have by pointing out that “The utility of formal protocols [i.e. checklists, standard operating procedures (SOPs), etc.] varies with the nature of the activity—some activities are highly systematized, like engineering and other dependent on the judgment and personality of the individual. Spontaneity and imagination are important in many jobs.”

So there you have it—checklists—are helpful in defined, routine, almost mechanized areas where we can identify and itemize the necessary tasks, they are common to its performance, and they are proven to help avoid frequent oversights and mistakes. But where agility and innovation is called for, checklists can lead to either bureaucracy and/or missing the mark in getting the job done.

So are checklists helpful or hurtful with technology?

On one hand, technology is a fast-changing, innovative field that drives organizational transformation and thus it cannot primarily be a checklist function. Technology requires visionary leaders, talented managers, and customer-driven staffs. There isn’t a checklist in the world can inspire people, build meaningful customer relationships, and solve evolving, large and complex business problems.

On the other hand, there are common IT operational functions that need to get done and well-known pitfalls, and for these areas checklists can help us not make the same dumb mistakes again and again. For example, we can check that we are not making redundant IT investments. We can verify that appropriate accessibility for the handicapped has been provided for. We can safeguard people’s privacy with appropriate assessments.

The place for checklists in IT is pretty clear:

· STRANGLEHOLDS—Checklists cannot be a stranglehold on our business performance. They are not a substitute for thinking and doing. They cannot replace dedicated, talented, hardworking people addressing challenging and evolving business requirements with new and improved processes and technologies.

· SAFETY NETS—Checklists are safety nets. They are codified best practices and lessons learned that help us in not making routine, yet costly mistakes again.

Checklists: Safety Nets or Strangleholds

What Hollywood Can Teach Us About Fighting Terrorism

U.S. law enforcement officials have thwarted about two dozen known terrorist plots since 9/11 and there are probably lots more that haven’t made the papers. Some of them, like this month’s “Underwear Bomber” have nicknames, like the “Shoe Bomber” (2002), the “Lackawanna Six,” (same year), and the “Virginia Jihad” (2003). Others are known by geographical location, such as Fort Dix (2007) and the foiled plot against synagogues in the Bronx (2009). But one thing they all have in common is their determination to threaten and even destroy our freedom and way of life.

As a person who is deeply dedicated to America’s safety and security, both personally and professionally, I worry about the rise of terrorism that has sprung up in the past few decades. Terrorists are relentlessly determined to destroy our lives even if it means taking their own lives to do it. But what is even more frightening is that despite all the actions we have taken to fight terrorism, our culture remains deeply reactive. Can we really stay one step ahead and lucky forever?

The best example of our relative complacency in the face of a deadly threat is the policy of taking off our shoes for screening only after the case of the Shoe Bomber came to light. Now again, we waited for an Underwear Bomber before talking seriously and publicly about full body screening for all?

There is a saying that you can’t drive a car by looking in the rearview mirror, but unfortunately that seems to be the way our culture approaches the fight against terrorism. The focus should not be on stopping the last threat, but on anticipating and countering the future threat before it ever materializes.

To do this, we need to think like the bad guys do as well as conduct more exercises to expose our own security weaknesses (red teaming), rather than be surprised when the terrorists find our next Achilles heel.

In the particular case of the Underwear Bomber, it was particularly shocking that we knew this person was a threat. His own father warned us, yet we didn’t put him on the terrorist watch list or revoke his visa (as the British did). And just today I read that this individual told investigators there are literally hundreds more just like him, all waiting to strike.

Think about that for a second. There are seemingly endless terrorists out there, and they can have a 99% failure rate and still be “successful.” Yet U.S. and global law enforcement can’t fail at all—not even once—without dire and deadly consequences on a massive scale.

However, instead of gripping that unbelievable reality and treating it as the dire situation it is, there is actually talk about “rehabilitating” the terrorists. As if we have succeeded at rehabilitating “normal” criminals…now we are going to try and “deprogram” people who are religiously “inspired” to commit their diabolical deeds?

To adequately manage the new reality we face today, we must not only stay ahead of known threats, but also proactively envision new potential attack scenarios, prepare for them, and thwart them before they become potentially lethal.

A great place to start would be Hollywood; our entertainment industry has done a pretty good job of imaginatively exposing potential attack scenarios—in dozens of films from Air Force One to The Sum of All Fears, Executive Decision to The Peacemaker, and Arlington Road to The Siege, and many more.

There are also television shows like 24, with now seven seasons and counting, that keep Americans riveted to their seats week after week with terrorism plots that play out before our very eyes. We seem to generally view these as serious threats that are possible in our time.

I respect the President for openly acknowledging the "systematic failure," but it is going to take all of us to commit and follow through with ongoing security measures. It is not a one month or one year event (or even an 8 year event post 9/11), but rather a complete new security mindset that stays with us always.

We can and should learn from the visionary talent in our vibrant entertainment industry and from wherever else they may reside, and adopt creative and proactive thinking about terrorism and make this a regular part of our security culture. I understand that there are many forces at play here, and that most of us are not privy to some of the more sophisticated ways that we fight terrorism every day. But what I am talking about is our collective, public culture, which still seems to shrug off the seriousness of threats against us. For example, just today, I saw a sign in an airport that directed wheelchairs through security screening. It seemed almost an invitation to sew explosives into a wheelchair (although I understand that these are actually screened).

I have the deepest respect for the men and women who serve to protect us every day. But as a culture, it is long past time to wake up. We don’t have the luxury of collective denial anymore. We must embrace security as a fact of life, fully and in an ongoing manner.

Further, as we approach 2010, let us resolve to learn from the most imaginative people in our society about how we may think out of the box when it comes to combating terrorism.

In the real world, we must act now to quickly deploy new, more advanced screening technologies to our airports, marine ports, and border crossings, and employ our most creative minds to “outwit, outplay, and outlast” the terrorists who plot against us—whether in their shoes, their underwear, or wherever else their evil schemes might lead them.

What Hollywood Can Teach Us About Fighting Terrorism

It Pays To Think Big

As a kid, I remember being encouraged by my role models, who taught me to “reach for the stars”. They said things like: don’t be afraid to think big, work hard, put your best foot forward, and so on.

And I learned that in American society, it is a fundamental tenet that if you work hard, you can achieve your dreams. This is “the American dream.”

Sometimes as adults we feel that our dreams don’t matter. We work hard, but our hard work doesn’t guarantee success. We see that many factors determine success, including: talent, whether technical or leadership; a willingness to take risks; personal connections and networking, and sometimes even “just plain dumb luck.”

Nevertheless, our ability to envision success ultimately does affect our achievements. As Sheila Murray Bethel puts it in the national bestseller, Making A Difference: “Big thinking always precedes big achievement.”

It all goes back to: Think big, try hard, put yourself out there, and you can achieve great things.

Wired Magazine (December 2009), in an article titled, “Hiding In Plain Sight,” states that “Today’s tech giants all have one thing in common: They tried to change the world.” For example, look at the mission of the following organizations:

· Google—“to organize the world’s information.”

· Microsoft—“a computer on every desk and in every home.”

· Facebook—“the social graph of the planet.”

· eBay—“to create an entirely new global marketplace.”

Of course, while we know that there are real life constraints and that not every child who wants to President can be and not every company that wants to be Microsoft will be, it is still thought—imagination, big thinking and vision—that creates the foundation for greatness.

We should not only teach our children to dream big, but allow ourselves to do so as well.

It Pays To Think Big

Nanotechnology and Enterprise Architecture

“Nanotechnology is the engineering of functional systems at the molecular scale. In its original sense, 'nanotechnology' refers to the ability to construct items from the bottom up.” (Center for Responsible Nanotechnology)

Two examples of nanotechnology include the manufacturing of super strength polymers, and the design of computer chips at the molecular level (quantum computing). This is related to biotechnology, where technology is applied to living systems, such as recombinant DNA, biopharmaceuticals, or gene therapy.

How do we apply nanotechnology concepts to User-centric EA?

• Integration vs. Decomposition: Traditional EA has looked at things from the top-down, where we decompose business functions into processes, information flows, and systems into services. But nanotechnology, from a process perspective, shows us that there is an alternate approach, where we integrate or build up from the bottom-up. This concept of integration can be used, for example, to connect activities into capabilities, and capabilities into competencies. These competencies are then the basis for building competitive advantage or carrying out mission execution.
• Big is out, small is in: As we architect business processes, information sharing, and IT systems, we need to think “smaller”. Users are looking to shed the monolithic technology solutions of yesteryear for smaller, agile, and more mobile solutions today. For example, centralized cloud computing services replacing hundreds and thousands of redundant instances of individuals systems and infrastructure silos, smaller sized but larger capacity storage solutions, and ever more sleek personal digital assistants that pack in the functionality of cellphones, email, web browsing, cameras, ipods, and more.
• Imagination and the Future State: As architects, we are concerned not only with the as-is, but also with the to-be state (many would say this is the primary reason for EA, and I would agree, although you can't establish a very effective transition plan without knowing where your coming from and going to). As we plan for the future state of things, we need to let our imagination soar. Moore’s Law, which is a view into the pace of technological change, is that the number of transistors on an integrated circuit doubles every 24 months. With the rapid pace of technological change, it is difficult for architects to truly imagine what the true possibilities are 3-5 years out--but that can't stop of from trying based on analysis, trends, forecasts, emerging technologies, competitive assessments, and best practice research.

The field of information technology, like that of nanotechnology and biotechnology is not only evolving, but is moving so quickly as to seem almost revolutionary at times. So in enterprise architecture, we need to use lots of imagination in thinking about the future and target state. Additionally, we need to think not only in terms of traditional architecture decomposition (a top-down view), but also integration (a bottom-up view) of the organization, its processes, information shares, and technologies. And finally, we need to constantly remain nimble and agile in the globalized, competitive marketplace where change is a constant.

Nanotechnology and Enterprise Architecture

"Visual Thinking" and Enterprise Architecture

A must read…The Back of the Napkin by Dan Roam presents a topic near and dear to me: the power of Visual Thinking.

Visual thinking—"taking advantage of our innate ability to see--both with our eye and with our mind's eye--in order to discover ideas that are otherwise invisible, develop those ideas quickly and intuitively, and then share those ideas with other people in a way that they simply get."

In visual thinking (similar to me to “mind mapping”), we solve problems with the power of pictures. The ability to effectively visualize enables us to see difficult problems and “nearly invisible solutions.”

What kinds of problems can be solved with pictures?

“The answer is almost all of them. Pictures can represent complex concepts and summarize vast sets of information in ways that are easy for us to see and understand.”

How do we do this?

Look—“collect and screen” information (In user-centric enterprise architecture, we call this capture)
See—“select and clump” (catalogue the architecture information)
Imagine--see what isn't there (analyze the baseline, target, and transition plan)
Show--make it all clear (serve up the information in useful and usable ways i.e. make it user-centric)

Visual thinking provides us a way to clarify vague ideas, synthesize and analyze information, communicate and collaborate with others, and tackle difficult problems.

Dan’s approach is particularly interesting to me as I have also been developing and implementing a visualization-based approach to problem solving--User-Centric Enterprise Architecture.

In fact, my approach began as a response to the usual way of doing business, which was to produce fairly lengthy and convoluted technical documents or “artifacts” to solve pressing problems, and then to find that nobody read them.

While enterprise architecture is not a “back of the napkin” exercise, Dam Roam’s approach of visual thinking is compelling and consistent with how we can implement a more User-centric Enterprise Architecture.

"Visual Thinking" and Enterprise Architecture

Space Elevator and Enterprise Architecture

In User-centric EA, having a vision for the future is critical in developing the target architecture and transition plan.

At one time, man looked up at the heavens, and imagined that one day people would actually walk on the moon — and on July 21, 1969, this once unbelievable vision became a reality.

Today, some very smart people from Las Alamos National Lab, NASA Institute for Advanced Concepts, and MIT are envisioning a space elevator 62,000 miles long that would move along at 120 miles an hour. The top of the elevator would rotate with the earth at 20,000 miles an hour and could be used to springboard to the moon, mars, and beyond. Sounds crazy? Well, NASA has invested millions of dollars and 22 teams (mostly universities) have signed up for a competition to design the space elevator.

The point is that using the imagination to envision the future is a really important part toward actually making the leap forward. The ideas have to start somewhere, and while the ideas need to be moderated and prioritized, big idea thinking is imperative to both evolutionary and revolutionary change. Enterprise architecture is a great place for using creativity, imagination, and vision and opening up often insular organizations to new ideas and ever greater possibilities for the future.

Space Elevator and Enterprise Architecture