Showing posts with label Oversight. Show all posts
Showing posts with label Oversight. Show all posts

September 29, 2016

USA Surrendering The Internet

So here we go again, we cut off the hand (and arm) despite the face.

We are recklessly giving up control of the Internet, specifically of the Internet Corporation for Assigned Names and Numbers (ICANN), which oversees the Domain Names Servers (including all the DNS root zones like .com, .net, .gov, etc.) that handle all the addressing of our Internet traffic.

Despite repeated cautions from many in industry, academia, and government not to do this, we are moving ahead anyway with tomorrow being the transition date!

Why would we give away anything, let alone control over the awesome technological power of the Internet that we depend on in some way for virtually every activity we do these days?

Aside from non-explanations of "fulfilling historic promises" to cede control (i.e surrender the Internet out of fear that other countries will challenge us and set up their own alternate DNS's) and nonsensical talk of "protecting Internet freedom" by giving it away to authoritarian regimes and despots--there seems to be no REAL reason to do this drastic action that weakens our country and puts our technology, commerce, critical infrastructure, and national security at risk!

Rather than defend the Internet that the USA invented (specifically DARPA), here we go again in fear and weakness going in the wrong direction--surrendering and giving up control of the web.

If you love the Internet and recognize how important this asset is to us, then like an FCC Commissioner said this week, you should be worried about what the h*ck we are doing to the freedom (vice censorship) of the Internet and to ourselves . ;-)

(Source Photo: Andy Blumenthal)
Share/Save/Bookmark

January 18, 2015

Governance, Pay Attention

So I chose this photo to represent bad governance. 

The governing board covers their ears, eyes, and mouth.

Because they hear and see no evil and speak no truth. 

They are deaf, blind, and dumb--they provide no real oversight. 

Simply choosing to collect their pay checks and stock options for residing on the governance board.

This is their payoff--not to govern--but rather to shut up and stay out of it!

I read a good overview of what governance is supposed to be and comparing it to management functions (Reference: Exam Preparation Course in a Book for Passing the CISM):

  • "Oversight versus Implementation
  • Assigning Authority versus Authorizing action
  • Enacting policy versus Enforcing policy
  • Accountability versus Responsibility
  • Strategic planning versus Project planning
  • Resource allocation versus Resource utilization"

When the board does their job, then the organization has a business strategy, manages risks, allocates resources, delivers value, and measures and monitors performance. 

In other words, no more acting like a bunch of out of control monkeys. ;-)

(Source Photo: Andy Blumenthal)
Share/Save/Bookmark

August 18, 2012

The Privacy Slope

I read with interest Ronald Bailey's book review of Privacy by Garet Keizer in the Wall Street Journal ( 16 August 2012). 

In a nutshell, privacy is founded in the Constitution's 4th Amendment: "the right of the people to be secure in their persons, houses, papers, and effects against unreasonable searches and seizures, shall not be violated."

I would define privacy as the freedom--to think, to feel, and to act as ourselves (within ethical boundaries) without fear of intrusion, revelation, or reprisal. 

In other words, it should only be our business who we love, what we are interested or believe in, who we vote for, what we choose to do with our lives, and more. 

I think in grade school, the children generally sum it up well when they playfully chant: "Mind your own BI," where BI is used for business (or biziness). :-)

According to Keizer, the danger to privacy come into play from two main sources: 
- Commerce--who want to sell you something and
- Government--that needs to surveil for security and law enforcement purposes 

After 9/11, their was a perceived need for greater surveillance to enhance homeland security, and with advances in technology and communications (smartphones, Internet, social media, etc.), the ability to snoop became far easier.

In 2002, the DoD program for Total Information Awareness (TIA) was an attempt to know everything (i.e. total) about those who would do us harm, but fears about this capability being used against the innocent, quickly required a rethinking or perhaps, just a rebranding. 

Some say that the new NSA mega data center in Utah is the fulfillment of the TIA dream--according to the Washington Post, already in 2010 NSA intercepted and stored "1.7 billion emails, phone calls, and other types of communications." Further, law enforcement demanded records from cellphone carriers on 1.3 million subscribers "including text messages and caller locations" over just the last year's time. 

Keizer cautions that "the ultimate check on government as a whole is its inability to know everything about those it governs"--i.e. without the people holding the cards, there is the risk of spiraling into a Big Brother totalitarian society--goodbye democracy!

I think Keizer perhaps oversells the fear of government surveillance and underemphasizes intrusion from business--his thinking is that "If consumers are annoyed with a merchant's monitoring, they can buy elsewhere." 

But what Keizer misses is that industry as a whole has moved toward the use of technology--from club cards and promotions to use of Internet cookies, RFID, and more--to systematically track consumers and their buying behavior and that information is readily captured, packaged, used, and sold for marketing and sales--as well as to the government!

As a common practice now, where is a consumer to go that will shield them from hungry business looking to capture market share and earn nice profits?

At the same time, while government surveillance can certainly be misused and abused with terrible consequences for individuals society---there are potentially a lot of people looking over the shoulder of those carrying out public programs--and this "sunlight"--where and when it shines--can help to prevent bad things happening. 

The problem is that the system is not perfect, and there are always those program people who act of out of bounds and those watchers who are ineffective and/or dishonest.

Overall, it's a zero sum game, where those that hype up security and capitalism, can tramp down on privacy, and vice versa.
In totality, we can never just assume everything will be okay when it comes to privacy and how information is used, but we have to be active citizens helping ensure that right things are done, the right way. 

For regular, hardworking, decent citizens, there is a definite need to safeguard privacy--and technology can be helpful here with anonymizers, encryptors, and other shielding tools.

For the bad guys, I would imagine, no question, that the government will continue to develop the means to thwart their secrecy and planning to inflict harm on the American people. 

For business, it's okay to capture consumer information and sell, but pour it on to thick and people will think twice about your company's ethics and brand--and even a lawsuit may be in the making. 

Yes, privacy is a slippery slope, and not only can a person's self be revealed or used inappropriately, but the voyeur can get burned too if they overdo it. 

(Source Photo: Andy Blumenthal)

Share/Save/Bookmark

August 3, 2012

FOIA Making Us Stronger

To commemorate 46 years since the Freedom of Information Act (FOIA) was passed on July 4, 1966, the Project on Government Oversight (POGO) came out with a infographic showing the significant progress that has been made in government transparency and areas they still see for possible improvement. 

Similarly, Government Executive Magazine ran an feature article in June 2012 called "The Truth Behind Transparency," calling progress with open government as "tough to gauge."

The basic idea of FOIA as the website for Sunshine Week put it is: "the public's right to know about its government."

Obviously, as GovExec points out, one of the main questions over the years with FOIA is "how quickly and fully do agencies respond to FOIA requests?"

To much and too soon, and do you perhaps put at risk various sensitive information, jeopardizing elements of the functioning of government itself?

Too little and too late, and then is the opportunity for mismanagement, waste, fraud, and abuse simply an after fact?

As Beth Novek, former deputy chief technology officer for open government, described it, open government is a "shorthand for open innovation or the idea that working in a transparent, participatory, and collaborative fashion helps improve performance, inform decision-making, encourage entrepreneurship and solve problems more effectively."

Transparency can aid in accountability by shedding a light on leadership and its performance management. It can also be a great opportunity to bring new ideas and opinions to the fold, perhaps leading to better decisions and results, at the end of the day, for all. 

The challenge for government is to guard against any information risks to the safety and security of our nation.  

An informed nation, is a stronger nation--to me, it is a foundation of a government "of the people, by the people, for the people."

Government and the people working together, duly informed, to confront our toughest challenges and solve our greatest problems.


Share/Save/Bookmark

July 22, 2012

Changing Organizational Fear To Firepower


Senator Chuck Grassley posted a video of the Acting Director of the ATF sternly warning employees that "if you don't find the appropriate way to raise your concerns to your leadership, there will be consequences."

But as Senator Grassley has pointed out in the video's description--"the essence of whistle-blowing is reporting problems outside of an employees chain of command." In other words, reporting problems to external oversight authorities like Congress is an important and protected action in exposing shortcomings and addressing potentially serious issues.


The Congressional Research Service provides an overview of The Whistleblower Protection Act (WPA) of 1989--basically, as I understand it, WPA protects federal whistleblowers who report gross agency misconduct (e.g. mismanagement, waste, and abuse) and prohibits threatening or taking retaliatory personnel action.  Moreover, the Whistleblower Protection Enhancement Act (WPEA) was introduced in 2009 to broaden the protections to, I believe, more violations except minor or inadvertent, but this has not yet been passed.  Further, the Office of Special Counsel investigates whistleblower complaints.


Unfortunately, as pointed out in The American Thinker, employees have taken the message as "a warning to keep their mouths shut," especially after agents exposed the Fast and Furious failed gun-running operation to Congress in 2011.


An agent quoted in The Washington Guardian states: "The message was unmistakable. Keep your head down and the only way you can report wrongdoing is by going to your chain of command. It was chilling, Orwellian and intimidating. What are you supposed to do if your chain of command is the one you think is involved in the wrongdoing? That was why OSC and IGs were created."


President Obama's Transition Website states more clearly how whistleblowers should be viewed and treated: “Often the best source of information about waste, fraud, and abuse in government is an existing government employee committed to public integrity and willing to speak out. Such acts of courage and patriotism, which can sometimes save lives and often save taxpayer dollars, should be encouraged rather than stifled. We need to empower federal employees as watchdogs of wrongdoing and partners in performance.”

Whether one works in the government or the private sector, actions that are taken as bullying is problematic, not only from the perspective of morale but also in terms of productivity,  as pointed out in an article in SelfGrowth called Leadership: Are You a Bully Leader?


"Bully leadership is sharp, authoritative, angry, and feels uncomfortable to those in contact with it...the bully leader bark out orders, threatens consequences and use strong, harsh statements..." as many have clearly come away from with this video.


In a dysfunctional organization where employees are bullied and threatened, the results are devastating to employees and to the vital mission they serve:


- Stifling productivity--employees do not give their all--they "do what needs to be done and that is all. They don't go above and beyond," so productivity declines precipitously.


- Stomping out ideas--since the bully leader "needs to be the one with the great ideas," employees don't share their input--they know to keep it to themselves.


- Squashing effectiveness--bully leaders want to control everything and "lack trust in other people," the result is a negative (and perhaps even a hostile) work environment where motivation, quality, and effectiveness are decimated.


It leads me to wonder, can those who lead by fear become more inspiring figures who empower employees and engender communication, trust, and fairness?


Obviously, changing a dysfunctional organizational culture is probably one of the hardest things to do, because the most fundamental everyday norms and “values” that the organization runs on must be overhauled.


However, it can be done, if top leadership on down is sincere and committed to change. The goals should include things like effective collaboration, delegation, empowerment, and recognition and reward.

Fear and intimidation have no place in the workplace, and all employees should be valued and respected, period.

We should encourage employees to speak out sincerely when there are issues that cannot be resolved through normal channels.

In the end, the most positive change will be when we strive to build a workplace where employees can focus on serving the mission rather than worrying about being afraid.

This post shouldn’t be seen as a referendum on any one organization, but rather a way forward for all organizations that seek to raise the bar on performance and morale.

I know that the people of ATF are highly principled and committed, because I worked there (in IT, of course) and am proud to recall their tremendous efforts.

(Source Photo: Andy Blumenthal)
Share/Save/Bookmark

April 25, 2009

Groups Can Help or Hurt the Decision Process…Here’s how

Generally, IT governance is based on the assumption that by vetting decisions in groups or boards—such as an Enterprise Architecture Board or Investment Review Board--we get better decisions. I for one have been an outspoken proponent for this and still am.

However, I read with great interest in the Wall Street Journal, April 25-26, an article entitled “How Group Decision End Up Wrong-Footed.”

In this article, an organizational psychologist at Stanford University, Robert Sutton states: “The best groups will be better than their best individual members”—okay, that’s right in line with our IT governance model, but then goes on to say…

and the worst groups will be worse than the worst individual.”—oh uh, that’s not good…here the IT governance model seems to backfire, when the group is dysfunctional!

Here’s the explanation:

“Committees and other groups tend either to follow the leader in a rush of conformity [here’s the herd mentality taking over] or to polarize into warring groups [here’s where the members break into oppositional stovepipes jockeying for position and turf].”

In these all too common dysfunctional group scenarios, the group does not work the way it is intended to—in which members constructively offer opinions, suggestions, explanations and discuss issues and proposals from various points of view to get a better analysis than any single person in the group could on their own.

Instead, “all too often committees don’t work well at all—resulting in a relentless short-term outlook, an inability to stick to strategic plans, a slapdash pursuit of the latest fad and a tendency to blame mistakes on somebody else.”

So how do we develop groups that work effectively?

According to Richard Larrick a psychologist at Duke University, “For committees and other boards to work well, they must be made up of people with differing perspectives and experience who are unafraid to speak their minds…they must also select and process information effectively and seek to learn from their mistakes.”

In this model, people in a group can effectively balance and complement each other, and synergistically work together to make better IT decisions for the organization.

Here are some suggestions offered by the article for effective groups:

The first is to break the group into “pro” and “con” sub-groups that can develop arguments for each side of the argument. I call this the debate team model and this offsets the tendency of groups to just follow the “leader” (loudest, pushiest, most politically savvy…) member in the room, creating the herd mentality, where anybody who disagrees is branded the naysayer or obstacles to progress. To get a good decision, we need to foster a solid debate and that occurs in an environment where people feel free to explore alternate point of view and speak their minds respectfully and constructively with non-attribution and without retaliation.

The second suggestion is to ask how and why questions to “expose any weak points in the advise.” This idea was a little surprising for me to read, since I had prior learned in leadership training that it is impolite and possibly even antagonistic to ask why and that this interrogative should be avoided, practically at all costs.

In prior blogs, I have written how enterprise architecture provides the insight for decision-making and It governance provides the oversight. So I read with interest once more, that oversight has a dual meaning: “the word can mean either scrutiny or omission.” And again it clicked…when the governance board works effectively; it “scrutinizes” investments so that the organization invests wisely. However, when the group is dysfunctional the result is “omissions” of facts, analysis, and healthy vetting and decision-making. That is why we need to make our IT governance boards safe for people to really discuss and work out issues.


Share/Save/Bookmark

February 7, 2008

Adding Value and Enterprise Architecture

What is the value-add of enterprise architecture?

In Architecture and Governance Magazine, Volume 4 Issue 1, an article entitled, “Architecture Planning” addresses this issue.

The author proposes that EA must find a balance between the necessity to “build and populate an EA framework with the effort to provide effective project support.”

With the wrong balance of these, the author, states: “you end up with an ivory tower [initiative] that delivers no value, or with a project support service that makes project-level architecture decisions rather than taking into account the enterprise perspective.”

The article sums up: “to reiterate, the architecture plan needs to meet two objectives. One, deliver an EA; two, deliver value to projects.”

From my perspective, the two objectives presented are not accurate. It is not a choice or balance between building EA or adding project value—never! Rather, it is always about adding value.

EA is never done for EA’s sake. That is not an objective.

Everything that EA does is to add value—either by fulfilling insight or oversight needs of the organization.

  1. Insight—EA provides valuable information products to end-users in terms of business and technical information. EA captures, analyzes, catalogues, and provides findings and recommendation, which is used to aid IT planning and governance, and decision-making.
  2. Oversight—EA provides valuable governance services by conducting architectural reviews of IT projects, products, and standards, thereby enabling sound IT investment decisions and more successful project delivery.

The article proposes that the organization should “initiate two streams of work. One identifies the framework within which enterprise-level information will be captured and shared, and the second focuses on identifying the key areas of need for projects…[i.e.] the need to provide real value to projects”

However, I would suggest that the two streams of work are not developing the EA framework and the need to provide “real value” to projects, but rather that the EA program develop both information products and governance services--simultaneously, both of which benefit the end-users and add value to the enterprise.

Further, the information products and governance services are mutually reinforcing. Technical reviews, conducted as part of the governance services, feed valuable information to the EA information products. And information products are used to conduct the architectural reviews by providing the basis for aligning to and complying with the EA baseline, target, and transition plan.
Share/Save/Bookmark

December 7, 2007

Boeing and Enterprise Architecture

Enterprise Architecture is a combination of developing and using organizational insight and managing sound oversight.

Boeing Company’s recently announced six-month delay of its new 787 Dreamliner jet shows defects in both their EA insight and oversight.

The Wall Street Journal, 7 December 2007 reports that “layers of outsourcing slow 787 production…a look inside the project reveals that the mess stems from one its main selling points to investors—global outsourcing.”

How did global outsourcing reveal the breaks in both effective insight and oversight at Boeing?

  • INSIGHT—EA is the synthesis of business and technology to improve organizational decision-making. EA develops information products, so that the organization has the information it needs to improve mission execution, and so that business is driving technology. In the case of Boeing, they were so focused on getting the technology of the new jet right, that they overlooked the underlying business problems. “It figured the chief risk lay in perfecting a process to build much of the plane from carbon-fiber plastic instead of aluminum. Boeing focused so hard on getting the science right that it didn’t grasp the significance of another big change; the 787 is the first jet in Boeing’s history designed largely by other companies,” and this has been plagued with problems ranging from language barriers to their contractors subcontracting out key tasks, such as engineering. Boeing’s focus on the technology led them to ignore important aspects of the business of designing and producing the new planes. Boeing did not have sufficient insight into the business side (versus the technology) of managing this tremendous endeavor.
  • OVERSIGHT—EA involves IT governance, so that IT investments are made based on sound principles of business alignment, return on investment, risk management, and technical compliance. Generally, the Investment Review Board, the EA Board, and the Program Management Office sees to it that IT projects are reviewed and managed in terms of cost, schedule, and performance parameters. In the case of Boeing, they did not ensure adequate EA oversight for the 787 jet. “Boeing overestimated the ability of suppliers to handle tasks that its own designers and engineers know how to do almost intuitively after decades of building jets. Program managers thought they had adequate oversight of suppliers but learned later that the company was in the dark when it came to many under-the-radar details.” Boeing’s general expertise in project oversight was outsourced along with the engineering and production tasks, and this led to, what an executive of one major supplier has called, chaos.

The Boeing 787 Dreamliner may well end up being a true “dreamy” jet plane, but from a User-centric EA perspective, the 787 has been a real nightmare and a example of ineffective EA insight and oversight!


Share/Save/Bookmark