[Slightly long(er) read]
Where ‘GRC’ is in transformation.
From mere 3LoD so rightfully vilified, or 5LoD that get the point even less… When one looks at the picture of this post alone, one gets it. Or not. That Lines of Defense do NOT defend against anything but some poking busybodies looking in from the sidelines and contributing nothing to the fight against ill will and error hence are newspeak. I.e., outright lies that are meant to deceive.
To … the choice is yours:
For those unaccustomed to my writing style; please jump to this part below. The oh so very few who know the style, or dare great deeds:
[Yes this will be one of those posts again that has sentences at lengths normally not considered wise for readability but here are perfectly fine since my readership – you – isn’t all that squeamish [ossifrage – a tell wether you know your stuff] and some pop science writer had “Abt Terrasson sagt zwar: wenn man die Größe eines Buche nicht noch der Zahl der Blätter, sondern nach der Zeit mäße, die man nötig hat, es zu verstehen, so könne man von manchem Buche sagen, daß es viel kürzen sein würde, wenn es nicht so kurz wäre. Andererseits aber, wenn man auf die Faßlichkeit eines weitläufigen, dennoch aber in einem Prinzip zusammenhängenden Gänzen spekulativer Erkenntnissen seine Absicht richtet, könnte man mit eben so gutem Rechte sagen: mancher Buch wäre viel deutlicher geworden, wenn es nicht so gar deutlich hätte werden wollen. [Etc.]” [Kant, Kritik der reinen Vernunft, Vorrede zur ersten Auflage, Felix Meiner 1990 pp. 11-12] so that you that came this far in the text, will easily comprehend the next bits, too. When not if by the way there would be some simple typos by inattentiveness in this post, that may be due to a superb Châteauneuf-du-Pape at hand here and now; worth it…
A thouroughly-informed (in the philosophical sense) colleague recently posited “Stakeholders expect compliance and ethics functions to protect the organisation.” – which may be true – but one can also say that where the (original… not the latter-day much devolved) Rhineland model of all-stakeholder representation in the Board (or Supervisory Board sitting over the Board of Directors, in some jurisdictions – also much, waaay too much devolved everywhere into simple(ton) very-weak shareholder representation) is just made more ‘operational’ (quod non) withIN the organisation.
If influence from above (sic) onto the hired hands that the Board is, doesn’t suffice to make the Board implement and defend downwards through the organisation all the values it should pursue [where Values are the things that matter, not ‘value’ by (near-)directly measurable money performance indicators that are of the beancounter type that the moneychangers were thrown out of the Temple for, as prime example of how ethically low the Mammon was. Is…], then bypassing the Board, rather, putting them in curatorship, and forcing, over the axis (sic) of strict rules and regulations, a tactical/operational approach to sledgehammering that wanted behaviour and stance througout into people’s daily business.
But oh, the Board bonuses and salaries of all that should have acted earlier, should be clawed back over at least five years (back). And oh, how mistaken to think that a. that would work, b. people’s ethics could be forced to fit such external ethics models and to afterwards no longer need force to continue without bouncing back any millimeter (after Brexit, no need to refer to inches) instead of bouncing back beyond previous deformity, c. expecting anything to work when the finer the webbing of petty rule’lets, the more holes the mesh will show to have as best known by the ones put under pressure.
And now, if you even made it this far and the pearls will not before swines go or you took the jump and find yourself here:
There are, on analysis, three forms of outside involvement with inner work and -ings:
- Top-down. Where the Outside is boss, and internally the boss is both outsider and ignorant of lower workings.
With some communications chasms to deal with [though seldomly dealt with even at pitiful levels of quality]: The Out-In, and the Top-Middle-Bottom. The latter not helped by the Bullsht Jobs claim that too many in the Middle are there only for daycare, until they float up by lack of weight.
- Sideways. Sort-of. With two approaches seen in practice: The Antagonistic (the Outside are morons that don’t “get” it, or laid [as is the estimation]); and the Infiltrated, that we see so much of nowadays. This may be where the ‘state of the art’ (quod non!) is, as described above in those near-overly terse sentences.
Note that the Top-down altogether, and the Antagonistic, are elitist in their rule-based know-better approach, which is easily proven wrong in all elements of that approach. The ‘other’ is considered weak without any proof or shred of evidence, Self is Good (in a Nietschzian moral sense) to be able to tell – which in all ideologies is the sure road to Hell.
- Then there were … [Genesis album title to be completed here] … is Bottom-Up. Again, in two flavours: The Start-Up / Lagging Regulator kind, that sees much bad (ethically despicable) habit being formed in new business lines where regulators are laggerds qua understanding let alone rulings (see: Privacy, Social Media etc.; AI most probably, too); and the Sauvages Savants, typically in (hardcore) information security and like lower rungs recognisable by their un-right mannerisms that previously prevented acceptance (by just about all other parties, not deigning to stoop so low – to prevent their complete lack of basic understanding of the subject at hand so obviously displaying sheer incompetence for their functions to all outsiders (lower case o)) of their Knowledge, Insights and Wisdoms re asked-for regulation or guidance. The Unconsciously Competent that should have ruled by their innate Values, not the Unconsciously oh so very Incompetent. For ‘innate value’, re-view this masterpiece…
Now, was will das
Weib civil life..!? La regulator é mobile, you know. Pick the model you want. Then, have to implement another that will not work.
And, the Three Lines of Defense may still have a place … When (not if) capricious rules meddling is seen as the major risk of risks to an organisation, over any other. Indeed then, the lines actually stand between the threat and the vulnerable (ah? is that an a priori ..??). But also then, some basic wordsmithery will easily blow off such threats – or aren’t you sure or capable? And, anywherewhere such a view on risks holds, incompetence (e.g., at the Board and regulator levels) is proven.
To not end all too negative since I am not:
[Oh, how long ago, when Finance still had Promethean energy … And no, correct, I don’t do horizon corrections.]