It looks like nothing was found at this location. Maybe try a search or browse one of our posts below.

A bunch of stuff has hit my desk recently. It all seems related somehow. See if you can find the thread that connects them:

While cleaning out old magazines I found the October issue of Darwin magazine, which published its “Fittest 50” list. Yup — there was Enron. Still, Darwin is a fine publication. Lots of others fell for Enron’s buzz, too.

Speaking of magazine articles, one in Twin Cities Business Monthly by Burt Cohen caught my eye. It wasn’t the first article I’ve seen excoriating the common business practice of placating Wall Street by focusing solely on this quarter’s results no matter how much you mortgage your future, but Cohen did say it well.

Which leads us back to Enron. How? Among the many guilty parties identified in the ongoing blamefest is Wall Street. Turns out that many of those analysts who insist on great this-quarter results looked at Enron in more friendly terms. Why? Their employers wanted Enron’s investment banking business, that’s why. With luck, Wall Street’s analysts will lose some of their clout and we can all stop being deliberately stupid just to please these geniuses.

USA Today printed something useful, too: A piece by Stephanie Armour about companies that refuse to lay off employees just to make the numbers. In it she cites a study by Watson Wyatt (www.watsonwyatt.com) showing, among other happy conclusions, that excellence in recruiting and retention results in increased shareholder value – nearly 8% more, in fact.

Back to Twin Cities Business Monthly, which profiled Joel and John Schwieters, who own eight local companies in the home construction industry. They frame and finish houses twice as fast as most construction companies; their projects lack the debris that usually litters construction sites, they’re known for exceptional quality, and they’re growing by more than 20% per year.

How do they achieve these results? Unlike nearly every other construction company, they don’t subcontract their workforce — they employ their builders, paying them a regular salary, excellent benefits, and a shared bonus pool. Even more interesting is that they’re expanding into their supply chain. Where the popular core/context theory applauds companies that prefer outsourcing any activity that’s “non-core,” (that is, not a marketplace differentiator) the Schwieters understand that controlling the supply and delivery of doors, trim, pre-built staircases and such will improve their margins.

I suppose I should mention — they’re innovative in their use of information technology, too.

Politics, according to Larry Hardiman, whoever he is, comes from the Greek “poly,” meaning many, and “tick,” meaning blood-sucking parasite.

It’s hardly a fair characterization. Politics is the art of finding a path forward for a collection of people who disagree … often strongly … about even such matters as where forward is.

But (news flash!) politics can get ugly. One of the many ways it gets ugly is politicizing topics that aren’t intrinsically political.

Take, for example, information security (you thought I was going to dive into climate change or evolution by natural selection, didn’t you?).

In the unpoliticized world, information security is (to oversimplify things more than just a bit) a matter of making rational choices about protecting an organization’s data and applications portfolio from intruders wanting to steal the former or alter the latter.

What makes these decisions interesting is that with very few exceptions, every additional increment of protection raises not just the direct cost of security, but also barriers that impede the flow of work, making an organization just that much less nimble than it would otherwise be.

Information security should be, that is, a collection of deliberately chosen trade-offs between risk and cost on one side and effectiveness on the other.

It’s how information security works in companies where the need to avoid blame hasn’t irretrievably politicized it. Which is to say, out of the 100,000 or so U.S. businesses with 100 or more employees, it’s how roughly 142 practice the discipline. For all the remaining 99,858 businesses, information security is a politicized mess. (I arrived at this number by typing three keys on the numeric keypad with my eyes closed. I challenge you to arrive at a more accurate estimate.)

Because the driving force is blame avoidance, the way it plays out is that instead of making trade-offs between cost and risk on the one side and running an effective business on the other, InfoSec goes into full prevent mode: Plug every hole, address every risk, and, most of all, require every password to be at least 42 characters long and chockfull of punctuation marks, numbers, and both capital and lowercase letters, measuring password strength by memorizability: If an employee can remember a password, it isn’t strong enough.

All of which leads to frustration. I’m not referring to the frustration business users feel, although that is generally intense. I’m referring to the frustration InfoSec experiences because it never has enough budget or authority to prevent all possible mishaps from occurring, even though it will always be blamed for anything that goes wrong.

And things will go wrong, not only in spite of InfoSec’s efforts, but also because of them. The reason is simple and predictable: Raise barriers enough, and employees stop seeing them as protections they should respect and start seeing them as impediments they should work around. Writing passwords on Post-It notes is just the most visible example. DropBox, jump drives, email attachments and all the other ways employees manage to take files with them so they can get work done are probably more significant.

It would all work much better if InfoSec collaborated with employees to find secure ways to do what they need to do … maybe not perfectly secure, but secure enough; certainly more secure than the work-arounds.

But InfoSec can’t, because when blame-avoidance is the primary goal, secure-enough will never be secure enough. Far better to experience a breach and be able to say, “They violated our password policy,” than to have to respond to an outside security audit that reports the existence of a theoretical vulnerability in a solution instituted deliberately by InfoSec.

The point of this column isn’t limited to information security … a subject about which I know just barely enough to raise the points made above.

No, the point is the hidden costs of a culture of blame. They’re enormous.

When a company has a culture of blame, employees expend quite a lot of their time and energy, and cost center managers expend quite a lot of their budget, time, and energy, doing whatever they can to make sure the Finger That Points points at someone else if something goes wrong.

A small part of that time, energy, and money goes into making the business more effective. Far more goes to CYGM (cover your gluteus maximus) activities that do little other than to provide documentation that whatever went wrong is Someone Else’s Fault.

It’s a problem worth solving. How? That will have to wait until next week.

Picture this. Your telephone rings at 1:55pm. The call is from the person with whom you have a 2:00pm appointment. He has to cancel your meeting. Suddenly, you have an hour free. How should you spend that hour? You could focus on:

  • New ways to improve the application integration process.
  • Figuring out what to do about some new IT managers who were talented staff members but who aren’t making the transition to leadership well.
  • Deciding who needs to be part of the ERP system selection committee.
  • Writing a twenty-page dress code.

I’m still trying to figure out how any executive in a 21st century enterprise could have the time to worry about writing any dress code more complicated than the one used by General Mills, reported here last week, which says, “Dress for your day.”

Still, there are plenty of executives who become downright excitable about this issue. Supporting them is a widely cited study by Dr. Jeffrey L. Magee, who surveyed 500 firms of varying size. According to published summaries of his research, Dr. Magee found a wide variety of deleterious effects result from a move to business casual:

  • Decrease in ethical behavior.
  • Decrease in polite, mannerly behavior.
  • Increase in gutter language and conversation.
  • Decrease in morality.
  • Increase in provocative actions.
  • Decrease in productivity and overall quality of work.
  • Decrease in commitment and company loyalty.
  • Increase in complaints to HR.
  • Increase in litigation.
  • Increase in tardiness.

I’m skeptical, in part because the phrasing used in describing these results strongly suggests methodological bias. I’d be interested, for example, in finding out who’s judging whom, and how, with respect to what constitutes polite, mannerly behavior. It would be unsurprising if the underlying issue is reduced deference to those in positions of authority. This might be a consequence of a move to business casual. If so, it’s a benefit. In my experience, reduced deference is good for those in authority. It helps them avoid the misguided sense of infallibility that infests so many executive suites.I also have to wonder just how casual attire links to an increase in “gutter language.” And to anticipate the inevitable wisecrack, yes, I’d be wondering even had former CEO Dick Cheney not used the effenheimer while wearing an expensive suit and tie.The decrease in morality is also suspect. Most likely the subject is revealing clothing as worn by low-level female employees rather than insider trading and fraud as practiced by high-level executives — a different form of immorality closely associated with custom-tailored suits and expensive silk ties.

As for the reduction in commitment and company loyalty, oh please. This is a direct result of several decades in which U.S. corporations have increasingly and with increasing openness treated employees as fungible commodities. To the extent there’s a correlation between this and the non-wearing of suits, it’s more likely that formal clothing is symptomatic of a culture of subservience than that casual attire causes disloyalty.

It turns out, by the way, that Dr. Magee isn’t responsible for these published summaries and is concerned that they’ve oversimplified his findings. His research was confidential, on behalf of several large clients, so he couldn’t share the details — it was one of the clients that provided information to the business press. He did say, in response to my inquiry, that his research dealt exclusively with externally-facing positions and had been inappropriately generalized to cover internal functions as well; he finds the case for business formal attire in internal positions to be far less compelling. And in fact, while Dr. Magee holds a strong opinion that how you dress has a significant impact on how you behave, he also advocates “situational attire.”

(Me too: I wore a suit and tie for the photo accompanying this column; I’m wearing jeans and a t-shirt as I write it in my home office.)

Certainly, there is no sharp, bright line separating appropriate business casual dress from inappropriate sloppiness or overly revealing clothing. So what: Most issues in our lives are defined by continuums and gradations, not binary criteria that establish unambiguous boundaries.

There’s little question that a rigid dress code makes managers’ lives a bit easier, in much the same way that zero-tolerance policies simplify the lives of school principals. They’re examples of a popular principle:

When you’re incapable of providing leadership or exercising good judgment, substitute an inflexible policy.