BLOG

Canada's sovereign AI infrastructure is being built right now. Federal investment is flowing into domestic compute capacity. New privacy legislation is imminent. Environmental scrutiny of AI energy consumption is intensifying. AI governance frameworks are formalizing. And the compliance obligations facing data centre operators span seven distinct domains — each evolving independently, many of them overlapping in what they demand from the same operational activities. The organ

If you work in quality or lean, you have been trained to treat variation as the enemy. Deming, Taguchi, Six Sigma — the entire discipline is built on reducing, controlling, and eliminating variation. And that discipline is not wrong. But it is incomplete. Without variation, you cannot have two of anything. If no variation were permitted — if every instance of a thing had to be absolutely identical in every respect — production would be impossible. Every piece of raw material

The systems that run our world make implicit promises — to route traffic, to process transactions, to keep data where it belongs. Most of those promises are never explicitly declared, never monitored against, and never reported on until something breaks. Promise Theory, the framework Mark Burgess developed to model autonomous commitment, sits at the heart of the Lean Compliance methodology. This briefing extends it further, asking what becomes possible when security infrastru

How Enshittification, the Collapse of the Abstraction Stack, and AI Are Rewriting the Rules — and Why Governance Will Determine What Comes Next Raimund (Ray) Laqua, P.Eng., PMP Something is breaking, and something else is being born. I think we need to talk about both. If you work in technology, or if your business depends on technology — which is to say, if you run a business — you’re caught between two forces that are about to reshape everything. One is tearing down the mod

Raimund Laqua, P.Eng., PMP When we speak of safety failures, quality defects, security breaches, or sustainability shortfalls, we are always speaking of absences. Something that should have been present was not. A capability that ought to have existed was missing. A promise that was made went unkept. But an absence only makes sense in relation to a presence. You cannot miss what was never defined. You cannot fall short of a standard that was never articulated. And here lies t

Lean Compliance rests on foundational principles drawn from promise theory, cybernetic regulation, and value chain analysis. This article presents the logical progression that connects these principles and demonstrates why they necessarily lead to a different understanding of compliance itself. Understanding Obligations and Promises Promise Theory & Operational Compliance Compliance is fundamentally about meeting obligations. For compliance to be successful, these obligations

For decades, compliance has been one of the most reactive functions in the enterprise—more reactive than finance, operations, or even IT. While there are reasons why this is the case, this excessive reactivity has created a mission-critical gap: a dangerous vacuum where managerial accountability should exist but has been replaced with busywork. The Abdication Problem Managers, for the most part, have quietly abdicated their compliance responsibilities. They've handed them off

For years, I've been tracking the evolution of compliance technology—and I've noticed a persistent gap between what organizations need and what the market delivers. Many, and perhaps most, compliance systems are designed around a basic understanding: they treat compliance as a documentation problem, or at most a data problem, rather than an operational problem. This made sense when compliance was only about legal adherence, where the goal was to provide evidence of compliance

I just attended a webinar from a leading GRC vendor promoting continuous risk assessment for AI. The topic seemed timely and the solution promising, so I gave it my full attention. What I heard : AI introduces significant risk across organizations and within every functional silo. Fair enough. ⚡ The pitch: With all this risk, you need a system to manage it comprehensively. OK. What they demonstrated was little more than a risk register combined with task management—where task

As artificial intelligence systems reshape entire industries and societal structures, we face an unprecedented regulatory challenge: how do you effectively govern systems that often exceed human comprehension in their complexity and decision-making processes? Traditional compliance frameworks, designed for predictable industrial processes and human-operated systems, are proving inadequate for the dynamic, emergent behaviors of modern AI. The rapid proliferation of AI across c

AI governance policies typically describe what organizations intend to do. Lean Compliance focuses on how those intentions become operational capabilities that keep promises under uncertainty. Mapping an AI governance policy means creating an operational, regulation framework that links  legal ,  ethical ,  engineering , and  management commitments across AI use‑cases and life-cycle stages. The goal isn't compliance documentation—it's designing the operational capabilitie

Compliance as Organizational Wisdom: The Strategic Practice of Restraint Organizations that run algorithmic processes without restraint—or blindly follow operating processes that serve purposes misaligned with their mission—act unwisely. They optimize metrics divorced from their core purpose, cut costs that destroy capabilities essential to their mission, and follow recursive loops that lead them away from sustainable value creation. Compliance is the means by which organizat

The opening of Genesis describes a progression: formlessness to form, potential to purpose, chaos to order. The sequence—formless and void, then light, then separation, then foundation, then rhythm, then inhabitants, then agency, then rest—keeps showing up when building new organizations, new capabilities, new systems from the ground up. Each stage creates conditions for the next. Skip one, and the whole thing stumbles. This isn't prescriptive or scientific. But as a lens for

As we wind down for the year, I find myself looking ahead and wondering what's in store. As leaders, we know there are many forces at work—often too many to deal with, and many outside our control. But here's what I've been thinking: What we experience is also the result of the opportunities we cultivate in the current year. This insight came to me recently from working with someone I consider wise—a man now retired from a distinguished career as a physician and researcher, w

The sequence matters: proper engineering design must occur before deployment, not afterwards. by Raimund Laqua, PMP, P.Eng  As a professional engineer with over three decades of experience in highly regulated industries, I firmly believe we can and should embrace AI technology. However, the current approach to deployment poses a risk we simply cannot afford. Across industries, I’m observing a troubling pattern: organizations are bypassing the engineering design phase and dire

Raimund Laqua, P.Eng., PMP Note: Link to my strategy briefing document is located at the end of the blog post. About a year ago, I heard an AI expert suggest that we might need AI to control AI. My immediate reaction? That's nonsense. Why would you control something uncertain with more uncertainty? It seemed like doubling down on the problem rather than solving it. Turns out I was wrong. Or at least, I was asking the wrong question. The Problem That Won't Go Away I'm an engin

I've been thinking a lot about promises lately. Not the kind we make at year-end meetings, but the deeper promises organizations make when they deploy AI systems. Promises about safety, fairness, and accountability. Promises that become very real when something goes wrong. The challenge with Large Language Models is that traditional compliance approaches assume you can audit the decision-making process. You write procedures, train people, create controls around logical steps

Presenter:  Raimund Laqua, P.Eng., PMP. Date:  November 20, 2025 For Compliance Officers and Managers When compliance becomes operational—which is necessary to meet performance and outcome obligations—you need a method of improvement that focuses on operational systems. This is where LEAN comes in. However, LEAN has to adapt its principles to work with compliance. This presentation explores 10 lean principles and how they are used to improve compliance performance. If you're

If you're a compliance director or manager, you've probably noticed something frustrating: organizations can have excellent compliance documentation, pass audits, and still get surprised by violations. The gap isn't in what they document—it's in how regulatory obligations are embedded in operational capability. This is where integrative compliance  transforms everything. While traditional compliance creates separate activities that run parallel to operations, integrative comp

If you're a compliance director or manager in a highly regulated industry, you know this frustration: Your organization has procedures, training records, audit schedules, and risk assessments. You pass audits. Your management systems are certified. But violations still surprise you. You're constantly firefighting. And when leadership asks "are we actually meeting our obligations?" you can't answer with complete confidence. The problem isn't your competence. It's that most com

If you're responsible for compliance, you've probably faced this uncomfortable question: "How do you know you're actually compliant?" Most organizations point to policies, training records, and audit reports. But there's often a nagging gap between having documentation and having genuine confidence that your obligations are truly being met. This is where Goal Structuring Notation (GSN ) and claim trees become game-changers. They're tools borrowed from safety-critical industr

As someone working in compliance during this wave of AI adoption, I've been thinking about how we approach automation differently than other industries. The compliance field is naturally cautious about new technology—and for good reason. When we fail to meet regulatory standards, performance targets, or outcome requirements, the consequences extend far beyond operational inefficiency. Recently, I've been reflecting on Jidoka, Toyota's manufacturing principle that emerged over

Why Business Managers Should Own Compliance There's a persistent practice in organizational management where compliance is separated from...

How do we deliver safe AI? This is the question every organization grappling with AI adoption must answer. Yet too often, discussions...