SEARCH

Digital Transformation – The Home Depot of Computing Walking into a building construction store like Home Depot can be overwhelming. There are so many items to choose from and if you are like me you often don't know what you are looking for. If you are a builder or contractor most of the items will make sense and be familiar to you. However, what is more important, you will know what to do with them when you take them home. This experience is similar to companies who are deciding what to do with digital technologies. It can be just as overwhelming as walking into Home Depot. What is important to realize is that this experience is not a new one. When I first started consulting over 25 years ago a popular trope was this: Let’s say you can have ERP for free and have it installed today (back in the day this would take 12 -18 months) then what will you do with all that technology? The answer given was usually, "We don't really know. Everyone is using ERP and we thought we should get one too." Well then, why are you focusing on technology when you don’t know what it is you want to accomplish?" It is remarkable that we find ourselves now able to access instantly and usually for free (to start) any software you might need for your business. But this still leaves us with the same question, "what are you going to do with all that technology?" This is where many companies find themselves with respect to digital transformation. Based on what you read you might conclude that everyone is doing digital transformation and you should too. If you find yourself thinking this you are in good company. More Items for Your Shopping Cart Everything as a Service (XAAS) is a gaining mind share among the digital community. This is a progression of what has been going on for a while manifested in the form of: Software as a Service (SAAS) Platform as a Service (PAAS) Infrastructure as a Service (IAAS) And many others. The concept has been invented by computer and business architects alike to turn delivery of everything into a service. In fact, digital components are themselves delivered as a micro-services constituting what some are calling the programmable business framework. For those that remember the days of CORBA (common object request broker architecture) for the enterprise this is the same idea but for everyone. The premise is that you can build whatever you want by accessing ready-made capabilities available in real-time, on-demand, and almost for free. The hope is that someone will use these services to build something great. The question is who and what is this going to be? The Loss of Strategic Computing and Information Services When Computing and Information Technology came on the scene each system needed to be championed and sponsored by a business function that needed the capability. Funding for such an endeavor required justification based on achieving a ROI against specific business outcomes. Sound familiar? However, over time, the connection between the business and IT was severed. This happened as computing switched from mainframes to minis to servers and finally to personal computers. Today you would add mobile devices to this progression. The transition of ownership changed along with these advances from the company, to departments, and to individual users. Computing did not all move to the end users as a significant amount computing still resides in back end data servers and today in the cloud. However, what did happen was the removal of the middle layer of management both in terms of managerial accountability and IT resources that supported them. This part of the organization is where sponsors, champions and the resources to build out projects once resided. During the time of this transition, IT also became more standardized which made it easier for it to be supplied as a commodity by external vendors instead of by internal resources. The role of IT soon turned into one that selects and manages suppliers of commodity components: networks, hardware, software, and systems. Today, it is not uncommon for companies to prefer pre-built application suites rather than individual applications or capabilities. However, when you consider IT as a commodity you are no longer considering it as strategic to your mission. With the loss of champions, sponsors, and resources, IT is left with a mandate to provide only company-wide systems (platforms) served now by the cloud. The remainder is left, not to functional groups as it once had, but to individual users. Without middle management there is very little capacity left to support strategic or competitive differentiation in terms of the use of computing and information services. This lack of strategic intent is a significant obstacle for digital transformation and creates the greatest risk to companies wanting to survive digital disruption. The Return of Strategic Computing and Information Services? Eli Goldrattt, the creator of Theory of Constraints, suggests that for technology to deliver benefits it must remove a limitation that you have that is holding you back from achieving your outcomes. Your limitations are unique to your business although they may be shared by others at some level. The business has always been the ones to build out new capabilities that were needed to meet their objectives. In earlier days you would buy separate hardware, commercial of the shelf software (COTS), and integrate them together. This was done in the context of a business function that needed new capabilities that in turn would generate improved outcomes. This did result in more silos than we wanted, but that is what enterprise architecture frameworks were supposed to solve and in most cases never did. Today we find ourselves with a shopping cart full of commodity capabilities at every level of the computing and information stack available as micro services all the way to application suites. As an aside, the only way that vendors can distinguish themselves is by creating a new way to do something that we already could. Sure it is shinier, perhaps faster, maybe better in some marginal way, but none of it is tied to your specific requirements or problems you need to solve, unless your requirements are so low as to match only basic functional levels. If you want something that meets your higher standards then you need to build it yourself. You will never find your solution in the cloud because there is not enough demand for your specific set of requirements. What you will find instead are the components and capabilities that you need to build your solutions. Think power tools, drywall, lumber, nails and screws, if that helps. If you are like most people these sit in your garage or basement and collect dust. And this brings us to the crux of digital transformation – it is about building a future not just buying technology. But who will do this? Who in your organization will champion the cause? And who will answer the question, what will we do with all that technology? A Call for Leadership We need to see the return of strategic computing and information services. Leadership at the middle level has been removed and replaced in most companies by technologies in the form of management systems and applications. No wonder we find many management functions calling out for more leadership. Technology is necessary but not a sufficient condition for success. Leadership needs to point the way forward and champion the cause. Leaders need to aim at something higher if they want more than basic improvements driven by cost reduction. This will require that top level management stand in the gap where middle management once stood. Without this kind of leadership, companies end up with users heading to their favorite Digital Depot and doing their own DIY projects. Some of that is already happening, and some of this is good. However, where this leads to is even more silos of computing at the individual level using software they can get for free that will run out in 90 days. If you thought aligning functional groups to strategic initiatives was challenging doing this at the individual level is even more. Whether you have a flattened organization or not, you still need leadership. You need it more than ever if you want to build your future rather than accepting the disruption that is coming your way. Digital technologies offer possibilities that did not exist before. However, you will need to answer the same question that we asked 25 years ago and is as relevant today: What will you do with all that technology?

Identifying risks and reacting to problems when they occur uses our "Lizard Brain" which is fast and needed for a fight and flight response to survive in the present and short term. However, looking for opportunities, and being proactive to prevent problems and ensure goals are achieved requires use of the slower part of our brain which is focused on "thinking", with the ability to choose, design, create, and anticipate so we can survive the longer term. To succeed in the long term we must slow down and quiet our "lizard brain" long enough so that we can put in place what is needed to ensure mission success. However, slowing down is not easy and that is one of the reasons why risk-based thinking is hard to do. As companies try to go faster and faster we seldom take the time needed for our brains to think. The following steps help to make sure that we use our whole brain when contending with uncertainties: Separate risk identification (fast brain) from risk analysis and assessment (slow brain) Beware of cognitive biases such as: optimism, confirmation, anchoring, ostrich effect, zero-risk etc. Consider both threats (fast brain) and opportunities (slow brain) Don't rush - create time to engage the slow part of your brain

If your company uses an organizational chart it was most likely designed based on the factory model created by Fredrick Taylor who introduced "Scientific Management" in 1911. The foundation of his approach was the scientific method which has been very successful to help understand how things worked by understanding the individual parts. Reductive approaches while instrumental in many fields of study is not without its limitations. The first and foremost is that it is not always possible to understand the function of the whole by knowing the function of each part. This limitation can have significant consequences with how organizations handle risk as a whole or as a part. Taylorism and Its Effects Taylor used reductionism to organize how businesses are structured and remains to this day the primary method for designing organizations although this is changing (see article in The Atlantic https://www.theatlantic.com/magazine/archive/2019/07/future-of-work-expertise-navy/590647/ ). One of Taylor's aims was to achieve maximum job fragmentation to minimize skill requirements and job learning time. The workers he would hire would not have many skills, if any, so this made sense. Taylor also introduced us to time and motion studies that would eventually lead to the assembly line refined later by Henry Ford. The reason why we have departments, silos and disparate processes is largely because of Taylor and the specialization of skills. You could say that the focus of many business transformations over the years were attempt to address the side effects of Taylorism while maintaining its benefits. Manifestations of this included a growing movement towards generalization of skills through the sharing of knowledge, use of teams, and expansion of communication networks. Addressing Risk Taylorism is still predominate and its effects impacts how management is structured and in turn how companies contend with uncertainty and risk. An important problem with a reductive approach is that risk consideration is done by looking only at the parts that make up a business and not the entire organization. Systemic risk is seldom considered. This can be seen by the way risk registers are constructed often by starting at the bottom of an organization and aggregated upwards until they form a single heat map or risk score. Aggregating risk scores and using heat maps to provide a holistic view of risk has some value. However, these are remnants of a reductionist approach and are limited in identifying and contending with uncertainty that crosses departments, functions, and processes. Trying to understand risk by assessing the risk of individual parts is very much like trying to understand the risks of driving to work by understanding the risks associated with the steering wheel, gaskets, hoses, engine block and other components. You can add them up, put them in a heat map, or prioritize them by a risk score, but they will never tell you what you need to know, "will I get to work on time?" This bottom-up approach often leads to companies playing “whack a mole” hitting the gopher on the head when it pops ups without understanding why it does and preventing it in the first place. This is treating the symptom and not the disease which unfortunately is the way that many companies contend with risk. It is only when a significant event has occurred that correction or prevention is considered. Although common this approach has limited utility when lives are lost, reputation is at stake, and future earnings are at risk. As we are becoming more aware of risks that have the largest impact are systemic in nature and no amount of mole whacking will be enough to keep its effects of uncertainty at bay. Enterprise Risk Management As a means to contend with the limits of a bottom up approach to risk many companies introduce Enterprise Risk Management (ERM) to help address the larger picture but end up with using an approach called "Holism." This is better than reductionism but not the best approach to address systemic risk. Holism is the opposite of reductionism and suffers from the similar limitations. Instead of looking only at the parts it only looks at the top (or the boundaries) which tends to lead to ERM implementations that focus mostly on extrinsic or external risk; things which affect the organization as a whole such as: exchange rates, disruptive technologies, competitors, regulation and so on. Risk consideration that focuses only at the bottom or the top of an organization creates the opportunity for systemic risk to manifest itself. Operational Risk Management To properly address systemic risk an "integrative" or systems approach is needed. An integrative approach looks to address risk throughout an organization. This is the domain of Operational Risk Management (ORM) which when implemented effectively focuses on intrinsic risk that impact internal programs, systems, and processes and its effects on achieving outcomes. One way to look at this is that ORM focuses on risk streams (i.e. the propagation of the effects of uncertainty) instead of the risk of failure of individual parts. Effective operational risk management requires knowledge of systems. This includes value streams but also the interactions between them and the value chain which provide the capabilities, capacities, and competencies to perform them. ORM will utilize tools such as Hazard and Operability Analysis (HAZOP), Dependancy Structure Analysis, Value and Risk Stream Analysis, Value and Critical Chain Analysis, and others.

When it comes to meeting obligations the assurance function needs to provide more than just a feeling of confidence. It must provide a measure of certainty that obligations will be met based on real estimates of uncertainty and risk. In the following examples, folks thought that everything was on-schedule, on-target, on-plan, in-compliance until it was not and then it was too late. These all involve complex systems with many factors to consider. However, what we can say is that systems used to provide assurance (level of confidence that objectives will be met) failed miserably as evidenced by the surprise and shock afterwards. ROGERS On Friday July 8, Rogers experienced a disruption in service from coast to coast affecting millions of Canadians, and disrupting government services and payment systems. "We don't understand how the different levels of redundancy that we build across the network coast to coast have not worked," said Kye Prigg, Rogers' senior vice-president of access networks and operations” https://www.cbc.ca/news/business/rogers-outage-cell-mobile-wifi-1.6514373 SUNCOR On July 8th, 2022 CEO resigns after latest fatality at a company facility. "Suncor Energy Inc. chief executive officer Mark Little resigned following another death at one of the company’s worksites, sending shockwaves through the Canadian oil and gas sector." This is the second fatality at the Fort McMurry site this year and the latest incident in a string of workplace injuries and fatalities at Canada’s largest integrated oil company. Suncor was hoping they were turning a corner on safety and reported to have had a scheduled presentation in the upcoming week on safety improvements which was now cancelled. https://financialpost.com/commodities/energy/oil-gas/oilpatch-leader-mark-little-resigns-following-another-death-at-suncor-site Phoenix Pay System In 2009 the Canadian government initiated the Phoenix project which rolled out in 2016. The original budget of $309m increased to $954m expected to rise to $2.3b by 2023 in unplanned costs. The Governor General Auditor in 2019 reported, “How could Phoenix have failed so thoroughly in a system that has a management accountability framework; risk management policies, program evaluations, internal audit groups, departmental audit committees; accounting officers; departmental plans; departmental performance reports; pay-per-performance compensation; and audits by The Office of the Auditor General?” https://www.oag-bvg.gc.ca/internet/English/parl_oag_201805_00_e_43032.html Each respective assurance system failed to provide leadership with the information needed to properly evaluate and respond to risk. The alternative is that management simply ignored the information and hoped for the best. Either way the result was the same – failure. Failure to provide, failure to protect, and failure to deliver. Ignoring or not properly contending with risk in the final analysis amounts to gambling which is unwise and unnecessary. Organizations that choose not to gamble apply risk-based principles and practises to drive down risk or guard against it if not reducible.

The question of whether we comply to stay between the lines or stay between the lines to comply is a thought-provoking one. It speaks to the inherent tension between our desire to follow rules and regulations and our need for personal autonomy and self-expression. On one hand, compliance with rules and regulations is necessary for a functioning society. We need traffic laws to ensure the safety of drivers and pedestrians, building codes to ensure the structural integrity of our homes and workplaces, and health and safety regulations to protect our well-being. Without these rules, chaos would reign, and our lives would be far less secure. However, the mere act of compliance does not necessarily lead to a better society. Compliance can be a passive act, undertaken out of fear of punishment or social ostracism. When we comply simply to stay within the lines, we are not engaging with the underlying values that those lines represent. Furthermore, strict adherence to rules and regulations can stifle creativity and innovation. When we focus solely on staying within the lines, we are less likely to think outside the box and come up with new ideas. This can be detrimental to our personal growth and to the progress of society as a whole. On the other hand, staying within the lines can be a powerful tool for personal and societal growth. When we actively choose to adhere to rules and regulations, we are engaging with the underlying values that those lines represent. We are recognizing the importance of safety, respect, and fairness, and we are working to promote those values in our daily lives. Staying within the lines can also foster a sense of community and shared responsibility. When we all agree to abide by the same rules, we create a sense of collective ownership over our society. We are all working together to create a safe, fair, and just world. Ultimately, the question of whether we comply to stay between the lines or stay between the lines to comply is a false dichotomy. Both compliance and personal autonomy are important, and both can be used to promote personal and societal growth. The key is to strike a balance between the two, recognizing the value of rules and regulations while also encouraging creativity, innovation, and personal expression. By doing so, we can create a world that is both safe and dynamic, both secure and full of possibility

Regulated organizations in the process and energy sectors must have a management of change (MOC) process to cover process safety related changes to plants, processes, facilities and pipelines. In recent years, regulators have also added the requirement to manage risk arising from organizational changes. At a high level, organizational changes appear to be just another type of change that can be added to an existing MOC process and procedure. However, when you take a closer look, organizational changes are different in the tools and approaches used across the change life-cycle: MOC programs will need to accommodate these differences in order to effectively manage risk. Here are six (6) steps to prepare your organization to manage organizational change safely: Identify positions and roles in the organization that are safety-critical Establish a process to trigger an OMOC when these positions or roles are changed Develop a risk screening tool to assess the level of risk associated with changing these positions or roles Develop a transition plan to maintain continuity for safety critical roles and positions when these are changed according to the level of risk Establish a process to monitor changes during each transition and communicate any changes of risk to management Ensure that all safety-critical positions are roles are fully implemented (transitioned) by following up after the position or role has been changed. Organizational changes need to be part of every MOC program. An effective MOC program will consider the differences between asset and organizational changes to ensure that risk is effectively managed. Plan -Do-Check-Act Questions: What is the current condition of your organizational change process? Are risk screening and analysis tools in place? Is there a process to trigger changes to safety-critical positions and roles? How well is risk communicated to those that needs to manage and mitigate risk? What step can you take today to advance the effectiveness of managing risk during organizational changes?

Safety regulations and guidelines across North America call out for the need to manage risk due to organizational changes. Ensuring that safety critical roles are effectively maintained when changes are made to either personnel or positions is an essential requirement for every process or pipeline safety program. This is needed now more than ever as companies find themselves engaged in consolidation from mergers and acquisitions as well as adapting to changes in the market. Managing the following 5 (five) types of changes will help reduce risk during and after organizational changes have occurred: Personnel Changes refer to changes to safety critical roles, skills, and people Structural Changes are changes to safety critical positions, accountability, and critical management programs Temporary Conditions refer to transitional changes when people take on temporary assignments or as interim structural changes are being made. It is during these transitions that risk is at its highest and where maintaining safety is most critical. Policy and Procedure Changes can effect the ability to manage risk during the organizational change. For example, introducing travel bans may impact the ability to conduct field safety assessments. Risk Profile Changes during and after changes are implemented need to be assessed and managed appropriately. Managing these changes goes beyond on-boarding processes and involves process and pipeline safety expertise in addition to traditional human resource skills. A risk based approach is also beneficial so that the right level of rigor appropriate for the level of risk is applied. Plan -Do-Check-Act Questions: How well is your company managing risk during organizational changes? Is there a change process in place and how effective is it? Are safety critical positions identified and are roles effectively transitioned? Which ones need attention? What step can you take today to improve your organizational change process?

When it comes to compliance many organizations never get past "shall" statements let alone achieve any measure of effectiveness from their compliance efforts. Why does this happen? We have observed over several years that the way compliance management systems are implemented is a significant factor to why benefits are not realized. The traditional approach typically follows a progression of capability maturity that include steps such as: initial, repeatable, defined, capable (managed), and efficient (optimizing). Some may have a final step labelled as "effective." No wonder benefits are seldom realized. It takes too long to reach effectiveness any many never even get close. Even when they do what has been implemented ends up taking on a life of its own diverting resources to maintenance and corrective measures. That's why we recommend a better approach so you can achieve better outcomes from your efforts sooner and faster. This approach is based on the Lean Startup methodology where compliance always is operational which means all essential functions, behaviours and interactions exist and are working together at levels sufficient to produce a measure of effectiveness – the outcomes of compliance. With each progression the minimum level of capabilities are added to produce the next level of outcomes. This reduces waste, risk, and overall complexity.

In the domain of organizational obligations and compliance, the concept of promises holds significant importance. According to Promise Theory, formulated by Mark Burgess, policies are the set of promises made by organizations to meet their obligations. However, effectively translating these promises into action requires negotiation between those accountable for obligations and those responsible for compliance. This article explores the power of the one-person approval principle and the Hoshin Kanri method of policy deployment, shedding light on their potential to enhance accountability and fulfill commitments throughout the organization. The One-Person Approval Principle: Clarity in Accountability The one-person approval principle, often dubbed "one neck to grab," has found success in high-risk industries. It establishes a clear line of sight regarding accountabilities for obligations and risks, stretching from top management to the boots-on-the-ground. By designating a single individual as the ultimate accountable authority, decision-making becomes streamlined, ensuring that commitments are met and risks are mitigated. This principle instills a sense of responsibility and ownership by providing a straightforward framework for holding individuals answerable for their obligations and associated risk. Commitments as Responsibilities: The Many Hands Principle While the one-person approval principle highlights accountability, it is crucial to recognize that commitments and responsibilities are often shared by multiple individuals within an organization. Compliance with obligations requires the collective effort and collaboration of various teams and individuals. Each person responsible for executing tasks plays a vital role in keeping promises. Acknowledging the "many hands" principle ensures that no one person bears the burden alone and that all individuals involved understand their responsibilities in fulfilling commitments. Hoshin Kanri: Catching the Ball of Policy Deployment To bridge the gap between obligations and promises throughout the organization, the Hoshin Kanri method, also known as Policy Deployment or "Catch Ball," offers a valuable and effective mechanism. This approach facilitates negotiation and collaboration between those accountable for obligations and those responsible for compliance. Hoshin Kanri involves a process of iterative communication, where objectives and strategies are cascaded from top management to lower levels (and back up again) allowing for input and feedback at each stage. This iterative process ensures alignment, commitment, and a shared understanding of obligations and the necessary actions to fulfill them. Dropping the Ball: A Missed Opportunity Despite the potential benefits of the Hoshin Kanri method, many organizations falter when it comes to catching the ball of policy deployment. The failure to effectively negotiate and communicate commitments leads to misalignment, confusion, and a lack of ownership throughout the organization. Without a clear understanding of obligations and the necessary actions, promises can remain unfulfilled, compromising compliance efforts and exposing the organization to unnecessary risks. Unlocking Organizational Accountability: Embracing Promise Negotiation and Policy Deployment To unlock organizational accountability and ensure that promises turn into actions, organizations must embrace the principles of promise negotiation and policy deployment. By engaging in open and transparent discussions between accountable parties and those responsible for compliance, organizations can foster a culture of shared responsibility, collaboration, and commitment. This can be accomplished by following these steps: Clearly Define Obligations : Organizations should establish a clear understanding of their obligations and translate them into well-defined policies. These policies serve as the promises made to meet obligations and should be communicated effectively throughout the organization. Negotiate Commitments: Promise negotiation should involve discussions between accountable parties and those responsible for compliance. This collaborative process ensures that obligations are understood, and commitments are realistic and achievable within the organization's capabilities. Embrace Policy Deployment : Implementing the Hoshin Kanri method allows for the effective deployment of policies and commitments throughout the organization. The iterative process of catching the ball facilitates communication, feedback, and alignment at all levels, ensuring that promises are understood and executed appropriately. Foster Ownership and Collaboration: Every individual involved in fulfilling commitments should be empowered and encouraged to take ownership of their respective responsibilities. Collaboration and cross-functional teamwork should be fostered, creating a shared sense of accountability and ensuring that everyone understands their role in fulfilling the promises made. Communicate and Reinforce : Effective communication is essential for maintaining clarity and reinforcing commitments. Regular updates, progress reports, and feedback loops should be established to keep everyone informed and engaged in the process. By consistently communicating the importance of obligations and the progress towards meeting them, organizations can reinforce a culture of accountability and responsibility. Conclusion When it comes to organizational obligations and compliance, the translation of promises into action requires more than just one-person accountability. It necessitates the negotiation of commitments and the effective deployment of policies throughout the organization. By embracing the principles of promise negotiation and policy deployment, organizations can unlock organizational accountability, ensuring that promises are fulfilled, risks are mitigated, and obligations are met. It is through collaborative efforts and transparent communication that organizations can catch the ball and successfully bridge the gap between promises and actions, ultimately fostering a culture of accountability and success. Resources: Considering Promises As Assets The Heartbeat of Compliance: Keeping Promises Should Compliance Manage Obligations or Promises?

A recent incident involving a lawyer who relied on ChatGPT to prepare a court filing has raised questions about the reliability and accountability of using artificial intelligence tools in professional fields. The lawyer, Steven A. Schwartz, submitted a brief based on research conducted by ChatGPT, resulting in the inclusion of fabricated court cases. This incident has highlighted the limitations and risks associated with relying solely on AI-generated content. As a result, the discussion has emerged as to whether the use of ChatGPT should lead to the loss of an engineering license to practice. While ChatGPT and other similar AI tools provide utility across various industries, including the legal profession, it is crucial to acknowledge their limitations. In the case of Steven A. Schwartz, ChatGPT generated false information by inventing court cases that did not exist. This incident not only raised questions about the accuracy of AI-generated content but also emphasized the need for human verification and critical analysis. Professional Responsibility and Ethical Considerations This incident involving ChatGPT has shed light on the importance of adhering to professional ethics and exercising due diligence when utilizing AI tools. While technology can enhance productivity and efficiency, professionals must remember that their expertise and judgment are paramount. In the legal profession, submitting inaccurate or false information can have severe consequences. Courts and judges rely on the accuracy and integrity of the information presented to them. The use of AI tools should never substitute proper legal research and verification. The incident involving ChatGPT has prompted Judge Kevin Castel to set a hearing to determine potential sanctions against Steven A. Schwartz and the law firm, Levidow, Levidow & Oberman. Such consequences reflect the need for accountability when incorporating AI into professional practice. Professionals, especially those in highly regulated fields like engineering, bear a significant responsibility to provide accurate and reliable information. Speculating on the potential outcomes of engineers relying on ChatGPT in critical infrastructure systems presents concerning scenarios. Inadequate verification or the unintentional introduction of false information by the AI tool could lead to design flaws, system vulnerabilities, or erroneous control commands. Loss of License to Practice? The question arises as to whether the use of ChatGPT or similar AI tools should result in the loss of an engineering license. While this specific incident raises concerns about the lawyer's reliance on AI-generated content, revoking an engineering license based solely on the use of ChatGPT may be an extreme measure. It is essential to consider the circumstances surrounding each case, including the intent and level of negligence involved. Instead of automatic revocation, it might be more appropriate to develop guidelines and best practices for incorporating AI tools into professional practice. Professionals should receive adequate training and education on the ethical implications, limitations, and potential risks associated with AI tools. Licensing bodies can play a crucial role in setting standards and ensuring that professionals are well-equipped to navigate the challenges of integrating AI into their work. What Should be Done? While the incident involving ChatGPT and a lawyer highlights the risks of relying solely on AI-generated content in the legal profession, contemplating the use of ChatGPT by engineers and other professionals raises even greater concerns. Professionals must exercise caution, diligence, and critical thinking when incorporating these technologies into their work. Revoking a professional license may be the right course of action when AI technologies are used out of ignorance, or otherwise when public safety is at risk. At the same time, it is crucial to emphasize professional responsibility, ethical considerations, and the need for comprehensive guidelines and training. Responsible use of AI will require support from multiple levels: Governments need to establish effective legislation to regulate the use of AI where public safety may be at risk. Professional regulatory and licensing bodies need to establish appropriate code of conduct and practice guidelines with respect to the use of AI. Professionals need to make themselves aware of the risks associated with AI as it relates to their discipline and practice areas. Manufacturers need to self-regulate their behaviour by establishing responsible AI policy and practices.

Understanding the concept of offside holds significance in sports and in business, although it can be difficult to understand and recognize. Ted Lasso, the lead character in the acclaimed Apple TV series, embarks on his coaching tenure with AFC Richmond, possessing minimal knowledge of soccer. In his debut game, he remains blissfully unaware of an offside play. However, as the series unfolds, Ted gradually grasps this critical aspect, ultimately leading to AFC Richmond's advantage. Among the myriad lessons he learns about the intricate game of soccer—or, as many call it, "football"—this particular revelation hits home in the final episode. In many ways, compliance resembles this important aspect of sports, focusing on staying within the boundaries and keeping the game play in check. For compliance, these boundaries stem from legal obligations and the expectations imposed by internal and external stakeholders. Straying beyond these boundaries results in non-conformance, manifesting as defects, violations, malpractice, injuries, and, if left unaddressed, even the erosion of stakeholder trust. Prolonged negligence in this regard may culminate in mission failure, business setbacks, or even the derailment of one's career. That's why, it is crucial to remain firmly between the lines of play. The above control chart is used by many organization to monitor their game play and predict when they are at risk of operating off-side. However, these are not the only lines that are important to pay attention to. There are other lines —lines of defence – that help to stay ahead of risk. In recent decades, regulatory frameworks have evolved, shifting away from rigid directives and embracing a more outcome-oriented approach. This shift involves effectively contending with uncertainty to minimize public harm and maximize mission success. In this case organizations endeavour to keep uncertainty and its detrimental consequences at bay, ensuring that treats never infiltrate the lines of defence to reach critical assets, capabilities, or resources. Keeping uncertainty from penetrating lines of defence is also critical to mission success. Many ask why we describe compliance as: staying between the lines and ahead of risk. Now you know. By adhering to the boundaries, compliance helps to avoid non-conformance and protect the integrity of a company's operations. At the same time, compliance work to keep risks at bay, preserving the robustness of defence mechanisms and maintaining the ability to outpace potential threats associated with: safety, security, sustainability, quality, and so on. It is an unwavering commitment to mission success that propels compliance to consistently stay one step ahead, fortifying defences and safeguarding them from any compromise. One more thing... In the TV Series "Ted Lasso" coaching was not only about enforcing discipline which is how we often think of compliance. It was about helping players be a better version of themselves both on and off the field. In the say way, compliance is not only about audits and enforcement. It is about helping organizations be a better version of itself. And when they are they will meet all their obligations and keep all their promises. This is the secret of Lasso way and the secret of those who are successful at compliance.

Meeting performance and outcome-based obligations requires a different implementation methodology Compliance operability is achieved when essential functions, behaviors, and interactions exist at levels sufficient to produce a measure of compliance outcomes. The following outlines stages that organizations may follow to first achieve compliance operability followed by increasing levels of effectiveness. These stages are based on the Lean Startup Method by Eric Ries along with steps of team formation (forming, storming, norming and performing) as building an operational system requires similar stages for all parts to work together to achieve the outcomes of compliance.