Reacting to business challenges


Reacting to business challenges

James Robertson (among others) has been following the Sony rootkit fiasco, and comments:

Some of the management meetings at Sony must have been utterly fascinating over the last few days, as they slowly worked their way around to doing the right thing.

I can't help but wonder how my own company's management would respond to a similar challenge. My guess is that we would have a similar set of reactions. That is, we would choose the following reactions, in order:

  1. Try to ignore or deny the problem, for reasons of expediency—we have more pressing matters to deal with, mostly involving keeping ourselves afloat long enough to reach our visionary goals.
  2. When (if?) the outcry reaches an unacceptable level, decide on a quick fix.
  3. When (if?) the quick fix has been roundly trashed as too quick, decide to implement what was "the right fix all along".
  4. When (if?) the outcry has spilled into other business, try to assuage fears with verbal promises, not new policies or visible proof.

I imagine that each step was instituted by a progressively-more-senior level of management. It's hard to imagine a company with more than 5 employees doing things any differently; there are simply too many such challenges (and too many "if's")—a company which discussed, implemented, and guaranteed a full fix for all of them would quickly smother itself in bureaucracy and second-guessing. In other words, my hunch is that Sony's error was probably systemic (the result of being a large company) and not moral.

Perhaps some issues, like Sony's rootkit issue, should side-step the above sequence and jump their response straight to 4th gear. I'd be interested to hear anyone's logic for deciding which issues need that and which ones don't.

