Over 15 years ago, organizations such as Enron, Worldcom, Tysons, and others failed after massive managerial maleficence and even criminality.  Enron’s auditor, Arthur Andersen folded as well.

The result of this carnage was the imprisonment of many, the death (apparent heart attack) of the disgraced former CEO of Enron, suicides, massive shareholder value destruction and the Sarbanes Oxley Act of 2002.  SOX, as the act was commonly called was supposed to fix fractures in organizational transparency!

Later, Bernie Madoff, Robert Allen Sanford and others (Ponzi schemes) stole billions from trusting clients.  Where was the oversight for crimes of these magnitudes?

Almost a decade ago, three major disasters causes incalculable death and destruction:

  • BP Deepwater Horizon aka Macondo—commencing April 20, 2010
  • San Bruno Pipeline Explosion—commencing September 9, 2010
  • Fukushima Daiichi Nuclear Incident—commencing March 11, 2011

According to one 2018 report, “Close to half (46%) of senior oil and gas professionals believe that there has been underinvestment in inspection and maintenance of infrastructure and equipment in recent years.”  Has anything been learned about the risks posed by Critical Infrastructure to the Bottom Line and societal reputations?  What about continued loss of human life?

Finally, our US political class tells us they cannot ‘securely’ run an election and that outside interference somehow tainted or even changed the 2016 national election.  Five plus months before the next national election, what has changed?

Nuisance to Menacing

Now a series of high profile Cyberbreaches (seemingly exponentially) continue as do management’s apparent attempts to hide the damage from affected customers and shareholders.  Is this lack of transparency a SOX violation?

More regulations are not the answer.  Criminals and others with malice don’t pay much attention to laws.  They never have, whether mugging you in the park or stealing your identity online.

Purportedly, the first ‘hack’ took place in 1903 when a demonstration of the Morse Code was disrupted and insulting messages were sent through the theater projector. Perhaps a mere nuisance then, today cyber malcontents desire vast fortunes, political intrigue and even social instability.

In our November/December, 2017 Petroleum Africa article, A Governance Model for the Era of Digitalization: Achieving Operational Excellence Using Disruptive Data Management Techniques, we mentioned that at a conference in late 2017, an investment banker when responding to a discussion about the use of IoT as part of the digital oilfield (now how we run the business) “suggested words to the effect that if the enterprise is driven by these technologies then it is now an agenda item for the Board of Directors.”  This is consistent with this author’s previous statements to this effect.

What’s Going On?

In his 1984 book, Normal Accidents: Living with High-Risk Technologies, Charles Perrow put forth the theorem that in our complex world, “It takes just the right combination of circumstances to produce a catastrophe, just as it takes the right combination of inevitable errors to produce an accident.”

We have written extensively about Governance and Operational Excellence, including methodologies for developing and sustaining both.  In 2014, we put forth the construct of Strong Bond Governance as well as ways Critical Infrastructure sectors can become High Reliability Organizations.

Finally, we have developed and implemented a Best Practices Model for Operational Excellence that incorporates modern governance that address issues discussed herein.

Normal Incident Theory indicates, that in any complex system accidents will happen.  This theory has been debunked just like Keynesian Economics.  Yet practitioners of both continue unswayed by empirical data.

It appears that corporate governance models have fallen into the same trap, making assumptions that business and technology models are limited and reactive.  This appears to be a short-sighted approach with ample empirical evidence that these models are no longer relevant.

Threats to shareholder value and even the safety and economic security of entire populations that depend on Critical Infrastructures are increasing for a variety of reasons.  Organizational Governance models must keep pace.  Clearly, this is now part of the fiduciary responsibility of Board members as well as the entire “C” suite of executives.

Further Reading

The author and others have published extensively on this subject.  The list of appropriate articles and papers is too extensive to list here.  However, readers are invited to peruse Dr. Shemwell’s extensive list of blogs and publications.  For more information on this and other subjects, please contact us.