A major problem with the decision making meeting centric approach is “groupthink.” This phenomenon, as psychologist Irving Janis first described, occurs when a team prioritizes harmony and consensus over critical evaluation. The loudest voices, or those with the highest authority, can dominate the conversation, causing individuals to suppress their own doubts and ideas. As a result, the group moves forward with a decision that no one truly believes in, but everyone accepts to avoid conflict. This stifles innovation and prevents teams from exploring creative, and potentially better, alternatives.

Meetings also rely heavily on intuition and anecdote, not on objective data. People often base their suggestions on personal experiences or feelings, not on a comprehensive analysis of the situation. This approach introduces significant risks. You may miss crucial trends, misinterpret customer needs, or simply choose the wrong path without empirical evidence. Data-driven organizations, by contrast, use analytics dashboards, customer feedback, and performance metrics to guide their decisions. They identify problems and opportunities through a systematic, evidence-based process. This method allows for a more informed and reliable conclusion, reducing the chance of a costly mistake.

Data Informed Decision Making

So, what’s the alternative? Instead of a meeting-centric approach, organizations should embrace a more data-informed and asynchronous decision-making process. This could involve leveraging internal analytics dashboards to identify pain points and opportunities. Project management tools can be used to track and prioritize the initiatives for each team, based on their potential impact and feasibility. Furthermore, asynchronous communication tools can be used to gather feedback and ideas from all teams and team members, giving everyone a voice without the pressure of a live meeting. This approach allows for more thoughtful consideration, as individuals have time to research and reflect before contributing.

Sources:

• Janis, I. L. (1972). Victims of Groupthink: A Psychological Study of Foreign-Policy Decisions and Fiascoes.
• Atlassian. (n.d.). How to avoid groupthink on your team. https://www.atlassian.com/blog/teamwork/groupthink
• Tableau. (n.d.). A Guide To Data-Driven Decision Making. https://www.tableau.com/learn/articles/data-driven-decision-making

---

Common Problems that Impact Compliance Audits

The High Cost of After-the-Fact Data Collection

When compliance audits aren’t supported by data collected during normal operations, the cost can skyrocket. Teams have to stop their regular work to manually gather evidence, interview employees, and piece together a historical record of activities. This process is not only inefficient but also highly prone to errors and omissions. The time spent on these “fire drills” is time not spent on innovation or core business functions, leading to significant opportunity costs.

The Problem with “Doing Your Work You Are Following the Process”

The phrase “doing your work you are following the process” suggests that compliance is an inherent part of the job. However, if there’s no system to automatically capture evidence of this, the claim is almost impossible to verify during an audit. This puts immense pressure on individuals to remember and document every single action, which is an unrealistic expectation. Without automated, integrated data collection, this approach makes compliance a burden rather than a seamless part of the workflow.

Lack of Real-Time Visibility

A system that relies on manual, or retrospective, data collection for audits lacks real-time visibility into an organization’s compliance posture. You don’t know you’re non-compliant until the audit, at which point it’s too late to fix issues proactively. This can lead to serious consequences, including fines, reputational damage, and loss of customer trust.

Stifled Productivity and Innovation

When compliance is a separate, intrusive process, it can stifle productivity and innovation. Employees view compliance as an obstacle to getting their work done, leading to shortcuts or resistance. This creates a culture where security and compliance are seen as roadblocks rather than enablers of business success.

---

The Solution: Integrate Compliance into Day-to-Day Operations

The solution is to embed compliance data collection directly into the daily work of IT teams and employees. Here’s how:

Automate Evidence Collection

Use tools that automatically log and track actions. For example, automation that logs code changes, process steps, actions, approvals, and deployments, providing a clear audit trail. Network monitoring tools can automatically track access attempts and changes to configurations. This “always-on” approach to data collection makes audits significantly easier and cheaper.

Shift to a “Compliance-as-Code” Mindset

This approach treats compliance rules as code that can be tested and enforced continuously. As the rules changes, the testing changes to match. By defining security policies in a machine-readable format, you can automatically check for compliance with every new change or deployment. This proactive approach ensures that the “doing your work you are following the process” phrase is not just a claim but a verifiable reality.

Empower Employees with the Right Tools

Provide employees with intuitive tools that make it easy to follow compliant processes without extra effort. For example, a system that automatically prompts for a ticket number before a code commit ensures that all changes are tied to a formal request. This makes compliance a natural part of the workflow, not a separate task.

By shifting from retrospective, manual audits to an automated, integrated system, organizations can dramatically reduce the cost and friction of compliance. The data needed for an audit becomes a byproduct of daily work, not a separate project, turning compliance from a burden into a business enabler.

---

Sources

• NIST SP 800-53, Security and Privacy Controls for Information Systems and Organizations.
• ISO/IEC 27001, Information security management.
• The Phoenix Project: A Novel about IT, DevOps, and Helping Your Business Win by Gene Kim, Kevin Behr, and George Spafford.
• State of DevOps Report by DORA (DevOps Research and Assessment).

The business landscape is constantly evolving, with new technologies, market demands, and competitive pressures emerging regularly. What worked yesterday is unlikely to work today or tomorrow. Locking into a best practice can prevent a company from adapting to these changes, leaving it vulnerable to more agile competitors.

---

The Pitfalls of a “Best Practice”

Stagnation and Lack of Innovation

A major risk of getting locked into a best practice is that it can create a culture of comfortable complacency. If a team believes they are already using the “best” method, there’s little motivation to explore new, potentially more effective ways of working. This can lead to a lack of innovation, where teams simply repeat the same processes, as this is something that they are comfortable with. Without questioning their efficiency or relevance can lead to Stagnation for a business that needs to stay ahead of the curve.

Inflexibility and Inability to Adapt

Best practices are often designed for a specific context. When that context changes, the practice become obsolete. For example, a “best practice” for marketing a product has been based on traditional media like print or television. In today’s digital world, sticking to that old practice would be a huge mistake. By being too rigid, an organization can miss out on new opportunities and fail to respond to threats.

Overlooking Unique Circumstances

Every organization is unique, with its own culture, goals, and challenges. A best practice that works for one company is not a good fit for another. Simply copying a process without considering your own specific needs can lead to inefficiencies and frustration. It can also cause a loss of competitive advantage if you’re doing the same thing as everyone else.

---

How to avoid the Pitfalls of a “Best Practice”

Foster a Culture of Continuous Improvement

Instead of viewing practices as “best,” think of them as “current best.” This subtle but important shift in mindset encourages a culture of continuous improvement. Regularly review and challenge existing processes. Ask questions like:

• “Is this still the most effective way to do this?”
• “What new tools or technologies improve this process?”
• “What can we learn from our failures?”
• “What would happen if we tried something completely different?”

Encourage Experimentation

Create a safe environment for teams to experiment and try new things, even if they fail. Allocate time and resources for pilot projects and new initiatives. Celebrate learning from failures rather than punishing them. This approach helps to discover new, more effective methods and fosters a dynamic, innovative environment.

Stay Informed and Connected

Keep up with the latest trends and developments in your industry. Attend conferences, read industry publications, and network with peers. Pay attention to what your competitors are doing, but also look for inspiration from other industries. Staying informed helps you identify when a “best practice” is becoming outdated and what new approaches are emerging.

---

Sources

• Drucker, P. F. (2007). Innovation and Entrepreneurship. HarperBusiness.
• Collins, J. (2001). Good to Great: Why Some Companies Make the Leap… and Others Don’t. HarperBusiness.
• Christensen, C. M. (1997). The Innovator’s Dilemma: When New Technologies Cause Great Firms to Fail. Harvard Business Review Press.

Fostering a Culture of Continuous Improvement

A Continuous Improvement culture is one where everyone, at every level, is empowered to identify and implement improvements. Senior leaders are instrumental in fostering this culture by:

• Encouraging psychological safety: Employees must feel safe to suggest ideas and even fail without fear of retribution. Senior leaders create this environment by celebrating the suggestions and learning from mistakes, rather than punishing or ignoring them.
• Identify and remove any organizational barriers: This includes bureaucratic red tape, allocation of resources (time, money, or people), interdepartmental silos, or a culture of resistance to change.
• Leading by example: When senior leaders actively participate in Continuous Improvement events and show genuine curiosity about the process, it encourages others to do the same.
• Recognizing and rewarding efforts: Acknowledging and rewarding employees’ contributions to Continuous Improvement, and the resulting impact, reinforces positive behavior and motivates others to get involved. This doesn’t always have to be a monetary reward; public recognition and praise can be just as effective.

By championing a culture of Continuous Improvement, senior leadership ensures that improvement is not just a one-off project but an ongoing, embedded part of the company’s DNA.

Sources

• Womack, J. P., Jones, D. T., & Roos, D. (1990). The Machine That Changed the World: The Story of Lean Production.
• Imai, M. (1986). Kaizen: The Key to Japan’s Competitive Success.
• Rother, M. (2009). Toyota Kata: Managing People for Improvement, Adaptiveness, and Superior Results.

The Paradox of a Full Set of Features

This is a common problem in applications that try to be everything to everyone. Using Constructive Disruption creates Consistent Delight.

---

What is Constructive Disruption

Constructive disruption is a powerful way to create products and services that deliver consistent delight. Instead of viewing disruption as a chaotic force that destroys existing systems, it’s about intentionally challenging the status quo to build something better. This approach focuses on strategic limitations and purposeful innovation, which in turn leads to a more focused and effective user experience.

---

The Power of Constraints

Constructive disruption flips the Full Feature model on its head by embracing constraints. By intentionally limiting features or resources, we force ourselves to be more creative and strategic. Think of it like a puzzle: a few well-chosen pieces can create a beautiful image, while too many irrelevant pieces just create noise. This approach helps IT teams focus on a few key areas that provide the most value to the user.

• Microservices: This architectural pattern is a prime example of constructive disruption in action. Instead of one large, complex application, the system is broken into small, independent services, each with a single, well-defined purpose. The limitation of scope for each service forces teams to create elegant and scalable solutions. This results in systems that are easier to maintain, deploy, and update, leading to a more reliable and delightful experience for end-users.
• Minimalist UI/UX: The best user interfaces don’t have a hundred features on a single screen. They guide the user to their goal with the fewest possible clicks. This intentional restriction of options removes friction and delivers a clean, intuitive, and highly satisfying experience. The delight comes not from the number of things the software can do, but from how effortlessly it helps you do what you need.

---

The Consistent Delight Loop

When IT teams embrace constructive disruption, they enter a value add cycle:

1. Define the Core Value: By focusing on what truly matters, the team can build a more robust and reliable core product.
2. Strategic Innovation: Instead of adding random features, innovation is directed toward enhancing the core value within the existing constraints.
3. User Satisfaction: Users experience a product that “works for them”. The consistent high quality of the experience builds trust and loyalty.

This kind of delight isn’t a one-time “wow” moment from a new feature. It’s the persistent satisfaction that comes from using a product that consistently works as expected, and makes their life easier. It’s the kind of delight that makes a product indispensable.