Culture and Conduct Risk: The Normalization of Deviance

(regulationasia.com)

66 points | by kiyanwang 970 days ago

8 comments

  • wisty 970 days ago
    > By “normalization” Vaughan meant that decision making processes and action choices that deviated from formal established rules were reinterpreted by work groups in a manner that allowed for those choices and actions to sit comfortably within the bounds of established performance norms. That is, “they redefined evidence that deviated from an acceptable standard so that it became the standard,” she wrote.

    Isn't this fairly common? Often, a lot of top-down rules are more honored in the breach than the observance. In some countries, unions will actually strike by telling their workers to follow the rules. This was also advice given to resistance fighters.

    • throwaway0a5e 969 days ago
      Yup. If nobody's following your rules its because your rules suck bad enough that the risk of not following is lesser than the problems caused by following them. People are not idiots. They'll jump through process hoops in order to satisfy management's requirements so long as there's some shred of reasonableness to it. If the hoops are easy they'll jump through them just to say they did. If he hoops are obviously beneficial they'll jump through them even if they're hard.
      • AndrewDucker 969 days ago
        It's the "obviously" bit that's tricky there. Sometimes you have a 5,000 item checklist because 5,000 different things went wrong - but nobody has documented exactly what each item on the checklist is important for.
        • throwaway0a5e 969 days ago
          It's an OR statement, not an AND.

          If you are going to make people put up with a bunch of obtuse process BS you need to sell them on it. If the reason is obvious you don't have much work to do. If the process is easy and not "a bunch of obtuse process BS" they'll do it even if they aren't sold on it.

    • rcxdude 967 days ago
      This is part of the core insight of 'Safety-II', a safety philosophy which aims to not just focus on the cases where everything has gone wrong and eliminate those, but also look at what people in the system do to keep things going right (and document and codify this so that it keeps going right, instead of suddenly stopping because either the person who did it moves on or some middle manager starts demanding the faulty rules get reinstated).
    • asplake 970 days ago
      Common, and it has both upsides and downsides. Some deviations are positive innovations. The challenge is to recognise and take responsibility for downward drift without squashing innovation.
  • mikewarot 970 days ago
    I would say that this has happened to our institutions as a whole, as the embedded growth obligations built into the weren't able to be sustained.

    There was a recent report to Congress about the readiness of the Navy Surface fleet to fight a peer, and it also found a normalization of deviance. This was because of defunding, and a lack of contact with actual peer opponents.

    This pattern is widespread, and requires active vigilance to keep it from taking root.

    • redis_mlc 966 days ago
      There's a number of issues with the US Navy:

      - contrary to expectations, US military branches always start off slow in an actual war, then rapidly strengthen historically. However the US does not have the capability today to replace ships lost during a war.

      (Losing the $3B Bonhomme Richard was a bigger deal than reported, since it will take a decade to build another one.)

      - there were some US navigation mishaps in the past 5 years that showed basic skills and leadership were below expectations. I would not call that a funding problem, more like a training and evaluation problem.

      - China is a unique adversary - they have a total of 20,000 ships and large boats which can be used to blockade their regional seas. They have no actual battle experience, which is why Xi has constant exercises.

      Almost all of the long-range missiles in their parades were built to attack US carriers - using our money and capital markets to fund them. (We need large laser weapons to counter those numbers.)

      Source: I study war.

  • steve_g 969 days ago
    I like the metaphor of "bad apples vs bad barrels" But to me, that raises the question of how to tell the difference. Clearly, there can be individual instances of unique malfeasance in an organization. But I think it's mostly culture and expectations that allow for bad behavior.

    Maybe the difference between bad apples and bad barrels is that the bad apples fear being found out by their organization. Average apples in a bad barrel believe that their actions are tacitly approved, even if the explicit "values" of the organization wouldn't allow them.

    • 8note 969 days ago
      Bad apples and barrels are a bad metaphor because there's been efforts made to claim that good apples stay good when beside bad apples.

      To avoid this confusion, you can refer to rolling a ball on a curve.

      A ball at the top of a hill is the bad apple case - any nudge and the ball will roll down.

      A ball in a valley will always roll down till it's at the bottom.

    • notsureaboutpg 969 days ago
      Only when people buy into culture / expectations can those be the things that allow for bad behavior. Human beings range on the spectrum from follow-the-herd to contrarian-just-for-the-sake-of-it, which really confounds the ability to place blame for bad behavior here.
  • lovemenot 969 days ago
    Since the latest AI Spring there has been a societal tendency to look for fields where ML could plausibly be applied productively. And then to make a stronger claim that doing so would in practice deliver those benefits.

    Many consultants, researchers are aware of the stretch, but do it anyway because FOMO. They know too that others make sumilar unsupported claims.

    On the basis of the evidence presented in this article, I would argue that this tendency is a cultural deviance. And that these banking risk / compliance folks are themselves complicit.

    I agree the field of cultural analysis has potential, but it appears these folks lack results to demonstrate it.

  • trhway 970 days ago
    > Firms must therefore maintain an atmosphere of “psychological safety” that encourages employees to speak up when they believe things have gone amiss. That is, firms need to ensure that their employees will call-out deviance, rather than permit its normalization.

    That hollow management speak sounds pretty contrasting with that guy just recently getting 4 years for calling out the normalization of the deviance of drone killing of innocent civilians.

    • sokoloff 970 days ago
      From the judge in that case, with which I’m inclined to agree: “You are not being prosecuted for speaking out about the drone program killing innocent people,” said O’Grady. “You could have been a whistleblower … without taking any of these documents.”

      That punishment was for sharing documents classified as top secret with a journalist, not for calling out a deviation.

      • watwut 969 days ago
        He could have just speak and nobody would believe him. Without taking documents, he would be super easy to dismiss.

        Which is the whole point of course. Make it sound like there was legal meaningful action open for him while protecting the acts he made public.

        • kodah 969 days ago
          That is a possibility, but certainly not definitive. The fact is that he did choose that his odds were better this way, and he accepted the consequences of his actions.
      • trhway 970 days ago
        i don't think orally delivering classified information instead of using electronic/paper copy magically makes it not a crime. All that while decreasing the trustworthiness of the information - ie. from journalist POV it would be dealing with hearsay instead of documented facts.

        >That punishment was for sharing documents classified as top secret with a journalist, not for calling out a deviation.

        yep, and for jaywalking. Assange was hunted down for sex crimes (which as it happens he didn't commit) not for publishing the docs. And Navalny in Russia is doing time for business crimes not for being PITA for Putin.

        • TeMPOraL 966 days ago
          And Al Capone got imprisoned for tax evasion.

          This is a tried and true method of governments. If you piss them badly enough, they'll move Heaven and Earth to find something they can legally get you for.

          (That is, as long as they care about being seen following their own rules. If they don't, then all bets are off.)

          • watwut 966 days ago
            Somehow, I don't think Al Capone analogy works for me here.
  • afarrell 966 days ago
    One important cause of Normalization of Deviance is when an organization stays misaligned at the top about what the norms actually are. The effect of this is that:

    1. Some folks at the top will shout about the norms being violated and nobody listening to them.

    2. Folks underneath them will struggle to get buy-in on initiatives to follow best practices.

    3. Folks underneath them at an individual contributor level will struggle to tell the difference between following established best practices (or good practices in a complex adaptive system) and getting distracted.

    For an illustrative narrative of this, consider the character John from The Phoenix Project.

    Patrick Lencioni writes about this in books like The Five Dysfunctions of a Team and The Advantage. For a quick read on part of this, see: https://hbr.org/2002/07/make-your-values-mean-something

    • perl4ever 966 days ago

        1. We have SSO, therefore everyone should be able to memorize their password.
        2. Oops, we actually have 20+ passwords for everybody, and require several of them to be changed every month or two.
        3. Many passwords aren't used every day.
        4. Writing passwords down is forbidden.
        5. The usual stupid restrictions are in place on what kind of password can be used.
        6. Resetting passwords is a cumbersome process that requires human intervention via a ticketing system and not just clicking on "forgot password".
        7. A subset of passwords are set up by the help desk, do not expire, and do not have an obvious way to change them, so it seems certain 99% of users don't.
      
      But this all is typical of a large organization that's making an effort, and something such as, say, a small nonprofit with no in-house IT, is much worse in my experience.
  • cudgy 970 days ago
    Many corrupt companies are corrupt at the top. These companies will be resistant to establishing “corruption prediction”.
  • Borrible 967 days ago
    Who Dares Wins.

    Until the shit hits the fan.

    'Don't worry baby, I'll pull out in time.'

    Just see you're not at the receiving end. Or the last in line.

    Having enough money and a good lawyer isn't wrong either.

    Or just be to big to fail.

    ;-)