Reflections on Public Accounts Committee

MOTIVES FOR JOINING PAC

When I joined the Public Accounts Committee as an independant-member (Not a Politician) I did so because I understand a bit about the challenges of government, governance, projects and change that Jersey is currently contemplating.

For better or worse I was project manager for the successful incorporations of the Post Office, Harbours and Airport and have a good understanding of the public and private sector and the process and challenges of moving from one to the other.

I have also a chunk of experience in finance, commercial and retail through business change projects for NatWest and RBSI, working with SMEs, and with what was Le Riches Group and now Sandpiper.

So my motives are based interest and experience and a desire to listen, learn, and contribute based on experience and expertise.

WHAT I HAVE LEARNED

I started with the idea of blogging and tweeting a lot. But now feel that to make personal comments on people in a public forum rather than factual comments on processes in a professional forum is perhaps not the best approach.

I think it is better to focus on the process, standards, data and facts than focus on the people. By citing recognized standards we perhaps have a better chance of motivating the right behaviors than if our comments appear as personal criticisms.

Frankly this can be hard because at times the frustration is personal (and sometimes passionate). However the professional thing to do is be objective and precise with facts, figures and processes.

In a small community it is inevitable that personalities dominate, because they are colourful and more interesting than the dull elements of operational change. The problem however is when challenge over process becomes criticism of personality.

We need to be careful to avoid people defending their position rather than advancing the objective. A stronger focus on process and outcome rather than person and responsibility is more likely to yield success.

CHALLENGES FOR 2019

I having experienced public sector change I have both sympathy and empathy for those involved.

There is a quote by Churchill "When going through hell, it is important to remember to keep going"

The most important initial step therefore is to listen and learn, to understand and appreciate. People are more inclined to be honest about challenges and accepting of suggestions when they don't feel threatened.

My aim for 2019 will be to be a critical friend, to help with observations and comparisons, contributions and ideas that will provide us the government and public sector that we want, and our politicians have promised us.

The Public Accounts Committee runs for the period of the Assembly. That's 4 years, and 16 quarterly updates from States Chief Executive and his Team.

There is no doubt that this will be a challenging period but we should not judge too soon, but instead examine the process. If we see 16 quarterly updates of incremental improvement based on process then we have hope that change is both positive and sustainable.

Athlete and High Performance Testing

I have retired from competitive sport (Triathlon - Commonwealth Games and Rowing - World Champs) but because I get involved in business, projects and change management get asked about helping with High Performance initiatives.

To be fair there are plenty of athletes, mentors and coaches so my work tends to be business related: helping businesses perform like athletes rather than coaching for athletes.

I have however been asked this..... (and am curious if there is a market for this in Jersey)

We are putting together testing services for athletes which include online monitoring and high level reporting of body competition, endurance testing, power testing and movement efficiency. We are consulting with international organisations who offer world class services in these areas. One of the objectives in addition to the use for our athletes is to open up a testing and evaluation centre in Jersey for non- high performance based athletes (i.e. enthusiasts, good club level and Island Games level). This will be conducted by our lab trained staff, providing reliable and cost effective approaches to monitoring. 

I have been given these.
1.     Example Metabolic Profile Report
2.     Suggested cycling battery
3.     White paper on VLMax (the new VO2).
4.     White paper no 2 on VLMax
5.     Load Characteristics in INSYD 

I am already flat-out with a range of interests including Jersey Charities, Jersey Policy Forum and Public Accounts Committee. However I know that the above would really have benefitted me when I was an athlete and I suspect there might be interest to others.

I'd value feedback either via comments or direct (timhjrogers@gmail.com or 07797762051)

Thanks

My book for the year has been The Phoenix Project

The Phoenix Project: A Novel about IT, DevOps, and Helping Your Business Win6 Feb 2018
by Gene Kim and Kevin Behr

I loved this book because the story was so real to so many projects that I have managed. The people, problems, technologies are typical as are the outputs, outcomes and frustrations. What has been great is realising that these are real-life issues with practical real-life solutions that can be applied.

As a troubleshooter often involved in project rescue it is always great to have insights from other people's experience that you can apply to your own circumstances.

I like this book so much that I am prepared to buy a copy for anyone who works with me and whats to understand what we can achieve together.

What book would you recommend to me?

The books that might help you in 2019, and your recommendations?

A BIT OF MENTAL STIMULATION

At the end of 2017 I stopped competitive sport and sought a new outlet. Having pushed my body to its limits I am now stretching my mind and am very grateful to a few good people who have suggested some wonderful books.

This blog is part an acknowledgement and thank you to the people who have really made an impact on me either directly or for the recommendations they have made.

I am therefore sharing a list of what I've read and why, just in case people have similar interests and would like to read the same books. It is also a great opportunity to canvas recommendations.

It is true that my physical fitness is not what is was when I was 30 or even 40, but there is no reason that my mind shouldn't go from strength to strength and I am grateful for any ideas that may improve me or my business in 2019.

READING LIST

This is a small subset, I think I may have read 50 books. I have attempted to put them in the order I would recommend with the best at the top of each list. I greatly value people's recommendations in the comments.

IMPROVING PROCESS AND SYSYEMS THINKING

The Phoenix Project, A Novel about IT, DevOps, and Helping Your Business Win 5th Anniversary Edition, By: Gene Kim, Kevin Behr, George Spafford

The Goal, A Process of Ongoing Improvement - 30th Anniversary Edition, By: Eliyahu M. Goldratt, Jeff Cox

Critical Chain,Project Management and the Theory of Constraints By: Eliyahu M. Goldratt

The DevOps Handbook, How to Create World-Class Agility, Reliability, and Security in Technology Organizations

The Toyota Way to Lean Leadership, Achieving and Sustaining Excellence Through Leadership Development

Thinking in Systems A Primer By: Donella H. Meadows

UNDERSTANDING POLITICS AND SOCIAL CHANGE

The Cold War, A World History, By: Odd Arne Westad

The Great Economists, How Their Ideas Can Help Us Today,By: Linda Yueh

Misbehaving, The Making of Behavioral Economics, By: Richard Thaler

Red Notice, By: Bill Browder

A History of Russia: From Peter the Great to Gorbachev, By: Mark Steinberg, The Great Courses

Willful Blindness, Why We Ignore the Obvious at Our Peril, By: Margaret Heffernan

The Secret Barrister By: The Secret Barrister

Inside Story: Politics, Intrigue and Treachery from Thatcher to Brexit

MANAGING A BUSINESS

The 12 Week Year, Get More Done in 12 Weeks Than Others Do in 12 Months, By: Brian P. Moran, Michael Lennington

The Subtle Art of Not Giving a F*ck, A Counterintuitive Approach to Living a Good Life By: Mark Manson

Key Person of Influence, The Five-Step Method to Become One of the Most Highly Valued and Highly Paid People in Your Industry

Summary of Algorithms to Live By by Brian Christian and Tom Griffiths By: Instaread

UNSURE WHICH CATAGORY

Bad Blood By: John Carreyrou

Conspiracy, Peter Thiel, Hulk Hogan, Gawker, and the Anatomy of Intrigue, By: Ryan Holiday

Hitch-22, A Memoir, By: Christopher Hitchens

Sapiens and Homo Deus: A Brief History of Humankind and A Brief History of Tomorrow by Yuval Noah Harari

THANKS

I would like to thank Tom Hacquoil for a number of books: Zappos, The New New, When Breath Becomes Air, and a bundle of books on cryptocurrency

I would like to thank Jane Frankland for her book INsecurity

I am also mighty impressed by my Commonwealth Games Team Manager, Gary Jones who has published Evidence Based School Leadership and Management. Although written for schools the idea of doing anything based on data is a good idea!

I am also grateful to Gailina Lieu for the work of the Jersey Policy Forum and some great books: The Road to Somehere and Utopia for Realists. This opened a really interesting trail which included Andrew Keene's book How to Fix the Future and another breath taking look into the future with Life 3.0.

FOR 2019

I greatly value people's recommendations in the comments and am curious if there is a book club in Jersey for either Business Topics or Social Change.

GDPR PHASE 2 – DATA PROTECTION AND INFORMATION SECURITY ARMS RACE

I have worked with a number of organisations this year and my experience has been that May 25 presented a deadline and scramble to pull together the minimum requirements for a Data Privacy Notice.

In the period that has followed attention has turned to comparing hastily revised policies and procedures with real-life practices. As more than one wise person has said, it takes a long time for new ways of working to become habit.

There is a lot of work underway reviewing Contracts, Data Sharing Agreements and Processor Controller Agreements, in response to data protection and information security concerns.

The States of Jersey, JFSC and GFSC championing of Cyber Essentials as a minimum standard for information security and ISO27001 as a more respectable goal I anticipate that 2019 will be regarded as GDPR Phase 2 – putting theory into practice.

The Regulators of all jurisdictions have been clear that GDPR is not a once-only-event like Y2K but instead an ongoing process.

My view is that it has the makings of an arms race and to fall behind presents real difficulties being able to catch-up as each requirement piles upon the previous and makes basic assumptions about your start-point.

For many organisations this is just another step in the journey, but for some 2019 will see more challenge and more change than they were able to accommodate in 2018 and there may be consequences.

LINKS

https://www.jerseyfsc.org/the-commission/cyber-security/

https://www.gfsc.gg/news/article/cyberinformation-security-information-pack-boards

https://www.gov.je/StayingSafe/BeSafeOnline/ProtectYourBusinessOnline/pages/cyberessentials.aspx

AUTHOR

Tim HJ Rogers

https://www.linkedin.com/in/timhjrogers/

TRANSACTIONAL VS TRANSFORMATIONAL LEADERSHIP

TRANSACTIONAL VS TRANSFORMATIONAL LEADERSHIP IN CHANGE MANAGEMENT

At the turn of the millennium I was doing my MBA (Management Consultancy) and chose Transactional vs Transformational Leadership in Change Management as my dissertation topic. I was fascinated by the what I saw as the hype of charismatic leadership versus the more operational and steady approach to process improvement. I saw it as a battle of style over substance.

I have learned a lot since then and having been part of the team leading the Incorporation of Jersey Post Office from government department into company, been Operations Change and Sales Support for RBSI and NatWest and then again having led Incorporation of government department into company: this time Ports of Jersey.

I have had the opportunity to see, use and learn from both Transactional and Transformational Leadership in Change Management.

So it is with this interest, knowledge and experience that I am very interested in the SoJ Chief Executive plans to transform Jersey’s Government.

Below is a nice summary (by someone else) of Transactional vs Transformational Leadership in Change Management. I don’t actually agree with everything in the article, but in the interests of balance it is important to acknowledge different views.

My reservations include

1. I disagree that a Transactional Leader is not concerned about the futuristic vision or strategies. The difference in my experience is that the Transformational Leader exerts change by charisma (often lasting only as long as their tenure) whereas the Transactional is more systemic (with the result that the Leadership element may be difficult to discern.)

2. I would contend that a Transactional Leader is very capable of “the key functions” list outlined below. Indeed the whole idea of having a systemic list of how to go about change is Transactional.

3. Finally I’d say the “best practices of transformational leaders in business” are actually Transactional tasks (driven by the head) rather than charismatic persuasion (engaging the heart)


What do you think?

TRANSACTIONAL VS TRANSFORMATIONAL LEADERSHIP IN CHANGE MANAGEMENT

Original Source

https://www.managementstudyguide.com/transactional-versus-transformational-leadership-in-change-management.htm

Leaders play a crucial role in steering organizational change and inspire or stimulate people for achieving excellence at work by realizing the pre-defined goals. Effective leadership provide a direction and vision to the people from top to bottom, develops a conducive culture, climate and values for enabling certain expected code of conduct or behaviour out of employees.

Leaders conceptualize and administer suitable strategies for driving continuous improvement in the existing processes, motivating employees for superior performance and facilitating change across various functionalities.

Leaders play both transactional as well as transformational roles depending upon the organizational context, environmental factors and the long term objectives.

TRANSACTIONAL LEADERSHIP

Transactional Leaders work in accordance with the predefined modes of operation and are more concerned about ensuring a continuity in the day to day functioning, ensuring seamless operations by establishing systems and processes in place and focused towards achievement of set targets. Such leaders can enforce disciplinarian actions, establish a systemic framework and define a road map of action, formulate & implement policies and motivate superior performance through a systems of rewards and incentives.

A Transactional Leader is not concerned about the futuristic vision or strategies for acquiring market leadership, but is more concerned about ensuring that the tasks assigned are completed on priority by meeting the quality benchmarks.

TRANSFORMATIONAL LEADERSHIP

It would be more appropriate to say that the Transformational Leaders are the real champions of change. They are the visionaries who influence or motivate teams for achieving excellence in business performance. Transformational leaders give more importance to the development of cohesive teams and facilitate an environment of collaboration for achieving the next best level of performance, instead of ensuring the completion of day to day organizational duties/tasks. The focus is more on team building, empowerment of employees, alignment of individual-organizational goals and culture building for motivating individuals to embrace the change for the better.

Given below are the key functions performed by the Transformational Leaders:

1. Creating a Vision: Transformation Leaders are responsible for envisioning and ensuring that the vision is shared and communicated across all the levels to inspire and motivate people for driving excellence at work.

2. Setting Examples or Modelling: Transformational Leaders inspire employees through Modelling or exemplification of good behaviour or a desirable code of conduct.

3. Establishing Standards: Well defined standards and norms, guide the employees in following a desirable pattern of behaviour and working towards the fulfilment of common goals through a collaborative approach.

4. Culture & Climate Building: Building a facilitating climate and a culture of mutuality, interdependence and flexibility are the major functions of Transformational Leaders. A conducive organizational culture can motivate individuals for delivering performance excellence and exceed expectations by achieving newer milestones at work.

5. External Communication and Liaising: Transformational Leaders establish a connect with the external world and are the main point of contact for communicating with the key stakeholders for the resource support, technological assistance and acquire knowledge regarding the best business practices of leading organizations. This function essentially involves strengthening relationship with the stakeholders or business partners.

6. Team Building or Synergy: This is one of the most important functions of leaders who follow transformational leadership style by building a motivational climate and creating a positivity in the work environment for completing tasks collaboratively.

7. Talent Acquisition & Development: This is the key responsibility of the transformational leaders, which involves identification of the best of the talent pool and nurturing them with adequate training & development support.

TRANSFORMATIONAL LEADERSHIP: ADVANTAGES AND DISADVANTAGES AT WORK

Advantages:

1. Transformational Leadership style encourages innovation and creativity in the workplace by creating an enthusiastic and a challenging work environment. This kind of leadership provides ample opportunities to the individuals for growth and achieving newer performance milestones.
2. New Leaders may evolve out of a several followers.

3. Transformational Leaders are visionaries and they possess an extraordinary capability of communicating the vision to the followers. Since, such leaders are more skilled in visualizing the bigger picture, they can address challenges much efficiently.

4. The team members work for the achievement of a common goal or vision by being influenced or inspired by their leaders, thus driving excellence at work.

5. Transformational leadership encourages mentor buddy relationship between the leader and the follower, thus creating a conducive environment for innovation and improves organizational preparedness for any kind of change process.

6. Transformational Leadership brings reforms in the existing processes, creates higher expectations in followers and motivates the followers to deliver beyond the pre-defined expectations or the set framework.

7. Transformational Leadership surely guarantees high performance of the teams as well as superior productivity and growth.

Disadvantages:

1. Though Transformational Leaders can see the bigger picture, but they lack detailed orientation for which they require the support from the transactional oriented people who are more organized and detailed oriented. Lack of detailed orientation may result in a major oversight, which may ultimately affect the organizational interests in the long term.

2. Transformational Leaders rely too much on inspiration, passion and emotional aspects, which may lead to a neglect of the facts or realities through research, investigation or information gathering.

EXAMPLES OF BEST PRACTICES OF TRANSFORMATIONAL LEADERS IN BUSINESS

Transformation in Technology: Various Technology giants like Apple, Microsoft, Intel, IBM and many others, revolutionized the computing world through technological innovation by introducing state of the art quality software applications and microprocessors. Even the world of internet has witnessed a change in the contemporary scenario with Google enjoying its leadership as the most effective search engine and Amazon & e-Bay leading the e-commerce platform.

Transformation in Financial Services Industry: Due to the internet revolution, the financial services industry is undergoing a sea change with the availability of online platforms for the investors for planning their investments independently, researching, trading stocks and investing in various financial products by being in any part of the world. Pioneers like Peter Lynch, proponent of Mutual Funds and John Bogle, proponent of Index Funds, changes the attitude and preference of the investors on various financial portfolios. Today, Mutual Funds and Index Funds have become the most preferred choices for the investors because of the low costs involved and diversified benefits.

Diversification: In the era of globalization and liberalization, the organizations follow diversification strategy for business expansion across the globe and maintaining a leadership edge in the competitive market. Leaders like Jack Welch, the CEO of General Electric during 1980s, restructured the entire organization from the traditional bureaucratic set up to a more agile and lean framework.

Other Examples include Business Process Outsourcing and Knowledge Process Outsourcing which has resulted in generation of cost advantages for the organizations and enhanced business efficiencies, increased job opportunities for millions of people across the world and revolutionized organizational functioning as a whole. Again quality tools and processes like TQM, Kaizen, Six Sigma, etc have led to continuous improvement in business operations and achievement of superior quality benchmarks in manufacturing practices.

Reflections from Independent Member of the Public Accounts Committee

Really interesting at Public Accounts Committee today. Talking about our role and forthcoming public hearings with Director General re Property Holdings 22 Oct and States CEO re Public Sector Reform 19 Nov. Also look forward to C&AG Report on Remuneration of States Owned Companies and to hear from States CEO on response to previous C&AG Reports.

https://www.jerseyauditoffice.je/our-work/2018/

It’s interesting to what extent the meeting is like a chat show host, allowing officers to say their key messages or to what extent it is an interview to test facts, figures and progress of the implementation.

16 October: Meeting with Treasurer re EY Transformation of SoJ Finance

Will be interested to see EY Transformation of SoJ Finance and the milestones for changes in people, process and technology and how this all fits together within the orchestrated plans for Target Operation Model and Change Programme. What will be the KPIs and measured benefits for each of these initiatives which the public will see over the next 12 months.

22 October: Meeting with Jersey Property Holdings

This will be a very interesting meeting given the C&AG Report [“Resolute action and consistent buy-in required to secure improvements in property management” says C&AG as latest report is issued (21st June 2018)] and also the news on Bailiwick Express: The Director of Jersey Property Holdings is stepping down amid criticism over management of the government’s £1billion property portfolio

https://www.jerseyauditoffice.je/wp-content/uploads/2018/06/Report-Operational-Land-and-Buildings-21.06.2018.pdf

https://www.bailiwickexpress.com/jsy/news/states-property-portfolio-director-resigns/#.W6kWwXtKjcs

19 November: Meeting with Charlie Parker

I know the States’ Chief Executive is keen on transparency and accountability and I am sure a public hearing will provide a good opportunity for Officer’s to show their talent and outline their achievements to us and the public, especially given his commitments in this video.

https://www.youtube.com/watch?v=A3fql59qd88

USEFUL LINKS

About Public Accounts Committee [PAC]
https://statesassembly.gov.je/Scrutiny/Pages/ScrutinyPanel.aspx?panelId=4
https://statesassembly.gov.je/Pages/Scrutiny.aspx

C&AG Controller and Auditor General
https://www.jerseyauditoffice.je/our-work/2018/

Tim Rogers
http://www.timhjrogers.com/about-tim/

DISCLAIMER

Please note that the thoughts above are personal as Independent Member of the Public Accounts Committee and not necessarily the collective view of the Public Accounts Committee, Chaired by Senator Sarah Ferguson.

TWITTER 140 CHARACTER COMMENTS

Really interesting at PAC talking about role public hearing with Director General re Property Holdings 22 Oct. Interested? Come along, or post a question for us to ask!

Really interesting at PAC talking about meeting States CEO re Public Sector Reform 19 Nov Interested? Come along, or post a question for us to ask!

Really interesting at PAC talking about C&AG Report on Remuneration of States Owned Companies. Do you think you are getting value for money?


Tim HJ Rogers MBA CITP
Independent Member of the Public Accounts Committee
Mob 447797762051 timhjrogers@gmail.com
Skype timhjrogers Twitter @AdaptCCompany
Linked-In https://www.linkedin.com/in/timhjrogers/

'Cyber security - what is the incident response capacity of the island of Jersey?

The next IoD Jersey lunch of 2018 will be held at Grand Jersey Hotel & Spa in St Helier on Tuesday 6th November. The Speaker will be Stephanie Peat, Director of Digital & Telecoms Policy at the States of Jersey, who will be speaking about 'Cyber security - what is the incident response capacity of the island of Jersey?'

https://www.eventbrite.com/e/iod-jersey-lunch-with-stephanie-peat-director-of-digital-telecoms-policy-states-of-jersey-tickets-50487839487

This should be interesting. There are some really good initiatives recently

Partnership with UK strengthens Jersey’s cyber resilience
https://www.gov.je/News/2017/pages/CISPNetworkJersey.aspx

Channel Island Information Security Forum Annual Conference.
https://2018.ciisf.org/speakers/

USEFUL REFERENCES

PAC Review of e-Government
https://statesassembly.gov.je/ScrutinyReports/2017/PAC1.2017%20-%20Review%20of%20eGov.pdf

e-Gov Jersey
https://www.gov.je/government/publicsectorreform/egovernment/Pages/eGovernment.aspx

Government Cyber Essentials Plan
https://www.gov.je/StayingSafe/BeSafeOnline/ProtectYourBusinessOnline/pages/cyberessentials.aspx

About Public Accounts Committee [PAC]
https://statesassembly.gov.je/Scrutiny/Pages/ScrutinyPanel.aspx?panelId=4

Tim Rogers
http://www.timhjrogers.com/about-tim/

Learning and Loving DevOps

Learning and Loving DevOps: The Phoenix Project A Novel about IT, DevOps, and Helping Your Business Win 5th Anniversary Edition

Bill, an IT manager at Parts Unlimited, has been tasked with taking on a project critical to the future of the business, code named Phoenix Project. But the project is massively over budget and behind schedule. The CEO demands Bill must fix the mess in 90 days, or else Bill’s entire department will be outsourced.

With the help of a prospective board member and his mysterious philosophy of the Three Ways, Bill starts to see that IT work has more in common with manufacturing plant work than he ever imagined. With the clock ticking, Bill must organize work flow, streamline interdepartmental communications, and effectively serve the other business functions at Parts Unlimited.

In a fast-paced and entertaining style, three luminaries of the DevOps movement deliver a story that anyone who works in IT will recognize. Listeners will not only learn how to improve their own IT organizations, they’ll never view IT the same.

I recommend the book
https://www.audible.co.uk/pd/The-Phoenix-Project-Audiobook/B00VB034GK?source_code=M2M14DFT1BkSH082015011R

Based on this I am reading and watching as much as possible

This is a simple primer
https://www.youtube.com/watch?v=_I94-tJlovg

This is important and brilliant by Gene Kim (author of The Phoenix Project )
https://www.youtube.com/watch?v=877OCQA_xzE


This is the seminal video Velocity 09: John Allspaw and Paul Hammond, "10+ Deploys Pe
https://www.youtube.com/watch?v=LdOe18KhtT4

I welcome any suggestions on other videos or further reading

Tim

Culture and the keys to DevOps

Culture and the keys to DevOps


We also know culture is notoriously hard to describe. If you want an eye-opening experience, just ask a group of your employees to describe your own organization’s culture and see what kind of responses you get – after the quizzical, contemplative, and downright stumped looks, of course. Even harder than describing culture is demonstrating its contribution to organizational performance.

Culture’s importance is reinforced in the DevOps movement as the “C” in “CALMS” – one of the 5 Key Aspects of DevOps Posted April 21, 2016 by Jeff Gallimore

I’ve become increasingly passionate about and involved in the DevOps movement over the last several years. It’s so exciting to see all the impact DevOps is having on individuals and organizations coming from the innovation happening in the industry. However, DevOps is also such a broad (vague? confusing?) term that everyone has their own take on what it is (including me) and their own perspective on how “DevOps-y” an organization is.

“DevOps is about technology!” “No, DevOps is about process!” “No, DevOps is about people!” Well, they’re all right (although I agree most with that last person).

So what are the key aspects of DevOps?

At the first DevOpsDays conference in the U.S. in 2010, two pillars of the DevOps movement, John Willis and Damon Edwards, coined the acronym “CAMS” to describe the aspects of DevOps. “CAMS” stands for “Culture, Automation, Measurement, and Sharing”. Jez Humble, author of the ground-breaking Continuous Delivery book, later added the “L” for “Lean” to give us “CALMS”.

Let’s describe each one of the aspects of “CALMS” so we can have a clearer picture of where an organization is in its DevOps journey.

1. Culture

Peter Drucker, the famous management guru, realized how important culture was to the performance of an organization. He’s alleged to have said, “Culture eats strategy for breakfast.” More recently, Dr. Ron Westrum advocated for a “Three Cultures Model” that describes attributes and observable behaviors of a corporate culture and how it processes information. His three culture types are: Pathological (power-oriented), Bureaucratic (rule-oriented), and Generative (performance-oriented). For example, is an organization the kind of place where messengers are shot and failures are covered up (pathological)? Or are messengers trained and failures viewed as opportunities to learn (generative)? Culture has an impact on organizational performance in countless ways – for better or for worse.

2. Automation

Computers are terrific at doing the same task the same way really fast over and over again. Humans… not so much. Automating repetitive, time-consuming, error-prone tasks can yield big dividends. Have you implemented the foundational elements of continuous integration, automated testing, and automated builds? Are you ready for infrastructure-as-code and continuous delivery pipelines? You might even be adopting ChatOps. Whatever your state of automation is, the possibilities for automation to improve speed, consistency, and quality are endless.
3. Lean

We’re seeing the same Lean practices that were applied to manufacturing in the 1980’s being applied to IT now. Do we understand the end-to-end process we use to deliver value (in this case, with software) to our customers? Do we know where the inefficiencies and waste in that process are? Do we have a plan for reducing that waste? The primary Lean tool in our toolkit is value stream mapping. You’ll also hear a lot of Japanese words associated with the gold standard of lean practices: the Toyota Production System.

4. Measurement

You might have heard the expression, “You get what you measure.” We want faster feature flow into production, higher quality, and more value – so we need to track metrics associated with these outcomes and then use the information to drive feedback loops and decision-making. One of the DevOps unicorns, Etsy, takes measurement to the extreme by measuring virtually everything within their enterprise. You might not be tracking the quarter million time-series metrics like Etsy does (in 2013!), but measuring important aspects of your engineering and business operations will yield valuable insights so you can respond faster and improve more.

5. Sharing

Friction-free information improves organizational performance. The degree to which an organization shares information is directly influenced by its culture (see the first aspect). How does information flow between people, teams, functions, and levels within the organization? There are all kinds of indicators of sharing, like peer code reviews, information radiators, lunch-and-learn meetings, process ceremonies, and any number of feedback loops from one person or group to another. The more open an organization is when it comes to sharing and communication (i.e., the closer to a generative culture it has), the better it will perform.

No two organizations are the same and therefore no two organizations “do the DevOps” the same way. “CALMS” gives us a clearer way of looking at what an organization is doing, and identifying what is working and what might be opportunities for improvement. “CALMS” can be a powerful tool to accelerate an organization along its DevOps journey toward better results and helping it win in the marketplace.

Culture also shapes how an organization shares information – “sharing” being the “S” in “CALMS” and another key aspect of DevOps.

But for all its importance, we’ve had few tools and limited research to describe or quantify culture.

That is, until Dr. Ron Westrum came along and gave us his “Three Cultures Model” to describe different ways organizations process information. He shared his model and research in his paper “A typology of organizational cultures,” published in Quality & Safety in Health Care in 2004. The table below from his paper identifies the three cultures and provides attributes describing how organizations with each culture share information.

The DevOps Maturity model

LINKS
https://qualitysafety.bmj.com/content/13/suppl_2/ii22
https://www.excella.com/insights/3-types-of-culture
https://www.excella.com/insights/5-key-aspects-of-devops

Feedback and comments and debate always welcome


TimHJRogers
@TimHJRogers +447797762051
https://www.linkedin.com/in/timhjrogers/
http://www.timhjrogers.com/
TimHJRogers World Champs Rower, Commonwealth Games Triathlete, MBA (Management Consulting) Projects & Change Practitioner, TEDx & Jersey Policy Forum

UK Business Leaders Warned About Cybersecurity - Jersey needs to be prepared too

British business leaders need to extend their cyber security defenses beyond the threat posed by Russia to other states and criminal syndicates, one of the UK’s leading spymasters has warned.

In an interview with the Financial Times, Ciaran Martin, chief executive of the UK’s National Cyber Security Centre, which is part of the communications intelligence agency GCHQ, said that while Russia remained a serious threat to businesses, Iran and North Korea, as well as international cyber criminals, presented equal if not greater risks.

https://www.informationsecuritybuzz.com/expert-comments/uk-business-leaders/

Adapt Consulting Company has been working with TechColab and a number of other Cyber Essentials organizations to create a CE Toolkit of tools, templates, training and scripts to apply Cyber Essentials compliance to SMEs and Charity Businesses.

With the States of Jersey now suggesting Cyber Essentials is mandatory, it's a good time to get prepared.

Feedback and comments and debate always welcome

@AdaptCCompany +447797762051
http://www.adaptconsultingcompany.com/
Adapt Consulting help people and organisations get things done
@AdaptCCompany

Computer Emergency Response Teams

CYBER SECURITY NATIONAL CRITICAL INFRASTRUCTURE

I recently commented about Cyber Security National Critical Infrastructure in a posting titled This is the ultimate game of cops and robbers

http://timhjrogers.blogspot.com/2018/09/this-is-ultimate-game-of-cops-and.html

Following attendance at the meeting to discuss CERT [Computer Emergency Response Teams] I have the following observations.

Overall I think the meeting was a positive step in the right direction but my inclination would be to prioritise Government and National Critical Infrastructure before discussion with Visit Jersey, Association of Jersey Charities, Jersey Business, Digital Jersey etc.

I am sure all the SMEs and Voluntary Sector would welcome a government funded Computer Emergency Response Teams to co-ordinate advice, action, reporting for Jersey.

However perhaps Government and National Critical Infrastructure (Health, Ports, Electricity, Water ) should be the role models and help by setting the tools, templates and techniques that SMEs and Voluntary Sector can follow.

There is consensus that initiatives like Cyber Essentials CE is good. But also recognition that cost, understanding and expertise are a barrier to large-scale take-up of Cyber Essentials (see link below)

There is concern about States of Jersey suppliers certification requirements

1. From 2018, suppliers awarded any new government contract worth more than £25,000 will need to commit to adopting Cyber Essentials, or a higher standard, within 12 months.

2. From 2020, all suppliers in receipt of contracts valued at more than £25,000 will need to demonstrate adherence to Cyber Essentials or a higher standard.

This is likely to create more fear than compliance in the absence of funding or guidance.

It is noted in the UK that despite being years’ ahead with Cyber Essentials the take-up has been low.

It is noted that some Government departments or quangos don’t meet suppliers certification requirements and it seems premature to mandate this as a requirements without the training, tools, templates and techniques (ostensibly from CERTS) to make this happen.

However rather than challenge the wisdom of CERTS, this instead highlights how important they are and that perhaps the government’s ambition for CERT should be in-place to help facilitate and support Cyber Essentials.

COMPUTER EMERGENCY RESPONSE TEAMS

There was good discussion about the wide variety of approach and content for CERTs. It seems many people take many different approaches.

It its most basic level both CE and GDPR require planned responses to breaches and information security events and any toolkit (including one supplied by me) include all the tools, templates and techniques necessary to satisfy that requirement.

However at a macro level it doesn’t make sense for 100’s of small businesses duplicating effort that a central Computer Emergency Response Teams might do faster, cheaper, better and with considerably more expertise and co-ordination.

Take for example co-ordinating regulatory reporting for OIC, JFSC, Police, NIST etc.

Or another example, offering standardised advice and guidance on tools, templates and techniques

Or perhaps noticing patters of cause and effect that are not obvious in isolation, but can be managed better from “higher-up”


CONSCLUSION

The CERT [Computer Emergency Response Teams] initiative is a good one. But it needs to be co-ordinated with Cyber Essentials and States of Jersey suppliers certification requirements.


As always, feedback welcome – particularly form people who have experience and knowledge to contribute on CERTS and Cyber Essentials



LINKS

CERT [Computer Emergency Response Teams]
https://en.wikipedia.org/wiki/Computer_emergency_response_team

About Cyber Essentials
https://www.gov.je/StayingSafe/BeSafeOnline/ProtectYourBusinessOnline/pages/cyberessentials.aspx

Can Jersey's e-government and Open Data benefit Charities?

OPEN DATA

The Open Data Institute defines open data as ‘data that is made available by organisations, businesses and individuals for anyone to access, use and share’ – we’ve listed some of the top sources of open data for UK charities below. These datasets can be blended together with a charity’s own data as fuel for AI innovation.

Source:
https://www.charitydigitalnews.co.uk/2018/07/11/the-top-open-data-sets-available-to-charities-now/

UK GOVERNMENT

In June 2012, every Whitehall department produced an open data strategy, but not all of them have gone on to provide the same quantity of of data in a clean and accessible format.

Limitations include data not being published or recorded. When it is released, it sometimes features redactions and lacks effective categorisation, and flagship datasets such as transactional level spending for government departments are often out of date.

Source
https://www.computerworlduk.com/data/how-uk-government-uses-open-data-3683332/

The UK government has promised to provide more data in future to both the public and private sectors. In December 2017, it published new guidelines on what data should be released and how to ensure that it would be easy to find and available in the most usable format.

Emma Prest  of DataKind UK – a UK charity that helps charities, non-profits and other social groups improve their impact through data science.

JERSEY OPPORTUNITIES

Surely Jersey is well placed to use eGovernment and Open Data to help local voluntary sector of 535 businesses and 11,000 people to provide better targeted resources and funding more efficiently for the benefit of the community and saving for the public purse.

Open datasets worth exploring See..

https://www.charitydigitalnews.co.uk/2018/07/11/the-top-open-data-sets-available-to-charities-now/

The Association of Jersey Charities will be revising its activities and its website. Would this be a good time to embrace Open Data to see the flow of Lottery Funding using Open Data?

Imagine if we can see how money is being spent, and measure the benefits and social impact. Using Open Data we can do this, as well as open the possibilities of new products and services, reports and analysis for example by targeting Digital Jersey coding programmes to combine student learning with social benefits through innovative products and services.

Feedback and comments always welcome


TimHJRogers
@TimHJRogers +447797762051
https://www.linkedin.com/in/timhjrogers/
http://www.timhjrogers.com/
TimHJRogers World Champs Rower, Commonwealth Games Triathlete, MBA (Management Consulting) Projects & Change Practitioner, TEDx & Jersey Policy Forum

Cyber Essentials - a joined-up approach is needed

Ten-fold increase in security breach cases since GDPR, claim lawyers

Last year, Fieldfisher handled about three new cases a month. Today, it's handling one new case every day

https://www.computing.co.uk/ctg/news/3062333/ten-fold-increase-in-security-breach-cases-since-gdpr-claim-lawyers

This only heightens the need for Jersey to be prepared for this global game of cops and robbers.

http://timhjrogers.blogspot.com/2018/09/this-is-ultimate-game-of-cops-and.html

The problem is that in this inter-connected world you are only as strong as your weakest link and for that reason government must help Charities and SME's to become CE Certified (Cyber Essentials) as a minimum.

https://www.cyberessentials.ncsc.gov.uk/

The solution is a CE Service that is affordable (ideally subsidized) and standard so that businesses can share knowledge and expertise and find themselves compatible with each other for tools, training, techniques and templates.

Feedback and comments and debate always welcome

TimHJRogers
@AdaptCCompany +447797762051
https://www.linkedin.com/in/timhjrogers/
http://www.adaptconsultingcompany.com/

This is the ultimate game of cops and robbers

ANOTHER SCANDAL ON THE LIST OF SCANDALS

I am sure everyone is talking about the BA Hacking. Nearly 400,000 passengers have been caught up in yet another PR disaster for British Airways, with the airline the victim of a “sophisticated and malicious” security hack.

The stolen information did not include travel or passport details, the British flag carrier said, but warned that customers should check with their banks and credit card providers for suspicious activity.

How to find out if your data was compromised

BA said that the hack related to bookings made or changed between 10.58pm on August 21 and 9.45pm on September 5. “We will be contacting affected customers directly to advise them of what has happened,” the airline said on its website.

To be sure this is another scandal on the list of scandals. Here are the Biggest, Baddest, and Scariest
https://www.orangewebsite.com/articles/biggest-hacking-scandals-of-all-times/

CYBER SECURITY NATIONAL CRITICAL INFRASTRUCTURE

But we should not be surprised. Indeed we should expect more, and be prepared.

I am looking forward to attending Government Cyber Security Incident Response Capability Workshop. Hosted by Phil Ashley (Digital Policy Advisor - Financial Services & Digital Economy) this should be a really interesting meeting.

The workshop’s objectives are:

1. To understand whether businesses would want to make use of an incident response capability
2. Gain an appreciation of the skills, resources, facilities and services that organisations already have access to
3. Determine what model and scale might be appropriate for the Channel Islands
4. Explore the potential services that would be valued
5. Identify how the capability should be resourced

The initial ambition is that the capability will cover government, critical national infrastructure organisations and private businesses. This workshop is a key opportunity to feed into government’s thinking on the subject and help ensure that Jersey is able to respond to cyber security incidents in a way that works for business.

LESSONS FOR GOVERNMENT AND BUSINESS

It is clear that there are so many dependencies between business and government, between government and the voluntary sector that a joined-up approach is needed.

For example the voluntary sector has 535 organisations and 11,000 volunteers providing charitable health, social care and other services to the vulnerable and needy. Much of our health and social services provided to the community are dependent upon Island’s Critical Infrastructure.

I can see value in all States Departments using a common set of tools and making recommendations on tools, training and techniques that will benefit the Island and Critical Infrastructure (eg Ports, Police, Health, Education) + National Critical Services (Health, Care etc)

For example it seems optimal that States Departments use the same tools, policies and guidance for GDPR, CE and Encryption as part of a joined-up approach that serves both government but also the business and community.

This is however just one aspect. National Critical Infrastructure is much broader than this. It is about prevention as well as response.

If you are interested in Data Protection and Cyber Security this is the ultimate game of cops and robbers. The stakes are high. And it is compelling to learn and apply the collective wisdom of initiatives like Government Cyber Security Incident Response Capability Workshop.

USEFUL LINKS

https://www.bbc.com/news/technology-45446529
https://www.bbc.co.uk/news/uk-england-london-45440850
https://www.theguardian.com/business/2018/sep/07/ba-says-hack-hit-only-those-buying-tickets-in-two-week-period