Companies are slowly beginning to realise the existential nature of the challenge that digital hypercompetition poses to them.

When they see the destruction wrought by disruptors on incumbents in music (Spotify), media (Google) or retail (Amazon), it’s difficult to deny that the writing on the wall is for them.

Executives are beginning to take notice: a Sloan Management Review survey found that 90% of executives anticipate their industry will be digitally disrupted to either a great or moderate extent.

But taking action is much harder. In the same study, only 44% of executives thought their company was adequately prepared for hypercompetition. Boards are bombarded with offers of advice from large vendors and consultants, but settling for panaceas like innovation studios or lipstick solutions won’t be enough to secure a company’s digital future.

Transformation needs to go deep into the business, if it’s going to be effective.

Change Control

Rule: The speed of change is reduced in an enterprise.

In an enterprise, especially in a regulated industry, there is always some kind of system that tracks and audits changes to ensure that changes don’t happen without due oversight. This is because auditors love this kind of stuff. To ensure “audit-ability” of changes there is a process:

  • Changes must be raised to the “change control board”, which normally requires filling out an onerous form.
  • Then the form must be approved/signed off by anyone responsible for any area that may be impacted. So let’s say we are making a network change. Since every service runs on top of the network, every person responsible for every service will have to sign off. In theory, the person signing off must carefully examine the change to ensure it is sensible and valid. In reality, most of the time trust relationships build up between change raiser and change validator which can speed things up.
  • There might also exist ‘standard changes’ or ‘templated changes’, which codify more routine and lower-risk updates and are pre-authorised. These must also be signed off before being deployed (usually at a higher level of responsibility, making it harder to achieve).
  • Then the compliance, risk and security officers have to weigh in and approve the change.
  • The the approved change will be reviewed and ratified by the change control board and only then can the change be implemented.
  • Changes are scheduled into predetermined change windows, but only so many changes can fit into any one window, and common wisdom is to not make too many changes at once, so some changes will be pushed to the next available window.
  • While in theory the change can be signed off in minutes, in reality change requests can take months as obscure fields in forms are filled out wrongly (‘you put the wrong code in field 44B!’), sign-off deadlines expire, change freezes come and go, and so on.
  • As a result there is sometimes the concept of an “emergency” change request that very senior people can approve and basically “push it through”. However, very senior people don’t like approving emergency changes and ask lots of uncomfortable questions.

All this makes the effort of making changes far more onerous than it is elsewhere.