Strategy as a Problem Solving Process

StrategyDriven Decision Making Article |problem solving |Strategy as a Problem Solving Process“The old paradigm of strategy departments and planning cycles has been overthrown by agile and rapid team-based problem solving, providing better solutions and better organization alignment to implement.” These comments by Mehrdad Baghai, strategist and author, commend our book Bulletproof Problem Solving: The One Skill that Changes Everything. But what does it mean to adopt agile and rapid team-based problem solving, where strategy becomes a problem solving process?

Teams and agile methodology have become the dominant form of organization for environments featuring high uncertainty and rapid change, where business models are challenged by disrupters. In these settings the most effective teams follow the 7 steps process for bulletproof problem solving, by asking themselves the following questions:

1. Are we working on the right problem? Defining a problem well is often said to take you more than halfway to the solution. This invariably leads to a clear problem statement of the challenges you have to address, the decision context, problem boundaries and success criteria.

2. Have we broken down the problem into key issues to address? Complex problems can rarely be solved without breaking the larger problem into parts. How you disaggregate or cleave a problem has a big impact on the insight you get into a problem. We show numerous examples from return on invested capital logic trees, to logic trees that help you decide whether to put solar panels on your roof.

3. Are our priorities for analysis the right ones? For efficient use of team resources you need to be working on the issues where the impact is high and you have a significant ability to influence the outcome. This may require a lot of debate in the team. That’s important too.

4. Have we brought outside perspectives and diversity of views to bear in the team? We urge teams to have hypotheses about the answer but open them to challenge in the team, by having diverse perspectives, role playing and actively tapping expertise outside the team. Really good teams porpoise frequently between the hypothesis and the data, sharpening the hypothesis along the way. The data comes in the form of facts and analysis. Yes facts and analysis still make a huge difference to problem solving outcomes.

5. Do we have the right analytic toolkit for the problem? Teams will, and should, make use of heuristics and rules of thumb to scope problems and knock out infeasible solutions. At times, to solve a problem involves understanding root causes or predicting an outcome. That’s when you have to bring out the analytic big guns such as regression, simulation, A/B experiments and machine learning. You can even crowdsource your solutions with Kaggle competitions.

6. Are we carefully synthesizing our findings? We like the way the successful investor Ray Dalio expresses it ‘The quality of your synthesis will determine the quality of your decision making.’ The process we follow is to draw together findings on the key issues into an overall picture, ideally with visualization to show linkages and highlight key drivers or root causes.

7. Have we presented our findings in a compelling narrative that is likely to lead to action? This final step is so often underdone and the source of team disappointment. Doing it the right way involves choosing a governing thought from the synthesis, accompanied by a logical argument structure that may be based on inductive or deductive reasoning.

When this process is complete, teams have reached the holy grail of strategy as a problem solving process as Richard Rumelt put it in Good Strategy Bad Strategy: The Difference and Why It Matters. Rumelt succinctly describes ‘a strategy is a coherent set of analyses, concepts, policies, arguments and actions that respond to a high stakes challenge.’ We agree and know that the way to get there is through a 7-step problem solving process.


About the Author

StrategyDriven Expert Contributor | Robert McLeanRobert McLean is co-author, with Charles Conn, of Bulletproof Problem Solving: The One Skill That Changes Everything (Wiley 2019). McLean is a Director Emeritus of McKinsey and Company and led the Australian and New Zealand McKinsey practice for eight years.

Decision-Making Warning Flag 1b – Weak Analogies

StrategyDriven Decision Making Article | Decision-Making Warning Flag 1b - Weak Analogies“The fallacy of Weak analogy is committed when a conclusion is based on an insufficient, poor, or inadequate analogy. The analogy offered as evidence is faulty because it is irrelevant; the claimed similarity is superficial or unrelated to the issue at stake in the argument. Or the analogy may be relevant to some extent yet overlooks or ignores significant dissimilarities between the analogs.”

Paul Leclerc
Community College of Rhode Island

Citizens have been asked to cast their vote for a referendum requiring those seeking to purchase a hammer to undergo a registration process similar to that for firearms. Supporters argue that because hammers, like guns, have metal parts and can be used to kill people that these tools should be legally controlled as guns are. These proponents are using a Weak Analogy to advance their position.

Weak analogies are used to support business decisions every day. As with all logic errors, decision-makers fall prey to the appearance of reasonableness, especially when the position supported justifies their desired course of action. Although difficult, recognizing and eliminating the use of Weak Analogies in decision-making is absolutely necessary.


Hi there! Gain access to this article with a StrategyDriven Insights Library – Total Access subscription or buy access to the article itself.

Subscribe to the StrategyDriven Insights Library

Sign-up now for your StrategyDriven Insights Library – Total Access subscription for as low as $15 / month (paid annually).

Not sure? Click here to learn more.

Buy the Article

Don’t need a subscription? Buy access to Decision-Making Warning Flag 1b – Weak Analogies for just $2!

Additional Information

Additional insight to the warning signs, causes, and results of logic errors can be found in the StrategyDriven website feature: Decision-Making Warning Flag 1 – Logic Fallacies Introduction.

Decision-Making Warning Flag 1a – The Gambler’s Fallacy

StrategyDriven Decision-Making Article | Decision-Making Warning Flag 1a - The Gambler's Fallacy“The Gambler’s Fallacy, also known as the Monte Carlo Fallacy, is the false belief that the probability of an event in a random sequence is dependent on preceding events, its probability increasing with each successive occasion on which it fails to occur.”

Gambler’s Fallacy
Wikipedia

Seated at a roulette table, a gambler must decide on what color to place his next bet, red or black. He knows there is a 50 percent chance of getting either red or black and that the first four spins of the wheel yielded all reds. The gambler reasons that because half of all spins should result in black and the first four were red, it is more likely the fifth spin of the roulette wheel will be black and places his bet. While his logic appears reasonable, the roulette player has just fallen victim to the Gambler’s Fallacy.

Circumstances like this one are not limited to gamblers; they plague executives and managers in the business world every day. Decision-makers are victimized by the Gambler’s Fallacy because, like all logic errors, it appears reasonable and typically justifies the desired course of action. Recognizing the Gambler’s Fallacy is therefore difficult but necessary.

The Gambler’s Fallacy logic error occurs when a decision-maker incorrectly believes the probability of an independent event is in some way influenced by preceding occurrences. In the roulette example, the player wrongly assumed the first four results would influence the outcome of the fifth spin. Prior to the five spins, the likelihood of spinning five consecutive reds is calculated as:

Underlying Facts:

  • Possible Outcomes: Red or Black
  • Outcome Distribution: Equal number of Red and Black opportunities
  • Probability of Spinning Red: 50 percent
  • Probability of Spinning Black: 50 percent

Calculations:

  • First Spin is Red: 50 percent
  • First and Second Spins are Red: (50 percent) x (50 percent) = 25 percent
  • First, Second, and Third Spins are Red: (50 percent) x (50 percent) x (50 percent) = 12.5 percent
  • First, Second, Third, and Fourth Spins are Red: (50 percent) x (50 percent) x (50 percent) x (50 percent) = 6.25 percent
  • First, Second, Third, Fourth, and Fifth Spins are Red: (50 percent) x (50 percent) x (50 percent) x (50 percent) x (50 percent) = 3.125 percent

Therefore, prior to the first spin of the roulette wheel the change of realizing a Red outcome five consecutive times is a mere 3.125 percent. However, because each spin is an independent event, not in any way influenced by the preceding outcomes, the chance of spinning Red on the fifth attempt having already spun four consecutive Reds is one in two or 50 percent. As long as the game is fair, it will always be 50 percent!

Recognizing the Gambler’s Fallacy

Logic errors are often difficult to recognize, the Gambler’s Fallacy being no exception. Questions decision-makers should consider in order to avoid the Gambler’s Fallacy include:

  • Was logic applied to support the desired decision option rather than independently identify the best option?
  • Has the decision’s logic been aggressively challenged, preferably by the team’s Devil’s Advocate or a disinterested third party?
  • Was an event’s outcome prediction influenced by preceding events, especially if the event occurs independently?
  • Was an event’s independence thoroughly assessed or naturally assumed?
  • Were the event’s independence and the probability of its outcome calculated by an individual or group having in-depth knowledge and experience of statistics?

Additional Information

Additional insight to the warning signs, causes, and results of logic errors can be found in the StrategyDriven website feature: Decision-Making Warning Flag 1 – Logic Fallacies Introduction.

Decision-Making Warning Flag 2 – The Silent Nod

StrategyDriven Decision Making Article | Silent NodAll too often it is not clear to executives and managers that they are in a decision-making situation. In many of these instances, they find themselves attending a briefing during which the presenter makes a recommendation for which he or she is seeking approval. As the presentation goes on, the briefing attendees listen attentively and nod silently. No verbal decision is communicated but the nodding continues. At the end of the presentation, the presenter is songs adulated for making a thorough presentation and providing an insightful recommendation. There is applause. Exiting the meeting, the presenter remembers the affirmative statements and, most importantly the silent nods. These now become the unintended affirmative decision the presenter sought and the leaders failed to recognize they were making.


Hi there! Gain access to this article with a StrategyDriven Insights Library – Total Access subscription or buy access to the article itself.

Subscribe to the StrategyDriven Insights Library

Sign-up now for your StrategyDriven Insights Library – Total Access subscription for as low as $15 / month (paid annually).

Not sure? Click here to learn more.

Buy the Article

Don’t need a subscription? Buy access to Decision-Making Warning Flag 2 – The Silent Nod for just $2!

How to deal with cyber-attacks: publicly or privately?

StrategyDriven Risk Management Article | How to deal with cyber-attacks: publicly or privately?Cyber attacks spiked 164% in the first half of 2017, compared to the same period in 2016, entailing 918 disclosed breaches-according reports on broadcaster CNBC. Threats vary from sector to sector. Healthcare, for example, is more susceptible to crypto-locker ransomware like the infamous WannaCry.

Internet-connected consumer devices often fall prey to malware that shackles them to remotely controlled botnets such as Mirai. Varied though the threat may be, and staggering though these numbers are, the word disclosed highlights a central paradox: While transparency contributes to the overall fortification of cyber-security protocols and procedures, battening down the hatches presumably mitigates further financial risk.

Sure, a disclosure is immensely beneficial in terms of buttressing industrial safeguards, national and global security, and customer protection – not to mention mitigating the longer-term repercussions of an attack – but so too can disclosure exact lasting damage on a bottom line.

Fighting back

The nature, intent, and consequences of an attack notwithstanding, the way companies have responded to breaches is closely related to their designation: public or private. CFOs at public and private companies face different risks and pressures when it comes to cyber-security and disclosure, and exhibit divergent perspectives when it comes to preparation.

Broadly speaking, public company CFOs are more likely to outsource cyber-security to third-party firms, while private CFOs tend to invest in in-house IT teams. Regardless of who secures a company’s network, breaches are often known by CFOs before they are made public. By disclosing a breach, CFOs of publicly traded companies might trigger investor panic and sell-off, whereas private company CFOs risk irreparable harm to consumer and employee confidence.

On one hand, foreknowledge of pending disclosures can put unique pressure on public company executives, who often own considerable amounts of company stock. The ongoing federal investigation of three Equifax C-suite managers for insider trading arose due to alleged stock dumping prior to the revelation of the company’s catastrophic cyber-attack.
Equifax underscores the tension between a public corporation’s responsibility to its board, shareholders, and customers, and the financial implications of both the breach itself and legal requirements governing its reporting and remediation.

On the other, while private companies aren’t under the same legal obligations in terms of disclosure, and while the short-term consequences may be less impactful, these companies still face long-term pitfalls, such as lost trust and tarnished brands. Moreover, a medium-sized business may not have the capital or reserves to recover reputationally or financially after a major data breach the way a multinational corporation can.

Additionally, the moderate scale of many private companies sometimes instills a false sense of security. Middle-market businesses often assume they’ll be overlooked by attackers, whether due to a large number of similar companies, or a lack of enticing assets. After all, isn’t it the bigger fish that stockpile the type of data and info that hackers tend to target?

Be prepared

A lack of proper preparation only exacerbates the panic once an attack does occur. Attempting to deal with an attack on the down low can earn private enterprises a reputation as easy marks, and provoke subsequent attacks. Further, if the rearguard strategy backfires, or is exposed by the press, this can amplify the damage to a company’s brand and leadership, not to mention potential legal consequences if a court can prove negligence.

In terms of the bigger picture, the lack of reliable data pertaining to attacks on private companies leads to lopsided analysis regarding the multifaceted aims and motives driving these attacks, resulting in a sort of half-finished portrait of the threat landscape.

While cybersecurity prevention could be vastly improved by greater information sharing, some surveys of CSOs indicate that only one in seven attacks are reported to authorities. Alas, as it stands, adequate event modeling, and risk and security assessments, are being stymied by a lack of shared intel on private company breaches, effectively hampering the development of comprehensive prevention and management strategies.

This lack has precipitated the introduction of numerous cyber-security regulations around the world, and though the regulatory ecosystem is in a state of flux, the global trend is invariably toward greater transparency. CNBC notes that “governments around the world are introducing legislation which will force more companies to disclose data breaches,” a reach that already extends to private enterprises.

Regulatory environment

Both private and public companies are compelled to comply with local, national and global disclosure regulations, including Sarbanes-Oxley (SOX), the Health Insurance Portability and Accountability Act (HIPPA), and the EU’s General Data Protection Regulation (GDPR).

The GDPR, which regulates the collection and storage of customer information and data, and can levy fines of up to €20 million, requires that private companies disclose if they have a footprint in Europe, or otherwise handle the information of European citizens.

In the US, Sarbanes-Oxley (SOX) indexes the responsibilities of both public and private companies, including rules pertaining to compliance with federal prosecutors, and criminal penalties. Further, HIPAA governs how any company, public or private, handles personal health information.

Though public companies, traditionally, may have shouldered an inordinate amount of the fallout from disclosure, this has left them better readied for the implementation of legislation designed to enforce transparency. Even more advantageous, public companies now have hard-won practice mitigating the financial risks and ramifications resulting from disclosure.

Private companies, by contrast, are less aware and agile in terms of prevention and response; protecting their brand, for example, or proactively communicating with clients. Simply put, having been in battle, public CFOs are stepping up and getting more involved with cyber-security, while private CFOs, hovering on the sidelines, appear far more circumspect.

Make no mistake: this problem is only getting worse. The situation could improve rapidly if execs from companies of all stripes and sizes shared details of attacks with the larger corporate community.

Whether you are a CFO of an international, publicly-traded conglomerate, or a mid-sized regional business, it is well within your portfolio to do everything possible to properly prepare for the threat. Engage with the board, secure funding for proper security controls, and encourage leadership to be forthcoming when not if, your company’s cyber attack occurs.


About the Author

Andrew Douthwaite has over 17 years of technology experience joining VirtualArmour in 2007 as a senior engineer. Now as Chief Technology Officer, Andrew focuses on leading growth in the managed security services business and ensuring VirtualArmour is a thought leader in the security industry.