Lying on your resume

A week ago or so, I saw a story reposted from somewhere online and I've been mulling it ever since. It seems like it should be easy for me to make up my mind about it, but no such luck. I'll repost it here so that we are all on the same page. 

Read it. Then decide what you think about the author and what he did.

In case the graphic doesn't show up for you, it's a story about someone who lied on his resume by inventing a
fictitious degree, to get a job. Since then he's done well at the job and been promoted twice.

What's my dilemma? That's easy. I'm torn between two principles, both of which I believe strongly.

On the one hand: Integrity is non-negotiable. I've discussed this topic before under multiple headings, including (just for example) why not to accept bribes, why not to lie to your auditor, and why ethics are too important to put them in a standard.* Briefly, if you can't trust what people tell you, you can't work with them. Lying dissolves all the trust that binds an organization into a whole. If you have to work together, it's poisonous.

On the other hand: One of the consistent themes of this blog is that good work is more important than paper certificates. Of course the paper certificates have their place. In a world of strangers they serve as a common language and as a proxy for reputation, since most likely you will never know a stranger's real reputation. But it's only a proxy. A company can have a quality management system and still fail.** 

From the first perspective, I think that this man lying on his resume is a deal-killer. From the second perspective, I think that his good work during the next four years should be all that matters. I wish I could settle on one of these opinions and not hold both.

I've had to deal with this issue only once in real life. I hired a candidate who—just like the fellow above—claimed a degree. Our HR department was relentless about checking qualifications, so a couple of weeks after he started they let me know his degree was fictitious. They also reminded me that the employment application was a legal contract, and that it stated clearly "I understand that I can be dismissed for any false statement on this form."

So I called him in. I told him what I knew and asked why. Again, his story was just like the one above: his resume had gotten no interviews without a degree, so he added one to make himself more attractive. I explained that legally I could fire him for the falsification. But then I went on.

ME: Look, you don't need a degree for this job, but integrity is non-negotiable. So tell me the truth. That school you claimed the degree from—did you ever go there at all?

HIM: Yes, for a couple of years. But I didn't graduate.

ME: OK, here's what I'm going to do. First, new hires routinely have a three-month probationary period; I'm extending yours to six. Second, bring me some kind of proof that you really attended this school so I know your current story is true. I'll put a copy in your file, along with this agreement, and we'll call it good enough.

We documented the agreement. He brought me a copy of his old student body card. And he was a good employee.

But that's just an isolated case. I'd hate to build it into a general rule.

So leave me a comment. What do you think about the story that I started with, up at the top of the post? What about people who lie on their resumes?

__________

* You can find others by clicking the tag "lying" in the right-hand margin of this blog.

** See for example this post and my other posts about Boeing. It is true that Boeing's QMS is not certified; but they still have one, for all that.     

          

How to overcome "Cartesian anxiety"

A few months ago, James Pomeroy of the Arup consultancy group published an article in LinkedIn on what he called "Cartesian anxiety"—the fear that, without proper planning and metrics, we are all lost. And yet, Pomeroy continues, planning and metrics can never prepare us for every eventuality.

Pomeroy's argument should sound familiar to regular readers of this blog. He begins by describing a mindset that he finds to be common among professionals in Quality, safety, and environmental management. He calls this "a PDCA mindset," and describes its fundamental tenets as follows:

• Planning is Paramount
• Variance is to be Controlled
• Measurement is Everything
• Causality is King
• Hindsight Bias

We've discussed many of these topics before. (See the embedded links for some relevant posts.)

But then Pomeroy goes on to point out just how fragile these assumptions are. In normal operations, of course they are fine; in fact, in normal operations these principles more or less define how to function best. But "in situations of significant uncertainty, high levels of complexity or a continually emerging environment, deterministic methods such as PDCA become problematic." These methods break down because they rely on certain preconditions to operate.

• In order to plan, you have to know what the default future will look like (before you act), so that you can assess what to do. 
• In order to measure, you have to know what to measure and you need a way to observe it without disturbing it. 
• In order to form any kind of cause-and-effect analysis, you need enough data to understand what interacts with what, and you need a clear understanding of how they interact—an understanding, so to speak, of which direction the causal arrows point. 

And under conditions of serious uncertainty, high complexity, or rapid change, none of those preconditions obtain.

Does that mean that when things get crazy, then all is lost? Not at all, says Pomeroy. But at that point the organization has to rely on other tools besides planning and measuring. He tells the famous story of the Hungarian soldiers lost in the Alps, who were saved by following the wrong map.* And he argues that in times of crisis it is better for the organization to do something, see the outcome, and react promptly—"feeling" its way through the tumult—rather than to wait for things to settle down far enough that the planning process can engage. He concludes that "by embracing [this kind of] agility ... we can use trial and error to 'feel' our way through complex situations and navigate uncertainty. This is the focus on doing over planning, trialling things and seeing what works, and adapting to an ever-changing situation."

It's a reasonable argument, and in fact we have seen something like it before. Nearly four years ago, I wrote a series of posts** drawing on a talk by Jeff Griffiths about "People Before Process." Over the course of these posts, I talked about the difference between organizations that have a process focus and those that have a competence focus. Of course in real life, any organization needs both. But I concluded that while in many ways leaning into a process focus scales and replicates faster than leaning into a competence focus, it is also more fragile. A competence focus, by contrast, is more resilient when things go wrong. (See especially the long discussion in Part 3.) The reason is precisely the one Pomeroy highlights: in a crisis, you don't have enough time or data to use the conventional tools of the process focus. You have to be nimble and improvise. And the higher the overall competence of your people, the more capably and creatively you can improvise.

In fairness, I have to make one other point. Pomeroy is not arguing that any organization in crisis should throw its rational tools out the window to navigate purely on vibes. If you look at it, the approach he promotes is topologically identical to the PDCA cycle: decide to do something, do it, see what happens, and react. The difference is in the time-scale. Organizations in crisis don't have time for lengthy data collection or analysis, and often may not even know which data are relevant. So the selection, the analysis, and the decision all have to be done by informal methods. But those informal methods themselves rely on the competence, expertise, and intelligence of the executives making the decisions. Nobody's going to suggest leaving the decisions to the toss of a coin or to ChatGPT.

It's a good article—by all means go read it—and it supports the basic point I always try to make here. All of the Quality principles are sound, as principles. But the point is to get results, not to follow the rules. That's pragmatic.     

__________

* This story derives from a poem by Miroslav Holub, recounting a story told by Albert Szent-Györgyi about a scouting troop of Hungarian soldiers in World War One. You can find the poem here. Briefly, the troops got lost in the snow and expected to die. Then one soldier found he was carrying a map of the mountains. After the troop used the map to return to base, they realized it was not a map of the area where they had been! 

** Here are the links: Part 1, Part 2, Part 3.    

       

"Did you bribe the auditor?"

I've talked in earlier posts about how formally analyzing the Context of the Organization can support you in assessing the business risks you face, or the scope of your management system. But sometimes your context can have a huge impact even in a far less formal way.

Years ago, I worked for a small company here in Santa Barbara, California, that was acquired by a Big Company with headquarters in Europe. A couple of years after the acquisition, Big Company informed us that we had to certify to ISO 14001, the environmental management system standard.

So we set to work, building on our ISO 9001 quality system to create an integrated management system addressing both standards. We worked with an expert from another of Big Company's American offices, trained everyone at our location about the new system, and scheduled an audit. We passed the audit, and got our certificate. So far, so good.

The management from Big Company's home office back in Europe congratulated us, of course, but at the same time they expressed considerable incredulity. Our office had had a lot of trouble getting our initial certification to ISO 9001 some years before, so our European colleagues tended to think of us as chronically a day late and a dollar short. At the same time, when it came to ISO 14001 the European home office hadn't achieved certification until their third external audit! How did we—of all people—manage to score on our first? One vice-president even asked me, "Did you bribe the auditor?" I think he was joking—he made it sound like a joke—but clearly he was also rattled.

Just to be clear, no of course we didn't bribe the auditor. (Long time readers will remember this post from two years ago, where I explain exactly why bribery is a bad thing, as if that weren't already obvious!) I don't remember what I told our VP—the question was so unexpected that I probably fumbled it. But months later, in a very prolonged case of l'esprit d'escalier, I figured out the true answer to explain the seeming incongruity that was troubling him.

In the first place, certification to ISO 14001 generally involves implementing two kinds of measures in your organization: environmental measures and system measures.

• Environmental measures are the programs you put in place in order to address your environmental impacts. These can be simple things like recycling your waste paper and your printer toner cartridges, or they can be large programs to reduce pollution or toxic waste resulting from your manufacturing activities. It all depends on what your current environmental impacts happen to be.
• System measures are (in essence) a series of paperwork exercises, that integrate these environmental activities into an overall management system. These measures include assessing your current environmental impacts, planning which ones to address, planning the programs to address them, measuring the results (i.e., the effectiveness) of those programs, and then using the output of those measurements to replan for next year.  

Certification to ISO 14001 requires that both kinds of measures are in place and working smoothly. And the reason our European home office had so much trouble getting their certificate was that they had to implement measures like a recycling program (and others, of course) from scratch. But it took a while for their employees to develop new habits. 

So an auditor would come to the site and hear that the company had implemented a recycling program. Then he would see that all the recycling bins were empty, and that people discarded copier paper into the regular trash. Naturally he would write a nonconformity that the recycling program was ineffective. Multiply this one example by enough other instances of the same basic problem, and you can see why it took them three tries to get their certificate.

But in our office the project was a lot easier. Remember that we were located in Santa Barbara, California. Santa Barbara was the site of a major 1969 oil spill; public outrage at the spill kickstarted local environmental activism, resulting in the 1970 Environmental Rights Day, and (a few months later) the very first Earth Day. Consequently, state and local ordinances governing the environmental behavior of businesses are already very strict, and have been for many years. Any company operating here has to comply to keep their doors open, and employees take environ­mental measures for granted.

So when we began our project to achieve ISO 14001 certification, half the job was already done. All we had to implement were the system measures. We did the assessments, determined that our current environmental measures were appropriate, and set up metrics to track their effectiveness.

We didn't have to bribe the auditor. We didn't have to be smarter than our European colleagues, and we didn't have to work harder. We just benefitted from our location, and from all the extra requirements which that location implied. In that sense, our context did half the work for us.  

__________

         

Quality in voting, or, What's in ISO/TS 54001?

Last month, when I was writing about the proposed changes in ISO 9000, I noted that a lot of vocabulary had been imported from the sector-specific standard ISO/TS 54001, Quality management systems — Particular requirements for the application of ISO 9001:2015 for electoral organizations at all levels of government. At the time I thought it was an interesting curiosity, but I let it go. After a while, though, I began to wonder: What's really in this standard? How do you define a standard for quality in voting? 

That's a good question. Let me turn it around just a little bit: Suppose you had to write a quality standard for electoral bodies—what would you put in it?  

Where do you start?

First, I wouldn't want to start with a blank sheet of paper. I'd prefer to build on top of proven concepts. Since the question is about building a quality management system for electoral bodies, I'd start by using ISO 9001 as a framework.

Second, I'd recognize that voting is already governed by a lot of laws: national, regional, and local. They aren't going anywhere, so a general management system standard has to recognize those laws. There are even international compacts and conventions which touch on the right to vote; since these compacts are recognized around the world, a standard should be aware of them too.

Third, there is a very specific risk related to voting. All modern democracies rely on the secret ballot. But when ballots are filled out in secret, there is an enormous incentive for vote-counters to cheat in favor of the candidate they prefer. That doesn't mean a lot of cheating actually goes on; at any rate, I did a quick Google search just now which suggests that "documented cases of election fraud are relatively rare worldwide, particularly in established democracies." But the only thing that prevents it is that the world's "established democracies" have all implemented procedures to maximize the transparency of the electoral process and to minimize the opportunity for cheating. Therefore any management system standard governing an electoral body has to take the commitment to transparency very seriously indeed.

It turns out that those three points define the content of the ISO/TS 54001 standard pretty exactly. 

A sector-specific standard

In line with the first point above, ISO/TS 54001 is a sector-specific standard. Like many other such standards,* it is built on ISO 9001 in a very literal sense. It includes every word from the text of ISO 9001 (marked off in boxes) and then adds specialized requirements as needed which pertain to electoral bodies in particular. 

One of the important additions is that ISO/TS 54001 defines the high-level processes which electoral bodies have to address. You remember that ISO 9001 lets each organization define its own processes, because the standard is meant to cover any possible organization or industry. The electoral standard does not offer similar flexibility. The committee behind the standard determined that at a high level all electoral activity looks broadly similar, and they wanted to make sure all the elements are covered. Therefore one of the two largest additions which the electoral standard makes to ISO 9001 is in Annex B, which defines the eight electoral processes that must be considered:

1. Voter registration
2. Registration of political organizations and candidates
3. Electoral logistics
4. Vote casting
5. Vote counting and declaration of results
6. Electoral education
7. Oversight of campaign financing
8. Resolution of electoral disputes

Another important addition is that ISO/TS 54001 requires the electoral body to create an electoral service development plan, which is a document identifying all the requirements the electoral body has to meet, and spelling out how the body will meet them.

And there are a few updates to the rules of ISO 9001 that derive specifically from the periodic and cyclical nature of elections, as distinct from many other kinds of product or service provision which are more or less continuous.** 

Laws and compacts

To be sure, ISO 9001 recognizes the existence of legal requirements, as one of the factors that constrain an organization's choices.*** But there are a few points where ISO/TS 54001 addresses legal requirements more pointedly.

For example, clause 4.3 (Determining the scope of the quality management system) specifically forbids exclusions from the scope of the electoral quality management system, except in two cases:

• Exclusions are permitted from clause 8 (Operation), if applicable.
• Exclusions are permitted if they "resolve conflicts with the applicable legal framework." But in that case it is mandatory that the exclusions "not contravene the Universal Declaration of Human Rights or the International Covenant on Civil and Political Rights."

International law shows up again in clause 9.2.3 (Internal audit), which specifically requires that "The electoral body shall conduct further internal audits to determine whether the electoral quality management system conforms to international legal obligations for democratic elections."

There are smaller references as well, including one in clause 7.5.6.3 (For the registration of political organizations and candidates) which requires "an explicit statement indicating whether there are legal requirements for gender-specific quotas for candidate registration." In general, the topic of legal and international requirements is never far away.

Transparency    

The commitment to transparency drives the other huge addition to the requirements of ISO 9001. Under clause 7.5 (Documented information), ISO/TS 54001 adds more than five pages of explicit documentation requirements. 

This might surprise you. After all, in general the broad trend in quality management systems over the last couple of decades has been to reduce mandatory documentation. The key thought has been, "If you need to write it down, write it down. Otherwise why bother?"

But not for electoral bodies.

Here the rule is very clear: 

• Write down every requirement that pertains to you.
• Write down exactly how you are going to meet each requirement.
• Then keep records showing that you did exactly what you planned.  

There are specific documentation and records requirements for each of the eight electoral processes, and the ISO/TS 54001 standard requires you to meet all of them. To be clear, these rules are a minimum: you can always document or record more if you like. Never less.

This way, if there is ever a dispute—and remember that Dispute resolution is one of the eight electoral processes—there will be a clear paper trail showing exactly what happened. And if the paper trail is clear enough, it should be possible to resolve the dispute by conducting an audit rather than by massing in the streets.

That's certainly the hope, at any rate.

Demonstrations in Mozambique after a disputed vote in October 2024.

It's not clear to me how widely the standard has been adopted, but at least now I know how it holds together.

__________

* Consider, for example, IATF 16949 for automotive companies or AS9100 for aerospace, to name only two.

** For example, there is an addition to clause 5.3 (Organizational roles, responsibilities and authorities) which requires that "responsibilities and authorities are communicated within the electoral body prior to the election process" [my emphasis]. Again, clause 9.3.1 (Management review) requires the organization "to conduct management reviews with sufficient frequency to ensure adequate oversight of the entire electoral quality management system and all of its electoral processes." Depending on how often elections are held, one review a year might not be the best frequency to keep the system running reliably. 

*** See, for example, clause 4.1, NOTE 2: "Understanding the external context can be facilitated by considering issues arising from legal, technological, competitive, market, cultural, social and economic environments, whether international, national, regional or local." [Emphasis mine.]