Malfeasance can lead to new technical debt

Last updated on July 11th, 2021 at 03:03 am

Elizabeth Holmes backstage at TechCrunch Disrupt San Francisco 2014
Elizabeth Holmes backstage at TechCrunch Disrupt San Francisco 2014. She was the founder, chairman, and CEO of Theranos, a startup that grew to a total valuation of $9 billion in 2015, and has since dramatically declined in value, now on the edge of its second bankruptcy. Theranos, through Holmes, claimed to have developed technology enabling blood testing with small amounts of blood. Theranos’s process supposedly required only 0.1% to 1% of the amount of blood conventional technologies require. These claims proved false. After a series of collisions with U.S. government agencies, the U.S. Securities and Exchange Commission sued Holmes and Theranos. In March 2018, a settlement was reached in which Holmes accepted severe financial penalties, loss of voting control of Theranos, and a ban from serving as an officer or director of any public company for ten years. Photo (cc) Max Morse for TechCrunch.

Although creating and deploying policies to manage technical debt is necessary, it isn’t always sufficient for achieving control. Even if training and communication programs are effective, intentional circumvention of technical debt management policy remains possible. Malfeasance can lead to new technical debt by circumventing any policy. And malfeasance can be an obstacle to retiring—or even identifying—existing technical debt. Moreover, indirect effects of forms of malfeasance seemingly unrelated to technical debt can incur technical debt or extend the lifetime of existing technical debt.

Examples of how malfeasance can lead to technical debt

Consider an example from software engineering. To save time, an engineer might intentionally choose a deprecated approach. When the malfeasance comes to light, a question naturally arises. Specifically, in what other places has this individual (or other individuals) been making such choices? In a conventional approach to controlling this form of technical debt, we might examine only the engineer’s current work. But a more comprehensive investigation might uncover a trail of malfeasance in the engineer’s previous assignments.

Allman relates a hardware-oriented example [Allman 2012]. He describes an incident involving the University of California at Berkeley’s CalMail system. It failed catastrophically in November 2011, when one disk in a RAID (Redundant Array of Inexpensive Disks) failed due to deferred maintenance. Allman regards this incident as traceable to the technical debt consisting of the deferred RAID maintenance. While this particular case isn’t an example of malfeasance, it’s reasonable to suppose that some decisions to defer maintenance on complex systems are arguably negligent.

History provides many clear examples of how malfeasance can lead to new technical debt indirectly. Consider the Brooklyn Bridge. Many of the suspension cables of the bridge contain substandard steel wire, which an unscrupulous manufacturer provided to the bridge constructors. When the bridge engineer discovered the malfeasance, he recognized that he couldn’t remove the faulty wire that had already been installed. So he compensated for the faulty wire by adding additional strands to the affected cables. For more, see “Nontechnical precursors of nonstrategic technical debt.”

What kinds of malfeasance deserve special attention and why

Malfeasance that leads to incurring technical debt or which extends the life of existing technical debt can have dire consequences. It has the potential to expose the enterprise to uncontrolled increases in operating expenses and unknown obstacles to revenue generation. The upward pressures on operating expenses derive from the MICs associated with technical debt. Although MICs can include obstacles to revenue generation, considering these obstacles separately helps to clarify of the effects of malfeasance.

Why malfeasance deserves special attention

Malfeasance deserves special attention because the financial harm to the enterprise can dramatically exceed the financial benefit the malfeasance confers on its perpetrators. This property of technical-debt-related malfeasance is what makes its correction, detection, and prevention so important.

For example, when hiring engineers, some candidates claim to have capabilities and experience that they do not possess. Once they’re on board, they expose the enterprise to the risk of technical debt creation through substandard work. That work can escape notice for indefinite periods. The malfeasance here consists of the candidate’s misrepresentation of his or her capabilities. Although the candidate, once hired, does receive some benefit arising from the malfeasance, the harm to the enterprise can exceed that benefit by orders of magnitude.

As a second example, consider the behavior of organizational psychopaths [Babiak 2007] [Morse 2004]. Organizational psychopathy can be a dominant factor to technical debt formation when the beneficiary of a proposal is the decision maker. An alternative beneficiary, just as harmful, is the advocate who takes credit for the short term effects of the decision. In either case, the beneficiary intends knowingly to move on to a new position or to employment elsewhere before the true long term cost of the technical debt becomes evident. This behavior is malfeasance of the highest order. And although it’s rare, its impact can be severe. For more, see “Organizational psychopathy: career advancement by surfing the debt tsunami.”

What’s required to control malfeasance

When a particular kind of malfeasance can incur technical debt or extend the life of existing technical debt, it merits special attention. Examples like those above suggest three necessary attributes of technical debt management programs that deal effectively with malfeasance.

Corrective measures

The organization can undertake corrective measures in a straightforward manner when inadvertent policy violations occur. For example, a technical debt retirement program might encounter unexpected difficulties in setting priorities when individual performance metrics conflict with the technical debt control program. Such conflicts can be inadvertent and collaborative resolution is feasible, if challenging.

But with regard to malfeasance, difficulties arise when policy violations come to light. When the violations are intentional, corrective action usually entails investigation of the means by which the infraction was achieved, and how it was concealed. When these activities involve many individuals attached to multiple business units, we need some means of allocating the cost of corrective action. Allocating the cost of corrections can also be difficult when one party has reaped extraordinary benefits by taking steps that led to incurring significant technical debt. In some cases, corrective measures might include punitive actions directed at individuals.

Detection measures

When intentional violations are covert, or those who committed the violations claim that they’re unintentional, only investigation can determine whether a pattern of violations exists. Technical debt forensic activities require resources. They need rigorous audits and robust record-keeping regarding the decisions that led to the formation or persistence of technical debt. Automated detection techniques might be necessary to control the cost of detection efforts, and to ensure reliable detection.

Preventative measures

Successful prevention of policy violations requires education, communication, and effective enforcement. The basis of effective policy violation prevention programs includes widespread understanding of the technical debt concept and technical debt management policies. Most important, it includes the certainty of discovery of intentional infractions. These factors require commitment and continuing investment.

Policy frameworks are at risk of decreased effectiveness if they pay too little attention to malfeasance and other forms of misconduct. Such misbehavior deserves special attention because it’s often accompanied both by attempts to conceal any resulting technical debt. Worse, perpetrators often try to mislead investigators and managers about the debt’s existence. These situations do arise, though rarely, and when they do, they must be addressed in policy terms.

References

[Allman 2012] Eric Allman. “Managing Technical Debt: Shortcuts that save money and time today can cost you down the road,” ACM Queue, 10:3, March 23, 2012.

Available: here; Retrieved: March 16, 2017

Also cited in:

[Babiak 2007] Paul Babiak and Robert D. Hare. Snakes in Suits: When Psychopaths Go to Work. New York: HarperCollins, 2007. ISBN:978-0-06-114789-0

An accessible and authoritative overview of organizational psychopathy. Order from Amazon

Cited in:

[Morse 2004] Gardiner Morse. “Executive psychopaths,” Harvard Business Review, 82:10, 20-22, 2004.

Available: here; Retrieved: April 25, 2018

Cited in:

Other posts in this thread