PSI LogoParadigm Shift



Monthly Features: What's New? | Guest Speaker | Real-Time Chronicles
Other Features: Home | Library | Links | Services | Corp Info | Press
Major Concepts: Realsearch ||| Enterprise Model ||| Maturity Model
                        Knowledge & Agility ||| Agile System Principles
Book: Response Ability - The Language, Structure and Culture of the Agile Enterprise
Book: Value Propositioning - Perception and Misperception in Decision Making

A new guest appears frequently, and the prior wisdom is archived in the Library.
Register for free email notice when monthly update occurs.

Featured Guest Speaker
Posted: February 27, 2005

William L. Livingston, PE

Compliance Practitioner, aka Bete Noire Engineering

Governance of Self-Regulating Organizations -
Comment Letter on Draft SEC Guidelines - Part 1 of 3

Livingston's very cogent comments are relevant to the crafting of any policy, procedure, or regulation that expects to be useful in the uncertain future it intends to affect - whether done by a regulatory body or an organization wishing to influence internal behavior. Here is a glimpse at agile procedure crafting. Part 2 is next month's Guest Speaker contribution.

William Livingston is author of Friends in High Places, New Plague, and Have Fun At Work; with a book in process tentatively called Amicus Rex, about the engineering/law relationship. He is a Professional Engineer with more than 100 patents to his name, and has extensive background in the Energy and Utility sector.

From: William Livingston


Sent: February 25, 2005

Subject: S7-39-04:

Mr. Chairman and Honorable Commissioners:

You are soliciting comments on proposed rulemaking for SROs [self regulation organizations], release No. 34-50699; File No. S7-39-04; RIN 3235-AJ33. Your proposal [] covers multiple issues regarding SRO operations, including governance, ownership and reporting. This comprehensive regulatory initiative is attended by 166 questions regarding rule design specifics for directing public guidance.

Introductory Remarks

In the light of what listed institutions actually did in response to the Enron stakeholder calamity, the very concept of self-regulating organizations (SROs) is open to question. As you are well aware, institutions promptly allocated response resources to oppose any threat to the status quo.  Not one move was made by the league of listed organizations to classify the highly damaging, fraudulent activity as “unacceptable” and modify business as usual accordingly. Vast sums were spent, instead, to defer, delay and avoid responsible change. All threat response money remains aimed at obstruction and loopholes well into the foreseeable future.

Just what does the SRO use for its operational benchmark? If the benchmark is externally imposed onto the institution by SEC authority, it is not self-regulating. If the benchmark is of the institution, it cannot be anything but business as usual. If self-regulation by institutional norms is not getting the stakeholder protection job done, expecting self-correction by rules-based self-regulation is asking the impossible. The SRO distinction is a privilege that has to be continuously earned by ethical performance. Professional guilds, except accounting, are SROs. At this time, the best SRO governance job, by far, is being done by registered nurses and nurse practitioners (RNs and NPs) through the American Nurses Association (ANA).

Response to your comprehensive solicitation, so far, has been light with few of your questions addressed specifically. In comparison with the torrent of commentary you received, as I predicted in 2002, on release No. 34-47276, “Standards of Professional Conduct for Attorneys,” the lack of engagement by SROs in the material here speaks volumes about the perceived impact on business as usual. As a registered professional engineer (PE), veteran practitioner in internal control system technology, and member of the Institute of Internal Auditors (IIA), your proposed rules have triggered my professional duty to respond. The functionality of regulating a system to derive and maintain a specified outcome is universal - whatever material comprises the system of interest.

The commentary provided addresses the generic issue of objective, risk-informed institutional governance, which includes SROs as well as all other forms of system “regulation.“ Commentary perspective will, of course, be that of the veteran professional controls engineer in application to internal control system design and husbandry. You will find that addressing the fundamentals of effective governance will account for the greatest portion of the issues and questions in your rule making initiative. To the controls freak, assignment in governance and regulation and “management,” are the same intellectual control design task. Names don’t alter the fish.

Commentary is being provided in two installments. The first will provide the control design practitioner’s framework of institutional regulation and derive the immutable limits of rules of action in control from engineering first principles. The rationale will drive to the conclusion, in view of your expressed objectives, that your conventional, habitual, instinctual plan of institutional regulation cannot succeed in meeting your simultaneous goals. The next installment will apply the rapidly advancing technology of control engineering to this application, deriving a practical strategy that cannot fail to attain your stated intentions. The prime movers that determine failure in the first instance and assure success in the second are the same immutable natural laws. Competency in leveraging the natural laws of system dynamics and control to purpose is what professional control freaks are compelled to develop in order to qualify for a license.

Commentary objective

This is not a call for action by the SEC. The operational goal of SEC is and must be perpetuating its identity. As all institutions are hindsight-based, business as usual will out. There is no aim here to alter or suggest SEC rules. The entire and sole purpose of this response is to discharge a serious legal obligation to inform. My personal responsibility in this regard is atypical but specific. The central competency of my professional service in controls design is pragmatic foresight – dealing with future possibilities, in advance of reality, by completely objective means. It is the brute-facts process of engineering leveraging mathematical physics and, since it is intrinsically future-centered rather than hindsight-based, it means that no institution is capable of so informing the SEC. That is, if the SEC is to be appropriately informed at all about the current competency of pragmatic foresight (contemporaneous transparency), the informing can only originate from an individual. The institutions of professional engineering, foremost institutions, are as paralyzed by the competency of objective future think as any other organization.

As the conditions of my license require me to inform, the law mercifully limits my duty to informing “up the ladder.” There is no PE duty to “persuade” the SEC to select goal-seeking success as an outcome. For a century now, it has been a canon of the engineering code of ethics to inform the host institution, early on, when its goal-seeking practices are so maladapted to meeting project requirements as to assure failure. Further, the canon instructs that when the institution persists with business as usual, subsequent to being informed, the PE is required to withdraw from the engagement. This requisite course of action is, exactly, the design goal for this solicited commentary. I can confidently discharge this duty advocate-neutral; only the SEC can choose success over failure.

Introduction to the platform

The control engineer’s technological framework of the SEC mission in SRO regulation is necessarily expressed in terms of functionalities appropriate to seeking its stated goal as time inexorably moves forward. Control engineers must work out the functionalities governed by natural law first before engaging application specifics. Since there is no engineering distinction among the tasks of governing, managing, supervising, regulating and control, there can be no difference in principle between controls design for an industrial process and that for governing an organization of people. If the SEC thinks that the natural laws supreme for the control of systems of metal can be swayed to make intricate exceptions for systems of flesh, I will pray for you.

To the control engineer, the only difference between the assignment given by Congress to the Nuclear Regulatory Commission (NRC) and that given to the SEC is that the NRC has the term “regulatory” in its title. Both the NRC and the SEC were commissioned to design and enforce a standard of care for institutional governance. To govern, regulate and control any system is dealing in anticipation of the dynamics of the future. Times past have left the window of potential influence – forever.

Control engineering uses system dynamics intelligence and a body of natural law (mathematical physics) called Control Theory to design an intended difference in how the future unfolds within a defined domain. Even though the control engineer is a sponge for lessons learned from all application history, the world of control is predominantly and exclusively future oriented. While there are many applications where knowledge based only on hindsight data is sufficient and satisfactory for system control purposes, the control engineer remains locked on the future possibilities in making that determination. Over time and changing circumstances, control requirements for any application can evolve from all hindsight to mostly anticipatory control.

The conundrum faced by the SEC in regulatory due diligence, standard fare for the controls engineer, is that it operates in a context locked exclusively on hindsight. Before SOX, no matter what the operational reality brought in to challenge the rule-based governance system, the SEC toolbox contained only hindsight-based appliances, i.e., rules of action. When hindsight based control is appropriate for an application, as in home heating and A/C regulation, it works very well. However, when conditions change, as they always do, and the hindsight control becomes inappropriate, the regulating apparatus itself can drive the coupled systems unstable.

It bears repeating, for both the control engineer and the SEC, that the brute facts of system regulation for industry and corporate governance are identical. The same natural laws of dynamics and control granulate the future in the same ways. The controls engineer recognizes that everything encountered in the centuries since the flyball governor was invented by James Watt, has an exact parallel in institutional governance. Technology transfer both ways is seamless and bumpless. With omnipresent natural law supreme for regulating the future of all systems, it cannot be otherwise.

The PE expert in control technology has an obligation to maintain standards of professional conduct within the guild that spills over to the codified PE duty to safeguard the health, safety and welfare of the public paramount. Foremost in this duty is to inform when efforts are directed in an attempt to defy natural law. If a brother in control engineering is engaged in such futile activity, he will be punished in two ways. Natural law, utterly indifferent, will ruin his plans at the same time he is being scorned by his peers for gross professional incompetence.

When the PE encounters an attempt to defy natural law outside of the engineering profession, with the potential to cause significant damage to stakeholders, the conditions of license specify the obligation to inform. For example, the structural engineer on vacation by chance observing highly unsafe construction activity, is not held by law as a neutral bystander. He has a duty to inform “up the ladder.” As the philosopher Jose Ortega y Gasset exhorted in 1930; “I wish it would dawn upon engineers that, in order to be an engineer, it is not enough to be an engineer.”

It is the same circumstance here, amplified. The SEC is attempting to defy natural law where the potential damage caused by that attempt at defiance, especially to the public, can be considerable. To the controls engineer, unnecessary damage in this case is a computable certainty.  Left at the present state of affairs, it cannot be otherwise. The regulatory mismatch for effective corporate governance is so blatant; stakeholders are going to be harmed. As in tort, the offense precedes the damage.

The regulatory limits of “rules”

Establishing a set of rules of action as the operational benchmark for the listed institution is a category of system control with distinctive characteristics imposed by natural law. Compliance to rules by the regulated, as the SEC itself has often noted, engenders a checklist mentality entirely compatible with obedience to authority. That is, action choices for the loyal employee are fixed by the rules – a nobrainer. Intrinsic to this control strategy is the characteristic that when the operational focus is limited to means, both the mission objectives and the consequences produced by those rules of action disappear from the perceptual realm of business as usual. Those doing the work by the rules cannot concern themselves either with grand corporate visions or the wreckage being created. With means fixed, ends escapes deliberate control. If you wish to attain your stated ends, action choices must be released to the discretion of the crew at the work face. Any attempt to fix means and ends together is the pursuit of the impossible. The supreme authority, deaf to persuasion, has deemed it so.

The regulatory strategy of the SEC, as characterized by the controls engineer, is strict proportional control using low gain but saddled with a decade feedback time lag. Proportional control is pure hindsight. The system performs and measurements taken of consequences are used to formulate (invent) rules of action to derive preferred outcomes. The system performs in compliance with the rules and measurements taken of consequences are used, after a decade or more of protracted damage, to formulate another rule set. The more damaging the scandal, the more rules are added in response (proportional). System performance for regulatory purposes is perceived and comprehended in terms of rules of action – as if no other option existed.

Natural law sets iron limits to this hindsight-based control strategy. When it fits the application, it works well. The systems are very stable and regulation is economically efficient. Many of the systems of modern life are satisfactorily regulated by proportional control operating with appropriate gains and time lags. The strategy fits human instincts and the chain of command.

The rules of action you devise today based on past experiences must enter a future that continually evolves away from today’s state. Constant rules in an incessantly evolving domain have no choice but to lead to unintended consequences. Control theory directs that holding practices constant going forward is a regulating strategy that raises the process goal anchor. If controls don’t adjust practices to the brute facts of reality as time goes forward, in order to hold the objective constant, the goal of the system becomes what it does. This is Ashby’s Law of Requisite Variety writ large. Natural law, not institutional will, makes it means or ends via the axiom “the purpose of the system is what it does” (POSIWID).

The rule of law has, for centuries, recognized the either/or nature of the means and ends choice. Mixtures are impossible. Such laws incessantly collide with reality, causing too much trouble for the Court to keep on the books. One example of this recognition is the venerable “Right to Control” test. The Court determines: is the goal the right to specify manner and means? – or – is your goal to specify the result (ends)?

The first limit of governance by rules is inherent to any navigation by the rear view mirror. When the future is not a replica of the past, business as usual is the only strategy guaranteed to fail. The second limit derives from the time lag. Hindsight-based control always runs the risk that the same control response appropriate at the beginning of the time lag can become counterproductive during the time lag. When this occurs, the good intentions of rules makes matters worse thus increasing the error signal which triggers more “good intentions” – which makes matters still worse. A few cycles of this amplification of error and the system destabilizes – blows up. This explosion has nothing at all to do with the character of the people involved. It is driven by natural law – and nothing else. It is why, exactly, there are now six books on with “litigation explosion” in the title.

The limits to effectiveness of rules of action in regulation are set by the orientation to time and the role of subjectivity. The best, most objective form of proportional control has limits because disturbances coming in the future can never replicate those recorded in the past. The second law of thermodynamics absolutely forbids this possibility. The limits set for objectivity by natural law for hindsight regulation are progressively narrowed by any subjective component in the chain.  A control system infected with subjectivity doesn’t even require system performance data to function. To the outside observer, management by whim appears identical to management by occasionally looking at obsolete piecemeal unreliable system performance business intelligence. You really don’t want to hear more war stories, validating this fact, from us scarred veterans in internal control/audit. You get dozens every day from your whistleblower hotlines.

Subjective regulation still has a valid place in preserving society. However, technological advance in objective methods have changed culpability for the consequences of using subjectivity where objectivity is far more appropriate to shield stakeholders. When seeing into the future was totally subjective, a talent equally shared by all, unintended consequences were accepted by society as the price for progress using the ubiquitous trial and error process – full size. The long epoch where society had no alternative for guinea pig service, led to the deification of human divination as a lower cost guide to the future. Oracles, Seers and Fortune Tellers of various sorts, merely arranged subjectivity in hierarchical form to reap the windfall from the gullible. Just to be safe, check in with the CIA medicine men before warring on your neighbor. Then, do as your intuition directs. Alexander did the same thing.

Because prophecy was accepted as subjective black art, until very recent times, society instinctually gave the defendant the benefit of the doubt that the damages incurred by the stakeholder, however regrettable, were objectively unforeseeable and therefore his to bear. Society recognizes the need for volunteers for medical experiments and has thanked me for participating, however unwittingly. The most the public could hope for was that honorable leaders would do honorable deeds taking its best interests into account. The nonstop dismal record of institutional scandal, in this regard, speaks for the rewards for such trust.

Any subjective process runs on personality, charisma and vested authority, inoperative until the pecking order is worked out during the guillotine phase. This is why regulatory initiatives, objectively sterile, feature personal characteristics of institutional potentates and stress the attributes of ethical and morally responsible conduct – an effect and not a cause When subjectivity is all there is, that’s what regulation comes to. And, while escalating the scandal record, what a popular circus it is!

The limits of rules of action (hindsight) in institutional regulation are, of course, familiar to all by repetitious experience. The excellent 2004 SEC study, directed by 108(d) of SOX, concluded that “Rules-based standards often provide a vehicle for circumventing the intention of the standard.” In this regard, the sage commentary submitted to you by Mr. Middleton on 22Jan05 – repeated here for convenience, echoes your conclusion well.

“Sorry to say, these new rules and more new rules do no good when the ones already on the books since 1934 are never enforced. So why make any new ones - only to be broken everyday?  My belief: enforce the rules you have on the books and clean the system up - period. I see the new rule of Regulation SHO. What this means is that the people who have been breaking the rules are grand fathered in. What a joke! The Rich get Richer; the Poor get Poorer. To me, the SEC should do its job and not make up a lot of new rules.”

In order to enjoy stability, all regulatory agencies devise strict laws to appease those recently damaged and use little enforcement to satisfy the perpetrators. Unfortunately for the SEC, the frequency and severity of institutional scandal fostered by this venerable strategy are increasing. The ten-year lag has become a noose. In addition, perceptions of the stakeholders as to responsibility for damage are changing. It’s getting harder to sell the idea to a computer-savvy public that the circumstances that drugged the regulatory watchdogs were gatekeeper unforeseeable.

The reckoning

Because strict proportional control (hindsight) is inherently an ineffective strategy for institutional governance, it is only a matter of time before the reckoning arrives. Yes, rule-based regulation is still king and flourishing. The SEC has years yet to squeeze out of business as usual. The problem is that while business as usual remains rock steady, far superior objective methods for corporate governance are gaining competency. The SEC is well aware of the trend as noted in the 108(d) report.  “The SEC staff recommends that those involved in the standard-setting process more consistently develop standards on a principles-based or objectives-oriented basis.” In compliance, your SRO proposal invokes the objectives-oriented keyword “transparency” 27 times.

The elephant in the SEC reckoning room is SOX 404. Here, in oblique form and at the second remove, is the one wolf of ends in the SEC henhouse of means.  As will be derived, 404 is a different species of institutional control – instantly recognized as alien by those who are means-regulated. The benchmark standard of 404 is contemporaneous transparency – the same exact attribute of product demanded by universal law for control system design.

Intermediate remarks

Fortunately or unfortunately, depending on how you make your living, engineers have advanced the brute facts calculus of effective, future-informed control all over the advancing cone of time. While the apparatus of society still operates on the assumption of subjectivity as default (inherent opacity), the technology for building intelligence about the future (transparency) has eliminated subjectivity from the algorithm. There is no more box in the formula titled “and then a miracle happens.” The wholesale displacement of subjectivity by objectivity for dealing with (regulating) the future is, exactly, how you got your nifty cell phone and Burt Rutan lifted a man into space.

With inescapable leak, friction and lag, the benchmark used by society about what is and what is not foreseeable is being pulled hard by this advancing and escalating standard of care in the process of engineering.  As objectivity, intelligence-amplified, displaces subjectivity, more and more of the damage suffered by stakeholders is seen as the result of control designer negligence rather than outrageous, unpredictable fortune. Armed with the brilliant clarity of hindsight, it a snap for any plaintiff, using the advanced calculus of pragmatic foresight, to exhibit that, within ordinary engineering design practice of the times, the damaging events could have been readily foreseen and averted. The daily news is filled with events having human authors, which a century ago would have been attributed to acts of God.

It is not likely that the public will indefinitely ignore the gross prejudice favoring business as usual now gone toxic. The more pragmatic foresight escalates the PE standard of care, the more stakeholders take notice of the regulatory bias in the scales of blindfolded Themis. Why does the law hold professional engineers to the duty of advancing pragmatic foresight in their services, while allowing professional managers to operate on whim and fancy whatever the consequences? Just what, exactly, is so objectionable about risk-informed management? Operational transparency?

One way the SEC communicates its intent to defending business as usual, to appease listed institutions, is by stating what are fundamental binary either/or attributes of ends - in analog variable grammar. This is the code syntax included in the rule making for SROs assuring the regulated that, when the scandal tarantella is over, they can continue to do as they please. Transparency, for example, comes welded to adjectives and adverbs in the proposal, where this attribute of ends is an absolute. The loophole industry promptly decodes the message and adjusts the compliance checklists accordingly. When the general staff reads the regulator’s promise of more ethical, moral, complete, useful, meaningful, objective, transparent, etc., in the rules, the compliance strategy remains “We’re no worse than the others.” Every better than before statement is automatically met with an equally useless no worse than others response. What it amounts to is snake oil for the stakeholders.

The controls engineer, habitually drenched in the cold shower of natural law reality, has no equivalent escape tunnel from responsibility. The supreme commander, natural law, does not respond to subjectivity in any form. No error will be overlooked. No time extensions. Why bother trying to trick natural law when you always get destroyed in the attempt? More to the point to engineers, as natural law punishes all offenders with absolute indifference, it rewards coherence with the same vigor. Whoa!

To outside observers, especially control engineers, the product of bright, learned men defending an archaic business as usual gone bad is cognitive dissonance in wholesale amounts. It is illegal for a PE to overlook the watchdog sin of natural law defiance or be willfully blind to the offense. Everyone knows the SEC is staffed by educated, competent professionals brimming with honest intentions to pursue Commission mandates paramount. How then to reconcile these intelligent and sophisticated professionals aggressively and incessantly attempting to orchestrate rules of action to defy natural law? Somehow choosing to pursue the impossible is not consonant with our investment of trust in astute gatekeepers. It doesn’t compute.

The final installment will show how the standard of care of the professional control engineer can be applied unerringly to achieve and husband our shared institutional governance duty – safeguard Mr. W. D. Middleton, III. The SEC is commended for providing this electronic convenience in providing solicited commentary on proposed rulemaking.

Would you like to offer some advice or add to the dialog? Your sending of a comment automatically grants us permission to edit and post at our discretion. Comments will be forwarded to the author. Send your comment to

========= Reply =========================


Monthly Features: What's New? | Guest Speaker | Real-Time Chronicles
Other Features: Home | Library | Links | Services | Corp Info | Press
Major Concepts: Realsearch ||| Enterprise Model ||| Maturity Model
                        Knowledge & Agility ||| Agile System Principles
Book: Response Ability - The Language, Structure and Culture of the Agile Enterprise
Book: Value Propositioning - Perception and Misperception in Decision Making

Send mail to  with questions or comments about this web site.
Paradigm Shift International, 2051 Lama Mtn., Box 289, Questa, NM 87556, 505-586-1536, -2430(fax)
1997-2005 Paradigm Shift International - Attributed Copies Permitted
Last modified: February 25, 2005