Just jumped on the news, between some soccer player affair and the wonderful Rugby world cup I put my eyes on the VW scandal: OMG they lie to customers and government agency… Why I am not at all surprised?
Let be clear, I have nothing against VW, it is a great brand with great product, but is a company driven by profit and so profit is the biggest interest, above ethic and other consideration. This is why government and consumers need to be vigilant and force companies to act fairly. It is surprising that something like that comes out from a German vendor, they are well-known for the quality of their product everywhere, but this simply show how difficult is to sure about quality everywhere.
It can be a hackable entertainment system in your car that allow an attacker to take control of your brakes, or a hacked result of pollution outcome from your diesel car engine all show that quality and control is a mandatory requirement for every vendor of any kind.
There are some interesting outcomes in this story:
we should be skeptic about everything, the moment we lower our attention here comes the problem, so at the end the more a vendor is under scrutiny the better is for the customers. even a major brand can make mistakes, willingly or not the vendor have to take full responsibility and put in place all the effort possible to avoid similar accident.
From a vendor perspective investing in quality is mandatory if they want to present themselves as a value added player, and not the cheap option. but quality is a complex issue, that require careful management of product, branding and communication.
And the basic point is that once the damage is done the recovery will be painful and hard, ant it could burn all the profit we have made thanks to the cheat.
This is the same thing that happen with security, and information security (which is my field) is not an exception.
Security from a customer point of view should be a basic requirement, not just an add_on. Likewise for vendors security should be one of the core pillar because is strictly related to the quality of what a vendor do.
so let us take some consideration:
was the VW affair something done without the knowledge of the senior management?
If so, but at the moment I doubt it, this means that the senior management was not putting in place the correct set of control on quality. Quality should be a serious internal affair, and it means that you should know, check and control what is the output of your systems.
But to be able to check quality you should know exactly how to grade it, and what could come out form a not compliance. so if your process need to check the emission level of your engine you should e sure this is checked tested and cross referenced somehow by external entities before the government agency check.
If you do so you can be fairly secure you have your result consistent with your design, and think that a non compliance could be rally related to unpredictable events.
If you do not put in place something like that (that is important since it is a mandatory requirement from a specific market, well a lot of markets actually) you are guilty and you didn’t do your job correctly.
you made mistakes because you did not check correctly the risks and the consequences. you made mistakes because you didn’t put in place the correct chain of control, you made mistakes because you, basically, didn’t do your job. There is no excuse for bad management, managers are paid to take risk and make decision, so they are fully responsible. the fact they do bad their job can’t be a reason to be absolved.
pity there will be casualties for this mistakes that will hurt people working, so do not think for a moment this is something that can be taken lightly. every worker that will lose his job because of this should be accounted on those managers shoulders.
was the VW affair something done with the knowledge of the senior management?
well this is a completely different thing. or not? is being unable to do your job worse than willingly trying to scam customers and governments? because this is what we are talking about.
If higher management knew this it means that they were willingly trying to scam their customers to rise up their sales lowering costs. there is nothing bad in willing to raise sales and lower costs, till you di it in a fair, ethic, legal and fair way, not sure can be justified if this is done against the law (the comment is sarcastic, for the ones that didn’t get it).
so basically this means that the management did this math (I know I am over simplifying it):
cost without compliance =”X”
costs with compliance = “X+Y”
if we sell our product at “Z” our incomes will be “Z-X” if we are not compliant and “Z-(X+Y)” if we are compliant.
so we earn more with the not compliance.
now I hope they at least tried to check the cost fo being discovered and the %risk of being discovered, those 2 factors should be the point to analyze if it is worth to try the scam or not.
so basically they should have correct the math at least as
cost without compliance = “X + (cost of being discovered * %of risk to be discovered)”
now the cost, apparently, will be as big as this year revenue for the company (may be more) this means that the cost of being discovered is almost Z, this rules out any chance to consider worthy the scam unless the %of risk to be discovered is really small, and for really small I mean several digit below zero.
but this % couldn’t be so small since there were external controls, chemistry and physics to work against them.
this means that they haven’t been able to correctly evaluated the costs of not compliance and so jeopardize their stream of revenue for nothing.
This basically means that:
- they were willing to scam
- they were fairly incompetent
so again this rules out any chance to be merciful, more for not being able to do their job actually.
Is this an isolated case?
Although I would like to say yes, I think this is a common practice in the industry of any country in any sector. Sometimes the cost of compliance is simply too high, sometimes management takes risks for not compliance knowing the eventual costs, most of the time they simply does not care because it is not in their targets (and we know that sales target are quarter based when we have a long vision, lol).
I am not talking here about honest mistakes, I am talking about willingly not being compliant or not doing all effort possible to carry out a serious, credible and reliable quality system.
Quality requirement could be mandatory (because of some law) or just best practice, or simply marketing claims but respect the quality baseline is always a serious matter that should be better evaluated.
VW scandals teach us that it is a priority for the management to act in a correct way because the cost of not compliance can be devastating. And in the connected world we are the repercussion are global. Let me claim also social responsibility for a company, a scandal like this can affect an entire country perception.
Bright side it happen in Germany, and so when I will talk with my German friends I will be able to say, come one stop making fun of FCA hacking car problem, you hack the EPA…
One last comment: when we will start to admit that “clean” cars and combustion engines are still way to come?
trust no one