The Permission Problem: Who Actually Has Power in Your Organization?

1
00:00:00,000 --> 00:00:06,000
Hello, my name is Mirko Peters and I translate how technology actually shapes business reality.

2
00:00:06,000 --> 00:00:11,480
Most organizations believe power lives in titles, approval levels and the formal org chart.

3
00:00:11,480 --> 00:00:15,280
But when you look at how work actually moves, power sits somewhere else entirely.

4
00:00:15,280 --> 00:00:19,640
It lives in access and information and in the specific people who sit inside the flow

5
00:00:19,640 --> 00:00:20,720
of decisions.

6
00:00:20,720 --> 00:00:25,160
In this episode, I want to show you how to read power where it really exists across permissions,

7
00:00:25,160 --> 00:00:26,840
conversations, content and AI.

8
00:00:26,840 --> 00:00:31,760
If this lens helps you audit your own organization more clearly, subscribe to the podcast so

9
00:00:31,760 --> 00:00:34,000
we can keep mapping these systems together.

10
00:00:34,000 --> 00:00:37,080
Let me take one step back and explain why this matters.

11
00:00:37,080 --> 00:00:39,240
The permission problem is not a people problem.

12
00:00:39,240 --> 00:00:42,600
When leaders talk about power problems, they usually focus on personalities and office

13
00:00:42,600 --> 00:00:43,600
politics.

14
00:00:43,600 --> 00:00:47,600
They talk about difficult stakeholders or territorial behavior and they point to weak culture,

15
00:00:47,600 --> 00:00:50,800
pro communication or a general lack of trust.

16
00:00:50,800 --> 00:00:54,600
While those things are certainly real, they are often just symptoms of a deeper structural

17
00:00:54,600 --> 00:00:55,600
issue.

18
00:00:55,600 --> 00:00:59,480
The same friction shows up again and again across different teams and leadership changes.

19
00:00:59,480 --> 00:01:01,880
We are usually not looking at the people problem at all.

20
00:01:01,880 --> 00:01:03,400
We are looking at a system outcome.

21
00:01:03,400 --> 00:01:07,440
That distinction matters because it changes how we diagnose the organization and how we try

22
00:01:07,440 --> 00:01:08,640
to fix it.

23
00:01:08,640 --> 00:01:13,080
If the default explanation is personal behavior, then the response is always going to be personal.

24
00:01:13,080 --> 00:01:17,040
You might coach a specific person, replace a manager or run another alignment meeting to

25
00:01:17,040 --> 00:01:18,640
clarify expectations.

26
00:01:18,640 --> 00:01:22,040
Sometimes that helps for a few weeks, but often nothing structural changes because the underlying

27
00:01:22,040 --> 00:01:23,600
machinery is still broken.

28
00:01:23,600 --> 00:01:27,960
The delays remain, the same names keep showing up in escalations and the work gets stuck in

29
00:01:27,960 --> 00:01:30,760
the same places even if the people in those seats have changed.

30
00:01:30,760 --> 00:01:31,760
And why is that?

31
00:01:31,760 --> 00:01:35,800
Formal hierarchy explains accountability on paper telling us who is meant to approve a

32
00:01:35,800 --> 00:01:38,880
request or who owns the budget when things go wrong.

33
00:01:38,880 --> 00:01:41,840
But actual execution follows a completely different map.

34
00:01:41,840 --> 00:01:46,160
It follows access paths and information availability which means the person who can move the work

35
00:01:46,160 --> 00:01:50,240
is the one who can see the file, edit the record or grant the permission.

36
00:01:50,240 --> 00:01:54,760
The real operating model is defined by who can interpret the context and move the conversation

37
00:01:54,760 --> 00:01:57,600
forward without waiting for three other people to wake up.

38
00:01:57,600 --> 00:02:01,720
In most organizations, that model is only partly visible to the people running it.

39
00:02:01,720 --> 00:02:07,560
I've seen this repeatedly in Microsoft 365 environments that look mature from the outside

40
00:02:07,560 --> 00:02:11,080
because the governance is documented and the roles are defined.

41
00:02:11,080 --> 00:02:14,640
There are committees, steering groups and approval workflows that make everything look

42
00:02:14,640 --> 00:02:16,480
controlled and professional.

43
00:02:16,480 --> 00:02:19,840
But then you watch one important decision move through the organization and suddenly that

44
00:02:19,840 --> 00:02:22,720
formal structure starts to blur into something else.

45
00:02:22,720 --> 00:02:26,400
The person with the title is rarely the person with the context and the person with the

46
00:02:26,400 --> 00:02:29,800
accountability often lacks the access they need to actually lead.

47
00:02:29,800 --> 00:02:33,880
The leader expected to decide is usually waiting on someone else to find a document, interpret

48
00:02:33,880 --> 00:02:37,880
the history or unlock a workflow just to confirm what is actually true.

49
00:02:37,880 --> 00:02:41,000
Because of this gap, the decision does not happen where authority sits.

50
00:02:41,000 --> 00:02:44,560
It happens where enough context exists to move, that is the permission problem.

51
00:02:44,560 --> 00:02:48,040
I'm not talking about permission in the narrow IT sense of clicking a checkbox.

52
00:02:48,040 --> 00:02:51,600
I'm talking about permission as an operating condition for the entire business.

53
00:02:51,600 --> 00:02:52,840
Can you see what matters?

54
00:02:52,840 --> 00:02:54,160
Can you reach the data you need?

55
00:02:54,160 --> 00:02:55,960
Can you change the things that are broken?

56
00:02:55,960 --> 00:02:59,560
If you can't move the work without going through an informal gatekeeper, then the org chart

57
00:02:59,560 --> 00:03:03,120
might be accurate in theory, but it is completely weak in practice.

58
00:03:03,120 --> 00:03:05,160
This is where many organizations get trapped.

59
00:03:05,160 --> 00:03:08,960
They think they have a leadership problem when they really have a distribution problem.

60
00:03:08,960 --> 00:03:12,320
Control is distributed one way, responsibility is distributed another and information is

61
00:03:12,320 --> 00:03:14,360
scattered somewhere else entirely.

62
00:03:14,360 --> 00:03:19,000
This is often the result of years of historical accidents and quick fixes that nobody would

63
00:03:19,000 --> 00:03:20,720
ever design from scratch today.

64
00:03:20,720 --> 00:03:23,720
The people inside the system eventually learn to compensate for these gaps.

65
00:03:23,720 --> 00:03:28,280
They create side channels, forward files to personal accounts and start private chats

66
00:03:28,280 --> 00:03:29,560
just to get a straight answer.

67
00:03:29,560 --> 00:03:33,280
They build local trackers and use tools that were never meant to become critical infrastructure

68
00:03:33,280 --> 00:03:36,440
because the formal path does not move at the speed of the business.

69
00:03:36,440 --> 00:03:40,560
Once this compensation becomes normal, it gets misread as a culture problem.

70
00:03:40,560 --> 00:03:45,480
People start saying a specific team is political or a certain department always blocks progress.

71
00:03:45,480 --> 00:03:49,080
Maybe that's true, but very often the system is doing exactly what it was set up to do.

72
00:03:49,080 --> 00:03:53,360
It roots work through access bottlenecks and concentrates context in two few places, which

73
00:03:53,360 --> 00:03:57,320
creates invisible dependencies that only become obvious when things get stressful.

74
00:03:57,320 --> 00:04:00,440
From a system perspective that's not just inefficient, it's fragile.

75
00:04:00,440 --> 00:04:05,520
A system that depends on a few hidden people to keep work moving is a system with low structural

76
00:04:05,520 --> 00:04:06,520
resilience.

77
00:04:06,520 --> 00:04:10,200
That fragility stays hidden during normal operations when everyone is just trying to

78
00:04:10,200 --> 00:04:11,600
get through the day.

79
00:04:11,600 --> 00:04:15,320
Then a transformation starts like a merger or a co-pilot pilot and suddenly the mismatch

80
00:04:15,320 --> 00:04:17,240
becomes visible to everyone.

81
00:04:17,240 --> 00:04:20,960
Transformation puts pressure on flow and it asks the organization to move faster and

82
00:04:20,960 --> 00:04:22,960
trust data across boundaries.

83
00:04:22,960 --> 00:04:25,360
That's when the real power map starts to show itself.

84
00:04:25,360 --> 00:04:29,320
It isn't found in titles but in access, in dependency and in the hidden architecture of

85
00:04:29,320 --> 00:04:32,560
who the organization actually needs in order to function.

86
00:04:32,560 --> 00:04:35,000
The difference between authority and power.

87
00:04:35,000 --> 00:04:38,480
Once we recognize that these organizational hurdles are structural, we need to draw

88
00:04:38,480 --> 00:04:42,960
a much cleaner distinction between two things that often get blurred together.

89
00:04:42,960 --> 00:04:44,400
Authority and power are not the same thing.

90
00:04:44,400 --> 00:04:49,240
In most companies, authority is the formal side of the equation and it arrives with a title,

91
00:04:49,240 --> 00:04:52,560
a mandate, a specific budget and clear reporting lines.

92
00:04:52,560 --> 00:04:56,760
It represents the official map the organization points to when it needs to explain who is legally

93
00:04:56,760 --> 00:04:59,040
or professionally responsible for a result.

94
00:04:59,040 --> 00:05:01,240
That structure matters and I'm not dismissing it.

95
00:05:01,240 --> 00:05:05,080
Formal authority is the primary tool organizations use to create order.

96
00:05:05,080 --> 00:05:09,240
Because without it, you end up with total ambiguity around ownership and consequences.

97
00:05:09,240 --> 00:05:13,960
You need a specific person who has the right to say yes, the standing to say no and the shoulders

98
00:05:13,960 --> 00:05:16,160
to carry the weight of a final decision.

99
00:05:16,160 --> 00:05:19,080
But power operates on an entirely different frequency.

100
00:05:19,080 --> 00:05:20,360
Power is operational.

101
00:05:20,360 --> 00:05:25,320
It doesn't come from a badge or a line on an org chart but instead flows from access, timing,

102
00:05:25,320 --> 00:05:26,320
context and trust.

103
00:05:26,320 --> 00:05:29,760
It belongs to the person who is close enough to the actual work that their personal

104
00:05:29,760 --> 00:05:33,440
involvement fundamentally changes what happens next and why is that?

105
00:05:33,440 --> 00:05:37,320
The reason is that work does not move through titles alone but rather through a constant

106
00:05:37,320 --> 00:05:39,640
combination of information and permission.

107
00:05:39,640 --> 00:05:43,680
If you have all the authority in the world but no visibility into the daily grind, your

108
00:05:43,680 --> 00:05:45,720
decisions will be slow and disconnected.

109
00:05:45,720 --> 00:05:50,560
If you hold the mandate but lack direct access to the systems, your ability to execute depends

110
00:05:50,560 --> 00:05:52,760
entirely on someone else's schedule.

111
00:05:52,760 --> 00:05:56,640
When there is a weak trust between the person with the title and the people doing the work,

112
00:05:56,640 --> 00:06:00,320
those decisions might be formally correct yet they remain operationally weak.

113
00:06:00,320 --> 00:06:02,160
Now let's look at the other side of that coin.

114
00:06:02,160 --> 00:06:05,960
We've all seen someone who has very little formal authority but still holds enormous power

115
00:06:05,960 --> 00:06:10,160
inside the system and usually it's not because they're playing politics and they hold that

116
00:06:10,160 --> 00:06:13,280
power because they sit directly in the path of execution.

117
00:06:13,280 --> 00:06:17,800
They are the ones who know where the real file is hidden, which version is actually current

118
00:06:17,800 --> 00:06:21,400
and why the entire workflow tends to fail every Thursday afternoon.

119
00:06:21,400 --> 00:06:25,200
They understand which team truly owns the data regardless of what the documentation says

120
00:06:25,200 --> 00:06:29,760
and they know exactly who needs to be consulted before a decision can move forward without

121
00:06:29,760 --> 00:06:31,520
hitting a wall of resistance.

122
00:06:31,520 --> 00:06:33,280
So what happens in that environment?

123
00:06:33,280 --> 00:06:35,920
Everyone eventually starts routing their work through them.

124
00:06:35,920 --> 00:06:39,840
The moment that shift happens their actual position becomes much bigger than their job title

125
00:06:39,840 --> 00:06:40,840
suggests.

126
00:06:40,840 --> 00:06:44,880
I've sat in rooms with senior leaders who had clear authority but couldn't move a single

127
00:06:44,880 --> 00:06:49,880
project without a coordinator or a long tenured lead translating the technical reality underneath

128
00:06:49,880 --> 00:06:50,880
them.

129
00:06:50,880 --> 00:06:55,280
That isn't a story about personality or charisma, it's a design signal.

130
00:06:55,280 --> 00:06:58,760
Decisions naturally gravitate toward the place where enough context exists to make them

131
00:06:58,760 --> 00:07:02,240
real and that is the fundamental difference we have to understand.

132
00:07:02,240 --> 00:07:05,840
Authorities says this person is meant to decide but power says this person can actually change

133
00:07:05,840 --> 00:07:06,840
the outcome.

134
00:07:06,840 --> 00:07:10,560
Sometimes those two forces live in the same person and when they do the organization feels

135
00:07:10,560 --> 00:07:14,480
clean because responsibility, access and information are all aligned.

136
00:07:14,480 --> 00:07:18,200
The person who is accountable can also see, understand and move the levers that matter

137
00:07:18,200 --> 00:07:19,200
most.

138
00:07:19,200 --> 00:07:22,480
But in most modern workplaces those elements start to drift apart.

139
00:07:22,480 --> 00:07:26,320
The director might own the final outcome but the project lead holds the current context

140
00:07:26,320 --> 00:07:30,920
while the platform admin controls the access and the sharepoint owner manages the documents.

141
00:07:30,920 --> 00:07:34,720
Meanwhile, the person sitting in the active team's thread is the only one who knows what

142
00:07:34,720 --> 00:07:38,840
the staff is actually worried about yet the executive sponsor shows up at the very end

143
00:07:38,840 --> 00:07:42,240
expecting a lightning fast answer.

144
00:07:42,240 --> 00:07:45,480
From the outside this looks like a slow bureaucratic organization.

145
00:07:45,480 --> 00:07:47,560
From the inside it's a fragmented power model.

146
00:07:47,560 --> 00:07:51,960
This is exactly why org charts can be factually true and completely useless at the same time.

147
00:07:51,960 --> 00:07:56,080
As they only show vertical accountability, they fail to show who can unblock a critical

148
00:07:56,080 --> 00:08:01,000
workflow, who can grant or remove visibility or who the team actually trusts for the real

149
00:08:01,000 --> 00:08:02,560
version of events.

150
00:08:02,560 --> 00:08:03,760
That is where the power lives.

151
00:08:03,760 --> 00:08:07,160
Once you separate power from authority, a lot of confusing behavior starts to make sense

152
00:08:07,160 --> 00:08:12,800
like why an individual contributor has outsized influence because they control a key dependency.

153
00:08:12,800 --> 00:08:16,760
You start to see why a mid-level manager feels weaker than their role suggests, often because

154
00:08:16,760 --> 00:08:20,240
they've been made responsible for results without being structurally equipped to deliver

155
00:08:20,240 --> 00:08:21,240
them.

156
00:08:21,240 --> 00:08:25,000
This also explains why the real decisions happen inside conversations before the formal

157
00:08:25,000 --> 00:08:26,320
meeting ever starts.

158
00:08:26,320 --> 00:08:30,000
The true decision point is where the context converges, not necessarily where the calendar

159
00:08:30,000 --> 00:08:31,960
invites says the meeting should be.

160
00:08:31,960 --> 00:08:36,160
This realization changes how we read leadership friction because what looks like in decision

161
00:08:36,160 --> 00:08:40,160
is often just a hidden dependency, what looks like office politics is usually just an

162
00:08:40,160 --> 00:08:44,560
access imbalance and what looks like weak execution is almost always a mismatch between formal

163
00:08:44,560 --> 00:08:46,880
authority and operational power.

164
00:08:46,880 --> 00:08:50,760
If we ignore this distinction, we will always misdiagnose the organization.

165
00:08:50,760 --> 00:08:54,800
We'll keep redesigning reporting lines and moving boxes on a chart while the real

166
00:08:54,800 --> 00:08:59,520
leverage remains buried in permissions, information flows and hidden dependencies.

167
00:08:59,520 --> 00:09:00,880
Which brings me to the next point.

168
00:09:00,880 --> 00:09:05,080
Once we separate authority from power, the org chart stops looking like the organization

169
00:09:05,080 --> 00:09:09,000
itself and starts looking like just one thin layer of a much deeper system.

170
00:09:09,000 --> 00:09:11,840
Why organizations drift away from their org chart?

171
00:09:11,840 --> 00:09:16,040
If the org chart is only one layer of the reality, we have to ask the obvious question,

172
00:09:16,040 --> 00:09:20,400
why do organizations drift so far away from their original design in the first place?

173
00:09:20,400 --> 00:09:23,120
It's rarely because of one catastrophic mistake.

174
00:09:23,120 --> 00:09:24,320
Drift is cumulative.

175
00:09:24,320 --> 00:09:28,400
It happens the same way most operational risks develop quietly and incrementally under

176
00:09:28,400 --> 00:09:30,640
the pressure of reasonable daily demands.

177
00:09:30,640 --> 00:09:34,400
A company grows or adds a new business unit, then a merger brings in another tenant and

178
00:09:34,400 --> 00:09:38,160
a different way of naming ownership and suddenly the original model is stretched.

179
00:09:38,160 --> 00:09:42,480
A few key people leave, a new transformation starts before the last one finished and an

180
00:09:42,480 --> 00:09:46,840
urgent deadline forces a shortcut that everyone promises is only temporary.

181
00:09:46,840 --> 00:09:49,240
Individually none of those moments feel like a crisis.

182
00:09:49,240 --> 00:09:53,400
But structurally every single one of those changes shifts the relationship between authority

183
00:09:53,400 --> 00:09:55,400
access and the ability to execute.

184
00:09:55,400 --> 00:10:00,080
This is where a tool like Microsoft 365 becomes a very honest mirror for the business.

185
00:10:00,080 --> 00:10:04,120
Every time the organization adapts faster than its governance model can keep up, the digital

186
00:10:04,120 --> 00:10:07,000
estate records that adaptation in real time.

187
00:10:07,000 --> 00:10:10,720
Permissions get added much faster than they ever get reviewed and teams are created for

188
00:10:10,720 --> 00:10:15,400
a quick project only to become permanent operating spaces that nobody manages.

189
00:10:15,400 --> 00:10:19,200
SharePoint sites often inherit ownership assumptions from years ago, even though the underlying

190
00:10:19,200 --> 00:10:23,080
responsibility for that data has shifted three times since then.

191
00:10:23,080 --> 00:10:27,280
Several automated flows are built to solve a local headache and they keep running long after

192
00:10:27,280 --> 00:10:30,320
the original logic or the person who built them has moved on.

193
00:10:30,320 --> 00:10:33,600
The system starts carrying history instead of business reality.

194
00:10:33,600 --> 00:10:35,240
That distinction is vital.

195
00:10:35,240 --> 00:10:38,400
When you open a policy document everything might still look perfectly clean because the

196
00:10:38,400 --> 00:10:42,480
roles are defined and the security principles are documented on paper.

197
00:10:42,480 --> 00:10:46,480
But when you actually inspect the effective environment, you find a completely different

198
00:10:46,480 --> 00:10:48,880
organization layered underneath the official one.

199
00:10:48,880 --> 00:10:53,760
This shadow organization formed through exceptions, handovers and urgent workarounds.

200
00:10:53,760 --> 00:10:54,760
And why is that?

201
00:10:54,760 --> 00:10:58,680
The reason is that governance usually moves in slow-review cycles while business pressure

202
00:10:58,680 --> 00:10:59,920
moves in real time.

203
00:10:59,920 --> 00:11:04,040
A business cannot wait three months for a governance committee to meet when a client

204
00:11:04,040 --> 00:11:06,600
issue or a compliance deadline is landing this Friday.

205
00:11:06,600 --> 00:11:09,640
So the people inside the system do what they have to do to survive.

206
00:11:09,640 --> 00:11:10,640
They compensate.

207
00:11:10,640 --> 00:11:12,960
They grant access directly to get a job done.

208
00:11:12,960 --> 00:11:17,800
They add someone temporarily to a group and they keep a former owner on the list because

209
00:11:17,800 --> 00:11:21,000
removing them feels like a risk they don't have time to manage.

210
00:11:21,000 --> 00:11:24,400
They root work through the person who actually knows the process instead of the person who

211
00:11:24,400 --> 00:11:26,240
is supposed to own it on paper.

212
00:11:26,240 --> 00:11:29,880
Once that workaround proves it can get the job done, it stops feeling temporary and starts

213
00:11:29,880 --> 00:11:31,680
becoming the actual operating model.

214
00:11:31,680 --> 00:11:33,360
That is how drift hardens into place.

215
00:11:33,360 --> 00:11:37,520
It doesn't happen through rebellion but through the simple repetition of what works.

216
00:11:37,520 --> 00:11:41,720
This is also why leaders are so frequently blindsided when they finally look under the hood.

217
00:11:41,720 --> 00:11:45,240
As they assume the organization they approved is the one that actually exists.

218
00:11:45,240 --> 00:11:50,040
What really exists is a negotiated structure that sits somewhere between the formal design

219
00:11:50,040 --> 00:11:52,200
and the daily operational necessity.

220
00:11:52,200 --> 00:11:56,760
The org chart describes the intent but the environment records the adaptation.

221
00:11:56,760 --> 00:12:00,280
Adaptation isn't always a bad thing and organizations actually need a certain amount

222
00:12:00,280 --> 00:12:02,760
of local flexibility and room for human judgment.

223
00:12:02,760 --> 00:12:06,880
The problem only starts when that adaptation accumulates for years without any kind of structural

224
00:12:06,880 --> 00:12:07,880
review.

225
00:12:07,880 --> 00:12:10,560
Eventually the organization begins to root around itself.

226
00:12:10,560 --> 00:12:14,120
Old access remains active while new dependencies emerge.

227
00:12:14,120 --> 00:12:18,120
And even when the person with the title changes, the real control point stays with whoever

228
00:12:18,120 --> 00:12:20,320
holds the context or the trust network.

229
00:12:20,320 --> 00:12:24,080
You end up with a business that looks centralized in a PowerPoint deck but behaves like a messy

230
00:12:24,080 --> 00:12:25,360
patchwork in practice.

231
00:12:25,360 --> 00:12:29,120
That patchwork creates three very predictable and very dangerous effects.

232
00:12:29,120 --> 00:12:33,640
First, the paths to making a decision become much longer than they appear on the surface.

233
00:12:33,640 --> 00:12:37,760
Second, accountability becomes almost impossible to enforce because the person held responsible

234
00:12:37,760 --> 00:12:39,640
isn't structurally equipped to lead.

235
00:12:39,640 --> 00:12:43,760
Third, hidden operators gain far more influence over the speed of the business than the formal

236
00:12:43,760 --> 00:12:45,160
leaders ever expected.

237
00:12:45,160 --> 00:12:48,080
This is why drift is the silent killer of transformation.

238
00:12:48,080 --> 00:12:52,120
During steady state operations people can survive a surprising amount of structural misalignment

239
00:12:52,120 --> 00:12:55,160
because they've learned who to call and where the files really live.

240
00:12:55,160 --> 00:13:00,320
But when you try to scale or integrate a new system or introduce AI, those informal human

241
00:13:00,320 --> 00:13:03,200
corrections are no longer enough to bridge the gap.

242
00:13:03,200 --> 00:13:07,760
The distance between the official structure and the real one becomes incredibly expensive.

243
00:13:07,760 --> 00:13:12,680
You start seeing duplicated work, conflicting answers and approval loops that serve no purpose,

244
00:13:12,680 --> 00:13:16,000
all while the same few names sit in the middle of every bottleneck.

245
00:13:16,000 --> 00:13:19,920
This drift is easiest to see in an organization that believes it is well governed and ready

246
00:13:19,920 --> 00:13:26,000
for the future, when in reality it is held together by a system it no longer fully understands.

247
00:13:26,000 --> 00:13:28,520
The invisible gatekeeper organization set up.

248
00:13:28,520 --> 00:13:29,520
Let's make this concrete.

249
00:13:29,520 --> 00:13:33,920
I want to use a composite organization here, not because one specific company is uniquely

250
00:13:33,920 --> 00:13:38,320
broken but because this pattern is so common that once you see it, you start recognizing

251
00:13:38,320 --> 00:13:39,320
it everywhere.

252
00:13:39,320 --> 00:13:42,480
Picture a mid-sized enterprise in the middle of a growth spurt.

253
00:13:42,480 --> 00:13:46,000
They have expanded through a mix of internal scaling and a few acquisitions which has led

254
00:13:46,000 --> 00:13:48,200
to a steady increase in cross-functional work.

255
00:13:48,200 --> 00:13:51,680
From the outside, the whole thing looks disciplined and the executive team truly believes

256
00:13:51,680 --> 00:13:53,640
the organization is governed well.

257
00:13:53,640 --> 00:13:57,560
They have clear leadership layers, steering groups and architecture reviews and the language

258
00:13:57,560 --> 00:14:01,600
of control is baked into every approval board for risk or investment.

259
00:14:01,600 --> 00:14:03,400
On paper, the structure makes perfect sense.

260
00:14:03,400 --> 00:14:07,960
Sales owns the customer decisions while operations handles delivery and IT manages the

261
00:14:07,960 --> 00:14:10,400
platforms while security dictates policy.

262
00:14:10,400 --> 00:14:15,040
HR owns the people processes and finance maintains the investment controls, meaning every

263
00:14:15,040 --> 00:14:17,480
box has a leader with a specific mandate.

264
00:14:17,480 --> 00:14:20,960
Each of those mandates connects to a reporting structure that feels mature enough to support

265
00:14:20,960 --> 00:14:21,960
real scale.

266
00:14:21,960 --> 00:14:23,560
Now look at the technology estate.

267
00:14:23,560 --> 00:14:28,400
Microsoft 365 has been the foundation for years, enter ID structured and teams serves

268
00:14:28,400 --> 00:14:30,880
as the default communication layer for everyone.

269
00:14:30,880 --> 00:14:34,520
SharePoint holds the bulk of their operational content and the power platform has grown in

270
00:14:34,520 --> 00:14:37,880
the usual way, partly governed, partly local and partly invisible.

271
00:14:37,880 --> 00:14:42,280
There are naming conventions and site lifecycle rules in place and the documentation libraries

272
00:14:42,280 --> 00:14:45,520
are full of architecture principles and governance intent.

273
00:14:45,520 --> 00:14:49,520
If you asked leadership whether control exists, they would say yes without hesitation.

274
00:14:49,520 --> 00:14:53,640
If you asked whether decision rights are clearly defined, the answer would also be yes,

275
00:14:53,640 --> 00:14:55,920
and this is exactly where the case gets interesting.

276
00:14:55,920 --> 00:14:59,400
The organization isn't chaotic, it is governed just enough to feel safe.

277
00:14:59,400 --> 00:15:03,640
That matters because the most revealing permission problems don't show up in broken environments,

278
00:15:03,640 --> 00:15:07,800
but rather in places that look stable and mature enough to trust their own design.

279
00:15:07,800 --> 00:15:10,600
This organization had that exact confidence.

280
00:15:10,600 --> 00:15:15,160
Leadership believed authority was clear, platform teams thought access was under control and

281
00:15:15,160 --> 00:15:17,920
business functions believed they knew who owned what.

282
00:15:17,920 --> 00:15:21,920
The people inside the system had learned how to work around the rough edges so well that

283
00:15:21,920 --> 00:15:24,680
those gaps stopped looking like structural issues.

284
00:15:24,680 --> 00:15:28,640
When people compensate successfully, leaders often stop seeing the compensation entirely because

285
00:15:28,640 --> 00:15:30,600
they only see the work getting done.

286
00:15:30,600 --> 00:15:33,960
Underneath that smooth surface, a different pattern had already formed.

287
00:15:33,960 --> 00:15:37,960
Some decisions moved quickly and others did not for reasons that were hard to explain, and

288
00:15:37,960 --> 00:15:42,720
while a formal approver might sign off, the real movement usually happened earlier in a private

289
00:15:42,720 --> 00:15:43,720
team's thread.

290
00:15:43,720 --> 00:15:47,720
A department head would technically own an outcome, but a long tenured coordinator would

291
00:15:47,720 --> 00:15:51,160
quietly determine if the information was complete enough to act on.

292
00:15:51,160 --> 00:15:54,800
The platform team would claim a process was standardized, yet everyone involved knew

293
00:15:54,800 --> 00:16:00,200
that if one specific person was unavailable, the entire workflow slowed down immediately.

294
00:16:00,200 --> 00:16:01,960
Nothing here looked dramatic in isolation.

295
00:16:01,960 --> 00:16:06,400
It looked like normal organizational life with a bit of friction, a few known dependencies,

296
00:16:06,400 --> 00:16:09,440
and some useful people who knew how things really worked.

297
00:16:09,440 --> 00:16:13,880
But when an organization starts depending on useful people in the same spots over and over,

298
00:16:13,880 --> 00:16:15,760
those people are no longer just helpful.

299
00:16:15,760 --> 00:16:17,240
They are infrastructure.

300
00:16:17,240 --> 00:16:20,920
In this case, that infrastructure was mostly invisible to formal leadership because the

301
00:16:20,920 --> 00:16:25,160
official model still looked credible enough that no one felt the urgency to test the reality

302
00:16:25,160 --> 00:16:26,160
beneath it.

303
00:16:26,160 --> 00:16:28,480
There were early signals if you knew where to look.

304
00:16:28,480 --> 00:16:32,640
Scientists needed too many follow-ups before decisions finally landed and teams often did duplicate

305
00:16:32,640 --> 00:16:36,680
work because they were acting on different versions of the same information.

306
00:16:36,680 --> 00:16:39,840
Informal escalations happened long before they ever appeared in the official governance

307
00:16:39,840 --> 00:16:43,920
path and you'd constantly hear people say things like "Just ask her, she'll know" or

308
00:16:43,920 --> 00:16:46,080
"We'll wait until she's back before we move."

309
00:16:46,080 --> 00:16:48,960
Those phrases sound harmless, but let me be more precise.

310
00:16:48,960 --> 00:16:51,680
They sound efficient, that is exactly why they are dangerous.

311
00:16:51,680 --> 00:16:55,720
A dependency only feels like a risk once the person is overloaded or unavailable, but

312
00:16:55,720 --> 00:16:58,000
until then it just feels like competence.

313
00:16:58,000 --> 00:17:02,200
This organization had built a lot of hidden confidence around competence, concentrated in a few

314
00:17:02,200 --> 00:17:03,320
specific places.

315
00:17:03,320 --> 00:17:06,760
From the top, the business looked structured and from the middle it looked manageable, but

316
00:17:06,760 --> 00:17:12,440
from inside the daily flow, work was already rooting itself through invisible gatekeepers.

317
00:17:12,440 --> 00:17:15,320
Then the organization decided it was ready for the next stage.

318
00:17:15,320 --> 00:17:20,080
They wanted faster execution, stronger data use and a serious push into AI readiness,

319
00:17:20,080 --> 00:17:24,400
and that is when the visible organization and the real one finally started to separate.

320
00:17:24,400 --> 00:17:27,440
Trigger event, transformation exposes the real power map.

321
00:17:27,440 --> 00:17:29,800
The trigger for this shift was not a crisis.

322
00:17:29,800 --> 00:17:34,320
There was no data breach, no public failure, and no dramatic collapse of the business.

323
00:17:34,320 --> 00:17:38,880
Instead the organization simply chose to move by launching an AI readiness and co-pilot

324
00:17:38,880 --> 00:17:43,680
initiative because leadership wanted faster decisions and less friction across functions.

325
00:17:43,680 --> 00:17:47,840
On the surface, this is a reasonable goal and if your Microsoft 365 Estate already looks

326
00:17:47,840 --> 00:17:51,120
mature, AI feels like the next logical layer to add.

327
00:17:51,120 --> 00:17:55,000
The executive expectation was simple, we have the data, we have the tools and we have

328
00:17:55,000 --> 00:17:57,800
the governance, so AI should help us move faster.

329
00:17:57,800 --> 00:18:01,600
But the moment the organization started asking practical questions about co-pilot readiness,

330
00:18:01,600 --> 00:18:03,760
the answers became strangely inconsistent.

331
00:18:03,760 --> 00:18:07,600
When asked who owned a specific content set, there was silence and when asked who should

332
00:18:07,600 --> 00:18:11,360
have access to a certain area, the answer depended entirely on who you asked.

333
00:18:11,360 --> 00:18:15,320
Nobody knew why one group could see material while the accountable team could not, or why

334
00:18:15,320 --> 00:18:19,440
a sharepoint space was still owned by someone who changed roles two years ago.

335
00:18:19,440 --> 00:18:23,480
They couldn't explain why a workflow relied on one person to validate what the system

336
00:18:23,480 --> 00:18:27,680
was supposed to know already, other than saying that's just how it had always worked.

337
00:18:27,680 --> 00:18:31,640
Just like that, the AI initiative stopped being a productivity conversation and became

338
00:18:31,640 --> 00:18:33,080
an organizational x-ray.

339
00:18:33,080 --> 00:18:37,560
AI does not care about the story your governance model tells because it runs strictly on what

340
00:18:37,560 --> 00:18:39,480
the environment actually allows.

341
00:18:39,480 --> 00:18:43,040
It looks at permissions, access and signal quality, and that's it.

342
00:18:43,040 --> 00:18:46,880
When the organization tried to prepare for co-pilot, it was forced to inspect the underlying

343
00:18:46,880 --> 00:18:52,560
conditions more closely than it had in years, and that inspection exposed something uncomfortable.

344
00:18:52,560 --> 00:18:56,280
The business was not operating on the clean authority model leadership believed in, but

345
00:18:56,280 --> 00:18:59,920
on a patchwork of historical access and informal trust.

346
00:18:59,920 --> 00:19:01,320
Transformation didn't create that condition.

347
00:19:01,320 --> 00:19:02,560
It revealed it.

348
00:19:02,560 --> 00:19:06,440
This distinction matters because leaders often blame the new initiative when things start

349
00:19:06,440 --> 00:19:10,760
to wobble, claiming the AI rollout caused the confusion or the uncertainty.

350
00:19:10,760 --> 00:19:14,760
Usually that isn't the case, the initiative simply surfaced friction that was already there,

351
00:19:14,760 --> 00:19:17,640
which is one of the most useful things about transformation pressure.

352
00:19:17,640 --> 00:19:21,120
It removes the organization's ability to hide behind routine.

353
00:19:21,120 --> 00:19:26,120
Under normal conditions, people fill gaps manually and root around bottlenecks to patch weak

354
00:19:26,120 --> 00:19:27,600
ownership with human effort.

355
00:19:27,600 --> 00:19:32,120
When you ask the organization to scale that behavior or automate around it, the compensation

356
00:19:32,120 --> 00:19:35,760
becomes visible because the question is no longer whether a good person can keep things

357
00:19:35,760 --> 00:19:36,760
moving.

358
00:19:36,760 --> 00:19:39,760
The question becomes whether the system is structurally reliable, and in this case the answer

359
00:19:39,760 --> 00:19:41,000
was often no.

360
00:19:41,000 --> 00:19:45,360
The AI readiness work kept uncovering contradictions, like content that was technically available

361
00:19:45,360 --> 00:19:49,640
but not trusted or information that was trusted but not broadly accessible.

362
00:19:49,640 --> 00:19:53,560
They found decision makers who were formally accountable but lacked the context to act,

363
00:19:53,560 --> 00:19:57,960
and people with modest roles who suddenly became critical because they sat at the intersection

364
00:19:57,960 --> 00:20:00,360
of access and historical knowledge.

365
00:20:00,360 --> 00:20:03,480
Leadership wanted acceleration, but what they discovered was decision drag.

366
00:20:03,480 --> 00:20:07,600
They wanted scalable knowledge, but what they found was concentrated interpretive power

367
00:20:07,600 --> 00:20:09,040
held by a few individuals.

368
00:20:09,040 --> 00:20:13,280
They wanted AI to reduce friction only to find that the friction had already been encoded

369
00:20:13,280 --> 00:20:15,080
into the environment itself.

370
00:20:15,080 --> 00:20:18,600
This is where the permission problem becomes executive relevant very fast.

371
00:20:18,600 --> 00:20:24,880
Once AI enters the picture, misalignment stops being a local annoyance and becomes an amplifier.

372
00:20:24,880 --> 00:20:30,320
If the wrong people have too much access, AI makes that data easier to find and use, and

373
00:20:30,320 --> 00:20:34,320
if the right people are missing context, AI makes that absence more expensive.

374
00:20:34,320 --> 00:20:38,800
If ownership is stale and real decisions depend on hidden gatekeepers, AI does not fix

375
00:20:38,800 --> 00:20:40,040
the organization.

376
00:20:40,040 --> 00:20:43,080
It just speeds up the consequences of the existing design.

377
00:20:43,080 --> 00:20:47,040
The organization eventually did something smart by moving past the technology project and

378
00:20:47,040 --> 00:20:49,200
asking where work actually moves today.

379
00:20:49,200 --> 00:20:52,440
They stopped looking at where the process said it should move and started looking for the

380
00:20:52,440 --> 00:20:56,040
people who get pulled in every time something important needs to happen.

381
00:20:56,040 --> 00:20:59,560
They looked for who could see enough to unblock the next step and who controlled the spaces

382
00:20:59,560 --> 00:21:01,320
that shaped what others could know.

383
00:21:01,320 --> 00:21:04,760
That shift changed everything because once they started treating this as a power mapping

384
00:21:04,760 --> 00:21:09,440
exercise, the hidden structure finally came into view, and the first signal they found

385
00:21:09,440 --> 00:21:10,760
wasn't culture language.

386
00:21:10,760 --> 00:21:13,280
It was decision latency.

387
00:21:13,280 --> 00:21:14,280
Signal one.

388
00:21:14,280 --> 00:21:16,440
Decision latency starts telling the truth.

389
00:21:16,440 --> 00:21:20,480
Once the organization began tracing how work actually moved through the system, the clearest

390
00:21:20,480 --> 00:21:23,640
signal didn't come from permissions or communication patterns.

391
00:21:23,640 --> 00:21:24,640
It was time.

392
00:21:24,640 --> 00:21:26,800
Specifically I'm talking about decision latency.

393
00:21:26,800 --> 00:21:29,920
The gap between a request entering the system and a decision becoming real.

394
00:21:29,920 --> 00:21:34,120
I don't mean approved in theory or discussed in a meeting but actually moved into production.

395
00:21:34,120 --> 00:21:38,520
This is where many leaders get uncomfortable because latency sounds like a dry process metric,

396
00:21:38,520 --> 00:21:43,320
but if you look closely it is a clear indicator of where power really sits because in any system

397
00:21:43,320 --> 00:21:45,640
time accumulates where dependency lives.

398
00:21:45,640 --> 00:21:49,520
To test this, the organization picked a few cross-functional decision paths that touched

399
00:21:49,520 --> 00:21:51,120
multiple teams and tools.

400
00:21:51,120 --> 00:21:55,280
They looked at access requests for sensitive workspaces, changes to shared content and workflow

401
00:21:55,280 --> 00:21:57,800
adjustments that affected several business units.

402
00:21:57,800 --> 00:21:59,480
These weren't exotic edge cases.

403
00:21:59,480 --> 00:22:02,960
They were the kind of everyday operational decisions that show you how a business actually

404
00:22:02,960 --> 00:22:03,960
functions.

405
00:22:03,960 --> 00:22:05,640
The pattern showed up almost immediately.

406
00:22:05,640 --> 00:22:09,720
The formal decision maker was rarely the slowest part of the chain, which surprised leadership

407
00:22:09,720 --> 00:22:13,320
because they assumed delays happened because senior people were too busy.

408
00:22:13,320 --> 00:22:17,720
They thought approval forums met too infrequently or that too many signatures were required,

409
00:22:17,720 --> 00:22:20,280
and while that was true in some spots it wasn't the main story.

410
00:22:20,280 --> 00:22:21,680
The real story was waiting.

411
00:22:21,680 --> 00:22:25,280
People were waiting for someone to confirm a document version, waiting for someone to explain

412
00:22:25,280 --> 00:22:30,040
if a sharepoint site was still active or waiting for a specific person to clarify who controlled

413
00:22:30,040 --> 00:22:31,440
access.

414
00:22:31,440 --> 00:22:35,760
They were stuck waiting for the one person who really knows how this works, to come back

415
00:22:35,760 --> 00:22:39,760
from holiday or answer a message buried in a thread that isn't slow leadership.

416
00:22:39,760 --> 00:22:41,640
It's concentrated operational power.

417
00:22:41,640 --> 00:22:42,640
And why is that?

418
00:22:42,640 --> 00:22:47,760
It's because an accountable person cannot decide cleanly if the surrounding context is fragmented,

419
00:22:47,760 --> 00:22:52,360
meaning the system has made that decision dependent on hidden verification steps.

420
00:22:52,360 --> 00:22:56,440
What looks like a delayed approval is actually a delayed reconstruction of reality, and that

421
00:22:56,440 --> 00:22:59,120
changes how we have to read organizational speed.

422
00:22:59,120 --> 00:23:01,560
A fast organization isn't one with fewer meetings.

423
00:23:01,560 --> 00:23:05,280
It's one where the person expected to decide can access trusted contexts without rooting

424
00:23:05,280 --> 00:23:06,800
through informal infrastructure.

425
00:23:06,800 --> 00:23:11,080
In this organization, decision parts kept bending around the same few people, and they weren't

426
00:23:11,080 --> 00:23:12,840
always senior leaders.

427
00:23:12,840 --> 00:23:16,720
Often it was a site owner, an operations coordinator, or a platform specialist with years

428
00:23:16,720 --> 00:23:18,200
of historical knowledge.

429
00:23:18,200 --> 00:23:22,000
These individuals had just enough access and pattern memory to make the next step possible,

430
00:23:22,000 --> 00:23:26,160
and once that became visible, the business implication was impossible to ignore.

431
00:23:26,160 --> 00:23:28,520
Decision latency wasn't just random variation.

432
00:23:28,520 --> 00:23:32,840
It was evidence that formal authority and actual movement had separated.

433
00:23:32,840 --> 00:23:36,480
Leaders often need a reframing here because they hear the word bottleneck and immediately

434
00:23:36,480 --> 00:23:38,120
think about a performance issue.

435
00:23:38,120 --> 00:23:41,240
But structurally, a bottleneck is usually not a weak person.

436
00:23:41,240 --> 00:23:43,680
It is a strong person placed in the wrong position.

437
00:23:43,680 --> 00:23:47,340
The system has made them too important by turning them into a translation layer between

438
00:23:47,340 --> 00:23:49,800
formal process and operational reality.

439
00:23:49,800 --> 00:23:53,560
That person might be competent and admired, but from a system perspective, they are still

440
00:23:53,560 --> 00:23:55,440
a single point of failure.

441
00:23:55,440 --> 00:23:59,040
Once the organization measured these parts and to end, they saw the same shape repeating

442
00:23:59,040 --> 00:24:02,600
where requests entered formally, but progress happened informally.

443
00:24:02,600 --> 00:24:06,440
Official approval usually landed long after the real decision had been negotiated in private

444
00:24:06,440 --> 00:24:07,920
chats and side calls.

445
00:24:07,920 --> 00:24:11,080
Meaning the official timeline only told a fraction of the story.

446
00:24:11,080 --> 00:24:14,880
The real time cost was hidden in the work required to reconstruct context.

447
00:24:14,880 --> 00:24:19,640
That's why decision latency tells the truth before anything else because time exposes

448
00:24:19,640 --> 00:24:23,400
dependency in a way that policy documents simply cannot hide.

449
00:24:23,400 --> 00:24:27,720
If work repeatedly slows down around a few specific individuals, you aren't looking at

450
00:24:27,720 --> 00:24:29,160
isolated friction.

451
00:24:29,160 --> 00:24:31,200
You are looking at power concentration.

452
00:24:31,200 --> 00:24:35,760
Now map that to identity and access, and the picture becomes even clearer.

453
00:24:35,760 --> 00:24:38,040
Article 2, "entra-effective permissions."

454
00:24:38,040 --> 00:24:39,400
Tell a different story.

455
00:24:39,400 --> 00:24:43,880
When you map those time patterns to identity and access, the next layer of the system becomes

456
00:24:43,880 --> 00:24:45,600
visible very quickly.

457
00:24:45,600 --> 00:24:49,720
Once the organization stopped asking who should have control and started looking at who

458
00:24:49,720 --> 00:24:52,800
actually had it, entra told a very different story.

459
00:24:52,800 --> 00:24:56,720
This is the point where the org chart and the permission model separate in a way that

460
00:24:56,720 --> 00:24:58,400
leaders can no longer ignore.

461
00:24:58,400 --> 00:25:00,720
On paper, responsibility looked clear enough.

462
00:25:00,720 --> 00:25:01,720
Business owners were named.

463
00:25:01,720 --> 00:25:03,320
Platform roles were assigned.

464
00:25:03,320 --> 00:25:06,440
They assumed that access broadly reflected those structures.

465
00:25:06,440 --> 00:25:10,280
But when the team looked at effective permissions for critical areas, they didn't find a clean

466
00:25:10,280 --> 00:25:11,680
chain of responsibility.

467
00:25:11,680 --> 00:25:12,680
They found history.

468
00:25:12,680 --> 00:25:16,600
They found old group memberships, direct grants that were never removed, and inherited

469
00:25:16,600 --> 00:25:19,440
access through structures that hadn't been reviewed in years.

470
00:25:19,440 --> 00:25:22,920
There were admin rights held by people whose roles had changed long ago.

471
00:25:22,920 --> 00:25:25,600
And temporary exceptions that had quietly become permanent.

472
00:25:25,600 --> 00:25:28,400
None of this looks dangerous when you inspect one item at a time.

473
00:25:28,400 --> 00:25:32,120
Each piece has a logical story like someone needing access during a migration or covering

474
00:25:32,120 --> 00:25:33,640
for a teammate on leave.

475
00:25:33,640 --> 00:25:36,200
So it feels reasonable in isolation.

476
00:25:36,200 --> 00:25:40,160
Collectively, however, these exceptions create a second organization living inside the tenant

477
00:25:40,160 --> 00:25:42,240
that leaders rarely see.

478
00:25:42,240 --> 00:25:46,520
While the formal hierarchy tells you who is accountable for a function, effective permissions

479
00:25:46,520 --> 00:25:50,120
tell you who can actually see, change, or influence what happens.

480
00:25:50,120 --> 00:25:51,400
Those are not the same thing.

481
00:25:51,400 --> 00:25:55,320
The moment you inspect that gap, operational power becomes much easier to read.

482
00:25:55,320 --> 00:25:59,680
In this case, some formally accountable leaders had less practical control than they expected.

483
00:25:59,680 --> 00:26:03,680
They owned the outcomes, but they were structurally dependent on others to surface information

484
00:26:03,680 --> 00:26:06,800
or make changes in the spaces where the work actually lived.

485
00:26:06,800 --> 00:26:10,600
At the same time, people with modest titles held far more influence than anyone had named

486
00:26:10,600 --> 00:26:11,600
explicitly.

487
00:26:11,600 --> 00:26:15,080
They weren't senior, but they were structurally close to the control points.

488
00:26:15,080 --> 00:26:19,080
They could access the right content, add people to the right groups, and validate what was

489
00:26:19,080 --> 00:26:23,000
real, which allowed them to unblock work simply by seeing more than others could.

490
00:26:23,000 --> 00:26:26,680
That is operational power, and it's why Entra is more than just a security layer.

491
00:26:26,680 --> 00:26:27,680
It's a map of influence.

492
00:26:27,680 --> 00:26:32,560
If your environment says one person is responsible, but three other people hold the access needed

493
00:26:32,560 --> 00:26:36,480
to make that responsibility actionable the system has already redistributed power.

494
00:26:36,480 --> 00:26:38,240
That has three major consequences.

495
00:26:38,240 --> 00:26:41,920
First, it weakens accountability because you can't hold someone responsible for an outcome

496
00:26:41,920 --> 00:26:44,880
if they are structurally dependent on people outside their control.

497
00:26:44,880 --> 00:26:49,080
Second, it creates hidden gatekeeping where a few people begin to shape the pace of decisions

498
00:26:49,080 --> 00:26:52,080
by interpreting or unlocking visibility for others.

499
00:26:52,080 --> 00:26:56,120
Third, it creates false confidence where leadership believes control exists simply because

500
00:26:56,120 --> 00:26:57,600
a role exists on a chart.

501
00:26:57,600 --> 00:27:01,480
This is exactly why AI creates so much pressure in the modern workplace.

502
00:27:01,480 --> 00:27:04,040
AI doesn't care about your intended governance model.

503
00:27:04,040 --> 00:27:05,720
It only works on effective access.

504
00:27:05,720 --> 00:27:09,640
If your permissions are broad, AI makes that broadness usable through natural language,

505
00:27:09,640 --> 00:27:13,160
and if key people lack context, AI cannot compensate for that absence.

506
00:27:13,160 --> 00:27:16,600
It will simply reflect your existing fragmentation at a much higher speed.

507
00:27:16,600 --> 00:27:21,040
When organizations say they are preparing for co-pilot, they are often actually discovering

508
00:27:21,040 --> 00:27:24,000
whether their permission architecture reflects business reality.

509
00:27:24,000 --> 00:27:25,280
In this case, it didn't.

510
00:27:25,280 --> 00:27:29,360
The review revealed that access had accumulated around urgency and history,

511
00:27:29,360 --> 00:27:33,280
while responsibility had evolved through reorganizations and new mandates.

512
00:27:33,280 --> 00:27:36,520
Those two layers were no longer aligned, so the org chart said one thing while the

513
00:27:36,520 --> 00:27:37,800
permission said another.

514
00:27:37,800 --> 00:27:41,680
Once you see that structural disconnect, the communication patterns in your business

515
00:27:41,680 --> 00:27:43,880
start making a lot more sense.

516
00:27:43,880 --> 00:27:47,560
Signal 3, Team Centrality Reveals Informal Gatekeepers.

517
00:27:47,560 --> 00:27:51,080
Once the permission layer comes into view, the communication layer starts explaining

518
00:27:51,080 --> 00:27:52,680
the human side of the equation.

519
00:27:52,680 --> 00:27:56,720
Power does not only sit with the people who can access information, because it also sits

520
00:27:56,720 --> 00:27:59,800
with the people who stay in the middle of every conversation.

521
00:27:59,800 --> 00:28:03,240
This is where Microsoft Teams becomes surprisingly revealing for a business.

522
00:28:03,240 --> 00:28:07,240
It is not because chat volume equals authority, and it is not because the loudest person in

523
00:28:07,240 --> 00:28:08,800
the channel has the most influence.

524
00:28:08,800 --> 00:28:09,920
Usually they do not.

525
00:28:09,920 --> 00:28:12,000
The more useful signal to look for is centrality.

526
00:28:12,000 --> 00:28:15,000
You want to see who keeps showing up between different teams and who gets looped in the

527
00:28:15,000 --> 00:28:16,480
moment things become unclear.

528
00:28:16,480 --> 00:28:20,720
Think about who translates one function to another, or who turns scattered context into

529
00:28:20,720 --> 00:28:22,960
a decision someone else can finally act on.

530
00:28:22,960 --> 00:28:26,040
That is where informal gatekeepers start to appear in the data.

531
00:28:26,040 --> 00:28:29,880
In the case of this organization, once people began tracing how decisions actually moved,

532
00:28:29,880 --> 00:28:33,160
they kept finding the same communication pattern over and over again.

533
00:28:33,160 --> 00:28:36,160
The formal process would say one thing about how work should flow.

534
00:28:36,160 --> 00:28:40,600
A request goes here, a decision goes there, approval comes from a specific role, an

535
00:28:40,600 --> 00:28:42,400
escalation follows a set path.

536
00:28:42,400 --> 00:28:46,520
But the real movement kept converging in a handful of Teams conversations and around

537
00:28:46,520 --> 00:28:48,040
a handful of specific people.

538
00:28:48,040 --> 00:28:51,560
These were the individuals copied into everything important, though not always at the beginning

539
00:28:51,560 --> 00:28:52,560
of a project.

540
00:28:52,560 --> 00:28:55,720
Usually they appear at the exact moment friction surfaced.

541
00:28:55,720 --> 00:28:59,800
Someone could not find the latest document, or someone needed to know if a team had already

542
00:28:59,800 --> 00:29:01,080
agreed to a change.

543
00:29:01,080 --> 00:29:05,480
Perhaps someone wanted to confirm if a permission change would create a risk somewhere else,

544
00:29:05,480 --> 00:29:09,400
or they needed to understand the history behind a confusing ownership issue.

545
00:29:09,400 --> 00:29:13,000
Whatever the reason, the same names kept appearing in the threads, that pattern matters

546
00:29:13,000 --> 00:29:17,520
because when conversations repeatedly converge around a few individuals, the organization

547
00:29:17,520 --> 00:29:19,360
is telling you something very specific.

548
00:29:19,360 --> 00:29:22,880
Those people are not just participating in the work, they are holding the threads together.

549
00:29:22,880 --> 00:29:26,000
They act as bridges between groups that do not share enough direct context to move

550
00:29:26,000 --> 00:29:27,200
cleanly without them.

551
00:29:27,200 --> 00:29:31,600
From a system perspective, that kind of centrality creates influence even when formal

552
00:29:31,600 --> 00:29:33,080
authority stays low.

553
00:29:33,080 --> 00:29:35,760
The person in the middle shapes the timing of the entire operation.

554
00:29:35,760 --> 00:29:39,720
They decide what gets clarified first, they know which tension matters, and they often frame

555
00:29:39,720 --> 00:29:42,440
the issue before it ever reaches a senior decision maker.

556
00:29:42,440 --> 00:29:46,840
In many cases, they are the only people who understand enough of the full chain to prevent

557
00:29:46,840 --> 00:29:48,000
massive rework.

558
00:29:48,000 --> 00:29:51,920
Even if they never make the formal call, they shape the conditions under which that call

559
00:29:51,920 --> 00:29:52,920
gets made.

560
00:29:52,920 --> 00:29:53,920
That is power.

561
00:29:53,920 --> 00:29:57,960
This is where organizations often misread what they are seeing by saying a person is just

562
00:29:57,960 --> 00:30:00,560
really helpful or calling them a great connector.

563
00:30:00,560 --> 00:30:04,180
While that may be true, if the organization repeatedly depends on one connector to move

564
00:30:04,180 --> 00:30:08,120
work across boundaries, that connector has become operational infrastructure.

565
00:30:08,120 --> 00:30:12,480
The business now carries a communication dependency in the same way it carried an access dependency.

566
00:30:12,480 --> 00:30:16,160
In this case, several of the people who appeared in delayed decisions also appeared at the

567
00:30:16,160 --> 00:30:18,160
center of the communication flow.

568
00:30:18,160 --> 00:30:21,960
That overlap was important because it showed that power was not sitting in one place and

569
00:30:21,960 --> 00:30:26,040
it was accumulating at the intersection of information access, trust from multiple teams

570
00:30:26,040 --> 00:30:29,200
and a strategic position inside the conversation graph.

571
00:30:29,200 --> 00:30:33,360
That combination is hard to see on a standard org chart, but once you understand it, behavior

572
00:30:33,360 --> 00:30:36,120
that looked political starts looking structural.

573
00:30:36,120 --> 00:30:40,180
Side conversations keep deciding the outcome before the meeting because the real alignment

574
00:30:40,180 --> 00:30:42,000
happens where the central nodes are.

575
00:30:42,000 --> 00:30:46,040
A formal workshop feels like a confirmation instead of a decision because the context was already

576
00:30:46,040 --> 00:30:49,920
broken in smaller threads around the people everyone depends on.

577
00:30:49,920 --> 00:30:53,800
Some individuals become exhausted while others feel blocked because one part of the system

578
00:30:53,800 --> 00:30:57,400
is carrying the translation load while the rest of the team is just waiting on it.

579
00:30:57,400 --> 00:31:00,240
This is also where fragility becomes much easier to name.

580
00:31:00,240 --> 00:31:04,160
A person at the center of every meaningful communication path may look like a high performer

581
00:31:04,160 --> 00:31:07,800
and often they are, but structurally they are also a single point of failure.

582
00:31:07,800 --> 00:31:12,240
If they leave, go on holiday or simply become overloaded, the decision speed of the entire

583
00:31:12,240 --> 00:31:13,880
company drops immediately.

584
00:31:13,880 --> 00:31:17,440
This does not happen because the organization lacks leadership, but because the organization

585
00:31:17,440 --> 00:31:21,040
lacks redundancy, once that becomes visible the next question is obvious.

586
00:31:21,040 --> 00:31:23,280
Why do these people matter so much in the first place?

587
00:31:23,280 --> 00:31:27,040
Usually, it is because they are not only in the middle of the conversation, but they are

588
00:31:27,040 --> 00:31:30,280
also close to the content that everyone else depends on.

589
00:31:30,280 --> 00:31:33,240
Signal 4 SharePoint ownership defines information power.

590
00:31:33,240 --> 00:31:37,160
The content layer explains why those central people matter so much to the business.

591
00:31:37,160 --> 00:31:40,920
Once the organization looked beyond conversations and into where critical information actually

592
00:31:40,920 --> 00:31:42,720
lived, another pattern appeared.

593
00:31:42,720 --> 00:31:46,560
The people who controlled SharePoint ownership were often not the same people who carried

594
00:31:46,560 --> 00:31:51,240
formal accountability for the business decision, and that gap had real consequences.

595
00:31:51,240 --> 00:31:55,200
To be clear, this was not always about malicious control or people deliberately withholding

596
00:31:55,200 --> 00:31:56,200
facts.

597
00:31:56,200 --> 00:31:58,440
Most of the time it was much more ordinary than that.

598
00:31:58,440 --> 00:32:02,880
A site had been created for a project two years earlier, a team owner moved roles, or a

599
00:32:02,880 --> 00:32:06,720
library kept its original permission structure because changing it felt risky.

600
00:32:06,720 --> 00:32:11,240
A document set became business critical almost by accident, and over time the operational

601
00:32:11,240 --> 00:32:15,600
center of gravity shifted while the ownership layer underneath it stayed the same.

602
00:32:15,600 --> 00:32:19,000
The organization ended up with content that was technically available somewhere, but it

603
00:32:19,000 --> 00:32:22,320
was not practically available to the people who needed to act on it.

604
00:32:22,320 --> 00:32:26,080
That distinction matters because information power does not come from the abstract existence

605
00:32:26,080 --> 00:32:27,080
of data.

606
00:32:27,080 --> 00:32:31,000
It comes from whether the right people can reliably find it, trust it, and use it in time

607
00:32:31,000 --> 00:32:32,280
to make a decision.

608
00:32:32,280 --> 00:32:36,560
In this case, SharePoint was holding a lot of hidden influence over the daily workflow.

609
00:32:36,560 --> 00:32:40,640
Some of the most important documents set inside sites with stale ownership, while others

610
00:32:40,640 --> 00:32:44,280
were maintained by people who no longer carried any decision responsibility.

611
00:32:44,280 --> 00:32:48,540
Some were visible to broad groups, but not curated well enough to support trust, and others

612
00:32:48,540 --> 00:32:52,760
were tightly controlled by a handful of stewards who had become the real gatekeepers of the

613
00:32:52,760 --> 00:32:54,240
current version.

614
00:32:54,240 --> 00:32:57,800
When leaders asked why decisions slowed down, the answer was not just that people needed

615
00:32:57,800 --> 00:33:01,800
more meetings, they were operating against uneven information control where one group

616
00:33:01,800 --> 00:33:05,800
worked from one version of the truth while another group was stuck waiting for access.

617
00:33:05,800 --> 00:33:09,320
A third group might have had access, but did not trust the structure enough to know what

618
00:33:09,320 --> 00:33:10,320
was current.

619
00:33:10,320 --> 00:33:13,920
In the middle of all that, one or two individuals knew exactly where the right document lived

620
00:33:13,920 --> 00:33:15,360
and which version mattered.

621
00:33:15,360 --> 00:33:18,960
That is information power, not because they held a senior title, but because they controlled

622
00:33:18,960 --> 00:33:21,680
the path between confusion and clarity.

623
00:33:21,680 --> 00:33:23,960
SharePoint ownership is much more than an admin topic.

624
00:33:23,960 --> 00:33:26,000
It is a business reality topic.

625
00:33:26,000 --> 00:33:30,600
The person who can update the policy, restructure the library, or approve access to the site, is

626
00:33:30,600 --> 00:33:34,080
also shaping what the organization can know in practice.

627
00:33:34,080 --> 00:33:36,160
Control of information is control of decisions.

628
00:33:36,160 --> 00:33:39,880
If a procurement lead cannot see the latest commercial position without asking someone

629
00:33:39,880 --> 00:33:41,840
else their authority is weakened.

630
00:33:41,840 --> 00:33:45,520
If a delivery leader owns the outcome, but depends on a site steward to confirm the current

631
00:33:45,520 --> 00:33:48,000
client documentation, the power has already shifted.

632
00:33:48,000 --> 00:33:52,080
When an executive asks for a fast answer and the team spends half their time validating

633
00:33:52,080 --> 00:33:56,160
which content is real, the business is not just suffering from a knowledge gap.

634
00:33:56,160 --> 00:33:58,000
It is suffering from an ownership gap.

635
00:33:58,000 --> 00:34:01,480
In the anchor case, this became obvious during the AI readiness work.

636
00:34:01,480 --> 00:34:05,400
Copilot forced the organization to think harder about what content was discoverable,

637
00:34:05,400 --> 00:34:10,120
what was overshared and what was effectively trapped behind outdated ownership structures.

638
00:34:10,120 --> 00:34:13,440
That created a very uncomfortable realization for the leadership team.

639
00:34:13,440 --> 00:34:17,040
Some people could see too much, some could see too little, and the people who could correct

640
00:34:17,040 --> 00:34:19,640
that imbalance were not always the people in charge.

641
00:34:19,640 --> 00:34:22,920
That is the real issue because when formal content ownership and real content steward

642
00:34:22,920 --> 00:34:27,720
drift apart, decision quality starts depending on whoever still knows how the content layer

643
00:34:27,720 --> 00:34:28,920
actually works.

644
00:34:28,920 --> 00:34:32,800
Those people are not the problem, but the design of the system made them essential.

645
00:34:32,800 --> 00:34:34,880
From a system perspective that is fragile.

646
00:34:34,880 --> 00:34:39,600
The organization is now dependent on a few people for communication, access and truth management.

647
00:34:39,600 --> 00:34:42,880
Every important decision is now quietly asking the same question.

648
00:34:42,880 --> 00:34:45,320
Who controls the information we are about to trust?

649
00:34:45,320 --> 00:34:46,720
Workflow reality.

650
00:34:46,720 --> 00:34:49,240
Process diagrams versus actual execution.

651
00:34:49,240 --> 00:34:53,000
Once the content layer becomes visible, the next thing you need to inspect is the process.

652
00:34:53,000 --> 00:34:56,120
I'm not talking about the process as it's described in your governance decks or those

653
00:34:56,120 --> 00:34:59,160
need-visio diagrams everyone approved three years ago.

654
00:34:59,160 --> 00:35:02,720
I'm talking about the process as work actually happens on the ground.

655
00:35:02,720 --> 00:35:06,560
This is where many organizations discover that their workflows are not neutral because they

656
00:35:06,560 --> 00:35:10,040
carry embedded assumptions about who truly matters.

657
00:35:10,040 --> 00:35:14,320
These systems dictate who gets consulted, who is allowed to intervene, and who has enough

658
00:35:14,320 --> 00:35:18,280
permission to bend the path when reality doesn't fit the model.

659
00:35:18,280 --> 00:35:21,200
On paper, the workflow in this specific organization looked clean.

660
00:35:21,200 --> 00:35:24,800
A request was raised, a manager reviewed it, a business owner approved it, and then a platform

661
00:35:24,800 --> 00:35:28,560
team implemented it before a control step validated the result.

662
00:35:28,560 --> 00:35:32,160
That sequence gave leadership confidence because it created the appearance of orderly

663
00:35:32,160 --> 00:35:36,280
progression where one box led to the next and responsibility looked visible.

664
00:35:36,280 --> 00:35:37,600
But here's what actually happened.

665
00:35:37,600 --> 00:35:40,160
Work almost never moved in that clean line because it jumped.

666
00:35:40,160 --> 00:35:44,760
A request started in one place, then got clarified in teams, while a missing document triggered

667
00:35:44,760 --> 00:35:46,720
a side conversation that nobody tracked.

668
00:35:46,720 --> 00:35:50,120
Approval's paused because someone needed context from a private chat and even when a step

669
00:35:50,120 --> 00:35:54,400
technically completed, everyone knew the real confirmation only came after one specific

670
00:35:54,400 --> 00:35:56,600
person checked the outcome manually.

671
00:35:56,600 --> 00:36:00,480
The documented process described intent, but the actual execution described dependence

672
00:36:00,480 --> 00:36:01,920
that difference is critical.

673
00:36:01,920 --> 00:36:05,560
When leaders read a diagram, they think they are looking at the operating model, but often

674
00:36:05,560 --> 00:36:07,360
they are just looking at an aspiration.

675
00:36:07,360 --> 00:36:12,680
The real operating model lives in exceptions, bypasses, handoffs, and the hidden logic people

676
00:36:12,680 --> 00:36:15,000
build around a lack of trust in the formal path.

677
00:36:15,000 --> 00:36:16,480
And why does that happen?

678
00:36:16,480 --> 00:36:18,560
Processes do not fail only when they are missing.

679
00:36:18,560 --> 00:36:21,880
They also fail when they are too abstract for the messiness of real work.

680
00:36:21,880 --> 00:36:26,360
If the workflow assumes context is already shared when it isn't, people compensate.

681
00:36:26,360 --> 00:36:30,640
If the workflow assumes ownership is clear when it's actually stale, people compensate.

682
00:36:30,640 --> 00:36:34,320
The process keeps running, but underneath it, another system appears.

683
00:36:34,320 --> 00:36:38,640
This hidden layer is made of manual checks, side approvals, and just let me confirm this

684
00:36:38,640 --> 00:36:41,120
message is that determine the actual pace of the business.

685
00:36:41,120 --> 00:36:45,680
In the anchor case, once the organization traced these flows, they saw that the most important

686
00:36:45,680 --> 00:36:49,160
decisions were rarely shaped by the formal sequence alone.

687
00:36:49,160 --> 00:36:52,360
Instead, power was held by whoever controlled the exceptions.

688
00:36:52,360 --> 00:36:57,200
It sat with the people who knew when a documented step was safe to ignore, or who held the practical

689
00:36:57,200 --> 00:37:01,960
authority to say, "Don't wait for the system, do it this way, that is workflow power."

690
00:37:01,960 --> 00:37:05,600
And it often sits with people no one would identify in a strategy meeting.

691
00:37:05,600 --> 00:37:10,400
A flow owner in power automate or a coordinator with edit rights becomes the process itself,

692
00:37:10,400 --> 00:37:14,320
because the system is doing exactly what it was built to do, the humans around it do what

693
00:37:14,320 --> 00:37:15,760
they must to make it usable.

694
00:37:15,760 --> 00:37:20,280
This creates a dangerous illusion where the organization believes the process is standardized

695
00:37:20,280 --> 00:37:22,280
just because the diagram is.

696
00:37:22,280 --> 00:37:26,640
Execution remains person-dependent, which means your ability to scale is strictly limited.

697
00:37:26,640 --> 00:37:29,160
It also means AI will inherit the same distortion.

698
00:37:29,160 --> 00:37:34,080
If you layer co-pilot onto workflows that depend on hidden exceptions, the AI won't remove

699
00:37:34,080 --> 00:37:35,080
that dependency.

700
00:37:35,080 --> 00:37:37,920
It will just accelerate a model that no one fully understands.

701
00:37:37,920 --> 00:37:40,880
The real question is not whether you have a documented workflow.

702
00:37:40,880 --> 00:37:46,000
The real question is, what behavior does that workflow actually require in order to function?

703
00:37:46,000 --> 00:37:51,280
You have to ask, who is forced to interpret it, who has to bypass it, and who is manually

704
00:37:51,280 --> 00:37:54,360
validating what the system cannot hold on its own.

705
00:37:54,360 --> 00:37:58,520
Once you see that, the bottleneck stops looking accidental and starts looking structural.

706
00:37:58,520 --> 00:38:01,920
The gatekeeper pattern, how one person becomes infrastructure.

707
00:38:01,920 --> 00:38:04,200
This is where the bottleneck becomes easiest to name.

708
00:38:04,200 --> 00:38:07,240
It isn't just a delay or a matter of office politics.

709
00:38:07,240 --> 00:38:09,200
It is a matter of concentration.

710
00:38:09,200 --> 00:38:12,920
Once access, communication and workflow exceptions cluster around one person, they stop being

711
00:38:12,920 --> 00:38:15,440
a contributor and start functioning like infrastructure.

712
00:38:15,440 --> 00:38:17,320
I've seen this pattern many times.

713
00:38:17,320 --> 00:38:20,520
There is usually someone everyone trusts who knows the history, the real owners, and

714
00:38:20,520 --> 00:38:22,360
which SharePoint library is actually current.

715
00:38:22,360 --> 00:38:26,320
They know which approval can be safely ignored and which one absolutely cannot, and they

716
00:38:26,320 --> 00:38:30,420
understand exactly how the workflow behaves when it inevitably breaks, because they know

717
00:38:30,420 --> 00:38:34,400
who needs to be warned before a change goes live, people naturally root everything through

718
00:38:34,400 --> 00:38:35,400
them.

719
00:38:35,400 --> 00:38:37,840
At first, this looks efficient and even feels rational to the team.

720
00:38:37,840 --> 00:38:39,080
Why waste time?

721
00:38:39,080 --> 00:38:43,520
Reconstructing context when one person can collapse that uncertainty in five minutes.

722
00:38:43,520 --> 00:38:47,760
Why push through a formal path when one message to the right person gets the answer faster?

723
00:38:47,760 --> 00:38:50,280
This is exactly how the gatekeeper pattern hardens.

724
00:38:50,280 --> 00:38:54,420
Through someone seeking control, but through repeated relief, the organization finds a person

725
00:38:54,420 --> 00:38:58,760
who reduces friction, and instead of fixing the system, they build the entire workflow around

726
00:38:58,760 --> 00:39:00,160
that individual.

727
00:39:00,160 --> 00:39:04,000
More requests flow through them, more teams depend on them, and eventually people stop

728
00:39:04,000 --> 00:39:05,600
asking whether the structure works.

729
00:39:05,600 --> 00:39:07,760
They just ask whether that person is available.

730
00:39:07,760 --> 00:39:11,480
That is the moment a human being becomes a system component, and from a design perspective,

731
00:39:11,480 --> 00:39:12,840
that is a serious failure.

732
00:39:12,840 --> 00:39:16,320
People are not supposed to carry invisible loads at the center of multiple dependencies

733
00:39:16,320 --> 00:39:18,120
with no redundancy around them.

734
00:39:18,120 --> 00:39:20,240
That isn't resilience, it is concentration risk.

735
00:39:20,240 --> 00:39:24,160
In the anchor case, this became unmistakable when the organization compared decision speed

736
00:39:24,160 --> 00:39:27,760
with dependency patterns and saw the same names appearing over and over.

737
00:39:27,760 --> 00:39:31,160
These individuals didn't have the highest titles, but they held the densest combination

738
00:39:31,160 --> 00:39:33,120
of context, trust, and access.

739
00:39:33,120 --> 00:39:38,240
If they joined the conversation, movement resumed, but if they were absent, everything stretched.

740
00:39:38,240 --> 00:39:42,200
That is a single point of failure, and it creates three very predictable costs for the

741
00:39:42,200 --> 00:39:43,200
business.

742
00:39:43,200 --> 00:39:44,200
First, you face delay.

743
00:39:44,200 --> 00:39:48,640
And the most capable people can only absorb so much translation work before a queue begins

744
00:39:48,640 --> 00:39:49,920
to build around them.

745
00:39:49,920 --> 00:39:51,160
Second, you hit burnout.

746
00:39:51,160 --> 00:39:54,720
The work these people do is rarely visible because it doesn't appear as ownership.

747
00:39:54,720 --> 00:39:57,760
It appears as rescue, quiet correction, and constant pings.

748
00:39:57,760 --> 00:39:59,680
Finally, you face fragility.

749
00:39:59,680 --> 00:40:03,520
If that person leaves or changes roles, the organization discovers that what looked like

750
00:40:03,520 --> 00:40:07,520
business knowledge was actually just knowledge concentrated in one node.

751
00:40:07,520 --> 00:40:11,160
This is where leaders often make the wrong call by trying to protect the person.

752
00:40:11,160 --> 00:40:14,640
They praise them, give them more meetings, and grant them broader oversight because they

753
00:40:14,640 --> 00:40:16,040
seem essential.

754
00:40:16,040 --> 00:40:19,880
But if your response to a hidden dependency is to institutionalize it, you aren't solving

755
00:40:19,880 --> 00:40:20,880
the problem.

756
00:40:20,880 --> 00:40:21,880
You are promoting the bottleneck.

757
00:40:21,880 --> 00:40:26,160
The issue isn't that a capable person exists, but that the system made their capability

758
00:40:26,160 --> 00:40:27,240
non-transferable.

759
00:40:27,240 --> 00:40:31,720
The system made context too concentrated and ownership too ambiguous for anyone else to

760
00:40:31,720 --> 00:40:32,720
step in.

761
00:40:32,720 --> 00:40:37,000
The gatekeeper becomes the only bridge between design, intent, and operating reality.

762
00:40:37,000 --> 00:40:39,720
That bridge might be strong, but it is still just one bridge.

763
00:40:39,720 --> 00:40:43,160
And once the organization relies on it, behavior shifts permanently.

764
00:40:43,160 --> 00:40:47,800
People wait rather than decide, and they escalate informally rather than through the process.

765
00:40:47,800 --> 00:40:52,040
They learn that knowing the right person matters more than understanding the formal path.

766
00:40:52,040 --> 00:40:55,960
That is when the permission problem becomes cultural on the surface, even though it is structural

767
00:40:55,960 --> 00:40:56,960
underneath.

768
00:40:56,960 --> 00:41:01,560
What the system is producing is a design that cannot move without concentrated human compensation.

769
00:41:01,560 --> 00:41:06,280
And once that becomes normal, work starts leaving the formal environment altogether.

770
00:41:06,280 --> 00:41:10,240
So I'd and shadow AI as structural compensation.

771
00:41:10,240 --> 00:41:14,400
Once dependency becomes the standard operating procedure, work naturally starts looking for

772
00:41:14,400 --> 00:41:16,320
a different route to the finish line.

773
00:41:16,320 --> 00:41:20,800
This is usually the exact moment leaders start sounding the alarm about shadow IT, unauthorized

774
00:41:20,800 --> 00:41:24,040
apps, and those private spreadsheets everyone keeps on their desktops.

775
00:41:24,040 --> 00:41:26,120
Now we've added shadow AI to that list.

776
00:41:26,120 --> 00:41:29,960
Most organizations frame this as a compliance failure or a simple lack of discipline.

777
00:41:29,960 --> 00:41:34,520
They claim people are bypassing governance just because they want a shortcut or find the

778
00:41:34,520 --> 00:41:36,160
official rules annoying.

779
00:41:36,160 --> 00:41:39,720
Well that might be true in a few cases, looking closer reveals a much more important truth

780
00:41:39,720 --> 00:41:42,640
about how your business actually functions.

781
00:41:42,640 --> 00:41:46,080
Shadow behavior isn't just rebellion, it is structural compensation.

782
00:41:46,080 --> 00:41:49,600
People aren't abandoning the governed path because they have a grudge against the IT

783
00:41:49,600 --> 00:41:50,600
department.

784
00:41:50,600 --> 00:41:53,760
They are leaving because the official system no longer matches the speed or the clarity

785
00:41:53,760 --> 00:41:55,720
they need to actually do their jobs.

786
00:41:55,720 --> 00:41:56,880
That distinction is everything.

787
00:41:56,880 --> 00:42:01,200
When a formal system becomes too slow or relies on too many human gatekeepers, the business

788
00:42:01,200 --> 00:42:02,880
doesn't just stop needing results.

789
00:42:02,880 --> 00:42:05,280
It compensates.

790
00:42:05,280 --> 00:42:08,820
A team will build its own tracker because the official workspace feels like a maze they

791
00:42:08,820 --> 00:42:09,900
can't navigate.

792
00:42:09,900 --> 00:42:14,040
Someone else will export data into a personal spreadsheet because getting a clean view through

793
00:42:14,040 --> 00:42:17,200
the approved process takes three days instead of three minutes.

794
00:42:17,200 --> 00:42:21,040
Even managers get in on it setting up private chat threads because the formal workflow adds

795
00:42:21,040 --> 00:42:23,920
a week of delay without adding a single bit of value.

796
00:42:23,920 --> 00:42:27,920
When a business user starts experimenting with a public AI tool, it's usually because

797
00:42:27,920 --> 00:42:31,840
the sanctioned environment can't answer the question they need solved by five o'clock.

798
00:42:31,840 --> 00:42:35,120
This isn't just a policy violation, it is the organization trying to restore its

799
00:42:35,120 --> 00:42:36,120
own flow.

800
00:42:36,120 --> 00:42:38,600
To be clear, this creates massive structural risk.

801
00:42:38,600 --> 00:42:43,080
Shadow IT increases your attack surface and shadow AI can pull sensitive data into places

802
00:42:43,080 --> 00:42:44,480
it was never meant to go.

803
00:42:44,480 --> 00:42:48,720
These private workarounds weaken your ability to audit what's happening and local automation

804
00:42:48,720 --> 00:42:51,800
can skip right over controls that were put there for a very good reason that I'm not

805
00:42:51,800 --> 00:42:56,000
downplaying those risks but from a system perspective, risky behavior is a loud signal.

806
00:42:56,000 --> 00:42:59,200
That signal is telling you there is an unmet operational need.

807
00:42:59,200 --> 00:43:03,080
When you see shadow behavior popping up repeatedly around the same high friction processes, the

808
00:43:03,080 --> 00:43:06,640
leadership team should stop asking how to shut it down and start asking what gap the formal

809
00:43:06,640 --> 00:43:08,480
environment is failing to bridge.

810
00:43:08,480 --> 00:43:12,440
The reason these tools spread is rarely because the official software is missing.

811
00:43:12,440 --> 00:43:16,320
In most Microsoft 365 environments, the official stack is actually massive.

812
00:43:16,320 --> 00:43:21,400
You have teams, SharePoint, and the Power Platform and Copilot is likely already there or arriving

813
00:43:21,400 --> 00:43:22,400
soon.

814
00:43:22,400 --> 00:43:24,160
Yet people still step outside the fence.

815
00:43:24,160 --> 00:43:27,840
Availability is not the same thing as usability and just because a tool is governed doesn't

816
00:43:27,840 --> 00:43:29,840
mean it's a functional fit for the task at hand.

817
00:43:29,840 --> 00:43:34,320
If people can't get timely access to the content they need to make a move, they will compensate.

818
00:43:34,320 --> 00:43:38,480
If every decision has to wait on one or two overloaded humans, they will compensate.

819
00:43:38,480 --> 00:43:43,160
When official workflows carry too much ambiguity or too many handoffs, the system creates its

820
00:43:43,160 --> 00:43:44,720
own pressure release valve.

821
00:43:44,720 --> 00:43:48,000
In the anchor case I studied, this showed up in all the usual ways.

822
00:43:48,000 --> 00:43:52,800
There were local file copies, parallel trackers, and private teams threads everywhere.

823
00:43:52,800 --> 00:43:56,480
People were using unapproved AI for quick analysis and drafting because they needed the

824
00:43:56,480 --> 00:43:59,640
process to move now, not after three rounds of committee review.

825
00:43:59,640 --> 00:44:03,640
Each of these work around solved a local problem, but together they built a second invisible

826
00:44:03,640 --> 00:44:04,720
operating layer.

827
00:44:04,720 --> 00:44:07,880
This layer had lower visibility and zero formal control.

828
00:44:07,880 --> 00:44:11,240
Yet it often had faster decision speeds than the official environment.

829
00:44:11,240 --> 00:44:13,960
That is the part that makes executives uncomfortable.

830
00:44:13,960 --> 00:44:17,960
Once the unofficial route becomes more responsive than the official one, people stop trusting

831
00:44:17,960 --> 00:44:19,840
the govern system entirely.

832
00:44:19,840 --> 00:44:22,200
Power then shifts away from formal leaders and gatekeepers.

833
00:44:22,200 --> 00:44:25,600
It moves to whoever can create or interpret that unofficial path.

834
00:44:25,600 --> 00:44:28,040
This expands risk in two directions.

835
00:44:28,040 --> 00:44:33,400
Once loses all visibility and the organization reinforces the idea that real work only happens

836
00:44:33,400 --> 00:44:35,520
outside of formal design.

837
00:44:35,520 --> 00:44:40,720
Shadowite and shadow AI are evidence that your current design is underserving the business.

838
00:44:40,720 --> 00:44:44,120
Titer restrictions are usually the wrong response because if the underlying need remains, the

839
00:44:44,120 --> 00:44:45,960
compensation will just pop up somewhere else.

840
00:44:45,960 --> 00:44:49,120
You have to read shadow behavior like a diagnostic report.

841
00:44:49,120 --> 00:44:53,080
Ask yourself where the speed is being blocked and where the context is too concentrated.

842
00:44:53,080 --> 00:44:56,880
If your formal environment is so hard to use that people would rather accept unmanaged

843
00:44:56,880 --> 00:44:58,680
risk than wait for an approval.

844
00:44:58,680 --> 00:45:00,720
You have a design failure, not a people failure.

845
00:45:00,720 --> 00:45:04,000
These questions are even more critical now that AI has entered the room.

846
00:45:04,000 --> 00:45:06,240
The workaround is no longer just a spreadsheet.

847
00:45:06,240 --> 00:45:10,200
It's an entire intelligence layer sitting outside your boundary.

848
00:45:10,200 --> 00:45:12,760
AI does not create power, it amplifies it.

849
00:45:12,760 --> 00:45:16,600
The AI layer is now amplifying every one of these structural gaps.

850
00:45:16,600 --> 00:45:20,480
Many organizations still talk about Copilot as if it arrives with its own built-in map

851
00:45:20,480 --> 00:45:24,200
of the business, but it doesn't actually know who should decide what or which version

852
00:45:24,200 --> 00:45:26,240
of a document is the truth.

853
00:45:26,240 --> 00:45:28,160
AI works on access and available content.

854
00:45:28,160 --> 00:45:31,560
It only knows the context your environment makes reachable.

855
00:45:31,560 --> 00:45:34,600
Because of this, AI doesn't create a new power structure from scratch.

856
00:45:34,600 --> 00:45:37,200
It simply amplifies the one already living in your tenant.

857
00:45:37,200 --> 00:45:41,040
This makes your permission problems more dangerous than they ever were before.

858
00:45:41,040 --> 00:45:44,320
Before AI, bad access design was often protected by friction.

859
00:45:44,320 --> 00:45:47,360
Information might have been overshared, but it was still hard to find like a file buried

860
00:45:47,360 --> 00:45:49,320
10 folders deep with a cryptic name.

861
00:45:49,320 --> 00:45:52,800
A site might have had weak ownership, but the damage was limited by the fact that humans

862
00:45:52,800 --> 00:45:54,480
had to manually search for things.

863
00:45:54,480 --> 00:45:55,760
AI removes that friction.

864
00:45:55,760 --> 00:45:59,080
It takes the effort out of turning latent access into active insight.

865
00:45:59,080 --> 00:46:04,360
If the wrong person can already reach a file, AI makes that reach operationally meaningful.

866
00:46:04,360 --> 00:46:08,760
Conversely, if the right person can't find what they need, AI can't invent that missing

867
00:46:08,760 --> 00:46:09,760
context.

868
00:46:09,760 --> 00:46:12,440
It just generates answers based on incomplete information.

869
00:46:12,440 --> 00:46:14,600
This creates two major forms of distortion.

870
00:46:14,600 --> 00:46:16,280
First you get unintended visibility.

871
00:46:16,280 --> 00:46:20,400
A junior employee might not be looking for bored materials or sensitive payroll data,

872
00:46:20,400 --> 00:46:24,240
but if those files are sitting inside broad permissions, natural language search brings

873
00:46:24,240 --> 00:46:26,000
them right to the surface.

874
00:46:26,000 --> 00:46:29,000
The permission was always there, but AI made it a reality.

875
00:46:29,000 --> 00:46:30,640
Second you get false confidence.

876
00:46:30,640 --> 00:46:35,840
People see a fluent, well-written answer, and assume it reflects the organizational truth.

877
00:46:35,840 --> 00:46:41,240
If the underlying data is fragmented, outdated, or duplicated, the AI output inherits every

878
00:46:41,240 --> 00:46:42,240
one of those flaws.

879
00:46:42,240 --> 00:46:46,160
It sounds coherent, but it's representing a partial or broken reality.

880
00:46:46,160 --> 00:46:49,080
This is incredibly dangerous at the executive level.

881
00:46:49,080 --> 00:46:52,760
Decisions can now move much faster based on information that looks clean, but is structurally

882
00:46:52,760 --> 00:46:53,760
biased.

883
00:46:53,760 --> 00:46:58,280
The organization initially thought of AI as a simple productivity play to help people search

884
00:46:58,280 --> 00:46:59,920
and summarize faster.

885
00:46:59,920 --> 00:47:03,600
That only works if your underlying access model deserves to be accelerated.

886
00:47:03,600 --> 00:47:07,640
Instead, the readiness work showed that some people had massive access due to old project

887
00:47:07,640 --> 00:47:11,480
roles, while the people actually accountable for outcomes were flying blind.

888
00:47:11,480 --> 00:47:15,400
If you drop AI on top of that mess, you don't get mutual intelligence.

889
00:47:15,400 --> 00:47:16,960
You get amplified misalignment.

890
00:47:16,960 --> 00:47:21,240
The wrong people become more powerful because they can discover more data faster than anyone

891
00:47:21,240 --> 00:47:22,240
else.

892
00:47:22,240 --> 00:47:26,560
The right people stay constrained because you cannot prompt missing context into existence.

893
00:47:26,560 --> 00:47:30,000
The people who already sit at the intersection of trust and historical knowledge become

894
00:47:30,000 --> 00:47:34,440
even more of a bottleneck because they are the only ones who can tell what the AI missed.

895
00:47:34,440 --> 00:47:36,360
The hidden structure doesn't go away.

896
00:47:36,360 --> 00:47:37,440
It hardens.

897
00:47:37,440 --> 00:47:41,320
If your information ownership is fragmented or your permissions are stale, AI will simply

898
00:47:41,320 --> 00:47:42,480
scale those problems.

899
00:47:42,480 --> 00:47:45,880
This is why AI readiness isn't a technical tooling question.

900
00:47:45,880 --> 00:47:48,440
It's a question of organizational truth.

901
00:47:48,440 --> 00:47:52,600
When your systems reliably give the right context to the right people at the right time.

902
00:47:52,600 --> 00:47:55,280
If the answer is no, AI won't fail because of a glitch in the code.

903
00:47:55,280 --> 00:47:59,520
It will fail because the environment is feeding the model the wrong story.

904
00:47:59,520 --> 00:48:02,680
AI is not a fix for weak structural design.

905
00:48:02,680 --> 00:48:06,040
It is a force multiplier for whatever design you already have.

906
00:48:06,040 --> 00:48:10,720
Before you ask how quickly you can scale AI, you need to ask what exactly you are scaling.

907
00:48:10,720 --> 00:48:15,240
If you are scaling misaligned access and hidden dependencies, then you aren't making progress.

908
00:48:15,240 --> 00:48:17,360
You are just increasing your exposure.

909
00:48:17,360 --> 00:48:20,560
Why co-pilot pilots fail in misaligned organizations?

910
00:48:20,560 --> 00:48:25,120
When a co-pilot pilot struggles, the easy explanation is usually the wrong one.

911
00:48:25,120 --> 00:48:30,080
Leaders often claim the tool is immature, while users complain the answers aren't good enough.

912
00:48:30,080 --> 00:48:34,200
Ity suggests adoption just needs more training and security argues that governance is slowing

913
00:48:34,200 --> 00:48:35,200
the rollout.

914
00:48:35,200 --> 00:48:39,040
While each of those points might be partly true, the deeper problem in a misaligned organization

915
00:48:39,040 --> 00:48:40,440
is usually much simpler.

916
00:48:40,440 --> 00:48:44,920
Co-pilot is being asked to perform well inside an environment that does not distribute

917
00:48:44,920 --> 00:48:46,200
context effectively.

918
00:48:46,200 --> 00:48:50,800
This means the pilot gets judged as a failed AI initiative when it is actually exposing a

919
00:48:50,800 --> 00:48:53,280
fundamental problem with the access architecture.

920
00:48:53,280 --> 00:48:56,960
In the anchor case, this reality became visible almost immediately.

921
00:48:56,960 --> 00:49:00,800
Some users were impressed during the first week because co-pilot could surface information

922
00:49:00,800 --> 00:49:03,800
they used to spend hours hunting down manually.

923
00:49:03,800 --> 00:49:08,360
Others felt underwhelmed because the answers felt thin or incomplete and a third group

924
00:49:08,360 --> 00:49:12,560
became cautious because the tool surfaced content that was technically accessible but didn't

925
00:49:12,560 --> 00:49:14,600
feel appropriate or well-governed.

926
00:49:14,600 --> 00:49:16,400
It makes creates a massive trust problem.

927
00:49:16,400 --> 00:49:21,440
It isn't about trust in AI as an abstract concept but rather trust in whether the environment

928
00:49:21,440 --> 00:49:25,760
behind the AI reflects business reality well enough to use the output.

929
00:49:25,760 --> 00:49:30,040
If one person gets a sharp answer because their access footprint is broad, while a colleague

930
00:49:30,040 --> 00:49:34,400
with formal accountability gets a weaker answer due to restricted context, the pilot doesn't

931
00:49:34,400 --> 00:49:35,560
feel reliable.

932
00:49:35,560 --> 00:49:37,360
It feels political.

933
00:49:37,360 --> 00:49:42,080
Once a tool feels politically uneven, adoption drops fast because people do not just evaluate

934
00:49:42,080 --> 00:49:44,800
usefulness, they evaluate their own exposure.

935
00:49:44,800 --> 00:49:48,120
They start wondering if they can trust an answer in front of their peers or if they are seeing

936
00:49:48,120 --> 00:49:49,560
something they shouldn't be seeing.

937
00:49:49,560 --> 00:49:53,400
These are not user experience questions, they are power questions and this is why so many

938
00:49:53,400 --> 00:49:56,920
pilots lose momentum after the initial excitement fades.

939
00:49:56,920 --> 00:50:01,400
The first phase is always about novelty where everyone focuses on how fast the tool summarizes

940
00:50:01,400 --> 00:50:02,400
or drafts.

941
00:50:02,400 --> 00:50:06,600
The second phase is a confrontation with reality where people ask why the AI found a file

942
00:50:06,600 --> 00:50:11,160
for one person but not another or why sensitive material is suddenly one prompt away.

943
00:50:11,160 --> 00:50:15,120
That last part matters more than most leaders expect because when a pilot enters a misaligned

944
00:50:15,120 --> 00:50:18,480
environment, it often increases dependency on informal gatekeepers.

945
00:50:18,480 --> 00:50:22,080
Now people not only need help finding information but they also need help validating whether

946
00:50:22,080 --> 00:50:24,480
what the AI found is actually safe to use.

947
00:50:24,480 --> 00:50:28,360
The same people who already held hidden influence become even more important as they turn into

948
00:50:28,360 --> 00:50:31,600
human trust layers over machine generated convenience.

949
00:50:31,600 --> 00:50:33,440
That isn't a digital transformation.

950
00:50:33,440 --> 00:50:36,520
It is structural compensation with a modern interface.

951
00:50:36,520 --> 00:50:40,320
Leadership expects productivity gains and faster decisions but what the people inside

952
00:50:40,320 --> 00:50:45,480
the system actually experience is governance ambiguity and faster access to uneven context.

953
00:50:45,480 --> 00:50:49,200
Instead of broad adoption people become selective and politically aware in how they use

954
00:50:49,200 --> 00:50:50,200
the tool.

955
00:50:50,200 --> 00:50:53,520
This is why failed pilots are so often misdiagnosed by the organization.

956
00:50:53,520 --> 00:50:58,240
The AI pilot measured the quality of the organization's permission design and trust architecture

957
00:50:58,240 --> 00:51:02,640
more honestly than any previous initiative and the environment simply did not pass the

958
00:51:02,640 --> 00:51:03,800
test.

959
00:51:03,800 --> 00:51:07,360
Training alone rarely fixes this because you can teach prompting all day but none of that

960
00:51:07,360 --> 00:51:10,600
corrects misaligned access or repair stale ownership.

961
00:51:10,600 --> 00:51:14,320
If the pilot stalls the question shouldn't be about how to persuade people to use the

962
00:51:14,320 --> 00:51:15,320
tool more.

963
00:51:15,320 --> 00:51:19,880
The better question is what the pilot is revealing about who can see what and who still controls

964
00:51:19,880 --> 00:51:21,760
what the organization can act on.

965
00:51:21,760 --> 00:51:25,680
When a co-pilot pilot fails it is rarely a simple technology failure.

966
00:51:25,680 --> 00:51:29,240
It is the permission problem finally becoming visible at scale.

967
00:51:29,240 --> 00:51:32,120
Contrast moment one, the over-permissioned organization.

968
00:51:32,120 --> 00:51:36,200
That anchor case matters because it shows how hidden concentration creates bottlenecks

969
00:51:36,200 --> 00:51:39,600
but let me take one step sideways to show you a different failure mode.

970
00:51:39,600 --> 00:51:44,120
This is the organization where too much access creates noise, confusion and false confidence.

971
00:51:44,120 --> 00:51:48,400
On the surface this kind of environment looks modern because it features open collaboration

972
00:51:48,400 --> 00:51:50,520
and very few barriers to information.

973
00:51:50,520 --> 00:51:54,360
Leadership often likes the feel of this setup because it signals trust and agility allowing

974
00:51:54,360 --> 00:51:57,880
people to move quickly without asking for permission every 5 minutes.

975
00:51:57,880 --> 00:52:01,520
For a while that can look like speed but eventually openness scales without ownership and

976
00:52:01,520 --> 00:52:04,840
access everywhere starts to blur responsibility anywhere.

977
00:52:04,840 --> 00:52:09,040
This becomes widely visible while stewardship stays vague and sites remain searchable even

978
00:52:09,040 --> 00:52:12,200
though no one is sure who is maintaining the underlying structure.

979
00:52:12,200 --> 00:52:16,320
Teams get added to other teams and guests remain in digital spaces long after the work has

980
00:52:16,320 --> 00:52:20,680
changed because removing access feels more dangerous than leaving it in place.

981
00:52:20,680 --> 00:52:25,440
The environment becomes permissive by default and ambiguous by habit which creates a very

982
00:52:25,440 --> 00:52:27,360
different kind of power problem.

983
00:52:27,360 --> 00:52:31,960
This isn't about concentrated gatekeeping, it is about diffuse influence with zero accountability.

984
00:52:31,960 --> 00:52:36,440
In one organization like this almost every friction point sounded small on its own like having

985
00:52:36,440 --> 00:52:42,040
too many versions of the same commercial material or policy drafts visible in forgotten spaces.

986
00:52:42,040 --> 00:52:45,480
Decision makers were pulling different numbers from different versions of the truth because

987
00:52:45,480 --> 00:52:50,040
everyone had access to something but no one owned the integrity of the data.

988
00:52:50,040 --> 00:52:52,560
That isn't openness, it is structural overexposure.

989
00:52:52,560 --> 00:52:56,800
When everyone can see too much, signal and authority start collapsing into each other and

990
00:52:56,800 --> 00:52:59,320
people begin to mistake visibility for legitimacy.

991
00:52:59,320 --> 00:53:02,880
They assume that because they found a document it must be current and because they can access

992
00:53:02,880 --> 00:53:04,760
a workspace they are meant to act on it.

993
00:53:04,760 --> 00:53:08,880
They assume that if co-pilot surfaces a result that result reflects something the organization

994
00:53:08,880 --> 00:53:12,360
stands behind but broad access does not equal governed truth.

995
00:53:12,360 --> 00:53:16,000
From a system perspective the issue here is a total lack of boundaries.

996
00:53:16,000 --> 00:53:20,160
The organization can move quickly into the wrong conclusion because the environment does

997
00:53:20,160 --> 00:53:25,000
not clearly separate working material from trusted material or historical access from current

998
00:53:25,000 --> 00:53:26,320
responsibility.

999
00:53:26,320 --> 00:53:30,480
This becomes especially dangerous once AI is involved because co-pilot doesn't need

1000
00:53:30,480 --> 00:53:33,000
to break any rules to create a massive risk.

1001
00:53:33,000 --> 00:53:37,200
If broad permissions remain in place then natural language discovery turns messy exposure

1002
00:53:37,200 --> 00:53:38,200
into practical influence.

1003
00:53:38,200 --> 00:53:41,720
A person with no formal role in a topic may suddenly have enough context to shape the

1004
00:53:41,720 --> 00:53:46,040
conversation or an executive might receive a polished answer built from overshared and

1005
00:53:46,040 --> 00:53:47,920
weakly governed content.

1006
00:53:47,920 --> 00:53:51,840
Teams may act with total confidence on material that was never intended to be the operational

1007
00:53:51,840 --> 00:53:52,920
source of truth.

1008
00:53:52,920 --> 00:53:56,280
In this case, power didn't hide behind a single gatekeeper.

1009
00:53:56,280 --> 00:54:00,440
It scattered into the environment and weakened the quality of every decision made.

1010
00:54:00,440 --> 00:54:04,600
Audit findings increased and ownership questions became harder to answer because too many people

1011
00:54:04,600 --> 00:54:07,720
could touch too many things without a clean stewardship model.

1012
00:54:07,720 --> 00:54:12,760
When leaders asked who was responsible the answer always dissolved into the same pattern.

1013
00:54:12,760 --> 00:54:15,400
Everybody had access but nobody had accountability.

1014
00:54:15,400 --> 00:54:17,280
That is the hidden cost of over-permissioning.

1015
00:54:17,280 --> 00:54:21,040
It feels collaborative but structurally it weakens trust because the business stops knowing

1016
00:54:21,040 --> 00:54:23,000
whether what is visible is also valid.

1017
00:54:23,000 --> 00:54:26,680
This is the case that happens people create their own filters anyway by building local copies

1018
00:54:26,680 --> 00:54:28,600
and relying on unofficial experts.

1019
00:54:28,600 --> 00:54:32,400
Even maximum openness can recreate hidden power just in a different shape because too much

1020
00:54:32,400 --> 00:54:36,040
openness is fragile but the opposite fails too.

1021
00:54:36,040 --> 00:54:38,800
Contrast moment 2 - The Locked Down Organization

1022
00:54:38,800 --> 00:54:40,960
Now let's look at the exact opposite scenario.

1023
00:54:40,960 --> 00:54:45,320
I'm not talking about the open environment where access drift turned into chaos but the

1024
00:54:45,320 --> 00:54:46,320
locked down one.

1025
00:54:46,320 --> 00:54:50,960
This is the organization that believes control is the only path to safety and they define

1026
00:54:50,960 --> 00:54:54,160
safety as restricting everything by default.

1027
00:54:54,160 --> 00:54:58,400
Access is managed with an iron fist, sites are closed until someone proves they need them

1028
00:54:58,400 --> 00:55:02,360
and even simple group changes require a mountain of paperwork.

1029
00:55:02,360 --> 00:55:06,640
Workflow edits are guarded by a tiny circle of admins while content visibility stays limited

1030
00:55:06,640 --> 00:55:10,280
to narrow groups long after the original business context has shifted.

1031
00:55:10,280 --> 00:55:14,440
On paper this looks like a disciplined operation and in a very literal sense it is that there are

1032
00:55:14,440 --> 00:55:19,040
fewer obvious risks of data exposure, fewer people can accidentally stumble onto the wrong

1033
00:55:19,040 --> 00:55:23,600
file and you won't find many uncontrolled digital spaces popping up because of that leadership

1034
00:55:23,600 --> 00:55:25,680
usually feels a sense of relief.

1035
00:55:25,680 --> 00:55:29,200
The tenant looks orderly, the permission model looks serious and the governance language

1036
00:55:29,200 --> 00:55:33,600
sounds like something out of a mature enterprise playbook but here's the thing, from a system

1037
00:55:33,600 --> 00:55:38,480
perspective that environment isn't just controlled, it's brittle because if every meaningful

1038
00:55:38,480 --> 00:55:42,240
action depends on a handful of people with elevated access you haven't actually removed

1039
00:55:42,240 --> 00:55:47,200
the concentration of power, you've just formalized it.

1040
00:55:47,200 --> 00:55:50,980
In this kind of setup delay isn't a side effect hidden by openness, it is a feature built

1041
00:55:50,980 --> 00:55:53,180
directly into the operating model.

1042
00:55:53,180 --> 00:55:57,040
When a team needs access to a project site to hit a deadline they wait, when a business

1043
00:55:57,040 --> 00:56:01,540
owner needs to add one new column to a critical list to track a metric they wait.

1044
00:56:01,540 --> 00:56:04,840
If a department wants to update a workflow that no longer matches how they actually work

1045
00:56:04,840 --> 00:56:05,840
they wait.

1046
00:56:05,840 --> 00:56:09,100
Even when a leader needs a cross-functional view of information that's currently scattered

1047
00:56:09,100 --> 00:56:12,440
across protected silos they still have to wait and why is that?

1048
00:56:12,440 --> 00:56:16,480
It's because the environment was designed to prioritize approval integrity over operational

1049
00:56:16,480 --> 00:56:17,480
flow.

1050
00:56:17,480 --> 00:56:20,720
The system protects control by narrowing who is allowed to act but in doing that it also

1051
00:56:20,720 --> 00:56:23,360
narrows who is allowed to move the business forward.

1052
00:56:23,360 --> 00:56:26,320
That creates a very specific pattern almost immediately.

1053
00:56:26,320 --> 00:56:30,000
Admins, owners and platform specialists become mandatory intermediaries for even the most

1054
00:56:30,000 --> 00:56:31,560
basic business movements.

1055
00:56:31,560 --> 00:56:34,800
This isn't because they are doing a bad job or trying to be difficult but because the

1056
00:56:34,800 --> 00:56:38,320
system design placed them squarely between demand and execution.

1057
00:56:38,320 --> 00:56:42,160
I worked with one organization where the symptoms actually looked quite respectable at first

1058
00:56:42,160 --> 00:56:46,600
glance. There were no horror stories about oversharing, no obvious permission sprawl and no

1059
00:56:46,600 --> 00:56:48,680
shocks during the audit process.

1060
00:56:48,680 --> 00:56:52,800
But underneath that calm surface the business was compensating for the friction everywhere.

1061
00:56:52,800 --> 00:56:57,160
Teams started keeping private copies of approved files because the official repository was too

1062
00:56:57,160 --> 00:56:58,680
slow to navigate.

1063
00:56:58,680 --> 00:57:01,960
People built their own side spreadsheets because getting reporting access through the formal

1064
00:57:01,960 --> 00:57:03,800
path took way too long.

1065
00:57:03,800 --> 00:57:07,480
Managers even used private chat groups to make decisions before submitting official requests

1066
00:57:07,480 --> 00:57:11,560
knowing that once a request entered the governed process the speed would drop to zero.

1067
00:57:11,560 --> 00:57:14,280
And inevitably the shadow automation started to appear.

1068
00:57:14,280 --> 00:57:18,160
It wasn't anything massive, just small local flows and personal workarounds that people

1069
00:57:18,160 --> 00:57:22,800
build when the official route asks them to trade too much time for too little flexibility.

1070
00:57:22,800 --> 00:57:28,040
The lockdown organization had strong visible control but it had zero structural resilience.

1071
00:57:28,040 --> 00:57:32,440
Because the business relied on a few highly trusted actors to unlock every single exception

1072
00:57:32,440 --> 00:57:34,960
and change, those people became indispensable.

1073
00:57:34,960 --> 00:57:38,480
That might feel secure but it actually makes the business much less adaptive than leadership

1074
00:57:38,480 --> 00:57:39,480
realises.

1075
00:57:39,480 --> 00:57:41,160
Now map that reality to AI.

1076
00:57:41,160 --> 00:57:45,840
Many executives assume a locked down environment is the safest place for a tool like co-pilot because

1077
00:57:45,840 --> 00:57:48,080
there's less exposure and cleaner boundaries.

1078
00:57:48,080 --> 00:57:51,760
That might be true for security but if the right people still can't access the context

1079
00:57:51,760 --> 00:57:55,720
they need, your AI adoption is going to stall for a completely different reason.

1080
00:57:55,720 --> 00:57:58,520
The problem won't be that too much is discoverable.

1081
00:57:58,520 --> 00:58:00,760
It will be that too little is useful.

1082
00:58:00,760 --> 00:58:05,160
An AI tool cannot generate meaningful support or insights from information the user isn't

1083
00:58:05,160 --> 00:58:06,160
allowed to reach.

1084
00:58:06,160 --> 00:58:08,560
The answers come back partial, thin and generic.

1085
00:58:08,560 --> 00:58:11,840
They are technically safe but they are operationally useless.

1086
00:58:11,840 --> 00:58:14,280
Once that happens trust in the technology evaporates.

1087
00:58:14,280 --> 00:58:18,800
Users decide the AI isn't helpful, leadership starts questioning the return on investment

1088
00:58:18,800 --> 00:58:22,400
and security points to the lack of leaks as a total success.

1089
00:58:22,400 --> 00:58:26,200
Meanwhile the business just goes back to the same few people who already hold all the

1090
00:58:26,200 --> 00:58:27,360
access and context.

1091
00:58:27,360 --> 00:58:31,440
The locked down environment ends up recreating the same core issue as the overpermissioned

1092
00:58:31,440 --> 00:58:32,440
one.

1093
00:58:32,440 --> 00:58:34,240
Misaligned control.

1094
00:58:34,240 --> 00:58:37,760
One side creates confusion through overexposure while the other creates bottlenecks

1095
00:58:37,760 --> 00:58:39,240
through over restriction.

1096
00:58:39,240 --> 00:58:42,120
Both setups produce the exact same business reality.

1097
00:58:42,120 --> 00:58:46,240
Decisions slow down hidden dependencies grow and unofficial paths emerge as the people inside

1098
00:58:46,240 --> 00:58:50,040
the system realize the formal structure isn't where the real work happens.

1099
00:58:50,040 --> 00:58:52,640
The problem isn't openness or strictness on their own.

1100
00:58:52,640 --> 00:58:56,280
The real issue is whether access matches responsibility closely enough for the business

1101
00:58:56,280 --> 00:58:59,720
to move without people having to find a way around the rules.

1102
00:58:59,720 --> 00:59:01,040
The real diagnosis.

1103
00:59:01,040 --> 00:59:02,360
Misaligned control.

1104
00:59:02,360 --> 00:59:04,400
So, here is the real diagnosis.

1105
00:59:04,400 --> 00:59:07,200
It isn't about having too much control or too little control.

1106
00:59:07,200 --> 00:59:08,840
It's about misaligned control.

1107
00:59:08,840 --> 00:59:13,080
This matters because most organizations try to fix permission problems by swinging wildly

1108
00:59:13,080 --> 00:59:14,920
between two basic instincts.

1109
00:59:14,920 --> 00:59:19,520
One side says we should open everything up to remove friction and trust our people while

1110
00:59:19,520 --> 00:59:23,720
the other side demands we tighten every screw and centralize authority.

1111
00:59:23,720 --> 00:59:27,720
Both of those responses can feel right in the moment and both might solve one specific

1112
00:59:27,720 --> 00:59:32,080
pain point but they both fail if they don't address the structural issue underneath.

1113
00:59:32,080 --> 00:59:36,760
The real question is whether access, responsibility and decision rights still match each other closely

1114
00:59:36,760 --> 00:59:39,600
enough for work to move without constant human intervention.

1115
00:59:39,600 --> 00:59:40,600
That is the ultimate test.

1116
00:59:40,600 --> 00:59:44,920
If the person who is actually accountable for an outcome cannot reliably access the information

1117
00:59:44,920 --> 00:59:48,080
or the tools they need to deliver it, your design is misaligned.

1118
00:59:48,080 --> 00:59:51,600
If the person with the most access isn't the one who has to live with the consequences

1119
00:59:51,600 --> 00:59:54,040
of the decision, your design is misaligned.

1120
00:59:54,040 --> 00:59:58,560
And if the only reason work keeps moving is that one person holds historical context,

1121
00:59:58,560 --> 01:00:01,400
no one else can reach, your design is definitely misaligned.

1122
01:00:01,400 --> 01:00:02,840
And why does this happen so often?

1123
01:00:02,840 --> 01:00:06,720
It happens because organizations evolve much faster than their control models do.

1124
01:00:06,720 --> 01:00:11,160
Roles change, teams merge and all projects leave digital residue behind while emergency

1125
01:00:11,160 --> 01:00:14,040
exceptions somehow become permanent fixtures.

1126
01:00:14,040 --> 01:00:18,280
Work flows get patched together and original owners move on to new roles, all while AI is

1127
01:00:18,280 --> 01:00:20,680
being layered on top of the whole mess.

1128
01:00:20,680 --> 01:00:24,200
Governance language usually stays the same long after the operational reality has shifted

1129
01:00:24,200 --> 01:00:25,200
on the ground.

1130
01:00:25,200 --> 01:00:29,000
Leaders continue to read about control through policy documents, but the people in the business

1131
01:00:29,000 --> 01:00:33,280
experience control through lived dependency and frustration.

1132
01:00:33,280 --> 01:00:36,000
That gap is where friction becomes a chronic illness.

1133
01:00:36,000 --> 01:00:39,880
This is important because misaligned control creates the same symptoms regardless of the

1134
01:00:39,880 --> 01:00:40,880
environment.

1135
01:00:40,880 --> 01:00:45,480
In an overpermissioned company, people move fast into a fog of ambiguity while in a locked

1136
01:00:45,480 --> 01:00:49,320
down company, they move slowly into a series of bottlenecks.

1137
01:00:49,320 --> 01:00:52,120
In both cases, the result is the same.

1138
01:00:52,120 --> 01:00:56,320
Responsibility gets blurry, trust becomes uneven, and people start compensating for design

1139
01:00:56,320 --> 01:00:58,280
flaws in informal, risky ways.

1140
01:00:58,280 --> 01:01:02,160
I wouldn't frame this primarily as a security issue, even though security is a huge part

1141
01:01:02,160 --> 01:01:03,160
of the conversation.

1142
01:01:03,160 --> 01:01:06,640
It also wouldn't call it just a collaboration issue, even though it clearly hurts teamwork.

1143
01:01:06,640 --> 01:01:08,440
This is an operating model issue.

1144
01:01:08,440 --> 01:01:11,920
Every permission model you build is also a decision model, and every ownership structure

1145
01:01:11,920 --> 01:01:13,720
is secretly a power structure.

1146
01:01:13,720 --> 01:01:17,320
Every workflow is a statement about who is allowed to move, who is forced to wait, and

1147
01:01:17,320 --> 01:01:19,480
who has to interpret the rules for everyone else.

1148
01:01:19,480 --> 01:01:24,360
When control is misaligned, the system starts producing very predictable, negative outcomes.

1149
01:01:24,360 --> 01:01:29,080
Decision latency goes up because every movement requires an escalation and shadow IT grows,

1150
01:01:29,080 --> 01:01:32,880
because the formal paths don't match what the business actually needs to do.

1151
01:01:32,880 --> 01:01:37,000
Standard findings start to multiply because ownership and access no longer reflect reality,

1152
01:01:37,000 --> 01:01:41,520
and digital transformation stalls, because new tools like co-pilot inherit all these old

1153
01:01:41,520 --> 01:01:43,240
structural contradictions.

1154
01:01:43,240 --> 01:01:45,520
This is exactly why so many AI pilots fail.

1155
01:01:45,520 --> 01:01:49,560
It's not because the AI is weak, but because the business hasn't clearly decided who should

1156
01:01:49,560 --> 01:01:52,280
be allowed to know, act, and decide.

1157
01:01:52,280 --> 01:01:56,160
From a system perspective, structural resilience depends on three things.

1158
01:01:56,160 --> 01:01:58,120
Clarity, redundancy, and review.

1159
01:01:58,120 --> 01:02:02,240
Clarity means the people responsible for an outcome can actually reach the context they

1160
01:02:02,240 --> 01:02:04,120
need to own that outcome.

1161
01:02:04,120 --> 01:02:08,080
Redundancy means you don't have a single person acting as an invisible bridge between information

1162
01:02:08,080 --> 01:02:12,440
and execution, and review means you treat permissions and ownership as living parts of the

1163
01:02:12,440 --> 01:02:14,800
business rather than historical leftovers.

1164
01:02:14,800 --> 01:02:18,920
Without those three pillars, control will always drift, and when control drifts, power doesn't

1165
01:02:18,920 --> 01:02:23,840
just disappear, it relocates into the hands of whoever is still able to unlock movement.

1166
01:02:23,840 --> 01:02:28,200
That's why an org chart is such a poor explanation of how a company actually functions over time.

1167
01:02:28,200 --> 01:02:32,360
It shows you who is accountable in theory, but the systems underneath show you who has the

1168
01:02:32,360 --> 01:02:34,280
operational influence in practice.

1169
01:02:34,280 --> 01:02:38,760
If those two maps don't align, the business pays for it every single day through slower decisions,

1170
01:02:38,760 --> 01:02:40,600
more workarounds, and lower trust.

1171
01:02:40,600 --> 01:02:44,120
The real diagnosis isn't that your people need to collaborate better or that your governance

1172
01:02:44,120 --> 01:02:45,520
needs to be stricter.

1173
01:02:45,520 --> 01:02:49,200
It's that the way control is distributed in your environment no longer matches the way

1174
01:02:49,200 --> 01:02:51,480
responsibilities distributed in your business.

1175
01:02:51,480 --> 01:02:55,640
Once you see that clearly, you can stop arguing about personalities and start mapping power

1176
01:02:55,640 --> 01:02:57,280
where it actually lives.

1177
01:02:57,280 --> 01:03:00,040
How to map real power without buying new tools?

1178
01:03:00,040 --> 01:03:03,520
Once the invisible structures become visible, the next question is purely practical.

1179
01:03:03,520 --> 01:03:08,040
You need to know how to map real power without turning this into another massive transformation

1180
01:03:08,040 --> 01:03:12,760
program, a bloated dashboard project, or an expensive governance initiative.

1181
01:03:12,760 --> 01:03:16,840
The good news is that you usually don't need new tools to see the pattern, but you definitely

1182
01:03:16,840 --> 01:03:18,360
need a different starting point.

1183
01:03:18,360 --> 01:03:22,640
Most organizations begin with formal structure by looking at the org chart, role descriptions,

1184
01:03:22,640 --> 01:03:23,640
and approval matrices.

1185
01:03:23,640 --> 01:03:27,840
That feels logical, but it only gives you the intended model rather than the actual operating

1186
01:03:27,840 --> 01:03:28,840
one.

1187
01:03:28,840 --> 01:03:32,000
If you want to understand where power actually sits, you have to start with friction.

1188
01:03:32,000 --> 01:03:36,240
Look for the places where decisions feel slow, strange, or oddly dependent on specific

1189
01:03:36,240 --> 01:03:38,880
people, because friction always leaves a trail.

1190
01:03:38,880 --> 01:03:42,880
That trail usually tells you more about real power than any policy deck ever will.

1191
01:03:42,880 --> 01:03:45,120
Start by picking a few decisions that actually matter.

1192
01:03:45,120 --> 01:03:48,680
You don't need to track everything, so just choose a handful of decisions important enough

1193
01:03:48,680 --> 01:03:51,200
to reveal how the model really functions.

1194
01:03:51,200 --> 01:03:55,240
This might include access changes for sensitive content, cross-functional project approvals,

1195
01:03:55,240 --> 01:03:59,320
or budget-related requests where multiple teams and ownership lines intersect.

1196
01:03:59,320 --> 01:04:02,120
Then ask very simple questions about the process.

1197
01:04:02,120 --> 01:04:03,800
Who initiates the request?

1198
01:04:03,800 --> 01:04:06,120
And who has to be consulted before anything moves?

1199
01:04:06,120 --> 01:04:09,960
You need to know who gives the formal approval, but more importantly, you need to find out who

1200
01:04:09,960 --> 01:04:11,680
actually unblocks the movement.

1201
01:04:11,680 --> 01:04:14,840
When the process becomes unclear, who gets pulled into fix it?

1202
01:04:14,840 --> 01:04:18,720
Find out who knows where the trusted content lives, and who has the technical power to change

1203
01:04:18,720 --> 01:04:20,840
the access or the workflow if needed.

1204
01:04:20,840 --> 01:04:25,600
And sequence matters because it separates declared authority from operational influence.

1205
01:04:25,600 --> 01:04:28,880
Once you do this a few times, you'll notice that patterns begin to repeat.

1206
01:04:28,880 --> 01:04:33,560
The same names keep showing up in teams, threads, and sharepoint spaces, and the same coordinators

1207
01:04:33,560 --> 01:04:37,760
or admins reappear at the exact moment a decision either moves or stalls.

1208
01:04:37,760 --> 01:04:41,960
This is your first real map, and while it isn't a visual one, it is a structural map

1209
01:04:41,960 --> 01:04:43,960
that traces real dependency.

1210
01:04:43,960 --> 01:04:47,160
The next step is to compare business responsibility with technical reach.

1211
01:04:47,160 --> 01:04:51,160
Think one critical business area and ask if the people accountable for outcomes have the

1212
01:04:51,160 --> 01:04:53,680
access they need to see, verify, and act.

1213
01:04:53,680 --> 01:04:55,280
This isn't a theoretical question.

1214
01:04:55,280 --> 01:04:56,280
It's a practical one.

1215
01:04:56,280 --> 01:04:59,840
If a leader owns the outcome but cannot see the relevant content or trigger a workflow

1216
01:04:59,840 --> 01:05:03,600
change without rooting through someone else, then the power has already shifted somewhere

1217
01:05:03,600 --> 01:05:04,600
else.

1218
01:05:04,600 --> 01:05:07,080
This is where the concept of effective permissions becomes useful.

1219
01:05:07,080 --> 01:05:10,720
You don't need to read technical logs to understand the core question, who can actually

1220
01:05:10,720 --> 01:05:11,720
access what right now?

1221
01:05:11,720 --> 01:05:15,060
It's not about who should have access or who used to have it, but who possesses the

1222
01:05:15,060 --> 01:05:16,760
ability to act in this moment.

1223
01:05:16,760 --> 01:05:18,520
And look at where communication concentrates.

1224
01:05:18,520 --> 01:05:22,080
When things get important, where do the conversations keep converging?

1225
01:05:22,080 --> 01:05:26,220
Identify the people who bridge multiple teams repeatedly and translate ambiguity into

1226
01:05:26,220 --> 01:05:27,220
movement.

1227
01:05:27,220 --> 01:05:30,840
You aren't trying to prove who is politically influential, but rather identifying where

1228
01:05:30,840 --> 01:05:35,360
the organization has become dependent on human centrality to compensate for weak structural

1229
01:05:35,360 --> 01:05:36,360
flow.

1230
01:05:36,360 --> 01:05:38,120
Finally, move to content stewardship.

1231
01:05:38,120 --> 01:05:41,960
You need to know who owns the critical sharepoint spaces, who updates them, and who decides

1232
01:05:41,960 --> 01:05:44,280
what information is current enough to trust.

1233
01:05:44,280 --> 01:05:47,740
After the formal owners with the real stewards in healthy structures, those roles are closely

1234
01:05:47,740 --> 01:05:50,200
aligned, but in fragile ones, they drift apart.

1235
01:05:50,200 --> 01:05:53,880
When they drift, information power starts moving away from formal accountability.

1236
01:05:53,880 --> 01:05:57,800
If you focus on decision tracing, access comparison, and stewardship, you will have more than

1237
01:05:57,800 --> 01:05:59,600
enough to see where power really sits.

1238
01:05:59,600 --> 01:06:04,240
Real power leaves evidence in movement, showing up in who can unblock work, surface the truth,

1239
01:06:04,240 --> 01:06:06,840
or make the system usable for everyone else.

1240
01:06:06,840 --> 01:06:10,640
You are mapping operational influence, not status or personality.

1241
01:06:10,640 --> 01:06:21,640
Once leaders see this clearly, the conversation changes.

1242
01:06:21,640 --> 01:06:25,040
That question is far more useful because it allows you to stop treating friction as random

1243
01:06:25,040 --> 01:06:27,640
and start treating it as design evidence.

1244
01:06:27,640 --> 01:06:28,840
Action Step 1.

1245
01:06:28,840 --> 01:06:30,360
Measure decision latency.

1246
01:06:30,360 --> 01:06:34,040
If you want to make this practical, the first thing I would measure is decision latency.

1247
01:06:34,040 --> 01:06:38,600
Don't look at meeting volume, sentiment, or how many approvals exist on paper.

1248
01:06:38,600 --> 01:06:42,400
Decisions on the time between a request becoming real and a decision becoming usable because

1249
01:06:42,400 --> 01:06:46,840
this is where hidden power stops sounding abstract and starts becoming business evidence.

1250
01:06:46,840 --> 01:06:50,520
Most organizations already feel this problem, and people will tell you that decisions take

1251
01:06:50,520 --> 01:06:53,800
too long or that work slows down around certain dependencies.

1252
01:06:53,800 --> 01:06:58,360
However, unless you define the start and endpoints clearly, the conversation stays soft and gets

1253
01:06:58,360 --> 01:06:59,360
explained away.

1254
01:06:59,360 --> 01:07:03,040
You have to make it concrete by picking three to five decisions that regularly affect delivery

1255
01:07:03,040 --> 01:07:05,320
speed, risk, or client response.

1256
01:07:05,320 --> 01:07:09,640
Then define the exact decision window, does the clock start when the request is submitted,

1257
01:07:09,640 --> 01:07:11,440
or when a manager asks for action.

1258
01:07:11,440 --> 01:07:14,080
You also need to define the end point just as clearly.

1259
01:07:14,080 --> 01:07:17,760
A decision isn't done when someone says yes in theory, it's only done when it becomes

1260
01:07:17,760 --> 01:07:18,920
executable.

1261
01:07:18,920 --> 01:07:23,480
If the content is still unclear or a workflow owner still needs to adjust something manually,

1262
01:07:23,480 --> 01:07:25,600
the decision is only nominally finished.

1263
01:07:25,600 --> 01:07:29,480
Measure from the initial request to the usable outcome to find the real latency.

1264
01:07:29,480 --> 01:07:33,080
Once you have that data, don't just look at the total duration, break the path down

1265
01:07:33,080 --> 01:07:37,040
to see where the request waited, where it looped back, and where someone had to step in outside

1266
01:07:37,040 --> 01:07:39,440
the official process to get it across the line.

1267
01:07:39,440 --> 01:07:43,360
These moments are vital because they show you where movement depends on hidden intervention.

1268
01:07:43,360 --> 01:07:46,920
In the anchor case, this data changed the conversation almost immediately.

1269
01:07:46,920 --> 01:07:50,680
Leaders had a general sense that things were slow, but once the workflows were traced,

1270
01:07:50,680 --> 01:07:52,880
the shape of the problem was impossible to ignore.

1271
01:07:52,880 --> 01:07:55,120
The formal approvals weren't always the slowest point.

1272
01:07:55,120 --> 01:07:59,320
Instead, the actual delay sat in the spaces between them while people waited for context,

1273
01:07:59,320 --> 01:08:01,160
access, or validation.

1274
01:08:01,160 --> 01:08:02,640
That is where power reveals itself.

1275
01:08:02,640 --> 01:08:06,720
It doesn't show up where responsibility is declared, but at the point where time accumulates.

1276
01:08:06,720 --> 01:08:11,760
Delay is rarely random as it tends to cluster around uncertainty and places where access

1277
01:08:11,760 --> 01:08:13,760
and flow are misaligned.

1278
01:08:13,760 --> 01:08:17,480
When you measure latency properly, you are measuring structural dependence and identifying

1279
01:08:17,480 --> 01:08:21,120
where the system still requires human translation to function.

1280
01:08:21,120 --> 01:08:25,520
This makes latency a powerful executive metric because it reframes friction in operational

1281
01:08:25,520 --> 01:08:26,520
terms.

1282
01:08:26,520 --> 01:08:28,440
You are no longer just saying people are frustrated.

1283
01:08:28,440 --> 01:08:32,160
You are proving that a decision takes 11 days when only two of those days involve formal

1284
01:08:32,160 --> 01:08:33,160
review.

1285
01:08:33,160 --> 01:08:36,440
That realization lands differently and changes what leaders can do next.

1286
01:08:36,440 --> 01:08:41,160
You can then compare decisions that look similar on paper but behave differently in practice.

1287
01:08:41,160 --> 01:08:44,920
Why does one approval path move cleanly while another keeps stalling?

1288
01:08:44,920 --> 01:08:48,600
Why do the same names keep appearing at the moments where movement finally resumes?

1289
01:08:48,600 --> 01:08:50,080
These are the real power questions.

1290
01:08:50,080 --> 01:08:53,560
It is important not to use latency as a weapon against individuals.

1291
01:08:53,560 --> 01:08:54,880
Use it diagnostically instead.

1292
01:08:54,880 --> 01:08:58,360
If one person appears in every bottleneck, it doesn't mean they are slow.

1293
01:08:58,360 --> 01:09:01,160
It often means they are carrying the weight of the entire system.

1294
01:09:01,160 --> 01:09:04,240
The system has simply routed too much through them.

1295
01:09:04,240 --> 01:09:07,520
The point isn't to find someone to blame but to expose the truth.

1296
01:09:07,520 --> 01:09:11,360
Measure where the business weights and you will learn where the organization has placed

1297
01:09:11,360 --> 01:09:12,600
real power.

1298
01:09:12,600 --> 01:09:14,920
Every repeated delay is telling you the same thing.

1299
01:09:14,920 --> 01:09:18,640
Authority might live on the org chart but movement lives where decisions stop waiting.

1300
01:09:18,640 --> 01:09:19,640
Action step 2.

1301
01:09:19,640 --> 01:09:21,960
Ordered access against responsibility.

1302
01:09:21,960 --> 01:09:25,680
The second step in this process is to order access against responsibility.

1303
01:09:25,680 --> 01:09:29,280
This is the point where the permission problem becomes impossible to ignore because you are

1304
01:09:29,280 --> 01:09:32,360
no longer just looking at delay as an unfortunate outcome.

1305
01:09:32,360 --> 01:09:35,960
Instead you are looking at the actual structure that keeps producing that delay.

1306
01:09:35,960 --> 01:09:37,840
The core question here is very simple.

1307
01:09:37,840 --> 01:09:41,160
Does your current access model actually reflect the business reality of today?

1308
01:09:41,160 --> 01:09:45,120
I am not talking about the reality from two reorganizations ago or the way things worked

1309
01:09:45,120 --> 01:09:46,760
before the last big merger.

1310
01:09:46,760 --> 01:09:50,960
I am certainly not talking about the reality from before that emergency project created

1311
01:09:50,960 --> 01:09:54,080
six different exception groups that nobody ever bothered to clean up.

1312
01:09:54,080 --> 01:09:55,360
I am talking about right now.

1313
01:09:55,360 --> 01:09:58,960
If you look closely at most environments, they are carrying a massive amount of historical

1314
01:09:58,960 --> 01:10:02,680
access long after the underlying responsibility has moved on.

1315
01:10:02,680 --> 01:10:06,960
People change roles, projects end and owners leave the company, yet group memberships and

1316
01:10:06,960 --> 01:10:09,480
inherited permissions stay behind like sediment.

1317
01:10:09,480 --> 01:10:13,680
When leaders ask who actually holds the power in a system, the honest answer is often buried

1318
01:10:13,680 --> 01:10:15,200
inside that residue.

1319
01:10:15,200 --> 01:10:18,920
Because fixing a whole tenant in one motion is usually a recipe for failure, I recommend

1320
01:10:18,920 --> 01:10:20,800
starting with a very narrow scope.

1321
01:10:20,800 --> 01:10:24,720
Pick a few critical business areas where bad access creates either massive business drag

1322
01:10:24,720 --> 01:10:26,080
or real exposure.

1323
01:10:26,080 --> 01:10:30,360
This might include finance reporting, HR sensitive collaboration, commercial proposals or executive

1324
01:10:30,360 --> 01:10:31,720
decision material.

1325
01:10:31,720 --> 01:10:34,440
Once you have your focus, compare two things side by side.

1326
01:10:34,440 --> 01:10:38,240
Ask who is formally accountable for the outcome and then ask who can actually see, change,

1327
01:10:38,240 --> 01:10:40,080
share or grant access in that space.

1328
01:10:40,080 --> 01:10:43,040
That comparison is where the real story of your organization starts.

1329
01:10:43,040 --> 01:10:47,200
On paper accountability usually looks clear because there is a named owner or a formal role.

1330
01:10:47,200 --> 01:10:51,360
But when you trace effective permissions, you often find a much messier map where someone

1331
01:10:51,360 --> 01:10:54,720
still has access through an old group they joined years ago.

1332
01:10:54,720 --> 01:10:58,280
Someone else might have added rights because they were added directly during a crisis and

1333
01:10:58,280 --> 01:11:02,400
never removed, while a former project structure is still granting visibility into material

1334
01:11:02,400 --> 01:11:05,280
that now supports a completely different decision process.

1335
01:11:05,280 --> 01:11:09,120
Sometimes the opposite is true and the person now responsible for the outcome cannot see

1336
01:11:09,120 --> 01:11:10,120
enough to manage it.

1337
01:11:10,120 --> 01:11:14,480
They end up stuck asking others for screenshots, forwarded links or verbal confirmation just

1338
01:11:14,480 --> 01:11:15,720
to do their jobs.

1339
01:11:15,720 --> 01:11:19,600
That is misaligned control in its purest form where the org chart says one thing, but

1340
01:11:19,600 --> 01:11:21,280
the permission model says another.

1341
01:11:21,280 --> 01:11:24,920
This matters because access is not just a security issue.

1342
01:11:24,920 --> 01:11:27,760
It is a fundamental business capability issue.

1343
01:11:27,760 --> 01:11:31,520
If the wrong people hold broad reach, they gain influence whether anyone intended that

1344
01:11:31,520 --> 01:11:32,520
or not.

1345
01:11:32,520 --> 01:11:36,480
Conversely, if the right people lack reach, they lose decision quality even if they keep

1346
01:11:36,480 --> 01:11:38,400
their impressive titles.

1347
01:11:38,400 --> 01:11:41,800
Effective permissions are about more than just the principle of least privilege.

1348
01:11:41,800 --> 01:11:43,520
They are about operating legitimacy.

1349
01:11:43,520 --> 01:11:46,920
You have to ask if the people carrying the responsibility can actually operate from first-hand

1350
01:11:46,920 --> 01:11:50,360
context and if they can't, you need to find out who can.

1351
01:11:50,360 --> 01:11:54,280
The last question is vital because hidden influence often sits with the people who bridge the gap

1352
01:11:54,280 --> 01:11:57,280
between formal ownership and actual visibility.

1353
01:11:57,280 --> 01:12:00,040
In practical terms, I look for four specific red flags.

1354
01:12:00,040 --> 01:12:04,040
First is "Stayl Group Membership" which tells you that your review process has drifted.

1355
01:12:04,040 --> 01:12:08,040
Second is "inherited access" that nobody would consciously design today, which suggests

1356
01:12:08,040 --> 01:12:10,360
control is spreading further than you intended.

1357
01:12:10,360 --> 01:12:14,600
Third is the presence of direct exceptions granted to solve old friction, proving the

1358
01:12:14,600 --> 01:12:17,360
formal model failed and someone had to patch around it.

1359
01:12:17,360 --> 01:12:21,760
Finally, look for broad access around critical data sets that has no clear business justification

1360
01:12:21,760 --> 01:12:24,560
because that is where power sits in places the business isn't governing.

1361
01:12:24,560 --> 01:12:26,840
Do not stop at user accounts when you do this audit.

1362
01:12:26,840 --> 01:12:31,560
You must look at service principles, automation ownership and workflow identities as well.

1363
01:12:31,560 --> 01:12:36,680
In modern environments, access is held by automated actors that shape what data moves where and

1364
01:12:36,680 --> 01:12:38,080
who can act without asking.

1365
01:12:38,080 --> 01:12:41,240
This matters even more now that we are moving into the era of AI.

1366
01:12:41,240 --> 01:12:45,600
Tools like co-pilot and various agents inherit the same messy reality and if the underlying

1367
01:12:45,600 --> 01:12:49,160
access layer is wrong, the intelligence layer will not correct it.

1368
01:12:49,160 --> 01:12:51,040
It will simply operationalize the chaos.

1369
01:12:51,040 --> 01:12:55,520
The purpose of this step is not to create another boring access review ritual for the sake

1370
01:12:55,520 --> 01:12:56,720
of compliance.

1371
01:12:56,720 --> 01:12:59,520
The purpose is to ask a much sharper business question.

1372
01:12:59,520 --> 01:13:03,880
Does authority in this area still line up with visibility action and consequence?

1373
01:13:03,880 --> 01:13:07,200
If it doesn't, you shouldn't be surprised when decisions get political or when the

1374
01:13:07,200 --> 01:13:11,800
same unofficial experts keep reappearing to validate reality for everyone else.

1375
01:13:11,800 --> 01:13:15,360
Once access drifts away from responsibility, power always drifts with it.

1376
01:13:15,360 --> 01:13:19,160
If you want to understand how your organization actually works, don't ask who reports to

1377
01:13:19,160 --> 01:13:20,160
whom.

1378
01:13:20,160 --> 01:13:21,760
Ask who has access to what?

1379
01:13:21,760 --> 01:13:22,760
Action step 3.

1380
01:13:22,760 --> 01:13:24,080
Reduce hidden dependencies.

1381
01:13:24,080 --> 01:13:28,800
The third step is to reduce hidden dependencies before they harden into permanent architecture.

1382
01:13:28,800 --> 01:13:32,680
Once you have measured how long decisions take and compared access with responsibility,

1383
01:13:32,680 --> 01:13:34,400
the next logical question is obvious.

1384
01:13:34,400 --> 01:13:38,720
Where is the business still depending on one specific person, one flow maintainer, or

1385
01:13:38,720 --> 01:13:41,880
one piece of undocumented history just to keep the lights on?

1386
01:13:41,880 --> 01:13:43,560
That is the dependency you need to remove.

1387
01:13:43,560 --> 01:13:47,720
This isn't because dependency is always a bad thing, as every organization has specialists

1388
01:13:47,720 --> 01:13:49,760
and trust nodes who hold deep context.

1389
01:13:49,760 --> 01:13:51,800
That is a normal part of working with experts.

1390
01:13:51,800 --> 01:13:56,280
What is not healthy is when ordinary business continuity depends on those people remaining

1391
01:13:56,280 --> 01:14:01,200
continuously available to interpret or unlock what the system should already make clear.

1392
01:14:01,200 --> 01:14:04,000
That is where structural resilience starts breaking down.

1393
01:14:04,000 --> 01:14:09,040
To fix this, I look in three specific places, critical content, workflow ownership and context

1394
01:14:09,040 --> 01:14:10,040
concentration.

1395
01:14:10,040 --> 01:14:14,680
Start by identifying which sharepoint spaces or document sets are genuinely business critical.

1396
01:14:14,680 --> 01:14:16,360
Then ask yourself a hard question.

1397
01:14:16,360 --> 01:14:20,600
If the current owner disappeared for two weeks, would the business still know what is current

1398
01:14:20,600 --> 01:14:21,600
and how to manage it?

1399
01:14:21,600 --> 01:14:24,560
If the answer is no, then you do not have true ownership.

1400
01:14:24,560 --> 01:14:27,080
You have a dependency wearing the clothes of ownership.

1401
01:14:27,080 --> 01:14:31,080
To fix this, you need redundancy in the form of a second accountable owner and cleaner

1402
01:14:31,080 --> 01:14:32,080
stewardship rules.

1403
01:14:32,080 --> 01:14:36,120
You need clearer signals around what is trusted and operationally valid so the system can

1404
01:14:36,120 --> 01:14:37,760
function without a gatekeeper.

1405
01:14:37,760 --> 01:14:41,960
Then you have to look at workflow ownership, which is a detail that gets missed constantly

1406
01:14:41,960 --> 01:14:43,440
in power platform environments.

1407
01:14:43,440 --> 01:14:48,200
A flow might exist and work perfectly, but if only one person understands how to modify

1408
01:14:48,200 --> 01:14:53,000
it or what happens when it breaks, that workflow is not a scalable business asset.

1409
01:14:53,000 --> 01:14:57,320
It is a hidden fragility because workflow control and process power are the same thing.

1410
01:14:57,320 --> 01:15:00,960
The people who can change the flow effectively control the pace of the business.

1411
01:15:00,960 --> 01:15:03,840
Finally, we have to address context concentration.

1412
01:15:03,840 --> 01:15:07,400
This is the hardest one to solve because it lives inside people's heads.

1413
01:15:07,400 --> 01:15:12,040
You have to find out who knows why a certain exception exists or which version of a file

1414
01:15:12,040 --> 01:15:13,480
can actually be trusted.

1415
01:15:13,480 --> 01:15:17,920
These are dangerous questions if only one or two people can answer them consistently.

1416
01:15:17,920 --> 01:15:22,360
You can reduce that dependency structurally by documenting the rules and making stewardship

1417
01:15:22,360 --> 01:15:23,360
visible.

1418
01:15:23,360 --> 01:15:26,640
Shift interpretation into a shared process wherever you can, not because documents solve

1419
01:15:26,640 --> 01:15:30,200
every problem, but because invisible context is expensive.

1420
01:15:30,200 --> 01:15:34,000
Concentrated, invisible context is exactly how gatekeepers become permanent fixtures in

1421
01:15:34,000 --> 01:15:35,000
a company.

1422
01:15:35,000 --> 01:15:38,280
In the case I've been tracking, this was one of the biggest shifts we saw.

1423
01:15:38,280 --> 01:15:42,800
Once the organization stopped praising the people who kept rescuing broken flows and started

1424
01:15:42,800 --> 01:15:46,480
redesigning the system around the load they were carrying, everything changed.

1425
01:15:46,480 --> 01:15:50,120
They assigned additional owners to critical content and shared workflow knowledge instead

1426
01:15:50,120 --> 01:15:53,480
of letting it sit with the person who built the original fix.

1427
01:15:53,480 --> 01:15:58,040
Most importantly, leaders stopped treating the always needed person as proof of excellence.

1428
01:15:58,040 --> 01:16:02,560
They started seeing that pattern as evidence of a design gap, which is a major shift in how

1429
01:16:02,560 --> 01:16:03,560
you view your team.

1430
01:16:03,560 --> 01:16:07,720
It removes the blame from the individual without leaving the broken structure untouched.

1431
01:16:07,720 --> 01:16:11,200
The person at the center of these dependencies is usually not the problem.

1432
01:16:11,200 --> 01:16:15,160
In fact, they are often the only reason the business is still functioning.

1433
01:16:15,160 --> 01:16:19,000
But if you leave that hidden dependency in place, you are building future delay and burn

1434
01:16:19,000 --> 01:16:20,880
out directly into your operating model.

1435
01:16:20,880 --> 01:16:22,400
The goal here is simple.

1436
01:16:22,400 --> 01:16:25,800
Make important work survivable without requiring heroics.

1437
01:16:25,800 --> 01:16:29,800
You want content to be trustworthy without private interpretation and workflows to be

1438
01:16:29,800 --> 01:16:32,240
maintainable without a single human key.

1439
01:16:32,240 --> 01:16:35,040
That is what structural resilience looks like in practice.

1440
01:16:35,040 --> 01:16:39,280
It isn't about perfect control or maximum restriction, but a design where responsibility

1441
01:16:39,280 --> 01:16:43,240
and continuity hold firm even when one person goes offline.

1442
01:16:43,240 --> 01:16:47,200
When you achieve that, the organization becomes much easier to scale because movement is

1443
01:16:47,200 --> 01:16:50,320
no longer trapped inside a single point of failure.

1444
01:16:50,320 --> 01:16:52,040
What executive teams need to understand?

1445
01:16:52,040 --> 01:16:55,920
What executive teams need to understand is that digital structure is no longer an IT

1446
01:16:55,920 --> 01:16:58,200
hygiene issue sitting somewhere below strategy.

1447
01:16:58,200 --> 01:16:59,440
It is strategy.

1448
01:16:59,440 --> 01:17:03,560
Because every major transformation decision now runs through digital architecture, any change

1449
01:17:03,560 --> 01:17:08,560
in access, workflow or automation fundamentally alters how the business thinks and moves.

1450
01:17:08,560 --> 01:17:12,200
When leaders approve a digital transformation program or an AI rollout, they aren't just

1451
01:17:12,200 --> 01:17:13,320
investing in new tools.

1452
01:17:13,320 --> 01:17:18,240
They are actively redesigning the power dynamics of the entire organization.

1453
01:17:18,240 --> 01:17:19,240
And why is that?

1454
01:17:19,240 --> 01:17:22,640
Because every permission model is actually an operating model choice in disguise.

1455
01:17:22,640 --> 01:17:26,600
It determines who can see enough context to act and who has to ask for permission, while

1456
01:17:26,600 --> 01:17:30,120
also defining who can move directly and who is forced to wait.

1457
01:17:30,120 --> 01:17:34,160
These technical settings decide who becomes essential in the middle of a process and who

1458
01:17:34,160 --> 01:17:39,400
gets bypassed entirely, often leaving specific people to carry the consequences of a project

1459
01:17:39,400 --> 01:17:41,920
without having the visibility to manage it.

1460
01:17:41,920 --> 01:17:43,120
That is executive territory.

1461
01:17:43,120 --> 01:17:46,320
This isn't because leaders need to manage every group membership themselves.

1462
01:17:46,320 --> 01:17:50,440
But because the distribution of access quietly determines the distribution of influence,

1463
01:17:50,440 --> 01:17:52,800
speed and risk across the company.

1464
01:17:52,800 --> 01:17:58,000
If an executive team says it wants faster decisions while approving structures that fragment information,

1465
01:17:58,000 --> 01:18:02,600
then the system is doing exactly what leadership has allowed it to do by producing latency.

1466
01:18:02,600 --> 01:18:06,640
When an executive team demands accountability but tolerates weak content ownership and

1467
01:18:06,640 --> 01:18:10,680
stale permissions, they shouldn't be surprised when decisions become muddy and politically

1468
01:18:10,680 --> 01:18:11,680
dependent.

1469
01:18:11,680 --> 01:18:13,720
That isn't a culture problem in the soft sense.

1470
01:18:13,720 --> 01:18:15,960
It's an architecture problem in the hard sense.

1471
01:18:15,960 --> 01:18:19,640
This is also why digital governance cannot be treated as a purely protective function

1472
01:18:19,640 --> 01:18:22,040
that only exists for audit and compliance.

1473
01:18:22,040 --> 01:18:26,280
While governance certainly reduces exposure, it also serves as the mechanism that allocates

1474
01:18:26,280 --> 01:18:28,520
decision capability across the workforce.

1475
01:18:28,520 --> 01:18:32,600
It defines whether responsibility can be exercised with enough context to be real.

1476
01:18:32,600 --> 01:18:36,160
And once you introduce AI, that reality becomes even more visible.

1477
01:18:36,160 --> 01:18:40,160
Every AI rollout is effectively a trust test of your existing infrastructure.

1478
01:18:40,160 --> 01:18:44,080
We have to ask if we trust our access model enough to let a language interface make it

1479
01:18:44,080 --> 01:18:45,160
more usable.

1480
01:18:45,160 --> 01:18:49,680
Or if our ownership model is strong enough to let answers surface from across the environment.

1481
01:18:49,680 --> 01:18:54,080
If the answer is no, then the executive problem isn't actually AI skepticism.

1482
01:18:54,080 --> 01:18:56,440
It is unresolved structural misalignment.

1483
01:18:56,440 --> 01:19:00,800
That is the part many leadership teams still underestimate because they expect productivity

1484
01:19:00,800 --> 01:19:04,480
tools to increase output while the core operating structure stays untouched.

1485
01:19:04,480 --> 01:19:06,160
But the core structure always matters.

1486
01:19:06,160 --> 01:19:11,080
If the business does not trust its own visibility rules or if ownership is blurred, AI will expose

1487
01:19:11,080 --> 01:19:12,600
those gaps immediately.

1488
01:19:12,600 --> 01:19:16,720
When real decisions happen through informal translators instead of formal pathways, AI

1489
01:19:16,720 --> 01:19:20,520
will highlight that too, which is why this conversation belongs in the executive room for

1490
01:19:20,520 --> 01:19:22,360
a very practical reason.

1491
01:19:22,360 --> 01:19:26,680
Misaligned power slows decisions and increases risk, which ultimately limits your ability to

1492
01:19:26,680 --> 01:19:27,680
scale.

1493
01:19:27,680 --> 01:19:31,360
It delays transformation because every new capability inherits all dependencies.

1494
01:19:31,360 --> 01:19:36,200
And it reduces ROI because tools cannot outperform the structural logic they sit inside.

1495
01:19:36,200 --> 01:19:40,520
From a systems perspective, executive teams have three responsibilities to address this.

1496
01:19:40,520 --> 01:19:43,880
First you must treat permissions as business design rather than technical residues.

1497
01:19:43,880 --> 01:19:47,960
Second you should insist that accountability and access are reviewed together as a single

1498
01:19:47,960 --> 01:19:48,960
unit.

1499
01:19:48,960 --> 01:19:53,720
Third you have to understand that true resilience requires redundancy around information

1500
01:19:53,720 --> 01:19:55,080
and workflow ownership.

1501
01:19:55,080 --> 01:19:58,520
That last point matters because scale does not come from making a few people faster.

1502
01:19:58,520 --> 01:20:01,920
It comes from reducing how many things depend on those few people in the first place.

1503
01:20:01,920 --> 01:20:06,440
If I were sitting with an executive team today, I would frame the whole issue very simply.

1504
01:20:06,440 --> 01:20:10,120
Do not ask whether your governance is strict enough, but instead ask whether your control

1505
01:20:10,120 --> 01:20:13,160
model matches how responsibility actually sits in the business.

1506
01:20:13,160 --> 01:20:17,080
Do not ask whether your AI rollout is ambitious enough, but ask whether the environment underneath

1507
01:20:17,080 --> 01:20:19,960
it actually deserves to be accelerated.

1508
01:20:19,960 --> 01:20:24,080
And do not ask only who owns the process, but ask who can actually move it, because if

1509
01:20:24,080 --> 01:20:28,600
those answers point to different places, then the organization is not running on a hierarchy.

1510
01:20:28,600 --> 01:20:29,960
It is running on hidden power.

1511
01:20:29,960 --> 01:20:33,280
Once you see that, the priority becomes very clear because you aren't just cleaning up

1512
01:20:33,280 --> 01:20:34,280
permissions.

1513
01:20:34,280 --> 01:20:38,600
You are deciding what kind of business reality your systems will keep producing.

1514
01:20:38,600 --> 01:20:39,600
Conclusion.

1515
01:20:39,600 --> 01:20:43,480
When we pull all of this together, the main point is not complicated.

1516
01:20:43,480 --> 01:20:47,840
Power in a modern organization is rarely located exactly where the org chart says it is, because

1517
01:20:47,840 --> 01:20:52,360
it actually sits where systems distribute visibility and workflows allow movement.

1518
01:20:52,360 --> 01:20:56,440
It lives where information can be interpreted and acted on without delay, which is why a formal

1519
01:20:56,440 --> 01:21:01,440
hierarchy can look clean while the operational reality feels incredibly messy.

1520
01:21:01,440 --> 01:21:06,280
The business is not only running on roles and titles, it is running on access, communication,

1521
01:21:06,280 --> 01:21:09,960
and the hidden dependencies built into everyday execution.

1522
01:21:09,960 --> 01:21:13,960
Once you start looking through that lens, a lot of things that used to seem political start

1523
01:21:13,960 --> 01:21:15,160
making much more sense.

1524
01:21:15,160 --> 01:21:19,280
You begin to see why one person keeps appearing in every important decision and why some teams

1525
01:21:19,280 --> 01:21:22,320
move faster than others despite having the same formal authority.

1526
01:21:22,320 --> 01:21:23,520
It is a system outcome.

1527
01:21:23,520 --> 01:21:24,640
The reason is simple.

1528
01:21:24,640 --> 01:21:28,880
The people who can see enough and connect enough will always carry more real influence than

1529
01:21:28,880 --> 01:21:31,000
the structure alone suggests.

1530
01:21:31,000 --> 01:21:34,360
Sometimes that influence is concentrated in one trusted gatekeeper, and other times it

1531
01:21:34,360 --> 01:21:39,960
is scattered across an over-permissioned environment, but the same principle holds in every case.

1532
01:21:39,960 --> 01:21:43,280
Control that does not match responsibility will eventually distort decision making and

1533
01:21:43,280 --> 01:21:44,440
slow the business down.

1534
01:21:44,440 --> 01:21:46,960
It creates shadow behavior and weakens trust.

1535
01:21:46,960 --> 01:21:51,400
And if you layer AI on top of that, it will only amplify whatever misalignment already exists.

1536
01:21:51,400 --> 01:21:55,720
If you want one practical move after this episode, I suggest you make it small and real by picking

1537
01:21:55,720 --> 01:21:58,760
one important decision path this week and tracing it.

1538
01:21:58,760 --> 01:22:03,280
Find out who starts it, who actually unblocks it, and who controls the content when the formal

1539
01:22:03,280 --> 01:22:04,760
process stops being enough.

1540
01:22:04,760 --> 01:22:08,920
That exercise alone will tell you more about your organization than another org chart review

1541
01:22:08,920 --> 01:22:09,920
ever will.

1542
01:22:09,920 --> 01:22:13,800
If this lens changed how you think about power, leave a review for the podcast, and share

1543
01:22:13,800 --> 01:22:17,440
this episode with someone responsible for governance or an AI rollout.

1544
01:22:17,440 --> 01:22:21,160
You can also connect with me on LinkedIn and send me the next question you want me to unpack

1545
01:22:21,160 --> 01:22:22,160
here.

1546
01:22:22,160 --> 01:22:25,160
Because if power in your organization is defined by access, are you sure the right people