What does complex adaptive systems theory mean for modelling of organisational rules?⋆ Jöran Lindeberg1,* , Martin Henkel1 and Eric-Oluf Svee1 1 Department of Computer and Systems Sciences, Stockholm University, Box 7003, Kista, 16407, Sweden Abstract Organisational rules and regulations are vital components of a business. However, their growing numbers, interdependencies, and often unpredictable interactions with social agents make them challenging to manage. Enterprise modelling has proven an effective technique for sensemaking and creating a shared understanding of organisational structures, such as rules and goals. However, what is captured or not in a model depends on the theory used to examine the organisation, whether implicit or explicit. Particularly in healthcare, many scholars view organisations from the lens of Complex Adaptive Systems (CAS), rather than General Systems Theory (GST). This paper discusses how enterprise modelling of organisational rules grounded in CAS theory will have a different focus than if grounded in GST. Four key themes for are identified: abstraction, rule-agent interaction, emergence, and feedback channels. Each is discussed in light of privacy regulation and healthcare practice, and proposals are made for future research directions in enterprise modelling. Keywords enterprise modelling, organisational rule, complex adaptive system, healthcare, privacy regulation, legal design 1. Introduction Organisational rules and regulations are an essential part of an enterprise. They define what should be done and how, being a powerful means of control. An organisational rule constrains the action space of an organisational unit. Their effectiveness has contributed to their popularity, and their number is growing. However, as these rule systems expand, intertwined with IT systems and in constant interaction with social agents, managing them becomes more challenging. In fact, as early as 1893, Emile Durkheim observed that "domestic law, from being originally simple, has become increasingly complex" [1, p. 155]. In organisational life, there are many vague, conflicting, and suffocating rules. In fact, Max Weber, otherwise a strong proponent of bureaucracy, cautioned that an iron cage of rules [2] could be humanity’s inescapable faith [3]. In this paper, we continue with a definition of the concept of organisational rule from a previous, forthcoming study [4, Introduction]. An organisational rule is: an element of guidance that constrains the action space of an organisational unit. It refers to the overall business rather than IT-systems. It is formalised, i.e., is written and has an official standing in the organisation it applies to. An organisational rule can be both of external and internal origin and can have any enforcement level, from rigid enforcement to mere guidelines. As mentioned above, managing these rules is challenging. Fortunately, enterprise modelling has proven to be an effective technique for sensemaking and creating shared understanding of organisational structures, such as rules and goals [5, p. v]. But all models are simplifications and will only show BIR-WS 2024: BIR 2024 Workshops and Doctoral Consortium, 23rd International Conference on Perspectives in Business Informatics Research (BIR 2024), September 11-13, 2024, Prague, Czech Rep. * Corresponding author. $ joran@dsv.su.se (J. Lindeberg); martinh@dsv.su.se (M. Henkel); eric-sve@dsv.su.se (E. Svee) € https://www.su.se/english/profiles/jli6887-1.620851/ (J. Lindeberg); https://www.su.se/english/profiles/mhenk-1.182179/ (M. Henkel); https://www.su.se/english/profiles/ersv6598-1.188778/ (E. Svee)  0000-0001-7806-749X (J. Lindeberg); 0000-0003-3290-2597 (M. Henkel); 0000-0003-2218-8094 (E. Svee) © 2024 Copyright for this paper by its authors. Use permitted under Creative Commons License Attribution 4.0 International (CC BY 4.0). CEUR ceur-ws.org Workshop ISSN 1613-0073 Proceedings certain parts of reality. What parts will be emphasised, or invisible, depends, among other things, on the underlying theory of organisations of the modeler [6]. Indirectly, it also depends on the theories of the modellers that made the artefacts that the modeler is using, such as modelling languages and tools. Any artefact will embed a substantial portion of organisational theory from these design processes. Organisational theory can be implicit (which could be referred to as a mental model) or explicit. However, most traditional modelling efforts are based on positivist views [6]. In 1991, Orlikowski & Baroudi [7] concluded that information systems (IS) research is dominated by positivist perspectives, either explicit or implicit, while interpretivism, social constructivism, and critical studies were somewhat absent. This is problematic since certain phenomena will not be effectively studied and explained if only one set of philosophical assumptions is used. As put by Daft & Wiginton [8, p. 187] (cited in [7]): "If complex organizational behaviors are modelled as if they are simple, well understood, deterministic systems, or even as stochastic systems, then the resulting models will tend to be insignificant." We are unaware of any more recent surveys similar to the work of Orlikowski & Baroudi, but our impression is that the dominance of positivism in IS research remains. A widespread organisational theory, particularly in healthcare, is the theory of complex adaptive systems (CAS) [9, 10, 11, 12]. CAS theory can be contrasted with General Systems Theory (GST) [13]. While the philosophical standpoints of CAS theory resonate with social constructivism, GST is closer to positivism. In short, organisational theory matters for enterprise modelling of organisational rules, and alternatives to positivism and GST need to be explored. The research question is the following. What are the key themes for modelling organisational rules if CAS theory is applied? The remainder of the paper is structured as follows. Section 2 contrasts CAS theory with GST, identifying four differences relevant to modelling organisational rules. Section 3 discusses the possible implications of identified differences for the modelling of organisational rules. Section 4 concludes. 2. Complex adaptive systems theory and general systems theory CAS theory originally comes from the field of biology, but has also been used to understand social systems, including organisations [14]. This includes their organisational rules and the agents, such as organisational units, that interact with them. CAS theory [13] emphasises that the world is messy [15], fuzzy [10], non-linear [13], and non-deterministic [13], in other words, complex. The building blocks of a CAS are agents and constraints (also known as rules). Agents interact according to their constraints [16] and will adapt according to feedback [17] they perceive. In a CAS, it is difficult or impossible in advance to know exactly what the results will be of a particular decision, such as a change of rules. Thus, effective feedback channels are essential [18]. CAS theory also recognises that agents have agency and are part of several systems simultaneously. It is therefore demanding to know how they will interpret and implement a new rule. CAS theory can be contrasted to General Systems Theory (GST) [13]. There is no consensus on whether CAS theory is a specialisation of GST or whether it is something different. In this article, we subscribe to the view of Turner & Baker [13], who argue that CAS theory (together with Chaos Theory) is part of Complexity Theory, and that Complexity Theory differs from GST. However, despite this separation, Turner & Baker also recognise that there is a common ground between CAS theory and GST. The differences are more about emphasis than apparent dichotomies. We recognise that many theories and models cannot be categorised as clearly built on either GST or CAS theory but are somewhere in between. Yet, to simplify the following discussion, we will refer to them as two separable theories. So, what are these differences in emphasis between CAS theory and GST? As the name implies, CAS theory embraces dynamic complexity. Compared to GST, CAS theory would, therefore, be more inclined to recognise that theoretical models of a system have been heavily simplified, at least if a complete socio-technical system is to be understood. Another option would be to, on the contrary, focus on small details of the complex reality, but from a CAS perspective this is an unattractive option since it forsakes the interconnections and wholes. GST would assume that most systems are, in the words of Simon [19], "nearly decomposable". In contrast, a CAS has fuzzy and "folded" boundaries, meaning that its components tend to be parts of other systems, or at least interact with others, making meaningful decomposition harder. When systems overlap, rules collide [20]. There is usually more than one rule system at play in a particular situation, including the internal rule system of the agents involved, each with their mental models and goals. How an actor will decide to interpret and implement a specific rule depends not only on the rule, but also on the actor and what other rule systems are at play in a particular situation. While GST would tend to assume that rules are both given and followed, CAS theory would instead focus on how rules are constantly recreated and modified by agents. Although GST may be better suited to represent easily interpreted rules, CAS theory provokes more interest in the dynamics of more complex rules. When an organisation strives to be legally compliant, it may only know if it succeeded once a final court judgement says so, perhaps after months or years of legal process. This uncertainty has been identified as a considerable obstacle to organisational development in Swedish healthcare [21]. Compared to GST, CAS theory is even more geared towards describing the phenomenon of emergence: how the whole can have properties beyond the aggregation of the parts. In the above, we have explained why agents’ behaviour in a CAS is unpredictable. At the system level, the behaviour becomes even more erratic. The unpredictability of outcomes makes effective feedback loops essential. Enterprise models must also include feedback channels that ensure that the emergent and often unexpected consequences of, for example, a rule change, are quickly brought to the attention of stakeholders, particularly decision makers [18]. The above discussion can be distilled into the following focus areas that help in the differentiation of CAS from GST: 1. Abstraction (to be able to represent wholes rather than details) 2. Rule-Agent interaction (rather than interaction just between rules) 3. Emergence (properties of system structure and behaviour rather than properties of individual rules) 4. Feedback channels (learning what happens rather than trying to foresee what will happen) When describing rules that govern a CAS, such as when creating enterprise models, it is essential to cater to the above areas. 3. Organisational rules modelling grounded in complex adaptive systems theory In the previous section, we identified four focus areas for the sense-making of organisational rules grounded in CAS theory. In this section, we will discuss what this means in practice for modelling organisational rules. 3.1. Abstraction Both GST and CAS theory subscribe to the notion that "all models are wrong, but some are useful" 1 , but from a CAS theory point of view capturing a high degree of system detail appears even more futile. Instead, to be helpful, modelling grounded in CAS theory would focus on higher levels. In modelling, abstraction is commonly achieved through hierarchies. However, Krogstie [6] has observed that how to model rules as hierarchies needs to be studied more. Imagine, for example, the tremendous impact of the General Data Protection Regulation (GDPR) on innumerable organisations in the European Union and worldwide. GDPR has caused many other, more detailed, rules to be created, and it is also hierarchically superior to many rules. Thus, power-subjection and cause-effect are needed to model a CAS. An example of a power-subjection relation is that the legislation of member states must comply with EU legislation, or that the rule of an 1 Quote attributed to the British statistician George E.P. Box. organisational unit must align with company-wide rules. An example of cause-effect relation would be that GDPR invites the member states to complement it with their own more detailed legislation. At least in Sweden, this means that the parliament makes a law which is complemented by a government ordinance, supplemented by national authorities’ regulations. It should be noted that the hierarchies for abstraction that are discussed above do not necessarily correspond to the principles for deciding about rule precedence. (One of these principles is lex specialis, according to which the most detailed rule should be the one in effect. [22]) A concrete contribution to enterprise modelling in this area could be to design patterns for building various types of hierarchies among organisational rules. Patterns could be used for representing hierarchies between types of rules, for example, that a company policy must not contravene regulations by public authorities, and hierarchies established between individual rules, e.g., if law X explicitly states that law Y prevails in case of conflict. Patterns like this could give the modeler a toolbox of abstractions to use when modelling rules. 3.2. Rule-agent interaction As noted in the previous section, rules collide and will not always be followed. Also, rules are normative models, and like any model, they are imperfect imperfect simplifications, unable to cope with reality in all its complexity. From a perspective of CAS theory, it is important to model how rules are constantly recreated through how agents decide to interpret, implement, and enforce them (or not) in different situations. For example, in a fourth-coming study, we modelled the legal enforcement of GDPR provisions in a Swedish Hospital. The designated supervisory authority decided on a million euro administrative fine, partly confirmed by a primary instance court but ultimately overruled by a secondary instance court. In other words, the law’s wording was just the story’s start, and the actions of institutional agents wrote the rest. Defining the rule is a first step, but, as seen from this example, interpreting and enforcing rules requires a whole system of public authorities at different levels, who may not always agree with each other. A tangible contribution to enterprise modelling in this area could be to support the modelling of not only the rules themselves but also their relation to agents that create and enforce them. 3.3. Emergence Emergence [23], is the phenomenon where patterns arise out of a multiplicity of simple interactions. 3.3.1. Structural emergence Emergent structural properties of a rule system would be the patterns formed by the interconnections between rules and between rules and agents. These structural properties may be more relevant than the examination of individual rule to the sense-making of a complex system. Some of these patterns of interconnections between rules may be formulated and effectively represented in a model. For example: Who typically creates (owns) the rule? What type of rule is present (constitutional, legislation, industry standard, company-wide internal rule, etc.)? What typicial citations between rules are there? Other patterns of interconnections are also important but more complicated to define. For example: What types of actors are regulated by the rule? In what situations? What goals does it support, or oppose? Once these interconnections have been identified and represented in an enterprise model, they can be translated into properties that describe the whole. In the context of GDPR and healthcare, one relevant relation would be how rules cite each other. Other examples would be actors creating rules, roles defined by these rules, actors having these roles, and actors enforcing the rules. 3.3.2. Behavioural emergence An example of behavioural emergence is when several birds move as a flock. Behavioural emergence, as explained by Juarrero [24] is the result of positive feedback loops. At some point, it becomes relevant to describe the properties of the flock rather than each bird. In the context of GDPR and healthcare, it would be interesting to represent how collaborative a system is. Rigid privacy regulations obviously have the potential to make information exchange difficult. Another barrier to collaboration could be the lack of monetary incentives. In Swedish healthcare, when caregivers report back to the national authorities to receive funding, it has, for example, been observed that there is no code for "collaboration". Enterprise modelling in this area could build on existing contributions within behavioural modelling [6], e.g., state charts and system dynamics, as well as the studies of the dynamics of rule networks by Zhu and Schulz [25]. For structural emergence, there could be a need of defining typical structures of rules; this would make it easier to categorise and understand a rule system. 3.4. Feedback channels The unpredictability of the outcomes makes effective feedback loops essential. Enterprise models must therefore also include feedback channels ensuring that the emergent and often unexpected consequences of, for example, rule change, are brought to the attention of the stakeholder, particularly the decision- makers. For example, a study of general practitioners in the healthcare sector in the United Kingdom concluded that it is nearly impossible for them to adhere to all applicable medical recommendations [26, 27]. Only one of the recommendations, a routine for how general practitioners should act when visited by an obese person, was calculated to, if thoroughly implemented, take up around 15 % of the total work time of all general practitioners in the UK. It appears safe to assume that the practitioners only partially followed this routine. It would probably be helpful if the decision-makers of such routines learnt about their consequences. Of course, feedback could reach them in many ways, but the probability of timely and correct feedback increases if feedback channels are consciously designed and represented in enterprise models. Returning to the issue of GDPR, EU lawmakers could not foresee all consequences of GDPR, and also within a small or medium-sized enterprise it can be difficult for a rule-maker to foresee the impact of their decisions. A concrete modelling contribution in this area could be to represent: a) what a rule change aims to achieve, b) through which channel rule-makers expect to be informed about its consequences, c), with what delay, and d) a comparison between the stated objectives and the actual consequences. Such contribution could draw from goal modelling, scanning [28] and system dynamics [18]. 4. Conclusion In this paper, we have emphasised how enterprise modelling is grounded in organisational theory, either implicit or explicit. We then identified several differences between GST and CAS theory. While the former is associated with positivism, the latter is closer to social constructivism. We then discussed what each identified difference could entail for modelling organisational rules, using examples of how privacy regulation affects healthcare. In conclusion, there is a need for an increased focus on (1) managing abstraction through modelling rule hierarchies, (2) how agents interact with rules, (3) emergent, system-wide, properties, and (4) feedback channels. In these areas, there are opportunities for contribution to enterprise modelling. References [1] E. Durkheim, The Division of Labor in Society, Simon and Schuster, 1997. [2] M. Weber, The Protestant Ethic and the Spirit of Capitalism, Routledge, 1930. [3] M. Weber, Economy and Society: A New Translation, Harvard University Press, 2019. [4] J. Lindeberg, M. Henkel, E.-O. Svee, Modelling of Organisational Rules in Complex Adaptive Systems: a Systematic Mapping Study, in: 23rd International Conference on Perspectives in Business Informatics Research, Prague, Czech Republic, 2024. Fourthcoming. [5] J. Stirna, A. Persson, Enterprise Modeling: Facilitating the Process and the People, Springer International Publishing, Cham, 2018. URL: https://doi.org/10.1007/978-3-319-94857-7. [6] J. Krogstie, Model-Based Development and Evolution of Information Systems, Springer, London, 2012. URL: https://doi.org/10.1007/978-1-4471-2936-3. [7] W. J. Orlikowski, J. J. Baroudi, Studying Information Technology in Organizations: Research Approaches and Assumptions, Information Systems Research 2 (1991) 1–28. Publisher: INFORMS. [8] R. L. Daft, J. C. Wiginton, Language and Organization, Academy of Management Review (1979). URL: https://journals.aom.org/doi/abs/10.5465/amr.1979.4289017. doi:10.5465/amr.1979. 4289017, publisher: Academy of Management Briarcliff Manor, NY 10510. [9] P. Anderson, Perspective: Complexity Theory and Organization Science, Organization Science 10 (1999) 216–232. doi:10.1287/orsc.10.3.216. [10] P. E. Plsek, T. Greenhalgh, Complexity Science: The Challenge Of Complexity In Health Care, BMJ: British Medical Journal 323 (2001) 625–628. doi:10.1136/bmj.323.7313.625. [11] W. B. Rouse, Health care as a complex adaptive system: implications for design and management, Bridge-Washington-National Academy of Engineering- 38 (2008) 17. [12] J. P. Sturmberg, A. Miles, 4. The Complex Nature of Knowledge, in: Handbook of Systems and Complexity in Health, Springer New York, New York, NY, 2013. URL: http://dx.doi.org/10.1007/ 978-1-4614-4998-0. [13] J. R. Turner, R. M. Baker, Complexity Theory: An Overview with Potential Applications for the Social Sciences, Systems 7 (2019) 4. doi:10.3390/systems7010004. [14] R. Stacey, Tools and Techniques of Leadership and Management: Meeting the Challenge of Complexity, Routledge, London, 2012. doi:10.4324/9780203115893. [15] R. L. Ackoff, The Art and Science of Mess Management, Interfaces 11 (1981) 20–26. URL: https: //www.jstor.org/stable/25060027, publisher: INFORMS. [16] D. Snowden, Constraints, 2022. URL: https://cynefin.io/wiki/Constraints. [17] S. W. Fraser, T. Greenhalgh, Complexity Science: Coping With Complexity: Educating For Capability, BMJ: British Medical Journal 323 (2001) 799–803. URL: https://www.jstor.org/stable/ 25468057, publisher: BMJ. [18] D. H. Meadows, Thinking in Systems: A Primer, Earthscan, 2008. [19] H. A. Simon, The Sciences of the Artificial, volume 3rd ed, The MIT Press, 1996. [20] T. R. Burns, H. Flam, The shaping of social organization, Swedish collegium for advanced study in the social sciences, SAGE Publications, London, England, 1987. [21] A. Ålenius, B. Saleh, K. Hedberg, P. Wolff, Delbetänkande av Utredningen om infrastruktur för hälsodata som nationellt intresse (2023:83), Statens Offentliga Utredningar, Regeringskansliet, 2023. [22] E. Vranes, The Principles of Conflict Resolution, in: E. Vranes (Ed.), Trade and the Environment: Fundamental Issues in International Law, WTO Law, and Legal Theory, Oxford University Press, 2009, p. 0. URL: https://doi.org/10.1093/acprof:oso/9780199562787.003.0003. doi:10.1093/acprof: oso/9780199562787.003.0003. [23] J. J. Colchester, Systems + Complexity An Overview, 1st edition ed., CreateSpace Independent Publishing Platform, 2016. [24] W. H. Evans, Constraints that Enable Innovation - Alicia Juarrero, 2015. URL: https://vimeo.com/ 128934608. [25] K. Zhu, M. Schulz, The dynamics of embedded rules: How do rule networks affect knowledge uptake of rules in healthcare?, J. Manag. Stud. 56 (2019) 1683–1712. doi:10.1111/joms.12529. [26] M. Johansson, G. Guyatt, V. Montori, Guidelines should consider clinicians’ time needed to treat, BMJ (2023) e072953. [27] N. Privett, S. Guerrier, Estimation of the Time Needed to Deliver the 2020 USPSTF Preventive Care Recommendations in Primary Care, Am. J. Public Health 111 (2021) 145–149. [28] X. Zhang, S. Majid, S. Foo, Environmental scanning: An application of information literacy skills at the workplace, Journal of Information Science 36 (2010) 719–732. URL: https://doi.org/10.1177/ 0165551510385644. doi:10.1177/0165551510385644, publisher: SAGE Publications Ltd.