A Manual Workaround Needs Its Own Controls

Manual workarounds preserve service by bypassing automation. They need authority, evidence, limits and reconciliation of their own.

The answer

When automation fails, the manual workaround becomes heroic. It can also remove validation, separation and audit. Staff copy records, use personal channels, calculate in spreadsheets and ask senior people to approve from screenshots.

When automation fails, the manual workaround becomes heroic. It can also remove validation, separation and audit.

Staff copy records, use personal channels, calculate in spreadsheets and ask senior people to approve from screenshots. Service continues while integrity becomes uncertain.

Design degraded operation before failure

Define the minimum outcome, permitted transactions and evidence. Restrict novelty: existing recipients and known obligations may continue while new beneficiaries or irreversible actions pause.

Value object — The Manual Mode Card

- Activation authority.

- Permitted scope and limits.

- Required verification.

- Record format and custodian.

- Independent reconciliation.

- Automatic expiry.

Reconcile before normality returns

Every manual action must enter the authoritative record and be checked for duplication, omission and unauthorised change.

A workaround without expiry becomes a shadow operating system. Preserve the outcome without abandoning the control.

Where this breaks

Manual mode is usually documented after the outage, when every exception already feels justified. That makes reconciliation incomplete and temporary access hard to remove.

The operating move

Prebuild the smallest manual process that can preserve the outcome. Limit novelty, record every act and assign a person independent from execution to reconcile it.

Use known recipients only.

Cap value and duration.

Preserve the source instruction.

Reconcile before restoring automation.

The test

Run one controlled transaction through manual mode while systems are healthy. If it cannot be reconciled cleanly, it will fail under pressure.

Sources

  1. NIST Digital Identity GuidelinesNIST Digital Identity Guidelines

    Primary authority

  2. NIST SP 800-34 Rev. 1: Contingency Planning GuideNIST SP 800-34 Rev. 1: Contingency Planning Guide

    Primary authority

  3. FINMA: Revised circular on operational risks and resilienceFINMA: Revised circular on operational risks and resilience

    Primary authority

Jonathan P. De CollibusFounding Partner, Svperior / Cyber

Adam J. De Collibus

Adam co-founded Svperior and leads systems engineering from requirements through implementation. His work connects architecture, implementation, deployment, and operating discipline across complex environments where failure must be anticipated and technical capability must remain dependable under pressure.

Systems engineering / Technical architecture / Production operations / Operating resilience

Need to apply this to a specific situation?

Send us the initial context. If the matter fits, we will respond directly.

Send private inquiry
A Manual Workaround Needs Its Own Controls \