Nobody wants to talk about the fundamentals.
Data hygiene. Access governance. Documentation. Least-privilege principles. These aren't the topics that get keynote slots or generate LinkedIn engagement. They're boring. They're tedious. They're the reason IT leadership feels like pushing a boulder uphill some days.
But here's what I've learned in 25 years: the fundamentals will catch up to you eventually. Maybe not today. Maybe not this quarter. But they will catch up.
It happens in small ways first. A sales report that doesn't match finance's numbers because "Illinois" exists in your database as IL, Il, ILL, Ill, and Illinois. Five entries that should be one. Someone notices the discrepancy, sends an email, and your team spends half a day tracking down the root cause. It's annoying, but it gets fixed. Life moves on.
Except it doesn't get fixed. Not really. The underlying problem (nobody owns data quality, nobody enforces standards) remains. So next month it's a different field, a different report, a different fire drill. The small problems compound. They become the background noise of operations.
This is what skipping the fundamentals looks like at a M company.
Now scale it up.
That same organization grows to M. They're running the same systems, with the same data, with the same governance gaps that were "minor annoyances" a decade ago. Leadership decides it's time for a real ERP implementation. The vendor demos are slick. The ROI projections are compelling. Everyone signs off.
Then the project starts.
The implementation team discovers the state abbreviation problem, multiplied across every data field in every system. Customer records are duplicated. Product codes are inconsistent. The "simple" data migration becomes a six-month cleanup project. Go-live gets pushed. The budget doubles. People start pointing fingers.
I've watched this movie more than once. The technology wasn't wrong. The vendor wasn't lying (well, not entirely). The project failed because nobody enforced the fundamentals before it started.
Garbage in, garbage out. The adage persists because people keep proving it true.
Now apply this to AI.
You've read the hype. AI will transform your operations, optimize your workflows, surface insights you never knew you had. Maybe. If your data isn't garbage. If your governance isn't a mess. If your fundamentals are actually in place.
AI doesn't clean your data. It amplifies whatever you feed it. Duplicate customer records? AI will make decisions based on duplicates. Inconsistent product data? AI will produce inconsistent outputs. Financial data with errors nobody bothered to fix? AI will build forecasts on those errors and present them with confidence.
The vendors pitching you AI solutions won't lead with this. They have demos to run and contracts to close.
Beyond data, there's a governance problem that's already burning companies who moved fast and figured they'd ask questions later.
The early days of Moltbot (originally called Clawdbot, now known as OpenClaw), a viral AI personal assistant, became a case study in what happens when you deploy agents without basic security controls. The agents inherited the access privileges of the accounts under which they were installed. Users with admin rights installed agents with admin rights. Users running as root gave agents root access. Some organizations stored credentials in plaintext. Security researchers found exposed admin ports, unauthenticated gateways, and enough vulnerabilities that Palo Alto Networks called it potentially the biggest insider threat of 2026.
One study found that 53% of enterprise customers gave these agents privileged access over a single weekend. Without asking permission. Without IT involvement. Without any concept of least-privilege principles.
This should surprise no one who understands basic identity governance. But apparently it surprised a lot of people.
The fundamentals caught up to them.
Here's the question you need to answer before you greenlight your next project, before you deploy an agent into your systems, before you sign that implementation contract:
Are we relentlessly enforcing the fundamentals?
Not occasionally. Not when convenient. Relentlessly.
Is your data actually clean? Not "mostly clean." Have you audited it recently, or are you assuming someone else did?
Do you have a single source of truth for customer records, product data, financial accounts? Or do you have five versions of Illinois?
Are your IT staff operating daily on admin accounts with full access privileges? (If the answer is yes, you have a governance problem. And you're about to hand that problem to an AI.)
When was your last access rights audit? Not a report filed for compliance purposes. An actual audit where someone looked at what people and systems can do and asked whether they should.
Relentless enforcement of the fundamentals isn't glamorous. It doesn't make headlines. It won't get you a keynote slot. But it's the difference between a project that delivers and one that exposes every shortcut you've been taking for years.
The fundamentals will catch up to you eventually. The only question is whether you're ready when they do.
Raphael Savastano is the founder and principal consultant of ROFONIC LLC. With 25+ years in IT, 16 years in leadership, including 8 years as CIO scaling technology for a global manufacturer from M to 0M. He now helps growing companies get executive-level technology and operations leadership without the full-time cost. Want to know where your technology actually stands? Take the Founder's IT Reality Check →
