Purpose and evidence boundary

These five original teaching cases place the reader at a dated decision point using incomplete evidence reconstructed from public primary or official records. They are not reproductions, adaptations, summaries, or substitutes for proprietary business-school cases. No case announces a correct answer. A defensible recommendation depends on the decision objective, evidence available at the time, uncertainty, affected stakeholders, legal duties, implementation capacity, and the learner's stated assumptions.

Some cited records were created after the decision point. They are used only to reconstruct facts, chronology, or control conditions; they must not be treated as information the protagonist possessed unless the exhibit says so. Enforcement allegations, consent-order findings, company disclosures, and management statements are attributed to their source and are not silently converted into findings about an individual person's knowledge, intent, or liability.

How to use the cases

For each case, prepare a one-page decision memorandum that states:

  1. the decision, decision owner, deadline, and objective;
  2. the evidence available, missing, disputed, or created later;
  3. at least two credible alternatives, including delay, redesign, or stop where feasible;
  4. expected value, downside exposure, affected stakeholders, controls, and reversibility;
  5. an implementation and monitoring plan with escalation triggers; and
  6. the facts or evidence that would change the recommendation.

Case-pack map

CaseDated decision pointPrimary managerial tensionPrincipal chapter connections
1. Knight CapitalAugust 1, 2012, before the U.S. market openAvailability versus controlled software shutdownOperations, project delivery, digital governance, cyber resilience
2. ZoomFebruary 2, 2021, after the FTC's final orderCompliance floor versus product, trust, and assurance redesignLaw and ethics, product, GTM claims, cybersecurity, digital transformation
3. Southwest AirlinesDecember 27, 2022, during the disruptionIncremental recovery versus a controlled network resetOperations, leadership, project and crisis governance, customer obligations
4. Wells FargoSeptember 9, 2016, after public enforcement actionsImmediate incentive change versus broader remediation and accountabilityGovernance, incentives, ethics, culture, risk, customer analytics
5. IntelMarch 21, 2024, after non-binding CHIPS preliminary termsStrategic capacity expansion versus staged capital commitmentStrategy, finance, operations, supply chain, transformation, uncertainty

Case 1: Knight Capital — Halt the Router or Trade Through the Opening?

Protagonist and decision point

Protagonist: the on-call technology and market-risk leaders responsible for Knight Capital Americas' automated equity router.

Decision point: shortly before the 9:30 a.m. ET U.S. market open on August 1, 2012. A new deployment supports the New York Stock Exchange's Retail Liquidity Program. Internal messages indicate a router error. The leaders must decide whether to halt or isolate the affected routing capability before opening, continue with additional monitoring, or switch to a constrained fallback.

The SEC later found, in an order entered with Knight's consent without admission or denial of most findings, that new code had not been deployed consistently across all eight servers, that dormant code could be triggered, that pre-open internal messages referenced the router error, and that Knight lacked specified automated controls and sufficiently documented deployment procedures. Those later findings reconstruct the control environment; they are not a transcript of what every decision-maker knew before the opening. [1]

Exhibit 1A — compact incident evidence

Evidence itemWhat the public record supportsWhat remains uncertain at the decision point
Deployment consistencyThe SEC order states that the new code was deployed to seven of eight servers and that the eighth retained older code. [1]Whether the on-call leaders had a reliable server-by-server attestation before opening.
Error signalThe SEC states that an internal system generated 97 messages referencing the router before the market opened; it also notes that these messages were not designed as formal system alerts. [1]Whether the messages indicated a contained defect, a false positive, or a market-wide exposure.
Control designThe SEC order describes gaps in automated pre-trade controls, deployment procedures, testing, and incident response. [1]Which manual controls or fallback routes were immediately operable.
ExposureKnight's SEC-filed post-incident disclosure attributed a large trading loss to the August 1 software issue. [2]The size and direction of exposure before the market opens; the case does not disclose the later loss to the protagonist.

Alternatives available for evaluation

AlternativeWhat it preservesWhat it puts at risk or leaves unresolved
A. Disable the router and delay participationLimits uncontrolled market access while the deployment is reconciled.Availability, customer execution, contractual or market commitments, and reputation for reliability.
B. Isolate the inconsistent server and open on the remaining serversPreserves some capacity while narrowing the suspected fault domain.Common-mode defects, incomplete diagnosis, overload, and false confidence that the problem is limited to one server.
C. Open with a strict exposure cap, live reconciliation, and named kill authorityTests production behavior while bounding position or order exposure if the controls work.The cap, reconciliation, or kill mechanism may share the same flawed control environment.
D. Shift eligible flow to a tested fallback or external venue and investigatePreserves part of customer service without using the new path.Capacity, execution quality, new dependencies, and uncertain fallback readiness.

Cross-chapter concepts

  • Chapter 6: statistical control, capacity, failure modes, and process design.
  • Chapter 11: change control, release gates, ownership, and closure.
  • Chapter 17: digital governance, decision rights, staged scaling, and stop rules.
  • Chapter 19: resilience, monitoring, incident command, and recovery.
  • Chapter 22: expected loss, value of information, and decision thresholds.

Discussion prompts

  1. What is the minimum evidence needed to distinguish a contained deployment inconsistency from a system-wide risk?
  2. Who should possess kill authority, and what information should be required to use it?
  3. How would you compare the expected cost of a delayed opening with a low-probability, high-severity trading failure?
  4. Which controls must be independent of the software being controlled?
  5. What deployment, observability, and rehearsal evidence would you require before reopening?

Source, permission, and caution status

This is an original synthesis of an SEC administrative order and an SEC-filed company disclosure. The exhibit paraphrases and reorganizes public facts; it does not copy proprietary case text. The SEC order's consent and admission language must remain attached to any characterization of its findings. Do not infer the knowledge, intent, competence, or liability of an identified employee from this teaching reconstruction. Status: citation fragment prepared; legal/reputation and permissions review required before public release.


Case 2: Zoom — Build to the Order, or Redesign the Trust System?

Protagonist and decision point

Protagonist: Zoom's board risk committee working with product, security, legal, customer, and communications leaders.

Decision point: February 2, 2021, the day after the FTC announced final approval of its consent order. The order requires a comprehensive security program, security review of software updates, independent assessments, and restrictions on privacy and security misrepresentations. The committee must choose how broadly to redesign product governance, claims review, release assurance, and customer communication while supporting a platform that had experienced unprecedented pandemic-era usage. [3] [4]

The FTC complaint contains allegations; the final order creates prospective obligations without converting every allegation into an adjudicated factual finding. The case therefore separates “the FTC alleged” from “the order requires.” [3]

Exhibit 2A — evidence and obligation map

Evidence or obligationPublic-record basisDecision uncertainty
Security representationsThe FTC alleged misrepresentations about encryption, cloud-recording security, and a Mac software component. [3]Which historical and current customer-facing statements require correction, qualification, or withdrawal across channels and jurisdictions.
Program requirementsThe final order requires a comprehensive security program, release-security review, independent assessment, and compliance reporting. [3]Whether minimum compliance will address product architecture, trust, and customer-segment needs.
Scale and demandZoom's SEC filing described unprecedented use beginning in the quarter ended April 30, 2020 and rapid growth in cash, receivables, and operating scale. [4]Future demand, capacity, threat exposure, customer sensitivity, and the cost of slowing releases.
GovernanceThe order assigns formal program and assessment duties. [3]Where product, security, legal, and claims approval should sit and how dissent reaches the board.

Alternatives available for evaluation

AlternativeWhat it emphasizesPrincipal trade-offs
A. Central compliance program aligned closely to the orderSpeed, clarity, and demonstrable completion of mandated controls.May treat the order as a ceiling and leave product architecture, customer segmentation, or claims operations under-redesigned.
B. Temporary high-risk feature and release gateIndependent security review and reduced change risk while controls are rebuilt.Slower roadmap, customer frustration, capacity pressure, and possible workarounds outside governed channels.
C. Segment by use risk and assurance needStronger defaults, key management, retention, admin controls, and evidence for sensitive uses.Product complexity, fragmented experience, customer migration, support, and potential claims confusion.
D. Enterprise trust redesignIntegrates secure development, claims substantiation, transparency, independent testing, metrics, and board reporting.Greater cost, slower near-term delivery, organizational disruption, and uncertain willingness to pay.

Cross-chapter concepts

  • Chapter 2: claims, privacy, authority, and human-counsel gates.
  • Chapter 14: message substantiation and channel consistency.
  • Chapter 17: operating-model redesign, staged delivery, and evidence gates.
  • Chapter 19: secure development, assurance, incident readiness, and residual risk.
  • Chapter 20: affected people, autonomy, transparency, and remedy.
  • Chapter 21: product discovery, roadmap trade-offs, and lifecycle ownership.

Discussion prompts

  1. Which decisions belong to product management, security, legal, an independent assessor, and the board?
  2. How would you distinguish a claim-review control from a technical security control?
  3. Which customer segments justify differentiated defaults or assurance, and what new risks does segmentation create?
  4. What leading and lagging indicators would demonstrate that the program changes product behavior rather than documentation alone?
  5. Which changes should be public, and how would you avoid making new unsupported security promises?

Source, permission, and caution status

This original case uses FTC complaint/order materials and an SEC-filed Zoom quarterly report. It paraphrases the official record and includes the allegation-versus-order distinction; no proprietary case narrative or technical design is copied. Security details are intentionally limited to facts already made public by the FTC. Do not infer present-day Zoom practices from a 2020 complaint or 2021 order. [3] [4] Status: citation fragment prepared; current legal, security, technical, reputation, and permissions review required before release.


Case 3: Southwest Airlines — Recover Incrementally or Reset the Network?

Protagonist and decision point

Protagonist: Southwest's operational recovery leadership, including network operations, crew scheduling, airport operations, customer care, finance, legal, and communications.

Decision point: the morning of December 27, 2022. Severe winter weather has passed through much of the network, but crew, aircraft, schedules, customer communications, call-center capacity, refunds, and passenger care remain misaligned. Leadership must decide whether to continue incremental recovery, impose a controlled network reset, or run a smaller protected schedule while rebuilding situational awareness.

The 2023 DOT consent order and Southwest's 2022 Form 10-K were produced after this decision point. They reconstruct the scale, customer-service failures, refund and notification problems, cancellations, and financial effects with hindsight. The learner may use the operational symptoms in Exhibit 3A but should not assume the protagonist knew the later aggregate totals or enforcement outcome. [5] [6]

Exhibit 3A — recovery system signals

System surfaceEvidence reconstructed from the public recordMissing decision information
Network and crew alignmentSouthwest later disclosed difficulty realigning crews, schedules, and aircraft after the storm. [6]Current verified location and duty status for every crew and aircraft; time to restore a reliable schedule.
Customer contactDOT later found that call-center queues, flight-status notifications, and customer assistance failed at scale. [5]Overflow capacity, channel accuracy, accessibility needs, and which communications can be automated safely.
Refunds and careThe DOT order addresses prompt refunds, reimbursements, and customer-service commitments. [5]Volume and value of current obligations, processing capacity, error rate, and cash timing.
Financial and operational exposureSouthwest later disclosed more than 16,700 cancellations from December 21 through 31 and a material fourth-quarter effect. [6]The incremental exposure of each recovery option as of December 27; these later totals are withheld from the protagonist.

Alternatives available for evaluation

AlternativePotential advantagePrincipal risk
A. Continue incremental recovery against the published schedulePreserves more planned flights if local fixes work.Continued propagation, inaccurate promises, crew and aircraft mismatch, customer confusion, and repeated cancellations.
B. Cancel broadly and perform a controlled network resetCreates a simpler state from which to reposition crews and aircraft and publish a more reliable schedule.Immediate customer harm, refund and care burden, revenue loss, airport congestion, and reputational damage.
C. Operate a protected skeleton networkConcentrates resources on routes and stations with verified crews, aircraft, and customer-support capacity.Selection fairness, stranded customers outside protected routes, difficult rebooking, and complex restoration sequencing.
D. Pair a reset with external overflow and proactive customer remediesExpands contact, lodging, reimbursement, and processing capacity while operations stabilize.Vendor readiness, data access, privacy, inconsistent decisions, fraud control, and cost.

Cross-chapter concepts

  • Chapter 6: network flow, capacity, bottlenecks, variability, and resilience.
  • Chapter 7: incident leadership, fatigue, psychological safety, and escalation.
  • Chapter 11: incident governance, dependencies, communications, and closure.
  • Chapter 12: stakeholder communication and service recovery.
  • Chapter 17: operating-model dependencies and stop/redesign choices.
  • Chapter 22: scenario analysis, expected loss, and value of information.

Discussion prompts

  1. What minimum common operating picture is required before publishing a recoverable schedule?
  2. Which customer, crew, safety, legal, and financial objectives should constrain optimization?
  3. How would you decide whether another hour of diagnosis is worth more than an immediate reset?
  4. Which services may be outsourced during recovery, and which accountabilities must remain internal?
  5. What evidence would allow the incident commander to move from skeleton operations to broader service?

Source, permission, and caution status

This original case derives compact exhibits from a DOT consent order and an SEC-filed annual report. It does not reproduce a proprietary airline-operations case. The DOT order reflects an enforcement settlement and must be attributed; the company filing reflects management's public disclosure. Later totals are withheld from the protagonist to reduce hindsight bias. The case does not allocate blame to individual employees or determine private rights. [5] [6] Status: citation fragment prepared; aviation operations, consumer-law, labor, accessibility, reputation, and permissions review required before release.


Case 4: Wells Fargo — Change the Sales Goals, or Rebuild the Control System?

Protagonist and decision point

Protagonist: Wells Fargo's independent directors and the executives responsible for community banking, risk, human resources, customer remediation, finance, legal, and communications.

Decision point: September 9, 2016, the day after coordinated CFPB, OCC, and local enforcement actions became public. The board must decide the immediate scope of incentive changes, customer lookback and remediation, leadership accountability, risk reporting, and independent investigation while preserving lawful service to customers and fair process for employees.

The CFPB consent order states the Bureau's determinations and required relief. The OCC described the sales practices as unsafe or unsound and required an enterprise-wide sales-practices risk-management and oversight program. These records support the institutional control problem; they do not prove that every account, employee, manager, or customer experience was the same. [7] [8]

Exhibit 4A — decision evidence

Evidence surfaceSource-grounded signalImportant unknown
Customer authorizationThe CFPB order addresses unauthorized deposit, credit-card, online-banking, and debit-card activity and customer restitution. [7]Complete affected population, non-fee harms, downstream credit or tax effects, and remediation preferences.
Incentives and targetsThe CFPB linked the practices it described to sales targets and compensation incentives. [7]Which product, branch, manager, or metric designs produced pressure; which legitimate sales activity would be impaired by abrupt change.
Enterprise risk managementThe OCC cited failure to develop and implement an effective program to detect and prevent the unsafe or unsound practices. [8]Data quality, escalation history, control independence, employee-reporting experience, and board visibility.
Accountability and due processCoordinated orders require restitution, penalties, and corrective action. [7] [8]Individual knowledge, proportional accountability, employment obligations, preservation of evidence, and protection from retaliation.

Alternatives available for evaluation

AlternativePotential advantagePrincipal risk
A. Immediately eliminate product sales goals and suspend related incentivesRemoves a salient pressure while the system is investigated.Creates replacement-metric gaming, service disruption, income effects, and an impression that incentives alone caused the problem.
B. Stage compensation redesign with independent behavioral and control testingTests customer, employee, risk, and performance effects before full rollout.Continued exposure during transition, slow relief, inconsistent branch treatment, and difficult experimental ethics.
C. Launch an independent customer lookback and remediation program firstPrioritizes identifying and repairing customer harm and improving the evidence base.Delay in changing root causes, incomplete data, false positives or negatives, and potential conflicts if the reviewer depends on management.
D. Combine incentive suspension, independent investigation, leadership review, and enterprise risk redesignAddresses customer, culture, governance, data, and accountability together.High complexity, decision congestion, workforce fear, cost, leaks, and risk of symbolic changes without operational follow-through.

Cross-chapter concepts

  • Chapter 2: board process, authority, agency, ethics, and remediation gates.
  • Chapter 5: customer value, product metrics, complaints, and unintended metric effects.
  • Chapter 7: incentives, culture, voice, power, psychological safety, and fair process.
  • Chapter 8: KPI design, gaming, guardrails, and strategy execution.
  • Chapter 22: causal diagnosis, sampling, measurement error, and decision analysis.

Discussion prompts

  1. Which actions should occur in the first 24 hours, first month, and only after investigation?
  2. How would you separate individual misconduct, local management, incentive design, data, control, culture, and board-information hypotheses?
  3. What evidence and appeal process are necessary before individual compensation or employment action?
  4. How should the board measure customer remediation beyond refunded fees?
  5. Which replacement metrics are hardest to game, and what guardrails would reveal new forms of harm?

Source, permission, and caution status

This original case paraphrases two official 2016 regulator orders and does not reproduce proprietary teaching text. The case attributes determinations and requirements to the CFPB or OCC and avoids inferring individual intent or liability. Later investigations and enforcement actions are intentionally excluded so the learner faces the September 2016 decision with incomplete evidence. Status: citation fragment prepared; banking, consumer-law, employment, governance, reputation, and permissions review required before release.


Case 5: Intel — Commit Capacity Now, or Preserve Capital Flexibility?

Protagonist and decision point

Protagonist: Intel's board capital-allocation committee working with manufacturing, foundry, product, finance, strategy, supply-chain, workforce, government-affairs, sustainability, and risk leaders.

Decision point: March 21, 2024, one day after the U.S. Department of Commerce announced a non-binding preliminary memorandum of terms with Intel under the CHIPS and Science Act. Intel must decide how to pace proposed U.S. manufacturing and advanced-packaging investments across Arizona, New Mexico, Ohio, and Oregon while process readiness, external foundry demand, customer commitments, construction sequencing, incentives, and capital-market conditions remain uncertain. [9]

Commerce stated that final terms could differ, that funding remained subject to due diligence, negotiation, milestones, and availability, and that the preliminary terms contemplated direct funding and possible loans. Intel's 2023 Form 10-K described a “Smart Capital” approach using shell capacity, milestones, government incentives, customer commitments, co-investment, and external foundry use; it also disclosed that incentive arrangements can carry long-lived conditions and recapture or termination risk. [9] [10]

Exhibit 5A — capital and capacity evidence

Evidence surfacePublic-record signal available by the decision pointKey uncertainty
Preliminary public supportCommerce announced non-binding preliminary terms for up to $8.5 billion in direct funding and potential access to up to $11 billion in loans, subject to further process and conditions. [9]Final award, timing, project-specific milestones, disbursement, covenants, and recapture exposure.
Investment scopeCommerce associated the preliminary terms with projects in four states and Intel described U.S. proposals exceeding $100 billion over five years. [9] [10]Construction cost, permitting, workforce, tool timing, demand, process yield, and ramp coordination.
Flexibility designIntel's filing described building shell space and using readiness, market, and customer milestones before bringing capacity online. [10]Whether shells preserve valuable options or create carrying cost and commitment escalation.
Capital partners and conditionsIntel described government incentives, co-investment, customer commitments, and external foundry use as capital levers; it also disclosed compliance and recapture conditions. [10]Partner appetite, customer concentration, control, economics, and whether external commitments arrive before irreversible tool spending.

Alternatives available for evaluation

AlternativePotential advantagePrincipal risk
A. Advance the four-state program broadly and in parallelMaximizes speed, strategic signaling, geographic scope, workforce mobilization, and potential incentive capture.Capital intensity, execution congestion, demand mismatch, process delay, workforce scarcity, and reduced reversibility.
B. Build shells broadly but gate tools and production ramps by milestonesPreserves site and construction options while delaying some irreversible equipment commitments.Carrying cost, idle assets, political and community expectations, milestone design, and slower realized output.
C. Concentrate investment in fewer sites or capabilitiesFocuses capital and management attention on the highest-confidence process, packaging, or customer needs.Reduced geographic resilience, foregone incentives, stakeholder conflict, and insufficient ecosystem scale.
D. Expand co-investment, prepayments, and external partnerships before additional commitmentsShares risk and improves demand evidence.Slower action, complex governance, economics ceded to partners, confidentiality, and customers waiting for capacity proof.

Cross-chapter concepts

  • Chapter 1: industrial policy, rates, cycles, and scenario conditions.
  • Chapter 3: capabilities, commitment, real options, rivals, and ecosystem strategy.
  • Chapter 4: capital budgeting, scenario valuation, terminal assumptions, and sensitivity.
  • Chapter 6: capacity, bottlenecks, network design, yield, suppliers, and resilience.
  • Chapter 17: staged scaling, governance, lifecycle impact, and evidence gates.
  • Chapter 22: real-options logic, value of information, break-even conditions, and optimization limits.

Discussion prompts

  1. Which commitments are reversible, delayable, scalable, or irreversible, and how should that affect hurdle rates?
  2. What milestone set best links process readiness, customer demand, public funding, construction, workforce, and equipment installation?
  3. How should the committee value supply resilience and national-security benefits that do not appear directly in Intel cash flows?
  4. When does geographic diversification create resilience, and when does it create coordination cost?
  5. What evidence would justify accelerating, pausing, narrowing, partnering, or abandoning a site or production ramp?

Source, permission, and caution status

This original case derives its exhibit from a Department of Commerce announcement and Intel's SEC-filed 2023 annual report. Public statements about jobs, investment, technology, capacity, and incentives are presented as agency or company expectations, not guaranteed outcomes. The case deliberately stops at the non-binding preliminary terms and excludes later award changes and company developments. It does not provide investment advice or evaluate current Intel securities. [9] [10] Status: citation fragment prepared; securities, government-contracting, financial, technical, labor, environmental, reputation, and permissions review required before release.


Pack-level permission and release gate

All prose, alternatives, exhibits, and prompts in this appendix are newly authored from cited public records. No proprietary case text, instructor note, paywalled exhibit, or third-party graphic is reproduced. Company and regulator names are used nominatively to identify public events. Before publication, a human editor should verify each source, attribution, date, legal posture, trademark use, and post-decision exclusion; legal and reputation reviewers should confirm that allegations, findings, company statements, and inference remain separated. The appendix should remain on publication hold until the staged citation and manifest fragments are centrally integrated and the complete HTML, source-card, accessibility, and permission gates pass.