Increase Risk Management effectiveness by learning to deal with two organisational realities
Experimenting with Networked Risk Management[1] over a period of five years has shown that the ability to deal with multiple organisational realities can help to improve risk management. In some case it can also reduce the effort to do so, making valuable and usually scarce resource available to contribute to an organisations success. One of our observations is that using only a traditional view based on the organisational structure hampers effectively dealing with risks. In this article we will describe an additional view and how this can contribute to increased risk management effectiveness.
Traditionally, risk management is based on the view of the organisational structure. Objectives are set at the top of the organisation and translated down through the organisational hierarchy. Here risk management deals with everything needed to achieve these (translated) objectives, and reporting is done back up the hierarchy. This way of working results from a management view of organizations: this is what we identify as the hierarchical reality of risk management.
The operational view of organizations is quite different. The operational reality is formed by the tasks and functions of individual organizational units, e.g. their work processes, the assets that they are responsible for etc. While each such unit is embedded in the organizational hierarchy, operationally their relations are with other units within their organizations and in other organizations. The operational relations look more like a network that stretch beyond the own organization. This is what we identify as the networked reality of risk management.
Missing out on this networked reality means that risks are overlooked. For example, it may seem relatively easy from a managerial point to translate objectives down in the organisational hierarchy. However, in the operational view an organizational unit is not only dealing with objectives coming from the ‘top’ but also with objectives coming from other organisational units. Risk management that is based on the hierarchical reality may easily overlook the reality of the networked nature of it’s own organisation, which typically stretches beyond it’s own organizational boundaries. Based on our experience, missing these relevant objectives is the number one reason for ineffective risk management.
The bigger the gap between these two realities becomes, the more risks will be hiding in this gap. Putting more effort in dealing with risks in one reality takes away precious resources while not necessarily decreasing the amount of risk. Typically this gap is bigger in cases where organisational processes are focussed on information processing, due to the networked character of information processes and systems. In organisations that primarily have processes dealing with physical objects, this gap usually is much smaller. However, these organisations increasingly tend to also do information processing. A consequence is that this shift widens the gap.
Information processing units also tend to live in a more dynamic world that organizations that deal with physical objects. This is because information flows can quickly be changed to flow to and from different (and more) organizational units.
Not acknowledging the differences between hierarchical and networked risk management easily leads to an increased effort in traditional risk management. At the same time the networked related risks that are hidden in plain sight are not identified. This hampers organisations in maximizing the return on investment in risk management effort. The already scarce resources that are working on risk management tasks within the reality of the organisational structure could have been put to better use by having them (also) deal with risks related to the networked reality.
Applying Networked Risk Management acknowledges the difference between these two realities, and provides previously overlooked solutions. It does so by adding another way of viewing an organisation and assessing its risks. By focussing on individual organizational units, the objectives they are tasked with, and their ability to take risk based decisions, NRM can help organisations to future proof their risk management and increase their ability to deal with risks in a more efficient and effective way.
In our experiments we have found that such an approach is more effective, and fits in situations where:
- risks need to be managed in environments with an increasing number of stakeholders and collaborations,
- managing risks is becoming increasingly time consuming and
- the certainty of being in control off risks is diminishing.
A first step in adapting a networked approach in Risk Management is analyse how organisational objectives are “translated” within the organisational structure. By analysing this translation with both a hierarchy view and a networked view usually highlights a number of gaps. The next step is determine if these gaps have effect on the uncertainty of achieving the organisations objective. The added bonus is usually that the solution can be found in the network providing options for dealing with risks that are easily overlooked when only dealing with the hierarchical reality. In our experience this exercise is the starting point identifying and reducing inefficiencies. It also provides opportunities to direct energy in activities while maintaining or even improving the success rate on objectives.
What are your thoughts on this topic? Please share in the comments!
[1] https://publications.tno.nl/publication/34612233/jfvm8m/joosten-2014-networked.pdf
This article is also available on LinkedIn: https://www.linkedin.com/pulse/identifying-risks-hiding-plain-sight-andre-smulders/
Comments