Latest Products

Iím sorryóbut itís your fault operational risk

Monday 2 July 2018


*This article was republished with the permission of the author. You can access the original publication here.

by Sean Coady

To get what you want a bunch of stuff has to go right. But a bunch of stuff can also go wrong. Understanding and managing all of that is what business is all about. And good business management is also known as good risk management - as risk is the essence of creating value. 

So why did you feel ok with all this until I mentioned risk? It’s a cognitive bias thing. Risk Management, and non-financial risk management in particular, makes you think of a whole bunch of stuff that does not feel like it is focused on the business - on the customer, your products, services and making a dollar in the cut-and-thrust world of business. 

The problem with risk is its brand. Years of focusing on the emerging professionalisation of operational risk as a management discipline, with standards, tools, techniques, and measurement processes that create outputs of no apparent use, has alienated the business from risk practitioners. 

Risk registers, matrices, risk, obligation and control libraries, risk assessments, incident reports and the like, all reinforce the view that risk is a cottage industry that collects, measures and reports on things because a bunch of regulators, market bodies, and industry groups say we must. 

Risk needs a makeover - or closure. What is missing in most operational risk frameworks and systems I see is the final Step. The reason why all these other artefacts, systems and processes, tools and techniques actually exist - and are needed. 

This is the step where all this stuff comes together to ensure business leaders are making the best business decisions they can at any point in time. The best decisions are risk based decisions - trading off alternate options with an informed understanding of the pros and cons of each option, and the likelihood of success. 

Having a decision quality process, a disciplined way of using all this stuff from the risk system, combining it with financial, strategic and other data, and then making a fully informed business decision - is what it’s all about. 

I couldn’t care less about risk registers or incident logs - except to the extent that that data contributes to the ultimate business decision being made. And it is only the quality of the top few hundred business decisions that you make that will determine if you even have a business in 10 years’ time. 

So operational risk management has come a long way, but it also has a long way back to be seen as a valuable contributor to business success and its outputs embraced as a necessary part of decision quality. 

Many operational risk practitioners are to blame for this predicament. Slavishly following standards and industry norms - which do not focus enough on the method of making quality business decisions - and they need to shift focus to now do so. 

This does not mean throwing away what has been developed. But this does mean toning down the emphasis on data gathering, and focusing instead on data use. It also highlights the harsh reality that risk practitioners can’t be credible unless they understand the material business decisions that are being made. 

And since most organisations do not have a documented, consistently implemented decision quality process, risk can work with the business, usually with strategy, finance, human resource and project/change teams, to collaboratively develop and jointly implement such a process. 

In other posts I’ve touched on decision quality - which is something I focus a lot on these days - and the summary illustration below provides some guidance. But it is how you weave all that stuff you have created in your risk frameworks and systems into this that really matters. 

And if you don’t know the key decisions your business makes, both planned and unplanned, don’t be too concerned. This is an immature space and most organisations can’t tell you more than 50% of the most important decisions made across the business - they are not all made at the top of the pyramid...

So take heart and get your head around DQ and how to be part of it. 
Cheers, Sean

About the Author 
Principal at Intelleqt Consulting Pty Ltd

Jeff Anthoney

Monday 9 July 2018
A sound assessment of the challenges and value in using a risk based approach to inform decision making. Very relevant to discussions that have been occurring around my workplace recently, thanks.

Andrew Pyke

Monday 9 July 2018
Well said Sean and very true re the ‚Äúcottage industry‚ÄĚ. At Board level, each Director seems to come through with their own professional risk models - the accountant, the engineer, the lawyer, the project manager, etc. There is no standardisation or common language, and little interest in fiddly spreadsheets done by staff. ‚ÄėReasoning‚Äô needs to include ethical reasoning.

Stephen Mildred

Monday 9 July 2018
It's good to see a focus on outcomes - particularly a how to for major businesss decisions. Will use this on a project that has consumed some time and debate already, for a better business decision.