Change isn’t easy. We are creatures of comfort. People exhibit a status quo bias. You may hear folks say, “if it ain’t broke, don’t fix it”. This outlook was fine last century, in a stable world, but the modern world does not reward such indifference. We live in an age of digital disruption. Innovation, continual improvement, fail fast and perpetual beta are the bywords, not necessarily for getting ahead, but simply staying competitive.
At the dawn of the information age, office workers were promised efficiencies that they could only dream of. We have certainly benefited from what was once called teleworking, but a shorter working week? We certainly are better connected than we were in an analog, pre-digital era, with near-instant messaging and rapid access to the totality of human knowledge, but this change came with some unforeseen, knock-on consequences. Knowledge without experience is no substitute for expertise. Hyperconnectivity allows the rapid transmission of poor decisions and misinformation just as efficiently as good quality data or instruction. An unintended consequence of the internet has been noise or, more specifically, information overload and friction associated with unnecessarily connected, complicated and inefficient systems.
Maturity models and stretch goals
Some commentators will say that the modern world is characterized as VUCA: volatile, uncertain, complex and ambiguous. As we set out in the first post in this series on Capability Improvement, organizations cannot afford to overlook the need to formally manage risk. It is not enough to make only strategic assessments of risk. In a volatile world, forecasts can prove wrong, so quickly that continual risk management is necessary to track team performance against baseline budgets and plans, prompting course correction as soon as possible. See our post on Real-Time Scenario Planning for more on this.
Self-awareness does not come easily to everyone either. A maturity model can serve as a useful tool for project team members to better understand their current level of maturity, and then compare their current position against a spectrum of possible capabilities. To quote Jefferson, "The wise know their weakness too well to assume infallibility; and he who knows most, knows best how little he knows."
With any skill, whether it is of a sporting or musical nature, a team’s project risk management ability can range from rudimentary to world-class. Having an awareness of stretch goals can not only improve team capability, it can also provide impetus to and develop or maintain a competitive advantage.
Dr D Hillson once likened the successful application of a maturity model to, “walking up the down escalator”. A good maturity model will not be set in stone in perpetuity. It should have some flexibility so that an organization may update their capability objectives and strive to attain stretch goals that will help keep them competitive. This notion holds true at both a personal and organizational level.
The four attributes of risk management capability
Hillson described risk management capability in the context of four attributes:
- Culture - Capability will be poor if personnel required to support risk management efforts do not witness demonstrable and visible top-down commitment. If the “tone at the top” is not tuned correctly, it will be extremely difficult for risk practitioners to engage stakeholders and elicit good quality data.
- Process - The environment in which the risk management process is applied directly impacts the quality of an organization’s most important decisions. Ideally, risk management process will be at level of maturity that recognizes the value of risk-based knowledge management, evolved to a level capable of supporting data-driven decision-making. As standard practice, professionals should ensure that a formal close-out process is applied by project teams to consistently capture and share relevant risk data. Mature organizations may have a dedicated resource capable of locating both historical and contemporary records required to support fact-based decision-making. Performance metrics should exist to enable an organization to track and monitor measurable value derived from a risk management program. Success should be tracked, not only enterprise-wide, but across the whole supply chain. See our blog posts Data That Matters, and Data Literacy And Thinking In Uncertain Terms for more on data-driven decision-making.
- Experience - This attribute addresses the level of risk management understanding and/or training the organization may or may not possess. One may also consider learning from experience or lessons shared. An organization can reasonably expect high levels of risk management program success when teams are assured of consistent access to personnel with meaningful risk management experience. This will help ensure risk policies are implemented, and any performance gaps flagged for remediation. Team members should be recognized for, or encouraged in, adopting a professional approach towards their work. When teams consistently capture and share learning points, there exists the greatest opportunity for establishing a “learning organization”. Risk-based kaizen is a key enabling factor for enabling intelligent risk management strategies.
- Application - This maturity attribute considers the consistency of risk process application, availability of dedicated resources and the state or capability of available risk tools and software, of which more in blog post Avoiding The Risk Of Using The Wrong Risk Tool. Clearly, for risk policy goals to be achieved, teams need to be equipped with the tools that allow them to execute the risk process at an adequate level. Appropriate systems and tools will enhance risk identification, accurate quantification of risk, facilitate timely risk response implementation and enable effective knowledge sharing for the benefit of future projects.
Continual improvement as an ongoing organizational change management project
Continual improvement may be second nature to dedicated project professionals but, to overcome natural inertia or status quo bias, risk management should be held to be an ongoing organizational change management (OCM) project. In fact, to gain the most from any risk management initiative, you will need a group-wide OCM campaign to ensure change for the better is taking place among all personnel, at the same speed and in a common direction, as we discuss in blog post Promoting A Discovery And Growth Mindset.
Training for improving risk culture is typically the first or initial component of any such OCM project. From the get-go, success will require careful stakeholder management and, to reiterate, traction will only be gained if there is clear and demonstrable leadership in support of risk management initiates, from the top down.
Is your organization comfortable analyzing projects in uncertain terms? Are you dedicated to continual improvement and using best-in-class tools that can combine both cost and schedule data to help prioritize the reduction of your most critical project risks? If you would like to optimize the chance of project or program success for the benefit of your team, please contact Safran Risk and develop your bespoke capability improvement options with the support of a trusted advisor.
