Admittedly the title is a considerable stretch, but it doesn’t have to be excruciatingly boring.
Turing award winner and computer scientist Alan Perlis is reported to have said, “Fools ignore complexity. Pragmatists suffer it. Some can avoid it. Geniuses remove it”.
Dom Moorhouse and I wondered if there’s space somewhere between fool and genius for people who delight in interpreting complexity, understanding uncertainty and distilling it into concrete and tangible actions in pursuit of a stated objective or outcome?
In our view these capabilities are the essence of effective risk management.
Over a recent virtual coffee, we were lamenting the inadequacies of mainstream corporate risk management solutions, which are essentially glorified spreadsheets with a few more bells and whistles.
The problem isn’t that such risk management systems lack functionality, if anything they have too much; they’re simply too complicated for busy practitioners.
We both agreed the absence of sound risk management practice isn’t due to process and tool availability – more the absence of excitement. If we are honest, reviewing a spreadsheet or a table of risks (even one with bells and whistles) is just painfully dull.
The logical retort might be ‘well, risk management is boring but also very important – just get on with it’ but the brutal reality is that so many don’t get past the ‘boring’ aspect, despite full acceptance of its importance.
So, how do successful project/programme/team/corporate leaders bring risk management to life?
Risk management ingredients
We pondered a view that a distilled form of ruthlessly pragmatic risk management has three essential ingredients.
Firstly, a well-managed risk needs to be unambiguously stated and clearly understood. There are a number of formulas for risk annotation but our preferred scheme is of the form:
- As a result of <certain condition>
- There is a risk that <uncertain event> may happen
- That will lead to <potential impact>
Secondly, each risk must have a single, nominated owner – equipped and empowered to do something about it.
Thirdly, there must be an unrelenting, primary focus on the forward-looking treatment of risks (and not endless pontification over the premitigation score, or the RAG status, of an ambiguously defined, ill-managed risk in some historical version of the corporate RAID Log).
What binds such ingredients together?
The answer: Visual management.
Visual management in risk management
The core purpose of visual management is to improve the effectiveness of team communications. As powerfully reinforced by the schools of kanban and lean manufacturing, visual aids and ‘teamboards’ can convey messages faster – and invite more interest and engagement than the written (or spreadsheet) equivalent.
Visual management in risk management, done well, can communicate a complex set of information in a form that requires little or no training to interpret.
So, to bring risk management to life we don’t need more complicated spreadsheets. We don’t need more bells and whistles. We need a way of visualising risks in a more meaningful and engaging way.
Whether it’s a major transformational programme or a company board meeting, the brutal reality with strategic risk management is that there is a finite amount of cerebral capacity for these critical conversations (and decisions). Especially so with respect to risks that require collective analysis, reflection and treatment – as the strategic ones invariably do.
The challenge, therefore, is to ensure a manageable set of risks via a mechanism that is collectively easy to navigate. The enemy is the long, poorly organised, visually disengaging list or table that even the brightest minds drift away from. At one level, graphical presentation may feel like a simplistic solution to an inherently weighty topic – but, alas, that is the reality of the busy executive condition.
The most effective programmes and company boards we have been part of have recognised this reality and were marked by a common feature: a refreshingly simple graphical representation of key risks.
We believe the optimal visual management of this exercise is a simple, classic risk matrix (X axis denoting probability; Y axis denoting scale of impact). One matrix (grid) for risks and another for key opportunities; importantly, say, no more than 15 risk or opportunity items respectively on each. Each of these items – unambiguously articulated and with clearly assigned, single owners – is then reassessed working logically (and visually) from the high probability, high impact (typically top right) corner.
The exercise doesn’t have to be an exhaustive review of every risk, and in actual fact, depending on the frequency of meetings and pace of change we’d commend shorter, punchier but regular reviews positioned near the top of a meeting agenda to get the most mileage out of finite attention spans. Regular, well facilitated, highly engaging ‘risk and opportunity moments’ could yield more benefit than several hours of low-energy, interminable workshops.
In conclusion, to the fools who ignore risk management and the pragmatists who suffer it on the grounds that it can be painfully dull, we say there is a better way.
Effective risk management has three simple and essential ingredients:
- Unambiguous and clearly understood risk statements
- Single, nominated risk owners
- An unrelenting, primary focus on forward-looking treatment
Bind them together with a generous helping of visual management and delight in your ability to interpret complexity, understand uncertainty and distil it into concrete and tangible actions in pursuit of your stated objective or outcome. At a (considerable) stretch you could almost describe that as fun.
You may also be interested in
- How to plan for the ‘unplannable’: human error
- Making risk work for your project on APM Learning
- The role of leadership in risk management
This blog was co-written by Ed Watson and Dom Moorhouse
Dom enjoys an entrepreneurial and pluralist career – with a current, heavy focus on his CEO role of Method Grid (methodgrid.com) - a "connected assurance" platform for engineering-consulting practices (and project-centric service delivery organisations generally). Previously, Dom founded Moorhouse, growing it from singleton start-up in 2004 to, now, one of the most respected business transformation companies in the UK, serving multiple premier/global clients; Dom handed over the MD reins in 2011.