To reach assurance you must know your business. You and your boss must know what’s acceptable.
This guide assumes that you are already an expert in your own business. It’s a ‘how-to’ guide that doesn’t guide you on ‘how-to’ run your business. It only guides you on how to organise the risk element that was always in the business, and always will be.
Business planning also relied on your expertise. Your expertise includes knowing the situations that you must prevent, and knowing the events that would interfere with your normally successful activities.
The how-to steps in this guide do not give you the expertise. Not many ‘steps’ could do that. This is not a guide to the risks in your business or in your work unit. The steps discover what you know already, and from those discoveries build a picture of confidence and doubt. That picture is one you can share.
The guide further assumes that you and your boss know what is important to your customers, bosses, and other stakeholders. If you find yourself unsure, the risk management steps will prompt you to ask the question.
It helps if you can talk with the boss.
Behind all that is an assumption that you can have constructive conversations with the boss about such topics. In more brutal organisations, bosses can regard a discussion of uncertain outcomes, or of uncertain objectives, as an admission of weakness. Language such as ‘failure is not an option’ or ‘your job is to deliver’ might be clues.
If you find yourself in a place like that, this how-to guide can also help you, and you may need it even more. You might want to understand ‘risk’ a little differently. In that situation, the outcomes that matter are the outcomes that will come back to affect you, not the organisation. Those outcomes will overlap with what the organisation wants. The degrees of success and failure on each objective will reflect what happens to you, not by what happens to the organisation. Rather than discussing expectations constructively with the boss, you will probe the boss, when you can, to get clues about what might follow for you as a result of varying unit outcomes. The personal consequences of output and performance numbers might be clear already, but you also need to understand whatever else might be important to your own future.
‘What’s acceptable’ includes behaviours, numbers, delivery, real-world outcomes, and outcome likelihoods. It’s the real-world outcome likelihoods that matter.
Your organisation probably talks about all sorts of things as either mandatory or unacceptable. Categories of ‘thing’ that might be mandatory or unacceptable include:
- Behaviours, specifically behaviours expressing values, or individual behaviours required to comply with laws and policies.
- Values for financial or other metrics, typically expressed as numbers. Financial metrics might include sales targets, profit margins, or key ratios. Non-financial metrics might include defect or complaint numbers.
- Delivery on specified commitments or targets.
- Outcomes, staying within an approved budget, or avoiding human injury.
It is often reasonable to use words like ‘unacceptable’ for exceptions in these categories. The problem arises when something ‘unacceptable’ arises unintentionally from decisions and behaviour that the organisation actually supports. An obvious example is a company vehicle crash that results in an injury, but was not the result of negligence by a company driver. Is that unacceptable? The answer is neither yes nor no.
For risk management, you need to understand ‘acceptability’ in a different way. An ‘acceptable risk’ is based on outcomes. It is not the outcomes themselves that are acceptable. It is their likelihood.
- Positive outcomes have a minimum likelihood.
- Negative outcomes have a maximum likelihood.
For risk, what is ‘acceptable’ and ‘unacceptable’ is the likelihood of an outcome.
To the extent that risk management addresses behaviours or metrics, they are first understood as outcomes. Accepting a risk of bad behaviour is not a response to bad behaviour that is detected.
|New to this||Version 3.0 Beta|
|New to this||Version 3.0 Beta|