To Address Systemic Risk You Need Systems Thinking

Updated: Jun 10, 2020

If your company uses an organizational chart it was most likely designed based on the factory model created by Fredrick Taylor who introduced "Scientific Management" in 1911. The foundation of his approach was the scientific method which has been very successful to help understand many things by understanding the individual parts. This form of reductionism while instrumental in many fields of study does have its limitations. The first and foremost is that it is not always possible to understand the function of the whole by knowing the function of each part. Not realizing the limitations of reductionism can have significant consequences which is itself a risk but also impacts how we think about risk as a whole or rather as a part.

Taylor used reductionism (i.e. Taylorism) to organize how businesses are structured and remains to this day the primary method for designing organizations although this is changing (see article in The Atlantic One of Taylor's aims was to achieve maximum job fragmentation to minimize skill requirements and job learning time. As the workers he would hire would not have many skills, if any, this made sense. Taylor also introduced us to time an motion studies that would eventually lead to the assembly line refined later by Henry Ford. The reason why we have departments, silos and disparate processes is largely because of Taylor and the specialization of skills.

You could say that the focus of many business transformations have been an attempt to address the weaknesses of Taylorism while maintaining its benefits in light of a growing movement towards generalization of skills through the sharing of knowledge, use of teams, and expansion of communication networks.

However, Taylorism is still predominate and its effects impacts how management is structured and in turn how companies contend with uncertainty and risk. An important problem with a reductive approach is that risk consideration is done by looking at only the parts that make up a business and not the entire organization.

This can be seen by the way risk registers are constructed often by starting at the bottom of an organization and aggregated upwards until they form a single heat map or risk score. Trying to understand risk by assessing the risk of individual parts is very much like trying to understand the risks of driving to work by understanding the risks associated with the steering wheel, gaskets, hoses, engine block and other components. You can add them up, put them in a heat map, or prioritize them by a risk score, but they will never tell you what you need to know, "will I get to work on time?"

This bottom-up approach often leads to companies playing “whack a mole” hitting the gopher on the head when it pops ups without understanding why it does and preventing it in the first place. This is treating the symptom and not the disease which unfortunately is the way that many companies contend with risk. It is only when a significant event has occurred that correction or prevention is considered.

Although common this approach has limited utility when lives are lost, reputation is at stake, and future earnings are at risk. As we are becoming more aware of risks that have the largest impact are systemic in nature and no amount of mole whacking will be enough to keep its effects of uncertainty at bay.

As a means to address risk many companies introduce Enterprise Risk Management (ERM) to help address the larger picture but end up with using an approach called "Holism." This is better than reductionism but not the best approach to address systemic risk. Holism is the opposite of reductionism and suffers from the same limitations. Instead of looking only at the parts it only looks at the top (or the boundaries) which tends to lead to ERM implementations that focus mostly on extrinsic or external risk; things which affect the organization as a whole such as: exchange rates, disruptive technologies, competitors, regulation and so on.

Risk consideration that focuses only at the bottom or the top of an organization creates the opportunity for systemic risk to manifest itself. To properly address systemic risk a "holistic" or "integrative" approach is needed. This perspective is necessary to understand where risk can be found and how it propagates throughout an organization which although often delayed can be of significant impact when realized. This systems focus is the domain of Operational Risk Management (ORM) which when implemented effectively focuses on intrinsic risk that impact internal programs, systems, and processes and its effects on achieving outcomes. One way to look at this is that ORM focuses on risk streams (i.e. the propagation of the effects of uncertainty) instead of the risk of failure of individual parts.

Effective operational risk management requires knowledge of systems. This includes value streams but also the interactions between them and the value chain which provide the capabilities, capacities, and competencies to perform them.

It is time to move beyond aggregating risk scores and using heat maps to contend with systemic risk. These are of some value but are remnants of a reductionist approach and are limited in identifying and contending with uncertainty that crosses departments, functions, and processes.

#riskmanagement #systemsthinking

© 2020 Lean Compliance™

All rights reserved.

Access free workshops and resources to help you manage your compliance during and post COVID-19.