top of page

SEARCH

Find what you need

609 results found with an empty search

  • Why Lean Transformation Fails: Unveiling the Missing Pieces

    Eliyahu Goldratt's poignant quote, "You cannot implement a [holistic] system partially," resonates profoundly in the world of organizational transformations. Lean, often hailed as a revolutionary system for improving processes and creating value, faces its share of stumbling blocks in various contexts. As we delve into the intricacies of Lean transformation, it becomes evident that a piecemeal approach is not the key to success. In this article, we'll dissect the reasons behind Lean's failures and shed light on the crucial aspects often overlooked. Breaking Free from Taylorism The roots of many organizations lie in Taylorism , a reductionist methodology that dissects work into minute segments. While this approach was revolutionary during the early 20th century, it has inadvertently led to excessive specialization and siloed thinking. The very scientific management that birthed Taylorism has become a double-edged sword. Organizations are often caught up in managing individual trees, losing sight of the forest as a whole. This divide and conquer mentality impedes Lean's ability to flourish. Over the years, attempts to mitigate the adverse effects of Taylorism have been made with limited success. The band-aid solutions that emerged were often aimed at addressing symptoms rather than the root causes. Lean, however, demands a paradigm shift—a departure from the fragmented and mechanistic approach of Taylorism. Organizations must not be content with superficial adjustments; they must aspire to fundamentally transform their operations and culture. Missing the Essential Capabilities Lean, at its core, is not just a set of tools or techniques. It's a comprehensive system that hinges on the orchestration of functions, behaviors, and interactions. This intricate web of interdependencies requires a "whole system" approach. Dr. Russell Ackoff's insights from systems theory emphasize the importance of understanding the broader context and how all the components within an organization are interconnected. When we treat Lean as a mere checklist, focusing solely on isolated changes, we miss the essence of its transformative potential. One of the most common pitfalls organizations face is their eagerness to embrace Lean by addressing low-hanging fruit . This approach entails tackling easy wins that do not require the behavioural and systemic changes. By focusing low hanging fruit, essential behaviours are not developed resulting in organizations inadvertently missing out on the transformational benefits that Lean can offer. A key aspect of Lean transformation is the development of organizational capabilities. It's not enough to merely introduce Lean tools; organizations must cultivate a culture of continuous improvement among other things. This requires nurturing the skills, behaviors, and mindset that are fundamental to Lean thinking. Unfortunately, organizations often bypass this critical step, leading to a superficial an incomplete adoption of Lean principles that ultimately fall short of producing lasting value. At the heart of Lean's failures lies the inability of organizations to recognize and establish what is truly essential for value improvement. The pursuit of Lean cannot be confined to the optimization of individual parts; it must encompass the orchestration of the entire system. This is where Lean systems operability comes into play Lean Systems Operability – all essential functions, behaviors, and interactions working in harmony at levels of performance necessary to improve value. Organizations that fixate on isolated changes will never experience the true power of Lean. Agile and Lean Startup are not enough While Lean holds tremendous promise, it's crucial to acknowledge that it's not the only game in town. The concepts of Agile methodology and Lean Startup have gained prominence for their adaptive and iterative approaches. Agile emphasizes flexibility, collaboration, and responsiveness in software development, while Lean Startup promotes capability-based iteration and customer-centric product development. Both Agile and Lean Startup offer valuable tools for innovation, but like Lean, they can fall short when not implemented with a holistic mindset. Organizations might adopt Agile practices in pockets, leading to fragmentation rather than the intended collaboration. Similarly, Lean Startup's iterative development can become an exercise in isolation if not integrated into the larger organizational strategy. To truly succeed in transformation, organizations must weave these methodologies into the fabric of their culture, operations, and strategy. Agile, Lean Startup, and Lean principles should complement each other, creating a symphony of innovation, value creation, and customer satisfaction. However, relying solely on these methodologies, even in combination, might not be enough. The Missing Pieces Lean's allure and challenges persist. To harness its transformative power, organizations must transcend fragmented methodologies and embrace a holistic view. By dismantling the remnants of Taylorism, integrating Lean principles and infusing strong leadership and a culture of adaptability, organizations can break free from the obstacles that prevent success. However, that's not all, there's a need to achieve Lean Systems operability— all essential functions, behaviors, and interactions working in harmony at levels of performance necessary to improve value. This requires a "whole-system" approach and only then can the benefits of Lean be realized. In the end, Lean transformation isn't a one-size-fits-all formula, nor is it solely a checklist of methodologies. It's a journey of profound change, where the sum is truly greater than its parts. By embracing a whole-systems approach, organizations can truly realize the transformative potential they seek, and embark on a path toward sustainable success in a rapidly evolving world.

  • Leaders Need To Lead, Not Manage

    True leadership demands pro-activity—anticipating, planning, and actively steering an organization toward its desired goals. This distinction becomes particularly relevant when addressing organizational culture. In this article we explore the findings of a recent Auditboard report raising important issues related to organizational culture. It also calls for internal auditors to take proactive steps in managing culture-related issues. While culture profoundly influences an organization's values and behaviours, a critical question that was not asked is: Should the audit function be responsible for improving and assuring culture? Let's take a look... 2023 Organizational Culture and Ethics Report This report highlights the prevalence of organizational failures due to a troubled culture and emphasizes the importance of assessing and improving organizational culture. The report mentions that many organizations (4 in 5) are not effectively monitoring their culture, which can lead to significant problems. The role of internal audit in assessing and providing assurance on culture is discussed, with the report presenting insights from a survey of internal audit leaders. The challenges in this regard include executive behaviour as a critical indicator, a lack of understanding about culture's aspects and risks, reluctance to tackle culture, and a lack of prioritization of culture assessment. The report calls on internal auditors to take proactive steps in addressing culture-related issues and provides guidance and tools to do so effectively. Key findings from the report include: Organizational Failures : The report highlights that numerous organizations worldwide have experienced significant failures due to troubled cultures. Examples include Enron, WorldCom, Volkswagen, Carillion, WireCard, Theranos, and FTX. Culture's Vital Role: A troubled culture lacking the right tone at the top and a constructive environment is identified as a common factor in these failures. Such a culture can hinder an organization from achieving its strategic goals and objectives in an ethical and healthy manner, while also undervaluing key stakeholders. Devastating Impacts : These failures have had severe consequences, affecting various stakeholders such as employees, investors, customers, suppliers, and communities. Trust in capital markets is eroded, jobs and retirement savings are lost, reputations are damaged, and long-term sustainable success is compromised. Culture Risk Indicators : The report highlights that executive behaviour is a major indicator of culture risk. Poor tone at the top, profit-at-any-cost mentality, poor communication, and unethical/illegal conduct are identified as key risk indicators. Culture Assessment Gap : Despite increased attention and scrutiny, many organizations are still not assessing their culture effectively. A significant number of senior internal audit executives have not been asked by the board or audit committee to provide reports on culture, Reluctance to Address Culture : A significant percentage of organizations do not formally audit or assess culture, and some employ piecemeal, ad-hoc approaches or limited assessment methods. This reluctance to address culture may lead to significant problems. Lack of Understanding : Many organizations do not fully understand the various aspects of culture, including its benefits, risks, key elements, drivers, and principles of a healthy culture. They may focus on the benefits while overlooking critical risks. Importance of Culture Monitoring : The report emphasizes that organizations cannot manage their culture without monitoring it. Boards and executives need to assess the health of their culture continuously and ensure it aligns with expectations. Priority of Culture Assessment : Despite the impact of culture on organizational success, many organizations do not prioritize culture assessment. They may underestimate the risks or face resource constraints. The Right Assessment – The Wrong Conclusion? The report raises important issues concerning organizational culture and the impact that culture can have on mission success or rather mission failure. Undoubtedly, culture is a critical factor in staying between the lines and ahead of risks. The report extends an invitation to those in audit roles, urging them to break free from passivity and seize the opportunity to guide organizations in recognizing the urgent and far-reaching impact of culture. However, the report does not raise (but it should) the question of whether the audit function should be the driver of culture improvement and assurance. The problem is that the audit function typically operates as a reactive rather than a proactive force. It also lacks the inherent managerial accountability that would allow it to drive cultural change effectively, which even if it did, would undermine the role of those who should rightfully lead this effort. Culture emerges as a consequence of actions and serves to reinforce the values associated with those actions. Relying on management reviews, post-incident investigations, and audits reinforces a reactive approach the very thing that the report asks internal audit to change. This reactive behaviour focused on past events is not true leadership, but rather a form of management. It aligns with internal regulation (loop 1) focused on making course corrections and corrective actions, perpetuating a cycle of reactivity not pro-activity. True leadership, on the other hand, centres on pro-activity, involving the anticipation, planning, and action required to make substantial progress towards desired outcomes. This forward-looking approach is evident in setting goals, conducting management pre-views, pre-investigations, pre-mortems, capability assessments, as examples. Such practices align with internal regulation (loop 2) focused on operational governance, steering, and establishing the capabilities needed for mission success, representing a more strategic and forward-thinking approach to shaping organizational culture. In essence, managers manage loop 1 (stay on course) and leaders look after loop 2 (set the right course). To shape culture you need to steer from the front not from the back. The bottom line is this: leaders (those with managerial accountability) need to lead not manage. While audit can be responsible for aspects of this effort, they cannot be the ones to lead cultural change.

  • Integrating Duty of Care into Compliance Programs Through Promise Embedding

    Companies face an increasing demand to not only meet regulatory compliance but also uphold their responsibility toward the broader set of corporate obligations. While compliance programs can be and often are limited to only ensure adherence to legal standards, embedding the concept of duty of care through promises can elevate these programs to a higher level resulting in increased stakeholder trust. This article delves into the innovative approach of integrating promises within compliance frameworks to promote a culture of care and responsibility. The Promise Paradigm According to Promise Theory, promises are powerful ethical constructs that convey commitments and obligations. They transcend mere legal requirements, embodying values that go beyond compliance. By embedding promises within compliance programs, companies can go the extra mile in demonstrating their dedication to safeguarding the interests of employees, customers, and the broader stakeholder community. Here are 5 ways that promises promote duty of care obligations: 1. Aligning Core Values Promises provide a platform to communicate and reinforce a company's core values. When promises are explicitly linked to these values, employees are more likely to internalize and uphold them. By weaving values such as integrity, safety, and respect into promises, companies can build a strong ethical foundation that guides decision-making at all levels. 2. Demonstrating Accountability Promises establish a clear line of accountability within an organization. By making commitments to safety, fairness, and transparency, companies signal their willingness to take responsibility for the consequences of their actions. This proactive stance not only enhances trust but also encourages employees to take ownership of their roles in ensuring compliance and safety. 3. Cultivating a Culture of Care Embedding promises within compliance programs nurtures a culture of care where employees understand that their well-being and the well-being of others are integral to the organization's success. When promises reflect a commitment to the highest safety standards, employees are more likely to be vigilant and proactive in identifying and addressing potential risks. 4. Elevating Employee Engagement A compliance program rooted in promises resonates with employees on a personal level. It transcends the abstract realm of regulations and connects with their innate sense of responsibility. This engagement leads to a workforce that actively seeks ways to improve safety and compliance measures, resulting in a collective effort to maintain a safe and ethical environment. 5. Enhancing Reputation and Trust Consumers and stakeholders value companies that prioritize their well-being. Promises within compliance programs serve as a testament to an organization's dedication to ethical conduct, fostering trust and loyalty. A company that takes duty of care seriously is more likely to be seen as socially responsible, which can positively impact its brand reputation. Implementing Promise-Embedded Compliance Programs By embedding promises within compliance programs, organizations can transform their compliance beyond regulatory requirements and embrace a higher sense of duty of care. This innovative approach nurtures a culture of responsibility, where employees and stakeholders actively contribute to a safer and more ethical environment. Ultimately, promise-embedded compliance programs not only ensure legal adherence but also enhance an organization's reputation, trustworthiness, and commitment to the well-being of all involved. The following steps will help you embed promises within your organization: Identify Key Areas: Determine the areas where embedding promises would have the greatest impact, such as workplace safety, data privacy, or product quality. Craft Meaningful Promises : Develop promises that reflect the organization's values and commitments to stakeholders. Make them actionable and measurable. Communicate Promises: Clearly communicate the promises to all employees and stakeholders. Reinforce the connection between promises and values. Training and Education: Provide training and education to employees to help them understand the significance of promises and their role in fulfilling them. Monitoring and Feedback: Regularly assess the organization's progress in keeping promises (i.e. a measure of integrity). Encourage feedback from employees and stakeholders to identify areas for improvement. Perhaps, the best aspect of embedding promises within compliance programs is it that it affords compliance with a meaningful measure of effectiveness by counting the promises kept compared with how many that were made: More information about obligations, promises, and their association with compliance can be found in the following articles: Should Compliance Manage Obligations or Promises - https://www.leancompliance.ca/post/should-compliance-manage-obligations-or-promises Considering Promises as Assets - https://www.leancompliance.ca/post/considering-promises-as-assets The Heartbeat of Compliance: Keeping Promises - https://www.leancompliance.ca/post/the-heartbeat-of-compliance-keeping-promises From Promises to Policy Deployment: Unlocking Organizational Accountability - https://www.leancompliance.ca/post/from-promises-to-policy-deployment-unlocking-organizational-accountability

  • Compliance Maturity: Embracing the Long-Term

    In today’s world, where instant gratification often takes precedence, it's easy to fall into the trap of taking a short-term view of life and business. We yearn for immediate results and quick fixes, all while sometimes neglecting the true cost of our decisions. However, it's essential to recognize that success often requires a longer-term perspective, a willingness to make sacrifices in the present to secure something of greater value in the future. In this blog post, we will explore the need to shift from short-term thinking to a long-term view and the benefits it can bring to our lives, businesses, and compliance success. Living as a Teenager The desire (or rather impulse) for instant results is more prevalent today than ever. Whether it's in our personal lives, business endeavours, or even the domain of meeting obligations, we often seek immediate gratification. We want things now, today, or, at the very least, as soon as possible. This mindset can lead to hasty decisions and a lack of consideration for the long-term consequences of our actions. Our impulse for instant gratification plays a significant role in having a short-term view of the world. We've grown accustomed to the convenience of getting what we want when we want it, and this culture of immediacy can erode our patience and resilience. This is reinforced by the ubiquity of technology, the internet, social media, same-day delivery, along with other factors, perhaps more than any other generation. A common fallacy that accompanies this line of thinking is the belief that everything will somehow work out favourably in the end. We have heard that said from many including perhaps our parents. Who doesn’t want to believe that it will all work out for the good in the end? However this perspective tends to underestimate the real cost of our decisions, thinking either that their are no downsides or that someone else will bear the consequences, and that it won't be us. This mindset can lead to risky behaviour and a lack of accountability. In many ways, we are acting as teenagers driven solely by our passions (and hormones). While growing in maturity (adult-ing as some call it these days) is difficult, living forever as a teenager does not prepare us to handle the reality of how the world works. The Need to Look Up and Grow Up To break free from the shackles of instant gratification and short-term thinking, we must mature and adopt a longer-term view. This involves recognizing that success (including compliance success) often requires sacrifices in the present to attain something of greater value in the future. It means being willing to invest time, resources, and effort today for more substantial, enduring, and ultimately better outcomes tomorrow. Personally, this might mean investing in education, saving for retirement, or making responsible environmental choices, even when they don't yield immediate rewards. With respect to compliance this means taking ownership of obligations and keeping promises associated with them. However, I think it means more than this. We must learn to think beyond ourselves. Having a long term perspective is a mindset shift that enables us to make choices that are not just beneficial for us but also for our communities, the environment, and future generations. It’s the mindset of mature adults particularly those who are leaders. Some of us had the opportunity to witness that with our own parents who gave up much so that we (their children) might have a better life. This is a characteristic we value in people and businesses, and something we need to value with respect to compliance. Compliance Growth and Maturity In a world where short-term thinking often prevails, it's time to embrace the wisdom of the long-term view particularly when it comes to meeting obligations. This means sacrificing instant gratification and making choices to achieve more significant and enduring success. It's a path that requires maturity, patience, integrity, and a willingness to invest in a better tomorrow. We are often tempted by short-term thinking, which makes it easy to avoid responsibility and make empty commitments which negatively impacts both compliance and business success. However, a long-term perspective reminds us that embracing accountability and fulfilling promises (the heart of compliance) is an investment in our future. It means sacrificing immediate comfort, like setting standards, or admitting when we are wrong, to build trust and reliability over time. By doing so, we not only strengthen our relationships but also contribute to a more responsible and trustworthy world, paving the way for personal and corporate success in the long run. It’s time, and its always been time, to look up, grow up, and pave the way for a future that truly reflects our values and aspirations.

  • How Do You Feel About Compliance?

    When it comes to practising compliance it often feels like driving a car, or more precisely a standard (small pun intended), one with a gear shift and a clutch. My first car was a standard, and I remember what it was like to use a clutch, watch where I was going, and steer the car to avoid hitting anyone – all at the same time. It was overwhelming, at least at first. You definitely wonder if it might be better to just focus on one thing, to make it simpler and less overwhelming. Perhaps, just focus on the brakes - that should be enough? But will it really be enough to get you from where you are now to where you want to go? The answer is no. You need to learn all that’s essential for you to drive, and that means learning how things work together not just on their own. And this can only be learned by practising them at the same time. This same question should be asked of compliance when it comes to meeting obligations. Is focusing on the parts of compliance really enough to get you from where you are now to where you need be with your obligations? For compliance to be successful, you also need to practice everything that’s needed – all at the same time. We need to master how to drive the whole compliance system – not just how to work the parts. And yes, it will feel like driving a standard. However, in time, driving compliance will become second nature and you will focus more on the journey and what destinations you might visit rather than on the different parts of the system and the dynamics of driving. You will start to experience the benefits of compliance. And this will feel very different. You will look forward with anticipation to the benefits you will experience because you have learned how to successfully drive compliance towards targeted outcomes. And you will be filled with assurance rather than anxiety knowing that you have what it takes to make it happen. This may sound like a luxury or a nice to have, but it is a necessity for those where compliance failure means mission failure. When it comes to getting to where we want to go we expect to use an entire car, and learn how to drive so that it delivers what’s promised. Not a luxury, but what’s expected. Why don’t we expect the same from our compliance? Why are we not expecting and using the entire program, and learn how to drive it so that it delivers what's promised – all the commitments we have made associated with all our obligations? We can feel differently about our compliance. We can feel assurance (confidence and certainty) rather than anxiety (unease and worry). But we first need to learn how to drive.

  • What is Minimum Viable Compliance (MVC)?

    When it comes to performance-based compliance required by organizations where compliance failure means mission failure we need more than working systems – we need systems that work. For compliance systems to work they must be operational. They must achieve a minimum level of compliance defined as Minimum Viable Compliance (MVC). MVC is achieved when essential functions, behaviours, and interactions work together at levels sufficient to create compliance benefits (the outcome of compliance.)

  • How Structures Create Cultures

    Professor Andrew Hopkins shares his insights on how organizational structure, communication, and habitual practices advance safety culture from his recent book: Organizing for Safety – How structure creates culture. Hopkins is the author of well known books such as: Lessons from Longford, Failure to Learn, Disastrous Decision, Nightmare Pipeline Failures, and others. In this video, Hopkins outlines how organizational structures contribute (negatively and positively) to overall safety performance. This video was shown during of the Oil and Gas Denmark – Task Force Zero 2019 safety conference.

  • Is Your Culture Holding you Back?

    The very culture that keeps companies in highly-regulated, high-risk industries safe may be the very thing that is holding them back from making improvements and advancing overall compliance outcomes. Companies in this space tend to be hierarchical with respect to their organizational structure which often closely aligns with the asset structures they are operating. This provides clear lines of accountability, better consistency of behaviors and practices, and greater conformance to procedures and standards. Efficiency and reliability are their by-words. You don't want workers to "innovate" when they are doing their job. You want them to follow safe-work practices and life-saving rules so that people and businesses are kept safe. However, increasingly these same companies are being asked (regulated) to improve, to innovate, and to make progress on their compliance objectives not just perform at existing levels. This requires a different culture that is more proactive, goal-directed, and risk-taking. This culture is opposed to the very one that that keeps them in business today. Instead of one culture to govern them all, companies may benefit from a diversity of cultures specific to the task at hand. Geoffrey Moore's book Zone to Win does a great job at outlining the activities of a business and what characterizes each part (or zone). Each zone has its own management, behaviors, and practices specific to what is needed to accomplish the objectives for each zone. Each zone effectively has its own culture. The Competing Value Framework developed by Cameron and Quinn (2006) provides additional insights into organizational cultures based on four classifications: CLAN, ADHOCRACY, HIERARCHY, and MARKET cultures as shown in the following figure: This framework has been used extensively by organizations to help them navigate their cultures and make necessary adjustments. For compliance to be effective it is helpful to consider which culture is best across governance, program, system, and process layers. For example, a proactive approach may benefit from a culture that values creativity and collaboration to identify strategies to better achieve outcomes. However, when these strategies have been decided what is more important is consistency and conformance which benefits from a culture that is more controlling oriented.

  • Culture Eats Tools For Breakfast

    We have all heard that culture eats strategy for breakfast (Peter Drucker). What we may not have heard is that the same holds true when it comes to compliance tools and measures. Organizational culture also determines which tools and measures will work and which ones won’t. In fact, without the right culture you will never be able to benefit from the tools you need most to meet all your obligations and keep all your promises. Let’s take a closer look. In a study published by The International Association of Oil and Gas Producers (OGP) in 2010 an evaluation was conducted of 53 Health, Safety, and Environmental (HSE) tools against organizational culture. In this study HSE tools range from processes (i.e. measures) to commercial products across the following 15 categories: Reporting and Recording Incident Investigation and Analysis Auditing Human Factors In Design Work Practices and Procedures HSE Risk Management HSE Management Systems HSE Training and Competence HSE Appraisals Situation Awareness Questionnaires and Surveys Observation / Intervention Incentive Schemes HSE Communications Other Organizational culture was assessed using these classifications: Pathological - Who cares as long as we’re not caught Reactive - Safety is important; we do it along every time we have an accident Calculative - We have systems in place to manage hazards Proactive - Safety leadership and values drive continuous improvement Generative - HSE is how we do business around here Each tool was judged as appropriate for the level of organizational culture when it meets these criteria: It is likely to be accepted and actively used; Its use serves a required purpose; and It should improve HSE performance. An excerpt from the study is shown below (see link at the end of this post to download the full study): According to the study, a tool no matter how good it is will not provide the intended improvement unless an organization is ready for it. As a result, this study shows that the majority of HSE tools needed for an effective HSE program will not be helpful without higher levels of cultural maturity. For example, risk management tools will not be effective unless a culture is proactive. Another insight can be inferred from the study by considering organizational coupling. When this is considered we noticed that many HSE tools require higher levels of integration to be effective. For example, Management of Change (MoC) processes require engagement across multiple areas of responsibility to effectively contend with risk due to planned changes. In other words, MoC is not effective as a stand alone tool conducted by one person – an example of low coupling. The following chart combines these two insights: What Does This All Mean? The majority of tools needed by a compliance program cannot be used without sufficient pro-activity and organizational coupling. This is a big deal for organizations trying to improve HSE performance that are mostly reactive and operate in functional siloes. They will face an up hill battle which will be the case for many, perhaps the majority, of organizations. What do you do when your organization is not ready to benefit from tools that you need to achieve program performance goals and advance outcomes? Let's consider three options: No Transformation Big Bang Transformation Progressive Transformation 1. No Transformation This option recognizes that the organization is not ready to take advantage of the majority of tools needed by a program. It accepts the culture that exists and uses it as a place to start. Understanding that it will not be enough to meet performance objectives or advance program outcomes. The outcome of this approach is a partial, and most likely not operational, program managed by a few resources working independently, mostly reactive, and focused on reporting. Engagement with internal stakeholders will be limited to collecting data needed to feed basic tools of the program. Taking the program to the next level will require organizational transformation. However, many that start here never transition to the next level – their culture prevents them from doing so. 2. Big Bang Transformation This option recognizes that becoming more proactive and integrative is necessary and fundamentally a change management problem requiring strong leadership and stakeholder support. Change management will among other things introduce proactive behaviours along side of greater levels of stakeholder engagement needed to drive organizational coupling. This if successful should enable a larger set of program tools (perhaps 3 times) to better meet program objectives and realize benefits. Transforming culture and implementing new technology all at once is a high-stakes, high-risk endeavour. Sustaining focus and effort across multiple years is possible but very organizations have the patience. It usually takes new leadership or a serious incident for those organizations to change. Organizations, that do not sustain their efforts using this approach will end up with partial and non-operational programs and often end up starting over. 3. Progressive Transformation The previous option is similar to a "waterfall" approach where benefits are realized only at the very end. This approach makes sense when: The organization has had prior success with this kind of transformation in the past, A high degree of certainty exists with what and how things need to be done, All program capabilities (behaviours, skills, tools, capacity, etc.) need to be present to realize the majority of the benefits. However, when these conditions do not exist the organization will need to learn new behaviours as they implement technology. This requires a change management approach of a different kind. An approach designed to do this is, "Lean Startup." This methodology uses a BUILD-MEASURE-LEARN cycle to achieve greater levels of program capabilities.This is different than phased implementations or continuous improvement strategies. Not all behaviours and not all parts of the organization need to be integrated at the onset or all at once. Instead, what is needed is for every version of the program (minimal viable program) to have essential behaviours and properties operational for a targeted level of effectiveness (measure of progress). Lean Startup takes advantage of this and provides organizations the opportunity to learn new behaviours over time while improving program performance and effectiveness at every stage of system development. Lean Startup aligns change management with implementation to produce intermediate / instrumental transformations in culture, coupling, and program effectiveness. This approach is still high-stakes but a lower-risk endeavour. If and when priorities change, organizations are left with a program that is operational but may not be fully effective. This is better than nothing, or a partial inoperable system, or having to start over in the future. As benefits are realized at every iteration rather than at the end they can help fund further program development. In essence, every iteration of the program generates a return on investment (ROI). Summary Many organizations invest significant amounts in tools and technologies to support compliance programs. These have the potential to improve program performance and outcomes but only when reinforced by particular levels of organizational maturity specifically associated with culture and coupling. When organizations are not ready for the tools they need organizational transformation must occur which is a risky endeavour. However, this is not as risky as implementing tools that will never realize the intended benefits. Effective change management is critical to address the people-side of change. This can be improved further by implementing technology in ways that reinforce learning of new behaviours and integrative practices. References: 1. "A guide to selecting appropriate tools to improve HSE Culture (2010)", OGP:

  • A Measure of Integrity

    Organizations and individuals make promises to meet obligations of all kinds. These might be in the form of duties, commitments, responsibilities, or customs connecting with such things as: a license to operate a business, a license to practice a profession, a license to drive a vehicle, becoming a citizen of a country, becoming a member of an association, getting married, being part of community, signing a contract, and so on. When we enter into these arrangements we accept the conditions to meet the specified obligations. This is a promise we make not under compulsion, but voluntarily and usually with good intentions. However, over time and for a variety of reasons, we may find that the promises we have made are not being kept. The gap between the promises we have made and those we no longer keep is a measure of integrity. Measures of integrity do not only apply to people. They also apply to such things as engineering systems and processes that we use to operate our businesses. For example, when mechanical integrity has been compromised the equipment or process in use is no longer able to perform according to its design specifications. In a manner of speaking it can no longer keep its promise to perform. As engineers we attempt to compensate for this loss by including safeguards in our designs in addition to continually monitoring any gaps in performance during operations. These gaps are also a measure of integrity and keeping them in check is necessary to keep trouble at bay and sustain safe operations. When integrity, personal or otherwise, is lost or diminished we start on a path that leads to all kinds of trouble that usually ends with disruption. We start to observe an increase in the number of problems and issues often accompanied by the presence of inspectors, auditors, and lawyers. We end up on a path that we did not choose (at least directly) or want, but one that we are now compelled to follow. This disruption comes at a cost, over and above any fines we might pay. We can avoid these troubles and the disruptions that ensue by maintaining integrity which requires that we have a measure of integrity . When it comes to risk and compliance programs a good place to start is by having clear and concise compliance specifications that describe what the obligations are, how they will be met, and key results and objectives by which performance and outcomes can be measured, Companies that have these in place will know their level of integrity. If you are unsure of your obligations or if your plans to meet them are able to perform to achieve your targeted outcomes please contact us to learn how our programs can help.

  • Towards an Environmental-First Assurance Framework

    To meet the challenges of environment-first future organizations will need to establish modern compliance systems to assure environmental policies are implemented across all their operational business units, divisions, and departments. In this post we outline a policy management approach based on ISO 14000 that provides the means to align and coordinate environmental commitments flowing from an organization's environmental policy across all of its operations. This framework consists of three primary functions: Policy Development Policy Deployment Policy Implementation 1. Policy Development The purpose of policy development is to create and maintain an overarching operational environmental policy to direct and govern environmental performance across the enterprise. This begins by taking inventory of both regulatory requirements along with voluntary commitments. These obligations provide overall direction, industry and regulatory targets, and objectives covering aspects associated with: Board Priorities Strategy and Plans Laws and Regulations Assets / Operations Stakeholder Concerns Using this information organizations are then able to set appropriate organizational outcomes, direction, and goals commensurate with the level of commitment and operational risk, all of which are used to establish an overarching policy. This policy is "operational" in nature as it defines specific commitments for the organization bridging the gap between intention and action. 2. Policy Deployment Once an operational environmental policy is created it will need to be deployed across existing operations, departments, and services. Policy deployment keeps the organization on track and from drifting away from its environmental obligations. To be effective policy commitments must be operationalized into internal systems, processes, and procedures. This is assurance-by-design which when done well decreases the need for excessive inspections and audits. It also holds operations accountable for its environmental performance. The operationalization of environmental commitments is captured in individual deployment plans for each divisions, department and service. 3. Policy Implementation Each business unit, division or department will implement their individual environmental policy deployment plan and evaluate their progress. Assurance is improved by evaluating performance and engaging in continual improvement which although required more with voluntary obligations is increasingly becoming the norm for regulatory requirements. Establishing a modern environmental assurance framework will help organizations do what they say and say what they do when it comes to meeting their environmental, social, and governance obligations (ESG).

  • A New Year and A New Framework for Risk Management

    Over the last several years what is traditionally called risk management has undergone significant criticism from professionals, practitioners and benefactors of its practices and principles. For the most part these criticisms are justified. Up until now risk management has been practiced across disparate domains each having their own definition of risk, taxonomy, rigor, and practices for amelioration (some do not even have that as an objective). One risk domain might focus on better decision making informed by quantifying the value at risk usually in financial terms. Another domain might direct its attention to preventing risk from becoming a reality by implementing controls and measures. Some will talk about hazards and obstacles while others will speak of threats and events. Most will focus on negative outcomes and fewer the positive side of risk. Some will deny that positive outcomes are risks at all and others will espouse that using heat maps is pseudo science, and if you are not using Monte Carlos you are not doing risk management. Some are trying to find the elusive black swan and most are trying to realize the benefits from risk management in a world that is calibrated to measure things that happened rather than things that may or may not. As companies have continued to elevate the role of risk management further up in their organization the lack of consistency and coherency has become more prevalent driving much of the criticisms we now observe and for the conclusion by some that r isk management as a whole is broken which is something I agree with. What the risk profession needs more than ever is a conceptual frame that is comprehensive enough to properly incorporate the way that risk manifests itself in reality as a whole not only in particular categories. The Game of Snakes and Ladders Risk as we now understand it is a manifestation of uncertainty which has been described as the fabric of reality found all the way down to quantum level. It should therefore come as no surprise that this reality has been present since the beginning of time and of course in the game of “Snakes and Ladders.” This is an old game but has important lessons to teach us about how risk manifests itself in reality. “Snakes and Ladders” captures a reality of life that for every path you take there will always be the possibility of snakes waiting to take you down. However there is also the possibility of ladders to rise above them. The International Standard Organization’s ISO 31000 guidelines defines risk (and rightly so) as the effect of uncertainty on objectives. As an aside, this definition has perhaps had the most impact in recent years to advancing the domain of risk management. In the game, uncertainty is represented by the roll of the dice which serves to turn possibilities into reality, the effects of which can be both negative or positive. You can be bitten by the snake and sent back down or find yourself climbing a ladder towards your objective. The presence of uncertainty affects everything. Contending with Snakes (managing threats) Snakes hinder getting to where you want to go or what you are trying to achieve. They take you down in the game, in business and in life. However, not all snakes matter. The snakes that matter are the ones in your path. These snakes can sometimes be avoided, or their effects minimized but they can never truly be eliminated. Snakes can be active as in the case of bad actors who want to take you down. Snakes can also be passive, holes in your defences that wait to be exploited. All snakes contribute to the uncertainty of winning the game. In business this uncertainty is manifested in the form of institutional or operational risk; the effects of uncertainty on mission objectives. You can wait for snakes to come or you can take advantage of ladders to stay above them. However, what the game teaches us is there will always be snakes. Climbing Ladders (exploiting opportunities) Ladders are the opposite of snakes. Instead of taking you down they take you up. Ladders help to advance your progress towards what you are trying to achieve. As with snakes, not all ladders matter; some are more useful than others. Ladders can help to avoid snakes which is what traditional risk management focuses on. Ladders can also represent opportunities to get ahead. Winning strategies not only build defences against snakes, they also include measures to exploit opportunities to win the game. Deciding which Game to Play (evaluating value at risk) The game of snakes and ladders is a game of chance. However, in life and in business winning strategies must also consider the effects of choice which have their own snakes to contend with. You can choose to avoid as many snakes as possible or decide to build more ladders to improve your chances of winning, or any combination of both. Which option do you pick? To decide which is best you need a way of determining which strategy among alternatives is most likely to succeed. In many cases you can calculate the probabilities and the cost of one strategy over another. However, even when you can't you still need a way to choose which game to play and what strategy to use to win. A New Risk Management Framework Although the game of “Snakes and Ladders” is a simple one created years ago it is based on observing how risk manifests it self in the world over hundreds of years. The following principles derived from the game have past the test of time:" Chance (uncertainty) affects everything. There will always be snakes (threats) to contend with. Ladders (opportunities) are necessary to overcome snakes and win the game. You need a way to decide which game to play and how to succeed. It is disconcerting that many risk managers are not aware of these basic principles and how to use them to advance mission success. All too often only one aspect of risk is considered usually driven by a particular set of analysis tools or definition of risk. A few years ago I conducted a risk workshop with a group of managers who were considering structural changes to their organization. During this meeting one of the managers commented that there were no risks since there were no hazards. This was coming from an approach to risk that is common in safety; when you eliminate the hazard you eliminate the risk. In other words, no hazard no risk. This was technically true since of course there were no physical hazards. However, there were organizational hazards, uncertainties, and associated risk. There were options that needed to be evaluated and opportunities to exploit to improve the probability that intended outcomes would be achieved and negative ones might be minimized. Unfortunately, there was no framework that everyone understood for effective discourse to occur. The effects of this problem surface throughout organizations across every sector. When we talk about risk we are seldom talking about the same thing. Risk management must move beyond individual risk domains, tools and approaches if it is to have the role that it should have in an organization. Of course it will always be necessary for specialized research and practices to support individual risk categories. However, the way we talk about risk should be the same across all of them. Until that happens risk management will not be as effective as it could or needs to be. Confusion rather than certainty will prevail and we all know where that leads. The current frames to describe risk are overly reductive lacking the scope to properly describe and effectively contend with uncertainty. In other words, how we frame risk has become more important than what is inside the frame. As we transition into a new year, my hope is that we continue the transition towards a coherent and comprehensive risk framework. The work that ISO has done is a good start. However, we need to continue to build ladders that will help risk management move up in organizations and be effective in the role that it needs to have.

bottom of page