Organisational complexity can become self-perpetuating
When organisation, org chart, structure, policies and orthodox ways of doing things are so rigid that fixing them is “too hard”. The pragmatic response is to work around these structures rather than making the difficult decisions required to dismantle them. But the workarounds create yet more interdependence and complexity justifying yet more policy, more confusion, more rigidity.
- Overwrought policy: All policies should be open to review at all times. Avoid truncated timelines and arbitrary review periods which force people in to suboptimal behaviour (to leave well alone). Be aware of convenient attempts to circumvent reduction (amalgamating polices to reduce the absolute number etc).
- system over-engineering: Look out for over-engineered and badly data-designed systems that require too much data that is then not properly used, and which users will then workaround or complete imperfectly, creating bad static data.
- Static data issues: address these as root cause problems, and redesign systems to ensure we have good data, and no more than we need (there is a maintenance cost to every data point).
Programme management as a problem not a solution
Beware of senior executives “setting the course”, deciding the issues and then handing off execution to a steering committee, which appoints a programme management team who then designates workstreams which appoints operating committees, thus putting impenetrable hierarchy between the executive and the subject matter experts such that the SMEs are not empowered to challenge the “course” and bring their actual real world experience to bear on it. Instead, substantive compliance is more or less taken as read. Programme management is therefore focussed on meeting deadlines and evidencing adherence with identified formal steps over “big picture” assessment of risk management, which is presumed to take place out of sight amongst subject matter experts.
- The intermediate governance of the structure creates additional bureaucracy which in itself is wasteful.
- Due to the complexity of the coordination task of making sure everything is done on time and nothing is missed, programme management teams are focus on completion of formal tasks by arbitrary pre-determined deadlines rather than addressing matters of substance.
This leads to a risk management philosophy:
- Favours policy expansion: it is easy to set and forget rules, procedures and parameters at a senior level rather than trusting the expertise “at the coal face”, empowering expert individuals to monitor business risks, adapting and adjusting their approach to manage risk as they see fit.
- Tends to be backward looking: It emphasises past stress situations as a framework for managing future ones notwithstanding that by nature, emerging risks tend to come from unexpected quarters and arise from unplanned interactions between different system components. The giveaway is the effort devoted annually to updating and adjusting “risk taxonomies” to reflect emerging risk developments in the year. Hello!
- By syndication: that syndicates responsibility for programme execution and risk management across the firm, thereby diffusing responsibility for the overall programme/risk by atomising it into specific, historic categories of risk managed by specific stakeholders, each of whom are encouraged (and incentivised) to keep “within their lanes”, which in turn underemphasises emergent risks arising as a result of intersection of factors controlled by different functions.
- Less accountability: another result of atomised approval is that overall accountability comes “by consensus” and therefore disappears into the grain of the orgnanisation when you most need it. Those responsible at the steering group can point to the discharge of the process; those in the segregated functions accept their responsibility “within their lane” meaning that there is no real ownership of the substance of emergent risks.
What are the failure modes for the executive. Not necessarily just failures of strategy.
- When are risks of executive failure heightened.
including control frauds. Counter-theoretical, as staff are obliged to operate on the assumption that the executive is not failing, and there is no mode of operation to address the contingency that it might be.
- No separation of powers
- No independent checks and balances on the executive (though there are plenty on the operational layer). Just as the firm assumes that there will be operational failures and interposes systematic checks and balances on them, it should assume there will be executive failures and should have systematic checks and balances on them.
- No questioning of tenets of operation, especially when they have ossified into policy: no re-calibration; no testing that they remain fit for purpose.
The assumption that operational failures will arise from human error rather than poor design. To allow for human error to create operational failure itself indicates inadequate design.
Cross-regional and cross-divisional.
What is the role of the coordinator:
- Set and communicate policy and hear objections
- Set protocols
- Agree objectives
- Agree costing
- Obtain resourcing
- Share and communicate
- Ensure consistency and control quality across the operation
The role and shortcomings of policy
The practical effect of policy on compliance. See design above: if there are unrealistic volume of policy with which every staff member is expected to be familiar, this is an executive failure, not an operational failure