Governance as a Risk Management Initiative

Published
  • April 12 2011, 1:38pm EDT

Most governance initiatives produce detailed procedures, policies and organizational structures that on paper seem to address issues but are often difficult to implement – or a challenge to stick with that implementation.

Some often cited reasons for a governance implementation getting off track are:

  • Initiative overload - one more thing for staff at various levels in the organization.
  • Too complex or cumbersome.
  • Agreements hard to reach among staff.
  • Workforce is not able to relate to the requests and tasks involved.

The bottom-up procedures, policies and process approach to governance spells out the mechanics, but it doesn’t address the big picture. This approach by its very definition is mired in process, details and inter-team dynamics, which at the very outset seem unmanageable and have very little chance of succeeding. Without the necessary authority or influence, commitment can rarely be driven bottom up.
Governance initiatives seldom fail as a result of the mechanics of the process alone. On the flip side, very rarely have initiatives succeeded just because of the mechanics of the process. Success is the result of the organization recognizing the strategic value of such initiatives and leadership providing the right focus and right environment for staff across the company to execute the strategy.

Governance implementations focus mostly on design of roles and responsibilities, interactions between people within an organization and ways to formalize those interactions. The designs in and of themselves are flawed because as they fail to recognize the larger organizational context in which people operate, as well as the core values and mission of the organization.  The design of those roles and responsibilities also often don’t factor the organizational culture or leadership’s role in setting the right focus. Ultimately, when governance initiatives don’t achieve desired outcomes, policies and processes are blamed, even though those policies and process never had a chance to succeed given the organizational context.

Governance Examples In BP Oil Leak

The 2010 BP oil rig explosion and leak in the Gulf of Mexico provides an interesting look at governance and risk management. The organization had at least an aspirational risk management goal in its mission statement of “no accidents, no harm to people.” But even before the Deep Horizon oil rig disaster, BP had one of the worst workplace disasters in recent history.

An independent panel was set up (based on U.S. Chemical Safety and Hazard Investigation Board’s recommendations) to study BP’s corporate oversight of safety management systems and corporate safety culture. The panel, headed by Former Secretary of State James Baker, submitted a report on its findings, and some excerpts from that are reproduced here. Was there enough in here for BP to learn from and avert future disasters? One might find the recommendations of this panel insightful to risk management for their own organization and operations. As the panel points out in the report, they intended this mainly for BP’s management, but also recognized its broader applicability to others.

“Process Safety Leadership“

The panel reported that leadership from the top of the company, starting with the Board and going down, is essential. In the panel’s opinion, it is imperative that BP’s leadership set the process safety “tone at the top” of the organization and establish appropriate expectations regarding process safety performance. Based on its review, the panel believes that BP had not provided effective process safety leadership and had not adequately established process safety as a core value across some of its U.S. refineries, undermining safety performance with initiative overload.

Organizations develop long-term strategic plans to chart out a general course for the future. From these strategic plans, operational and business unit plans are created, giving specific functions within the company for tactical execution. If we look at this from a performance management standpoint, there are assets that need to be managed appropriately to produce the right products/outputs. The assets include everything from capital, machinery, human capital, processes and information. In order to measure success, performance metrics need to be developed. If this process is done well, middle management and front-line staff know on a day to basis the kinds of things that need to be done in order to be successful.

From an IT perspective, once the core strategic information assets are identified, IT can create various asset monitoring controls, edit rules, dashboards and reports. Once again, it’s the strategic focus that is instrumental in keeping this manageable, even from an IT perspective.

What is the absolute set of core metrics that’s instrumental in managing the organization’s assets? Is risk management effectively part of the organization’s decision-making framework? Strategic risks can be identified and articulated as a primary step, but they also needs to be included in the daily execution by the organization. Are staff members at various levels trained to recognize and manage these risks? Even from a project management standpoint, the most important functions are always anticipating and managing risks. Once a strategy is outlined and execution plans are developed, it’s a matter of managing some key decisions on a day-to-day basis. Decision-making at every level revolves around managing key assets of the organization and risk monitoring and management needs to become part of that process.

 

“Incorporate Process Safety into Management Decision-Making”

The Baker Report also included the above language in its assessment of BP. With a clearly laid out strategy, not only are the measures of success outlined but also the consequences of not achieving that success. What does it mean to not achieve a particular objective or a measure for the department and the organization?

Individual performance should include rewards and consequences of meeting these measures. When it directly affects individuals, the proper focus and attention are given to ensure the assets are managed well. Now, the staff still has the problem of too much to do unless management prioritizes what needs to be absolutely managed and monitored.

“Accountable for Process Safety Performance”

Once what is to be done and measured are identified, how does an organization drive commitment? Again using BP as an example, the government report found the company had not established a management framework at refineries like those where the incidents occurred to hold managers “accountable for process safety performance.” Commitment can be driven if it’s made a part of the core activities. Once people understand what it takes to be successful as employees within the company and what their critical tasks are, the “fit” or the “alignment” comes naturally. Managers at every level need to reiterate the message continuously and consistently.

Critical success factors for implementing governing risk:

  • Leadership sets the tone.
  • Focused efforts – not too many, just the right number.
  • Decision-making process mindful of risk.
  • Translating and managing transformation around organizational mandate into individual actions.

In order to be successful, an organization eventually needs to look at its mission and core values to define what it means to be successful. Managing business from that standpoint will provide the consistency among all actions across the company, as shown in alleged management gaffes at BP with its recent oilrig disaster. Behaviors and actions can be organized around the core mission and values of the organization and it translates well across functions. Understanding and managing risk well can make all the difference.

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access