Ask the Experts: Risk management with Wilhelm Kross (part 2)

 

Last time risk expert Wilhelm Kross and I talked about the soft factors influencing managing risk. Here is the second part of that interview, which looks at integrated risk management. Wilhelm is presenting next week at Project Zone Congress in Frankfurt, on the topic of Risk Management and he will also deliver a masterclass on the challenges of mega-projects.

Wilhelm, how do risk management and change management fit together to provide an integrated process?

Almost all so-called risk management processes which have been published in the last couple of decades have in common that they reflect what is commonly referred to as the controlling perspective, while neglecting considerable and important elements of the management perspective. Making trade-offs, designing short-term compromises, implementing short-term work-arounds and the like, are typical management challenges that seem to be ignored.

Admittedly these processes reflect the advantage that they are easily rendered compatible with the abovementioned advantages of static risk frameworks. In contrast, however, the implementation of such processes in dynamic risk frameworks poses the danger that the true complexities are severely underestimated, and inherently setup for failure. Change can and will happen as things evolve and in most real-life actions and initiatives it would be rather dangerous to assume that the base conditions at start-up will remain carved in stone.

Of course, the environment doesn’t stay the same while we are managing risk, so naturally things evolve. Although often our processes don’t reflect that. Are there any common weaknesses?

A common weakness in change management frameworks, including project management standards, is that risk considerations reflect the abovementioned weakness of predominantly focusing on the controlling perspective. The framework which was incorporated in PMI’s otherwise extremely useful Project Management Body of Knowledge is a good example. Any real-life organization which intends to focus on the interplay of risk controlling and risk management within its frameworks of change management would need to add a few steps between planning risk management action, and controlling and monitoring the effectiveness.

There are several additional considerations though which are often under-emphasized. First, common frameworks of change may assume that risk is simply one of the knowledge areas which need to be incorporated within change initiatives, while on the other hand risk intervention measures may become the main driver in the adoption to new circumstances as they evolve. The need to reduce risk factors to lower, acceptable levels may cause a significant deviation from what was originally planned.

Second, those standardized change frameworks which use projects as the predominant organizational structure usually tend to underemphasize that the scope of both change management and risk management usually commences long before a project is conceived, and can stretch far beyond the official close of a project, particularly when cultural change and multiple external stakeholders are involved.

Third, risk management efforts in real-life organizations are often setup and implemented somewhat half-heartedly until the true need arises to practice risk management more professionally. Once the establishment of professional risk management involves the triggering of turnaround and crisis intervention measures, of course, numerous additional factors need to be reflected including in particular the recognition of the fact that there is insufficient time available to design and plan all related activities thoroughly.

Hence it is likely best to, within a preconceived framework of change, reflect risk in both a static and a dynamic setting, and allow for the gradual professionalization and optimization of risk management from rather informal activities to more mature decisions and action that are increasingly based on tangible quantitative data.

OK, so the best approach is to blend static and dynamic risk frameworks so you cover all bases. Integrated risk management seems a bit more than that though. How would you define it?

The expression “integrated risk management” commonly refers to static and dynamic risk frameworks in which risk management, often in multiple dimensions (i.e., cost, time, reputation, societal damage, environmental damage, toxicity, etc.), is fully incorporated into line function or change management activities and related decision making.

Thanks. What are the benefits?

Depending on what is truly done and how well, and what is at stake, the conceivable benefits usually include enhanced levels of transparency, a focus on what truly is important, a reduction of undesired negative impacts and side-effects, a protection of the organizational value at risk, time savings in the implementation of management action, and in some cases enhanced value creation as part of what is commonly referred to as systematic opportunity management. Given that numerous frameworks of change, and risk frameworks, authorize the implementation of risk management using predominantly qualitative approaches, in spite of the fact that any unquantified risk is by definition quantified with zero, the quantitative proof of the benefits of integrated risk management inherently remains underestimated.

Are there any limitations to implementing this risk approach in practice?

In my view many real-life organizational frameworks for risk management reflect some inherent limitations that can and should be considered avoidable. To name two typical misconceptions, real-life risk management improvement frameworks are often focused on reaching elevated levels of maturity, and ultimately thriving toward the royal discipline of enterprise-wide risk management. Both may be overly shortsighted. As Harold Kerzner pointed out, maturity can be a point from which onward everything goes downhill, at least when one builds on the analogy of the introduction of products into markets. Kerzner submits that organizational leaders should bank on the preparedness of knowledge workers to accept and adopt change on their path toward maturity; however, rather than maintaining the glass ceiling that often protects these leaders from criticism and emotional attachment, they should consider mapping out the path beyond maturity, which may consist of organizational excellence and ultimately the development of true competitive advantages.

The second aspect of enterprise-risk management as it is portrayed in risk textbooks poses the danger of underemphasizing rather significant factor in today’s real-life. Many organizations have heavily engaged in outsourcing activities and in some cases have even outsourced parts of their core business. Similarly to what is the case in the application of cost reduction activities in which the simultaneous increase in risk levels was simply ignored, the true implications are largely unmanaged. In today’s business environment larger scale investors may be able to purchase and redesign entire industry sectors. A supplier, who was believed to be a secure outsourcing partner, may no longer be available, even at short notice. The typical interface between the organization and its suppliers, the procurement function, may be wrongly focused and may lack the relevant skills to assess the likelihood of stability in the supplier relationship, in which case the evolving hazards for the core business of the organization may remain undetected until it is almost too late. And by the way, these considerations are of significance too in change frameworks, including standards for project management.

Thanks, Wilhelm.

Find out more about Project Zone Congress here: http://www.projectzonecongress.org.

About my interviewee: Dr. Wilhelm K. Kross, Dipl.-Ing., MBA, Eur. Ing., PMI-RMP is an internationally recognised expert in the fields of risk and project management and a partner of Plejades and the Amontis Consulting network. His main focuses are the fields of applied risk management and related in-depth risk analytics and valuation techniques, (mega-)project structuring and financing, as well as operational crisis and turnaround management, particularly in complex larger scale crisis programs and projects.

About the author: Elizabeth Harrin is Director of The Otobos Group, a project management communications consultancy. Find her on Google+ and Facebook.