Why is it so difficult to assess what factors influence risk in your organisation?

Share

This article discusses why organisations’ susceptibility to risk is largely determined by the mindsets and behaviours of their staff and the difficulties this causes in assessing the factors that influence risk

This article discusses why organisations’ susceptibility to risk is largely determined by the mindsets and behaviours of their staff and the difficulties this causes in assessing what factors influence risk.  A methodology is proposed that recognises that incidents are caused by a complex combination of events that do not happen in isolation. This methodology enables organisations to understand what factors really influence risk as part of a risk diagnostic.
We have made the Risk Diagnostic Tool freely available for download.

Some organisations are failing to manage risk effectively, and this is leading to a range of a wide range of undesirable incidents such as the patient deaths at the Mid-Staffordshire Foundation Trust hospital, the environmental disaster in the Gulf of Mexico, the banking collapse in 2008 and 40+ fatal injury accidents in the British construction industry each year.

Most organisations are complex, and while a range of systems and equipment may be in place, organisations’ susceptibility to risk is largely determined by the mindsets and behaviours of their staff.  Those mindsets and behaviours are difficult to identify and assess, leaving organisations susceptible to failures, spending money on the wrong issues or to missing out on opportunities.

More detail is available in our report Do you understand what factors influence risk in your organisation?

The causes of incidents are complex

Most major incidents are caused by a complex combination of events.  They do not happen in isolation, but are part of a wider system of causal factors.

It has been traditional to blame human error

Historically, human error has been cited as the primary cause of major incidents.  However, to focus on the failures of front-line individuals within the organisation can serve to provide a smokescreen from the latent conditions that contribute towards incidents (i.e. those conditions that are present but not yet visible or apparent).

Instead, we need to consider organisational failure

Latent conditions can arise from:

  • Poor organisational practices
  • Regulatory policies
  • Societal or market influencing factors

These occur throughout the organisation, and have a significant part to play in creating the corporate culture.

In this context, ‘unsafe’ acts within the workplace can be seen as consequences of organisational failures rather than the causes of incidents.

To understand what went wrong and what can go wrong, we need to focus our attention on organisational failures rather than human errors – this will improve future risk management.

The underlying causes of incidents are important

Whilst the immediate causes of an incident are important in understanding the circumstances surrounding that incident, it is the underlying causes that can be the most significant contributors to those incidents.

Although they may not have a readily identifiable effect, underlying causes are present and can be significant when combined with other underlying causes.   Therefore, it is the underlying causes that need to be targeted if risk is to be managed over time.

The underlying causes are difficult to assess using traditional techniques

The complexities of the human, organisational and environmental contributions to incidents are often not amenable to assessment using traditional risk techniques such as root cause analysis, cause and effect diagrams, influence diagrams and Bowtie analyses.

This is because the critical factors that influence incidents may be:

  • Latent and remote from the operational situation
  • At the level of the organisation responsible for planning, controlling and monitoring operations
  • Within the wider legal, social, economic or political environment

This will be illustrated in a future article on How to spot the differences between those organisations that manage risk successfully and those who do not.

We need a different approach

A systems approach will help to understand the causes of incidents by accounting for the dynamic interactions between factors.  Whilst particular factors may be found to have a significant effect, it is the combination of the factors that lead to incidents.

The system is therefore more than the sum of the factors that are within it, and thus change in one factor may have an impact on the others.

We need to consider organisations as a collection of factors that can all influence the risk of incidents, and those influences can be positive or negative.

Our proposed solution is presented in the following sections.

More detail is available in our report Do you understand what factors influence risk in your organisation?

Organisational risk is complex, but it can be modelled

Understanding and managing risk in organisations is made difficult by the facts that:

  • Most major incidents are caused by a complex combination of events
  • These events do not happen in isolation, but are part of a wider system of causal factors / influences
  • No one event can be viewed in isolation from its surrounding context

If we take a systems approach to this, we can identify four broad categories of influences on organisations.  These are shown in Exhibit 1 as a set of nested systems that influence the performance of organisations.

Exhibit 1 – The categories of influences on an organisation

This article discusses why organisations’ susceptibility to risk is largely determined by the mindsets and behaviours of their staff and the difficulties this causes in assessing the factors that influence risk

The Influence Network technique offers a solution

I have been developing a technique over the last fifteen years known as the Influence Network.  The technique addresses the three bullet points listed above. It uses typical factors that influence risk in an organisation.  These factors are based on research and industrial experience (1). To model the factors that influence risk, the Influence Network contains four levels of factors that reflect the categories shown in Exhibit 1:

  • Direct performance factors – these directly influence the likelihood of an incident being caused
  • Organisational factors – these influence the direct factors and reflect the culture, procedures and behaviour within the organisation
  • Strategy factors – these reflect the expectations of the decision makers in the organisation and the organisations they interface with (e.g. clients, suppliers, subcontractors)
  • Environmental factors – these cover the wider political, regulatory, market, industry and social influences which impact the strategy factors

A typical Influence Network is shown in Exhibit 2.

Exhibit 2 – Generic Influence Network for organisational risk

11d - IN

The technique has been used in over 30 workshops for the Health and Safety Executive in Great Britain, other regulators and businesses in a range of sectors including construction, agriculture, waste, rail, shipping and offshore oil and gas. It has been used to investigate risk management in the construction of London 2012 (2) and the implementation of the Construction (Design and Management) Regulations (3) (a set of regulations that focus on planning, managing, monitoring, coordinating and communicating).

How this technique is applied

The Influence Network can be customised for the particular organisation and risks under consideration.  I recommend starting from the generic Influence Network shown in Exhibit 2, as this has been proven to work with a wide range of industry sectors with only minor customisation. A workshop is held with 6 to 12 people with a range of roles to gain insight from their different perspectives.  The workshop allows participants to have a structured discussion about a range of possible factors that may or may not be influencing risk in a particular organisation.

Typically, participants find themselves being fairly open and candid and learn a lot from the day. The workshop participants are provided with briefing notes that define all of the relevant factors, and contain quality scales. Details of these factors and the quality scales are given in Reference 1 and in our free Organisational Risk Diagnostic Tool.

The workshop participants discuss the factors and make an assessment of the:

  • Quality of each factor by comparing their organisation with behaviourally anchored ratings and scoring between 0 and 10 – this gives an indication of the current quality of these factors, the variation in that quality and the underlying reasons
  • Importance of each factor by weighting its influence on each factor on the level above on a 6-point scale from zero to high – this identifies those factors that have the most influence on risk

What organisations will get from this technique

This technique allows you to quickly assess your current ‘state of play’ using tried and tested criteria to:

  • Benchmark your current ‘state of play’ against best practice
  • See where the key gaps are
  • Assess how important an influence on risk each factors is
  • Identify which factors offer the greatest potential for improvement

Organisations should then focus their effort on improving those factors that have the most influence and the lowest or most variable quality. A second workshop can be used to:

  • Estimate the changes to overall risk level risk resulting from an initiative
  • Identify and appraise a range of initiatives to decide which offers the best return on investment

We also go into more detail in our free report Do you understand what factors influence risk in your organisation?

References

  1. BOMEL Limited: Improving health and safety in construction – Volume 6: Generic model for health and safety in construction, HSE Research Report 235, June 2004
  2. Frontline Consultants: London 2012: The Construction (Design and Management) Regulations 2007: Duty holder roles and impact, HSE Research Report 941, 2012
  3. Frontline Consultants: Evaluation of Construction (Design and Management) Regulations 2007, Part 1 Main Report and Part 2 Technical Annex, HSE Research Report 920 Part 1 and Part 2, 2012

Free download of MPW R&R Organisational Risk Report

About the author:

Mike Webster specialises in risk and regulation, and is a chartered engineer with over 30 years’ experience. He has led risk and regulatory projects in the UK, Europe, Far East and US, and has acted as an expert witness in the UK.

He founded MPW R&R to provide risk and regulatory solutions to regulators, businesses and litigants in construction and other high risk sectors.

If you would like free access to Mike’s report Do you understand what factors influence risk in your organisation? and the accompanying Organisational Risk Diagnostic Tool click here or on the image.

Share
One comment on “Why is it so difficult to assess what factors influence risk in your organisation?
  1. Ted Nyirenda says:

    You might be able to judge what influences risk in an organisation by looking at the culture of the organisation in relation to achieving strategic objectives. Do they really care how the goals are met or they only worry when they have negative outcomes.Human resources might be another influence, but they work within an established organisation culture.

Leave a Reply

Your email address will not be published. Required fields are marked *

*