Operational Risk: The Harder We Try The Worse It Gets!

Do you really know what tomorrow will bring? What is the operational risk to our venture?

How confident are you that a costly, serious unplanned event isn’t just around the next corner? An event that is so costly and so damaging, that it may undermine your very ability to sustain ongoing operations.

Oil Platform On Fire
Oil Platform On Fire

And often frustrated by their efforts, organizations may be looking in the wrong place for the right answers.

If your organization has ever been surprised or caught off-guard by a sudden deterioration in its operating or safety performance, it may be that you’re simply not getting the whole picture when it comes to Operational Risk. When organizations measure performance by outputs and results they often believe that if nothing bad has happened today, then tomorrow should bring more of the same. But an imperfect system cannot produce perfect results.

So when it comes to Operational Risk, metrics need to be employed that provide not only a more accurate picture of performance, but deliver a level of assurance that tomorrow will not bring any unpleasant surprises.

An excellent article by Peter B, an expert in risk management and consultant at Consult 2050.

Dangers of Measuring Operational Performance by Outputs and Results

Fortunately, for most organizations, serious unplanned events are relatively rare. But it’s precisely this infrequency that lulls organizations into a false sense of security and why actions taken in the aftermath of such events often fall short of anything that resembles a permanent “fix”. The reasoning being that if such events are a rare and uncommon thing, then when people deviate from policies or procedures this must also be equally uncommon.

This line of reasoning – while palatable to senior leadership demanding assurance that a repeat event isn’t imminent or even possible – may not necessarily reflect the harsh reality. It might just be that while incurring serious consequences are indeed rare, unauthorized deviations from policy and procedures are not. To make matters worse, organizations may actually be unknowingly fostering cultures of “casual compliance” where non-compliant behaviors become the norm rather than the exception.

How so? Well if there’s only something like a < 1-3% chance of anything going seriously wrong when a risk or a short cut is taken, then conversely, there must be a > 97-99% chance of things working out pretty well. In other words, if such behaviors have no negative consequences, but result in saved time and / or money, then individuals are actually likely to receive positive reinforcement for their efforts.

The result? The same behaviors will almost certainly be repeated next time around and likely adopted by others who are equally keen to receive such praise for a “job well done”. Employees are no fools and if they repeatedly see that cost, time and other outputs are really the most important thing, then they will deliver as required irrespective of whether a risk or a short cut is needed to get there. And so, the problem goes from bad to worse.

Identifying the Underlying Reasons for Non-Compliant Behaviors

So it’s not enough that leadership stands on the sidelines, but take steps to become much more “hands-on” and proactive around Operational Risk by routinely measuring how work is being executed and becoming informed around the underlying reasons for all non-compliant behaviors. A good first step in this regard is to be able to differentiate between the TYPE and SCOPE of non-compliant behaviors to prevent future serious mismatches between actual causes and proposed solutions.

There are essentially two TYPES of non-compliant behaviors – Ability and Motivation. Ability infers that person(s) are simply not able to do that being asked of them. Examples may include insufficient time, inadequate knowledge, skill and / or experience or procedures that are hard to use or do not reflect the work being performed. Motivation infers that person(s) have all the necessary ability, but for whatever reason, choose to deviate from expected ways of work. Examples might include not following procedures or running equipment outside its normal operating envelope without prior authorization.

The SCOPE is split between Isolated and Systemic. Isolated infers that the non-compliant behaviors are limited to a specific set of circumstances, individual(s) and / or team(s). Systemic infers that such behaviors are much more widespread and have become the “standard” way of doing things and where elevated levels of Operational Risk have become “normalized”.

The TYPE and SCOPE of non-compliant behaviors are illustrated via the 2 x 2 matrix (see below).

Matrix
Non-compliance behaviour matrix

Managing Operational Risk In Organizations

Many organizations struggle to deal with more systemic challenges – especially systemic motivation. This is because in measuring performance primarily by outputs and results, their focus is often constrained to those individual non-compliant behaviors directly associated with the unplanned event. Examples may include not locking-out equipment correctly or overfilling a tank or vessel. This results in the true SCOPE of such behaviors being masked or obscured and so consequently, a disconnect results between the actions needed and the actions taken.

In other words, organizations attempt to fix systemic challenges (widespread non-compliance), with isolated solutions (a few non-compliant behaviors of a few individuals). But the machinist or welder didn’t develop the systems of work or create the operating culture, so there’s simply no point in looking for systemic solutions at the worksite. And yet, organizations time and time again attempt to do precisely that.

Ultimately though, this shouldn’t really come as a surprise because actions that react to specific operating situations (e.g. downtime or equipment breakdowns) are familiar, relatively easy to implement and provide clear evidence that something has been done. So organizations often simply retreat to their comfort zones when taking actions in response to unplanned events and where taking any kind of different approach is simply just too hard.

And so, organizations become their own worst enemies. They sincerely believe that as long as nothing bad has happened today, tomorrow will bring more of the same. And when it doesn’t, they conveniently convince themselves that it is almost always an isolated event with isolated behaviors. The result of a “few rotten apples” in the barrel. But the key to managing Operational Risk and achieving more predictable and consistent operating performance lies with recognizing and accepting that the underlying causes of non-compliant behaviors do not start and end at the worksite.

That’s not to say that the C-suite are singularly accountable either, but more the recognition that all levels of the organization have a key role to play. So if organizations truly don’t want to be surprised or caught off-guard in the future by costly unplanned events, they must begin by not only accepting their true levels of Operational Risk, but also determine the underlying reasons for all non-compliant behaviors (including those caused by Systemic Motivation), recognizing that answers may lie closer to the top-half of the organization rather than the bottom-half.

Managing Change Using Independent Experts

For internal change agents, being the bearer of such potentially unpopular news is not an attractive proposition.

However, it’s precisely at this juncture that independent, third party, subject matter experts (SME) such as those found at Consult 2050, have a key role to play in instigating change and helping organizations build a solid foundation for a step change in operating performance. Failing to do so may not only lead to more of the same and more frustration, but despite the best efforts and good intentions of so many, they may simply be setting the organization up for its next big fall.

For more information about consultants with risk management expertise, please contact [email protected]