Five imperatives to effectively integrate operational risk management into business processes to help achieve desired business performance.
In light of increasing complexity and uncertainty in the global economy, effective risk management is essential for companies to meet operational performance targets and strategic business goals. However, value-added risk management is not about managing risks, but rather about managing the business performance with “risk in mind”. Effective integration of risk management practices in day-to-day processes supports the achievement of the operational and strategic objectives, by contributing to a more agile and resilient organization. This article illustrates how companies can hardwire the entire organization to ensure alignment, cross-functional coordination and focus on key business priorities, with the ultimate goal of sustaining operational risk reduction and performance improvements.
Why the management of operational risks matters
Some people say that “execution eats strategy for lunch”. It is often not great strategy that separates the successful companies from the rest of the pack. The companies who truly stand out are the ones that figure out how to execute the strategy in a timely way that provides customers with quality, and investors and stakeholders with value.
In fact, once a company sets its strategic direction, a good portion of its risk exposure comes from the ability to effectively and timely execute the strategy. Strategic goals can be undermined by unexpected changes in the external context (e.g. economic and geopolitical upheaval, rapid technological and digital transformations, evolving regulations and stakeholder expectations, competition, etc.) and by challenges arising from the internal organization (e.g. resistance to change, misaligned incentives, etc.). The latter challenges, in particular, are often underestimated by the C-suite and board (a typical example is the lack of realization of so-called savings from synergies during M&A transactions; the reality shows that those synergies rarely materialize to the extent anticipated).
“Hardwiring” the entire organization toward execution of strategic goals and proactive management of the associated operational risks is key to achieving business goals and realizing expected value. Such risks may include, for example, supply chain issues that result in production slow down, sub-standard quality or excessive reworks, unexpected events during the execution of capital projects that can cause delays and/or bust the budget, break-down of machinery that can increase plant shutdowns beyond expected levels, loss of critical skills or major difficulties in attracting key expertise that can impact timing and/or quality of key initiatives, incidents that can harm people and threaten businesses’ license to operate.
Key challenges in managing performance and operational risks
Most companies work with a number of management systems such as Health, Safety and Environment MS, Quality MS, Asset MS, Business Continuity MS, etc. In addition, many leading companies also implement overarching Enterprise Risk Management processes with the aim of managing the risks that can affect their company’s strategic goals.
What do these systems have in common? They all set out to help achieve desired performance levels (quality, minimized loss of containment and equipment breakdown, continuity of operations, etc.), and hence contribute to the realization of key business and operational objectives. And yet, when it comes to managing risks, and in particular operational risks, we at DuPont Sustainable Solutions regularly come across common challenges and pitfalls.
Challenge #1 Inadequate perception and understanding of operational risks
Many companies still struggle to clearly articulate what operational risks are (Figure 1). Even when they do, they often take a “siloed approach” to those risks. This prevents proper understanding and effective communication and alignment across the organization, in particular, at C-Level.
Challenge #2 Inadequate integration of operational risk management into business processes
Management of operational risks is too often seen as a “compliance exercise”. A common symptom is the proliferation of risk registers across departments which provide limited value to the actual decision and risk management practices applied. The adoption of fragmented management systems as indicated above is also common evidence of a compliance mindset.
Another frequent symptom is an over-reliance on risk governance of 2nd and 3rd line of defense (LoD) mechanisms (e.g. implemented by specific functions/departments, risk committees, etc.) which can result in
1) the line organization (1st LoD) believing that there are others in the company looking after the operational risk exposure and 2) operational risks not being recognized and addressed in time, and thus only becoming apparent once they have materialized significantly.
Inadequate perception, a compliance mindset and fragmented responsibilities can result in strategic and operational performance improvement decisions that do not adequately evaluate risks which may only manifest 1-2 years down the road. For example, we often see decisions to outsource certain business processes or cut back on asset maintenance expenses that are driven by short-termism or misaligned departmental objectives which are greatly regretted a few years later.
While senior management typically recognizes the need to improve integration and management of operational risks, companies tend to push risk reduction programs through from the top. There is often limited engagement and empowerment of the front line which manages operational risks and performance on a day-to-day basis. This approach results in risk management practices not being embedded in day-to-day processes and decisions and, ultimately, creates significant misalignment between management expectations and real practices on the shopfloor. Risk management ends up being one of many “tick-the-box” exercises and is perceived as a burden, without having much impact on actual risk reduction. A survey carried out by DuPont Sustainable Solutions in 2017 among executives of over 80 global companies, showed that many not only recognized risk management in their organization was insufficient but also saw a significant organizational disconnect in their company, limiting their ability to effectively manage risks (see Figure 2).
A DSS benchmark study of industrial companies that implemented a number of management systems including ISO9001, ISO14001 and OHSAS18001 shows that the lower the level in the organization, the less operational risk information is available, reviewed and discussed during business or operational performance review meetings with the support of relevant metrics and KPIs (Figure 3). This ultimately impacts the quality of decision-making process at the front line and, therefore, the ability to achieve and sustain desired performance objectives.
The above suggests that the level of integration of operational risk management into day-to-day activities and processes is neither sufficient nor effective. Ultimately, managing day-to-day operational risks is not about a management system but about managing operations, people and assets with “risk in mind”.
Driving sustainable risk reduction and performance improvements
So what can companies do to sustain operational risk reduction and performance improvement? After decades of working on mitigating operational risks and achieving operational excellence, DuPont Sustainable Solutions has identified five imperatives for risk reduction and performance improvement.
1. Integrate operational risk management into business and operational routines
As highlighted above, managing risks is about managing performance “with the risk in mind”. Best-in-class organizations have adopted Management Operating Systems (MOS) to hardwire the entire organization (all levels and all departments) towards achieving the company’s strategic objectives. This is the ideal infrastructure for ensuring seamless and effective integration of the risk dimension into routine business plans and performance reviews. Business performance and associated risks should be discussed and managed simultaneously across the organization, to ensure alignment and, most importantly, overcome functional silos. In fact, cross-functional coordination is one of the biggest challenge that impact the ability to execute the company’s strategy, as revealed by many studies, including publications by Harvard Business Review.
At the front line level, shift handover and shift pre start-up reviews are typical routine elements of the wider MOS, especially in manufacturing organizations, that align the front line on daily execution priorities. These are key moments when operational risks and performance improvement opportunities and challenges can be identified, discussed and appropriate actions defined. If well executed, these meetings help to align front line personnel on key priorities – even across different shifts – and prevent organizational silos.
2. Establish effective performance dialogues at all levels, supported by visual management
The MOS provide real value when effective performance dialogues consistently take place at different levels in the organization to address both performance and risks simultaneously. A key success factor here is to focus performance discussions on exceptions or deviations that can impact high priority business objectives and to promote proactive identification and evaluation of risks that can have the same effect. What really matters is to pick out the information that is relevant to the decision-making and execution process at each organizational level, in line with overall strategic objectives. Careful selection of key operational and risk metrics that can be implemented at each organizational level is critical. Adoption of Short Interval Control (SIC) also ensures proactive identification and resolution of issues before they escalate. Visual performance management (e.g. visual boards, dashboards) provides a powerful tool to support focused, concise and effective discussion and communication of operational performance, challenges and risks to enable better decision-making.
3. Promote problem solving at the front line and foster team collaboration
In case of variance in operational performance or unexpected events during operations (e.g. incidents, breakdowns, quality issues), who is best placed to understand and analyze the operational implications and then take necessary decisions and timely actions to recover / minimize impact? While senior management may have a good grasp of the broad financial and operational impact, front line personnel are typically more likely to understand the real dynamics and potential effect on operations. Unfortunately, they often do not feel empowered to take decisions and act without formal approval from higher levels of the organization. This can be a lengthy process and often prevent fast action or reaction. It is therefore paramount that leadership empower the front line organization in identifying and finding solutions to key risks and challenges in day-to-day operations. This requires the building of trust and promotion of a continuous improvement mindset across all levels of the organization, in particular at the front line (see Figure 4). Tangible achievements by the front line team should also be recognized and highlighted, so that it feels motivated to continue with risk identification and management. Celebrating such successes – especially cross-functional team achievements – contributes to shift the overall organization from having a “find and fix” to a “predict and prevent” mindset.
4. Develop key capabilities in the organization
Effective decision-making and implementation of the above processes to drive sustainable risk reduction and performance improvements require specific capabilities from senior leadership through to operational personnel. Based on our work with numerous organizations across the globe, we have identified a set of critical skills that are often overlooked. These range from the ability to clearly set performance expectations, the expertise to conduct effective line walks and behavioral interactions with front line personnel, to skilled management of constructive performance dialogues, including difficult conversations, giving feedback and providing coaching. Front line supervisors also need problem solving skills and should know how to prioritize tasks. Ultimately, it is senior leadership who is responsible and accountable for equipping the organization with the right set of skills and the mindset proactively to address risks and performance on a day-to-day basis.
5. Leverage digitalization and data analytics
The final imperative is for companies to make good use of the data and information available. Many organizations can extract greater insights and value than they currently do from the large amount of operational, assets, risk and people-related data available. In the short-term, application of analytics to large set of risk and performance data can help identifying patterns, correlations and systemic issues for management’s attention. The full value can be released from an interconnected digital ecosystem coupled with machine learning and AI technologies to capture, process and analyze real time distributed data (e.g. from sensors, mobile app, etc.) and enable predictive warnings and effective human-machine collaboration, for example, through short interval controls and just-in-time training and competence reinforcement.
Managing day-to-day operational risks is about managing operations, people and assets with the “risk in mind”. Hardwiring the entire organization to execute on key strategic business priorities is necessary to achieve the desired performance objectives. A Management Operating System represents the ideal platform to integrate operational risk management into day-to-day decision-making processes and rituals that support sustainable risk reduction and performance improvement. In this setting, active performance dialogues, visual management and problem solving are essential to drive the desired mindset and behaviors across all organizational levels, and ultimately improve the quality of decision-making and the effectiveness of execution. A key responsibility of the company’s leadership is to empower and equip the line organization to operationalize the company’s strategic objectives.