The last decade has seen an explosion in technologies with tremendous potential impact on a business. From internet-connected devices to the algorithms that can make sense of the mountains of data those devices produce, there’s never been a more exciting, compelling and confusing time to invest in innovation.
When deciding how to prioritize projects, especially with so many wonderful options available, it’s important to use a framework that helps you make apples-to-apples comparisons. This framework should provide an objective means of evaluating relative priorities (especially when people try to push pet projects they’re more attached to emotionally than rationally) and communicate organizational goals clearly and effectively.
If you’re in a high-reliability industry with a heavy process-oriented focus, one of the most useful frameworks you can use has to do with operational risk. You know you’re a good candidate for this when the answer to “What’s the worst that can happen when something goes wrong?” is one of the following:
- Somebody gets hurt or worse.
- I don’t create the thing that brings me revenue.
- I’m fined or lose my license to operate.
- Social media could ruin my reputation.
By using operational risk as your starting point, you not only minimize the chance of a company-ending event occurring, but you also get the side benefits of increased efficiency (the less Rube Goldberg-ed your processes, the smaller the chance of something unforeseen happening), lower costs and better sleep.
Getting To The Point
There are tons of ways that organizations can identify and manage operational risk, but one that makes a lot of innate sense (at least to me) is informed by the basic idea of continuous improvement and a closed-loop system philosophy, manifested in two equally important components:
- Risk management: Tools or processes to identify, prioritize and manage risk mitigation strategies.
- Risk avoidance: Tools or processes to execute those strategies.
Risks can be identified from a variety of sources: Cost savings initiatives, projects, incidents, human performance gaps and more. By capturing these risks in a unified assessment tool (hopefully not Excel, at least not once your program is mature) and distributing actions to those most able to evaluate both the risk and the cost of a mitigation strategy, you foster transparency and encourage management involvement.
Some of the key assessment areas you should look at are the risk’s possible impact on people, assets, the environment and your reputation. You can add other areas, but those are a good starting point for companies with a heavy operational focus.
The exact scores you calculate aren’t nearly as important as their relative values. Make sure assessment areas are weighted the same across all identified risks and be as objective and transparent as possible.
Finally, make your assessments as widely available as the sensitivity of the data allows. Besides management, make sure you involve field workers and supervisors. They usually have the best sense of what can go wrong and are most directly affected when something does go wrong, so they’re naturally incentivized to help you.
Going back to the closed-loop system philosophy, the more we can execute operational changes that minimize risk in the same system (or process flow) we use to manage it, the more virtuous the feedback cycle becomes.
For example, if you’re an oil and gas company that owns and maintains a pipeline, you want to make sure there’s never any ruptures or leaks. The first step is identifying all the things that can cause those leaks, their impact and the probability of them happening. The second step is filling the process gaps necessary to mitigate those risks (e.g., inserting a procedure step to check wear on a valve during a routine maintenance task).
By doing both in the same system, or at least organized under the same group of responsible owners, you create built-in awareness of the effectiveness of your risk management process. Operations feeds data to the risk team, which feeds suggestions to the operations folks, and the cycle of continuous improvement keeps going around.
If you’ve ever gotten that middle-of-the-night phone call when something terrible has happened, you know that sinking feeling you get when you realize you could’ve done more to avoid the situation. A good operational risk management strategy is a great tool for helping you not hate your former self.