Part I shared some of Grant Purdy’s background and experience from working more than 40 years on practical applications of risk management, including the improvement of decision making. Part II focuses on Grant’s new book on decision making that he co-authored with Roger Estall.
Roger and I first met at the Standards Australia and Standards New Zealand Committee on Risk Management where he was the nominee of the NZ Society for Risk Management Inc. – an organization which he helped found in 2000 and served as its inaugural chairman for three terms. On the ISO Risk Management Working Group and subsequently on the ISO Risk Management Technical Committee TC 262, I was a nominated expert and head of delegation for Australia, and Roger fulfilled these roles for New Zealand.
Both committees came to know Roger as a logical thinker and forceful advocate, with an ability to draft clear amendments ‘on the run’ as debate proceeded, both to give effect to his own and the ideas of others. He would often draw on his wide practical experience with the real world to either advance his own views or counter those of others with which he was not in agreement. Like me, Roger is an admirer of logic.
We did not know one another before our committee work but, curiously, our careers have followed similar paths. We both worked for large government organizations concerned with safety (NZ New Zealand Fire Service Commission and National Rural Fire Authority for Roger and the UK HSE for me), we both had run consultancy groups for major insurance broking companies (Marsh for Roger and Aon for me), and we’ve both started our own consultancy companies. Both of us have worked with a wide range of organisations in the public, private and NFP sectors across the world.
As I know from my own experience, Roger’s work with Marsh required an ability to be able to explain quite complex technical issues in plain language to the likes of Chief Financial Officers and Managing Directors. He frequently accompanied the firm’s brokers during negotiations with the major reinsurance centres in the UK, Europe and US as well as making client visits to petrochemical, iron and steel and pulp and paper plants in many remote parts of the world.
Roger’s interest and understanding of fire services and his early qualifications in fire engineering led to his engagement by the NZ government in 1989 - together with some top economists – to undertake a worldwide study to see whether a case could be made to reduce the cost of urban fire services by mandating a greater use of automatic fire sprinkler systems. Over three months in the course of this work, he would immediately attend and be given access to every structure fire in greater Auckland city, day or night, often while it was still burning. He credits the understanding of fire service operations and the behaviour of people in fires that he gained from this study, together with his fire engineering background, to his subsequent appointment by the NZ government to Chair the NZ Fire Service Commission and the National Rural Fire Authority. His task was to drive major reform to improve both outcomes (fewer fires, fewer deaths, less damage) and efficiency.
Not surprisingly, some of the reforms proved deeply disturbing for the unions involved and so politically, became highly controversial. As Roger told me, he went from someone known by his friends, workmates, and family to someone known by everyone in the country with repeated appearances on the nightly news and newspaper front pages. Nevertheless, within two years he succeeded in changing the culture of fire services to a more proactive approach based around public education that resulted in a 60% reduction in the incidence of accidental deaths from fire. Others have said that Roger has saved more New Zealand lives than anyone else!
Separately, we both came to the conclusion some time ago that ‘risk management’ in its various guises was not that effective and rarely helps decision makers make better decisions. At many standards-writing meetings we found ourselves on the same side, arguing for common sense language and the application of logical and practical solutions. Unfortunately, we were quite often in the minority!
Although sharing my own frustration with ISO’s procedures (which led eventually to my withdrawing) Roger battled on and succeeded in persuading the committee to approach the routine 5-yearly revision of ISO 31000 by using a first principles ‘design specification’ as a prelude to drafting. This differed radically to the usual revision practice of ad hoc tinkering. One of his more famous sayings is “If risk management is the answer, what was the question?” He took the same approach to the design specification which led to the realization that the problem that the revised standard needed to address was decision-making, not ‘risk management’.
However, the new approach didn’t survive the politics (which are never far from ISO committees) and did not proceed so Roger also gave up and joined me (and several other very experienced colleagues) as an ISO ‘refugee.’ But the work he did on the design specification wasn’t wasted and became the stimulus for us to write our book on decision making. The rest, as they say, is history.
A core premise to your book and your thinking is that the various risk management models and methods that have been developed to date have not worked. Why have such models and methods failed and how did this happen?
Recently, all such methods and models seem to represent the classic case of inventing the answer before defining the problem. (I’ve already mentioned Roger’s challenging question “If ‘risk management’ is the answer, what was the question?”) But the problem goes beyond the issue of mismatch of answer and question.
What happened was that the advocates of various forms of ‘risk management’ (normally represented by a three-letter acronym such as GRC, ERM, RBT etc.) promoted the view that their approach had inherent value and was some sort of fundamental truth. (In our book, we liken these to systems of religious belief). This shifted the focus even further from the problem. The result of this is that despite organizations expending considerable effort and cost to create the edifices that make up the belief system (risk committees, Chief Risk Officers, risk policies, risk appetite statements, risk registers etc.) this does not actually change the way they make decisions (including, of course, those decisions that set strategy, design their structures, hire their people and conduct their business). The end result is some kind of parallel universe, where the risk management edifice becomes self-justifying but largely irrelevant to the work of the organization.
These belief systems seem to become powered by people selling things, such as conference bookings, software, and consultancy advice, and promoting codification via published ‘standards.’ Then a pernicious triangle of codification, certification and more consultancy/software/conference sales is established.
As to why this happened, I think two factors are in play. The first is the somewhat common lure of ‘you beaut’ new things which appear to promise so much – especially when ‘sold’ by consultants and other disciples with evangelical zeal, and reinforced in the business press and by conferences etc. The second – which perhaps explained how the shortcomings weren’t immediately recognized and responded to with healthy skepticism – was that each of these approaches was couched in its own jargon, with each concocted expression giving the impression of real knowledge and wisdom. This combination of an appearance of respectability (reinforced in more recent years by legislative and commercial ‘compliance’ obligations) and a fear of error, encouraged uncritical acceptance.
In one of the appendices of our book we talk about the vulnerability of organizations and how this comes about as a consequence of decisions. We also have a chapter about the significance of the ‘conversations’ that take place around decision making, and how important it is that these conversations are rigorous and stimulate awareness and discussion of assumptions and the related uncertainties. These considerations are of importance to all Deciders and particularly, those with responsibility for governance.
In my experience, too many boards of directors allow the distractions and wasted effort that results from uncritical adoption of what, ultimately, are fad ideas lacking both intellectual rigour and, even, everyday common sense. This only acts to make their whole organization even more vulnerable to too many instances of low-quality decision-making.
The objective of your book is to help people (you call them “Deciders”) make better decisions. Who are Deciders? Is this everyone in an organization including operations, division heads, senior executives, and the board? Are there any key differences for different types of Deciders?
As I’ve noted earlier, Roger and I have an affection for the ordinary meaning of words so, yes, Deciders has its ordinary meaning and thus includes everyone who makes decisions. Which, of course, is pretty much everybody!
In organizations it therefore includes everyone from those responsible for governance and strategy (e.g. members of the board, or in a government agency, the head of the department) to those who make decisions to give effect to strategy at whatever their level of seniority and influence.
We make the point though, that what may seem a relatively minor decision by a relatively junior person, can have profound effects that can damage the very foundations of the organization. We give an example of a navigation officer in an airline who decided to make what he thought was a very minor correction to the location of the final notional ‘waypoint’ on a flight plan that would be fed into the aircraft’s navigation computer. However, in doing so, he actually moved the waypoint behind a mountain instead of its original position over sea ice. The flight crew were not advised of the last-minute change. All 257 people on board died when the aircraft hit the mountain. As another example and since publishing, we have seen the massive worldwide consequences of a policeman deciding to kneel on the neck of an arrested man, thereby causing his death.
So while various types of Decider might be involved in different types of decision, they all face exactly the same challenges: i.e., ensuring that the decision is focused upon advancing the Purpose of the organization, understanding the different outcomes (desired and undesired) that might result from the decision and being aware of their assumptions and the significance of each, so as to be sufficiently certain about which outcomes will result.
This is why we have referred to the universal method of decision-making, not as something we advocate, but to describe what all Deciders actually do – irrespective of their awareness of doing so.
How did you and Roger realize that there is a universal or generic method of decision-making? Please give us an overview or brief description of this method.
Our separate yet similar careers had provided the rare advantage of an ‘insider’s look’ at many parts of the public sector, the private sector, and the not-for-profit sector, and of decisions ranging from the strategic to the tactical. Furthermore, we had worked with all manner of people ranging from the board and c-suite to those at the pointy end of the business, where practicality rather than theory usually reigns supreme. And we had done this with organizations and Deciders in many different countries. We had also both had experience in the investigation of decisions that had gone spectacularly wrong or otherwise resulted in unintended outcomes. This sort of work helped us develop an objective appreciation of what ‘good’ decisions and decision-making looked like.
The conclusion that there was a universal process came about as the result of a combination of observation and realization. Observation from having had the opportunity to closely see and participate in the functioning of many different types of organizations and realisation when developing what we thought was an effective decision-making process, that this is what everyone did anyway. The differentiator between successful or non-successful decisions was, therefore, not how decisions were made, but ‘how well’ this process was applied.
We had learned from our own work that, to be of any real help to an organization, one had to start by getting the deepest understanding possible of the organization’s highest Purpose rather than just what they were trying to do at any moment in time. (Our book quotes the old joke about a lost traveler asking an Irish farmer how to get to Dublin and being told: “If ye’d be goin’ to Dublin sir, I’d not be starting from here!”).
So, the universal process starts with being clear about Purpose and recognizes that organizations pursue their Purpose by exploiting opportunities. This is done by making decisions. Hence clarity about the nature of the opportunity as well as the Purpose are necessary preliminaries to making a decision; not only to define the decision task, but to provide the point of reference to determine the adequacy of the outcomes that the decision delivers.
Of course, all this occurs in the context or background against which the organization operates. The context not only gives rise to the opportunities (and also explains the existence and Purpose of the organization) but is also the source of the uncertainties pertaining to the decision with which the Decider must contend. The context has many dimensions and yet must be understood. We offer Deciders a pragmatic yet structured way of doing this by thinking of context as existing in three bands with internal, external, and wider dimensions. Of course, context is dynamic and so, as I will shortly explain, the universal process detects and responds to changes in context that occur between when the decision is made and the outcomes are experienced.
The universal process also recognizes that decision-making is iterative, and thus involves trial and error, whereby the Decider explores, modifies or rejects tentative decisions (options) according to their confidence that the actual outcomes that will flow from implementation of the decision will be those intended, and not something else.
Key to selecting between options in order to achieve sufficient certainty of outcomes, is consideration of the assumptions on which every decision is founded. Assumptions vary in their significance according to their importance to the outcomes (e.g. the pilot’s assumption that there is sufficient fuel for the flight) and the level of confidence (which is why the captain as well as the refueller must sign off the fuel load). In a chapter called ‘Living with Assumptions’ our book provides guidance about combining importance and confidence in order to determine significance. An important aspect of the iterative development of the decision is, therefore, adjusting the significance of the assumptions by either making another decision not dependent on a particular assumption, or by changing either or both its importance (e.g. carrying spare fuel) or confidence (e.g. double checking the fuel load calculation).
To address the potential for the future to be different to that assumed (i.e. occurrence of changes in context) the universal method incorporates monitoring with the goal of detecting and responding to any post-decision change so that, despite the change, the intended outcomes can still be achieved. The value of monitoring is best realised if the monitoring arrangements are specified as part of the decision.
Decisions therefore have both primary and secondary elements. The primary elements are those that exploit the opportunity and the secondary elements are those that make the intended outcomes more likely to occur and thus contribute to achieving sufficient certainty.
Secondary elements can include:
- steps that make it more likely that those involved in implementation of the decision will act as intended,
- monitoring as a means of detecting unintended or unanticipated variance in implementation or actual outcomes, and
- contingency arrangements that will respond (or can be activated) if there is unintended variance between what was intended and what is occurring.
The universal method (which links the elements that are emboldened in the overview above) is therefore remarkably simple. Whether the Decider is a special forces leader under enemy fire, making an apparently intuitive decision, or a director of a company deciding on a major acquisition based on detailed written analysis and projections, the method is exactly the same.
Risk management can be thought of as a way of dealing with uncertainty. You use the term “sufficient certainty.” What do you mean by “sufficient certainty?” How does this term compare or contrast to other classifications of risk such as simple, complicated, and complex?
As we point out in an Appendix in our book called The risk management millstone, neither ‘risk’ nor ‘risk management’ has any agreed or universal meaning or practice and at best, only a tenuous connection with decision making.
You have only to read the numerous books and articles published each year to see that the term ‘risk’ is used as both a noun, a verb, and, most often, as an adjective: it has no consistent meaning. Although the term is in everyday use, it is rare it is clearly defined – for each of its uses. This might not matter were it not for the fact that it is central to the associated belief systems.
Even ISO, the international organization for standardization, has invented over 40, different formal definitions of the term in different standards and has recently abandoned a task to attempt to reconcile just some of them.
The reality is that, although hosted by organizations, the ‘risk management’ edifices they create exist and function as an externality to the way organizations actually operate. This is a problem which cannot be overcome by simply saying ‘risk management’ should be ‘integrated’.
The fact is that by its nature, ‘risk management’ cannot be integrated as it has its own architecture, language, and paraphernalia - which is why neither ‘risk management’ nor the concept of ‘risk’ is of any real help to Deciders when addressing uncertainty. This is why we advocate for the abandonment of all forms of ‘risk management’, and against attempting to use it to make decisions.
Uncertainty of course, has the ordinary meaning of ‘not certain’. Almost nothing is certain so the challenge for Deciders is to make decisions in which there is sufficient certainty that the decision will deliver the desired or intended outcomes (and will avoid undesired outcomes).
As a general proposition, certainty is always preferable to uncertainty, but achieving more certainty may come at a cost. What is ‘sufficient’ in the case of each decision therefore depends on two things:
- the importance of the decision in terms of the Purpose of the organization (or for personal decisions, the aspirations of the Decider); and
- the cost of being even more certain.
There is no formulaic means of deciding what sufficient certainty looks like but reaching that decision is helped by two things:
- the conversations that are a part of making decisions, as, done well, these help create an understanding of the relative importance of the decision (one reason why consultation with stakeholders is usually very valuable); and
- a consistent way of assessing the significance of assumptions – which in turn relates to the contribution to Purpose.
The importance and value of these conversations is why we devote a chapter in our book to describing techniques relating to tone and focus of conversations.
As to complexity, I don’t think I could agree that ‘complexity’ is a proxy for uncertainty (or for that matter, ‘risk’ – see above). A modern passenger aircraft is one of the most complex things in the world – along with, maybe, a nuclear submarine. And yet both operate with a high degree of certainty that they will not cause a calamitous event due to the exigencies of gravity and altitude on the one hand, and pressure and nuclear fission on the other.