Grant Purdy and Roger Estall have recently published a book on decision-making called Deciding. Written to help decision makers (they call them Deciders) to make ‘even better decisions’ it goes directly to the two big challenges for every Decider – ensuring that each decision will contribute to (rather than detract from) achieving the purpose of their organisation, and being sufficiently certain that the outcomes that result from the decision, are those they intend.
How did this state of affairs come about – whereby many organisations enthusiastically adopted a similarly named (yet highly variable) resource-consuming belief system without clarity as to purpose or solid evidence of efficacy or relevance?
From our vantage point of having previously actively promoted such belief systems, there seemed to have been four primary drivers behind the promotion of ‘risk management’:
- A genuine desire or at least acceptance of the need for responsible governance and avoidance of mistakes, and the assumption – albeit without compelling evidence – that anything called ‘risk management’ would achieve or at least contribute to this.
- The emergence of consultants (and in due course, in-house ‘specialists’ – usually with the word ‘risk’ in their title) claiming ‘ risk management’ expertise. whereas good decision-making has always been dependent on good thinking, consultants fostered the fiction (often with evangelical zeal) that mastery of the artificial edifices and jargon of their scheme of ‘ risk management’ was the key to organisational success.
- Attempts to give the impression of creating knowledge by codifying ‘risk management’ beliefs via national and international standards-setting organisations.
- Emergence of ‘risk management’ compliance obligations which became imposed on
organisations in one of two ways:
- by governments and quasi-government regulatory agencies (such as national stock exchanges) in the name of social good, based on either published codes or, often, the agency’s own variant of published codes; or
- contractually, whereby, for example, a customer obliges a supplier to demonstrate compliance with a published ‘ risk management’ standard or
code as a condition of doing business.