Creating Organizational Self-Defense

Why don’t agency top leaders know about significant management problems in their organizations before it is too late?

So-called scandals seem to be more prevalent these days, ranging from seemingly dishonest reporting of telework hours at the Patent Office or veterans hospital access wait times, to the safety of CDC labs, to lavish conferences at the General Services Administration.

Wouldn’t it have been better if agency leaders learned about brewing issues before they became problems? Tom Stanton and Doug Webster, in their new book on managing risk and performance in government, say there are two key challenges to being able to head off problems in advance:

· First, important information in large agencies oftentimes is located at the frontline and with middle managers and bad news tends to not filter upward. So how does trustworthy information flow in an organization, and how do you get the right information flow to decision-makers without flooding them with unimportant data?

· And second, sometimes leaders just make bad decisions. Effective leaders need to create an environment for “constructive dialogue” where the decision-making process brings important information to the fore before action is taken on a decision.

Given that these two challenges are endemic, how can a good leader put in place some form of organizational self-defense?

Stanton, Webster, and others share insights on how public sector leaders can do this. They note that these self-defense mechanisms exist in the private sector, and are most mature in the finance and insurance industries. They say the 2008 financial crisis was largely triggered by companies that systematically ignored their risk management experts.

Largely since the 2008 financial crisis, there has been a recent flurry of articles, books, and seminars around the importance of creating “enterprise risk management” initiatives, especially in areas beyond finance and insurance.

For example, a number of federal agencies have designated “chief risk officers” to advise agency leadership on the potential impact of risks across their portfolio of programs – instead of the traditional approach of examining risks within each individual program or function. The designation of chief risk officers has grown organically in agencies over the past few years at both the departmental and bureau levels. The pioneer was the federal student aid program in the Department of Education.

OMB recently charged agencies with being responsible for managing risks, stating that agencies “should identify, measure, and assess challenges related to mission delivery, to the extent possible.” Its guidance describes the role of chief risk officers (CROs) as the “champion agency-wide efforts to manage risk within the agency and advise senior leaders on the strategically-aligned portfolio view of risks at the agency.” However, OMB notes that it is not requiring agencies to designate CROs.

In the next few weeks I’ll share insights from the Stanton and Webster book, along with other resources, addressing questions such as:

· Why does government place itself in risky situations in the first place?

· How agencies develop a risk-responsive strategy to deal with the uncertainty of external risks, such as financial crises, cyberattacks, and natural disasters.

· How agencies address internal risks, such as scandals that affect their reputations.

· And finally, how did a pioneering agency institutionalize risk management functions into its culture?

Are there other enterprise-wide risk management issues that in your mind should be addressed, as well?

Leave a Comment


Leave a Reply

Mark Hammer

I think the complementary set of questions to what you raise is the matter of how one inculcates the non-need for whistleblower protection laws. That is, whistleblowers often arise in response to the organization’s perceived need to protect itself from the “nuisance” of truth being spoken to power, and errors in judgment or action being brought to the attention of authorities.

The ideal, however, is for the organization to accept the honest detection/recognition and admission of errors early on, such that nothing has to be covered up. Think of it like an offensive offside in football. The ref blows the whistle as soon as they catch the infraction, and play is halted, such that no further effort or injury is risked, because they know the play is going to be called back anyway.

The organizational culture changes that create the sort of self-defence you describe, is the same kind that circumvents the need for whistleblower protection laws. Advocates of stronger whistleblower protection should recognize that what we want is a workplace culture that catches, and admits, mistakes before they happen or go too far, and not a workplace culture that takes strong righteous action well after something stupid has already happened, divisions created, and repercussions felt.

If you want an organization where senior management always gets “the straight goods”, you need to foster a workplace where it’s possible to be honest and forthright.

Internationally recognized expert on lying (and consultant to the FBI), Paul Ekman, has a wonderful little book he penned some years back called “Why Kids Lie”, that I heartily recommend to parents, educators, and even organizational development specialists. In it he sets out a few principles that he finds lead to children adopting deception as their default strategy for negotiating uncomfortable situations. One is that the cost of telling the truth be perceived by the child as high. A second is that there be minimal monitoring of the child such that they can deceive without being detected. And a third is that they experience previous success being deceptive. The upshot is that if there is little acceptance of bad news when transmitted upward (at any level), and few ways for those nearer the top to find out what’s going on, other than the word of those providing the good news, you’re setting up a perfect storm for inculcating an organizational climate where all upper management ever hears is shiny happy stories.

John Kamensky

Thanks, Mark, for your insightful comments! So all organizational dysfunction has roots in parenting techniques, I guess! . . . But seriously, I think you have identified the right elements and the challenge of leaders is putting them into place and into practice. It will be interesting to see the approaches new leaders are taking in organizations that have experienced setbacks, such as GSA and VA . . . do they focus on punishment (which could only increase the number of employees reluctant to proactively share bad news upward) or on learning from mistakes (which tends to not satisfy external stakeholders)?

Mark Hammer

Thanks for the nod, John. Much appreciated.

The “monitoring thing” is, I think greatly overlooked. Ekman refers to those situations where single parents, or other types too busy with work to be home, leave latch-key children on their own, to do…whatever, without monitoring. It becomes easier for the child to adopt deception as a default strategy, because the parent is in no position to detect misdeeds. For Ekman, something as simple as a phone-call home to verify that the child got home from school okay, find out what homework there is, request that something be taken out of the freezer for dinner, and just create the impression that the parent is around and available for consultation, can be enough to diminish the risk.

The late Warren Bennis used to talk about “management by wandering around” (which is apparently a more established term than I had thought, judging by its Wikipedia entry); something I suppose one could also summarize as having your ear to the ground. Too many managers seem to be busy running off to too many meetings, and not doing enough of this “wandering around”, making it easier to provide unrealistically-positive upward feedback.

Simply being in closer touch with staff, with the operational side of things, the nuts and bolts of the organization, can probably go a long way towards encouraging more honest, and prophylactic, feedback. Insulating oneself from the rank-and-file, and dwelling in a world of reports, makes about as much sense as monitoring your children via their report cards – too little, too late.