The Biggest Risk to an Organization
I've heard it said that organizations that were designed to succeed in the 20th century are doomed to fail in the 21st. Sure enough, in the past 20 years, disruption has altered the faces of many industries. No industry seems immune as we've seen hotels, taxis, movies, gaming, long distance calling, cameras, etc. all upended. Many of the affected companies knew where the source of disruption was coming from, but they lacked the focus, vision, agility, nimbleness, or decisiveness to get the job done themselves.
Very few of the disrupted companies would claim that they failed to manage risk effectively. After all, they likely did not fall because of a lawsuit, operational blunder, or single financial misstep. Companies are successful due in large part to their ability to manage such risks. But the task of risk management seems to have changed faster than organizations could adapt. A mighty adversary has emerged that now threatens traditionally rock-solid companies, and many companies are blind to it. This new threat is Strategic Execution Risk, or the risk of not executing on a stated strategy.
Let's define "strategy" as the aim of transforming an organization from what it is today to what it needs to become before it's too late. A well-articulated strategy allows employees to understand the direction a company is moving and the tactics they're likely to employ to get there.
A common contributor to strategic execution risk is where the strategy is not well-articulated. I've been part of organizations that thought their strategies were well articulated, but failed to measure whether employees truly understood. Communication must be measured, not just communicated. Strategic articulation should be so clear that any employee, regardless of their role in the organization, understands where the organization is headed. Consider a sea of employees each metaphorically wandering the streets of Paris. The strategy should be their Eiffel Tower: If you tell them that's where we're headed, they can simply look up and head that direction.
While strategic articulation issues can easily be overcome, mitigation of strategic execution risk is tricky business. The same tools that are used in other risk management planning efforts can be applied. Complexity arises, however, when we see that the same measures that are taken to prevent risk in other parts of the company are adding to strategic execution risk. Consider a company that has a strategic goal of digitizing its major product lines before the competition beats them to it. In order to execute that strategy, they may need a rapid, major overhaul of their marketing and IT departments that requires immediate layoffs and rapid talent acquisition which must occur faster than their traditional approaches allow. By the time HR and Legal have given their opinions on the how the matter should be handled, the competition may have already passed them by.
What would it look like for a 20th century organization to prioritize strategic execution risk mitigation approaches ahead of others?
It requires swift decisions that appear to be high risk by traditional measures, but are, in effect, risk-mitigating because they reduce strategic execution risk. For instance, if the potential cost of not executing is greater than the cost of not dotting i's on human resource practices, the traditional HR rules must be broken. Executive teams must be willing to make such trade-offs to advance the company.
It also requires a realization that decision-making is complex, not linear. Most traditional risk mitigating policies seem linear. That is, action A leads to outcome B. For example, if a legal review is required of each and every HR matter (A), it will reduce legal risk (B). There are so many of these seemingly linear rules in Corporate America, that decision makers become complacent. Some may believe these to be the best rules for the organization, regardless of circumstance. However, decision makers should be valued not for their ability to enforce or implement linear risk mitigation policies, but rather for their ability to recognize where the situations are complex, and to take action despite the added complexity.
After all, the decision not to act is a decision. In this case, the decision to allow traditional risk mitigation measures to delay or trump a measure that mitigates strategic execution risk is, in fact, a decision. And it's a poor decision: one that can prevent a company from transforming to what it needs to become... before it's too late.