Systemic Investigations & Reviews
Objective: To ensure a wholistic, evidence-based understanding of the root causes and implications of critical events and situations, as a basis for action to prevent recurrence and to lift performance.
How: RiskIQ works in concert with existing methods of investigation, using systems inquiry techniques. Working from the outside of the system inwards, creates an ability to find and understand hidden, subtle and complex factors that otherwise would not be identified or managed. Artefacts are created to show the inter-relationships between factors and to identify both root causes and points of leverage for change.
Key Points to Understand
• We go much deeper in our investigations to understand what’s going on in any organisation.
• We need to understand the present and future purpose, role and strategy of the organisation before we can infer what affects it.
• The inquiry process yields information about what people think and believe as well as hard facts.
• By piecing together all the information and data we have, we are in a position to draw some inferences about what is really going on and is NOT apparent at first sight. To really get to the bottom of what is going on, this is usually an iterative process.
• Most people, particularly people in senior positions who like to act on simple, clear ‘data’ will find all this hard to believe.
When seeking to understand the risks to organisational success it is important to gather real, unfiltered data for analysis. Although obvious risks can be identified directly from experience, this is often not the case for sensitive, subtle, interconnected and intangible risks. Not only are they often difficult to find, they are also difficult to fully understand.
Before providing a definition of “raw risk data” in an organisational context it is necessary to acknowledge that data about how an organisation is operating and performing is not by itself enough for risk judgments to be made. It is also necessary to understand its purpose, role, strategy and objectives and to understand its present and (likely) future context or environment. This is shown in the diagram below.
“Raw risk data” is any unfiltered, unaltered information that describes the organisation’s purpose, role and objectives, its present and likely future context, and how it is currently operating and performing.
Index of Tools:
1. Gathering Raw Risk Data
The three primary methods for collecting raw risk data include one-on-one interviews, independently facilitated workshops and surveys. Data must be recorded as close to verbatim as possible to avoid biases and filtering by the people performing the data capture. These methods gather rich risk data, which would otherwise be difficult to collect.
2. Collating Qualitative Risk Information
The collation process assumes that raw risk data is available as physical or electronic pages of text. It also assumes that pages are numbered and that it is clear who provided the data and when. Configuration control is an important aspect in ensuring that the analysis is evidence-based and to assist with credibility when the analysis leads to conclusions that are not easily understood or accepted by leaders.
3. Basic Risk Mapping and Root Cause Analysis
In order to build a risk map, risk information (data) is required. Although a risk map can be created “live” by an individual or by a group, it is more effective when each risk map is based upon risk data that has been deliberately collected through well-designed risk workshops and interviews. The information collected is in the form of statements (opinions) provided by stakeholders about the risks that they face doing their work.
RiskIQ has developed a unique root cause analysis approach that uses qualitative, opinion-based information to analyse patterns and relationships. This leads to robust conclusions about the key drivers of the symptoms (experiences) of staff in an organisation. Almost always these drivers are complex, inter-related and subtle and cannot be reliably identified or understood using only intuition or experience. They also may be sensitive to talk about or to manage and hence may not be overtly talked about – that is, the “hidden cans of worms”.
4. Essential Capabilities Mapping
Essential Capabilities Mapping seeks to determine those capabilities that are essential for the organisation to be good at to achieve its stated purpose. Essential capabilities may have enabling capabilities that the organisation also must excel at to achieve the essential capability. Actions to be completed for achievement of the enabling capabilities can then be identified and allocated for completion.
5. Extended risk map concepts
Risk maps can take a range of forms and each has different benefits and uses.