An Introduction to Organizational DNA
If you are a senior leader, you may already be wondering whether your company is vulnerable. Are there systemic organizational characteristics, embedded in both the policies and the culture of your company, that contribute to self-inflicted disasters? Do your safety, compliance, and risk management practices truly have teeth, or do they actually add to the danger by giving you a false sense of security? What practices and organizational designs will help you be more efficient and effective in the short term, while mitigating the risk of self-inflicted black swans over the long term?
The answers to these questions vary from one company to the next. You must start by recognizing the distinct ways in which your company operates, the elements of your organizational DNA.
The organizational DNA framework is a vehicle for understanding the formal and informal elements that drive and constrain day-to-day behavior in your company. (See Exhibit.) This framework, introduced by Booz & Company in the early 2000s, has been used by almost 200,000 individuals to profile and improve the health of their organizations. Like molecular DNA, organizational DNA has four “bases”: components of activity that fit together like building blocks. They determine how an organization executes — what changes it can make and what actions its members can take. The four bases are:
- Decision rights and norms. The rules and practices that govern how actions in an organization are shaped and focused.
- Motivators and commitment. The values and principles that drive employee behavior and engagement.
- Information flow and mindsets. The patterns of thinking and communication that inform what people do in an organization.
- Organizational structure and networks. The links and connections that guide how people work with one another throughout the hierarchy.
When put together, the formal sides of each organizational DNA base make up the official part of the organization’s operating model: decision rights, motivators and incentives, information-carrying channels and metrics, and the structure of reporting relationships (the organization chart). These are the documented, official standards for company operations across all levels.
However, official rules alone cannot determine everything about the way the thousands of employees in a large company make and execute decisions. The informal sides of each base have an equally strong impact. These include the norms that people keep in mind about what matters and who is important, the commitments that individuals make about why they care, the mindsets that people (and groups) adopt that shape their perceptions of their work, and the networks through which people in a company develop relationships.
Companies with self-inflicted crises nearly always have formal elements in place that are intended to help the organization avoid accidents and problems: reports, explicit procedures, and watchdog and prevention measures that prevent catastrophes when nominally followed. But the informal elements determine the way that policy is implemented. In many cases these unwritten rules, values, standards, and workplace routines treat these formal procedures as bureaucratic overkill. The reports are ignored, and the procedures are followed only in a pro forma fashion. Like the driver who texts in traffic, the company gets away with noncompliance for a long time, while the effectiveness of its procedures gradually erodes. The crisis doesn’t occur until a long time after the noncompliance began.
The Key to Capability
In a typical large company, a self-inflicted black swan can emerge in many ways. Rather than trying to prepare for each specifically, companies should approach the issue by developing an effective capability for anticipating and managing large, unrealized risks in general. Here are four starting points, each based on one of the building blocks of organizational DNA: