How to Prevent Self-Inflicted Disasters
All too often, companies unintentionally create their own worst crises. With a little awareness of your organizational DNA, you can avoid that fate — and the headlines that go with it.(originally published by Booz & Company)
During the last few years, a number of well-publicized “black swan” events — highly destructive calamities that seemingly come from out of nowhere, and that are diverse enough to include oil rig explosions, automobile recalls, major production delays, financial meltdowns, and at least one phone-tapping scandal — have had immense negative effects on the companies involved. When you look in more detail at these crises, you often find that they were self-inflicted to some degree. An overly aggressive production schedule may have driven employees to disregard or downplay the company’s safety or risk prevention procedures. Internal staff may have warned their peers about potential dangers, but those warnings never made it to the top of the company. Decision makers may have ignored, misunderstood, or even suppressed bad news, in a way that ultimately backfired. After the event, the leaders of the company often have to admit: “We did it to ourselves.”
The unintended consequences associated with a self-inflicted black swan can be devastating. They include negative publicity; huge, sudden costs; lost revenues; lawsuits and criminal judgments; and regulatory penalties. Analysis of the stock prices of companies that suffered such events in 2009 and 2010 in the oil, automobile, aircraft manufacturing, and financial-services industries shows that within two months after a visible self-inflicted crisis, an average of 18 percent of shareholder value was lost, relative to the S&P 500. Moreover, stock price performance continued to diminish over time: On average, shareholder value came down 33 percent within a year.
Self-inflicted black swans have occurred in many industries in widely varying circumstances, but always with one common factor. Although the initial trigger appeared to be an exogenous event, the critical decisions were largely under the control of management. Typically, a number of people within the company knew about the situation and saw the potential downside in advance; if this knowledge had been acted upon with diligence and in a timely manner, the problem could have been prevented. Often, these companies had formal procedures in place designed to avoid these precise risks, but the procedures were routinely ignored or bypassed by employees.
How could companies that knew better fall into these traps? Because the perception of risk diminishes over time. It’s not unlike the dangerous habit of texting while driving. Imagine that one day under pressure, you send a text message while behind the wheel, and nothing bad happens. You promise yourself that you won’t do it again, but the pressures continue, and you start to make a habit of it. A few months go by with no mishap, and you come to believe that the “no texting while driving” rule shouldn’t apply to you. You are one of those favored people who can successfully multitask without much risk. But when you’re feeling lucky is just when you’re most likely to cause an accident. Companies that get into similar habits — overlooking or sidestepping their risk management practices — are similarly primed for a self-inflicted black swan.
For example, more than one oil and gas company has been informed at some time by subcontractors of the potential for a severe explosion. Mitigation measures have typically been at hand to rectify the problem, but because implementing them would temporarily halt the operation, leading to lost revenue, the manager of the oil rig is under pressure to find some way to cover over the problem. If everyone else involved in the rig tacitly accepts this decision, even though it contradicts official company policies, there might well be an explosion within months.
Similarly, at the outset of the global financial crisis, some people within banks and insurance companies were warning of the declining standards for securitized mortgages, CDOs (collateralized debt obligations), and other high-risk investments. But others had strong incentives to ignore these warnings — not just the formal motivators such as pay, but equally powerful informal incentives such as the traders’ fiercely felt need to outperform others. In the U.K. voicemail hacking scandal, the news media had a similarly strong competitive motivation: to scoop rival publications. The institutions that survive unscathed tend to be those that maintain informal commitments to back up their formal rules on safety and integrity.
An Introduction to Organizational DNA
If you are a senior leader, you may already be wondering whether your company is vulnerable. Are there systemic organizational characteristics, embedded in both the policies and the culture of your company, that contribute to self-inflicted disasters? Do your safety, compliance, and risk management practices truly have teeth, or do they actually add to the danger by giving you a false sense of security? What practices and organizational designs will help you be more efficient and effective in the short term, while mitigating the risk of self-inflicted black swans over the long term?
The answers to these questions vary from one company to the next. You must start by recognizing the distinct ways in which your company operates, the elements of your organizational DNA.
The organizational DNA framework is a vehicle for understanding the formal and informal elements that drive and constrain day-to-day behavior in your company. (See Exhibit.) This framework, introduced by Booz & Company in the early 2000s, has been used by almost 200,000 individuals to profile and improve the health of their organizations. Like molecular DNA, organizational DNA has four “bases”: components of activity that fit together like building blocks. They determine how an organization executes — what changes it can make and what actions its members can take. The four bases are:
- Decision rights and norms. The rules and practices that govern how actions in an organization are shaped and focused.
- Motivators and commitment. The values and principles that drive employee behavior and engagement.
- Information flow and mindsets. The patterns of thinking and communication that inform what people do in an organization.
- Organizational structure and networks. The links and connections that guide how people work with one another throughout the hierarchy.
When put together, the formal sides of each organizational DNA base make up the official part of the organization’s operating model: decision rights, motivators and incentives, information-carrying channels and metrics, and the structure of reporting relationships (the organization chart). These are the documented, official standards for company operations across all levels.
However, official rules alone cannot determine everything about the way the thousands of employees in a large company make and execute decisions. The informal sides of each base have an equally strong impact. These include the norms that people keep in mind about what matters and who is important, the commitments that individuals make about why they care, the mindsets that people (and groups) adopt that shape their perceptions of their work, and the networks through which people in a company develop relationships.
Companies with self-inflicted crises nearly always have formal elements in place that are intended to help the organization avoid accidents and problems: reports, explicit procedures, and watchdog and prevention measures that prevent catastrophes when nominally followed. But the informal elements determine the way that policy is implemented. In many cases these unwritten rules, values, standards, and workplace routines treat these formal procedures as bureaucratic overkill. The reports are ignored, and the procedures are followed only in a pro forma fashion. Like the driver who texts in traffic, the company gets away with noncompliance for a long time, while the effectiveness of its procedures gradually erodes. The crisis doesn’t occur until a long time after the noncompliance began.
The Key to Capability
In a typical large company, a self-inflicted black swan can emerge in many ways. Rather than trying to prepare for each specifically, companies should approach the issue by developing an effective capability for anticipating and managing large, unrealized risks in general. Here are four starting points, each based on one of the building blocks of organizational DNA:
1. Clarify who is responsible for which decisions, taking into account the influence that informal leaders already have (decision rights and norms). The decision rights for large, unrealized risks are probably unclear, because by their nature, these risks involve long-term concerns with an uncertain payoff. Risk prevention and mitigation measures may also involve a complex group of actors, especially when work is outsourced or offshored. Some companies, including many financial-services firms, assign risk exposure to specialized departments. But these risk departments — which are typically disconnected from mainstream operations and led by managers with little authority — may lead to a false sense of security. People feel little need to concern themselves, because the department is there to take care of it. Yet if the risk department does not have the authority or influence to affect company decisions, then who will step in to ensure that self-inflicted black swans don’t appear?
To establish a more appropriate group of decision rights, you may need to set up a cross-organizational team to manage information on significant risks. Make sure that some members of this team have the requisite decision rights to ensure that practices are put in place and that people comply. Other members may be influential people who have no formal role in preventing risk, but who are personally committed to the idea and well connected informally.
Formal decision rights should be backed up by informal discussions to establish general agreements. For example, what if a contractor sees a practice that seems dangerous? Whom should he or she inform? What if that person doesn’t act on it? Who should then step in? Once these informal general agreements have been reached, design the formal decision rights to complement those agreements.
2. Align incentives and other motivators to promote awareness of potential risks and their prevention (motivators and commitment). Because incentives are rarely designed with self-inflicted black swans in mind, they may produce conflicting priorities. The CEO of a financial institution may be charged by the board with looking out for long-term health, but individual traders are compensated on the short-term revenues they generate. Or a manufacturing company may have a safety-conscious culture alongside a high-pressure production schedule; managers who can’t keep up are seen as letting everyone else down.
It’s not easy to resolve these tensions, and people often rely on both formal and informal support. If the company has established rules about the priorities and rewards involved in anticipating risk, and if most people are regularly exposed to informal conversations about the dangers of cutting corners, they are more likely to avoid peril. It also helps when people involved in a complex situation can meet openly to hash out the issues and think together about ways to resolve the tension between being fast and being safe.
You can often find evidence of poorly aligned incentives by talking to managers in the field. Have they “normalized” their view of problems, discounting the idea that catastrophes could happen and letting excessive risk become business as usual? Their mindset can be similar to that of one oil company engineer who wrote in an internal e-mail, just before a disaster, “Who cares? It’s done, end of story, we’ll probably be fine and we’ll get a good [follow-up] job.”
To redesign motivators and commitments may require an explicit review of your organization’s gaps and inconsistencies. How closely aligned are the promotion and bonus structures with the behaviors you want to promote? Do employees care about short-term gain only, or do they have long-term growth and the preservation of their jobs in mind? Once you have established some answers to these questions — through surveys and analysis of your existing incentives — you can then begin moving those incentives closer to the motivators and commitments you need.
3. Create formal and informal communication channels to raise awareness of current conditions on the ground (information flow and mindsets). In preventing self-inflicted black swans, one central challenge is ensuring that senior decision makers can get an accurate, timely, and independent overview of “ground truth”: the realities of project progress and potential problems. They need to independently verify the information they receive from their direct reports. In most companies, executives receive messages selectively filtered and tailored to what people believe they want to hear. Basic human nature seems to include reluctance to communicate bad news.
Outsourcing and offshoring exacerbate the problem. Subcontractors may be located far from the headquarters of their client companies. Supplier contracts typically limit the type and amount of information that can be shared, and sometimes impose penalties for delays — thus giving subcontractors an extra incentive to withhold troubling information, for fear of becoming the messenger of bad news or in hope that another subcontractor might be forced to communicate first. These challenges can be overcome, but only by establishing open communication channels — both formal and informal — through which senior leaders can interact with lower-level employees to get their perspective. Regular review meetings will not suffice; it takes regular interaction, ideally in casual face-to-face settings, to give senior management an accurate picture of what is happening.
This kind of conversation also gives lower-level personnel a clear understanding of management goals — and improves their judgment about which types of problems are worth reporting, and how to report them. Beyond that, some senior leaders make a point of cultivating multiple sources of information; you might, for example, ask a quality department and a production department to report independently on the same projects. The point in all this is to broaden the flow of information to and from senior management, as well as around the organization generally.
4. Set up better reporting relationships and prevention guidelines, using work-arounds as diagnostics (organizational structure and networks). When under pressure to produce, employees often develop work-arounds, shortcuts that allow them to sidestep the formal checks and balances of risk prevention. After a work-around has been in place for a while, it becomes second nature; people almost forget that the old rules exist. In fact, maybe the formal rules are truly superfluous and unneeded — or perhaps they’re genuinely important, like the law against texting while driving. You may have to find out the hard way if you have never examined these rules.
The presence of a work-around can provide a valuable clue that some process is unclear or cumbersome and needs to be either enforced or changed. If you try to outlaw the work-around strictly through edict and penalty, without addressing the issues that made people turn to it in the first place, then they will simply find another nonstandard approach. Instead, you need to bring formal structures and informal networks together; talk to people directly about the reasons that work-arounds have developed, and institute new policies that address the underlying issues.
One common work-around is found at the corporate level: An organization becomes focused on managing the public perception of a problem (or potential problem) rather than actually trying to solve it. If you find yourself continually defensive about queries from the public or from regulators, that’s a clue that you have a deeper internal issue to explore. Defend your company, by all means, but also begin to follow the trail. Is there something within your organization that is masking a potential catastrophe?
An Ethic of Integrated Action
In companies primed for a self-inflicted black swan, some or all of these problems may exist side by side. The lack of open information flow, unclear decision-making authority, an inefficient organizational structure, and inconsistent values and incentives all negatively reinforce one another. By the time the problem comes to light — whether through an explosion, a technological failure, a legal challenge, or some other visible catastrophe — it is too late to stop the damage.
An organizational DNA analysis doesn’t prevent any particular crisis; instead, it gives you a better capability for identifying whether your organization is vulnerable to all such crises. This type of analysis is equally useful for other problems that require organizational change: building a high-performance organization, moving into new markets, or adopting a more coherent strategy. You can’t immediately change the way your organization behaves by simple fiat. But with a close look at the core elements of your organizational DNA, you can recognize the design steps that can lead to better behavior very soon.
- Eric Kronenberg is a partner with Booz & Company in Florham Park, N.J. He specializes in developing capabilities for program and project management, engineering and design, and manufacturing and construction in multiple industries, including aerospace and defense, energy, and transportation.