How confident are you?
As a Project Manager or Risk Manager we are quite comfortable with the concept of risk. You are trained to identify risks, discuss them, and address them based on their impact and priority.
However, the risk that is often misunderstood or even neglected, is the risk of assumptions. Especially when a team is growing, you need to spend time documenting the way you make decisions. What is the basis of your analysis? Where do you go for the definitive answers?
Why is that?
Look at this picture, this is a ‘team’ with only 7 people. The lines are a representation of internal communication showing no form of hierarchy.
The more people you have in your team, the more information is going to be lost in translation. This is why the quality standards place such emphasis and importance on documented policies and procedures. Not just setting them up, but the team adhering to them and using the information from a single source.
Everybody is guilty of setting up their own systems, storing their own documents and keeping their research methodologies private. You may not do this on purpose, but it happens. The downside of this is that different team members start basing their decisions off different information sources.
During my quality management training, it was often said that a decision made on wrong information has more risk potential than not making a decision at all.
That’s one of the reasons why our Self Assessment Toolkits are based on the principle of the power of questions.
If you don’t ask the question, you will never find out whether everybody has a different answer. In your head you may assume that each person has the same answer, or you assume that it is clear and obvious. But it isn’t until you actually ask the question that you find out this was never the case.
Asking your team members where they store their analysis documentation offers great insight into the discrepancies. Some store on their local computer, others in a file management system, and others use cloud based solutions. While this seems like a silly and overly simplistic example, it may actually have major risk impacts.
Some industries (financial or government) have legal requirements that all their data is stored onshore. If found that data is stored on an international server because of the use of cloud storage, the company may be fined.
Or maybe first party personal data is stored on a local drive, which is against GDPR regulations, this could pose a risk for the company. And saying ‘I didn’t know’ is not a good enough answer. You should know, and that’s why you have to ask these questions.
How to make people follow the rules?
Everybody in your team needs to be fully aware of the way your business works. Obviously this is a skill building opportunity and you can organise a workshop or training to bring everybody on the same level.
Deeper than that – ongoing discussions on your company culture and core values is an important basis for the alignment of the individual team members. Start with creating clarity on your company core values before you build the understanding of the risk and compliance requirements.
Once that is clear – create a single source of information and make using this system the most intuitive and easy way to work.
When people have to use multiple systems with manual copy-paste actions, it’s a recipe for disaster as there are too many manual steps that just scream error rates! And when it’s too hard, people will come up with their own processes to follow.
So I guess you don’t just ask the questions, but also listen to the answers… and I mean really listen. Check in with the people in your team on how they use the systems, data sources and information to make decisions and translate their lack of clarity into better processes, procedures and systems.