Imagine you’re no longer responsible for keeping your company’s computers up and running. Instead, you’re an epidemiologist. Rather than a new and very aggressive malware threat you read about a new and highly contagious virus … the statistics indicate 30% of those exposed become infected and roughly 1.25% of those infected die.
The U.S. has a population of 300 million. You do the arithmetic: Straight-line extrapolation predicts 90 million infections and more than a million deaths.
Welcome to the world of the adults who are responsible for responding to the “Novel H1N1” flu virus.
They take it as seriously as you take malware. For their trouble they are regularly attacked by the ignorati, who love to bandy about phrases like “Alarm Industry.” Maybe the ignorati think taunting is clever, or will win points for their team, whatever that might be.
Possibly they’re sincere, having formed the sort of strongly held, simplistic opinion that so often accompanies shallow knowledge, avoidance of the unpleasant and difficult, and an intense desire for the world to be quickly and easily understandable.
Their desire will remain unrequited: Many of the individual dimensions of this multidimensional planet are each so dreadfully complex that the relevant branch of mathematics is called Chaos Theory.
Personally, I’m grateful that adults are in charge of this situation, and that thus far they’ve been unimpeded by the Noise Industry.
Here’s what’s sad: If they do contain the situation, the Noise Industry will trumpet their success as “proof” they inflated the threat.
Because you’re responsible for keeping the joint running, you sometimes have their job. At times, the proper response to a threat lies beyond your level of authority. (Here’s one: dealing with the ramifications of staffing shortages resulting from an H1N1 outbreak – does your company’s business continuity plan address pandemics?)
It’s time to “manage north” – to effectively engage those above you in the organizational chart. In most organizations that means delivering bad news to people who don’t want to hear it.
The ineffectual will burst into their managers’ offices, red-faced and out of breath, to say, “Boss! We have a problem!” showing they’ve confused their actual role in the company – person-who-deals-with-difficult-situations – with “cub reporter.” In response many managers will say, “Don’t bring me problems, bring me solutions,” distracted from the impending threat by their need to coach.
You perceive a threat. If a suitable contingency plan already exists, find it, familiarize yourself with it, and make sure your team familiarizes themselves with it too. If not, bring your team together to prepare a plan.
Either way, the plan will provide the engineering and procedural solution. It will probably be technically or logistically challenging, but it will be straightforward.
What isn’t straightforward is the political plan. Its preparation is your job, which you can’t delegate. It consists of:
- Threat assessment: Provide a brief, non-technical description of the threat, and as accurate an estimate as you can of the likelihood the threat will turn into an occurrence, along with the reason for that estimate and your confidence in it.
“The sky is falling!” is a weak message. We all know what happened to the boy who cried wolf. You have dual challenges: Selling the problem, and preserving your credibility.
- Alternatives: Provide alternatives whether or not you have an approved contingency plan. You need to present them even if only one makes sense, to demonstrate you’ve thought things through. Otherwise your manager might take the time to think things through, and might then reach a different conclusion. If not, his manager might do so.
- Impact analysis: Your plan will disrupt normal business operations. So while it need not be formal and numerical in nature, you do need to anticipate who it will disrupt and how much. You’ll need your manager’s help to gain the cooperation you’ll need to execute your plan.
- Communication plan: Who needs to know about the threat, what they need to know about it, and how you’ll inform them and keep them up to date.
- What success will look like: This is the tough one. You need to develop some positive indicator that proves, or at least provides strong evidence that actual prevention took place. Or, if the threat doesn’t turn into an occurrence, a convincing account of why it didn’t.
Yes, it would be lovely if you could simply deal with the threat without all of this other rigmarole. In the relatively uncommon organizations that enjoy a culture of honest inquiry, you wouldn’t have to. But everywhere else, risk management is politically risky.
Like any other risk, you need to manage it.
That’s the paradox isn’t it? You predict with near certainty that an event will occur, be it Y2K, an epidemic, or what have you, and you take the appropriate steps to mitigate the event thus producing a non-event. What is a miracle then, the production of an event with no or little effort against all odds? The physicists have coined a new term called an anti-miracle which is the prevention of an event against all odds even though it should happen. See this article for details.
The barriers you speak of are ones of ignorance and self-interest. If the listener’s mind is already made up, then you’ve wasted your time setting up a logical plan of risk mitigation. For a bureaucratic, hierarchical organization it’s easier and safer for a manager to kill a proposal rather than implement it, especially if his salary depends on his answer and his not understanding it (an Upton Sinclair observation). Therefore, there needs to be some sort of organizational insulation or protection set up for risk mitigation efforts even in an environment that has honest inquiry, otherwise they will wither and die due to the fact that mitigating the risks affects the productivity and self-interests of other managers who command the power because they command the current profitable risky practices. We saw this problem with the banking system. They had measures in place to value and assign risk, but inevitably, those measures were either ignored or watered down because if implemented the banks would not make as much profit during the boom times. Then came the bust and risks which were thought highly improbable became reality. This is not even taking into account outright control fraud, looting, or sheer incompetence by executives within those institutions. But fraud and looting stem directly from individual executive self-interest since bad ethics will drive good ethics from the system due to competitive pressures between firms in a market (William Black).
Bob, the classic “engineer’s report” format listed in your article is very close to the Cub Reporter’s “Sky is Falling” format.
The answer needs to come first. For Instance:
1. This is what needs to be done
2. This is why it needs to be done
3. The resources required are . . .
4. Tangible results will be delivered by . . .
5. Sign here
All the other stuff in the engineer’s report needs to be ready for display if exploration is needed.
Sources: “Meetings that Work, Plans that Bosses Approve” HBR ~20 years ago, and,
“Completed Staff Work” lots of sources