Managing Change by Managing Risk - Literature review Example

Managing Change by Managing Risk Introduction The change process is a choice; but not so are risks. Notably, when an organisation chooses to change, it also chooses (sometimes unknowingly) to undertake the management of risks that occur in the change process (Bernstein 1996, p.383). As many organisational leaders would agree, the change process is often volatile and unpredictable, hence necessitating an organisation to have the skills needed to keep the volatility under control while making the change process clearer. As indicated by Kutzavitch (2010, p. 3), change-related risks depend on the complexity of the change; the perception that the organisation (and individuals therein) have regarding their contribution to the change outcome; and the willingness or preparedness of individuals and the organisation to change. A complex change process is likely to present more risks to the organisation, while a detached attitude by employees or the management may also present additional risks to the organisation (Vidal & Marle 2008, p.1108). The attitude that employees or other stakeholders show towards the proposed change are largely influenced by their perceptions regarding potential gains or losses. In cases where the workforce is not ready for change either because they are unwilling or not fully prepared, the risks are even more pronounced. For change to be successful therefore, it becomes imperative for the managerial and/or leadership functions in organisations to identify ways through which they can manage risks effectively. DeLoach (2004, p. 29) for example observes that amidst changing circumstances in organisations, leaders ‘must simultaneously be in a position to confidently assure investors, directors and other stakeholders’ about their capacity to handle risks. Similar sentiments are expressed by Kennedy (2008, n.pag.) who observe that much as audit firms may be contracted to determine the risks that a firm faces both internally and externally, it remains the management’s prerogative to keep pace with emerging enterprise risk management practices and utilise them to manage change in their respective organisations. Following DeLoach’s (2004, p. 29) argument, it is therefore arguable that an organisation’s capabilities in handling change can be gauged by how well it manages risks. Managing risk While it has proven hard to define the term ‘risk’, it is generally agreed that risk is ‘related to uncertainty, and it has consequences’ (Hillson & Murray-Webster 2007, p. 5). On his part, Jaafari (2001, p. 90) defines risk as ‘the exposure to loss/gain, or the probability of occurrence of loss/gain multiplied by its respective magnitude’. Other authors such as March and Shapira (1987, p. 1404); PMBOK (2004, p.11); Tummala and Buchet (1999, p. 223); Olsson (2008, p.60); and Ward and Chapman (2003, p. 98) all have differing definitions of what risk really is. Looking at the different definitions however, one gets the impression that managing risks involves decreasing uncertainties, and/or reducing the impact of an event’s consequences. The effectiveness of managing risks is however determined by the ability or lack thereof to maximise the achievement of organisational objectives. When used to manage change, an organisation needs to realise that managing risks is done by an individual or a group of people within the organisation as inferred by Hillson and Murray-Webster (2007, p. 12). How people within the organisational setup relate to each other, and their acknowledgement about the need to manage risks however affect the success or lack thereof of risk management strategies used. Yet, managing risks does not just happen; instead, it takes deliberate action by an organisation whereby, the employees therein consider the changes that need to take place and initiate the risk management process by ensuring that the change objectives are understood and agreed upon by all stakeholders (Hillson & Murray-Webster 2007, p.18). Some of the considerations that an organisation needs to focus on include the importance of the identified organisational change and the perceived riskiness of the change process. The next step of managing risk involves risk identification, whereby organisations can organise workshops, interviews, questionnaires, checklists or brainstorming sessions for purposes of identifying risks (i.e. the uncertain possibilities that would have negative consequences on the organisation), and challenges that the organisation may encounter in its change process. The next step in managing risks as suggested by Hillson and Murray-Webster (2007, p. 18) involves assessing the risks and prioritising them for attention and action. During assessment, the organisation can either choose to delve into the detailed characteristics of each identified risk hence gaining an understanding of the same, or use mathematical models ‘to stimulate the effect of risks...’(ibid.). The next phase in managing risks involves response planning, where an organisation identifies the best suited, affordable, achievable and appropriate strategies to use in managing the risks. Such identification is followed by implementation of the strategies, and depending on their suitability or lack thereof, an organisation may change the risk management strategies identified earlier. Lastly, the risk management process is reviewed and updated depending on the changes occurring in an organisation. As changes occur in the organisation, so do the risks change. Change management Change management is the process through which an organisation understands and controls its ‘exposure to hazards such that the overall risk to business is handled in an efficient and effective manner’ (Scarborough 2011, p. 2). Notably, even the smallest change has associated risks, and as such, organisations need to identify such risks and design strategies for handling them before they can negatively impact on the organisation. For any change process, Scarborough (2011, p. 2) identifies five common risks that need to be managed effectively. They include: the risk that the needed changes were not properly assessed; the risk of unplanned (or unexpected) shortcomings; the risk of change underperformance (i.e. the change process fails to have the expected outcomes); the risk of emergency modifications during the change process; and the risk of delays in the change process. To manage such risks, Scarborough (201, p. 2) recommends that organisations need to identify the need, the expected outcomes, the resources needed, the people responsible, and the relationships needed for the change processes to be successful. Identifying the aforementioned would then enable the organisation to create an effective risk management system. On their part, The European Foundation for Quality Management (2005); The Committee for Sponsoring Organisations (2004, p. 6); and Williams et al. (2006, p. 68) observe that a risk management system should provide leaders, managers or decision makers with a systematic method to cope with risk and uncertainties in the organisational environment. For a risk management system to work effectively, Kaplan and Mikes (2012, para. 4) suggested that an organisation needs to ‘understand the qualitative distinctions among the types of risks’ that it faces. Kaplan and Mikes (2012, para. 5-10) observe that risks can be categorised as: I) preventable risks; II) strategy risks; and III) external risks. I) Managing preventable risks In managing change, preventable risks are internal to an organisation, and can be controlled, avoided or eliminated (Kaplan & Mikes 2012, para. 6). When managing change for example, the risks posed by employees who refuse to buy into the change process can be controlled, avoided, or eliminated by communicating the importance of the change to them and encouraging them to be participants rather than spectators in the change process. In some cases, the preventable risks arise from inappropriate, incorrect, unethical, illegal or unauthorised actions by some employees. In such cases therefore, risk management would involve identifying the risks and the contributors to the same, and communicating to them appropriately in order to avoid potential routine or operational breakdowns. In cases where intolerance to change is detected, organisations can use a risk management strategy that involves guiding the employees’ behaviours towards desired norms. Kaplan and Mikes (2012, sidebar) for example note that it pays to remind employees of the basic mission, vision and objectives of the organisation even amid the ongoing changes. On his part, Simon (1999, p. 85) indicates that organisations need to know that even the slightest change in the organisation has risks that need to be managed. For example, the hiring of new staff may not seem like a major change, but it has risks associated with the new employees and their ability to fit into the existing culture, their performance or lack thereof, and the perceptions (e.g. some may be perceived as threats to the job stability of others) that existing employees have regarding the newcomers. Simon (1990, p. 85) observes that it is the prerogative of the employer to anticipate the risks involved with even the slightest change, and use preventative risk management strategies to avoid them having a negative impact on the company. In most preventable risks, managers need to use organisational adjustments strategies to prevent, control and/or eliminate the same risks (Narayan et al. 2002, p. 23). Some of such strategies may be as simple as encouraging staff members to voice their objective opinions even when the change process seems to be following a successful trend. Simon (1990, p. 86) specifically observes that ‘it’s during the good times that managers need to be most watchful of impeding danger’. For example, an organisation that is purchasing new computers may be undergoing the changes needed to make its customer processes fast and efficient, except that the management should be cognisant, and ready to manage the risks involved in the integration of new technology into the work environment. While it is agreeable that no organisation that wants to progress can institute changes without some level of risk exposure, Simon (1990, p. 86) observes that managers should always be observant to ensure that the risk exposure levels are manageable. II) Managing strategy risks Clausewitz (1976, pp. 178-179) observes that while one is able to identify risks through observations in a tactical situation, strategy-related risks are not easily identifiable and as such one has to guess or presume what they are. The first step to managing strategy risks therefore appears to be in identifying such risks. Holcomb (2004, p. 119) defines strategic risk as “the probability of failure in achieving a strategic objective at an acceptable cost”. In other words, the strategic risks are well identified by comparing the desired outcomes, with the means and resources needed to attain the same outcomes. A good illustration of a strategy risk is the investment that an oil drilling company makes when drilling wells worth millions of dollars, without being certain whether the oil from such ventures would be commercially viable or not. On one hand, such company is aware that a failure to realise commercially viable products from its venture would affect its financial bottom-line; but it is also aware that finding commercially viable oil would make a good return for its investment. To manage such risks appropriately, such a company would only invest an amount of capital that would not negatively affect it worth. Viewed from the perspective of managing change, managing strategic risks is vital for purposes of ensuring that an organisation does not literally ‘set itself up for trouble’, while pursuing organisational progress through new investments. All strategies have to be weighed for their real worth, their potential to cause lasting consequences (negative and positive) to the company, and the ability of the company to handle such consequences. For example, an airline willing to institute changes in its human resource department by retrenching employees would need to consider the risks of such a decision on the company’s productivity when compared to the decisions’ effect on the company’s wage bill. In such scenarios, the management needs to consider the possible risks in each option and adopt the one with the least likely negative consequences. As indicated by Holtz (2007, p. 5) and Crawford and Stein (2004, p. 500), playing safe and reasoning things out may not propel an organisation to the change that it wants. However, any risks taken should be balanced with the organisation’s capacity to survive. Where necessary, and if acceptable, organisations can mitigate strategic risks by taking some form of insurance against the same. A company making a decision to invest in a politically unstable environment may for example insure its properties and/or processes against the effects of politically instigated violence. Such a decision would therefore mean that the company can still manage change (to a new environment) by managing the risks related to its exposure to the political intrigues of a specific business location. A different approach to risk management would involve analysing risks in the different viable investment locations and settling for one with the least risk exposure. Notably, even insurance needs to be measured for its risk as compared to an organisation managing its own risk internally. As Kubitscheck (2001, p.35) observes, organisations have to ensure that the cost of insurance does not ‘outweigh the potential loss or damage to the rest of the business’. Where an organisation is outsourcing some of its processes as part of the change process, Kubitscheck (2001, p.35) observes that an internal risk assessment of the outsourcer would be vital to enable the outsourcing company understand and manage the potential successes or failures. Overall, and as observed by Weller (2008, p. 34), an organisation cannot grow (or change in its capacity to do business) without encountering strategy risks. However, the wisdom of managing such risks for purposes of managing change is contained in avoiding those that can be avoided, and using risk-mitigating strategies in opportunities that are necessary for organisational growth. III) Managing external risks External risks emanate from sources and/or events outside an organisation (Kaplan and Mikes 2012, para. 7). Usually, the organisation has no control of such risks, and as such, the main external risk management approach should be geared towards identifying such risks, and findings ways through which their impacts can be mitigated. In managing change, the external risks can be a source of instability and the organisations therefore need to ensure that despite the goings-on in the external environment, the change processes in the internal environment are not affected significantly. Using the example of political instability as indicated elsewhere in this essay once again, it is obvious than an organisation would have no control over the political climate in a specific investment location. However, anticipating such risks, and determining how to react should such risks materialise would be a viable external risk management strategy. In cases where the change process requires an organisation to invest in politically unstable environments, it would thus be decided that the organisation can only invest what it can afford to lose. Alternatively, the organisation could choose to insure its properties and processes against external risks such as natural disasters, political instability or macroeconomic disturbances. Such decisions would however call for another kind of risk analysis especially considering that in some countries; such risks are not insurable, and even where possible, they attract significant premiums. As suggested by Scott (2002, p. 11) for example, an organisation could calculate its economic capital requirements to decide what amount to reserve for purposes of guarding against disasters and/or meeting regulatory requirements and what amount to use in insurance policies. Ideally, all risk control mechanisms, especially when viewed from an economic capital perspective, should be cost-effective (Scott 2002, p. 11). Other risk management approaches In addition to the rational risk management strategies that involve calculating and weighing the pros and cons of following a specific approach in managing change, Zinn (2008, p. 2) suggests that organisations can also depend on non-rational strategies of risk management which involve faith, belief, and hope. Notably however, in an organisation where uncertainty levels are high, belief, hope and faith would in most cases be considered too risky for organisations. Another recommendation which would be considered rather drastic in some quarters relates to a proposal made by Rupert Mason in an Interview with Strange (2012, p.36). Strange (2012, p.36) observes that some of the major risks that need to be managed during the change process are related to the capacity and capabilities of the management team to handle change. The author observes that some of the risks related to management include their inability, reluctance to inspire or lead change, and their complacency in the entire change process. In the argument, Sutherland (1999 cited in Emblemsvåg & Kjølstad 2002, p. 842) observes that management often gets stuck in previous successes, thus forgetting that a changing environment needs changes in strategies. Overall, managing change by managing risks seems to rely on the conviction that business environments change too rapidly to rely on a hindsight kind of risk management; rather and as Emblemsvåg and Kjølstad (2002, p. 842 citing Sutherland 1999) observes, ‘a major risk exposure and source of business failure and/or lack of opportunity success has been failure to manage change’. Conclusion From the sections above, it is evident that the change process is fraught with risks of different nature and magnitude. However, it is also evident that without seizing the risks, the opportunities that enable change and progress in an organisation cannot be realised. To manage change therefore, it becomes essential for an organisation to manage risks effectively. A failure to do so would end up in too much risk taking and exposure, which would most likely set up the organisation for failure. Notably, the management of risk (and of change) appears to be the prerogative of the leadership and management functions of an organisation. It is the leaders and managers at an organisation’s helm that create the necessary organisational culture needed to manage risks and changes effectively and efficiently. As the leaders, they have to ensure that everyone understands the need for change and willingly participates in the same. By so doing, the employees would be willing to pinpoint risks that the management may find hard to identify. Overall, managing change by managing risks is something that can only succeed if the entire organisations are cognisant of the need to manage the latter. This is especially important because every aspect of an organisation has probable risks, which if not identified in good time and addressed properly can contribute to organisational inefficiencies, and even failure. References Bernstein, P L 1996, Against the gods: The remarkable story of risk, John Wiley & Sons, New York. Clausewitz, C 1976, On War, In Howard, M., & Paret, P (Eds.), Princeton University Press: Princeton, NJ. Committee for Sponsoring Organisations 2004, ‘Enterprise risk management framework’, Committee of Sponsoring Organizations of the Tread way Commission, American Institute of Certified Public Accountants, NY. Crawford, M, & Stein, W 2004, ‘Risk management in UK local authorities: the effectiveness of current guidance and practice’, International Journal of Public Sector Management, vol.17, no.6, pp. 498-512. DeLoach, J 2004, ‘The new-risk imperative- an enterprise –wide approach’, Handbook of Business Strategy, vol. 5, no.1, pp. 29-34. Emblemsvåg, J, & Kjølstad, L E 2002, ‘Strategic risk analysis- a field version’, Management Decision, vol. 40, no. 9, pp. 842-852. European Foundation for Quality Management 2005, EFQM Framework for Risk Management, European Foundation for Quality Management, Brussels. Hillson, D, &Murray-Webster, R 2007, Understanding and managing risk attitude, Gower Publishing, Burlington, Vermont. Holcomb, J F 2004, ‘Managing strategic risk’, chapter 9, viewed 06 Dec. 2012, Holtz, N 2007, Managing strategic risk in China’s unpredictable automotive market- the saga of Tian River Motors, Deloitte Touche Tohmatsu, pp. 1-16. Jaafari, A 2001, ‘Management of risks, uncertainties and opportunities on projects: time for a fundamental shift’, International Journal of Project Management, vol. 19, pp. 89-101. Kaplan, R S, & Mikes, A 2012, ‘Managing risks: a new framework’, Harvard Business Review-The Magazine, viewed 06 Dec. 2012 Kennedy, P 2008, ‘Enterprise risk management: effective ERM practices’, Strategy & Leadership, vol.36, no. 3, viewed 06 Dec. 2012 Kubitscheck, V 2001, ‘Business discontinuity - a risk too far’, Balance Sheet, vol.9, no.3, pp. 33-38. Kutzavitch, K 2010, ‘change management issues and risk mitigation strategies for the enterprise’, Mastech White Paper, viewed 06 Dec. 2012 March, JG & Shapira, Z 1987, ‘Managerial perceptions on risk and risk taking’, Management Science, vol. 33, no. 11, pp. 1404-18. Narayanan, V K, Douglas, F L, Guernsey, B, & Charnes, J 2002, ‘How top management steers fast cycle teams to success’, Strategy & Leadership, vol. 30, no. 3, pp. 19 – 27. Olsson, R 2008, ‘Risk management in a multi-project environment: An approach to manage portfolio risks’, International Journal of Quality & Reliability Management, vol. 25, no. 1, pp. 60 – 71. PMBOK 2004, A Guide to the Project Management Body of Knowledge, Project Management Institute, Newtown Square, PA. Scarborough, M S 2011, ‘understanding and managing the risk of change’, Global Knowlegde White Paper, viewed 06 Dec. 2012 Scott, J 2002, ‘Economic capital: at the heart of managing risk and value’, Balance Sheet, vol.10, no.3, pp. 10-13. Scott, J 2002, ‘Economic capital: at the heart of managing risk and value’, Balance Sheet, vol. 10, no.3, pp. 10-13. Simon, R 1999, ‘How risky is your company?’ Harvard Business Review, vol. 77, no. 3, pp. 85-94. Strange, W 2012, ‘Interview with Rupert Merson, author of Guide to Managing Growth’, Strategic Direction, vol. 28, no.1, pp. 35-36. Tummala, V MR, & Burchett, J F 1999, ‘Applying a risk management process (RMP) to manage cost risk for an EHV transmission line project’, International Journal of Project Management, vol. 17, no. 4, pp. 223-35. Vidal, L, & Marle, F 2008, ‘Understanding project complexity: implications on project management’, Kynernetes, vol.37, no.8, pp. 1094-1110. Ward, S, & Chapman, C 2003, ‘Transforming project risk management into project uncertainty management’, International Journal of Project Management, vol. 21, pp. 97-105. Weller, N 2008,’ strategic and operational risks’, Student Accountant, September, pp. 34-35. Williams, R, Bertsch, B D, van der Wiele, T, van Iwaarden, J, Smith, M, Visser, R 2006, ’Quality and risk management: what are the key issues?’ The TQM Magazine, vol. 18, no. 1, pp. 67 – 86. Zinn, J O 2008, ‘Everyday strategies for managing risk and uncertainty’, viewed 06 Dec. 2012 Read More