But how much risk should a manager take? What is acceptable and what is intolerable? These are the most difficult questions, whose answers seem to have remained elusive, at least in UNICEF.
There have been many calls on UNICEF to define its risk appetite or risk tolerance: when the first risk policy was conceived, in 2009; in almost every change-management-initiative that followed; and in the latest humanitarian review. But there cannot be one simple statement about the amount of risk that the organization is willing to take. It depends on what is at stake in any given situation – the opportunity missed or the possible damage.
To understand what we are up against, let us look at an example familiar to all of us: An office wishes to issue a major contract to a company providing a service or goods. Presently there are auditable rules prescribing how to issue invitations to bids, the role of the supply officer, how to make a selection, the terms of reference of a contract review committee, who is signing what, and the criteria by which a contract may be awarded. Painful.
Instead of setting rules and procedures and enforcing compliance, an accountability-based organization would briefly explain the risks that the award of such a contract may carry. For example:
• the possibility that not the best value-for-money is obtained
• the perception that a contract was given to a friend of the representative
• the successful bidder was wanted by Interpol for defrauding the United Nations
• the money to be paid to the company was meant for something else
• the specifications were unclear and nothing of value was delivered.
I bet that many UNICEF managers will clamp up more than the current volumes of rules and procedures demand. If, in an effort to become more agile, the organization shall tolerate a certain amount of suboptimal decisions, UNICEF will need to let you know its expectations on how you should decide. What it considers sound judgement, responsible behaviour and common sense.
This is easy for ‘zero tolerance’ statements – such as where staff lives might be endangered, or where sexual harassment is involved. It is more difficult if we want to allow nuances and a little risk-taking.
This is not going to be a revolution. One way to go for UNICEF is to spell out, for business processes that currently are encumbered with too many bureaucratic requirements:
1. the risks the transaction or decision may involve;
2. which steps in the business process are mandatory and which are optional;
3. UNICEF’s expectation on how a manager shall decide; what is considered sound judgement; and what the borderline situations are.
Good guidance is like the guardrails on a highway, that - on one side - prevent you from running into the oncoming traffic and - on the other side - falling down the abyss.
👉Every business process should describe the risks that the current process is trying to manage; guidance may distinguish between mandatory and optional controls; and set the boundaries and expectations on how decisions should be made
Comments
Post a Comment
If you are a member of XUNICEF, you can comment directly on a post. Or, send your comments to us at xunicef.news.views@gmail.com and we will publish them for you.