Principle 1: Quality vs Risk

A basic conflict that arises again and again is that between quality and risk. It does not often show up in quite that form, though. Often it takes the form of a manager wanting to ignore some kind of established practice – a procedure, a standard, or whatever – in favour of anything from a well thought-through alternative to the gung-ho ‘Just Do It!’ sloganeering that has served Nike’s marketing department very well but is otherwise all but designed to cause you to screw up royally.

And I have lost count of the number of manager’s who heroically declared that they were willing to ‘take the risk’ of proceeding without the right review, with half a dozen fatal flaws outstanding, and so on. As if it were they that was taking the risk at all! Surely it is their employer who is taking the risk – after all it’s not likely that the manager will have to cough up for the mistakes they make.

But there is an important principle here. There is a real issue that, because most of us work in environments we don’t really understand, there is a marked tendency for work to drift to one of two extremes. Either rules are followed slavishly or they are simply disregarded. The latter is especially common where there are no mechanisms for actually tracking and enforcing compliance with the rules – which seems to be the norm for most organisations, outside truly hallowed ground such as filling in timesheets. In both cases –and in most of the intermediate cases, such as simply pretending to comply – is a huge amount of squandered effort. It serves no one, and we all hate and despise it.

So what is the underlying principle that allows us to extricate ourselves from this dilemma? It is simply to acknowledge that quality (and with it all those tiresome policies, rules, standards and procedures) exist solely for the sake of risk management. If a standard exists it is because it cannot be assumed that achieving that standard will happen as a matter of course. Conversely, if I can demonstrate that the risk a management control is designed to control either does not exist in my case or is better managed by other means, exactly why should I comply? If the keepers of your rules – the quality department, the accountants, and so on – cannot tell you the answer, then they aren’t doing their job.

An example may explain this better. Some years ago I was involved in a handful of EU quality management projects in Poland. This was just after the fall of the Soviet Union so the place was in a pretty bad state – so much so that I was warned that the local electricity supply was so flaky that it would damage my laptop. At the same time I was warned to take my own loo roll, because toilet paper was such a precious commodity that it was invariably stolen from offices. Neither of these are issues I would expect to have to deal with in a project in western Europe, North American or on most of the Pacific rim. But if I was to assure the ‘quality’ of my work to Poland in the early 90s, then the rule was simple – no laptop but lots of loo roll.

On the other hand, by the time I had (regretfully) stopped working in Poland, neither was a problem any more. So this particular quality management procedure was now obsolete. But in how many companies, I wonder, would it have continued to be enforced for years afterwards?

So, a question. Can you actually say you know what risk each of your management controls is designed to control? Do you really know? And if an exemption is asked for, is the answer ‘Certainly – if you can explain how your proposed alternative will manage this risk better than the standard approach’?

If the answer to any of these questions is No, then you don’t have a management system. You have a bureaucracy, in the worst sense of the word.

And how many of them have long since ceased to solve any significant problem? Many years ago I worked for a major global consultancy. Part of my job was to manage the engagement reviews conducted by partners on one another. After building the basic administrative database, I started to look at the checklist the reviews were expected to complete. They had lots of strong points, but also quite a few of major defects.

1. One was that there were four different checklists, even though they did not seem to serve different purposes. But no one ever complained.
2. A second was that many of the question were simply repeated – in one case the same question was asked three times. But again, no one ever complained.
3. Finally, it soon became clear that the answer to quite a few of the questions was always Yes. The checklists were worded in such a way that the ‘right’ answer was always Yes, so what this told me was that we were constantly harking on about things that simply weren’t problems.

So I revised them very thoroughly. In fact I got 7 pages of questionnaire down to 1½ pages and one diagram. And no one complained about that either. Because the result was perfect? No, because they didn’t know what the new version was for either – they just did as they were told. And this was, as I say, a vast global consultancy whose principal service is being more clever than other people. But not as clever as all that, it would seem.