I had the rug pulled from under me in a recent workshop – by a Chief Risk Officer. In full flow, and in front of the CRO and his leadership team, I was explaining how we could thread risk management and controls into the operational fabric of the organization by embedding RACI within the core business processes.
“Stop!” said the CRO. “We don’t want RACI. No-one understands it”. He paused. “I don’t!”.
There was a moment’s silence as the room took in what the corporate director for risk management for this global business had just said.
He looked at me, standing at the whiteboard: “Go on then… What’s the difference between Responsible and Accountable?”.
And of course, at this point, as the room turned for my fluent and authoritative response, it all went squidgy. I blathered something plausible, which he rightly pounced on: “See! And we’re supposed to be the experts. What hope is there for everyone else?”.
It was an eye-opening moment. I’d always assumed – no-one I’d ever met had questioned it – that RACI was universally understood and useful.
I’ve come to see though that he’s right, or at least on to something important.
For a start, there’s no single definition of RACI. Wikipedia lists two competing RACI definitions – that’s aside from the traditional definition of Responsible-Accountable-Consulted-Informed – as well as a long list of similar responsibility assignment matrices (RASCI, RASI, PASCI, CAIRO and others).
Friends too confirm the confusion that they’ve seen. One – ex Big 4, now a Finance Transformation director – argued that most people find RACI confusing:
“It’s almost always isolated from everything else as well, so it becomes a theoretical exercise instead of a project driver. I doubt whether many RACIs are ever updated after the first approved version.”
As it happens, my tormentor CRO did agree in the end to adopt RACI embedded within the core business processes – but against a promise that it would deployed in a way that provided easy clarification for users at the point-of-use.
Which seems to me to be the happy ending. Good governance demands clarity. The widely-adopted COSO framework for risk management, for example, stresses that it is vital at all levels of an organization, and highlights embedding in operational reality as one of its seven keys to success in risk management:
“A key to success is linking or embedding the Enterprise Risk Management (ERM) process into the core business processes and structures of the organization.”
My take-away is that RACI, or some variant of it, may be incredibly useful in making clear roles and responsibilities, especially when it’s live because it’s embedded within a common enterprise-wide process management platform. But I’ll never again assume that it’s understood. It always has to be explained – simply and at the point of use.
08 Sep 2014 When Does A Tool Become A Platform?
24 Sep 2013 The Business Management System App
PS it’s an anagram of ‘RACI in ERM’. I’m slowing learning how to do the Times crossword 🙂