I A Nicer Mr (anag.)

RACI in ERMI had the rug pulled from under me in a recent workshop – by a Chief Risk Officer. In full flow, and in front of the CRO and his leadership team, I was explaining how we could thread risk management and controls into the operational fabric of the organization by embedding RACI within the core business processes.

“Stop!” said the CRO. “We don’t want RACI. No-one understands it”. He paused. “I don’t!”.

There was a moment’s silence as the room took in what the corporate director for risk management for this global business had just said.

He looked at me, standing at the whiteboard: “Go on then… What’s the difference between Responsible and Accountable?”.

And of course, at this point, as the room turned for my fluent and authoritative response, it all went squidgy. I blathered something plausible, which he rightly pounced on: “See! And we’re supposed to be the experts. What hope is there for everyone else?”.

It was an eye-opening moment. I’d always assumed – no-one I’d ever met had questioned it – that RACI was universally understood and useful.

I’ve come to see though that he’s right, or at least on to something important.

For a start, there’s no single definition of RACI. Wikipedia lists two competing RACI definitions – that’s aside from the traditional definition of Responsible-Accountable-Consulted-Informed – as well as a long list of similar responsibility assignment matrices (RASCI, RASI, PASCI, CAIRO and others).

Friends too confirm the confusion that they’ve seen. One – ex Big 4, now a Finance Transformation director – argued that most people find RACI confusing:

“It’s almost always isolated from everything else as well, so it becomes a theoretical exercise instead of a project driver. I doubt whether many RACIs are ever updated after the first approved version.”

As it happens, my tormentor CRO did agree in the end to adopt RACI embedded within the core business processes – but against a promise that it would deployed in a way that provided easy clarification for users at the point-of-use.

Which seems to me to be the happy ending. Good governance demands clarity. The widely-adopted COSO framework for risk management, for example, stresses that it is vital at all levels of an organization, and highlights embedding in operational reality as one of its seven keys to success in risk management:

“A key to success is linking or embedding the Enterprise Risk Management (ERM) process into the core business processes and structures of the organization.”

My take-away is that RACI, or some variant of it, may be incredibly useful in making clear roles and responsibilities, especially when it’s live because it’s embedded within a common enterprise-wide process management platform. But I’ll never again assume that it’s understood. It always has to be explained – simply and at the point of use.

Related Posts

08 Sep 2014   When Does A Tool Become A Platform?

24 Sep 2013   The Business Management System App

PS it’s an anagram of ‘RACI in ERM’. I’m slowing learning how to do the Times crossword 🙂

Big Data, Advanced Analytics and Black Swans

black swanCan advanced analytics be as much a threat as an opportunity? It seems quite plausible: it’s complicated.  The near wipe-out of a leading Wall Street brokerage in just two hours demonstrated how complexity can be financially catastrophic, to take just one example.

McKinsey’s latest advice to organizations investing in advanced analytics highlights the value of simplicity, which enables the business stakeholders to be engaged:

“Two guiding principles can help. First, business users should be involved in the model-building process; they must understand the analytics and ensure that the model yields actionable results. Second, the modeling approach should aim for the least complex model that will deliver the needed insights.”

McKinsey quotes a case where the complexity of a model prevented the business users from spotting its flaws, and so correcting its grossly misleading conclusions. It took the creation of a new simplified model by different authors to realise the mistakes that were being made. I suspect that many of us know of similar instances.

Looking at how companies can turn valid data-driven insights into effective action on the front line, McKinsey notes how user engagement becomes crucial:

“Companies must define new processes in a way that managers and frontline workers can readily understand and adopt.”

I’m not a big data and analytics skeptic.  When data-and-analytics is done well, it has huge potential, especially perhaps for consumer-facing organizations.  But it seems to me that there’s an essential enabling infrastructure that’s required to ensure that fast-paced data-driven agility is managed safely and sustainably.

It’s an infrastructure characterized in three ways:

it’s process-based and leverages the power of visualization and personalization to simplify and engage

it provides 360 degree visibility; joined-up and comprehensive perspectives where roles and responsibilities, linkages and dependencies are always readily apparent

it enables a rich and effective collaboration across silos, within a unified and robust governance framework.

It adds up to an enterprise process management platform.  And it’s an approach that was reinforced, looking at this from a different angle, by a Deloitte webinar this week on the new COSO 2013 Enterprise Risk Management Framework.  Deloitte’s key messages to senior stakeholders included the need to adopt holistic perspectives, to ensure traceable connectivity between policies and everyday practice, and to ensure ongoing engagement with control owners across the enterprise.

Related Posts

02 Apr 2013   A Simplification Bandwagon Begins To Roll

26 Mar 2013   A Litmus Test For Process Craft