When you hear the word, “risk,” what comes to mind? Tom Cruise dancing in his tighty whities in
Risky Business? The latest discussion about bitcoin from any number of financial pundits? The odds given in the breaking news weather report on whether a tropical storm will hit land? I can’t be positive, but I’m pretty sure that none of these scenarios are what the Baldrige Performance Excellence Program (BPEP) had in mind in the latest revision of the Baldrige Excellence Framework.
Risk Management
Each revision of the framework has updates with either new concepts or an increased emphasis on concepts from earlier versions. Among the new Areas to Address in the 2023-2024 Baldrige Excellence Framework is 6.2c(3), Risk Management. It asks organizations to address risks in multiple areas, including:
Legal and regulatory compliance
Products and/or services
Workforce
Finances
Technology
Supply network, as appropriate, and
Operations
Although in typical non-prescriptive fashion, the latest criteria offers no methodology or tools for dealing with this issue. So, what’s a poor applicant to do with this new Area to Address? I think there’s a terrific tool that can serve as the foundation for identifying potential risks – a PEST analysis. PEST stands for political, economic, societal, and technological factors. I think that I can find a home for each of the areas listed above to be incorporated into one or more of these four dimensions.
Risk as a Cultural Consideration
Now, the PEST analysis is a good tool for starting on the journey for risk management, but it isn’t sufficient. It can’t identify the “risk appetite” that an organization and its culture has. It can’t identify the risk “tolerance” that its customers, partners, collaborators, suppliers, and other stakeholders have. It also can’t determine whether the availability of resources exist to weather a storm should any number of risks actually come about. Once again, a seemingly simple question begs for senior leaders to have critical discussions on how to address it in their organizations.
Risk as an Integration Factor
The more I looked for “clues” as to how to respond to this new Area to Address, the more I found “risk” embedded in other parts of the Criteria. It shows up in multiple places on pages iv and v, where emphasized concepts are explained in more detail. In some instances, the reference is explicit, while in other cases risk is an implicit concept, such as “Competitive Position,” “Competitiveness Changes,” and “Strategic Context,” all part of P.2a, “Competitive Environment.” Senior Leaders are to consider risk when “creating an environment for success now and in the future.” (1.1c(1)) As described in 1.2a(1), an accompanying note, and in the Glossary, the Governance System has the responsibility for considering and approving “appropriate levels of risk for the organization.”
Obviously, the strategy development process includes the consideration of risks as well as the determination of which might be “intelligent risks” that rise to the level of strategic opportunities.
Results for the management of risk may be reported under Item 7.4, Leadership and Governance Results, where they are specifically cited. However, there’s a chance that related results could show up in 7.5b, Strategy Implementation and Innovation Results.
Risk Management in Practice and in an Application
If you’re on the performance excellence journey, you’ve probably been practicing risk management, but once again the Baldrige Excellence Framework gives us a reason to be more intentional. Some previous Baldrige Award recipients already have described their approaches to risk management since they consider it a key work process. You might look at the application summaries for AARP, Elevations Credit Union, and PricewaterhouseCoopers Public Sector (now Guidehouse) for their descriptions of risk management.
