Have you ever come across an organization that wants to be “standards compliant” at any cost? Prefers using a large vendors inferior software over better open source software? Wants grand buzzword compliant architectures over simple software that works?
Large organizations tend to have a culture whereby people’s concept of “risk management” is not managing real risks, but rather second-guessing where future blame might be assigned.
Risk management in many organization should not really be called risk management, because no such thing actually occurs, it should be called “ass-cover management”.
It should be called ass-cover management because it is exactly what it is – actual success or failure doesn’t really matter that much, the main thing for employees in these organizations is to be in the clear once the inevitable process of blame assignment commences.
When the blame-storming starts, you don’t want to be the guy that signed off on a “non-standards compliant” solution, because as we all now, using “standards” ensures 100% likelihood of success all the time (or NOT). You need to be able to blame the vendor, who obviously wasn’t standards compliant enough, or the consultants who weren’t up to CMMI level 873 as they claimed during the lengthy procurement process.
It’s easy to blame project management in these situations, but often they are driven by fear – they cover their asses for a reason, as psychology dictates, the environment conditions the behaviour of people in it.
It takes a lot of backbone for someone to stand-up alone and call “Bullshit!” on this sort of organizational behaviour. But I don’t think there is any other way around it – people need to at least be eased into the understanding that their behaviour is counterproductive, that they are in effect not managing risk at all, they are only managing future blame.
Perhaps the most damaging aspect of ass-cover management is that it presupposes failure: if you are already managing the blame for future failure rather than real risks, you have already accepted failure as an outcome and likely doomed your project to that very result.
Having a higher success rate for projects might actually be as easy as realistically trying to achieve success, rather than being driven by an irrational fear of failure that becomes inevitable the minute you submit to it.
The question is, is your project doing risk management or ass-cover management?
July 9, 2009 at 8:17 am
Geeeeezzz – I thought that risk management meant identify the risks, classify them on probability and consequence, ending in action points that later you actually execute.
But this was another dimension: “ass-cover”. Got to love that!