Managing risk – trust versus transparency


I had a conversation with a public sector contact this week about the extent to which monitoring ceased to become useful and started to become intrusive and destructive. It introduced an interesting angle to the debate on the management of risk within a system of work

The thrust of our discussion centred around a business process that had historically been subject to quite a high level of scrutiny and audit. Right now the organisation concerned was thinking about easing back on the level of sampling for audit purposes in the hope that placing more trust in the abilities of the people would actually have a more positive effect – it would also deliver an added cost saving by reducing the surveillance and monitoring overhead

As a principle it was certainly worth a discussion. Over-scrutiny certainly can have negative consequences. It can impose an additional and unnecessary cost on the process, and it can get up the noses of people who, you’d hope, just wanted to get the job done free of continual interference. I could certainly see the argument

The obvious danger in this is that you get the balance wrong. Not many people would argue for a wholesale switch from a monitoring culture to using trust as the primary control mechanism. That would be very dangerous indeed. Stakeholders generally want to see some sort of hard data relating to process performance, transparency in other words. The trick is getting the level of monitoring right. That is, using just the right amount to give us the data and confidence we need. The problem is that not too many companies think things through carefully enough when they do this. Sampling levels can tend towards being arbitrary. They can be driven by how much resource the company has available (irrespective of things like levels of risk, past problems and the like). So in slack times they have time to do a lot of monitoring, so they do a lot, while in leaner times they have less resource, so they do less

I’ll keep in touch with my contact just to see what happens. I think they understand the general concept of needing to get the level right, and I’ll be really interested to hear just how they do it. Most of us get there by trial and error in my experience and, unpalatable as that sound to quality professionals, that may actually be the most effective technique

What’s the worst case scenario? Well, something terrible happens when the system of trust falls over and when the organisation is held to account for the failure, the only defence is “we decided that the best method of control was simply to trust people to do the right thing”. I’m not sure how well that would stand up.

This entry was posted in Auditing and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *