The Danger of Safety

Risk management may be the “great divide” that separates styles of innovation management and, for that matter, styles of management in general. Indeed, it’s often the risk management part of the corporate playbook that separates true innovation results from mere activity and, ultimately, success from failure. But agreeing on what should be in the playbook –and how it should be executed on the playing field is where managers in many corporations come to grief with their new product development functions, not to mention with each other, and it’s where consultants like me are often called in to referee the play.
It’s amazing to me to see just how emotionally charged the term “risk management” is.

When I speak around the country, and I proclaim the most dangerous thing that a company can do is focus on risk, the response I get is shocking. There’s a warm, comfortable feel to risk management in corporations today, and that comfort is a manifestation of years of adding layers and layers of risk management – with the erroneous idea that managing risks – reduce risks!

Now before I go on to slam all things “risk,” I would like to offer something of a disclaimer. Risk management does have its place in innovation management and product development. Certainly we want to validate the functionality of a device, to run it through a “fault tree” analysis to make certain it meets design requirements. We want to control the risk that a product or device would injure someone. Indeed, we need to create a series of tests to validate the design is safe and sufficient to deliver expected performance.

There is, of course, a wide range of risk management tools that, I hate to admit, actually help. The problem is that “risk rules the day.” It is ingrained in corporate culture. Corporations manage facilities. They manage people. They manage money. They love Excel spreadsheets. They love to create controls around all aspects of their business. But all that said innovation is an elusive and unruly beast that can’t be controlled within the captivity of conventional risk management systems.

There’s no question that product development risk management works. It provides a way to ensure a product actually delivers its design requirements to a customer. So I can’t really be critical of product development risk management. The problem is risk management itself has become a holistic system within innovation and new product development functions of many of the largest corporations in America, and probably the world.

So how well is it working? According to the oft-quoted Deloitte & Touche study, 95 percent of new products fail. Virtually every one of those failures occurred at larger companies that had highly developed, layered risk management systems. The best way to manage risk is to understand – fully understand – what your customers’ needs and values are.
What I see instead are companies becoming slaves to their own internal development requirements. What surprises me is how little focus is given to the outside world and the “end user” as part of a real risk management system.