Most CIOs and IT managers are used to dealing with ‘issues’. But what about those bigger public or semi-public issues that have the potential to impact the whole organisation? Media headlines over recent years show that IT or computer problems have generated a fair amount of negativity around some high profile organisations. Ask any group of managers to brainstorm the issues or potential issues facing their organisation and it will most often result in a pretty long list — typically a mixture of management and operational problems, personnel and technical issues and potential crises.
Issues are not just day-to-day problems. They are adverse trends or events — usually at least partly outside the organisation — which, if they continue, could cause significant harm to the organisation, its reputation or ability to do business.
However, identifying issues is not usually difficult. There is a wealth of sources for potential issues, and most of them are fairly obvious. These include internal audits, external conferences, trade literature, regulatory newsletters, trade associations, surveys of employees, customers and other stakeholders, and of course information from your own business or operating unit managers.
Closely monitoring the news media is one of the simplest yet often most neglected sources for identifying current or future issues. As the American issue management practitioner George McGrath once famously quipped: “For most organisations key issues will be found from reading headlines rather than tea leaves.”
One of the main reasons for managing issues is to take early action and reduce the risk of them developing into a crisis. Experts who study crises know that after almost every crisis it is just about inevitable someone in the organisation will say: “I knew about that.” Sometimes they add: “But no-one would listen to me.”
The real challenge, then, is not simply identifying a list of issues, but recognising each risk and communicating it upward for management to make informed and rational decisions about what is vitally important and needs to be addressed.
The sad reality is that even when issue identification and reporting is working well, managers often don’t know how to decide priorities. It sometimes comes down to who has the loudest voice, what seems most urgent, what’s been in the news recently or is the fashionable topic of the day, or what the boss thinks is important. Other times the management group will ‘vote’ on priorities without any real way of making sure they fully understand the issues and are comparing them equally.
What is needed is a simple and effective method to prioritise issues, ensuring each is properly characterised in an objective way and that the process accurately compares apples with apples.
One common prioritisation model is the simple two-dimensional probability/impact matrix — how likely or how soon could it happen, and how badly would it impact us if it did. On the face of it that seems pretty logical, but it pays no attention to other factors. If probability and impact were the only criteria, most issues would have the same priority in every organisation. But, of course, they don’t.
If an issue which is a high priority for one organisation is a low priority for another, the differentiating factor is most likely the organisation itself. As such, an effective prioritisation process must assess the issue as well as the organisation and environment in which it operates. For example, not just how susceptible the issue is to influence, but whether the organisation has the resources and/or willingness to exercise that influence.
This can only be achieved with a formal process, even though the process itself is simple and can be done quickly and efficiently (see 10 reasons you need a formal prioritisation process on the next page).
The most common approach is a checksheet for each issue which assigns numerical values against relevant criteria. An ‘issue outcomes’ worksheet, for example, is tailored to each organisation and assesses six weighted criteria: Impact; salience/legitimacy; visibility; proximity/timing; affectability; and profile. These criteria may not all be familiar, but the worksheet provides descriptions.
IMPACT: Assesses the potential magnitude of an issue for the organisation if it is is left unmanaged, including impact on reputation, financial impact, operational impact, regulatory impact and legal impact.
SALIENCE/LEGITIMACY: Assesses how widely in society the issue is regarded as a concern. Is it a mainstream worry or only in the opinion of a vocal minority? And what is the chance of it spreading to other important stakeholders?
VISIBILITY: Assesses extent of coverage in the news media. Not just how often it gets mentioned, but in which media. Is the coverage about the issue in general, or is your organisation specifically named and linked to it?
PROXIMITY/TIMING: Assesses when an issue is likely to reach maximum impact. Is it most likely to demand investment and resources this month, this year or in five years?
AFFECTABILITY: Assesses the organisation’s capacity to influence an issue. It might be happening soon and have a high potential impact, but sometimes it might have such momentum that nothing the organisation does will make a difference.
PROFILE: Assesses the willingness of the organisation to be proactively identified with an issue. Sometimes an organisation wants to help manage an issue, but is not willing to expose its name or brand. In these cases, alliances or third parties may be a preferred option.
Using these criteria on a worksheet and assigning numerical values against different scenarios provides a formal and objective way to prioritise a long list of potential issues and decide which ones to address.
However, it is critical to remember that effective prioritisation is not an abstract exercise. It determines how an organisation’s money, management time and other resources are going to be committed. Even more importantly, it may determine whether the organisation and its reputation will be put at risk of a crisis, or worse.
Dr Tony Jaques is the managing director of Issue Outcomes. He specialises in auditing corporate issue and crisis processes and helping organisations identify and prioritise potential crises. Contact him at firstname.lastname@example.org.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.