Essay Writing Service http://StudyHub.vip/A-Process-Based-Approach-To-Business-Ri 👈

1. Knowledge and Process Management Volume 5 Number 4 pp 216–229 (1998)
" Case Study
A Process-Based Approach to Business Risk
Analysis: The Royal Navy Experience
Marcus Blosch* and Jiju Antony
Portsmouth Business School, University of Portsmouth, UK
Risk analysis approaches have long been used in the context of financial or engineering problems, but to date
has little impact on more general business-related problems. This paper is a result of a two-year research project
commissioned by the UK’s Royal Navy’s Naval Manning Agency, with particular reference to risk analysis
within the manpower planning system. The paper develops a general approach to risk analysis more suited to
business problems and presents the results generated by the research project. Copyright ? 1998 John Wiley
& Sons Ltd and Cornwallis Emmanuel Ltd.
INTRODUCTION
The concept of risk analysis is now widely known and
accepted within finance (Thomas, 1993), engineering and
particularly project management (Williams, 1995). To date,
the concept has not migrated into the area of wider business
problems and the reasons for this are twofold. First, the
approaches taken are context-specific, being rooted in the
definitions and practices of their native discipline, and
second, they are for the most part highly quantitative. In
many areas where ‘risk’ is introduced the influencing factors
are often of a qualitative nature and, as a result managers
have tended to deal with risk as part of their ‘feel’ for the
business and their expertise as managers.
As businesses become more complex and change more
rapid this ‘gut feel’ approach to risk management may no
longer be adequate. Risk analysis aims to assist the manager
in identifying sources of risk, understand how these risks
may affect the business and facilitate a strategy to manage
them. The approach needs to be sensitive to the operating
context of the business and be able to blend quantitative
and qualitative approaches. Developing such an approach to
risk has other potential benefits. It can facilitate a greater
understanding of the business itself, highlight areas where
management intervention is most required and provide
the basis for the development of supporting models or
information systems.
The first part of the paper delineates the concept of risk
analysis as related to business contexts and develops the
framework used. The second part details the results of the
research project using the framework.
BUSINESS RISK FRAMEWORK
Though most people are familiar with the word ‘risk’, the
word itself can be ambiguous. It is important therefore to
establish a common definition at the outset. The concept of
risk contains essentially three components:
- An unwanted event
- The event’s impact
- Probability of the event occurring
The purpose of risk analysis is therefore to identify the
potential sources of risk, estimate the impact of these risks
and finally to manage them, that is, risk identification, risk
analysis and risk management (Ansell and Wharton, 1993).
This is in accord with Recher’s (1983) principles of maxi-
mizing expected value, avoiding catastrophe and ignoring
remote possibilities. The extent to which risks are identified
must accord with the ‘unwanted event’ to which they
are related. If, for example, this is an nuclear reactor
safety protection system small and remote risks must be
considered.
Marcus Blosch’s current research interests are in the area of information
technology within organizations, particularly related to its role in structur-
ing organizational knowledge. Jiju Antony is currently involved in research
in the area of experimental design and its industrial applications.
*Correspondence to: Dr Marcus Blosch, Technology and Organizations
Research Group, Portsmouth Business School, University of Portsmouth,
Locksway Road, Portsmouth PO4 8JF, UK. E-mail: mblosch@lhr-
sys.dhl.com
CCC 1092-4604/98/040216-14$17.50
Copyright ? 1998 John Wiley & Sons Ltd and Cornwallis Emmanuel Ltd.

2. There are three stages to risk analysis: first, identification,
which aims to discern the risks; second, ranking, which aims
to quantify the risk; and finally, management, which aims
to eliminate, reduce or provide mechanisms for managing
risks. The approach used in this research project can be
summarized in Figure 1.
There are three main sources of risk: first, the wider
environment within which the organization sits; second, the
political backdrop within the organization; and finally, the
risk inherent within the processes. The model used here
attempts to capture these. In the case study detailed below
a ‘PEST’ analysis was used to study the wider environ-
mental factors, ‘stakeholder’ analysis to measure the political
risks and process maps to identify risks inherent in the
processes. Brainstorming is used as an individual exercise
within each of the separate activities, and, in effect, the
risk-identification stage is a structured brainstorm.
STAGE 1—RISK IDENTIFICATION
Within any organization there may be a large number of
‘unwanted events’ that may affect key outputs, from varia-
tions in currency prices to late delivery by supplies. These
risks need to be collected and collated in a systematic way
in order to facilitate analysis and management. The first
stage is to define the exact nature of the risk of interest, for
example in the case of a project this may be cost overrun,
late delivery, etc. The risks identified must bear a relation to
the area under study.
In order to successfully identify risks it is necessary to
gather ‘experts’ from across the organization and apply a
Delphi-type approach. It is suggested that a workshop is
usually the best way of doing this, and, in general,
preparation for the workshop is limited to the production of
the process maps for the area.
Process modelling
Process modelling is the central technique for risk identifi-
cation, and forms the organizing principle of the analysis.
The process map has three main functions in risk analysis.
First, it facilitates risk identification by providing a complete
picture of a process which may span a single individual’s
responsibility or knowledge. Second, it develops a view of
risk down to a very low level. Finally, it encourages an
understanding of the impact of a risk element by showing
the downstream activities which it will affect. When identi-
fying and quantifying risk the process map is a constant
referent.
Process modelling has been widely used in Business
Process Engineering (BPR) as a basis for reorganization
(Hammer and Champy, 1993; Davenport, 1990). At this
stage, however, the focus is not on the use of these
processes as a driver for change but rather as a mechanism
for understanding the complex nature of the business
(though process reengineering may form a part of risk
management, discussed later).
As many of these processes involve different groups and
individuals from across the organization it is important to
involve them in the process-modelling stage, drawing on
managers’ own knowledge to create a model that is an
accurate representation of the underlying business process.
It is possible then to use these process models in order to
identify risk. Key sources of risk within processes may come
from:
- The individual activities carried out at each stage of the
process
- The ‘knock on’ effects of individual activities to those
subsequent to it
- At intersections in boundaries, for example where the
process crosses departments
- From subprocesses that feed into the processes
- From supporting processes, such as information
feedback/forward
- From key groups or individuals within or influencing the
processes.
If this covers many business areas then it is possible to use
a process hierarchy in order to make the individual maps
more manageable. The process maps may then be drawn for
each of the ‘levels’ in the hierarchy. For example, in the case
of a information systems project this may be as shown in
Figure 2.
Figure 1 The risk analysis approach
CASE STUDY
Knowledge and Process Management
A Process-Based Approach to Business Risk Analysis 217

3. Process maps are a pictorial representation of the action
perspective and can be defined as an end-to-end sequence of
activities carried out in order to fulfil a specific goal. There
are a number of drawing standards in use, such as the IDEF
standards (http:// www/idef/com). However, it was decided
early in this research project that in order to facilitate
understanding by non-specialists a simple flowcharting
approach would be used. Since a primary aim of process
modelling is the reduction of a complex system into a
simplified representation it is advised that the number be
kept to a minimum. In this project only four symbols were
used as in Figure 3.
The process map is laid out with a nominal flow of
activities and decisions from left to right as shown in Figure
4. ‘Roles’ are included to provide additional information and
can be defined as a logical grouping of activities and, as the
process map is an activity diagram, are defined as verbs
rather than nouns. In some cases, however, it is possible to
use roles to designate particular groups, such as depart-
ments within an organization. An element of judgement is
required in breaking down each process into a series of
activities. A useful definition of activity is that it is normally
done by one person in one place at one time. What is
important is that each activity should be at a sufficiently low
level to provide enough detail to the process, and this may
require a little trial and error on the part of the modeller.
Individual risks can be identified for each activity, in
terms of both the activity itself and its influence on other
activities or the process, and built up until a complete risk
picture of the process is available. It is often of use to revisit
the PEST and stakeholder analysis at the final brainstorming
stage to understand how these risks relate to the process
and identify, if appropriate, any further risks. This may be
done in the final brainstorming session.
‘PEST’ analysis
The aim of this part of the analysis is to gain an understand-
ing of the risks that may be introduced from the organiz-
ations’ wider environment. One familiar technique is
Political, Economic, Social and Technological (PEST) analy-
sis (Harrison, 1994). Under each of the four categories risks
may be identified which may afffect the area of the
organization under study. Naturally, the outcome of the
analysis depends greatly on the organization and the risk
under study. Examples of such risks area are shown in
Table 1.
The PEST analysis provides the backdrop to the
organization which in itself may be a considerable source of
risk. Indeed, one of the interesting insights of the organic
metaphor of organizations is that both individual organiz-
ations and entire markets may become ‘extinct’ due to
changes in their environments, (Morgan, 1987).
Figure 2 Example process hierarchy
Figure 3 Process map symbols
Knowledge and Process Management
CASE STUDY
218 M. Blosch and J. Antony

4. Stakeholder analysis
It would be oversimplistic to develop a view of an
organization without considering its political landscape.
Individuals or groups exercise considerable power over the
organization’s rules and resources (Giddens, 1984), and thus
potentially may introduce risk into the area under study. A
primary effect of organizational structure is the distribution
of resources, the control of which forms a basis for power
such as material and money as well as knowledge and
influence (power) (Pfeffer and Salancik, 1974; Pfeffer 1981).
Manoeuvring for access and control of resources is one
form of organizational power.
Mintzberg’s (1983) perspective on organizational power
is ‘to understand the basic elements of that game called
organizational power—specifically who are the players, or
influencers, what are the means or systems of influence they use
to gain power, and what are the goals and goal systems that
result from their efforts; then to draw these elements
together to describe the basic ‘‘configurations’’ of organiz-
ational power’ (p. 3). According to Mintzberg, power is ‘the
capacity to effect (or affect) organizational outcomes’ (p. 4).
Figure 4 Example process map
Table 1 An example of PEST risk factors
Political Economic
- Loss of political support - Recession
- Legislation against products or services - Change in market structure
- Regulation - New market entrants
Social Technical
- Demographic change - New technologies
- Change in attitudes - Increased complexity
- Change in educational standards - Increased R&D costs/lead times
CASE STUDY
Knowledge and Process Management
A Process-Based Approach to Business Risk Analysis 219

5. Therefore the individuals or groups surrounding the
organization play a key role, in both introducing and
mediating risk (see Figure 5).
In accordance with Mintzberg’s functionalist approach to
organizational structure, the type and degree of influence is
dependent on the individual or groups locating within that
structure. As Figure 5 indicates, Mintzberg is careful to
locate the organization within its wider environment. Stake-
holder analysis, as used in this context, aims to understand
the nature of the risks that these groups may introduce into
the area under study.
Mintzberg’s framework is used here to highlight the fact
that there are many influential groups both within and
surrounding an organization. In the risk analysis it is not
necessary to use his categories exactly but ensure that all
relevant groups are identified. Examples of risk introduced
by the various stakeholders are as follows:
- Suppliers may be late in providing inputs to a process, or
components with variable quality.
- Employee associations may be resistant to change or
impose restrictive working practices.
- An IT department may be slow at providing support in
the case of system failure.
- Business analysts models of the organization’s markets
may be inaccurate.
The exact nature of the stakeholder groups and the risks
they introduce into the area under study will vary from one
organization to another.
Brainstorming
Brainstorming in this context refers to free thinking which
aims to use the creative faculties of the brain to identify risk.
As a technique brainstorming is used within all the more
formal methods of the risk-identification stage, and also by
itself at the end of the stage. The maxim is that no idea, or
in this case risk, is too ridiculous and all will be included as
raw input to the analysis. This provides a richness to the
analysis, and may also highlight risks that are not ‘expected’
but which could have disastrous consequences which may,
as a result, need to be managed. It is the quality of the risk
assessment that is important, so a large number of identified
risks is advantageous.
STAGE 2–RISK RANKING
The first stage is to relate the risks identified to the
process models. This facilitates a clearer understanding of
each risk, and how it may influence the underlying
process. At this stage the impact of each risk and its
probability are of interest and a qualitative ranking
approach is taken, once again using the experience and
knowledge of managers within the area. It is suggested
that considerable care be taken as research has shown that
managers have many problems in estimating prob-
abilities, so numeric measures may not always be practical
(Kahneman, Slovic and Tversky, 1986). In order to rank
Figure 5 The cast of players (Mintzberg 1983, p. 29)
Knowledge and Process Management
CASE STUDY
220 M. Blosch and J. Antony

6. the risks Table 2 was constructed using the following
headings:
- Process. The particular process under consideration.
- Activity. Refers to the particular activity of the process
under consideration.
- Risk. Details the risk identified and associated with this
particular activity.
- Causes. This aims first to further understanding of the
risk under considerations.
- Effects. This is a description of the impacts of this
particular risk. This description aims to facilitate weight-
ing.
- Impact. The severity of the risk impact, as described in
the previous column. Two approaches may be taken at
this point. The first is to allocate number for severity on
a scale of 1 to 10 but the graduations of this scale may
be difficult to assess. As second approach is to use a
high/medium or low classification.
- Probability. Probability of the risk event occurring.
Relates to the Causes column, and as with the Severity
column the first approach is to rate the event with a
probability of between 0 and 1, or once again with the
high/medium or low classification.
- Weighting. The multiplication of the Severity and
Probability columns. In the case where the high/medium
or low classification has been used the weighting is, for
example, high/high or high/low, etc. Risks can still be
ranked on this basis.
Once the ranking is complete it is possible to develop a
risk-ranking table which collates the risks, as shown in Table
3. Those risks with a high impact and high probability are
the ones which should attract management’s attention. The
attitude of an organization to risk depends upon its business
area, for example in the case of a nuclear power station a
great deal of interest will be shown towards high impact/
low probability risks, whereas in many other organizations
this will not be considered appropriate. Management will
therefore need to decide on the degree of their risk-aversion
before the management stage.
Once the risk-ranking exercise is complete it is possible
to move on to the management of risk component. How-
ever, further analysis is often required on the key risks
identified. One particularly important point is that up to this
stage risks and their impacts will have been identified, but
not the interactions between risks. In order to do so
computer-based simulation and statistical techniques are
often used (Rubenstien, 1981; Kalos, 1986). This should
then provide detailed analysis of the risks, their mutual
effects and impacts on the overall process. For most
purposes the approach detailed here is often sufficient.
STAGE 3—RISK MANAGEMENT
Once risks have been identified, ranked and assessed it is
possible to manage them. There are a number of ways this
may be done:
- Process Reengineering. In this case processes are
reorganized so that factors introducing risk, such as
when a process crosses a departmental boundary, are
either eliminated or better managed.
- The development of management information and/or
supporting IT systems so that risk can be effectively
monitored.
- By making individuals or groups aware of the nature of
the risks and tasking them to manage them.
- By developing recovery procedures to be utilized in the
case of a particular risk arising.
In addition it is important to maintain a culture of risk
assessment, that is to encourage managers to see how risks
Table 2 The risk ranking table
Process Activity Risk Causes Effects Impact Probability Weighting
Table 3 The risk ranking table
High risk
High
Low
Impact
Low
High
Probability
CASE STUDY
Knowledge and Process Management
A Process-Based Approach to Business Risk Analysis 221

7. may affect a process, and to be constantly aware of new
risks. In addition, it is of value to repeat the risk analysis
exercise at regular intervals. For most organizations this
may be done as part of the normal planning cycle.
RISK ANALYSIS OF ROYAL NAVY MANPOWER
PLANNING
The purpose of this section is first to provide background
information to build a fuller understanding of the issues
involved within Naval Manpower Planning. For the sake of
clarity many detailed technical abbreviations have been
omitted and explanations of the issues involved have been
made more accessible.
Background
A key component of recent government policies has
been the changes initiated in the ways in which public
administration has been conducted, and a particular aim has
been to foster economy, efficiency and effectiveness. This
has been carried out in a series of initiatives, each with its
own title but all centred on common aim, that of improving
government businesses that were seen as lacking the
commercial imperative to meet tight financial and product
quality standards.
A central component in this initiative was the formation
of agencies. By early 1997, some 99 agencies had been
formed from areas as diverse as the Prisons Service to the
Royal Mint. On 1 July 1996, the Director General Naval
Manning’s organization became a Next Steps Defence
Agency known as the Naval Manning Agency (NMA). The
NMA employs some 290 personnel and has an operating
budget of around £10 million. It provides a centralized
personnel administration function for all elements of the
Naval Service; that is the Royal Navy, Royal Marines,
Queen Alexandra’s Royal Naval Nursing Service, Naval
Personnel Families’ Service and all Reserves. Among its
responsibilities, the NMA plans the future manpower size
and structure required to meet the operational needs of the
fleet, advises its owner on targets for additions to the
trained strength, plans the career progression of naval
personnel, administers redundancy programmes when
required, selects suitable personnel for promotion and career
courses and finally, and of most immediate importance,
appoints/drafts personnel to meet the needs of the fleet (see
Figure 6).
The aim of the NMA is to ‘ensure that sufficient manpower
is available on the trained strength and effectively deployed in
peace, crisis, major crisis or war’. To meet this aim, the NMA
has the following strategic objectives:
- Accurate manpower planning
- Effective deployment of manpower
- Career management
- Advice to ministers, parliament and public.
The first two of these objectives could be described as
paramount in an operational sense, that is, to ensure that the
Royal Navy comprises the right mix of specializations and
grades to perform the myriad operational and support tasks
required and then ensure that these people are where they
are needed and not elsewhere. Accurate planning considers
the evolving manpower requirements of the Royal Navy,
matches these to known and projected wasted rates and
provides targets for promotion, career courses and additions
to the trained strength. Deployment aims to provide
suitably skilled and experienced manpower to individual
billets, jobs, reducing unfilled billets and surpluses to a
minimum and being reactive to changes in customer
demand for manpower. The NMA aims to optimize the
career development of the individual commensurate with
his or her aspirations and abilities. Advice forms the
component of accountability required of the agency.
Figure 6 Structure of the Naval Manning Agency
Knowledge and Process Management
CASE STUDY
222 M. Blosch and J. Antony

8. Key issues in naval manpower
Within the naval manpower system there are the following
key issues:
- Naval personnel are input into the system at the lowest
level and ‘grown’ to meet demand in terms of special-
ization and rank. This places an emphasis on accurate
long-term forecasting, as for senior ranks the time taken
for them to be trained and to gain the right amount of
experience can be considerable. It takes, for example, at
least 15 years of experience for an individual to reach
the rank of captain.
- The system involves a cyclic sea-to-shore job structure;
time spent at sea is followed by time ashore.
- A high degree of specialization. Within the Royal
Navy there are approximately 90 seaman branches, (a
‘branch’ contains specific job and skill areas, for example
Weapons Engineering) and 25 officer branches and the
possibility for interchangeability between branches is
low. This is further complicated by the rank structure
which further subdivides branches.
- The system must also account for ‘regeneration’. That is,
if there is a requirement for extra manpower caused by a
crisis the system must be able to allow, for example,
mothballed ships to be brought into service and pro-
vided with personnel. The level to which extra person-
nel are included within the system is a policy decision.
- Manpower wastage from the system, particularly in the
form of Premature Voluntary Release (PVR), has a
significant effect on manpower. PVR is effectively
people resigning from their contracts.
The typical manpower cycle is shown in Figure 7.
The cyclic nature of the normal career creates a number
of problems mainly associated with queuing effects. As will
be appreciated, ‘seamless’ relief of an individual as he or she
moves on to their next posting is not always possible. As a
result there are ‘gaps’ at times and a ‘gap’ is a job not being
filled by a competent and qualified person. This effect is
made worse by factors such as variations in event times,
shortages of particular categories of manpower or system
inefficiency. In order to attempt to alleviate these problems
an allowance is made to the manpower numbers required for
actual jobs at sea or on shore. This allowance takes two
forms, first, for training and second, for ‘margin’. The
training allowance takes into account both career training,
such as given on promotion, and job training to prepare an
individual for a new job. The margin is an allowance for
predictable events such as leave and handovers (where the
outgoing individual briefs his relief).
The complement billets, jobs to be done, and the
allowances are added together to form the manpower
‘Requirement’, to which manpower numbers, the ‘strength’,
are, as far as possible, matched. However, due to the nature
of the system there are a number of problems experienced
by the Navy and these are:
- Gapping, no suitably trained and qualified personnel are
available for a job
- Margin overuse, the actual margin use is over what is
allowed for
- Training quota underuse, there is often an underuse of
this allowance and it is unclear at this point whether this
is due to it being wrongly calculated or gapping
manpower is withheld and not allowed to go to training.
These are illustrated in Figure 8.
These problems have a significant impact. Many modern
ships are ‘lean-manned’, that is, run with reduced levels of
manpower, and on that basis there is an increased sensitivity
in terms of operational capability if jobs are gapped. Margin
overuse is damaging in two ways. First, much-needed
manpower is unavailable to the system, and second, this
incurs a significant cost, money which cannot be spent
elsewhere. Figure 9 indicates the scale of the gapping
problem across the navy’s budget areas.
RISK ANALYSIS
The initial phase of the research focused on developing an
understanding of the Royal Navy and the high-level process
maps. A series of semi-structured interviews with personnel
from across the organization was used to construct the
process maps. These initial ‘candidate’ process maps were
fed back to those within whose area they fell for review to
ensure they were accurate. Figure 10 shows an example of
the process hierarchy of which makes up the NMA.
The primary business process areas are Planning, Draft-
ing (moving ratings around the system) and Appointing
(moving officers around the system). Each of these primary
business process is broken down further into business
processes and elementary business processes. It is useful to
divide a large organization in this way to make the process
maps relate to logically grouped areas and of sensible size.
Risk analysis may then be done at the individual process
level and integrated via the process hierarchy. Figure 11 is
Figure 7 Naval manpower cycle
CASE STUDY
Knowledge and Process Management
A Process-Based Approach to Business Risk Analysis 223

9. an example of part of the process map for the drafting
process, and since the process maps developed were
very large this diagram shows only a fragment for
illustration.
Developing the process maps is perhaps the longest part
of the analysis. In some cases the organization may have
extant models on which the maps can be based. Developing
maps is important as the basis for understanding where risks
may enter, and the maps themselves may be re-used by the
organization for activities other than risk analysis.
PEST analysis
The PEST analysis consisted of the group as a whole
brainstorming risks that may result to the organiz-
ation from external sources. This exercise proved very
valuable in identifying the risks external to the organiz-
ation. Table 4 is a summary of the key risks identified
using the PEST analysis, and it was felt that these
risk factors were already influencing the Navy’s current
situation.
Figure 8 Requirement and strength
Figure 9 Top level budget holders TLB’s (C in C Fleet—Commander in Chief Fleet, CFS Commander in Chief Fleet Support,
2SL—Second Sea Lord) Gapping as a percentage of Scheme of Complement, SoC (number of complement billets in the area)
Knowledge and Process Management
CASE STUDY
224 M. Blosch and J. Antony

10. Stakeholder analysis
The next section of analysis focused on identifying individ-
uals or groups both internal and external to the Navy which
may have an influence. Figure 12 summarizes the groups
identified and the risks that they introduce into the system.
A key output at this stage was the recognition that
external groups exerted considerable influence over the
Navy’s manpower planning and provision. Taken with the
results of the PEST analysis it was clear that the Navy was,
on the whole, sensitive to external factors.
Process risk
The main part of the workshop was utilizing the process
maps in order to identify the risks associated with the tasks.
This was done using a ‘walkthrough’ with each map and
Figure 10 Process hierarchy diagram for the NMA
CASE STUDY
Knowledge and Process Management
A Process-Based Approach to Business Risk Analysis 225

11. recording the risks suggested. Each risk was discussed in
order to identify its causes, effects, impact and probability,
which were recorded in the risk-ranking table (Table 5). As
the seminar group was large, individual groups focused on
specialist areas, which also speeded up the seminar. The
results of the individual groups was fed back to the groups
as a whole for their feedback, comment and further brain-
storming.
Brainstorming
As was noted above, brainstorming was an important part
of the process as a whole and in the seminar it was used
within each section. At the end of the process mapping the
results form the individual subgroups were fed back to the
group as a whole and brainstorming was used to identify
any further risk factors. The aim of this was twofold: first, to
allow individuals to comment on ares with which they had
not been involved in the subgroups, and second, to gather
a wider range of risks.
Risk ranking
At this stage the risks identified as a result of the process
modelling, stakeholder and PEST analyses are grouped
around the relevant processes. Once this has been done,
each risk is assigned a severity and a probability, and in this
case for both of these a high, medium and low classification
system was used.
The risk-ranking table forms a view of all the organiz-
ation’s risks. At this stage in the analysis it was decided to
focus on high/high risks. However, the risk register was
documented and circulated to the wider organization so that
individuals had the opportunity to use it, as it may identify
Figure 11 Fragment from drafting process map
Table 4 PEST analysis results
Political risk Economic risk
- Loss of political will to support defence - Downturn in the economy
- Increased demand for budget cuts - Cost escalation of current projects
- Lack of understanding at ministerial level of defence needs
Social risk Technological/operational risk
- Lack of support for defence - Changes in the nature of conflict to be faced
- Lack of interest in defence as a career option - Changes in weapons technology
- Demographic changes
Knowledge and Process Management
CASE STUDY
226 M. Blosch and J. Antony

12. Figure 12 Stakeholder analysis
Table 5 Example of the use of the risk ranking table
Process Activity Risk Causes Effects Impact Prob. Weight
Drafting 3. Allocating
Personnel
3.1 Gapping. 3.1.1 Under-recruitment Can cause long-term gapping
especially in branches with
long training requirements.
This will also greatly sensitize
the branch to the effect of
PVR. There will also be a
problem associated with
promotion as there may not
be enough candidates of the
right quality
Med. Med. Med./med.
3.1.2 Candidates are not
suitable due to a
subspecialization mismatch,
insufficient training or
experience
Reduces the number of
individuals available for
drafting, resulting in gaps or
mismatch between the
individual and the post
Med. Low Med./low
3.1.3 Excessive HTQ use.
Candidates are held up on
training courses which are
either long or fragmented
over time
Reduces the number of
individuals available for
drafting, resulting in gaps or a
mismatch between the
individual and the post
Low Low Low/low
3.1.4 Excessive margin
requirement use
Individuals are unavailable due
to being in the margin on
activities such as Leave After
Sea Service
Low Low Low/low
3.1.5 Inefficient drafting Individuals are not allocated
to posts correctly
Low Med. Low/med.
CASE STUDY
Knowledge and Process Management
A Process-Based Approach to Business Risk Analysis 227

13. risks relevant to their particular area. The following repre-
sents what were seen as key risk areas by the group of
experts attending the seminar:
High probability–high impact risks:
1. Construction and matching of the margin
2. Gapping
3. Compartmentalization
4. Human resource issues
5. Construction of the HTQ.
RISK MANAGEMENT
The purpose of the seminar was primarily to focus on
identifying, ranking and making provisional suggestions as
to how to manage risk. The results of the seminar were fed
back to senior management who decided to take the
following actions in order to manage the risks:
- Construction of the Margin and Gapping. These two
issues are closely related and result from the circulatory
nature of the system. At present the exact causes of
these are unknown and require further analysis. To this
end a manpower database has been developed in order
to capture data to be used in analysis. In addition, a
simulation, which works at the individual level and
replicates the rotation from sea to shore, and events such
as training, holidays, etc. has been developed. A design
of the experiment’s approach is being used for further
research into these areas.
- Compartmentalization. This is an issue of which the
Royal Navy has been aware for some time. Through
initiatives such as officer and ratings study groups work
is being done to explore new ways of increasing
flexibility. Innovations in branch structures are being
made, such as the creation of new branches.
- Human resource issues. These elements encompass
morale, motivation, service conditions, etc. A new study
has now begun to undertake further research in this area
in order to develop a more detailed understanding of
these issues.
- Construction of the HTQ. Because at present the training
allowance is underused research into this area will be
conducted after that into margin use and gapping has
been completed.
In the case of the Royal Navy the risk analysis has been of
great value and has fed back into management practice.
Though it is unlikely that such a formal large-scale risk
analysis approach will be taken again, it is clear that
smaller-scale and more focused risk analysis will take place
as a normal part of the management process.
Of more use has been the adoption of an ‘attitude of risk’
in the wake of the analysis. That is, managers now look
actively at their management areas in terms of identifying
where risks may originate and proactively putting in place
risk management approaches proactively so that these
factors never arise.
CONCLUSION
Until recently the majority of risk analysis has been done in
the area of project management and disaster planning. It is
a truism that risk management is effectively the central
aspect of most managerial activity, though it may be called
such. Risk analysis gives managers the opportunity to
identify areas of exposure and change that may have serious
effects on the business and to put in place formal manage-
ment techniques to reduce the sensitivity of the business to
these risks. The philosophy of risk analysis can contribute
greatly both to the management of the day-to-day business
and to the strategic planning process, and should be a
natural part of a manager’s way of thinking.
In most cases risk management, due to its roots, has been
highly quantitative in nature. As noted earlier, the majority
of business problems are qualitative or are not easily
assessable with quantitative methods. This paper has devel-
oped an approach which recognizes the qualitative nature of
many management problems and develops a framework by
which they may be analysed. In essence, the process
modelling approach is central to this framework, with
supplementary techniques used to identify and rank risks.
The exact nature of the techniques used to identify risks
may easily be altered to accord with the area under analysis.
No matter how these are generated, they may still be
mapped to processes and ranked. It is important, however,
that the identification, and particularly the ranking, of risks
is done by those individuals who are knowledgeable and
experienced in the system in question. Once risks have been
ranked formal management techniques can be used to
manage these risk areas.
In the case of the Royal Navy this approach has
been particularly successful. The analysis has led to the
development of a database and simulation for further
analysis, and change in management practice. As this
project has shown, the technique itself is straightforward
and does not require any particular skills or bespoke
software. It can be performed easily and will be of great
benefit to the organization.
ACKNOWLEDGEMENTS
The authors would like to acknowledge the input of Captain
T. Spires, Commander Ross Rennison, Commander Richard
Jenkins and the members of DNM without which this
research would not have been possible.
REFERENCES
Ansell, J. and Wharton (1993) Risk: Analysis, Assessment and
Management, John Wiley, Chichester.
Knowledge and Process Management
CASE STUDY
228 M. Blosch and J. Antony

14. Davenport, T. (1993) Process Innovation, Reengineering Work Through
Information Technology, Harvard Business Press, Boston.
Hammer, M. and Champy, J. (1993) Reengineering the Corporation, A
Manifesto for Business Revolution, Nicolas Brealy, London.
Harrison, M.I. (1994) Diagnosing Organisations, Methods, Models and
Processes, 2nd edition, Sage, London.
Kahneman, D., Slovic, P. and Tversky, A. (1979) Judgement Under
Uncertainty, Heuristics and Biases, Cambridge University Press,
Cambridge.
Kalos, M.A. (1986) Monte Carlo Methods, John Wiley, Chichester.
Mintzberg, H. (1983) Power in and Around Organisations, Prentice
Hall, Englewood Cliffs, NJ.
Pfeffer, J. and Salancik, G.R. (1974) Organisational decision making
as a political process, Administrative Science Quarterly, No. 19,
135–151.
Pfeffer, J. (1981) Power in Organisations, Pitman Publishing,
Marshfield.
Recher, T. (1983) Risk, A Philosophical Introduction to the Theory of
Risk Evaluation and Management, University Press of America,
New York.
Rubenstien, R.Y. (1981) Simulation and the Monte Carlo Method,
John Wiley, Chichester.
Thomas, L.C. (1993) Financial risk management models, in Ansell
and Wharton (eds) Risk: Analysis, Assessment and Management,
John Wiley, Chichester, pp. 55–70.
Williams, T. (1995) A classified bibliography of recent research
relating to project risk management, European Journal of
Operational Research, No. 85, 18–38.
CASE STUDY
Knowledge and Process Management
A Process-Based Approach to Business Risk Analysis 229