Do you really know what tomorrow will bring? 

How confident are you that a costly, serious safety event isn’t just around the next corner? If your organization has ever been surprised or caught off-guard by a sudden deterioration in its safety performance, it may be that you’re simply not getting the whole picture when it comes to operational risk. When organizations measure performance by outputs and results they often believe that if nothing bad has happened today, then tomorrow should bring more of the same. But an imperfect system cannot produce perfect results. So when it comes to operational risk, metrics need to be employed that provide not just a more accurate picture of performance, but a level of assurance that tomorrow will truly not bring any unpleasant surprises.

The harder we try, the worse it seems to get

Fortunately, for most organizations, serious safety events are relatively rare. But it’s precisely this infrequency that lulls organizations into a false sense of security and why actions taken in the aftermath of such events often fall short of anything that resembles a permanent “fix”. 

The reasoning being that if such events are uncommon, then when people deviate from policies or procedures this must also be uncommon. This line of reasoning - while palatable to senior leadership demanding assurance that a repeat event isn’t imminent or even likely - may not necessarily reflect the true picture of performance. The harsh reality might just be that while incurring serious consequences are indeed rare, unauthorized deviations from policy and procedures are not. To make matters worse, organizations may actually (though unknowingly) be fostering cultures of “casual compliance” where such non-compliant behaviors become the norm rather than the exception. 

How so? 

Well if there’s only something like a < 1-3% chance of anything going seriously wrong when a risk or a short cut is taken, then conversely, there must be a > 97-99% chance of things working out pretty well. In other words, if such behaviors result in saved time and / or money, then individuals are actually likely to receive positive reinforcement for their efforts. 

The result? 

The same behaviors will almost certainly be repeated next time around and likely even copied by others who are equally keen to receive such praise for a “job well done.” Hence the problem goes from bad to worse. Plus, any actions designed to prevent future serious safety events by only addressing those non-compliant behaviors directly associated with the event will inevitably fall short. 


Because they’re attempting to fix a systemic problem (owned by the top-half of the organization) with isolated solutions (that typically target individuals at the bottom half of the organization). Such actions - though often still costly and time-consuming to implement - ultimately end up adding little to no real value. Of course, organizations are typically very competent at reacting to specific and recognizable performance problems such as equipment failures and downtime. This is because the actions they develop in response to these issues are familiar, relatively easy to implement and provide clear evidence that something has been done.

However, they are much less comfortable in dealing with widespread, non-compliant behaviors that often have their roots buried deep in how performance is ultimately measured and rewarded. 


Because it’s more likely to be a top-half organization problem. 

A holistic approach to operational risk and non-compliant behaviors

The key to managing operational risk and achieving more predictable safety performance lies in recognizing and accepting that the underlying causes of non-compliant behaviors do not start and end at the worksite - or even just the bottom half of the organization. That’s not to say the C-suite is singularly accountable either, but more the recognition that all levels of the organization have a key role to play. And though organizations may frequently talk to achieving lower operational risk by re-stating the need for better procedural compliance, if the metrics for determining overall performance do not include how work is actually executed (as opposed to simply looking at the outputs and results), then the message from the top may become filtered, distorted or ultimately even lost. 

Employees are no fools and if they repeatedly see that cost, time and other outputs are really the most important thing, then they will deliver as required. So it’s not enough that leadership stands on the sidelines, but is much more “hands-on” and proactive around operational risk, work execution and non-compliant behaviors. 

A good first step is to be able to differentiate between the TYPE and SCOPE of such non-compliant behaviors, otherwise a serious mismatch may occur between actual cause and proposed solution.  

Underlying causes of non-compliant behaviors

There are two TYPES of non-compliant behaviors - ability and motivation. 

Ability infers that person(s) are not able to do that being asked of them. Examples may include insufficient time, inadequate knowledge, skill and / or experience or procedures that are hard to use or do not reflect the work being performed. 

Motivation infers that person(s) have all the necessary ability, but for whatever reason, choose to deviate from expected ways of work. Examples might include not following procedures or running equipment outside its normal operating envelope without prior authorization. 

The SCOPE is split between isolated and systemic.

 Isolated infers that the non-compliant behaviors are limited to a specific set of circumstances, individual(s) and / or team(s). 

Systemic infers that such behaviors are much more widespread and have become the “standard” way of doing things and where elevated levels of operational risk have become the norm. 

The TYPE and SCOPE of non-compliant behaviors are illustrated via 2 x 2 matrix.

Many organizations struggle to deal with systemic motivation. This is often because they typically measure performance by outputs and results, so their focus is often strictly limited to only those non-compliant behaviors directly associated with the serious safety event. This results in the true scope of such behaviors being overlooked and missed and so consequently, a disconnect results between the actions needed and the actions taken. 

Hence organizations become their own worst enemies in this regard. They sincerely believe that as long as nothing bad has happened today, tomorrow will bring more of the same. And when it doesn’t, they conveniently convince themselves that it is an isolated event with isolated behaviors. The result of a “few rotten apples” in the barrel. 

And yet, if organizations truly don’t want to be surprised or caught off-guard, they must begin to better understand their true levels of operational risk and the actual underlying reasons for all non-compliant behaviors, including those caused by systemic motivation. Otherwise - and despite the best efforts and good intentions of many - you may simply be setting the organization up for its next big fall.