- Purpose: Why Does the Organization Exist, what are its objectives?
- People: Does the Organization have adeptness to achieve its objectives?
- Process & Plant: Do the People have the right Operational knowledge to operate the systems they are responsible for?
- Product: Does the organization have a product or service that the market/society wants?
- Planning: Does the organization know how to do Operational and Tactical Planning to sustain or enhance the above?
- Governance: Does the organization have the strategic and leadership capacity to Change the Above?
- Risk Tested: What identified risks can be used to test the above to ensure they are functioning?
Each of these components impact the organization on a continuous (short term) or periodic (medium to long term) basis. Purpose holds an unusual spot in that it is both enduring (very long term) and something that directly influences the next ARM risk component, People. This is demonstrated in the following diagram.
Purpose: Why Does the Organization Exist, what are its objectives?
Let’s face it, if an organization has not nailed this one – even a little – it has MUCH bigger problems. This component is also directly linked to ISO 31000 in which risk is defined as:
- ‘effect of uncertainty on objectives‘.
- “Objectives can have different aspects (such as financial, health and safety, and environmental goals) and can apply at different levels (such as strategic, organization-wide, project, product and process)’. 
ARM’s Length Definition
At this point I am hearing a collective groan of having to sit through another Mission Statement and Visioning death march…. groannnnn. Don’t worry, my ARM definition for this is simply this: is there a consistent and wide spread understanding of what the organization does? Widespread is both top-down and inside-out.
Why Does this Matter
Numerous great thinkers have expressed this concept in different ways. Stephen Covey discussed it as ‘begin with the end in mind (habit 2)’. Jim C. Collins described it as getting people on the bus (next component) and figuring out where you want to go in his book Good to Great. The key thing is that the objective builds affiliation and belonging. It is easier to motivate, communicate, control, command and reward people if there is a clear end state.
Just as important, it is easier to change to a different purposes if you know what your current purpose is. If not, you may discover that you never stop doing things and your purpose gets increasingly diluted in a grey-goo of good intentions.
A lack of purpose is the greatest threat (risk) to an organization and a clear and focused purpose is the greatest benefit (opportunity) to an organization.
ISO 31000 Risk Assessment Technique
ISO 31010 Risk Assessment Techniques lists methods from brain storming to sophisticated statistical analysis on how to evaluate and analyze risks. Interestingly there is not a specific technique relating to answering the fundamental question, does the organization have the right objectives? Certainly a number of the 31010 techniques can be pressed into service however, including good old brain storming. Others noted below are Delphi, interviews and surveys.
Examples of Risk Tests and Mitigation
Risk Identification: The organization lacks a clear definition of its purpose in the [market place, government services, volunteer/social space].
- Evaluation/Analysis: What do the following stakeholders think the organization’s purpose is and measure the relative deviation between them.
- Stakeholders: Executives, board (minister), customers (clients), management, staff (volunteers), regulator, etc.
- Measure: perhaps a sliding scale test on a number of measures. Use statistical analysis (e.g. R Value) to measure relative differences between pairs or all-purpose statements.
- Example: which of the following statements best exemplifies the role of the Minister of Widgets in the managing the affairs of Widgetland (1 = No Role and 5 = Central or core to the Ministry’s mandate):
- Fund Widget Research and Development (1…5)
- Regulate the use of Widgets in the home (1…5)
- Provide education to children on safe widget use (1…5)
Risk Identification: The organization is engaged in activities or product lines it should shed. For example it continues to run a data center despite the ability to purchase this service cheaply and reliably from the market place. This risk builds on the above assessment but with a focus on what the organization should stop doing (as well, see my blog: Can We Stop and Define Stop).
- Evaluation/Analysis: Using a Delphi’esque what business functions of the organization should it keep or divest.
- Participants: Executives, board (minister), customers (clients), management, staff (volunteers), regulator, etc.
- Measure: a listing of key business functions with a requirement rank them or identify whether the organization should Build, Hold, Evaluate, Divest.
- Example: The Widget Corporation has identified 10 key product lines and support functions. You have been asked to rank them according to the following measures: a) invest and expand; b) hold and monitor; c) carefully evaluate for potential hold/divestment; d) divest/buy in the market place; and e) I really do not know. You must apply ‘a) – d)’ at twice to the following ten lines/functions and you can only apply ‘e)’ once.
- Product Line A: Widget-exploration.
- Product Line B: Widget-transportation
- Product Line C: Widget-refinement and conversion to products
- Product Line F: Widget Real Estate Holdings
- Function: Information Technology to Support the Above
- Function: Real Estate Management
- Function: Human Resources
- Function: Supply Chain Management