Internal Lessons
Mahoney says much of this success can be attributed to ANZ's strong risk management credentials and its value-based approach to the adoption of new projects. And underlying those credentials is the belief that anyone can implement any form of technology, but to make it work depends more on how you implement than what you implement.
"It's how you go about implementing that technology or that delivery mechanism that determines whether you succeed, and one of the major approaches we do is to take a value-based approach, which says we will not implement internally or externally unless we will get value from it," Mahoney says. "And value isn't just financially based - there are a lot of other elements to it. It really goes back to saying: 'How do we support the strategic outcomes of the business, not just delivery of a training mechanism to satisfy an HR requirement?'
"This is really an area where we learned from a lot of experiences, certainly internally with our internal product, which is ANZ e-Train, and from our experiences from that we've developed quite a successful risk management strategy for our clients," he says. Part of that approach involves early consideration of every area that could potentially cause failure and then finding an approach designed to mitigate or minimize the chance of that failure occurring.
To help with that analysis the ANZ makes inverted use of the Reason Model, a conceptual and theoretical approach originally developed to improve the safety of large, complex socio-technical systems such as aviation by professor James Reason of the University of Manchester. "Reason is actually used to investigate airline accidents, and what it looks at is any cause of failures not due to just one action, but rather due to systematic failure," Mahoney says. "It covers everything from looking at an organization in terms of its latent considerations (culture, policies and procedures), to actions like someone pressing the wrong button at the wrong time.
"We turn that model on its head and say: 'Okay, well in order to ensure success you need to address everything, not just the sourcing strategy.' So if I'm going to pick this learning management system because its got this, this and this, I need to also look at the other components, which are the organizational factors, and those processes, policies and procedures that support the technology and the delivery, to come up with the optimum outcome for the organization. We look at a number of factors there. First and foremost is actually risk profiling the reasons why they want to put this into an organization. So it's about identifying both primary and secondary drivers for delivery."
Take the example of an organization that has a strategic driver of wishing to lower the risk profile of its business, and that recognizes it has an issue of compliance that is likely to cause it financial or reputational heartache down the road. Mahoney says the typical response is to turn immediately to a sourcing strategy to identify an appropriate technology to address that issue. "Generally what we find is that that tends to lead to disaster, because they haven't considered the learner outcomes that they're trying to undertake, as part of supporting that strategic objective."
He says instead the organization should first develop a risk profile that not only considers the risk of failure to address that compliance issue but also the reputational risk - internal and external - the organization might incur should the solution fail, or the organization fail to achieve the strategic objective. The risk profile should consider every possible risk, from the reputational risk to the financial risk and the number of people likely to be touched by the solution.
"I also think the one absolutely fundamental consideration when you're risk profiling is: How long do I have to put this in place? What's my time frame for that? And certainly what we found from our existing client base is that a lot of organizations leave the whole training process to the last. In putting in place a risk profile around the considerations you have to make to deliver your strategic directive, you can also consider the potential impact from a risk perspective on your learners.
"From that combination of risk profiling, your strategic objectives and the learner outcomes you're looking for, that's when you can look at your sourcing strategy."
Apart from failure to draw up a risk profile, Mahoney says one of the more common mistakes organizations tend to make is to fail to bring in someone with risk management expertise to advise them. Flawed decisions often flow from false assumptions arising from a basic lack of understanding of the likely risks of the project. Another common mistake is to fail to consult all parts of the business in drawing up the risk profile.
"A lot of organizations look at trying to implement something like online learning with maybe just one person driving it, and from a management perspective, that is just never going to cut it," he says. "I think stakeholder management is absolutely critical. So from our perspective, what we do is we try to get across as broad a spectrum of people in an organization as we possibly can, to first of all try to look at understanding the strategic objectives they're trying to achieve, and then going through the process of looking at those objectives, risk profiling those with an organization, and doing that across a fairly broad spectrum. We need representatives from the business, we need HR and learning and development because ultimately they'll be driving it, and you need to involve IT."
A crucial part of the ANZ risk management strategy, Mahoney says, is to make sure all stakeholders are on board throughout the project, and are consulted at key touch points to maintain that buy-in.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.