Putting the OUCH in Ouchi! Risk thresholds as a quality and motivational practice


Ouchi posited that team members are more motivated and more likely to succeed if they are given a clear structure and then left to their own devices to implement that structure. His Theory Z, a long-term business bestseller (Ouchi, 1981), changed the attitudes of many corporations seeking new ways to engender organizational unity and team spirit. The idea is a relatively simple one. Establish norms. Set limits. Clarify what the organization believes and create a sense of community.

Put Ouchi's theories up against the modern project risk management environment and there is a clear dichotomy. Risk tends toward being a personalized experience, rooted in the familiarity of individuals with the work they're performing and entrenched in the sense that each project's risks are the exclusive province of that project.

This paper looks at the use of risk thresholds as a key step toward implementing Ouchi's ideal of uniformity of practice, unity of ideals and clarity of vision for the organization. By examining risk from a “Z organization” perspective, the role of risk thresholds in everything from common values to mutual nurturing is explored, and the opportunities for risk thresholds and other consistent risk management practices to establish and build higher levels of motivation becomes evident. Rather than becoming barriers to accomplishment, risk thresholds afford the opportunity to build common understanding of when, how and why to take action, and the types of actions that are politically and organizationally acceptable. (Katzenbach, 1998, p. 111)

The paper also covers the need to build thresholds from the senior management perspective, and then to establish the “rules of the road” at the team member level—culminating with maintenance and ownership by the project management office or project support office.

What Was Ouchi Saying?

A review of Ouchi's work provides a clear sense that he believes organizations can succeed if they create a sense of what he referred to as a “clan” mentality (Ouchi, 1981, p. 87). This sense of mutually shared responsibility, ownership and process is born out of a belief that communities work well together if they see themselves as a community with the co-dependencies associated therein.

He posits that successful Theory Z organizations are those where culture is clearly communicated at the micro and macro level and individuals have a clear understanding of what the organization's philosophies entail.

It is this philosophical underpinning that creates a direct tie to risk management. Just as organizations need to communicate their strategic vision and corporate objectives, they also have a need to let members of the organization know what's clearly “out of bounds.” That is where risk thresholds become crucial to Theory Z success.

From Ouchi's perspective, Theory Z is the organizational culture (conventionally rooted in many traditional Japanese organizations) that says the greatest success and personal sense of reward comes from serving the organization and its long-term interests and by committing to the organization as a whole (rather than to a subunit or division). He contends this is done by making those interests very clear to everyone in the organization. But it doesn't have to be dictatorial in nature:

“In a Theory Z company, the explicit and implicit seem to exist in a state of balance. While decisions [in these companies] weigh the complete analysis of facts, they are also shaped by questions of whether or not this decision is suitable, whether it ‘fits’ the company” (Ouchi, 1981, p. 72).

He adds just as the infrastructure must be in place to drive stakeholders in a common direction, the stakeholders themselves must acknowledge their contributions provide benefit not when they succeed as individuals, but when the organization succeeds as a whole. When team members recognize it's not a single project or a single person that will reap reward for the organization, Theory Z may begin to take root.

Much of his thinking ties to trust, which, as we'll see in a few pages, ties very closely back to risk management. If every team member has a vested interest in the actions, activities and commitments of every other team member, shared interest prevails over individual interests. And if they are all tied to organizational philosophy, then the organization prevails as well.

Ouchi breaks down implementation of Theory Z into a 13-step process. The remainder of this paper follows that structure step by step, examining how risk management can be the driving force to apply Theory Z at the micro level (and ultimately, from a greater macro perspective). The 13 steps, taken here directly from Ouchi's Theory Z (Ouchi, 1981, p. 97), are:

•   Understand the Z Organization and Your Role

•   Audit Your Company's Philosophy

•   Define the Desired Management Philosophy and Involve the Company Leader

•   Implement the Philosophy by Creating Both Structures and Incentives

•   Develop Interpersonal Skills

•   Test Yourself and the System

•   Involve the Union

•   Stabilize Employment

•   Decide on a System for Slow Evaluation and Promotion

•   Broaden Career Path Development

•   Prepare for Implementation at the First Level

•   Seek Out Areas to Implement Participation

•   Permit the Development of Wholistic Relationships.

Ouchi stresses these steps are not purely sequential and may overlap.

Understand the Z Organization and Your Role

The Z organization has a strong sense of consistency. While many organizations lack this sense of even-handedness, it can readily be implemented in risk management practice, whether it be PMBOK® Guide-based or rooted in other practices. The key with effective risk management practice is to wash out some of the personality or individuality of risk management, in favor of the organization's tendencies (Pritchard, 2001, p. 195).

Some organizations lack that consistency. They have no common set of risk values driving risk management. Inasmuch as risk management is a project-by-project, as well as an organizational practice, this is a wonderful opportunity for the individual project manager to institutionalize risk management practice within the project and to use that as an example to facilitate development of the same practices into the organization as a whole.

If there is a risk practice in place, the role of the project manager is to clarify terms and to adhere to that practice. That should include consistent identification practices, consistent application of qualitative and quantitative terms and consistent understanding of the application of risk responses within the organization.

Audit Your Company's Philosophy

Reviewing those practices means having a clear understanding of your organization's philosophies on risk. How much risk are we willing to accept as an organization? Where is the line drawn on where risks become unacceptable? Such an audit should entail documenting, for team members, how that risk philosophy applies on the project on which they're working. It should also capture the specifics on areas of particular concern within the organization.

In one southwestern electric generating organization, their concerns are documented as related to reliability, safety, environment, cost and schedule. Within those areas, there are specific acceptable and unacceptable limits to behavior. That affords team members clarity of practice within the organization and also gives them the latitude to take direct action without fear of reprisal, as they know what the organization will and will not tolerate from a risk perspective.

Ouchi discusses this type of organizational behavior in his Theory Z text, stressing that organizations that have taken pains to clarify their organizational limits create both a sense of personal independence and one of organizational consistency. That's a powerful blend that has direct benefits in the unique, one-off world of project management.

Define the Desired Management Philosophy and Involve the Company Leader

As with all things project management, one of the keys here is to document, document, document. Definition is not a personal experience. It must be catalogued and documented for posterity. It should not rely on the personal perspectives of an individual project manager, but should reflect the organizational culture.

Definition goes a long way toward establishing risk culture (or any culture, for that matter). Noah Webster was acutely aware of this when he created his first American dictionary. He did so in the hopes of creating a distinctly American culture. His success is seen in every paper in this Symposium, as one can easily discern between those papers crafted in “American English” versus those created in traditional English.

In the same fashion, project managers have an opportunity to establish and clarify project cultures through their interpretations of the organization's established risk policy. If the established policy says, for example, “no risks shall be taken that could expose the shareholders to undue negative media exposure,” the project manager may clarify what constitutes “undue exposure.” That definition empowers the project manager and the team, granting them both a sense of independence and a freedom from the pressure of individual interpretation. In this example, defining the types of media to be concerned about and the potential interests of media representatives will facilitate team member action toward consistency with organizational risk policies.

In “Teams at the Top,” Jon Katzenbach reinforces these notions at a senior management level, stressing the criticality of clear management and organizational systems to facilitate team consistency and growth (Katzenbach, 1998, p. 12).

Implement the Philosophy by Creating Both Structures and Incentives

This is perhaps the single most daunting element of tying risk management practice directly into Theory Z. Creating risk structures and incentives is a mercurial practice in most organizations, as different project managers are effective at “selling” risk in different ways. It is here Theory Z must be most fastidiously applied.

Risk structures extend beyond simply saying that an organization will follow the PMBOK® Guide (Chapter 11) practices for risk. They are clear statements of how those practices will be followed and what tools will be available to facilitate them that will enable effective risk management and the freedom of implementation essential to team motivation (Scholtes, 1988, pp. 1–11). This needs to be examined for each of the basic risk processes that have to be implemented for effective risk management: planning, identification, qualification, quantification, response planning and response monitoring and control.


Risk management planning (from the PMBOK® Guide perspective) preaches essentially the same gospel as does Ouchi, only from a risk management perspective. It calls for establishment of consistent practice, structure and organization for risk.


In risk identification, different approaches yield different results. In organizations where personality and personal drive are the keys, brainstorming may yield organizationally appropriate risks. In organizations where structure rules, risk identification tied directly to an activity-by-activity analysis of the WBS and the risks associated with those activities will be more appropriate. Identifying organizational preferences is one step in the right direction toward Theory Z implementation.

Qualitative Analysis

Nowhere is there a greater opportunity to build a clear structure for risk management than in qualitative analysis. Organizations for years have done this somewhat tacitly through the application of risk models and/or risk thresholds. With risk qualification, project managers can establish a guiding compass for risk behavior, enabling team members to become their own guides down the risk path.

It may start as simply as with new risk thresholds. By saying “We worry about delays of greater than x days, cost overruns of greater than x dollars, or specification deviation that affects x participants,” the project manager can allow team members to work more autonomously because the structure, rather than day-to-day management, becomes a roadmap for behavior.

This evolves even further as organizations opt to clearly define what they mean organizationally by high, medium, and low risk. Because such terms are frequently intensely subjective, team members without such structure may feel powerless to report on risk effectively. By demanding adherence to rigid criteria when reporting risk as high, medium or low, a sound risk qualification practice again unleashes the power, authority and action of individual team members.

Implementing such structures frequently happens initially at the project level, and through popularization, slowly wends its way to greater organizational acceptance.

Quantitative Analysis

Establishing qualitative values creates a sense of opportunity for individuals to evaluate risk within their own personal paradigms. Quantitative values do not afford the same level of latitude, but they still can fit within the Theory Z organization, by virtue of how they are applied. In applying quantitative tools to serve both the goals of the organization and the needs of the individual team members, quantitative analysis must be structured so the supporting information to build the analysis is readily available. One of the key foibles of encouraging quantitative review in virtually any situation is that while the numbers look more valid, they are sometimes drawn from less-than-reliable sources. To apply quantitative analysis in a Theory Z organization, the sources and access for that information should be consistent.

If expected value is applied, for example, the resources for probability (an area in which project managers are notoriously weak) must be valid and validated. To allow conjecture in individual interpretation of probability data is to invite divergence from Theory Z.

Perhaps the simplest implementation strategy for this practice is to facilitate a strong relationship between the project office (project support or project management office), the project managers, and the organizations' accounting departments. By knowing organizational philosophy on accounting practice, project managers are less likely to stray in applying quantitative analyses.

Risk Response Planning

Risk response planning is often a creative endeavor. Indeed, the great risk managers are often those individuals who consistently develop the most inventive response plans. Structuring ways to encourage those who might be somewhat less creative to develop broader risk strategies mirrors the objectives of organizations, as well as anyone who believes process will engender more consistent results.

More consistent results in “firefighting” means more team members have the opportunity to succeed. It may also mean project team members miss the opportunity for individual recognition, a drawback identified on multiple occasions by Ouchi. From Ouchi's perspective (as well as that of most organizations), the success of the organization should take precedence (Ouchi, 1981, p. 84).

To build risk response planning processes, as with risk thresholds, project managers need to identify responses that are tolerable to the organization. If the risk were that “the project may lose a team member, causing unacceptable delays,” an unacceptable risk strategy in most organizations would be to chain them to their desks. We create planning thresholds by creating a structure that says “any risk response that does not do x (with x as a list of reasoned, reasonable and rational concerns), should be considered in keeping with the organization's risk planning processes.” By identifying what's out of bounds, the project manager can allow team members to develop strategies that are acceptable to the organization. Again, individual autonomy is created by clearer structure and reduced individuality.

Risk Monitoring and Control

Auditors are generally not popular people. They're not considered allies, but adversaries. This adversarial relationship is not conducive to both effective risk monitoring and control and implementation of Theory Z. The structures associated with risk audits, risk reviews and risk analyses tend to be perceived by some as Draconian measures designed to stifle and/or limit creativity.

By contrast, as Ouchi posits with Theory Z in other situations, the greater the level of rigor, the greater the potential level of perceived independence for the team member or worker (Ouchi, 1981, p. 81).

This structure takes the form of checklists, forms and other types of self-analysis. The beauty of such analytical behavior is that it can be self-conducted, rather than orchestrated by the organization. The key to success, however, will rest with management, with a responsibility to ensure that team members have a process that is not punitive for identifying risk management successes and failures.

Even if the organization determines that auditors will be responsible for risk reviews, the structure ensures that team members will know, understand, and perhaps even appreciate the criteria against which their risk processes will be evaluated. Again, the team members know management's thresholds.

The Process as a Whole

Nowhere else in Ouchi's 13 steps is risk management process so closely tied to the opportunities for motivation and individual autonomy. Ouchi stresses time and again the need for consistent practice in management. Building such practice into the often-amorphous environments associated with risk management affords an opportunity to manifest Theory Z in an intensely challenging environment.

Develop Interpersonal Skills

Risk is a team sport. As such, it opens the door for team involvement at both the micro and the macro level, proactively and reactively, and in an environment where true change can be affected.

In Ouchi's work, the antithesis to Theory Z organizations are Theory A organizations. Theory A organizations are those organizations where the individual achievers (the “Lone Rangers”) are the heroes of the day. Effective risk management is not the province of individuals. In organizations where it is, the risk practice is only as effective as the project manager who is working on a project on any given day. If the individual falters, the organization falters. Ouchi's call for high cross-participation and cooperation bears true fruit in the risk environment.

Teams can be used most effectively, again, if they have a common understanding of what constitutes risk thresholds for all risk process steps.

Test Yourself and the System

A great component of Theory Z is about forcing the limits of the organization and the individual, without breaking protocols. This is not the same as simply following rules. It's making sure that you are working the boundaries of the organization to discover the infinite possibilities that lay out before you. Ouchi suggests that those in Theory Z organizations are much happier than those in Theory A organizations, largely because of the autonomy they enjoy. They are encouraged to work within other aspects of the organization and to build their capabilities.

Risk management can be deployed toward the same ends. Risk practitioners can build their portfolio of strategies and their understanding of risk events by validating past successes and publishing those successes (as well as any notable efforts which did not succeed). Note that I did not say failure. They are not perceived as failures under Theory Z or under effective risk practice. They are learning opportunities. Again, the keys here come back to risk thresholds, building understanding and exploring and expanding the validity of that understanding by knowing the tolerances of the organization for both strategies and exposure.

We test the system by validating approaches after they have been implemented—reviewing the process for notable achievement. If someone is surprisingly successful with a risk strategy, it's important that achievement is acknowledged for its contribution to the organizational whole, rather than for its one-time application. Fire-fighting is definitely not encouraged or rewarded, even if it succeeds in the crucible of reality. The successful test is when a strategy can be repeated.

Involve the Union

While many projects exist outside the organized labor environment, any worker group can be perceived as and labeled as a union. The key? Even those who don't see themselves with a role in the process should have a role. They need to be participants and contributors. This should apply for all risk process steps. They need to see the value to themselves and the organization. We accomplish this step of Ouchi's process by pulling in representatives at every opportunity. Since project management encourages delegation, risk management should be no different.

Anticipate some pushback on this particular aspect of risk management. Some individuals are reticent about risk and will be unlikely to participate in this process. They will see it as a management function. They will only participate readily when they see value to their work and personal opportunities. If there is no tie-in to their reward structure, or they sense risk is perceived as a naysayer's experience, then they will stay out of the risk loop.

Stabilize Employment

Team members are more likely to participate in the process if they feel their professional well-being is not at stake. Risk is not seen as a positive experience in most organizations. Instead, it's an experience where individuals vent, complain and commiserate about organizational weaknesses.

To overcome this, project managers can provide a “what's-said-in-the-meeting-stays-in-the-meeting” philosophy. This has the danger of preserving the negative perception of risk. The more honest approach is to build the risk philosophy that risk identifiers and risk managers who work in the organization's best interest and document their efforts fastidiously will be positive acknowledged for their contributions to the organization's best interest. For some organizations, that requires a change in behavior.

Decide on a System for Slow Evaluation and Promotion

While their behaviors may be the driving forces, the opportunity for advancement is frequently seen as the best hope for building risk practice. If an individual sees potential reward for his or her behaviors, then they are likely to continue those behaviors.

Note Ouchi's approach here, however. SLOW evaluation and promotion. Risk management is not a quick-change process. If we build risk processes and reward those who adhere to them religiously, we improve the possibility that others will follow the processes as well.

Group behavior (the bandwagon effect) is well recognized in advertising circles as an effective way to build support. It is also why people are naturally afraid to take risk. They are going where others have not. And yet, if we set the risk thresholds well, the entire team can be attuned to what the organization will tolerate and how far they can go with impunity.

Further, if they perceive opportunity for growth within the organization and see others getting the opportunity to advance because of their willingness to take risk (within the boundaries), they are more likely to “hop on the bandwagon.”

Unfortunately, many existing risk systems reward remarkable efforts by individuals, encouraging violation of risk thresholds.

Broaden Career Path Development

Team members often do risk management within the project office. That's a problem. Ouchi suggests that team behavior is most effective when it is consistent across the organization and not limited to a single facet of the organization. Since many project managers are brought in through the matrix from other parts of the organization, they need to have the opportunity to share these skills throughout the organization. Limiting behaviors to a single group or function can limit individual development. Failure to implement across the organization can cause some project managers and their team to feel “trapped” in their project roles, without opportunity for growth and development.

Prepare for Implementation at the First Level

In project driven organizations, we see the project manager as the first level. We implement, enforce and encourage risk practice. It must also be implemented at a senior level. Senior and executive management have to be adherents to the practice if the thresholds will flourish in the lower echelons. They must openly discuss their willingness to take risk, and know the potential punitive action for exceeding those limits.

Such meetings are awkward, as management may be tempted to outdo each other in a contest of “who can stand the most risk.” They need to work through scenario-based evaluations of what they will and will not tolerate, discussing the actions they would take toward team members who exhibit certain behaviors, implement certain strategies and accept certain financial, schedule and technical risks on the organization's behalf.

This discussion cannot be accomplished in a single session. It may take multiple iterations to ascertain what's acceptable and what's not. It is prudent to bring together different executive groups, as they find the opportunity to explore other risk aspects in the company of other peers.

Seek Out Areas to Implement Participation

Just as Ouchi suggests that the practice should grow from organization to organization, risk thresholds need to be reviewed, revisited, and reassessed on a regular basis as new projects are undertaken and new tactics are discovered.

Permit the Development of Wholistic Relationships

It's appropriate that Ouchi's Theory Z ends on this element of the effort. Risk thresholds are often associated strictly with the qualification and quantification of risk. They are not seen as spanning the risk process and the breadth of the team. To achieve long-term organizational satisfaction associated with Theory Z; risk management process must be consistent from its beginning through completion, and from project to project.

To get where risk thresholds are defined and understood, and to where they are practiced consistently, one must start with a single project. Someone must develop the model for the rest of the organization to follow.

The subtitle of Ouchi's text is “How American Business Can Meet the Japanese Challenge.” Through effective risk management and a clear group understanding of risk thresholds, today's challenges from all business quarters can be more readily met. If we can help our organizations establish guiding risk philosophies and approaches, we facilitate their growth and our own.


Katzenbach, Jon. 1998. Teams at the Top: Unleashing the Potential of Both Teams and Individual Leaders. Boston: Harvard Business School Press.

Ouchi, William. 1981. Theory Z: How American Business Can Meet the Japanese Challenge. Reading, MA: Addison-Wesley.

Pritchard, Carl. 2001. Risk Management: Concepts & Guidance. Arlington, VA: ESI International.

Project Management Institute. 2002. A Guide to the Project Management Body of Knowledge. Upper Darby, PA: Project Management Institute.

Scholtes, Peter. 1988. The Team Handbook. Madison, WI: Joiner Associates.

This material has been reproduced with the permission of the copyright owner. Unauthorized reproduction of this material is strictly prohibited. For permission to reproduce this material, please contact PMI or any listed author.

Proceedings of the Project Management Institute Annual Seminars & Symposium
October 3–10, 2002 • San Antonio, Texas, USA



Related Content