I was talking with a good friend the other day about Enterprise 2.0 and the impact social media is having on the enterprise. What we were most blown away by in our discussion, is just how difficult it is for companies to embrace a culture of information sharing. There is still a persuasive “fear” that information can get into the wrong hands and therefore needs to be controlled.
Our conversation reminded me of an old post, Companies are Control Freaks. In it I talk about the evolutionary stages companies move through, from retention of information to encouraging the creation of information. What struck me most about our conversation was a story he told about a risk assessment his company had done. He told me his company had announced they had done a risk assessment to determine their risk profile in achieving their goals. Great effort, great initiative. He told me the assessment identified almost 50 varying risks, of which 6 were labeled as critical. Curious he asked to see for the report as it wasn’t part of the company announcement. He was sent the report outlining the risks with a note that asked him NOT to distribute it externally OR internally. When asked why he couldn’t forward to his co-workers, this is was the response:
The reason I indicated not to distribute internally is to try to keep a level of control over who gets the more detailed information. We intentionally did not provide this one page slide with the article as that would mean that 15,000 people would have it and it would be impossible to control whose hands may get it. Due to the nature of the information included in the risk profile, it is easier for me to distribute it internally rather than allowing anyone else to do it to try to keep it from getting into the wrong hands. Thanks for asking. I hope this helps to clarify.
Notice use of the word control twice. This is typical 1980’s corporate retain information leadership.
It’s the employees who will ultimately mitigate these risks, or magnify them. Yet his company feels they can march forward without actually sharing with all 15,000 people what they are at risk for and what they need to do fix it.
Imagine an encourage information leadership approach to this. It would have 15,000 people poised and ready to help fix the issues, not operate oblivious to them.
It takes a lot for companies to change, to give up control. Especially when control is all they know.
I wonder if being too hierarchical and controlling is one of the risks?