Governance, complexity and deep system threats


  • Nick McDonald CIHS, Irland
  • Pernilla Ulfvengren INDEK, KTH, Sweden



operational risk, governance, sociotechnical system analysis


Aviation, health care and financial services are increasingly stretched due to aspects that pose deep enduring systemic threats to our societies, challenging our ability to respond with commensurate socio-technical solutions. It has been argued that complex systems like these are intractable, defying generalisable analysis that could support prediction and control, and hence are not amenable to compliance models of regulation. Instead it is argued here that this ability can be developed with applying governance to a knowledge system.
The knowledge system needs to identify relevant system properties with leverage on operational risk. Big data analysis plus model-based reasoning, can identify generic socio-technical system characteristics. To make sense of the relations between system and outcome a complementary capability to model the functionality of producing the data is needed.
Our socio-technical analysis model is based on the following principles: purposive human systems have outcomes and produce value; this involves at least a minimal sequence of activity with related dependencies; it is the reciprocal nature of social relations that makes that sequence possible, and the flow of knowledge and information enables these productive roles of people. A governance system is required to assure that this works.
A governance system should generate a motivation, an “obligation to act” to use the knowledge directly within operations, to implement and validate solutions, and to manage risk across the system. This behaviour needs to be sustained in three cycles of governance: Operational, Improvement and Strategic. The operational feedback loop maintains its role to ensure close monitoring of the operational impact of the system change, maintaining a close link between strategic implementation and operational experience. Safety is not something distinct and separate from other aspects of system functionality, but it needs to be integrated into a new evidence-based governance of operational risk which is outlined in this paper.


Metrics Loading ...