Home > Risk > Addressing the ugliest risk: internal politics

Addressing the ugliest risk: internal politics

Maybe it’s a taboo subject, but I can’t say I have seen it discussed very often.

Politics can be the greatest risk to the achievement of objectives, whether at the corporate level, between division heads, among managers, on projects, or from one worker to another.

I have seen it far too often:

  • Hiding information
  • Spreading false rumors
  • Sabotaging projects by withholding people or other resources
  • Failing to tell others of dangers ahead
  • Duplicating efforts with competing projects
  • and more

So what should we do about it?

My opinion:

  1. Recognize that internal politics, at any and every level, can be a source of risk
  2. Follow your risk management process (e.g., as explained in ISO 31000) to assess and determine how to treat the risk
  3. Be aware of the politics of dealing with the politics
  4. Avoid being accused of playing politics yourself by being open and taking care how you frame the issues (such as talking about availability of resources rather than people withholding resources)
  5. Stay alert and keep your eyes and ears open to changes in the political environment
  6. If this is a significant problem, talk to your champions at executive and board level about how to change the culture

I welcome your stories, comments, and opinions.


  1. May 31, 2012 at 2:01 AM

    Internal politics is definitely one of the ugliest risks in an organization. Unfortunately, there are instances when it cannot be appropriately eliminated. I once saw it in an extremely siloed organization. Various VPs and SVPs had their own agendas which did not mesh well together. Many initiatives were duplicated, projects sabotaged, funds wasted, etc. None tried to eliminate the problem because, at that point in time, all were making money. But alas, the economic downturn put an end to the high flying money making days and the lack of synergy led to the demise of an organization.

  2. May 31, 2012 at 2:04 AM

    An interesting post – it suggests a couple of things though. First that institutional politics are necessarily bad. Second that senior management executives do not participate in it or are in some way above it. In my experience politics are most pernicious and prevalent at the top of organisations as this is where individual and personalities can make a real difference. Also I have not found politics to always be bad. We are all human and being political is a human trait. As you say, you can’t ignore as an auditor, you must play. I guess I have always tried to be straightforward with people in my professional career but confidentiality, a necessary part of auditing, makes this sometimes a difficult judgment call.

    A good area to think about!

  3. May 31, 2012 at 3:28 AM

    Any experience in carrying out risk assessment workshop on internal politic risk? My experience and challenge is getting executive management to be honest.

  4. Ck6
    May 31, 2012 at 7:55 AM

    Internal politics are present in any organization with more than one person. It is a major part of Management Risk and Board Risk as people tend to work to build consensus (for or against) on everything. One should strive to control the negatives and encourage the positives as bright ideas arise out of one idea that gains consensus.

    Controlling internal politics is an art as an organization can survive (and thrive) for a period of time even with the worse internal politics situation thinkable. Tale tale signs of internal struggles are low morale on the working level; reduced productivity; high levels of internal transfers (if not resignations); and reduced work quality. Assuming the undercurrent is not visible, each of these signs should become highlighted in the annual risk management review as the personnel questionnaires/interviews should uncover the issue(s).

    On the Board level, limiting internal Board members not only is the right path, it becomes a barrier to internal politics as consensus is forced. It is up to the owner(s) to control the Board centric internal politics.

    The difficulty is on the Management level. By structural definition, the levels of management require increasing levels of power in the organization. The aforementioned personnel questionnaires/interviews should provide at least a warning to these structural issues. How the chief risk officer (if not the CEO) communicates these issues to management and the Risk Committee/Board is key to limiting the negative effects of internal politics.

  5. Kay
    May 31, 2012 at 8:10 AM

    I agree, internal politics can certainly be a detriment to accomplishing the goals of the organization. As the Internal Auditor you have to be aware of how they work in your organization. I like the suggestion on #4, keep it positive, and discuss what needs to change to benefit the project in a proactive manner and why and how it will benefit the organization. It seems to work better for me, to not address directly the persons or reasons it is not happening, but to change the thinking as to how it can happen.

  6. Karen Glover
    May 31, 2012 at 9:33 AM

    I agree; politics can be a significant risk. Identifying the symptoms, as Ck6 suggests, is a good way to start the discussion, Getting beyond that, though, is difficult when management has too much power. This is where a truly independent Audit Committee can benefit a company most.

  7. Joseph iyofor
    May 31, 2012 at 1:27 PM

    Politics should not been seen in a negative light, it is a by-product of organisational affairs. Individuals displaying various aspects of the machivellian need for personal power. The problem here is how does an organization harness individualized need for power (why employees play politics) for organizational objectives? The right tone at the top, clear rules and procedures, participative management style, punishment must fit the offense from top to bottom and the reward system structured appropriately. If this are done the risk of politics significantly affecting an organisational objectives is significantly reduced.

  8. May 31, 2012 at 5:24 PM

    If you are interested in the effect of politics upon projects or systems development then you should read the work by Bent Flyvbjerg and the UK Cabinet Office (ex-OGC) about optimism bias and deception in business cases, Richard Barber about ‘internally generated risk’, and Dennis Hart about ‘political information wards’. The latter two authors are from UNSW@Canberra and have published PhD studies that show the strong, even overwhelming effect of politics upon the success – or otherwise – of projects.

  9. June 1, 2012 at 9:50 AM

    Agreed that internal politics can be greatest risk to acheivement of corporate objectives and think that internal politics reflect in the form of management style/tone and/or thru culture of an enterprise.

    Governance with transparecy do play a major role in addressing this risk. unfortunately,defining and setting up right governance model is the most difficult part and generally be last but not least in the prioroty list of senior management. having said that, i think there is a need for developing standards on Governance so that the organizations can leverage them to benchmark/baseline as well as they can be assessed aganist these standards by external agencies/independent parties

    On the other hand, internal politics is about people. People become risk agent, risk source being the dissatification / disgruntled / bad motive which in turn translates into internal political risk. Therefore, it can come under human resources risk / operational risk and human resources dept apart from senior management do have a major role to play in identifying and addressing this risk across the organization.

    • Norman Marks
      June 1, 2012 at 10:13 AM

      I don’t think it’s as easy to solve as to day “HR will fix it” or “the board and CEO” should set the tone. Even the head of HR plays politics very often, and CEOs frequently want a level of competition among their direct reports.

      Norman D. Marks, CPA, CRMA OCEG Fellow, Honorary Fellow of the Institute of Risk Management Vice President, Evangelist Better Run Business SAP

    • June 2, 2012 at 6:44 AM

      There is a standard for the corporate governance of IT. It is ISO 38500:2008. Its principles do address the risks/ issues that we have been considering.

  10. June 1, 2012 at 11:07 AM

    What a great topic – Insurers’ EPLI related materials could prove to be good resources as would be their Legal Employer Hotlines – additionally a section in the Corporate Employee Handbook may also be assigned to this seemingly ever present atmosphere, provided top management actually compiles the information and signs off on it, as would each employee. Unfortunately however, it is so often that the CEO wears the Fire Marshall’s hat and the very one that sets its own fires… Does it really have to take a couple of hefty EPLI claims to open the Top’s eyes? Maybe, depends on how much they are willing/able to pay for
    SIR’s and future premiums for their EPLI. HR can only “fix” it, if it is educated in that area and does not just shoot from the hip. Employees are a whole lot smarter in this day & age – perhaps because there are plenty of attorneys available that are pretty skilled in that arena of Law. I will be following the feedback of this topic as I am forever involvved in our clients’ EPLI scenarios… Thank you for bringing this up.

  11. Urvil
    June 4, 2012 at 6:50 AM

    Hi Sir..I have one concern. Internal politics can be eliminated or controlled through risk management. But what if the people at the top level itself are involved into politics. For e.g. when they keep their subordinates busy with the work which is ultimately not required, but just to show in their appraisals that they’ve taken some initiative.

    • Norman Marks
      June 4, 2012 at 7:14 AM

      I agree that politics at the top is a risk and risk managers need to be aware of its potential effect.

      Norman D. Marks, CPA, CRMA OCEG Fellow, Honorary Fellow of the Institute of Risk Management Vice President, Evangelist Better Run Business SAP

  12. Ray Flynn
    June 7, 2012 at 2:23 PM

    By far the best weapon against politics is a clear message from the top that Risk Management is here to stay. Any other than highly visible commitment from the board to a RM initiative is like a green light to those who will fight change.

  13. June 19, 2012 at 10:31 AM

    It’s tempting to capture within a risk taxonomy, but you’d still need some kind of risk performance measurement system (e.g. a risk register) in order to properly risk manage. And, if you’re in an enviro that is highly political, with lots of neg. consequences, you might be disinclined to do such reporting and monitoring. It’s also quite appealing to try to capture the internal landscape impact through an exercise such as through a corporate risk profile. But…I’m not convinced people would do such activities for many reason – many deplorable, more understandable, and few laudable.

  14. June 19, 2012 at 8:51 PM

    Richard Barber’s work on internally generated risk showed that this type of risk is a). common and b). almost unmanageable – because it was politically too dangerous for a project manager to put it on a risk register. That meant it was not considered through the formal RM process (if it existed, as organizations with such issues also tend to downplay formal RM) by that project manager or her successor (as project managers churn a lot in such conditions).
    The remedy for such risks is improved governance (hence my earlier reference to ISO/IEC 38500) but that is above the pay grade of project managers. You have to get senior business managers to take action at this level. That usually only happens, if at all, after a bad audit report.
    I am not cynical – just experienced.

  15. Toby Greer
    June 26, 2012 at 7:00 AM

    1 Thessalonians 5:17

  16. July 19, 2012 at 4:50 AM

    Everything depends on the culture and maturity of the management team. I sat with my VP of internal Audit once as the senior auditor and the auditee was a moron who, through gross mismanagement, had squandered over half a million dollars. (this guy screwed up everything he touched!) But this VP was well connected, and management behaved as if the company was a country club, so it was all soft-pedaled in the final report. At some point in my career, I filed a whistleblower complaint that was settled to my satisfaction. Almost any strong internal auditor might say the same thing. Not saying these 2 are connected. They are not. Just saying’.

  17. May 2, 2013 at 11:22 PM

    Genuinely when someone doesn’t be aware of then its up to other visitors that they will assist, so here it happens.

  1. June 4, 2012 at 1:06 PM

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: