Organizational Risk: “Muddling Through” 40 Years of Research

The recognition that organizations are a part of adverse outcomes has become commonplace in risk research. Social organization is a key theme in relation to risk minimization through institutional control and monitoring, and in how organizations are connected to society's perceptions of risk (beyond outcomes). The article reviews progress made in research on organizational risk over the last four decades and the contributions made to the field by fieldwork and descriptive approaches, understanding risk as partly determined by organizational context. A key issue for risk analysis is to figure out what these insights mean for risk professionals, such as while developing assessment methodologies and management approaches. Analysis of the literature shows that what to model if organizational factors are to be included in risk assessments remains as big a question as how to model. Integrating fieldwork and descriptive approaches for analyzing organizational risk, accidents, and safety is argued to be a main task for the risk analysis community.


INTRODUCTION
Disasters resulting from human innovation or organizational and technological developments receive wide public attention and give rise to processes of blame and reassurance. The realities following major accidents (recent examples include the 2017 Grenfell tower fire in London, the Fukushima nuclear disaster in 2011, and the 2013 Savar building collapse in Bangladesh) come with social distrust and criticism regarding whether technical safety measures have been paralleled by institutional control and monitoring. They remind us that organizational problems are usually at the root of what causes disasters (Pate-Cornell & Murphy, 1996) and that those organizational factors need to be included in risk assessments . Similar to classical findings that U.S. bureaucracies were "muddling through" instead of taking rational-comprehensive approaches to decision making (Lindblom, 1959), organizational research has shown that organizations are "muddling up risk," behaving in complex ways that probabilities cannot capture, and developing systems with failures and deficits that can increase risk as much as reduce it. The organizational contexts of risk matter, and risk perception is shaped by people's trust in the organizational procedures of decision making or feelings of fairness in relation to organizational goals (Renn, 1998). Such perceptions of risk can further lead to ripple effects, through which risks are amplified, shaping social perceptions and risk behavior (Kasperson et al., 1988). How have social studies of organizations over the last four decades contributed to normative conclusions for risk assessment, management and policy, as well as addressed issues of fairness and competence?
The early 1980s saw a heightened concern for man-made disasters and the increased complexity of modern organizations. The period also became a turning point for social science contributions to risk research, and organizational perspectives became part of a broader vision for risk analysis. Research demonstrated how hazards relate to changing organizational characteristics (Perrow, 1984;Turner, 1978), and it was explained how an important contribution of the social sciences lies in specifying the nature of hazards (Short, 1984). Also, the argument that major accidents are inevitable in certain highrisk systems became influential, spurring interest in the limits to safety and the possibilities of organizational competence (Perrow, 1984).
By the early 1990s, the professional concerns of risk analysts had an increased focus on people problems. At this stage, research inside organizations focused largely on individual risk perception and ways to communicate more effectively about risks (Short, 1992), as well as the role of human error in technological breakdown (Reason, 1991). However, a review of the literature also shows a growing consensus among risk and safety researchers concerning the importance of analyzing the interactions and complexities between humans, machines, and organizations (Clarke & Short, 1993;Reason, 1997;Short & Clarke, 1992;Turner & Pidgeon, 1997). In the United States, developing simultaneously with Perrow's (1984) normal accident theory, research on high reliability looked at the manner in which organizations with a disposition to fail had not done so (Hopkins, 1999;La Porte, 1982;La Porte, 1996;La Porte & Consolini, 1991;Ramanujam & Roberts, 2018;Roberts, 1993;Schulman, 1993). Perrow's thesis was intriguing and important, but with a large scale and limited applicability for addressing organizational competencies. Questions were raised as to whether his general theory on the direct relationship between high complexity and tight coupling in organizations and major accidents matched the diversity and change of different organizational contexts (Hopkins, 1999;La Porte & Rochlin, 1994). In technical risk analysis, probabilistic risk analysis developed in the direction of risk management as a tool to compare different risk management measures. Pioneering work was done to extend methods, in order to include human and management factors in addition to technical problems Pate-Cornell & Murphy, 1996).
What do these insights mean for risk assessors and managers? What progress has the field made in understanding risk in organizational contexts? What has been the particular impact of fieldwork and descriptive approaches for analyzing organizational risk, accidents, and safety? Providing an answer to these questions, the article looks at common concerns in research and discusses future challenges for risk analysis, drawing on samples of literature from three organizational descriptive domains published over the last four decades.
The article has been structured in four parts. Firstly, organizational risk in general is considered, looking at key themes and concepts related to failure, accidents, and risk. I then turn to the concepts of high reliability and resilience, before reviewing work on organizational culture, symbolism, and risk. Finally, recommendations are made and future challenges for risk research are discussed.

ORGANIZATIONAL FAILURES, ACCIDENTS AND RISK
When using the term "organization" in relation to risk, there can be risk to organizations (for example, business risks) and risks that organizations cause through management, operational, or maintenance deficiencies. Here, we are talking about the latter and thus dealing with risk as something that can afflict us more than just looking at risk as something that is taken (Turner, 1994). Furthermore, when defining organizational risk, there is no precise distinction between risk and uncertainty, such as in Knight's (1921) classical clarification. In organizational studies and qualitative approaches in particular, risk is studied as social in origin (Tierney, 1999), giving attention to what is known, what is not known, who does not know, and why it is so (Pettersen, 2016). The relevance of such an approach for risk analysis is seen in Aven (2016), who argues that a key challenge for the risk field is the focus on knowledge and lack of knowledge characterizations, instead of accurate risk estimations and predictions. By connecting organization and risk, descriptive research and fieldwork has contributed to developing risk analysis beyond scientific standards for clarifying choices and rational decision making. Research has shown that risk-related behavior in organizational and institutional contexts is very different from design-based accounts of decision making, often used as the basis for technical risk analysis (Boholm, 2010). As stated in a critical review of risk research two decades ago (Renn, 1998), social science approaches in the 1980s and 1990s showed that the interaction between human activities and consequences in organizations is more complex than probabilities can capture (Fischhoff, Goitein, & Shapira, 1980) and that the organizational structures of managing and controlling risks are prone to failures and deficits that may increase actual risk (Beamish, 2000;Perrow, 1984;Short & Clarke, 1992;Taylor, van Wijk, May, & Carhart, 2015). Discussing the limitations of Charles Perrow's normal accidents theory, sociologist Andrew Hopkins brought forward the basics of garbage can theory as an account of why things go wrong in inherently hazardous organizations (Hopkins, 1999). The garbage can theory proposes that organizational behavior operates based on a variety of inconsistent and ill-defined preferences. In addition, it postulates that organizational members have bounded and limited understandings of the processes by which the organization produces and survives, and that processes of decision making are extremely fluid, with participants coming and going (Hopkins, 1999;Sagan, 1993). Organizational risks do not merely happen, nor are they concrete and easily measurable (Tierney, 1999).
As the number of appraisals of organizational contexts in, for example, the nuclear, aviation, and chemical industries grew during the 1980s-1990s, requests arose for better theories of the social organizations in which decisions influence risk production and risk acceptability (Short & Clarke, 1992). Organizations in systems such as the nuclear power, civil aviation, and chemical industries received particular attention. Although more abstract and challenging to quantify than technical components, the analysis of accidents and disasters has provided a set of organizational behaviors and human errors that undercut safety and that seem to recur in a variety of accidents (Pate-Cornell & Murphy, 1996;Reason, 1997;Turner & Pidgeon, 1997). One important occurrence in the development of organizational themes and concepts was the reemergence of Barry A. Turner's research in the mid-1990s (Turner & Pidgeon, 1997). Based on his original analysis of accident reports (Turner, 1978) and further developing the theory on bounded rationality (Simon, 1957), Turner found that disasters are different from everyday slips and lapses. Disasters represent a significant disruption or collapse of collective understanding of risks and their management. Risk is thus not only a technical matter and must be understood through organizational prerequisites and implications. Organizational routines and procedures for risk assessment and management are influenced by assumptions and norms that govern the attention and behavior of actors. When these assumptions and norms become collective at the organizational or even societal level, they become cultures and can create fundamental, critical, and often long-lasting discrepancies between perceptions of risk and what is actually happening. In his analysis, Turner explained the gap in information that can lead to failures and deficits that increase risk based on several causes, including perceptional rigidity and organizational arrogance and self-confidence (Turner & Pidgeon, 1997). Similar to Turner, James Reason, who moved from a psychological angle to a broader organizational orientation, showed that there is no simple causal relationship between the frequency of individual errors and the risk of major accidents (Reason, 1997). He went on to explain how errors are the symptoms that reveal the presence of latent conditions in organizations at large (Reason, 1997, p. 226) and that organizations' risk controls can fail, due to simultaneously occurring latent organizational causes and active failures.
Another influential perspective on organizational risk is the theory that the individual's selforganization and autonomy in organizations can increase the actual risk (Rasmussen & Batstone, 1989). Rasmussen coined the phrase the "fallacy of defense in depth" (Le Coze, 2015). As the organizational structure for managing and controlling risks is usually based on a hierarchy of independent measures, an adaption or weakening of one particular measure will not have a direct visible effect or be observed by others. Such adaptations that increase risk are made by workers and middle managers in organizations but also by managers and regulators. At management level, adaptions can be structural changes to risk management processes, where decisions about risk are to be taken in new ways but without informing everyone in the organization about these changes.
Problems of power, such as the issue of inevitable disparities in the distribution of resources among social actors, have largely been overlooked in relation to decision making and risk in hazardous systems (Antonsen, 2017). A key point in relation to issues of organizational arrangements and risk is that, just as social structure bestows power on certain positions, it also limits power. Institutional elites often clash over issues of power, sometimes in ways that result in fatal decisions, such as the case of the Challenger launch decision (Short & Clarke, 1992;Vaughan, 1997). In addition, there are important connections between risk, information, and power. Several issues are important in this respect, such as the social contingency of what counts as relevant information for risk, as well as the possibility for developing systems for information sharing/reduction, and determining what knowledge is relevant for risk (Short & Clarke, 1992;Turner & Pidgeon, 1997).

HIGH RELIABILITY AND RESILIENCE IN ORGANIZATIONS
The theme of organizational risk becomes even more multifaceted when the concepts of high reliability and resilience are added to the concepts of organizational failure and accidents. Early case studies on high reliability organizations (HROs) in the 1980s and early 1990s explored current functioning in some technologically sophisticated and complex organizational subunits that were charged with performing their tasks without major accidents (La Porte, 1996). Contributing with careful descriptions of a handful of organizations (Boin & Schulman, 2008), the emphasis on organizational contexts and local contingencies afforded a wider perspective on rationality than existing technical and psychological theories that viewed risk as something generic and within individuals. The research showed how event frequencies are influenced by organizational-specific knowledge and foresight, and that the connection between organizational and technical performance was crucial for estimating the likelihood of catastrophic failures (Roe & Schulman, 2008). The research documented structural complexity and managerial responsibilities varying depending on context in the organizational control of risks.
In accounts of robustness and organizational responses to accidents and disasters, resilience has emerged as a key concept (Boin & Van Eeten, 2013;Comfort, Boin, & Demchak, 2010;Hollnagel, Woods, & Leveson, 2006;Weick & Sutcliffe, 2011;Woods, 2015). Several types of resilience are described in the literature (Pettersen & Schulman, 2016). The ability to adapt when existing risk management practices fail and something unexpected happens, such as described in accounts of HROs (Weick & Sutcliffe, 2011), is one type, labeled "precursor resilience" (Schulman & Roe, 2016). Another type is reactive in relation to risk events and can be defined as the ability to respond and regain functionality, even with increased robustness after serious events and catastrophes (Comfort et al., 2010;Vale & Campanella, 2005). Descriptions of HROs have been used as cases from which organizational principles for precursor resilience have been formulated. Continuous search for weak signals, widening of expectancies, and flexible management structures are some of the conditions described in the literature that can extend technical safety measures concerning risk minimization (Pettersen, 2016). Other parts of the resilience literature are more critical of existing risk management packages. This research emphasizes the unpredictable and unmanageable sides of hazardous technologies (Byrne & Callaghan, 2013;Dekker, Cilliers, & Hofmeyr, 2011;Miller & Page, 2007) and sees resilience as a strategy for complexity management that in many cases should be developed and applied instead of traditional technical analysis of risks (Comfort et al., 2010;Hollnagel et al., 2006;Kendra & Wachtendorf, 2003;Sheffi, 2005). Due to the complexity of our contemporary society and organizations, both individuals and organizations are described as having fundamental problems in describing future possibilities. Thus, organizations must be able to adapt quickly to new and unexpected situations and have members that are coordinated and perceive the situation in the same way (Boin & Van Eeten, 2013). This is a third type of resilience, implying improvisation and that organizations must use their resources in new and creative ways in order to deal with unexpected events.

ORGANIZATIONAL CULTURE, SYMBOLISM AND RISK
Organizational culture or more specifically cultural prototypes, such as safety culture, risk culture, or security culture, have emerged as a commonly used explanation for accidents and as a "recipe" for risk management in organizations (Antonsen, 2017;Guldenmund, 2000;Silbey, 2009;Westrum, 1993). In a recent example, the 22 July Commission, appointed to explain the July 22, 2011 attacks in Norway, concluded that a cultural prototype among national leaders contributed to them not recognizing the risks the nation experienced, leading to constrained risk management practices (NOU 2012(NOU :14, 2012. As an explanation of reliability and safety outcomes, culture as a particular knowledge structure and value system has been given normative status as something that organizations have and belong to in order to achieve desired outcomes (Reason, 1997;Weick, 1987;Weick & Sutcliffe, 2011).
Developments in organizational risk perspectives have been similar to what anthropologists and cultural sociologists have suggested more generally (Douglas & Wildavsky, 1982;Rayner, 1992): that social responses to risks are determined by cultural belief patterns and that cultural patterns structure the mindset of individuals and groups in society to adopt certain values and reject others. As the validity of prototypical descriptions has been debated and criticized in general (Rosa, 1998;Shrader-Frechette, 1991), so have organizational prototypes of culture (Antonsen, 2009;Richter & Koch, 2004;Turner & Pidgeon, 1997). In an essay reviewing the literature on safety culture, Susan Silbey (2009) argued that the dominating talk on safety culture goes against common sociological and anthropological theories of culture. In safety research, culture is often seen as a causal attitude or as an element of an engineered organization and not the emergent and indeterminate phenomenon it is viewed as in socially situated approaches. Still, a number of studies published since the turn of the millennium show the strengths of qualitative analysis and interpretive understanding of the association between organizational culture and risk (Antonsen, 2009;Atak & Kingma, 2011;Brooks, 2005;Collinson, 1999;Gunningham & Sinclair, 2009;Mikes, 2011;Naevestad, 2010;Reiman & Oedewald, 2006;Richter & Koch, 2004). The research has been conducted in a range of organizational settings and established the role of different worldviews within organizations and how these determine different perceptions and coping strategies regarding risks. In different ways, the research shows how qualitative analysis is complementary to quantitative modeling and analysis. For example, Holmes, Gifford, and Triggs (1998) investigated perceptions and understandings of risk in occupational health and safety among em-ployees. The research findings showed that the interactions between perceptions and understandings of risk and control in organizational safety produced a diversity of meanings of risk control. Meanwhile, Bye and Lamvik (2007) discussed the relationship between subjective risk perception and individuals' adaptation to hazardous working conditions. Based on a study carried out among personnel in marine industries, risk perception, fatality rates, and the discrepancies between subjective risk perception and formal risk levels were compared. Applying the concept of culture, they found indications that a correlation between risk estimation and subjective perception does not exist, and that risk perception could be seen as a reflection of interactional conventions developed among employees rather than a reflection of a formal estimated risk level. These types of studies document how members of organizations may perceive risks differently from risk assessors, and that risk communication with occupational groups need to be structured as a dialogue. In another example of qualitative research, Joseph Masco examined how nuclear weapons scientists had experienced the atomic bomb at the level of sense perception from the 1940s up until 2010. He argued that, for weapon scientists working after the end of the Cold War, the sensory experience of the atomic bomb had diminished over time, allowing nuclear weapons to be depoliticized and normalized within the laboratory (Masco, 2004). This study documents how (even) those who perform the risk calculations are affected by their social and organizational context.

STRATEGIES FOR "BORDER CROSSINGS" AND DEEP EXCHANGES
The topic of organizational risk can be traced back to a number of pioneering studies (Perrow, 1984;Rasmussen, 1997;Reason, 1997;Turner, 1978La Porte, 1982Vaughan, 1997). Although experiences have been drawn for risk analysis Pate-Cornell & Murphy, 1996), major accidents and disasters keep reminding us how often risk assessments and management miss the correlation between technology and organization. Rigorous technical assessments are no substitute for bad managerial decisions, nor can they hide from failure organizations that do not listen to witnesses among key personnel about the interactions between people, cultures, and technology. Without the inclusion of human and organizational factors in risk analysis, knowledge of risk is fragmented. This article draws on samples of literature from three organizational descriptive domains. The review shows both the muddled appearance of organizational elements in risk analytic work and how risk analysis seldom digs deep enough into the different domains in order to unearth and formulate the organizational insights (truths) from each perspective. What do the findings from organizational risk research mean for future risk research and risk managers? Where are the possibilities for deeper exchanges, and how can more frequent border crossings be encouraged?
First, there has been limited research and development of measurement strategies that could allow closer integration of organizational and managerial variables into risk assessments. Fieldwork and organizational analyses add empirical pieces of evidence that show the dynamics of cultural and contextual dependence of risk in organizations. More specifically, as the early studies of HROs (La Porte & Consolini, 1991;Roberts, 1993) documented the incompleteness of the normal accident (Perrow, 1984) risk scenario, qualitative analysis can contribute key factors and experiences omitted from constructed models of risk. As Jasanoff (1993) pointed out some time ago, risk assessments are often based on compressed models of systems. In the case of organizational risk, qualitative analysis can show constraining assumptions about technology, human, and organizational factors. In this respect, one particular challenge is how approaches to organizational risk have a tendency to focus on hazards in organizations and not relate risk to wider systemic trends or institutions in society, such as regulatory culture, labor relations, or evolving modes of production that can influence risk. Existing risk models may thus be less relevant in relation to long-term societal shifts or other external challenges that could undermine existing practices (Gould & Fjaeran, 2019;Le Coze, 2017;Pettersen & Schulman, 2016;Pidgeon, 2019). Although industry and regulatory organizations are paying attention to the analysis and normative prescriptions of risk management systems in technical organizations, including aims to integrate management practices, incentives, safety culture, and organizational resilience as key elements, these organizational variables are not being described and subject to as extensive an analysis as the physical variables typically attended to in risk analysis (Schulman, 2020). Even with the sophisticated methods for incorporating organizational factors into quantitative risk assessments (Alvarenga, e Melo, & Fonseca, 2014;Mohaghegh & Mosleh, 2009;Øien, Utne, & Herrera, 2011;Pence et al., 2014), without including knowledge from continuing and longitudinal empirical engagement with current organizational contexts-for example when formal risk assessments become regulatory requirements-risk assessments are not able to deal with how organizational phenomena are associated with systemic, inherent hazards. Nor do they have the descriptions with which to test the continuing relevance of existing risk models or to develop new knowledge for integration into future scenarios.
Second, the challenge of integrating organizational variables faces the fact that organizational contexts are diverse, and they change in ways that can affect the frequency of events (Bier, 1999;Hopkins, 1999;La Porte & Rochlin, 1994). In other words, a key issue for organizational risk is that the scale of risk analysis is often too large and misses crucial aspects of organizational variations and how the social reshaping of technologies (Gephart et al., 2009;Jasanoff, 1993) can transform risks in ways not accounted for by formal approaches. Actually, risk analysis seems to be increasing in difficulty, as assessments continue to lag practice in important areas (Bier, 1999;National Research Council, 1997). Fieldwork and qualitative analysis are methodologies that can illuminate the contextual blind spots (Jasanoff, 1993) in established approaches to risk assessment. Two central research areas in this respect are the strengthening of risk analysis as actual practices rather than norms and standards (Boholm, 2010) and the potential for merging the study of daily operations with engineering approaches (Karsten, Ruge, & Hulin, 2020). Also, a number of writers have offered arguments and empirical examples regarding the impact and challenges of complexity, interconnectivity, and rapid change on risk (Dekker, 2013;Schulman & Roe, 2016;Woods & Wreathall, 2003). Connected to complexity, globalization processes are increasing in frequency and speed across industries, shaping new operational constraints on organizations. Following the digitalization of information and communication technology, the liberalization of trade and finance, deregulation, and privatization agendas (Billings, 1996;Stephens, Wilson, & Peterson, 2015), interconnected systems are examples of such supranational processes creating new contexts for organizations. The implications for risk analysis following these transformations are not straightforward and currently not well researched (Le Coze, 2017;Pidgeon, 2019).
Third, risk research is increasingly concerned with demarcating in which situations risk assessments are feasible and developing approaches to situations where traditional assessment techniques fall short (Aven, 2016;Linkov et al., 2014). The concepts and theories developed in relation to the relatable research strands on high reliability and resilience engineering (Bergström, Van Winsen, & Henriqson, 2015;Haavik, Antonsen, Rosness, & Hale, 2016) have the potential to refine and strengthen risk analysis when organizations, often first responders, act to prevent unwanted events from occurring or to minimize damage. The literature on risk management in organizations has been parsing out characteristics that can contribute to proactive action, adaptation, and resilience in situations where complexity and uncertainty limit possibilities to predict (Woods, 2015). More specifically, and taking again an empirical lens, I highlight that, in relation to organizational contexts, the existing knowledge about high reliability and resilience is abstract in nature. There are still quite a few empirical studies of high reliability or resilient organizations, and general theories of high reliability or resilience are difficult to contextualize in relation to actual effects to minimize damage and woeful consequences. This is problematic, as improvisation and organizational creativity, described as prerequisites for resilience in crisis management, can conflict with the principles for high reliability (Pettersen & Schulman, 2016). Principles for high reliability, such as formal structures with procedures and responsibilities, put other demands on organizations and management than resilience. If risk analysis is to broaden its scope and hazardous organizations are to have risk policies to minimize risks while at the same time being able to deal with the unexpected and rare crisis, one must start by acknowledging that there are no simple solutions for paralleling these. Neither are there any clear and agreed-upon theoretical recipes for how high reliability can be developed in practice.
As previously stated, the application of qualitative studies in risk analysis appears quite unsystematic and, when going to the "nuts and bolts" of descriptive organizational approaches in order to study risk assessments, in practice few seem to be there. Nor does the literature on the problematics of organizational analysis and management practices provide much reference to risk analysis. Increasing the integration of descriptive research on organizations with risk analysis is not straightforward, as (at least at first) it is a borrowing of methods from other relevant domains. The "hard" analytic core of risk anal-ysis can make it challenging to get social scientists involved in applied risk research. In addition, we cannot expect those from other domains to be the ones to take up our challenge and complaints about mismatches; we will largely have to recognize the need to refine our perspectives and make the matches ourselves. The heterogeneity of the relevant domains for collaboration is expected to further contribute to the challenge, as the advice given by organizational researchers is expected to vary, depending on the epistemological approach and scientific background for the research (Renn, 1998). Reflecting that the topic is organizations and managerial factors, another issue is that most organized settings do not want their structures or processes that can be defined as risks to be openly available (Vaughan, 1999). Also, decisionmaking processes for which risk analysts are employed are often directed by the same managers that field observations would want to document and analyze, making it difficult for risk professionals that want to include organizational analysis (Bier, 1999).
To conclude, developing systematic applications of organizational fieldwork and related analytical strategies for describing risk in organizations has been in the past-and will be in the future-of vital importance for risk analysis. More often than not, the systems studied by risk researchers are large-scale technological systems, with possibilities for tight couplings and cultural complexity across a plurality of local and regional communities of understanding. This way, the study of risk requires systemic descriptions of organizations, and descriptions of the micro need to be connected to the macro (Bourrier, 2002), as well as the other way around. However, to suggest that rapid change and complexity leads directly to more frequent failure or higher hazard for that matter or, even more so, to "muddle" the one with the other, would be a classic failure of "high-risk" labeling. Organizational aspects are apparent both in the frequency with which those operations fail to stay within operational limits and the level of intentional or inherent hazard characterizing operations. If fieldwork were embraced more systematically and risk analysis avoided an uneven inclusion of descriptive research, these two elements of operations could be unmasked in relation to the increasing variation in patterns of behavior that surround the operational core of organizations. As risk assessments are increasingly becoming regulatory requirements, one possibility would be to show the increasing importance of systematic, long-term field observation with an improved grounding of the conditions and resources necessary for integrating such methodologies in risk assessment approaches.

ACKNOWLEDGMENTS
I would like to thank Todd R. La Porte for invaluable comments and input. I also wish to thank Ortwin Renn for insightful comments on an earlier version of this article and two anonymous reviewers for their engagement and remarks that greatly improved the article.