Until recently, knowledge has largely been seen as something positive that organizations should manage to get the best out of it. However, a recent paper1 argues that organizations also need to consider knowledge risks because of the emerging number of these risks and the growing complexity of organizational environments.
Paper authors Susanne Durst (University of Skövde, Sweden) and Malgorzata Zieba (Gdansk University of Technology, Poland) have critically analysed the literature and prepared a concept map of knowledge risks (Figure 1). The authors advise that their research is the first systematic and comprehensive review of knowledge risks at the organizational level, and that it contributes to a more comprehensive understanding of knowledge management (KM).
As shown in Figure 1, the knowledge risks can be classified into the three categories of human, technological, and operational.
Human knowledge risks
- Knowledge hiding – an intentional attempt to withhold or conceal knowledge that has been requested by another person
- Knowledge hoarding – the act of accumulating knowledge that may or may not be shared at a later date
- Unlearning – a type of deliberate forgetting which involves a conscious process of giving up and abandoning knowledge, values, and/or practices which are deemed to have become outdated in an organization
- Forgetting – can be both accidental (due to bad memory) or intentional (trying to avoid bad habits)
- Missing/inadequate competencies of organizational members – related to organization members that do not possess the necessary training, experience, skills, or capacities to complete the tasks assigned to them
- Risks related to cybercrime – connected with the threats of malicious software either destroying or locking computer systems in organizations; a sub-form of risks related to cybercrime is the risk of hacker attacks
- Risk related to old technologies – outdated software can cause software mismatch and a high cost and long recovery time if there are failures; old software can have security issues
- Digitalization risks – increasing usage of algorithms has the potential for creating harm as these algorithms can be manipulated, repurposed or deleted, which in turn creates the risk of using disinformation or unreliable information
- Risk related to social media – social media has many positive benefits for organizations, but also possesses the danger of bringing a number of unplanned or undesired consequences, such as the spread of fake information or the existence of fake social-media accounts that troll company’s operations
- Knowledge waste – not making use of available and potentially useful knowledge in the organization
- Risks related to knowledge gaps – a mismatch between what a firm must know, and what it actually does know, which in turn may hamper the firm in meeting its objectives
- Relational risks – the probability and consequence of having unsatisfactory cooperation and/or opportunistic behavior by partners; in addition, it comprises the risk of knowledge sharing, which may end in the strengthening of the partner at the expense of the company’s own competitive standing
- Knowledge outsourcing risks – the outsourcing of business activities/functions involves a number of knowledge risks such as a risk of losing skills and capacities that are needed to perform central (knowledge) processes; furthermore, too strong an identification with a client organization can hamper the success of outsourcing activities and undermine KM practices in the originating organization
- Risk of using obsolete/unreliable knowledge – If a company does not keep its knowledge up-to-date or validated, there is a risk that it will apply wrong knowledge in its operations
- Risk of improper knowledge application – improper application of knowledge or its misinterpretation
- Espionage – industrial espionage is linked not only to knowledge loss but also to the loss of open culture, based on knowledge exchange and trust
- Continuity risks – these risks relate to an organization’s ability to maintain its core capabilities over time and to its ability to continue to perform and compete at consistent levels as people come and go
- Communication risks – the risks that the intended message is not received, partially received, received but not understood or sent differently because of broken communication flow
- Knowledge acquisition risks – relate to an organization’s ability to acquire the new knowledge it needs in order to follow a new strategic direction
- Knowledge transfer risk – Focusing on knowledge transfer as a people-to-people process, the successful transfer of knowledge may be hampered by a number of factors which can be assigned to personal factors, organizational factors, and the nature of the knowledge in question
- Merger and acquisition risks – proper communication may be missing, which can lead to misunderstandings and a lack of knowledge exchange; knowledge retention can be an issue, as, often, in mergers and acquisitions, the number of staff is reduced which, in turn, can contribute to the attrition of crucial knowledge; there could be a problem with regard to the availability of knowledge in the newly created organization.
Consequences of knowledge risks
- Knowledge attrition – a process where knowledge is becoming obsolete (e.g., due to new inventions, progress in the state-of-the-art, becoming of historical value only, etc.) or corrupted (e.g., caused by inappropriate use or waiting too long to use the knowledge, etc.)
- Knowledge loss – a situation when an organization loses a part or all of its crucial knowledge as a consequence of for example employee leaving a company, employee poaching or some technical faults (e.g. computer breakdown)
- Knowledge leakage – a situation when sensitive organizational knowledge such as strategies, policies, product knowledge, and sensitive client information ends up in the hands of unauthorized parties
- Knowledge spillover – a situation when valuable knowledge spills out of the organisation to competitors who use this knowledge to gain competitive advantage
- Lost reputation – a situation when a company loses the observers’ collective judgments based on assessments of financial, social and environmental impacts attributed to the company over time
- Lost sustainability – a situation when a company loses its ecologically-balanced approach towards the operations and does not follow the rules of sustainable development any more.
Approaches and tools to manage knowledge risks
The authors advise that the plethora of potential knowledge risks that may occur in organizations requires a set of tools and approaches intended to identify, prevent or manage them. For example, knowledge maps, in general, locate important knowledge in organizations and provide information on where to find it.
Organizations have a number of different options at hand:
- Motivate and encourage employees to share their knowledge and not to take it away
- Transfer and store crucial knowledge in IT-based databases
- Share crucial knowledge only with a limited number of people/firms within and outside the organization
- Continued back-ups of data and databases
- Solutions/tools that are sufficiently protected
- Install different levels of knowledge access, i.e., only available to those persons who need such knowledge to perform their tasks.
Additionally, organizations may also:
- Protect their strategic knowledge assets by legal arrangements, copyrights, etc.
- Retain critical knowledge through codification and distribution in organizations
- Eliminate redundant knowledge from their organizational memory
- Be cautious in selecting outsourcing and cooperating partners to minimize the risk of improper knowledge usage by these parties
- Implement knowledge management solutions that incorporate risk management.
Article source: The paper Mapping knowledge risks: towards a better understanding of knowledge management is licenced under CC BY-NC-ND 4.0.
- Durst, S., & Zieba, M. (2018). Mapping knowledge risks: towards a better understanding of knowledge management. Knowledge Management Research & Practice, 1-13. ↩