James Hardie
February 21, 2025

Risk, Boundaries, and System Resilience: Integrating Lean Thinking, Theory of Constraints, and Rasmussen’s Model

In complex, high-performance environments, whether in manufacturing, finance, healthcare, or startups, systems are often pushed to their limits in pursuit of efficiency, profitability, and growth. However, the negative consequences of continuously running a system at full capacity are well-documented in Lean Thinking, Little’s Law, and the Theory of Constraints. These frameworks emphasise that resilient systems require built-in slack to handle uncertainty, prevent cascading failures, and allow for adaptability when unexpected disruptions occur.

At the same time, models of risk such as Rasmussen’s Risk Boundaries Model and General McChrystal’s equation of Threats × Vulnerabilities = Risk highlight the necessity of understanding system boundaries, enforcement mechanisms, and risk mitigation strategies. This article synthesises these perspectives to illustrate the importance of balancing efficiency with resilience, ensuring that organisations do not inadvertently push themselves toward failure by eroding essential buffers.

1. The Fragility of Overloaded Systems: Lean Thinking, Little’s Law, and Theory of Constraints

A common fallacy in operations and organisational strategy is the belief that maximum utilisation equals maximum efficiency. This assumption is refuted by several key principles:

  • Lean Thinking argues for eliminating waste, but not at the cost of system resilience. Over-optimisation can create fragility when there is no redundancy to absorb shocks.
  • Little’s Law (L = λW) demonstrates that increasing utilisation without increasing capacity leads to exponential delays. If a system is constantly at full capacity, any unexpected increase in demand results in significant bottlenecks.
  • The Theory of Constraints (TOC) highlights that systems are limited by their weakest link. If all resources are stretched to their limit, any minor issue can cause widespread failures because there is no buffer to redistribute load.

The lesson from these models is clear: a resilient system requires slack to accommodate variability and uncertainty. When systems operate at 100% utilisation, they are highly vulnerable to breakdowns.

2. Risk Boundaries and the Collapse of Control: Rasmussen’s Model

Jens Rasmussen’s Risk Boundaries Model provides a complementary perspective on system resilience. His model visualises organisations as operating within three critical boundaries:

  • The Economic Boundary (financial cost or profit pressures pushing toward efficiency)
  • The Performance Boundary (the limit where human or technical performance failure)
  • The Workload Boundary (human or system capacity limitations)

Organisations tend to operate within a “pressure gradient” that pushes them closer to a boundary, as efficiency demands often override caution. Without clear enforcement mechanisms or safety buffers, organisations gradually erode their own resilience, a process sometimes referred to as "drift into failure". Some of this is prescribed by process, and some is open to interpretation by people. Work as imagined is not always work as done.

A key insight from Rasmussen’s model is that violating small rules leads to boundary erosion.

This can mean tipping points occur rather unexpectedly and unpredicablly and then one might say, "The thing is that everything matters, or pretty soon nothing really does. Break a rule here and there, why not break all the rules?"

This describes a common phenomenon in high-risk environments: small rule violations, justified in the name of efficiency, can accumulate until an organisation is dangerously close to failure without realising it. The Challenger disaster and Boeing’s 737 MAX failures provide interesting case studies of boundary erosion, where efficiency pressures led to normalised risk-taking, ultimately resulting in catastrophe. However, in regular business life we can also consider that, while lives are not necessarily at risk, livelihoods often are. Consider the banking crisis and other violations of trust.

3. Risk as a Function of Threats and Vulnerabilities

General Stanley McChrystal’s formula, Threats × Vulnerabilities = Risk provides a simple structured way to assess risk in dynamic environments. (Beware it is not really a mathematical equation)

  • Threats: External dangers that an organisation cannot control (e.g., cyberattacks, market crashes, supply chain disruptions).
  • Vulnerabilities: Internal weaknesses that expose an organisation to threats (e.g., over-reliance on key suppliers, lack of slack in operations, weak safety culture).
  • Risk: The intersection of these two factors. If an organisation has high vulnerabilities, even minor threats can be catastrophic.

In a startup or high-growth company, for example, the pressure to scale quickly can create conditions where vulnerabilities increase—such as technical debt, lack of process discipline, or reliance on overworked teams. Without mitigation strategies, a single external shock (market downturn, competitor disruption, cybersecurity breach) can push the organisation past the point of recovery.

4. The Importance of Boundaries in Risk Management

The role of process enforcement and management discipline is to establish and maintain workable boundaries that prevent systems from drifting toward failure. Boundaries are not about limiting agility but ensuring that organisations can operate safely within an environment of uncertainty.

“Boundaries allow us to approach hazards without falling into them.”

Good risk management means maintaining a dynamic balance:

  • Setting clear operational limits (e.g., minimum staffing levels, downtime requirements, inventory buffers)
  • Monitoring signals of boundary erosion (e.g., rising technical debt, declining safety margins, policy workarounds)
  • Creating buffers and redundancies (e.g., financial reserves, knowledge management, cross-training employees)
  • Developing a culture that reinforces risk awareness (e.g., psychological safety for employees to report issues without fear)

When risk is properly understood, organisations can operate in risky environments (startups, innovation labs, military operations) without being reckless.

Conclusion: The Need for Slack, Boundaries, and Awareness

A resilient organisation is not one that simply moves fast and operates at full capacity; it is one that balances efficiency with adaptability, speed with control, and innovation with discipline.

Key Takeaways:

  1. Always running at full capacity creates fragility. Slack is essential for absorbing shocks and maintaining control.
  2. Rasmussen’s model warns against boundary erosion. Small rule violations accumulate and push organisations toward failure.
  3. Risk is the product of threats and vulnerabilities. Even small external shocks can be devastating if internal weaknesses are ignored.
  4. Boundaries and processes are not bureaucratic obstacles—they are safety mechanisms that enable sustainable performance.

Leaders and decision-makers must resist the temptation to stretch systems to their absolute limits. Instead, they must build resilience through strategic slack, enforceable boundaries, and continuous risk assessment. In a world of uncertainty, the organisations that survive are not the most efficient, but the most adaptable.

Critical Perspective: Is Slack Always Good?

While slack and buffers increase resilience, too much slack can introduce waste and complacency. Organisations must differentiate between necessary slack (which improves resilience) and excessive slack (which leads to inefficiency and stagnation).

Furthermore, some industries, such as finance and high-frequency trading, thrive on system constraints. High-risk, high-reward environments deliberately push boundaries to maximise gains, accepting volatility as part of the model. For these organisations, resilience must be built through risk hedging strategies rather than operational slack.

Thus, the challenge is not simply to add slack but to optimise it, ensuring that resilience mechanisms align with organisational strategy and industry dynamics.

Similar Posts

Gaining The Strategic Advantage: Scaling a Business with Aviation Precision and Organizational Psychology

Scaling a business is one of the most complex transitions a founder will ever face. It’s no longer about proving an idea, it’s about sustaining growth, building resilience, and leading effectively. Many business owners find themselves caught in a cycle of decision fatigue, struggling with delegation, and wondering how to scale without losing control.This is where an unconventional yet highly effective perspective, one grounded in aviation strategy and organisational psychology, can make all the difference.

The Future of Work Is Human and AI: How Great Organisations Who Prioritise Relationships Over Hierarchy will Succeed

Corporate leadership on a bad day, (everyday for some) is built on a contradiction over leadership and the reality of emotional relationships. Corporations are legal entities but they are not people, and yet how might they be in an AI future? Some have justified Theory X, mistrusting of employees commitment to do good work, and yet Theory Y organisations exist. Organisational psychology theories exist to explain all aspects of work and its success or otherwise. In my own recent research into how military leaders transition into civilian leadership positions there was quite a bit of dissonance about leadership and what it means. That is why I want to dig a little deeper into the beating heart of leadership, to perhaps re-emphasise the relationship that exists between people as they lead and follow in organisations, between sales and customers. Who trusts who and why? And the unwritten psychological contract. While I am going to be quite critical, I will conclude with some case study examples of optimism that are also successful brands.

The Illusion of Progress: Why Doing More Doesn’t Always Mean Achieving Better Outcomes

In today’s fast-paced world, we often mistake busyness and presentee-ism for progress, checking off tasks, attending endless meetings, and chasing vanity metrics. There may be some political advantages to be found in all of these but we should not be aware of this too. When does more activity really mean more success? Drawing on insights from psychology, philosophy, and leadership, this article explores why doing the right things is far more important than doing things right. From Seneca’s wisdom to cognitive bias research, we uncover how strategic clarity, not sheer effort, drives real achievement. Are you truly progressing, or just running in place? Read on to find out. how to course correct yourself and your team. Pic: Taking a moment to think with Sherlock Holmes in a recent visit to Baker Streeet.

(03) 00000 00
Info@primvirtual.com
pages
ProductCompanyAccount
Legal
BlogCustomersCareers
Social
Getting StartedChangelogLicensesStyle Guide
© 2025 Course Correction. All right reserved.