A critical step to creating any risk management framework is risk analysis. Risk analysis comprises risk measurement.
Discovering organizational risks has never been too problematic in my experience. The challenge tends to be around the risk quantification where we try to understand how big the risk is and when the risky event is likely to occur.
Here we tend to admit defeat. We feel that we have little clue as to the likelihood of risks. We throw our hands up in despair trying to predict the nature of the risk’s impact.
It doesn’t help that we read books like Nassim Taleb’s 2007 “Black Swan,” where the underpinning idea throughout the book says that humans should not attempt to predict outlier events known as Black Swans because human thinking is limited.
Humans only make predictions based on what they have already seen and experienced.
But with all due respect, I tend to disagree. After 18 years in this field I have successfully used tactics with some pretty remarkable results when it comes to risk measurement.
For me, the key is to never do risk measurement alone. I always get a collective opinion from a group rather than one single expert. Let the wisdom of a crowd prevail. Feed off their collective intelligence.
The notion traces back to the well-known finding of Francis Galton, a cousin to Charles Darwin, who in 1907 attended a country fair where about 800 people estimated the weight of an ox as part of a contest.
The average estimate was shockingly accurate. It was within 1 percent of the true weight — better than any individual guess of the cattle experts. The event is recounted in James Surowiecki’s “The Wisdom of Crowds.”
It appears that the average approximation of a group tends to converge towards a good result, often better than the response given of any one individual. But be aware. Group dynamics are tricky. I rely on two rules-of-thumb when facilitating a group: assure diversity and independence.
First, know the make-up of your group. Make sure you have legitimate subject matter “experts” in the crowd. Also, ensure representation from multiple areas within your organization.
It appears that the average approximation of a group tends to converge towards a good result, often better than the response given of any one individual.
If your risk measurement session is to discuss, for example, cyber security risks, ensure that the room does have participants from not only the IT department but from other divisions such as operations, legal, human resources and communications as well. All these groups see cyber risk from their unique vantage points and estimate risk using their own lens.
Also, don’t forget to invite a few organizational curmudgeons. To gain further accuracy, having those who may strongly disagree with your group is critical. In essence, you don’t want the group to start herding and copy-cat towards a consensus. The wisest groups are the most diverse, made up of diverse opinions and ideologies.
Secondly, try to eliminate social influence and bias in a crowd. Group members should feel comfortable to contribute. Individuals need to feel their initial judgments are independent and are not influenced by other’s responses.
It may be a good idea not to have key contributor’s bosses in the room where they may sway their subordinates. In addition, do know that the more information participants get about each other’s responses, the higher the likelihood you degrade the collective answer — best to use secret ballots or electronic voting mechanisms.
So it appears the many are wiser than the few. Have a party and measure your risk.
The Upside of Uncertainty
Just recently, a friend needed some help with a tough decision and wanted to sound out her decision process between two job opportunities. Both options were full of uncertainty.
When we spoke about her potential bosses, she was uncertain if they were good people. In other words, she feared they may not be very nice.
When we spoke of the job security, she was uncertain one organization was stable. In other words, she feared her job may be short term.
When we spoke of her potential for succession, she was uncertain there was room to grow. In other words, she feared her job would be a dead end.
The conversation got a bit draining. When I sat back to think about why, I realized that we covered only the uncertainty of negative things. Her decision process was driven mostly by fear and pessimism and she failed to be inspired by faith and opportunity.
But it seems, we all tend to do that. I think of the expression: “Where there is mystery, the human mind tends to go to dark places.” I have often used that expression in my speaking engagements when I try to convey the idea of “upside risk.”
Her decision process was driven mostly by fear and pessimism and she failed to be inspired by faith and opportunity.
Imagine you are walking down the hall at the office. You see two colleagues chatting in the distance. As they see you approach, they quickly stop talking. It is obvious they stopped because of your proximity.
So let us take an honest vote. Who would think that your colleagues were gossiping about you and curtailed the conversation so as to not hurt you?
Conversely, who would think they stopped talking because they did not want you to overhear details of the surprise birthday party they were planning for you?
When things are uncertain, why immediately associate it to something negative when we also have the opportunity for it to be positive? That is the paradoxical beauty of uncertainty. When nothing is sure, everything is possible. Uncertainty should fuel opportunity too. That is what we call “upside risk.”
People and businesses assess risk, mine data, carve learnings from past experiences and we do our “due diligence.” But often we only do this to gain more certainty around negative things that can happen.
However, true enterprise risk management organizations, mature ones, conduct “upside risk” assessments too. Upside risks act as your organization’s natural hedges against your ever more popular “downside risk.”
Our human condition naturally makes it difficult to do “upside risk” assessments. If you don’t believe me, facilitate a risk assessment session where at first you only elicit negative risks. Then switch. Ask the group to talk about things that “could go overly right” in your organization.
You will be inundated with negative risks. Moreover, you’ll find the longer the negative risk list, people will feel more certain and secure by knowing you have captured the scary business monsters and now have actionable risk attack plans for them. I take no issue with that. That is good risk management. But it is only one side of the story.
Your upside risk list will be much shorter. I truly feel we need to do a better job at identifying what should be on that list.
Not only would the assessment be conducted in a much more pleasant headspace, but the longer we can make the upside risk list, people will feel more certain and secure. They’ll know they have captured their great business opportunities and now have an actionable risk-fostering plan for those opportunities.
Walls of Delusion
“Game of Thrones” is the most-watched series in HBO history and a worldwide phenomenon. It is a story about seven noble houses who fight a civil war over who should be king, all while the kingdom is threatened by a paranormal danger brewing in the North. To defend against this rising threat, a colossal wall over 700 feet tall that stretches 300 miles was constructed and is defended by the honorable Sworn Brothers of the Night’s Watch.
Yes — I watch Game of Thrones. The storylines are compelling, it is brilliantly produced and I enjoy escaping to a world of fantasy.
Sadly, building a colossal wall to defend against rising threats isn’t just fantasy anymore. I thought I was dreaming when I read that Wisconsin governor and Republican candidate for president, Scott Walker, said that building a border wall stretching 5,000 miles between the U.S. and Canada is a legitimate idea and worth exploring. New Hampshire Senate candidate Scott Brown argued a while ago that borders need to be fortified to prevent people infected with Ebola from reaching the United States.
Has “Game of Thrones” author George R.R. Martin inspired the two Scotts and other Republican candidates? What is going on? Did I miss the punchline of this joke? Is Canada the rising threat of “wildlings” from the North?
The notion of a Canadian-U.S. border got a lot of laughs on social media but what is more concerning is why do we seem to be regressing to medieval risk management techniques? What is next — a moat that surrounds the wall? Drawbridges? Princesses in distress to be saved by a knight in shining armor named Donald?
I seriously hope that we collectively think fortressing the United States of America is not the best risk management solution in our modern day.
Why do we seem to be regressing to medieval risk management techniques? What is next — a moat that surrounds the wall? Drawbridges? Princesses in distress to be saved by a knight in shining armor named Donald?
It has been 26 years since the Berlin Wall fell, the iconic barrier that enclosed West Berlin from 1961 to 1989. We spent years breaking down that barrier.
Consider the Peace Walls in Belfast, Northern Ireland, or the barriers separating Palestinian territories in the West Bank and Gaza.
Greece, Spain and Morocco have spent hundreds of millions of euros fortifying their borders.
The Moroccan Wall of Western Sahara is a 1,680-mile-long structure.
The walls surrounding the Spanish exclaves of Ceuta and Melilla are double fences, equipped with anti-climbing mesh.
Hungary is now racing to finish a 110-mile razor-wire fence to strengthen its border with Serbia against the flow of refugees from Syria.
These countries attempt to fortify their borderlines, erect barriers, build the walls higher and higher to lower the risk of “invaders” but do walls even work?
Experts say, not really. Ruben Andersson, author of “Illegality, Inc.: Clandestine Migration and the Business of Bordering Europe,” said that, “Where there’s a wall, there’s a way.”
The “numbers are not going down. People will find a way,” even risking their lives doing so, he said.
Tens of thousands of deaths have been reported. Migrants reportedly storm walls en masse to overwhelm border guards, allowing several thousand migrants from Africa and Arab countries to get over the walls every year.
Clearly building walls is not a novel idea. But the human condition is also not new. I truly believe that if someone builds a 20-foot wall, someone else will build a 21-foot ladder.