Newsletter Sign-up

But what if Galton had been correct? What if one were faced with a situation where every single person in a society was truly incapable of even the most basic problem-solving? Would wisdom of the crowds still apply?

Fortunately, we have ample real-life situations where entire societies are comprised of just such morons. No, I am not talking about (insert the state, country, or team you most like to disparage here); rather, I am talking about ants and other swarming creatures. Not even the most ant-loving, overly anthropomorphizing person can argue that an individual ant has anything approaching human intelligence. A single ant on its own is about as unimpressive intellectually as a multicelled organism can be; it can't even survive.

What does this have to do with risk management? Many risk management solutions and frameworks out there operate from the belief that there has to be some organized, centralized control in order to manage risk. I have seen ERM programs that require thousands of team leaders across the company to fill out risk assessment forms on a monthly or quarterly basis. The assumption is that risk management requires solid data, and the only way to get it is with centralized command and control.

In these cases ERM is approached as an extension of the executive fiat. The idea is that, with the power of the board and/or CEO, behavior can be dictated, that the troops will comply, and that one will have reliable reports and data. And that, armed with this data, one can create dashboards and analyses that will allow an accurate, holistic view of the company.

I have not seen anyone succeed at this method. Humans become deities of chaos when it comes to gathering data. Although we tend to produce an unbelievable amount of it, rarely do we produce it in a consistent and structured manner. E-mails issued from on high, no matter how powerful the sender, do not change the human disposition to leave fields blank and enter numbers into the wrong place. Any model that assumes that this can be changed is operating on a faulty assumption. Too often, this assumption is never questioned.

It is true that one of the main challenges of ERM is to be able to measure and monitor risk within the company. But let's rethink these goals with swarm theory in mind. One of the keys to success of an ant colony is the way that the opinions or messages from others in the colony are gathered, communicated and sorted out.

The best analogy to the business world is the Google search algorithm. It essentially copies ant colony communication in that it relies upon the opinions of the many different Web sites. Ants communicate by making suggestions to each other. When a single ant gets enough similar suggestions, it takes action based on them. Similarly, Google monitors the suggestions of different Web sites (links to a particular site are like an opinion or suggestion of that site). The more suggestions, the higher Google rates the site.

The pages thrown up willy-nilly on the Internet are chaotic. There is no central authority controlling the Web nor is anyone effectively dictating what sites are linked to and with what frequency. And yet, out of this chaos of independent action, Google gathers the individual pieces and makes sense out of them. And it can do so in a fraction of a second.

If Google can do this with something as vast as the web, doesn't it seem possible that one could gather the opinions and data within a single business and begin to identify the important trends and opinions? In fact, some organizations have already started applying similar solutions to risk problems.

For example, the CIA uses a software tool called Autonomy that can search audio, documents and other forms of data and recognize certain patterns. They feed vast amounts of communication (mostly from suspected terrorist groups) into this software. Autonomy sifts though the data and graphically maps the patterns of the communication. By monitoring these patterns, the CIA can sift through a bunch of seemingly meaningless and disconnected "chatter" and predict where future terrorist attacks might occur.

Some companies have used this software to sift through the field service notes, blogs and e-mails within the company to identify patterns in customer dissatisfaction. Others are using similar technology to monitor chatter around a specific brand, which allows them to monitor when the brand is losing its value or approaching a crisis. After all, reputation moves in slower and more predictable ways than terrorist groups. Compared to what the CIA is doing, monitoring reputation is like shooting fish in a barrel.

People communicate almost compulsively with each other, just like ants. Ants use chemicals to say, "This project is doomed! Save the larva!"

Humans differ in that they use the phone and e-mail to communicate essentially the same message. Imagine if all of the millions of e-mails within a large corporation were subjected to this system. Employee gripes, pending disasters, process breakdowns, problem employees--all would be revealed.

More importantly, the results would not be watered down by fear of retribution that causes more "organized" communication to be altered. One would get an unadulterated look at what was really going on within the company

We might find that, by using existing tools to tap into the natural, constant communication already occurring, we can get better information than by forcing changes in behavior. If an insect can create a highly responsive, pro-survival organization, surely we can too.

BEAUMONT VANCE manages risk for Sun Microsystems Inc. This column was a complimentary excerpt from one of his latest "Risk Management Reports" newsletters, which he edits and publishes. For more information on how to subscribe to the full version of the newsletter, please visit www.riskreports.com/.

Click here to read Beaumont's latest Risk & Insurance® column.

November 8, 2007

Copyright 2007© LRP Publications