Risky Business
eBook - ePub

Risky Business

How Successful Organisations Embrace Uncertainty

  1. English
  2. ePUB (mobile friendly)
  3. Available on iOS & Android
eBook - ePub

Risky Business

How Successful Organisations Embrace Uncertainty

Book details
Book preview
Table of contents
Citations

About This Book

In Risky Business you will find the secret to designing an effective risk framework, a guide to the most successful way to introduce and embed the framework and an exposé of some atrocious risk management practices that simply must come to an end. you will find the secret to designing an effective risk framework, a guide to the most successful way to introduce and embed the framework and an exposé of some atrocious risk management practices that simply must come to an end.

Frequently asked questions

Simply head over to the account section in settings and click on “Cancel Subscription” - it’s as simple as that. After you cancel, your membership will stay active for the remainder of the time you’ve paid for. Learn more here.
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
Both plans give you full access to the library and all of Perlego’s features. The only differences are the price and subscription period: With the annual plan you’ll save around 30% compared to 12 months on the monthly plan.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes, you can access Risky Business by Bryan Whitefield in PDF and/or ePUB format, as well as other popular books in Desarrollo personal & Éxito personal. We have over one million books available in our catalogue for you to explore.

Information

Publisher
Risk Management Partners
Year
2021
ISBN
9780994521859
Edition
1
Topic
Desarrollo personal
Subtopic
Éxito personal

1
An uncertain world

The uncertainty paradox
I dislike the term ‘VUCA’ (an acronym for Volatility, Uncertainty, Complexity and Ambiguity). I don’t dislike a world that recognises these attributes — what world does not? I just don’t get the term. It feels kind of, well, wrong. A world with volatility, complexity and ambiguity means there is uncertainty. That is, volatility, complexity and ambiguity are drivers of uncertainty. Yes, we need to manage them all but we need to embrace uncertainty.
The reason why organisations need to embrace uncertainty is captured in the Uncertainty Paradox, which states that the only certainty is uncertainty. No one can predict the future. You can’t hold your hand on your heart and swear you’ll achieve today’s goals, let alone the goals you have set for a year or a lifetime. No one knows what’s around the corner. No one. There are untold unknowns. What is one of our base fears? Unknowns. And what happens when we fear something? It may be a call to action, or it may trip a fight-or-flight response. We allow our instincts to take over. Other times our mind goes foggy and we freeze. The Uncertainty Paradox demands that we live with uncertainty.
Sometimes uncertainty generates fear, sometimes it intrigues us: we become inquisitive and investigate the uncertainty, like a scientist, or we become speculative, like a gambler. Then uncertainty is experienced not as a threat, but as an opportunity. Think of an artist starting a new work of art. They are excited about what they may create, uncertain of how they will realise each element, of how satisfied they will be with the finished work, and of how the work will be perceived by others. Yet they are up for the challenge.
It’s the same for organisations. Some kinds of uncertainty generate more fear than others. Uncertainty around the actions of government, a powerful competitor or a disruptive start-up can fog the corporate mind. So much so that many corporations react by doing nothing: they simply wait and see. Like the frog in the pan of heating water. Like Kodak inventing digital camera technology then turning their back on it.
Organisations that embrace uncertainty, on the other hand, follow the creed of fail often but fail fast. Think Elon Musk and his SpaceX and Tesla ventures. SpaceX was the first commercial service provider engaged by NASA to take astronauts to the International Space Station. In June 2020 Tesla became the world’s most valuable car maker by market capital value. Musk and the big tech companies see uncertainty as opportunity. They are more likely to be disrupter than disrupted.
Managing uncertainty is a key to success.

Attributes of successful organisations
Before discussing attributes of successful organisations, it is worth considering what an organisation actually is. Nobel Prize winner Herbert A. Simon may have been the first person to articulate it. In his book Administrative Behaviour, published in the 1940s and republished many times since, Simon explains that once the purpose of an organisation is established, all that remains is for management to influence decision making to ensure the most appropriate decisions are made by those within the organisation to fulfil the organisation’s purpose. A perfect decision, he proposes, is one in which all possible consequences are foreseen. But there is no such luxury in the real world. Not all consequences are foreseeable. There is always uncertainty.
By default, successful companies are good at managing uncertainty. They are comfortable with it, and the more ambitious of them embrace it. Some do it through traditional sound risk management. Some, like start-ups in the IT sector, embrace it using development methodologies such as Agile. Agile recognises the extreme uncertainty of some technology builds and minimises risk by taking bitesize chunks of a development, one by one, readjusting goals after each chunk. All to fulfil a purpose.
Adopting sound risk management in an organisation and running an Agile approach to technology development are two ways of embracing uncertainty. Both are about getting comfortable with our fears and discomfort. As an analogy to help explain the concept of embracing uncertainty, I describe how the Uncertainty Paradox is applied to treatment of the mental health condition Obsessive Compulsive Disorder (OCD).
OCD is a debilitating condition that can cause high levels of anxiety in individuals. They develop obsessional responses to certain triggers that compel them to act idiosyncratically. According to Jeff Bell, writing in Psychology Today, OCD sufferers experience extreme uncertainty, which creates high levels of fear and anxiety.1 Their obsessions are based on uncertainty — for example around cleanliness, which forces them to clean things again and again. Bell reports that one successful treatment of OCD is a process called exposure and response prevention (ERP), an especially effective form of cognitive behaviour therapy (CBT). He describes it as follows:
‘In a nutshell, ‘exposure’ involves having an OCD client deliberately face a feared situation or object (trigger). And ‘response-prevention’ involves having that client refrain from the compulsive response that has traditionally brought her temporary relief. To this end, a therapist and client develop a hierarchy of fears, moving from the least anxiety-producing to the most anxiety-producing. With this hierarchical ‘ladder’ as a guide, the client then learns to systematically face down her fears — and, in so doing, habituates to the discomfort of her anxiety.’
Bell explains that the reason for its effectiveness is habitualisation, a concept described by Tamar Chansky in his book Freeing Your Child from Obsessive-Compulsive Disorder, where he ‘likens the process of embracing uncertainty to jumping into a cold swimming pool. At first, the coldness is extremely uncomfortable, and our brains send us messages of “cold, cold, cold” and “Get out! Get out! Get out!” BUT, if we stay in the pool, the water seems to warm up. Of course, it doesn’t really get any warmer; instead, we habituate ourselves to the discomfort of the coldness.’
The implication here is that the most successful organisations learn to systematically confront and get comfortable with uncertainty. They learn to embrace it. They face the drivers of their uncertainty, one by one. Those they can proactively manage, they do. When they can’t, they put in place a ‘Plan B’ to manage the fallout if the worst happens. This is the essence of the concept of enterprise risk management. Rather than simply managing what hurt in the past by adding another process over another process, the organisation looks to identify its fears and systematically work through them. It ignores none of them; it lives with each of them and so has a clearer view of them.
Fortunately, there is increasing empirical evidence of the benefits of a strong enterprise risk management program. For example, Hoyt and Liebenberg, through a study of publicly listed US insurance companies published in 20152. And Lechner and Gatzert, through a study of publicly listed companies on the German stock exchange published in 20183, which found ‘… a significant positive impact of ERM (enterprise risk management) on shareholder value after controlling for other determinants of firm value’. More recently, Gartner published their findings from research into the success of organisations responding to the COVID-19 pandemic as the crisis evolved in early 2020. In their paper titled COVID-19 Makes a Strong Business Case for Enterprise Risk Management they found that ‘an agile response occurred far more often when clear processes already existed’.4 The article also highlighted a problem common to many companies: they treat enterprise risk management as a box-ticking exercise. Those that had done so during the previous decade of strong economic growth either had no Plan B or had plans that did not work
While Agile principles have their place in all organisations, the focus of this book is on how organisations can best embrace uncertainty through enterprise risk management.

Risk management through the decades
Peter Bernstein’s great book Against the Gods: The Remarkable Story of Risk provides a wondrous history of risk management, from the introduction of the Hindu-Arabic numbering system in the western world in the 1200s to publishing in the 1990s. He ends the book with this most important observation: that the heroes of the story of risk — Pascal, Bernoulli, Knight and Markowitz, to name a few — ‘transformed the perception of risk from chance of loss into opportunity for gain, from FATE and ORIGINAL DESIGN to sophisticated, probability-based forecasts of the future, and from helplessness to choice’.5
Grand and inspiring words, no doubt, but what of the decades since?
The formal management of risk grew strongly in the 1980s and early 1990s. Much of it was driven by both safety and financial concerns. Safety concerns were driven by disasters such as the nuclear meltdown in Chernobyl in the Ukraine, which killed thousands and affected most of Europe, and, two years earlier in 1984, the toxic gas release from a chemical plant in Bhopal, India, owned by Union Carbide of the US, which also killed thousands. On the financial side there was the stock market crash of 1987 and the rogue trader Nick Leeson’s destruction of Barings Bank in 1995. The world knew things had to change, and the nuclear and chemical industries for example turned to risk management. New methodologies were developed such as HAZOP (Hazard and Operability Analysis), FMEA (Failure Modes and Effects Analysis) and QRA (Quantitative Risk Assessment).
The new interest in risk management led to the development of the first national standard, AS/NZS 4360 Risk Management, published jointly by Australia and New Zealand in 1995. I had first-hand knowledge of the development of the standard. My boss at the time sat on Risk Management Committee OB7, of Standards Australia and Standards New Zealand. I had the honour of sitting in for him a couple of times in the lead-up to the standard’s publication. So I have taken particular interest in its evolution over the decades through variations in 1999, 2004, evolving into the International Standard ISO 31000 in 2009, and its most recent version in 2018. You are probably familiar with the risk management process documented in the standard, so I won’t bore you by reproducing it here. I do want to point out one very important augmentation of it, however. The only significant difference between the diagram in AS/NZS 4360 in 1995 and the one in the current ISO standard was that it did not include the ‘Communicate and Consult’ box. That’s right. The risk profession knew the beauty of risk management. All that was needed was to put it into a standard and publish it, and the rest of the world would applaud and embrace the process.
But alas, risk management did not catch on as was hoped. I explain the reasons for this later in the chapter. ‘Risk’ became a dirty word. While some organisations, such as those in the mining sector, have dramatically improved safety, other industries have not. While some in the finance sector appreciate the advantages of good risk management, others continue to see it as a compliance activity to appease regulators. Looking back over the past few decades (figure 1.1), you can see how enterprise risk management in many organisations floundered and how it has now started to gain traction. Let me help you relive this history and perhaps describe your organisation right now!
35a
Figure 1.1: Risk management through the decades
The 1990s: Training to fulfil a compliance need
In the 1990s, as we introduced the risk management standard to organisations across Australia and New Zealand in a nicely complicated way, the most common response from non-risk people was, ‘Managing risk is something I do every day. Why do I need to go through this process?’ The result? The risk process became a compliance activity, and the culture of tick and flick was born.
Worse still, it caused serious injury to organisations from which most have never recovered. The responsibility for the risk function was pushed well down in organisations. Rather than a senior executive taking full ownership, someone was found with time on their hands or with an interest in the topic.
So what did organisations do to be seen to be do...

Table of contents

  1. Cover
  2. Copyright
  3. Acknowledgements
  4. Contents
  5. List of Figures
  6. Introduction
  7. 1 An uncertain world
  8. 2 The drivers of uncertainty
  9. 3 ‘Risk’ became a dirty word
  10. 4 The agents of complexity
  11. 5 The end game
  12. 6 Setting up for success
  13. 7 Designing success
  14. 8 Appetite for business
  15. 9 Reading the Signals
  16. 10 Quantifornication
  17. 11 The pathways to success!
  18. 12 Persuasive advising
  19. The wrap
  20. Endnotes
  21. BackCover