Most well-managed organisations have long had elaborate and seemingly comprehensive risk management policies. However, numerous surveys have shown that relatively few employees know what is in them, and fewer still understand either their significance or the associated procedures.
This implied emphasis on form over substance is just one of several critical weaknesses embedded in many risk management policies. Others include -
1. Risk identification
For most organisations, the single greatest risk is the way in which risks are identified and prioritised. Risk management models are only as good as the information which is fed into them.
Risk management is primarily about perceptions. The latter are substantially informed by past experiences and personal and organisational values. If senior managers all have broadly similar ambitions and values, as they usually do, they may also have common ‘blind spots’.
Such blind spots are reinforced by the conformist thinking of career-minded scenario planners and ‘thought leaders’. The more respected the forecaster, the greater the pressures not to stray too far from consensus views and assumptions.
2. Local conditions
Procedures intended to mitigate risk are often uniformly applied across the organisation, with minimal adjustment for local conditions.
The tendency to disregard or misjudge local factors is reinforced by the media’s readiness to attribute developments in Africa to the first easy explanation that springs to mind.
Such ‘soundbite analyses’ reinforce prejudice and misperceptions. They also obscure the true causes of events and thus the risks which they may pose.
3. Stakeholder consultation
The importance of stakeholder consultation is widely recognized. However, the motivation, skill and objectivity with which it is conducted varies considerably.
More often than not, the wrong questions are asked of the wrong people by the wrong people in the wrong way and at the wrong time. The resulting feedback can be wholly misleading.
4. Risk transfer
Many organisations compulsively try to shift as much risk as possible to others, regardless of whether the other parties are able to manage the risk or to bear the consequences should it materialise.
When they eventually collapse under the strain, as sometimes happens, the consequences for the original risk-shifting party are often far more severe than would otherwise have been the case.
5. Contractual risks
Most organisations include dispute resolution clauses in all contracts, yet their importance is often under-estimated. Negotiators trying to close a deal may avoid dwelling on the possibility that their principals could soon be in dispute.
Careless drafting of the dispute clause can give rise to extended and costly legal wrangling as regards sequence, jurisdiction, limitation, confidentiality and other potential procedural issues.
What we do
We help clients to identify, prioritize and anticipate risks and to devise practical ways to manage their particular vulnerabilities.
We do not try to reinvent the wheel, by doing that which mainstream advisors already offer. Instead, we identify systemic blind spots, as well as specific local risks which may have been overlooked or construed in unduly benign ways.
We also advise on in-house dispute management policies and procedures, and on how to conduct risk-related stakeholder consultation programmes.
Known and unknowns unknowns
In 2002, Donald Rumsfeld, then US Secretary for Defence, stated that: “There are ‘known knowns’, which are things we know that we know. Then there are ‘known unknowns’, which are things that we know we don't know. There are also ‘unknown unknowns’. These are things which we do not know that we don't know.”
Many people initially thought the statement was nonsense. However, on closer examination they had to admit that what may at first have seemed idiotic does in fact make sense.
‘Unknown unknowns’ – i.e. wholly unforeseen developments, as distinct from those which have been discounted as unlikely – are the stuff of catastrophic risk management failures.