Think of the global financial crisis, or even the Deep Blue Sea disaster. For most of us they were a bolt from the blue – enormous disasters with dramatic lasting consequences. But were they really a surprise?
When things go wrong, particularly on a grand scale, there’s always a clutch of experts ready to declare, ’I saw that coming’. Yet all their wisdom and foresight doesn’t, and won’t, stop things going wrong. If disasters are predictable, why do we continue to fail to avoid them?
One reason, suggests Charge, is that we don’t piece together the evidence, and the right information doesn’t reach the people who need to act. The nature of risk has changed. How we prepare for risks, how we gather, share and act on intelligence must change too.
Risk has changed
Risks are now evermore networked and systemic: climate change, failures in global markets, demographic changes, conflict, population movements. The most threatening problems a company faces increasingly lie outside of their direct control. They are systemic. They arise because we are so interconnected and so interdependent that, as the saying kind of goes, if Wall Street sneezes, 30,000 small and micro businesses in Australia close their doors.
Businesses and governments are no longer in a position to isolate and protect themselves as separate entities. Older approaches to risk and risk management will not necessarily solve many of today’s challenges
Small likelihood, unthinkable consequences
The systemic nature of risk amplifies the consequences when something goes wrong. Risk management strategies have underemphasised, for example, risks with catastrophic outcomes, that in the scheme of normal business are highly unlikely. Charge argues that the traditional risk equation, likelihood x consequence, is no longer valid. Catastrophic consequences must dominate the equation, when the consequences are so unthinkable that we cannot ignore them, even if their likelihood is remote.
Risk policy: identifying vulnerabilities through networked information earlier, engaging higher in the organisation and seeking to protect against vulnerabilities.
How we prepare for risks must change
The Australian Risk Policy Institute believes we can mitigate and manage the downside of systemic risk by recognising that organisations sit as part of complex, interconnected networks.
Mapping these networks horizontally and gathering the information contained in them, allows a business to evaluate where it is vulnerable before vulnerabilities materialise into risks.
With this clear picture of vulnerabilities, an organisation can act to protect against those vulnerabilities becoming risks. “We are working in the space before risk management,” says Charge. “Engaging risk policy enables an organisation to reduce the number and severity of risks that will arise.” It is a type of thinking that generates opportunities, he believes, because organisations equip themselves to make informed strategic decisions earlier.
Working in clean air
Risk policy decision making happens before a vulnerability becomes a threat or a live event. “Decision making is in clean air,” says Charge. “Boards, executives and managers haven’t got the pressure of trying to deal with the media, a crisis … they can exercise decision making in a quieter, calmer environment which is proven to be more productive.”
A networked approach to dealing with systemic risk encourages stakeholders throughout the network to work formally and collaboratively to mitigate negative outcomes to the whole network.
Groups of managers, boards, team leaders and forums are involved in risk policy and add collective value. Different areas contribute to and come up with solutions to remove vulnerabilities.
The Australian Risk Policy Institute is working with government and peak professional bodies to share the risk policy learnings and model widely. “Risk policy and risk governance need to be better connected with leadership,” says Charge. “It needs to be a priority for managers, decisions makers, chief executives and government ministers.”
The Australian Risk Policy Institute’s definition of risk policy
- Impacts of decisions and non decisions
- Implications on stakeholders in the network of decisions and non-decisions
- Implementation analysis (public policy) so that policy works, not fails.