Risk management has failed, let’s drop it

You’ve probably heard the term “risk management” before. Broadly-speaking, this term involves the analysis of potential issues as well as the efforts to mitigate, resolve, or minimise the effects of those issues. When someone talks about risk management in terms of their stock portfolio, for example, they are typically referencing diversification so that one bad stock doesn’t take down the whole account.

During one of our RISK AWARENESS WEEK sessions, we had Grant Purdy speaking on “The Millstone Called Risk Management.” It was a fascinating presentation filled with lots of thought-provoking ideas. In particular, Mr Purdy raised a fantastic point: “if risk management is the answer, what was the question?”

The Problems Of Risk Management

Despite its prominence as a corporate buzzword, the term risk management is inherently flawed. There’s no agreement on what problem it is solving, no clarity of purpose, and it has clumsy and ever-changing constructs. It complicates organisational performance instead of enhancing it.

How The Notion Of Risk Management Started

Decisions are difficult. Part of what makes them so tough is that they can, and do, frequently have outcomes that we don’t intend. For example, a city might elect to attract higher-paying jobs, which may result in higher poverty rates for those who are not fortunate enough to have said jobs. Innocent people are almost always affected by bad decisions and, of course, the media loves these stories.

As such, organisations always want a repeatable, algorithmic way to make the right decision (or at least, to explain the rationale behind a wrong choice). Simple solutions came first. Markings like the Plimsoll Line helped people “decide” how much weight a boat could carry. Test the water temperature and don’t fill the vessel so full that it sinks below the relevant demarkation. That’s a form of risk management when you think about it.

Governments and insurers, in particular, have a vested interest in an approach like this. They wanted to mitigate and reduce issues arising over questionable choices. Since these entities have quite a bit of power in contemporary society, they drove a wider-scale adoption of risk management.

When governments and insurers entered into contracts, they had significant muscle and could enforce policies on other parties. The term “risk management” suited because it was both vague and descriptive at the same time. It’s non-specific (what risk, precisely, are we managing, and how?) but it’s also descriptive in that it conveys a contractual obligation to find methods to avoid mistakes or at least know the unknowns.

With that, risk management began to seep into the corporate culture and eventually gained the status of a belief system.

Risk Management As An Established Belief System

It’s first essential to define what a belief system is so that we can look at risk management from this perspective.

  • Feel-good goals with no definition of the problem
  • Unnatural approach
  • Based on unvalidated assertions
  • Conflicting jargon masquerading as real knowledge
  • Defined by a label
  • Promoted with evangelical enthusiasm
  • Acquires the status of an indispensable building block of life
  • Attracts enthusiastic disciples

Initially, the decision-makers were sceptical of “risk management” because the very organisations pushing it – governments and insurers – have a disconnect. They’re not well-known managers of risk. It’s pretty easy to see that, with these organisations, the entire purpose of the concept is to deflect questions and blame. That, compounded with the fact that there was no qualitative proof that this system resulted in better decisions, meant that risk management was doomed to fail in this context.

However, as we know, risk management did not go the way of the dodo. Instead, it thrived. Advisers and consultants (who are enthusiastic disciples) quickly picked up on what “risk management” could mean to businesses. After all, what company wouldn’t want to pay to reduce the chance of making a wrong decision? Standards came into being to provide a false illusion of real knowledge and also provide a way to reduce professional liability. On top of all that, the strongarm of the law came in and mandated compliance obligations which required risk management and thus, even companies that resisted early on, needed to incorporate risk management if they wanted to thrive.

None of this, however, is based in verifiable fact. It’s all a belief and risk management has become a fuzzy belief without a cohesive backing argument.

Risk Management As A Millstone

With governments, advisors, consultants, and organisations of all levels advocating for risk management, it spread fast. However, when it became a belief system, it also inherited some other properties. Most notably, it gained codified but distinctive structures, methodologies, and jargon. It became standardised, without any flexibility for the companies implementing these “risk management” methods.

In other words, instead of companies using some form of risk management to enhance decision making, instead, all decisions need to take into consideration conflicting edifices (the advisers, trainers, IT people, consultants, and so on). You throw in some complicated words and, voila, you have a system that’s hard to understand and hard to implement with no scientific evidence of a better outcome!

A company checks the boxes and has false confidence that by pleasing this multi-faceted concept of risk management, it’s a sound decision. In reality, all they have done is contort a decision to keep all edifices as happy as possible. There’s nothing that says the choice is right for the business!

Can We Abandon Risk Management?

Even though so many organisations take part in risk management, it’s failing in large part because the underlying premise is flawed. In the long-term, it’s going to fail because it’s not credible and it’s not real. It detracts from making sound decisions!

So how do you abandon risk management? Easy. Just stop and make a clean break! Don’t focus your decision-making around pleasing these hypothetical edifices. Instead, focus on making sound decisions using everyday language! These decisions make sense within an organisation’s mission and purpose. They also provide reasonable certainty that outcomes will go as expected. Base your choices on reasoned thinking, empirical evidence, and build in the potential for change.

The Rise And (Hopefully) Downfall Of Risk Management

Businesses all over the world need to shed the millstone that is risk management. Don’t let the supposed necessity to satisfy procedural routines interfere with making the right decision for your business! Focus on making the best choices for your business without all the risk management fluff.

You’ve probably heard the term “risk management” before. Broadly-speaking, this term involves the analysis of potential issues as well as the efforts to mitigate, resolve, or minimise the effects of those issues. When someone talks about risk management in terms of their stock portfolio, for example, they are typically referencing diversification so that one bad stock doesn’t take down the whole account.

During one of our RISK AWARENESS WEEK sessions, we had Grant Purdy speaking on “The Millstone Called Risk Management.” It was a fascinating presentation filled with lots of thought-provoking ideas. In particular, Mr Purdy raised a fantastic point: “if risk management is the answer, what was the question?”

The Problems of Risk Management

Despite its prominence as a corporate buzzword, the term risk management is inherently flawed. There’s no agreement on what problem it is solving, no clarity of purpose, and it has clumsy and ever-changing constructs. It complicates organisational performance instead of enhancing it.

How the Notion of Risk Management Started

Decisions are difficult. Part of what makes them so tough is that they can, and do, frequently have outcomes that we don’t intend. For example, a city might elect to attract higher-paying jobs, which may result in higher poverty rates for those who are not fortunate enough to have said jobs. Innocent people are almost always affected by bad decisions and, of course, the media loves these stories.

As such, organisations always want a repeatable, algorithmic way to make the right decision (or at least, to explain the rationale behind a wrong choice). Simple solutions came first. Markings like the Plimsoll Line helped people “decide” how much weight a boat could carry. Test the water temperature and don’t fill the vessel so full that it sinks below the relevant demarkation. That’s a form of risk management when you think about it.

Governments and insurers, in particular, have a vested interest in an approach like this. They wanted to mitigate and reduce issues arising over questionable choices. Since these entities have quite a bit of power in contemporary society, they drove a wider-scale adoption of risk management.

When governments and insurers entered into contracts, they had significant muscle and could enforce policies on other parties. The term “risk management” suited because it was both vague and descriptive at the same time. It’s non-specific (what risk, precisely, are we managing, and how?) but it’s also descriptive in that it conveys a contractual obligation to find methods to avoid mistakes or at least know the unknowns.

With that, risk management began to seep into the corporate culture and eventually gained the status of a belief system.

Risk Management as an Established Belief System

It’s first essential to define what a belief system is so that we can look at risk management from this perspective.

  • Feel-good goals with no definition of the problem
  • Unnatural approach
  • Based on unvalidated assertions
  • Conflicting jargon masquerading as real knowledge
  • Defined by a label
  • Promoted with evangelical enthusiasm
  • Acquires the status of an indispensable building block of life
  • Attracts enthusiastic disciples

Initially, the decision-makers were sceptical of “risk management” because the very organisations pushing it – governments and insurers – have a disconnect. They’re not well-known managers of risk. It’s pretty easy to see that, with these organisations, the entire purpose of the concept is to deflect questions and blame. That, compounded with the fact that there was no qualitative proof that this system resulted in better decisions, meant that risk management was doomed to fail in this context.

However, as we know, risk management did not go the way of the dodo. Instead, it thrived. Advisers and consultants (who are enthusiastic disciples) quickly picked up on what “risk management” could mean to businesses. After all, what company wouldn’t want to pay to reduce the chance of making a wrong decision? Standards came into being to provide a false illusion of real knowledge and also provide a way to reduce professional liability. On top of all that, the strongarm of the law came in and mandated compliance obligations which required risk management and thus, even companies that resisted early on, needed to incorporate risk management if they wanted to thrive.

None of this, however, is based in verifiable fact. It’s all a belief and risk management has become a fuzzy belief without a cohesive backing argument.

Risk Management as a Millstone

With governments, advisors, consultants, and organisations of all levels advocating for risk management, it spread fast. However, when it became a belief system, it also inherited some other properties. Most notably, it gained codified but distinctive structures, methodologies, and jargon. It became standardised, without any flexibility for the companies implementing these “risk management” methods.

In other words, instead of companies using some form of risk management to enhance decision making, instead, all decisions need to take into consideration conflicting edifices (the advisers, trainers, IT people, consultants, and so on). You throw in some complicated words and, voila, you have a system that’s hard to understand and hard to implement with no scientific evidence of a better outcome!

A company checks the boxes and has false confidence that by pleasing this multi-faceted concept of risk management, it’s a sound decision. In reality, all they have done is contort a decision to keep all edifices as happy as possible. There’s nothing that says the choice is right for the business!

Can We Abandon Risk Management?

Even though so many organisations take part in risk management, it’s failing in large part because the underlying premise is flawed. In the long-term, it’s going to fail because it’s not credible and it’s not real. It detracts from making sound decisions!

So how do you abandon risk management? Easy. Just stop and make a clean break! Don’t focus your decision-making around pleasing these hypothetical edifices. Instead, focus on making sound decisions using everyday language! These decisions make sense within an organisation’s mission and purpose. They also provide reasonable certainty that outcomes will go as expected. Base your choices on reasoned thinking, empirical evidence, and build in the potential for change.

The Rise and (Hopefully) Downfall of Risk Management

Businesses all over the world need to shed the millstone that is risk management. Don’t let the supposed necessity to satisfy procedural routines interfere with making the right decision for your business! Focus on making the best choices for your business without all the risk management fluff.

Watch the full workshop and many other risk management videos: https://www.youtube.com/watch?v=-QRyDveO3ZY

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.