Why Risk Management Doesn't Work.
Marco Felsberger
I help Risk & Resilience Managers build unique knowledge to become a top 1% Resilience Engineer, with innovative but proven Resilience Strategies | Master Risk, Resilience, Antifragility & Complexity
I had my epiphany 5 years ago. I remember it as if it were yesterday.
Like a house of cards, when you pull out a card from the bottom, my whole Risk Management world fell apart.
Nassim Taleb had a significant influence on this shift. It was October 2018, and I was attending Nassim's Real World Risk Course in New York.
Let's start at the beginning...
For many years, I believed that Risk Management was the Champions League of organizational management. (For my US friends, Champions League is about real football ;).
I endeavored to assist companies with Risk Management to the best of my ability, but I often found myself facing challenges.
Conversations with peers revealed they felt the same way.
For a long time, I kept thinking: If I could just get better at identification, or assessment, or monitoring, then I'd truly excel at helping companies manage risks.
Observing the current state of RM, it's evident that numerous companies grapple with one crisis after another.
This challenge isn't confined to companies, entire nations often misjudge risks.
It appears we allocate resources to minor, almost negligible risks, while overlooking the substantial ones.
How is this possible? And, more importantly, how can we fix this?
I was ready for Nassim's insights.
As the saying goes, when the student is ready, the master will appear.
I had this gut feeling that many aspects of our approach were misguided.
How?
I tried to verify what worked in the real world and found that much of the theoretical knowledge about risk management didn't quite translate in practice.
Nassim and his brilliant colleagues gave me a powerful push, starting my journey.
People often confuse complex and complicated systems (do look it up if you're unfamiliar), but they commit a more important error.
Professionals in Risk Management frequently employ tools designed for complicated systems and apply them to the complex domain.
A complicated system is a closed one, something we can fully understand and predict, often referring to human-made systems, like machinery.
Consider tools like Failure Tree analysis or Bow-Tie analysis. They're perfectly suitable for closed technical systems that we can comprehend and forecast.
The same applies to the commonly used risk matrix.
Generally, anything that involves probability works reasonable well in closed systems.
But, as we expand these closed systems—say, by connecting them or introducing human interaction—it becomes tricky.
The catch is that our tools from the complicated domain might seem to work in complex environments, but only until they suddenly don't.
To clarify, I do still employ these methods in complex settings since they help me understanding risks better. However, it's vital to recognize their limitations.
Taleb emphasized the importance of focusing on fragility, a perspective I've since integrated into my analysis.
领英推荐
Without considering fragility and the interconnected nature of elements, we miss out on numerous dimensions.
The real game-changer for me was the understanding of the concept of resilience (or at least what I understand under resilience).
While Risk Management zooms in on parts of complex systems, resilience aims to encompass the entire system, including its interrelationships.
This holistic perspective didn't come naturally to me at first.
Even if we regularly mention system thinking, it's not intuitive for many.
People often seek clear-cut, binary solutions that dictate actions for various scenarios.
Reflect on a post I wrote about two months ago, where I differentiated risk management from business continuity management. It received substantial engagement.
Using somewhat arbitrary definitions (even if they're from a standard), I established a boundary. This is akin to how colonial powers once drew borders on maps while sitting in European cafes.
The crux of the matter is that such divisions might look good on paper but frequently fall short in real-world applications.
Our inclination to simplify to understand complex topics becomes a double-edged sword. There comes a point where this reductionism becomes detrimental, and we need to transcend it.
"To understand complex systems, we have to go up and out, instead of down and in." - Sidney Dekker
Once I grasped this, my journey became considerably smoother, providing clarity on where to direct my focus.
When striving to understand systems, I map them out. This system mapping is essential for risk comprehension.
Merely defining the scope of the systems, their boundaries, proves to be highly beneficial.
The notion of fragility directs me to the system's underlying weaknesses, manifesting in various forms, with bottlenecks and constraints being among the most significant.
From this foundation, everything else aligns.
We should address complexity with a nuanced understanding, ensuring we don't confuse complexity with complication.
It might surprise you how straightforward solutions for complex systems can be.
Ultimately, continuous monitoring and adaptation to evolving environments are crucial.
With an initial identification of fragility, this adaptation becomes much more manageable.
Don't misunderstand, it remains a demanding endeavor.
Yet, it's more achievable and fulfilling compared to other methodologies I've come across.
Remember, resilience isn't a fixed state, it's a continuous process.
See you soon!
Marco
P.S.: If you're keen to join me on this journey, DM me: "Resilience Engineer".
Senior Project Independent Consultant
1 年Good article Marco
Marco Felsberger A great article, Taleb's books are enlightening. Radical Uncertainty is also an excellent read. After 30 years of experimenting on live projects to improve project delivery, I came to a similar conclusion as King and Kay that when faced with complexity and radical uncertainty, the best thing is to ask in real-time, "What is going on here?". In other words, be in the here and now with less focus on past performance and future forecasts. ? Therefore, It is essential that the project delivery system has systematic here-and-now routines (shortest feedback loop) and always takes a collective systemic view focused on the bottleneck. This increases resilience and minimises fragility. ? ? Such a system should avoid organising production based on estimated times with all the inaccuracies, biases and built-in failure rates. The work should be planned in units. ? This provides a much more interesting angle for AI than analysing historical data from millions of projects with a high likelihood of extending the project cycle time. ?? James Garner; Chris Mackenzie-Grieve-Grieve; Dr Jo Jolly
Transformational Nonconformist-It is time to Think Differently about Risk. "It didn’t take guts to follow the crowd, that courage and intelligence lay in being willing to be different" Jackie Robinson
1 年Don't be conformed to your past way of thinking!! The Future is here! https://www.dhirubhai.net/pulse/future-here-horst-simon-risk-culture-builder
Owner at Carlin Pharma Consulting LLC
1 年You have encapsulated why risk management fails in Pharma. Pharma systems are complex, defined as subject to unpredictable emergent behaviors. Good luck assigning probabilities to the unpredictable. Pharma systems also have dearth of statistics on component performance. Most probabilities are subjective guesstimates.