“It is all about risk elimination and readiness. Models, predictions and fancy charts will only take you so far.”
U.S. General Stanley McChrystal, recently published a book entitled “Risk”. In this book, he clearly states that “Immunity is more powerful than Probability!”. Based on his years as a battlefield commander and soldier, with COVID as an additional challenge, McChrystal argues that risk management needs to move away from attempting to calculate probabilities and focus on immunity to changes and impacts.
Risk Management: Responding vs. Immunity
According to the General, the risk management discipline has historically over-fixated on responding to a threat based on perceived likelihood & impact, rather than building up an active immunity to it. Most modern macro-risks contain far too many complex, shifting variables to consistently predict when, where and at what magnitude a particular threat scenario will materialize. Relying on imperfectly probabilistic risk methods will inevitably mislead and create a false sense of confidence that we are ready to respond to a specific threat when it emerges.
This same concept is well documented in Nicholas Taleb’s books, “Black Swan” and “Fooled by Randomness”. In both books, Taleb outlines how unpredictable the world really is. Too often organizations rely on fancy mathematical models and historical trends to predict the future. Inevitably this is upended when something ‘unpredictable’ does emerge – the COVID pandemic, the fall of the Soviet Union, rising trade tensions with China, or the high inflation and interest rates.
The events listed above were not unpredictable, in fact we knew that a pandemic would happen eventually, that inflation would increase and that interest rates could not stay at 0 forever. Nevertheless, we failed to adequately prepare for them. Organizations seem to expend too much effort on evaluating the probability of occurrence rather than preparing for the occurrence itself.
Risk Registers and Compliance Tools
McChrystal outlines how conventional risk methods have focused on risk registers, colorful dashboard reports and sophisticated probabilistic distributions have their limits. Despite these tools and data, many organizations do not convert them into general readiness for emerging threats/disruptive forces. Too much paperwork, not enough action. Being prepared for surprises and being able to rapidly respond is often more material than how we evaluate a problem with specific risk. Resources need to be allocated for preparedness – making supply chains more robust, ensuring that there are backup systems and training staff on possible surprises.
McChrystal explores numerous cases where major organizations failed to prepare for risk scenarios that were both known & obvious. He concludes that those organizations wishing to succeed in this modern era of perpetual disruption and advanced uncertainty, will need to boost their own response readiness to material risks regardless of their perceived probabilities. Modern organizations must build dynamic internal systems that ensure they are prepared to rapidly fight off emerging threats to their business and operations.
McChrystal’s book reinforces much of the new thinking on risk & resilience in a complex and interconnected world. Specifically, as the world continues to complexify, organizations must focus on resolving disruption. Risk management must move beyond models, calculations and spreadsheets, and convert their knowledge into material readiness and resilience.
If you need help implementing a Compliance Program for your organization and your stakeholders, please contact us at email@example.com of at +1-888-608-7511