Risk management, as a practice and set of principles, has been utilised since the 1940’s; 70 years after its introduction what has been accomplished?
History of Risk
Historically risk was the product of the insurance industry to assess financial risks of the businesses they insured. As a sustainable practice it is best to know if your insured will cause financial ruin for your or make a significant negative effect on your profits. Risk was seen as a negative influence on business and should be eliminated. Risk was the practice used by business owners and boards.
Moving into the eighties, when risk was becoming a modern business practice, texts were being written and training was being offered to those further down the totem pole in a business, but still very much a focus of Board and boss. Risk was moving toward financial markets and some manufacturing environments. Risk, as a practice had not yet emerged into mainstream service industries and was still perceived as a negative element.
Come the nineties and risk is an emerging Standard and has permeated the manufacturing sectors and some service industries. Risk, as a Standards, was utilized and studied by middle management and line leaders to control risks in production quality and safety. Risk focus was moving away from the Board and boss as a more systematised approach to identifying and managing risk provide confidence that the skill and expertise of the business could be managed through the risk process.
Starting a new century and we hear risk in conversation around environment, welfare, safety, finance, data, privacy, etc. We have seen the concept of risk used to protect national borders, secure international trade, define sustainable practices for future generations and to insulate or isolate political governance. Risk is a practice that can be audited, but not yet certified, it can be consulted and benchmarked, trained and coached.
But has the practice and principle of risk really changed in 70 years? What would we say is the paradigm shift in understanding and use of risk principles that has assured our future successes? To answer the question I would like to look at my own personal experiences working in risk management over the past 20 years and draw some conclusions.
Risk Data
“There’s nothing quite like the feeling of putting a lot of great work into a model, cleaning up the data… and getting a less accurate result…”, a recent meme I discovered and very apt to this field of work. Over 70 years we have become experts in finding new sets of data to describe and quantify risk. With in the invention of the web, social media and “big data” we have endless and instantaneous data from which to draw an even more nebulous conclusions. As with all the data, it’s only as good as the code interpreting it.
If I was to draw a parallel to the science of artificial intelligence is the bias inherent in the coding and how that bias can predict false positives or negatives. Bias is introduced through unintentional channels such as human factors when programming analysis, or indeed intentional bias when that code interrogates data.
Omission of error or even risk in assessing the risk of data happens when the scope of interrogation is highly selective and exclusive. So if you wish to assess the risk of buying a plane ticket from a singular airline and wish to know if the pane will crash, then that data can be reliable. If you wish to buy a ticket online at best price and conditions for you then you are relying on someone else’s programming of data. Same holds true with any gig-economy business where data is from diverse and highly discriminatory sources.
The speed at which we consume data and make decisions is increased exponentially and thus more focus is placed on the experience of others, booking hotels, buying a car, eating at a restaurant, choosing a doctor. Often we are inclined to make split-second decisions based on little more than gut feel. This has not changed in 70 years, nor will it likely change.
In summary we will have access to more data , faster which means we will become more uncertain about risk.
Behaviours with Risk
Generations, as we know, display different behaviours and attributes. The founders of risk (baby boomers) were self-reliant, respectful of authority, independent and measured success in material wealth. This would lead to the slow emergence of a practice of risk principles outside of individual skill and expertise. It internalises risk practice to businesses and would be focussed on building the wealth of the business with little regard to the human factor.
The successors of business and the generation currently pulling the strings are the X Gen. This generation best known for uncertainty in life experiences from depression, divorce and downturns has created a workforce, allegedly, of “jumpers”. They show little loyalty for organisation and will jump jobs and businesses in the search for a better reward for their lives. They are critical of systems and prefer to be entrepreneurial and take charge of their own destiny. Hardly surprising then that risk practice and process started to emerge and harden through the 60’s and 70’s. Risk took shape and became something from which to build a science of scepticism in the data. Business started to see the importance of risk analysis through the 80’s and made landfall as a Standard in the 90’s.
Risk today is the domain of the millennials, the Next Gen to take over business and morph it into their own. Return to more traditional values of family, home and importance of education this generation can truly embrace the data era and make full use of emerging technology to help use risk as a tool to build meaningful work. Risk will not be a negative subject, rather another learning and construct on the way to an outcome rooted in community values. Exciting!
What is we see in this meaning of risk is the inclusion of the human factor as opposed to some other financial and operational integrand. The GFC was not a financial error in the system it was human factor, created by a few, copied many and given little to no thought on the broader implication on the system. Humans at play creating havoc. Elections being “hacked” is not the result of loose data and soft firewalls it’s the deliberate injection of human factor into a process that has worked quite well for hundreds of years, right up to the invent of social systems and data sharing. The impact of risk materialising was known to a few and shared by even fewer. The list is long and distinguished on humans hacking systems, so what chance does a risk management system, built 70 years ago, hold into the future?
Risk Responsibility
Risk responsibility or ownership of risk and outcomes of risk materialising is really interesting!! I think this has come full circle to be the onus of Boards and Bosses. As it was in the 40-60’s the controls of outcomes were dictated by a precious few who had the wealth of experience and knowledge in seeing the future through their crystal balls. Well really? They knew the outcome because they controlled the workforce behaviour, the market and the conditions ruthlessly.
Come the 60’s and the people were revolting against “the Man” wanting to have a greater say in their future and the outcomes. More self-interest, more uncertainty, more risk. Through the 80’s and onto the early 90’s and when risk happened those entrepreneurial folk were taking charge of markets and systems and were highly visible. With spectacular success came spectacular failure. TV, radio, media, internet ensured these people were held accountable and rightly tried publicly.
Come the new century and we see far fewer people willing to accept the responsibility for risk preferring shift blame to a higher authority. THE GFC is attributed to Lehman Brothers; Venezuela economic collapse attributed to oil companies and the government corruption; North Korea nuclear tensions blamed on the dictatorship of the Kims; climate change blamed on the automotive, power and fossil fuel industries.
Everybody is looking for that scalp to claim to make the matter feel better, yet little responsibility is shared by us all for the materialisation of risk. Social media weaponizes causes and judges people by countless thousands or hundreds of thousands who have little or stake in matter. The weight of such public unrest can be impossible to bare and often leads to ruin for the individual.
All sounds a bit dire and negative so let’s put a shine on it, people collectively have the responsibility for helping to assess risk and normalise the data toward a greater certainty of events. We live in an era of empowered, educated, and technologically advanced humans. More so than at any other point in the history of mankind have we had the privilege of peering through the darkness to the candlelight of the future. We should be building upon past practices in risk management to evolve our night vision and look back over our shoulders to tell others what we see.
So what’s changed in 70 years? Everything. Have we adapted to change in risk management? Slowly, our rate of change has been determined by the factors of data, behaviour, responsibility. Systems are only as good as the people practising them, the systems should keep pace with ability to see ahead.
About the author:
Peter Holtmann has over 20 years of experience in science, education and business leadership. He received his Bachelor of Science from the University of Western Sydney, Australia before extending his career into the design, development and delivery of management and business continuity programs for the manufacture, insurance and service sectors globally. Peter chairs and attends a number of boards and writes for various publications. He also runs a business coaching and consulting firm.
He can be reached at: peter@holtmann.com.au