HomePolicies and Procedures

The fourth response to risk

Like Tweet Pin it Share Share Email

President Donald Trump, at a March 19th briefing, said, “Nobody knew there’d be a pandemic or an epidemic of this proportion.”

This is not an accurate statement (see, for example, last year’s Worldwide Threat Assessment of the US Intelligence Community, 1/29/2019), which, given President Trump’s falsehood rate of 15 per day since taking office shouldn’t be all that surprising.

And yet, in Donald Trump’s defense (you have no idea how hard it was to type those words) …

But before we get to that, here’s a quick recap of how organizations plan their risk responses. It isn’t, in principle, particularly complicated: Risk managers:

  • Establish their planning window.
  • Enumerate the relevant risk categories and specific risks.
  • Estimate each risk’s probability of occurrence within the planning window.
  • Forecast the harm should each risk become real.
  • Determine the logical level of investment for dealing with each risk.
  • Decide which of the four responses to risk is most logical (or are most logical — combinations are allowed):
  • Prevent, also called “avoid” — reduce the likelihood of the risk becoming real.
  • Mitigate — reduce the harm should the risk become real.
  • Insure — for a fee, share the financial harm that occurs when the risk becomes real with a third party.
  • Accept, also called “hope” or “ignore” — do nothing.

Speaking of risk, I’m taking on quite a bit with the above analysis, namely, that members of the KJR community who are more knowledgeable about the subject will blister me for such a ghastly oversimplification. If you’re among them, please share what you know in the Comments.

Where was I? Oh, yes, the Trump administration’s response to the threat of a pandemic, which was to ignore it, in spite of, as explained last week, its statistical inevitability.

Among the questions this raises: How many businesses insured themselves against the threat of a pandemic, prevention being impractical for your average business, and mitigation … for example via supply chain diversification … having severe scope limitations.

My guess: Not many.

The plain, sad fact of the matter is that most businesses, most of the time, have to accept more risks than they respond to through prevention, mitigation, or insurance. Among them:

  • Nuclear war.
  • Stray asteroids.
  • Your sole remaining IMS expert calls in rich from the Caymans.
  • Malware invades the GPS system, resulting in randomly calculated driving routes that disrupt shipping for your products and supply chains.
  • IT’s planners didn’t know their predecessors “solved” their Y2K problems through the use of a “pivot year,” which solution expired last year (and thanks to Al Vyssotsky for bring this to our attention in last week’s Comments).
  • The company you outsourced IT to pulls an Enron and goes toes up.
  • A voice in your CEO’s head tells him to slaughter the rest of the executive leadership team with a machete during its annual planning retreat.
  • Mutant chimpanzees declare war on humanity.
  • Two words: Disco revival.

It’s something you can count on: The next risk that turns into reality will, in all likelihood, be a risk you Accepted because, like most businesses, you can’t afford to plan for every risk you can think of; probably you can’t even afford to plan for all the ones you know are serious and likely.

Does this mean risk management is a pointless discipline? Of course not.

But along the way to effective risk management, before making specific plans for specific risks, should be commitment to these management basics for any Accepted risk that had the poor manners to become real:

(1) Don’t deny; (2) focus your best experts on the problem, whether or not they occupy the most appropriate boxes on the organizational chart; (3) give them whatever resources they say they need without quibbling or negotiating; (4) clear away any institutional roadblocks they bring to executives’ attention; and (5) set the right example — shut down any and all attempts to blamestorm the cause of the situation.

While your experts dig in, you and your fellow leaders should be communicating honestly and directly with employees about what’s happening, what the company is doing about it, and what to expect, to the extent you’re in a position to know what to expect.

Meanwhile, I’m going to take my own advice about not blamestorming our current situation.

No matter how hard I have to bite my tongue to take it.

# # #

But feel free to bait me in the Comments section!

Comments (11)

  • Your forays into political commentary are becoming more and more distracting. Please stop.

  • Bob — A) Keep commenting on what you will. I appreciate your insights. Besides politics and business are not “non-overlapping magisteria”. I can’t imagine more overlap. B) And (why I came to comment), I think business leader *do* have some prevention and mitigation options for pandemic and nuclear war, climate change, and any number of global issues. Business leaders have huge influence on public policy when they choose to exercise it. And even if all they care about is making money, this is going to cost them … Good lord I don’t know how much. Do it for your bottom line.

    Businesses MAKE MONEY in times when the health and welfare of the world is stable or improving. Good social policy is good business.

  • A grocery chain in Michigan, has a home delivery option. Being in the “vulnerable” group, my beloved enticed me to take advantage of the service. It seems a much greater number of people than anticipated, has also decided to do the same. The results are a web page that was down for most of the day yesterday. When I finally was able to enter the order on Monday, there was no available delivery times for Monday or Tuesday. Late Monday night, after the store was closed I found a single delivery time available for Tuesday. On Tuesday, things that were listed in stock on Monday were not available for the shopper on Tuesday. When the shopper attempted to check out with my order, the application she used was down, and she could not complete the checkout. About a half hour later it came up and she made the delivery. I was told that she didn’t have a paper receipt, that it would be emailed to me. I have not yet received that receipt, and when I called customer support, the kind lady was able to locate it, but the email system was backed up. On top of all this, Michigan is now a stay at home state, except for essential services.

    The moral of this tale, is that while IT has done a pretty good job of making work at home a viable option. When you can’t go into work because your product is not considered essential, work at home is a sparse solution when you can’t ship product. And work at home does not address the problem in a drastic shift in the way that essential services, in this case groceries, are delivered. It could have been predicted when a week ago, restaurants were closed except for takeout and delivery.

    Coping with a changing world,


    • Interestingly enough, one of the most important cloud use cases is using it to handle unpredictable spikes in demand. For whatever that’s worth …

  • Disco revival : hoot!!!!
    Staying alive, staying alive!

  • Posted on behalf of “Judy,” who is having technical difficulties with the Comments section:

    Your column today ignores the *recent* destruction of this country’s capability to protect the public health in normal times and to react to a spreading illness. Control of contagion has been a major triumph of the world’s health systems over the past hundred years. It’s not that societies didn’t do this. We tore it down.

    Your article takes as a premise that businesses plan their risk response. I propose that many don’t. Perhaps this is a consequence of the idea of “move fast and break things.” Or just business as usual. I hear that in business the time that matters is measured in quarter years for the company, and for the company leaders in payout at retirement or departure. Even a shorter time frame than societal memory is in play.

    The trends of just in time, long supply lines, and minimizing the capability of systems to respond are recent, pervasive, and deadly. We have, I think, forgotten that nature proceeds according to its own laws. For a time humans got comeuppances frequently enough to keep us planning a bit better for the more-than-a lifetime future.

    Many of the examples of unexpected disasters you list are rather easily capable of mitigation with the world’s current astonishing wealth and our technological wonders. We are squandering these gifts and cannot even find the resources to track asteroids or maintain health resources or prepare for other *absolutely predictable* crises that would not even put a dent in international wealth, or even that of our country.

    Since we cannot deal with even the low-hanging fruit we have not sincerely approached other problems such as global warming. The more complicated and power-driven social issues such as nuclear war seem to be completely beyond our present societies.

    Thanks for raising the topic.

  • For “Judy’s” input you posted on her behalf: I dunno, maybe Malthus is rearing his head.

Comments are closed.