President Donald Trump, at a March 19th briefing,
said, “Nobody knew there’d be a pandemic or an epidemic of this
proportion.”
This is not an accurate statement (see, for example, last year’s Worldwide Threat Assessment of the US Intelligence Community, 1/29/2019), which, given President Trump’s falsehood rate of 15 per day since taking office shouldn’t be all that surprising.
And yet, in Donald Trump’s defense (you have no idea how
hard it was to type those words) …
But before we get to that, here’s a quick recap of how
organizations plan their risk responses. It isn’t, in principle, particularly
complicated: Risk managers:
- Establish their planning window.
- Enumerate the relevant risk categories and
specific risks.
- Estimate each risk’s probability of occurrence
within the planning window.
- Forecast the harm should each risk become real.
- Determine the logical level of investment for
dealing with each risk.
- Decide which of the four responses to risk is
most logical (or are most logical — combinations are allowed):
- Prevent, also called “avoid” — reduce
the likelihood of the risk becoming real.
- Mitigate — reduce the harm should the risk
become real.
- Insure — for a fee, share the financial harm
that occurs when the risk becomes real with a third party.
- Accept, also called “hope” or “ignore”
— do nothing.
Speaking of risk, I’m taking on quite a bit with the above
analysis, namely, that members of the KJR
community who are more knowledgeable about the subject will blister me for such
a ghastly oversimplification. If you’re among them, please share what you know
in the Comments.
Where was I? Oh, yes, the Trump administration’s response to the threat of a pandemic, which was to ignore it, in spite of, as explained last week, its statistical inevitability.
Among the questions this raises: How many businesses insured
themselves against the threat of a pandemic, prevention being impractical for
your average business, and mitigation … for example via supply chain
diversification … having severe scope limitations.
My guess: Not many.
The plain, sad fact of the matter is that most businesses,
most of the time, have to accept more risks than they respond to through prevention,
mitigation, or insurance. Among them:
- Nuclear war.
- Stray asteroids.
- Your sole remaining IMS expert calls in rich from the Caymans.
- Malware invades the GPS system, resulting in randomly calculated driving routes that disrupt shipping for your products and supply chains.
- IT’s planners didn’t know their predecessors “solved” their Y2K problems through the use of a “pivot year,” which solution expired last year (and thanks to Al Vyssotsky for bring this to our attention in last week’s Comments).
- The company you outsourced IT to pulls an Enron and goes toes up.
- A voice in your CEO’s head tells him to slaughter the rest of the executive leadership team with a machete during its annual planning retreat.
- Mutant chimpanzees declare war on humanity.
- Two words: Disco revival.
It’s something you can count on: The next risk that turns
into reality will, in all likelihood, be a risk you Accepted because, like most
businesses, you can’t afford to plan for every risk you can think of; probably
you can’t even afford to plan for all the ones you know are serious and likely.
Does this mean risk management is a pointless discipline? Of
course not.
But along the way to effective risk management, before making specific plans for specific risks, should be commitment to these management basics for any Accepted risk that had the poor manners to become real:
(1) Don’t deny; (2) focus your best experts on the problem, whether or not they occupy the most appropriate boxes on the organizational chart; (3) give them whatever resources they say they need without quibbling or negotiating; (4) clear away any institutional roadblocks they bring to executives’ attention; and (5) set the right example — shut down any and all attempts to blamestorm the cause of the situation.
While your experts dig in, you and your fellow leaders
should be communicating honestly and directly with employees about what’s
happening, what the company is doing about it, and what to expect, to the
extent you’re in a position to know what to expect.
Meanwhile, I’m going to take my own advice about not
blamestorming our current situation.
No matter how hard I have to bite my tongue to take it.
# # #
But feel free to bait me in the Comments section!