President Donald Trump, at a March 19th briefing, said, “Nobody knew there’d be a pandemic or an epidemic of this proportion.”

This is not an accurate statement (see, for example, last year’s Worldwide Threat Assessment of the US Intelligence Community, 1/29/2019), which, given President Trump’s falsehood rate of 15 per day since taking office shouldn’t be all that surprising.

And yet, in Donald Trump’s defense (you have no idea how hard it was to type those words) …

But before we get to that, here’s a quick recap of how organizations plan their risk responses. It isn’t, in principle, particularly complicated: Risk managers:

  • Establish their planning window.
  • Enumerate the relevant risk categories and specific risks.
  • Estimate each risk’s probability of occurrence within the planning window.
  • Forecast the harm should each risk become real.
  • Determine the logical level of investment for dealing with each risk.
  • Decide which of the four responses to risk is most logical (or are most logical — combinations are allowed):
  • Prevent, also called “avoid” — reduce the likelihood of the risk becoming real.
  • Mitigate — reduce the harm should the risk become real.
  • Insure — for a fee, share the financial harm that occurs when the risk becomes real with a third party.
  • Accept, also called “hope” or “ignore” — do nothing.

Speaking of risk, I’m taking on quite a bit with the above analysis, namely, that members of the KJR community who are more knowledgeable about the subject will blister me for such a ghastly oversimplification. If you’re among them, please share what you know in the Comments.

Where was I? Oh, yes, the Trump administration’s response to the threat of a pandemic, which was to ignore it, in spite of, as explained last week, its statistical inevitability.

Among the questions this raises: How many businesses insured themselves against the threat of a pandemic, prevention being impractical for your average business, and mitigation … for example via supply chain diversification … having severe scope limitations.

My guess: Not many.

The plain, sad fact of the matter is that most businesses, most of the time, have to accept more risks than they respond to through prevention, mitigation, or insurance. Among them:

  • Nuclear war.
  • Stray asteroids.
  • Your sole remaining IMS expert calls in rich from the Caymans.
  • Malware invades the GPS system, resulting in randomly calculated driving routes that disrupt shipping for your products and supply chains.
  • IT’s planners didn’t know their predecessors “solved” their Y2K problems through the use of a “pivot year,” which solution expired last year (and thanks to Al Vyssotsky for bring this to our attention in last week’s Comments).
  • The company you outsourced IT to pulls an Enron and goes toes up.
  • A voice in your CEO’s head tells him to slaughter the rest of the executive leadership team with a machete during its annual planning retreat.
  • Mutant chimpanzees declare war on humanity.
  • Two words: Disco revival.

It’s something you can count on: The next risk that turns into reality will, in all likelihood, be a risk you Accepted because, like most businesses, you can’t afford to plan for every risk you can think of; probably you can’t even afford to plan for all the ones you know are serious and likely.

Does this mean risk management is a pointless discipline? Of course not.

But along the way to effective risk management, before making specific plans for specific risks, should be commitment to these management basics for any Accepted risk that had the poor manners to become real:

(1) Don’t deny; (2) focus your best experts on the problem, whether or not they occupy the most appropriate boxes on the organizational chart; (3) give them whatever resources they say they need without quibbling or negotiating; (4) clear away any institutional roadblocks they bring to executives’ attention; and (5) set the right example — shut down any and all attempts to blamestorm the cause of the situation.

While your experts dig in, you and your fellow leaders should be communicating honestly and directly with employees about what’s happening, what the company is doing about it, and what to expect, to the extent you’re in a position to know what to expect.

Meanwhile, I’m going to take my own advice about not blamestorming our current situation.

No matter how hard I have to bite my tongue to take it.

# # #

But feel free to bait me in the Comments section!

There’s no such thing as an IT project. There is, on the other hand, such a thing as There’s No Such Thing as an IT Project: A Handbook for Intentional Business Change. It’s now officially available for purchase (or will be tomorrow morning). Humility prevents my coauthor, Dave Kaiser, and me from telling you it’s the most important business book published this year.

It’s a good thing we’re so humble. Or maybe not, because if you have anything to do with making business change happen … intentional business change, that is … you need this book. And I hope you’ll forgive a bit of hard selling because if you want the organization to change you’ll want your peers and collaborators to understand what it is you’re doing and why.

What’s the book about? It’s about 180 pages long. It’s about eighteen bucks … a dime a page … if you want the Kindle edition, more if you want crushed trees smeared with ink, and if you do, consider buying it straight from our publisher (https://www.bkconnection.com/books/title/Theres-No-Such-Thing-as-an-IT-Project ).

It’s about the difference between “implementing software” and something useful coming of it.

It is, we think, comprehensive without being tedious; practical and pragmatic while still presenting big ideas; clear and concise without being humorless.

If you’re a long-time KJR reader you’re familiar with the mantra, for example from this ten-year-old evergreen from the archives – https://issurvivor.com/2009/12/07/someone-elses-problem/ .

Now, instead of having to root around in the archives to pull everything together you’ll find it all in one place.

That’s how KJR works. You get a concise account of a narrow slice of a big topic once a week, out of the goodness of my greedy little heart. You get a complete view of subjects that matter from the books I publish from time to time (look here if you want to know what else I’ve written over the years: https://www.amazon.com/Bob-Lewis/e/B001HMOX0I/ref=dp_byline_cont_ebooks_1 .) It’s one way you can support KJR — something readers ask from time to time.

If you like the ideas and need help making them real, give me a shout. https://issurvivor.com/contact/ . With many consultants you don’t really know what you’re getting into. I am, more or less, an open book.

Well, 12 open books, but who’s counting?

Oh … one more request. Books aren’t real until they have a bunch of Amazon reviews. So I’m asking you to write one — preferably after you’ve read the book (as a consultant I have a strong sense of sequence).

If you like the book, please say so and explain why. And if you hate it, please explain that in a review as well. I’m not trying to put my thumb on the scale — I like good reviews as much as the next author, but it’s more important for the book to be real.

And don’t worry. Unlike public radio, I’m not going to hold KJR hostage until enough of you have bought the book.

I might badger you about it from time to time, but I won’t fill more whole columns pleading with you and your fellow readers to satisfy my deep craving for attention. Dave and I hope you enjoy the book and, more important, find it useful. We won’t know, though, until we read your review.