Hazards have to be treated transparently, which of course does not exclude confidentiality, in order to avoid various well known organizational risk-related money wasting syndromes which we will summarize in three points:
The “specialist syndrome”: this syndrome leads hazard specialists of a given hazard, for example IT, military, political, or financial experts to believe they understand how to evaluate risks. They do not! What they can do is characterize the hazard they specialize in, but they simply do not know how to quantify, prioritize risks. We will not cite again the sub-prime/banking disaster, but let’s put in in simple terms: a car mechanic is not necessarily a racing pilot, right?
The “denial syndrome”: This syndrome is exemplified by the classic “it will not happen to me: I am too large, too small, it can only happen to others etc.” Well, invincible banks went on their knees, small Mom & Pop businesses were forced to shut…entire industries collapse…it will happen to you whether you like it or not, so stop procrastinating or looking into your horoscope! Get real and prepare.
The “technology fix-it-all syndrome”: This syndrome leads to the classic excesses driven by “hardware/gear” vendors and other biased parties who want to erase aspects of the hazards, but miss the true nature of the risks. History is full of invincible castles (I am not referring to Douglas Castle here) who were seized in a day, starting from Troy on; unsinkable vessels, who sank miserably; invincible armies who starved or froze to death too far away from a logistic base (Russian campaign(s) etc.). Furthermore, examples abound of laws and decrees aimed at solving one situation, then backfiring on another; parking planes close together to avoid “local sabotage” in Pearl Harbor, only to offer an easy prey to the Imperial Air Force, etc.
Can we cure these syndromes?
Of course we can..and here we summarize how:
- In a well managed organization hazard specialists should define the hazards, their magnitude, and to a certain extent, with facilitation, the likelihood of a strike.
- Then a Risk Manager will determine the risk posed by these hazards, after helping to evaluate probabilities and potential consequences of the hazards hitting the system. Finally a risk estimation will be delivered in a clear and transparent way, compared to the organization’s explicit and quantitative tolerabity threshold. A that point it will be possible to know which mitigations have to be implemented, if any, and a road map will be defined.
- In a well managed organization a preliminary risk assessment (see the two points above) will allow to evaluate which risks are relevant and should be tackled. This will result from a comparison of the evaluated risks with the organization’s tolerability curve, an exercise that has to be developed quantitatively and transparently in order to avoid biases of various nature.
- In a well managed organization prestige, arrogance and self-praise will be kept at bay by unbiased, transparent evaluations.
- A good Risk and Crisis Management approach will ensure the balance of the mitigative measures.
- No good mitigation can be implemented unless a serious Risk Management approach weights the residual risks, and secondary effects.
Published by THE NATIONAL NETWORKER Newsletter. All rights reserved. Subscribe Free For Your TNNW Newsletter and THE BLUE MONDAY REPORT! - Click HERE.
The National Networker Companies
Forward/Share This Article With Colleagues And Social Media:
No comments:
Post a Comment