I’ve been thinking about the short exchange I had with Matthew Leitch when he disagreed with my description of his article on risk registers. It seems we live in different worlds. His appears to be one in which risk lists and all the associated barbarisms of matrices and traffic lights have been discredited and, presumably, teeter on the edge of oblivion. Mine is one in which everyone agrees that the only way to do risk management is to draw up the register, score the risks several times against a corporate scheme to prove you’re doing some good, and put it all on a database. If I suggest to a client that there may be some conceptual issues with scoring ‘inherent risk’ on a 5×5 PID he generally looks at me as if I’m mad and starts to plot my disappearance. Plus, as I’ve recorded on this site, I see some use in the lists.
This all reminds me – and I need reminding – that we all have different perspectives on risk and risk management and it’s a good idea to establish what they are. This is particularly important for me as I start to write an article on the role of resilience in risk management.
I realise I’m very ambivalent. I’m always amused in a superior way when business continuity people envision silos in which risk management and their trade are separate. Don’t they know that a holistic, integrated, blah, blah approach to risk management will take on board business impact analysis, recovery times and the like? The same with catastrophe management. Of course it’s key to be adaptable, to react to circumstances as they unfold, for example, and any risk manager will make sure that’s a part of the preparations. So my prediction is that I will find resilience does not add anything conceptually to risk management. (That’ll improve my forecasting calibration score!)
But as I’ve already said, and what underpins the creation of this website, my perception is that risk management, as generally practiced, does not deliver against its high-flown principles. Whatever snooty verdict I reach on resilience the real challenge will be to implement what the concept has to offer with practical techniques. It has to be as easy as scoring target risk on a matrix is for most people. Then we might all be on the same hymn-sheet, but until then we need to understand where everyone is coming from. I’ll try to do better.
As for the illustration, you might like to see the original cartoon.
Andy, the basis of the article you commented on was the findings from my various surveys. The world we both live in is one where most people involved in management do not find risk listing very appealing or logical. However, we have a situation where, in certain fields, risk listing is the dominant approach in regulation, contracts, etc. There are people who cannot imagine risk being managed any other way. For them risk listing is the very definition of risk management.
But, that view is not typical in the wider population of people involved in management.
I suspect that there are many situations today where people working in a risk listing dominated field keep their personal views to themselves because they believe everyone else is devoted to risk listing. That’s not so. It may very well be that many, even most of their colleagues privately think the same as them and are just keeping quiet for the same reason.
My surveys ask people what they personally think, so just compare your views with those of others and see how many you actually think eye to eye with.
Text book risk listing beliefs are rare if you test people using realistic situations. If you just ask abstract questions then of course things look a bit different. People are more inclined to give you abstract answers they have read.
The thing many people find repulsive/scary is the suggestion that they might have to understand or do some difficult mathematics.
I think you are correct when you say “It has to be as easy as scoring target risk on a matrix is for most people.” and indeed if it can be easier than that people will be even happier.
In summary, people want LOGICAL + EASY, and are usually offered a choice that sounds like LOGICAL + HARD or ILLOGICAL + EASY.