Managing Risk In Uncertain Times

We live in an increasingly uncertain and unstable world. So, why do enterprises continue to only prioritize risks that have a relatively high probability? Managing risk isn’t purely for survival—it’s a method of changing the way we work and can even grow the organization.

Whenever an unprecedented event such as the war in Ukraine or the Covid-19 pandemic strikes, our attention naturally turns to risk management: How can we better prepare for events that we can’t predict? Let’s turn back to look at the history of modern risk management.

Historical Risk Management

Modern risk management emerged from the ashes of the Second World War from some specific sources that laid the foundation for our understanding

• Mean-variance (or modern portfolio theory) was published by Harry Markowitz at the start of the 1950s. This methodology optimizes your business portfolio through thorough risk analysis.

• The work preference theory, published by Kenneth Arrow and Gérard Debreu, demonstrated that the ultimate responsibility of the securities market is to share risk across society equitably and efficiently.

• The capital asset pricing model (CAPM) was published in the 1960s by William Sharpe and influences decisions on whether to mitigate certain risks.

These methodologies provide a way to analyze uncertain events that have yet to occur but are likely to and then figure out how to deliver positive results and business outcomes. A Guide to the Project Management Body of Knowledge (PMBOK Guide) was published in 1987, consisting of concepts that had been incubated at a strategic and financial level, then brought down to the operational level. This meant that at last, managers had the tools to manage risks and mitigate them where possible.

Since those times, however, we haven’t really seen much development of those original concepts. ISO 31000 and seven editions of the PMBOK Guide both outline the same basic flow:

1. Identify risks.

2. Evaluate or quantify them.

3. Define requisite actions.

4. Perform them.

6. Evaluate the results, repeat and monitor.

New Methodologies For Uncertain Times

We must first ask: Is this flow still relevant today? Without a doubt, the concepts inherent to modern risk management are still applicable; however, there are subtleties worth exploring. Typically, companies focused on risks that have a comparatively high probability, and during risk management exercises, it was rare to look at what are called “black swan” events. These are difficult-to-predict, uncommon events that exist outside the realm of regular expectations, and so we’re rarely aware of them.

The fact remains though that these black swan events appear to be happening more often. It’s natural for us to deny the probability of such events taking place because the odds seem so low, but looking just at the past few years, it’s clear that black swans have been coming relatively thick and fast.

Most businesses and governments were completely blindsided by the Covid-19 pandemic, even though we were warned that it was overdue by some experts. Climate change has wreaked havoc with wildfires in California, Europe and Australia, devastating floods in Germany and Pakistan and droughts and crop failures in Africa, none of which we were adequately prepared for. At the same time, Ukraine and its people and economy weren’t anticipating a war with Russia on their own doorstep. Clearly, we live in a time when myriad unpredictable global threats exist.

Whether it’s a new pandemic, escalated global war or deepening energy crises, these might have low probability but they all have the potential to make an exceptionally high impact. To safeguard against such black swans, businesses need to invest in and employ disaster recovery plans. Moreover, disaster recovery should become an integral component of every regular project management process.

Test Your Own Credentials

To test how robust your company really is, ask yourself: What has the potential to completely destroy our business in a single day? Assemble a team to define what can be done to prevent or offset such an event. Break your organization down into specific functions and carry out a “what-if” analysis by eliminating each pillar in turn to see whether your company survives or not. Think of it like Jenga, with each block representing a core business component.

There are other tactics to help cope with black swan events, such as outsourcing key functions, diversifying across multiple vendors, knowledge transfer within the business and, of course, creating a robust financial buffer.

There are also many tried-and-tested technologies that deal directly with disaster recovery; in fact, it isn’t unusual to find dedicated DRaaS offerings. At the same time, the ongoing migration to the cloud provides a level of mitigation against risk. By judiciously evaluating the available options and undertaking a radical and honest review of internal processes, you can reassure yourself that you’ll be in good shape when the next black swan strikes.

 

Courtesy-

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.