Chaos Theory & C-Level Disillusionment With Risk Management
Risk management can't predict the weather, but it can tell you when you should take an umbrella.
"After 30 years in business, dealing with the likes of Dept of Defence, Motorola and Serco, I have a genuine interest in assisting corporate Australia adopt leading world best practices.
"Every week or two I am posting articles on all things governance, risk and compliance at our blog. If you would like to receive new posts, please register using the SUBSCRIBE button on the left."
As practiced by most people through the latter 20th century and even today, risk management has been over promised, incorrectly targeted, inconsistent implemented and improperly managed. As a result it has been ineffective.
I blame a plethora of mediocre management consultants jumping on the bandwagon while not understanding the subject matter or framework. False promises peddled by some of the lesser lights in the field, like risk management's supposed ability to predict the future, have fed a widespread disillusionment.
You can’t predict the future! All the major banks and finance houses around the world were running elaborate risk "models in 2007, yet nearly all failed to predict the global financial crisis. All aspects of life, including business, are controlled by three indisputable laws:
- Second Law of Thermodynamics – things tend to get worse
- The Uncertainty Principle – you can’t tell when
- Chaos Theory – you can’t predict the weather (but you can take an umbrella)
Second Law of Thermodynamics
If you accept business is subject to the same laws of physics as the rest of the physical world, then you have to accept the 2nd Law of Thermodynamics’ everything tends to a state of disorder. This means, as most senior business people know, unless you actively work on forever improving your business, it will fail. i.e. control is not enough and Continuous Improvement is a mitigation strategy.
The Uncertainty Principle
The Uncertainty Principle contends that even the act of measuring in itself can cause variation. In risk management, risk awareness creates changes in risk appetite, for better or worse, while models unfortunately tend to engender an ill-placed confidence. Both result in changes to environment and/or controls which change historical significance.
Contrary to popular belief, chaos is not random. Rather, it's a set of variable outcomes due to minor aberrations within a deterministic system. That means that if you have a specific start point, an identical environment and follow the identical path, you can predict the result!
Unfortunately the real world and the uncertainty principle won’t let you have a specific start point, identical environment and the same path. There will always be slight differences, and those differences can produce vastly differing results. (Meteorologists know that a high-pressure system will always give way to a cold front, which will have strong winds in front of it and heavy rain behind, but they still can’t predict the weather.)
The Butterfly Effect
Chaos theory is commonly referred to as "the butterfly effect," where theoretical the air displacement from a butterfly beating its wings in the Amazon rainforest can cause a compounding series of events that results in a cyclone in China. It can’t (and I know the Chinese call it a typhoon), but it’s a good metaphor. Chaos can best be represented by a Lorenz attractor diagram, which uncannily looks like a butterfly. Created by meteorologist Ed Lorenz in 1963, it illustrates how a system can follow a general pattern, but never exactly repeat itself.
Business is chaotic
Business can be every bit as chaotic as the weather. Like the meteorologist, we can’t predict the future but we can prepare for the possible outcomes. Since risk is defined as the level of uncertainty, the purpose of risk management is to assist us in preparing for the future. Old adages like, “If you fail to plan, you plan to fail” and, “Proper preparation and planning prevents poor performance” remind us that planning is not a management fad.
A New Approach to Risk Management
So if planning is needed, and risk management is a useful tool in planning, how can risk management be re-vitalised to work in the 21st century? The seeds of the solution are bedded in the causes of failure described above. The key issues are:
- Risk management must have real-world models for each part of the business, not a one-size-fits-all approach.
- All models have to integrated into and end-to-end system to handle the butterfly effect.
- Risk management must outcome-focused, not process-focused
- The system must be driven by objectives to increase shareholder value.
If implemented as a pro-active tool to aid informed decision making, Enterprise risk management (ERM) is a coordinated linking of all organisation risks into a single model so everyone is aware of the effect immediately. When it puts that information at operational management’s fingertips and encompasses monitoring of Key Risk Indicators (KRI) showing the effect of influences and drivers on strategic objectives, it allows management to react to threats and opportunities as they occur instead of in a post-mortem review. This will then deliver on the expectations of C-Level management by producing tangible benefits.
You're invited to keep up-to-date
After 30 year in business, dealing with the likes of Dept of Defence, Motorola and Serco, I have a genuine interest in assisting corporate Australia adopt leading world practices. Every week or two I am posting articles on all things governance, risk and compliance at our blog. I often try to tie into headlines, to be timely /relevant. If you would like to receive new blog articles, please register using the SUBSCRIBE button in the left column of this article.
If you liked the article please subscribe to receive future blog posting
use the SUBSCRIBE button on the left
For 30 years Fast Track has specialised in compliance management software for medium to large organisations. Our FastTrack.net platform is deployed throughout global companies such as Motorola and PB; government bodies such as the Australian Department of Defence and Department of Justice; and leading organisations in health, mining, quality management, and utilities, among other industries. Fast Track is a Microsoft Certified Partner and ISO3100 compliant. Our headquarters are in Queensland with representatives in the Mid-East.
Tel: +61 7 5591 8977. On Twitter at @365compliance.
Learn more about our compliance software »