Enterprise Compliance Today

Chaos Theory & C-Level Disillusionment With Risk Management

Posted by Greg Carroll on Wed, Aug 21, 2013 @ 11:00 PM

Risk management can't predict the weather, but it can tell you when you should take an umbrella.


enterprise risk management

"After 30 years in business, dealing with the likes of Dept of Defence, Motorola and Serco, I have a genuine interest in assisting corporate Australia adopt leading world best practices.

"Every week or two I am posting articles on all things governance, risk and compliance at our blog.  If you would like to receive new posts, please register using the SUBSCRIBE button on the left."

As practiced by most people through the latter 20th century and even today, risk management has been over promised, incorrectly targeted, inconsistent implemented and improperly managed. As a result it has been ineffective.

I blame a plethora of mediocre management consultants jumping on the bandwagon while not understanding the subject matter or framework. False promises peddled by some of the lesser lights in the field, like risk management's supposed ability to predict the future, have fed a widespread disillusionment.

News flash

You can’t predict the future! All the major banks and finance houses around the world were running elaborate risk "models in 2007, yet nearly all failed to predict the global financial crisis. All aspects of life, including business, are controlled by three indisputable laws:

  1. Second Law of Thermodynamics – things tend to get worse
  2. The Uncertainty Principle – you can’t tell when
  3. Chaos Theory – you can’t predict the weather (but you can take an umbrella)

Second Law of Thermodynamics

If you accept business is subject to the same laws of physics as the rest of the physical world, then you have to accept the 2nd Law of Thermodynamics’ everything tends to a state of disorder. This means, as most senior business people know, unless you actively work on forever improving your business, it will fail. i.e. control is not enough and Continuous Improvement is a mitigation strategy.

The Uncertainty Principle

The Uncertainty Principle contends that even the act of measuring in itself can cause variation. In risk management, risk awareness creates changes in risk appetite, for better or worse, while models unfortunately tend to engender an ill-placed confidence.  Both result in changes to environment and/or controls which change historical significance.

Chaos Theory

Contrary to popular belief, chaos is not random. Rather, it's a set of variable outcomes due to minor aberrations within a deterministic system. That means that if you have a specific start point, an identical environment and follow the identical path, you can predict the result!

Unfortunately the real world and the uncertainty principle won’t let you have a specific start point, identical environment and the same path. There will always be slight differences, and those differences can produce vastly differing results. (Meteorologists know that a high-pressure system will always give way to a cold front, which will have strong winds in front of it and heavy rain behind, but they still can’t predict the weather.)

The Butterfly Effect

Chaos theory is commonly referred to as "the butterfly effect," where theoretical the air displacement from a butterfly beating its wings in the Amazon rainforest can cause a compounding series of events that results in a cyclone in China. It can’t (and I know the Chinese call it a typhoon), but it’s a good metaphor. Chaos can best be represented by a Lorenz attractor diagram, which uncannily looks like a butterfly. Created by meteorologist Ed Lorenz in 1963, it illustrates how a system can follow a general pattern, but never exactly repeat itself.

Business is chaotic

Business can be every bit as chaotic as the weather. Like the meteorologist, we can’t predict the future but we can prepare for the possible outcomes. Since risk is defined as the level of uncertainty, the purpose of risk management is to assist us in preparing for the future. Old adages like, “If you fail to plan, you plan to fail” and, “Proper preparation and planning prevents poor performance” remind us that planning is not a management fad.

A New Approach to Risk Management

So if planning is needed, and risk management is a useful tool in planning, how can risk management be re-vitalised to work in the 21st century? The seeds of the solution are bedded in the causes of failure described above. The key issues are:

  1. Risk management must have real-world models for each part of the business, not a one-size-fits-all approach.
  2. All models have to integrated into and end-to-end system to handle the butterfly effect.
  3. Risk management must outcome-focused, not process-focused
  4. The system must be driven by objectives to increase shareholder value.

If implemented as a pro-active tool to aid informed decision making, Enterprise risk management (ERM) is a coordinated linking of all organisation risks into a single model so everyone is aware of the effect immediately.  When it puts that information at operational management’s fingertips and encompasses monitoring of Key Risk Indicators (KRI) showing the effect of influences and drivers on strategic objectives, it allows management to react to threats and opportunities as they occur instead of in a post-mortem review.  This will then deliver on the expectations of C-Level management by producing tangible benefits.

You're invited to keep up-to-date

After 30 year in business, dealing with the likes of Dept of Defence, Motorola and Serco, I have a genuine interest in assisting corporate Australia adopt leading world practices.  Every week or two I am posting articles on all things governance, risk and compliance at our blog. I often try to tie into headlines, to be timely /relevant.  If you would like to receive new blog articles, please register using the SUBSCRIBE button in the left column of this article.


paperbackfront  reduce non-compliance  reduce compliance costs
Free Excerpt: Mastering 21st Century Enterprise Risk Management
Guide to selecting & implementing Enterprise Risk Management
Webinar Videos
See recorded webinar on the Mastering 21st century Enterprise Risk Management
FastTrack Risk Management Data Sheet
How Fast Track provides risk management integrated as part of the day-to-day operational management method of work and decision making.

Tags: corporate governance, ISO31000 & ERM