The fifth response to risk
We need to add a response. The risk management profession lists four ways to deal with risk. There’s: Prevention (which can mean reducing the odds of an occurrence as well as eliminating them) … Mitigation, limiting the damage that occurs should the risk turn into reality … Insurance, spreading the cost of any damage that [...]
We need to add a response.
The risk management profession lists four ways to deal with risk. There’s:
- Prevention (which can mean reducing the odds of an occurrence as well as eliminating them) …
- Mitigation, limiting the damage that occurs should the risk turn into reality …
- Insurance, spreading the cost of any damage that occurs …
- … and, depending on your Sarcasm Quotient (SQ), either hope or acceptance. Whichever you prefer, it means you prepare no response to the risk of an asteroid smashing into the earth in case Bruce Willis fails to stop it.
The fifth response … which isn’t new at all … is deny, which is what NASA chose for shuttle launches before the Challenger disaster, British Petroleum apparently chose preceding the Gulf of Mexico disaster, and some friends chose when they disabled their firewall and antivirus software because it was slowing down their systems too much.
We don’t yet have all the facts regarding the Gulf of Mexico disaster, nor have we experienced even a tiny fraction of the spin that is to come. (Media stupidity, on the other hand, has been in full view: Really, does President Obama’s visible anger or lack of same actually merit air time?)
Based on the limited information we have thus far it seems BP followed a popular risk trajectory in allowing this mess to take place: Its management interpreted successful prevention as absence of risk — the essential feature of the deny response.
To illustrate this dynamic, go back to January 2, 2000. Millions of information technology professionals, working in just about every organization on Earth, had completed perhaps the most effective preventive effort in history. No disaster ensued and very few businesses failed because everyone involved did a thorough and professional job.
And so a sadly large number of people who should know better concluded the whole thing was a sham.
They interpreted successful prevention as the absence of risk.
Here’s how it happens:
Take a car owner driving on bald tires and ask whether she’s concerned one might deflate. She’d most likely say yes, and unless she was in deep financial straits, she’d buy replacements.
If, six months later you asked her whether her new radials had prevented a flat, she’d answer “Of course.” That the risk might have been a sham, the product of the “alarm industry” or tire manufacturers, would never occur to her.
The same would be true for the manager of a corporate fleet. Ask if leaving bald tires on any of the company’s cars is too risky to allow and he’d certainly answer in the affirmative.
As he’s running a cost center, though, he can’t stop there. He predicts the useful life of each car’s tires, adds an estimate of how many tires per year experience punctures and other forms of damage, and does the math to forecast the annual cost of new tires. That’s his replacement budget. A few years go by without incident. Everything is groovy.
Then the company embarks on a continuous improvement program. Now, executive bonuses depend on finding costs to cut. The tire replacement budget is one of them, and in spite of warnings from the fleet supervisor, it’s reduced by five percent.
Fleet makes do. It buys cheaper replacement tires that don’t last as long. It patches tires that should be replaced. Every year the fleet manager warns Mr. Continuous Improvement the risk of a tragedy is increasing.
And every year Mr. Continuous Improvement delivers the usual reply — one replete with “business realities,” the need to live within the company’s means, the uselessness of throwing money at problems, and, most important, the “evidence”: Cutting the budget hasn’t resulted in a tragedy, has it? Of course the mechanics want to replace the old tires with shiny new ones. They think like technicians, not business people.
It’s interpreting successful prevention as the absence of risk.
Until there’s a blowout and a fiery car crash.
Here’s what’s tricky: Without continuous improvement programs, organizations become complacent, mistaking the way things are for the way things have to be.
Where companies blow it is using the budget as a bludgeon, forcing cost center managers to find “improvements” whether or not they’re actual improvements or just cost-shifting game-playing.
The budget is the wrong tool for the job. The right tool: Culture change — for managers, a culture of honest inquiry so they don’t interpret successful prevention as the absence of risk.
And for all employees, a culture of innovation so they don’t mistake the status quo for what’s inevitable.