Business decision making styles can be categorized in many contexts. Alice Underwood and David Ingram of Willis Re Inc. use a risk management lens to define four risk attitude clusters for decision makers which they label Maximizers, Conservators, Managers, and Pragmatists. Each of these management styles align with unique risk management strategies and can drive an overall corporate risk culture. The downside of a dominant risk posture, however, is it tends to maximize business performance in only one stage of a business cycle including boom, recession, uncertain, and moderate risk environments.
We can apply similar analysis to attitudes regarding the reliability of risk assessments. How deeply can we depend on our ability to accurately identify and measure risks, leverage risk analytics, and improve organizational value? As risk management principles spread and mature from their roots in the financial market to other industry sectors, attitudes about the value of risk analysis and ERM vary widely.
Where Do You Fall on the Risk Management Attitude Scale?
At one end of the risk management attitude scale are those who fervently believe in the ability to assess and model a multitude of risk factors to help optimize business goals. Noted risk expert and author, Nassim N. Taleb, glibly refers to those who blindly rely on predictive risk models as turkeys. He notes the rare, yet plausible, Black Swan events will eventually topple any optimized business model that includes thin option buffers.
At the other end of the attitude scale are those who do not believe in the value or reliability of concerted risk management programs and analysis. The Economist Intelligent Unit’s 2010 Fall Guys study, sponsored by ACE and KPMG, indicates only half of business managers across all industries are confident or very confident there is a broad understanding of the range of risks their organization faces. Only 34% believe they are effective at anticipating and measuring emerging risks. Considering the study skews toward financial businesses, these percentages are even lower across other industry sectors.
Many of these organizations may intend to invest more in their risk management programs, but given the attitudes that have limited their progress to date, we can extend Taleb’s fowl references by labeling the disbelievers ostriches. They have been content with burying their heads in a business environment of growing risks.
The EIU study suggests while most businesses beyond the financial sector are still part of the ostrich herd, enterprise risk management investments are on the rise. Innovative risk managers lead most of these efforts as they communicate risks to the board while at times fighting the wearying battle against those who label risk analytics and predictive modeling too faulty to trust.
Black Swan arguments fuel the detractors, but it is important to note Taleb’s perspective comes from a background as a derivatives trader. Pushing trading market risk models to the fragile limits of market optimization certainly create conditions for a collapse in the wake of a rare catastrophic risk event. Outside of those conditions, he acknowledges the efficacy of risk programs in Mediocristan where the frequent high-consequence, frequent low-consequence, and rare-low consequence risk events occur and boundaries exist.
It's Too Early to Judge the Power of Emerging Risk Analytics
Taleb is now working on his advice on management concepts to create more redundancy and options to reduce organizational fragility in optimized business models. Being well short of the fine-tuning of risk management he will recommend; most companies still have plenty of room to improve their assessments and management of risks in Mediocristan.
Many enterprise risk management programs now assess a broad range of risks and whittle them down to the most critical ten to twenty top risks for board reporting. However, organizations may actually face hundreds or thousands of critical risks on a regular basis. The end goal for corporate risk management programs and their breadth of coverage are still to be determined. Is it sufficient to limit the focus of risk analysis to the most frequent and consequential risks?
IMT believes we are only at the first stages of establishing broader and deeper risk analysis for decision makers across enterprises. Managing risks in Mediocristan is a start, but the value of risk management can now extend to competitive differentiation and strength.
Unapologetically mixing our fowl metaphors with golf metaphors, every business should set their risk strategy to beat par among their industry peers. Most golfers spend too much time trying to perfect a big swing while often ending up mired in hazards. In contrast, good golfers know the best route to consistently high scores is improving their short game. Businesses can similarly beat their competition by optimizing risk-aware decisions across their operations on a daily basis.
Seek out the opportunities to outshoot the average of your competitors while keeping in mind that par will become more difficult to achieve with the wider use of improved risk management approaches leveraging analytics technology amongst your peers.
Trumpeting the theme of this blog, business planning should never assume any business conditions will remain constant. Assume your market variables are constantly changing. Your competitors are advancing their ability to leverage risks. You must aim higher.
Now to bring home our collection of fowl metaphors…Break away from the remaining ostrich herd and their limited trust in risk management analytics, but do not be a turkey believing risk models can anticipate the threat of Black Swan events. Establish a corporate culture that leverages risk assessments to continually maximize your business decision birdies and celebrate your eagles while your competition falters during risk events in Mediocristan.