It’s not easy trying to predict the unpredictable. Yet that’s what risk managers are responsible for doing every day. Sometimes, the plans to identify or protect against a particular disaster come up short. Read on for four of the biggest risk management disasters in history – and how the risk management industry has learned from them.
It’s become an iconic image in pop culture – Leonardo DiCaprio leans in close behind Kate Winslet as she raises her arms and exclaims “I’m flying!”
But what can Kate and Leo teach us about risk management?
Quite a lot, in fact. Thanks to several movies and countless other retellings, the tragedy of the Titanic is something everyone knows. But with a better understanding of some basic risk management principles, the Titanic never would have sunk at all.
Michael Angelina, executive director of the Academy of Risk Management and Insurance at Saint Joseph’s University, uses the Titanic and other notable risk management disasters to give his students a better idea of what exactly risk management is – and why they should care about it.
It turns out some of the most notable risk management disasters had specific causes that create pretty clear lessons for risk managers in a range of industries to learn. Let’s take a closer look at four of the biggest risk management disasters in history and what ARMs and risk managers took from them, starting with the event everyone’s favorite ’90s epic/romance/disaster movie is based on.
The sinking of the Titanic
The shortage of lifeboats on board the Titanic on April 15, 1912, has become a well-known fact representing the arrogance and naiveté of designers, crew members and passengers who were positive the massive vessel was unsinkable. To be sure, pretty much everyone was overconfident, from not giving lookouts binoculars to ignoring warnings from other ships about icebergs in the area.
And while the lack of lifeboats is held up as the primary example of that hubris, the 20 lifeboats actually complied with safety regulations at the time. In fact, only 16 rescue ships were required. Lifeboat capacity was determined by the weight of the ship, not the number of passengers on board. This rule was developed for much smaller ships and hadn’t been updated to adjust for the enormous ships that were built in the early years of the 20th century. What’s more, there hadn’t been a significant loss of life at sea for 40 years, and large ships usually stayed afloat long enough for individual lifeboats to make multiple trips to and from a rescue vessel. For all of those reasons, everyone tragically assumed there were an adequate number of lifeboats for passengers.
The risk management lesson learned: Complying with regulations and established best practices is no guarantee that a specific risk has been effectively mitigated. Risk managers need to consider these safeguards the same way they would any other risk prevention effort and take additional action when they don’t sufficiently guard against risk.
See also: A Revolution in Risk Management
Deepwater Horizon explosion
When the Deepwater Horizon oil rig exploded on April 20, 2010, several executives from BP and Transocean were actually on the structure to celebrate seven years without a lost-time safety incident on the project. Company leaders were so focused on preventing – and measuring – lesser risks like slips, trips and falls that they failed to identify the more complicated process management risks that ultimately led to the explosion.
Risk management lesson learned: All risk analysis is essentially weighing how likely an event is to occur against what impact that event would have, then identifying effective ways to address those risks. Thanks to complacency, cutting corners, arrogance or some combination of those factors and others, BP and Transocean targeted risks with high probabilities and low impact. In the process, they neglected risks in the opposite quadrant of that matrix that were unlikely to occur but could have catastrophic results.
Sept. 11 attacks
Since the tragic events of Sept. 11, 2001, individuals, businesses and the U.S. government have put vast effort and resources into preparing for and defending our nation against further attacks. Professors of risk management at the University of Pennsylvania call 9/11 a “black swan” event – one that is very rare and difficult to prepare for.
Risk managers are extremely good at preventing what’s happened before from happening again. But unlikely events are extremely difficult to predict. Before Sept. 11, 2001, terrorism was listed as an unnamed peril in a majority of commercial insurance deals, according to Penn researchers. After the attacks, insurers paid $23 billion, and many states passed laws permitting insurers to exclude terrorism from corporate policies. Today, the semi-public Terrorism Risk Insurance Act covers as much as $100 billion in insured losses from terrorist attack.
Risk management lesson learned: These black swan events are difficult to predict and even more difficult to prepare for. A portion of the risk management field will always be reacting to the specifics of previous significant events and incorporating them into their models forecasting future risk.
Financial Crisis of 2007-2008
Plenty of people were quick to blame risk managers for failing to protect the world’s largest financial institutions against the biggest economic disaster since the Great Depression. The Harvard Business Review identified six ways companies fail to manage risk, while the Risk and Insurance Management Society (RIMS) argues the financial crisis was not caused by the failure of risk management, but rather organizations’ failure to embrace appropriate enterprise risk management behaviors. Companies provided short-term incentives and did not communicate enterprise risk management principles to all levels of the organization.
Risk management lesson learned: Risk management cannot exist in a vacuum. Creating a robust enterprise risk management program also requires communicating it to all levels of the organization and creating a culture and incentive system that matches the level of risk.
See also: Can Risk Management Even Be Effective?
Interested in learning more about risk management? Check out the Associate in Risk Management designation from The Institutes.