If you are still trying to identify all the risks you are exposed to within the context of your business or spend endless hours converting historic data into useless risk reports in an effort to mitigate as much risk as possible for a green light on the road to taking less risk (for less reward); if you are spending a fortune on controls and the digging of trenches for your lines of defense… fear no more!
The Radical Risk Management process is here, and the future is bright for those who choose to go through the disruption of dumping the outdated thinking, concepts, models and processes — things like the risk management “process” that is based on the assumption that it is possible to identify all the risks you are exposed to and then follow a dedicated process of mitigating all those risks as well as ideas like “Green is Good” and the three, four or, even worse, five “lines of defense.”
The management of risk is a mental process, not a technical process of data gathering, evaluation and reporting at consistent intervals with an expectation of a different outcome, or even improvement. Those who do nothing will just be exploited by those who change and get better at the management of risk.
This radical process involves only four components: Situational Awareness, Mental Simulation, Naturalistic Decision-Making and, finally, Response Execution.
These are built around key elements of an effective risk culture, namely: Risk Intelligence gathered from everywhere (not just last quarter’s outdated risk report), a Risk Nervous system through which this information can flow everywhere in the business (not a process of sanctification where reporting gets better the higher it goes) and all employees having the Competencies and skills to manage the risks associated with their jobs on a daily basis to ultimately build sustainable competitive advantage for the organization (no levels of assurance, squadrons of policemen or lines of defense; there is nothing to defend against).
“Information is anything that can be known, regardless of how it is discovered. Intelligence refers to information that meets the stated or understood needs of [the users] and has been collected, processed and narrowed to meet those needs. Intelligence is a subset of the broader category of information. Intelligence and the entire process by which it is identified, obtained, and analyzed respond to the needs of [users]. All intelligence is information; not all information is intelligence” –Mark M. Lowenthal, Intelligence: From Secrets to Policy (from Special Warfare Bulletin, JFK Special Warfare Center and School, Fort Bragg.)
In an effective risk culture, people care enough to think about the risks associated with their jobs before they make decisions on a daily basis.
In the ultimate risk culture, every person acts as a risk manager and will constantly evaluate, control and optimize risks to make informed decisions and build sustainable competitive advantage for the organization.
Success depends on the levels of accountability you drive in your organization and the time and effort you put into building an effective risk culture. Do not even attempt this if you are going to keep a process of making risk decisions in committees where these decisions are “syndicated” without anybody taking any accountability. That will not work in the Radical Risk Management process!
There is also no need to employ consultants to help you with this. I could never anyway understand why organizations would pay outsiders to come in and gather ideas from their staff and convert these into PowerPoint presentations they sell back to the organization. There is no blueprint of one-size-fits-all for the Radical Risk Management process; you have to build the unique process in your organization, based on the underlying corporate culture and organizational structure and focusing on driving both the behaviors you want to encourage and the behaviors you want to avoid.
You need to take each of the four components and develop these within the context of your business strategy, goals and objectives. If a risk will not prevent you from reaching your business goals, don’t worry about it; you can never identify all the risks you are exposed to, the key factor is how your employees will respond to a situation of risk in real time. Business is not a game, and business decisions based on last quarter’s risk report are not such a good idea in real life, there is no reset button!
See also: Adios to ‘3 Lines of Defense’ Risk Model
Let us briefly look at the four components:
Situational Awareness Is:
- “The perception of the elements in the environment within a volume of time and space, the comprehension of their meaning and the projection of their status in the near future,” as defined in Endsley’s model of Situational Awareness.
- “Skilled behavior that encompasses the processes by which task-relevant information is extracted, integrated, assessed and acted upon” (Kass, Herschler, & Companion, 1991).
- “Continuous extraction of environmental information, integration of this information with previous knowledge to form a coherent mental picture and the use of that picture in directing further perception and anticipating future events” (Dominguez, 1994).
Situational awareness is having an accurate understanding of our surroundings — where we are, what happened, what is happening, what is changing and what could happen; knowing what’s going on so you can figure out what to do, collecting information from your surroundings and situation to improve your decision making and circumstances by:
- Using your senses (sight, smell, sound, taste and touch)
- Monitoring the messages that others are providing through their behavior and communications
- Being attentive to environmental circumstances that may indicate challenges, opportunity or danger
Reticular Activating System
A pathway in your brain that:
- Filters incoming information
- Turns on the “pay attention” button
- Expands your intuition
- Improves the message system between your subconscious brain and your conscious brain
Levels of awareness
- Tuned Out
- Relaxed Awareness
- Focused Awareness
- High Alert
Mental Simulation is our mind’s ability to imagine taking a specific action and simulating the probable result before acting. Anticipating the results of our actions improves our ability to solve new problems. Mental Simulation relies on our memory, learned via perception and experience. (Josh Kaufman, The Personal MBA)
There are a number of things you can do to minimize the perceptual analysis. The first is doing exactly what you are doing at this moment. You are thinking! Become aware of the possibilities and think about them. Sudden situations of risk and the likely adrenaline dump are not things we are used to or comfortable with. By thinking about our reactions, by cognitively dealing with the possibilities of outcomes, we take the first step in managing the risk response.
Mental Simulation includes running imagery of the situation and the actions to achieve outcomes. Imagery is the set of mental visual pictures of oneself proceeding through a series of actions. Imagery can go beyond just pictures and incorporate the other senses, as well. Research into the use of imagery indicates that it has positive effects, including improving self-confidence, task completion, concentration and coping. Effective use of the imagery technique has seven elements: physical, environment, task, timing, learning, emotion and perspective (PETTLEP: Dave Smith, Caroline Wright, Amy Allsopp, and Hayley Westhead, “It’s All in the Mind: PETTLEP-based Imagery and Sports Performance,” Journal of Applied Sport Psychology 19/1 (2007)
Naturalistic Decision Making
Decision making involves assessment and choosing a course of action. Decision making requires an understanding of the situation and controlled thinking. The situation determines the urgency of the decision, risks and limits of action.
The naturalistic decision making (NDM) framework emerged as a means of studying how people make decisions and perform cognitively complex functions in demanding, real-world situations. These include situations marked by limited time, uncertainty, high stakes, team and organizational constraints, unstable conditions and varying amounts of experience. Every business in today’s marketplace operates under these conditions, and practicing this based on last month’s risk report can be futile.
Mindfulness is a key element in decision making. Mindfulness is the idea that one should be present in the moment and acknowledge his or her own feelings, thoughts and sensations. Arguably, mindfulness is linked to situational awareness. Research suggests that mindfulness decreases accidents and mistakes while increasing memory and creativity. Researchers also assert that mindfulness can decrease stress and even increase a person’s general health. Additionally, recent research into mindfulness showed that it could actually change the brain physically for the better. This research indicated that mindfulness could increase the density of brain matter in the anterior cingulate cortex and the hippocampus, resulting in better attention, self-regulation, thinking flexibility, reduced stress and increased memory.
See also: Claims and Effective Risk Management
Once these steps are complete and a response has been selected; the response, or action, must be executed. Correct and effective execution requires smooth and timely coordination to achieve the desired result of optimizing the risk to get maximum benefit for the organization. The availability of resources also affects a response, and inadequate attention results in ineffective execution.
Peak Response Execution is an action of optimal cognitive, emotional and physical functioning. Cognitively, people are at their peak when they have focused attention, ignoring unimportant things and allocating brain power to the task at hand. War fighters performing at their peak can better assess the situation, make decisions and perform the right tasks at the right time. Additionally, individuals performing at their peak are less likely to succumb to stress and choke when it counts.
That is it! You have to research each of these four components and apply your learning to your organization to build a Radical Risk Management process in your organization. With no blueprint, there is nothing to implement, and there is also no standard. (I hope somebody will not try to create a standard for Radical Risk Management and a whole industry of three-day certification courses to try and certify Radical Risk Management Practitioners).
The way forward: You can take the concept and go forward at your own pace and own target, as long as you use the process outline graphic with due reference. Alternatively, you can steal the concept and develop it further for your own commercial gain, but “chickens always come home.”