The Risk that is nameable is not the real Risk.

How do we measure risk? Why are we measuring risk?

The answers seem straightforward, you think?

Think again.

Let’s take a detour through biology to establish my point.

Imagine you're in a biology class, learning about photosynthesis. In a traditional, isolated approach, you explain it through the lens of biology.

This might involve delving deep into the biochemical reactions involved and so on.

This is undoubtedly crucial knowledge in the field of biology. But do you genuinely comprehend why a plant does what it does?

No, you've artificially isolated one set of functions.

Now, consider a different, interdisciplinary approach.

Same plant, different perspective.

You might start with photosynthesis again. But you don’t stop there because you understand that nothing operates in isolation. You dig deeper.

You recognize that chemical processes play a role, which might include defense mechanisms against herbivores.

Suddenly, we're not only knowledgeable about the plant's life cycle but also how they survive and adapt.

Yet, you don’t stop there.

Ecology offers insights into how plants interact with their environment, affecting growth, decline, and the nutrient cycle.

You might also explore the perspectives of physics, evolution, or even anthropology.

With each step, our understanding deepens.

Now, returning to Risk Management: often, we view risks in silos.

We claim an interdisciplinary approach, but is it truly so?

We assess risks in isolation and prematurely halt our quest for understanding.

A typical risk assessment involves visiting a department, presenting them with a catalog of threats, and letting them evaluate the impact and likelihood.

(And I won’t even delve into the aftermath of placing these into a risk matrix.)

But in doing so, we adopt a shortsighted view of the issue. We might identify some dependencies, but rarely do we contextualize them properly.

It's akin to many Business Impact Analyses: just pinpoint the predecessor and successor processes.

Regrettably, this doesn't embody a holistic system thinking approach.

We're missing context and a broader understanding. I argue that this is the primary reason many risk management efforts fall short. We have an abundance in data but are starved for understanding.

Imagine if we integrated a useful dependency analysis, allowing us to see how factors influence one another.

Consider if we aggregated data on a more macro scale, like using a Monte Carlo Analysis. What if we incorporated macroeconomic trends, giving a fresh perspective? Or if we considered cultural or psychological factors?

I believe my point stands clear.

Relying solely on an Excel spreadsheet filled with 500 risk columns, color-coded in risk management shades (green, yellow, red), is insufficient.

Often, we're overwhelmed with data and lack the bandwidth to investigate significant risks. We get bogged down in spreadsheets, satisfying ourselves with superficial checks.

We need a paradigm shift – one that allows us to pinpoint and deeply understand key risks, aiding our colleagues in the process.

Achieving this is the cornerstone of effective risk management.

Such an approach enhances risk monitoring and sharpens our sensitivity to weak indicators. Our scenarios become better calibrated, boosting our capacity to judge and verify our metrics.

These are the pillars of successful risk management and, are needed to become a resilient organization.

Now, you might wonder, "What does this have to do with the headline

“The Tao that is nameable is not the eternal Tao?"

A lot. We often reduce risks to a solitary number, a label. This is reductionist and strips away all context. The quote reminds us of the imperative to adopt a holistic, interdisciplinary view.

Though we'll never grasp a system fully – always operating within the constraints of models – we should cast as wide a net as possible to deepen our understanding.

We need to be brave and accept that the risks we can name are often inaccurate. There's no way around it. However, we can make them less so.

This is why it's crucial to foster capabilities throughout the entire organization.

By helping subject matter experts (e.g., in Supply Chain Operations) understand how risk events can propagate through systems, grasp the concept of fragility, and recognize how fragile elements are affected by events, they can address these issues at the first line of defense.

These experts have built up a unique intuition and can provide context to emerging issues. This understanding can be far more valuable than even the best risk assessment methods.

See you soon!

Marco

P.S.: If you would like to learn everything about Resilience Engineering,

send me an E-Mail with "learn" to: [email protected]

This text was inspired by the great Daniel Schmachtenberger