I came across an interesting article by Leon Gettler today titled "Risk management in the era of unpredictability" (page 6, in the Opinion and Analysis Business Section of The Age newspaper, 1 Feb 2011).
Interesting not only because it reflected a position dear to my heart, - but interesting because it was a lead article specialising in what I thought was "a given". Can it still be that modern companies and organisations HAVE NOT adopted a flexible approach to risk management? What are they thinking? The solution is necessary - and it is not difficult.
In terms of the necessity of the solution Gettler wrote:
"The conventional risk-management approach lists possible events and determines the probability of their occurring based on experience. You measure the costs and benefits of specific risk-protection measures and implement these measures for each risk. The problem is that it assumes risks are local and routine and fails to take into account the impact they may have on different organisations and states. It does not factor in the impact of the growing number of unlikely but potentially devastating events. It is an outdated approach that robs organisations of their agility. Clearly, these sorts of events are impossible to predict. So, how should organisations respond? It is a subject that should be reviewed by boards regularly. Companies should have scenario-mapping teams that report to the board and work with suppliers and customers to identify potential threats. Twenty-first century risk management is not about predicting the future. It is about systems and relationships that create an organisation agile enough to respond when disaster strikes. (my emphasis) As it will."
In terms of the solution being "straightforward", if an organisation asks the fifteen questions in the diagram below, they will have the necessary and sufficient profile - of both their vulnerability and their needs.