Author: Manu Steens
A first question I ask myself: how do these concepts relate to one another?
The following figure of disasters can offer a solution: this is about known knowns.
This table provides a minimalistic sketch as an answer to the question “What can Disasters be like?
In addition, there are Unknown Knowns such as the Gray Rinho’s.
These are things that come to us, that we know they are there, but that we choose not to see, or forget about them.
Gray Rhino’s are not divisible in well-known or poorly known probability and impact. The impact is great. The probability is great. They are always well-known in terms of probability and impact, and thus fit within the quadrant of Disasters, as follows:
Known Unknowns also exist. These are things we know that are there but we do not know exactlywhat they are. Therefore we can not treat them. These can not be classified with a probability or impact. The consequences may or may not be known. The odds equally. If the consequences are large, but not actively known, and the probability is estimated low, but it suddenly occurs, without any expectation of the event, we speak of a Black Swan. The turkey does not know why the farmer always gives him food, but could have suspected it from a suspicious “Why” question. But the turkey does not know the Christmas party, and can not really assess the probability.
Finally there are Unknown Unknowns. We do not know that we do not know them.
Not only do we not know the probability and the impact, we do not know the event, we do not know the reason, we do not know the consequences. So we can not give a foresight example of this. Unless you look back on the past (Hindsight). Was it right of the priest to save Adolf Hitler from drowning, when he had fallen through the ice as a child?
It is the intention of Resilience management to get to know as many of these four groups as possible and to push them back within the possibilities of the disasters square.
This provides a possible way to frame resilient needs. Where is CM, however? The answer is: everywhere. In all 4 groups, CM actively takes action when a threat manifests itself. Because the known knowns are best known, it is always an advantage to elaborate and prepare RM.
Question 2: what are historically the added values of BCM, RM and CM?
The known added values already known for these three disciplines, are:
- Compliance with legislation and with clients
- Protection of the reputation of the organization and the strength of the brand
- For the time being: competitive advantage
- Operational improvements
- Capturing the knowledge and experiences
- Value protection
Question 3: what are the “new” added values of BCM & RM?
The new added values according to ISO 31000 are:
- Value creation, and therefore also
- Included opportunities
- By studying the threats in new and existing projects and processes, these threats can be tackled so that they happen with a greater probability of success and with less costs in the aftercare phase.
- This also increases the quality of the output and the outcomes, enabling a stronger positioning in the market, which attracts potential customers.
- This immediately improves the reputation, creating a positive spiral that reflects in a better market value of the organization and generates a positive effect on the stock market.
- By applying RM in its projects, the government organizations will mutatis mutandis create added value on a social level, which also means more income for the governments and thus create a positive value spiral for society.
- When an opportunity presents itself, it can be recorded correctly, in the sense that the risks run by the organization are known and can be tackled in order to optimize its probabilities of success.
- Because RM has an ‘outlook’, threats, but also opportunities, are better and faster seen.
- Because there is systematic reporting that is integrated into all layers of the organization and the processes and projects of the business, the policy can assess the opportunities better and faster correctly.
These added values also apply to BCM.
Question 4: what is the most important added value of CM?
What I really want to know is what is expected by the co-workers and by society.
People expect more and more from organizations. They desire certainty in uncertain times. This is what the organization has to do:
- Deal with the threat
- Meet the urgency
- Fight the uncertainty
Deal with the threat
Threats are relative and personal. There are also general threats that affect us all. Perhaps the best example is terror. Although terrorist attacks demand far fewer casualties than fine dust year after year, it affects the people personally through the choice of method, place of occurrence and the timing. They choose these well to maximize fear. This fear touches everyone personally, because there is arbitrariness where when and how one can be a victim. The society does not know, and as a result, everyone of the potential victims address their anger against the perpetrators.
Meet the urgency
Urgency is personal. A potential crisis that affects you personally is usually urgent as long as you are still hoping for opportunities to escape from it.
Fight the uncertainty
The organization mainly does this by making a division into operational management, communication management and strategic management.
With the operational management the organization can show that the problem is being addressed. Counter actions take place and there are claims to be observed. With the strategic management the organization can do sensemaking, and give an understanding to the people of where they stand. The organization can also indicate its actions, explaining the reasons for these actions, to include its liabilities. Also to learn lessons, to avoid the problems in the future. With the communication management, the organization can make itself be heard about the situation, that it is working on the problem, and what the expectations are.
Question 5: And now this: What about Red Ants?
Is this yet another invention to describe risks? No, actually not. It is a disaster type that is naturally present: incidents with small to moderate impact and small to high probability, but with the possibility to grow into a Black Swan or a Gray Rhino very quickly.
Black Swans (Nicolaas Taleb): very small probabilities, very big impacts.
Gray Rhino’s (Michèle Wucker): Very big probabilities, very big impacts
Red Ants: Very big probabilities, smaller impacts.
Often Red Ants are the small incidents without major consequences that are a warning of imperfections in the safety of a system or organization. Usually a large number of red ants precede a gray rhino or a black swan. In addition to the fact that red ants are an annoying phenomenon in the field of security they are a reason to extinguish a lot of fires, and they therefore have a serious warning function. This is: find the root cause and tackle it thoroughly, otherwise sooner or later really big accidents happen.
So every “animal species” is therefore to be taken seriously.
Question 6: And what can you do about it?
Well, let’s present this schematically in the disaster management table:
- CM Exercises are the most necessary aspect in disaster management.
- Risk management includes preventive measures and protective measures (by analogy with the bow-tie analysis method).
- Uncertainties have the characteristic that probabilities are poorly known but the impacts are better known. Usually because causes are poorly known. As a result, there is a particular need for protective measures.
- Ambiguities have the characteristic that impacts are poorly known but the probabilities are better known. Usually because consequences are poorly known. As a result, there is a particular need for preventive measures.
- In the event of unkown probabilities and impacts, the focus must be on the lookout, to estimate unexpected matters in a timely manner and to incorporate measures in the policy of the organization on a continuous basis.