Strategic Risk Management: the fox and the hedgehog.

Author: Manu Steens

In this article I write my own opinion, not that of any organization.

Last week, during my vacation, I read a kind of history book. The title is ‘On Grand Strategy’ by John Lewis Gaddis.  It is about figures such as Xerxes, Napoleon, Machiavelli, Lincoln, Adams, Washington, Elisabeth, Philip II, Franklin D. Roosevelt, Von Clausewitz, … .  The great key figure, however, was a relatively unknown person, Isaiah Berlin. He was lucky enough to read ancient texts and to come up with the idea of the duality of the fox and the hedgehog in strategic thinking and acting.  In strategic leadership.

What is this two-unit, and is it always there?

The pure hedgehog is the leader who sets the goals. ‘There we go’. But he doesn’t see the obstacles.  Sometimes he is the ‘man who is always right’.  The pure fox is the man who sees the obstacles everywhere on the track, but does not naturally set goals. He does set achievable milestones however.

Often, leaders think they need to be concerned with goals, and then leave the road to them to the organization’s employees. A typical example of this was Xerxes who crossed the hellespont with a large army, while his advisor left him because he realized that the army was going to get into logistical trouble because of his gigantic magnitude.  Xerxes’ troops were eventually stopped by the Greeks.

An example of someone who did achieve his goal was Lincoln. He was a strategist at heart, in the sense that he set his goal like a hedgehog, which was to abolish slavery. He achieved that goal through devious detours, including bribery, like a fox. The following words are attributed to him:

“A compass […] will show you the geographical north from where you are, but no advice about swamps and deserts and abysses that you encounter along the way. If you run headlong forward on the way to your destination without paying attention to the obstacles and eventually sink into a swamp […] what good is it then to know where the geographic north is?”

So he knew when to consult the compass like the hedgehog, and to bypass the swamp like a fox.

This comes with an important consequence: one has to adapt the goals to the means at one’s disposal.  Because in times of scarcity, the lack of (people and) resources is one of the biggest swamps in which a hedgehog can sink.

After all, this means for risk management that this has an important place in top management.  No good hedgehog survives without a good fox by its side.  Since these two characteristics belong to a single function of strategic leadership, it can be said that there is no well-functioning organization without sound risk management.

The fox, however, is what I call strategic risk management. He will naturally maintain intense contact with the relevant operational risk management, which in itself is in direct contact with (a part of) the environment.  The fox in the strategic leader must therefore be aware of what is going on in operational risk management.

It is for this reason that we can say that an organization in which top management is involved in the risk analysis, makes an important leap in terms of risk maturity at the moment that it actively engages in it.

What's in store for us?

Author: Manu Steens

In this article I am writing my own opinion, not that of any organization.

Recently there was a team building event for the organization I work for. On leaving the reception, a colleague asked if I knew about future crises that await us. Actually, the answer to that is: no. I don’t know that. Knowing about the future is pointless. After all, an Arabic proverb rightly says: “He who foretells the future is a liar. Even if he is right.” Doubting about a number of things, however, is another matter. And doubts can be well-founded. And it moves us forward to do this in a reasoned way.

So at that moment I spoke about what was on my mind. On issues for the future, based on uncertainties. These are:

  • Diseases
  • Famine
  • War

And separately: terror (recently there were statements by terrorist organizations to increase the number of attacks). Because while its urgency is enormous for the psychological effect it produces, its materiality is more limited than the other three.

  • Diseases can occur for various reasons. The climate can change in Western Europe in such a way that, for example, the tiger mosquito gets even more opportunities than it already has and, for example, brings Zika to us through the global supply chain. But diseases such as yellow fever and new variants of corona can also spread: through global tourism. Furthermore, migrants can also bring new, unknown variants of diseases that we naturally have, such as tuberculosis, to which our population has no resistance.
  • Famine was discussed much earlier by UN Secretary General Gutiérrez , who mentioned this issue. A possible cause for this is the drought, which in the long term could have a disastrous effect on the harvests in Western Europe. But also countries that close their borders for food exports, or can no longer export to our regions because of war such as the one in Ukraine. Whether a change of food source, such as switching to quinoa , will provide a solution remains to be seen. A change of diet, including more seaweed products, may be necessary, but the question is whether science and the food sector can react quickly enough to produce sufficient seaweed in a large number of varieties on a large scale. But the increased wealth in Eastern Europe can also play a role: will Polish and Hungarian drivers still want to drive in Western Europe to supply the supermarkets when they can earn the same amount by driving locally around their church tower in Eastern Europe? Even if the stocks in the countries in Western Europe were sufficient, the stores could not be supplied due to a problem of the supply chain.
  • War could be caused by water shortages in certain regions. These are so-called climate wars. But the war in Ukraine could also escalate. Or, with increasing political attention to problems close to home, terrorist conditions elsewhere could accelerate to such an extent that some countries think they must intervene militarily somewhere. And that in itself could cause terror in our regions. After all, there have already been statements from terrorist organizations that say that the war in Ukraine is an excellent situation to increase the number of terrorist attacks in the West. The question then is how efficiently the special forces of the police can continue to act under an increased workload due to a potentially increasing number of attacks.

These matters are uncertain, but they are already being discussed.

That means that through these uncertainties we have 23 = 8 possible futures. These are the possible combinations of famine or not, war or not, and disease or not.

If we limit ourselves to these three axes, we arrive at a 3-dimensional cube with 8 parts. By unraveling these, we come to the following conclusion:

  • In four of them there is war.
  • In four of them there is hunger.
  • In four of them there are diseases.
  • In one of them we have all three.
  • In one of them we have none of the three.
  • In three of them we have two out of three.
  • In three of them we only have one.

By raising these doubts, we are not pessimists, even if it seems so. It may allow us to look for possible indicators that tell us more about the direction(s) the world is heading in the short and medium term. We have to prepare for that. However, it is not getting any easier to determine good indicators in a fast-moving world, which are also timely enough to have predictive value.

Some questions we should ask ourselves are:

So what is the reasonable worst case for Business Continuity Management? What measures can we devise to be sufficiently resilient , without costing a fortune? Which measures cover several possible futures wholly or partly, so that strategic and especially in the global supply chain good decisions can be made?

How can we prepare and to what extent should we do that? When do they occur? How should we communicate about it? How do we break through the harmful law of psychology that states that what we are not used to is difficult to imagine, what we consider highly unlikely, and what we consider unlikely is considered to be negligible. What type of network leadership do we need? What is the role of who? Is it necessary to give everyone subsidiary decision-making rights? Or even decision-making obligations? How can we get people to develop sufficient trust in each other on such a scale? And how far does the geographical scope of the approach extend? Which partners do we want to involve, sectors, countries, continents…

But another question also arises: what is the chance that I have proximity bias in this reasoning because of the latest news reports? Or another kind of bias? According to recent studies in the UK, bias is said to be a pervasive problem. That thought also makes me insecure. There is work to be done. Perhaps for everyone.

When are scenario thinking and future planning appropriate in risk management ?

Author: Manu Steens

In this article I write my own opinion, not that of any organization.

On the one hand, we have risk management.

In risk management, it is common practice to translate a risk as a product of probability and impact.  The most well-known formula for measuring a risk is:

R = P * I

R is the measure of risk, P the measure of the probability of an undesirable event occurring and I its impact on achieving the objectives of the organization. Both are considered known.

Special attention in this article is paid to the situation in which there is a high degree of uncertainty with a risk. Unlike certainty, usually mathematically defined as a number between 0 and 1, or between 0% and 100%, uncertainty is rather something we feel but on which we cannot attach a clear mathematical definition that leans back on certainty. What we do know, however, is when the uncertainty is maximum for the occurrence of an event as a result of a cause. That is if the probability is 50%. Why? Because then the occurrence of the event is a coin on its side: you really do not know which way it will fall.

On the other hand, we have the combination of the future strategies with scenario thinking.

In itself, risk management is also a bit like thinking towards the future: if the probability is high, for example 95% chance of occurrence, then there is a relative high certainty of the occurrence of the impact. It is then, from risk management and in function of the impact, that one has to define and implement a measure. This allows the impact to be optimally prevented or mitigated (in the event of a threat) or provoked to the maximum (in the event of an opportunity).

However, the reasoning I want to make here is this one where the uncertainty is maximum. There it is therefore unclear whether the event will occur, or not. So a twofold future occurs: the event happens or does not happen. With this, a game of extremes occurs, for example:

  • Will it be war or peace?
  • Will healthcare become more preventive or more curative?
  • Will sufficient measures be taken in time for the climate or will it become an unbearable climate?
  • Will there be famine or abundance?

With such uncertainties one can consider these uncertainties in their own right, where one has two futures per uncertainty, or one can  express them per two against each other (if they are sufficiently independent), obtaining quadrants that represent four futures.

In theory one can work with n uncertainties, where one then obtains 2n futures but it becomes problematic, because already from n = 3 one has 8 futures, which becomes unworkable and also because in practice it  becomes more difficult to maintain the independence of these uncertainties.  And that is necessary to foresee extremely different futures.

For each of these futures, instead of directly defining measures, one can then start thinking about scenarios. This is a strategic choice, where one defines how one will act in a certain direction depending on which future becomes true. This instead of putting a single project or action in the pipeline because one has a strong expectation regarding whether (probability rather high) or not (probability rather low) the event with a specific impact will occur.

In order to be able to make the right choice, it is necessary to explore the evolution of the circumstances of the organization.  In other words, lowering the uncertainty about the knowledge of the future. To do that, one has a number of things that one can do.

  • The very first thing to do is to dare to question the assumptions. Are the assumptions that were made the good ones.
  • One determines the extreme futures, the scenarios, and whether one is ready for it, or whether, in contrast, one still has work to do. Usually it is the latter. To this end, one looks at which strategic option is most useful in which possible future. These options involve developing possible future projects or actions, and thoroughly considering their effects with a 360° view. As far as possible, tests or exercises are carried out to estimate the possible effects.  What are the shortcomings that need to be filled in?
  • Furthermore, there is the collection of the necessary information. One will define relevant parameters – indicators – and follow their trends. One determines in advance when one will decide on the basis of which (combination of) indicators which strategic options one will roll out. This is important, because being there in time and preparing for a future can determine whether one can get a  competitive or societal advantage from it or whether one is more likely to encounter a problem.
  • When the future unfolds, one deliberately monitors it, and consciously chooses the pre-agreed options tailored to the actual nuanced future. The timing of the decision and the roll-out of action plans is then crucial.

Conclusion:

Scenario thinking and future planning are relevant within risk management. However, one should have a good idea when this is the case. A rule of thumb is: do this with priority where the probability of an event with a certain impact is average.

Usually there are multiple risks with an average probability. Then give priority to risks with a high impact. After all, these give a more extreme course of the possible futures. As much as possible, make sure that you work with uncertainties that are maximally independent of each other if you plot them against each other.

However, if the impact is very large, and opportunities exist to influence the probabilities in your favor, do not fail to do so with common risk management strategies. “Choose your battles wisely.” After all, future planning and scenario thinking are especially useful when the internal and / or external environment of the organization are substantially uncertain. The choice to work on certainty, or to try to take advantage of uncertainty, is also a strategic choice in itself. And that depends on the capabilities of the organization. The internal environment can usually be influenced. Tinkering with the external environment is usually an impossible task. That is why this technique is also important when trying  to look at risk management objectively for the organization as part of the world.

170 pitfalls for ERM in Europe

Inspired by the book “Enterprise Risk Management in Europe”, Edited by Marco Maffeic

What is it about? It is about the implementation of ERM in organizations in Europe. This is accompanied by a number of obstacles. So there are pitfalls in the implementation of ERM in Europe.

The practice-oriented definition of risk management that is used is as follows:

“Risk management consists of active and intrusive processes that:

  • Are capable of challenging existing assumptions about the world within and outside the organization;
  • Communicate risk information with the use of distinct tools (such as risk maps, stress tests, and scenarios);
  • Collectively address gaps in the control of risks that other control functions (such as internal audit and other boundary controls) leave unaddressed; and in doing so
  • Complement – but do not displace – existing management control practices.”

This book does a study on that. Each of the first 13 chapters are about the situation in a country. This is followed by two reflective chapters about the countries. The countries concerned are: France, Germany, Greece, Italy, Lithuania, Netherlands, Norway, Poland, Portugal, Spain, Sweden, Switzerland and the United Kingdom.

Finally, in a number of hierarchies, a summary is given in an academic way.

But what seems really important to me are the identified lessons from which insight comes into what can be the cause of ERM going wrong.

The identified lessons that tell why ERM can go wrong are listed in the accompanying excel sheet. This can be used as a kind of attention list for the (further) expansion of ERM.

Covid19 – How “not to waste this crisis”?

Author: Manu Steens

In this article I am writing my own opinion, not that of any organization.

The former Belgian minister Philippe De Backer wrote a book “En nu is het oorlog” (And now it is war).

Let me take this statement literally, and view the future post-covid19 period as a post-war period.

The economic recovery after the wars and crises of 1870, 1918, 1945 happened very quickly: a matter of a few years. Usually five years or less. After that, production growth stagnated. (reference: Alfred Suavy, “Het probleem van overbevolking” (Malthus et les deux Marx)) The limitation of the growth of production after recovery did not exist because there was a shortage of injection of money, nor of machines, but because the population was limited in knowledge and skills. And the factor that one cannot include in accounting is that of people. As one can with money, property, equipment, buildings and debts.

Let’s create two lines of thought. The first: there is a huge war that is destroying all machines and buildings. But the people survive. What happens is that external parties provide them with food, people start making machines, and after a few years there is no longer a backlog. After a rapid return on the actions they take, they evolve towards a plateau of growth which then slows down. Because for more growth, even more knowledge and skills would be needed.

The second line of thought is one in which all medical staff and other highly skilled, such as managers, specialized employees,… would disappear.

Then it will not help in the same way to just bring more money or food to the area: the knowledge and skills needed lack to catch up with the region’s enormous skills shortage, it will take decades to even make any recovery. Let alone keep up with the normal extrapolation of the past.

Fortunately, we are not quite in this situation, although as far as healthcare is concerned, there is serious pressure.

From this short argument, which should actually be supported by figures, one can estimate that knowledge and skills are possibly the most important factors for a recovery after a huge crisis.

Governments have made huge financial sacrifices to allow some sectors to survive. “Golden rules” were also issued in Belgium. Some were very difficult, such as that of wearing a mask in several places, linked to social distancing. But there were also other rules that made us work differently where possible: working from home was sometimes recommended, sometimes (partially) mandatory.

Now I don’t know what other people experienced, some of us certainly miss the social chat with colleagues, which is certainly a loss to be mentioned, but there was also an advantage to mention. I speak for myself when I mention this, however, the days when I was working from home I was much more productive. I want to assume that this may have been the same for many people on such days. I sometimes went to my place of work, to relieve the social need, and those days my productivity was like an ordinary day before. However, I myself am only one ‘case’ and one cannot make a statistic on that, but it still inspired me to the following.

If, thanks to working from home, a number of people can do the “former” work of a week in 3.5 to 4 days, it would be interesting for both the employer and the employee to provide systematic training for these people. In a direct sense, this could include specialist training or employability-broadening training. But it is also possible to think indirectly: even matters that are not directly related to the ‘job’, such as training for many people in languages ​​or ICT applications, can indirectly inspire employees within or outside the job. And that will pay off for society, because during the aftercare phase of a crisis, every skill is super necessary.

Whatever it takes will be to perpetuate such work-and-learn behavior. Future generations will have to grow up with an implementation of lifelong learning, not just as a battle cry.

This is important to “not to let a good crisis go to waste”. Why ? I already wrote it: I read the book by Philippe De Backer, a former Belgian minister, “en nu is het oorlog” (And now it’s war). I took that statement literally. This means that if we can massively invest the time savings that we generate during this crisis in training, the knowledge and skills of the population will increase. The growth of production in the aftercare phase due to the grown creative capacity of more skilled personnel will find an engine in it to support it. As a result, economic growth will continue stronger for longer, and will help absorb some of the government’s financial injections. The flattening of economic growth will therefore slow down when we reach a higher level. And that could help curb potential future inflation.