In David Rubens sixth exclusive article for Infologue.com, he discusses risk management. David writes; “It is always hard, looking back, to remember that those people who look so strange in those sepia photographs wearing their Edwardian finery, or driving their Model-T cars, listening to the first phonograph, or even carrying their first mobile phones (the size of a brief case, a battery that could be used to build muscles, and a carrying-case that was vital to allow you to carry it over your shoulder!) didn’t think that they were quaint at the time – for them , that was cutting edge modernity. In much the same way, it often seems that the risk management models that we are using are based on Edwardian technology in a modern setting, or, to extend the analogy in the title of this piece, are two-dimensional programmes in a three-dimensional world.
“The classic risk management that I am referring to is not just the simple (though still highly appropriate and effective) Likelihood / Impact matrix, but the straight-line management charts that characterise the ‘Crisis Management’ programmes of most organisations. These are usually made up of clean lines of arrows drawn horizontally between various boxes, indicating the sharing of information between units, divisions, agencies, etc, and other arrows drawn vertically, showing how information is passed up the chain of command, and how orders are passed down.
“The truth is, if course, that as soon as something does go wrong, the response programme never acts as planned, and you are immediately caught in the maelstrom of chaos that typifies any crisis. (And almost by definition, if there is not that state of chaos – then it is not a crisis, but simple a Major Incident. A crisis is only a crisis if your normal command-and-control capabilities have broken down).
“There are an increasing number of incidents that are outside of what could be called ‘traditional’ risk management models – they are even moving beyond what can be called ‘Loosely Structured Problems’ into truly ‘Wicked Problems’ (as they were first labelled back in the 1970’s) – that is, problems that actually have no solution. Whether it is the 600 million people across northern India who were left without electricity during a recent blackout (10 per cent of the entire global population!); the increasing examples of bank IT systems failing, leaving customers literally without money except for what is in their pocket at the time, or the effects of the Fukushima tsunami / earthquake, which not only led to the disruption of global supply chains (and were the direct cause of factory closures in the UK), but led to a situation, within a few days, where Tokyo, a modern city of eight million people, was literally on the edge of running out of food. It is the defining characteristic of Wicked Problems that the nature, scale, impact and consequence of these situations cannot be managed or solved through traditional straight-line thinking.
“As a test of your own resilience in the face of ‘non-tradition problems’, ask yourself how well your Business Continuity Plan would stand up if the entire mobile phone network was taken out – whether through natural climactic or sun-spot activities, terrorist attack, technology failure or plain, old-fashioned human error. Most of us no longer know the numbers of the people we need to speak to – they are simply programmed in on our cell phones – and it is frightening to think how isolated we would be from our families and loved ones if those numbers were wiped out from our systems.
“Just as with the collapse of the global banking and financial systems, the problem with the ‘unthinkable’ is that it is only unthinkable until the moment that it actually happens – and then, in a flash of realisation, it immediately becomes clear that it was, in fact, a historical inevitability, if we could only have seen the underlying causes that created the meltdown. For Risk Managers in particular, it is the willingness to ask the hard questions that is the first step in starting to at least think about the right answers.”
David Rubens has been involved in UK security consultancy for twenty years. He holds an MSc in Security and Risk Management (Leicester University), and is a Visiting Lecturer and Dissertation Supervisor on their Security, Terrorism and Policing MSc programme. He was a Visiting Lecturer on the Strategic Leadership Programme at the Security and Resilience Department, Cranfield University, UK Defence Academy (2009-’10), focusing on terrorism & public policy and the management of large-scale, multi-agency operations. He has written specialist reports for government agencies in Japan, Russia, Dubai, Nigeria, Liberia and the Caribbean, and is highly-regarded as a speaker on the international security circuit. He is currently on the Professional Doctorate programme at Portsmouth University Department of Criminology & Justice, where his research is concerned with the strategic management of security operations at the extremes of organisational complexity. He can be contacted at firstname.lastname@example.org/www.davidrubens-associates.com
Opinions expressed by contributors and commentators do not necessarily reflect the views of Infologue.com or Interconnective Limited.