When Tiger Woods was standing in the bar contemplating another encounter I bet he didn’t consider the full implications of his actions. It’s only another text message (or secret rendezvous), Elin will never find out…
Just like most disasters it is never a single act that ends in disastrous consequences, but a series of unfortunate events, each one with its own level of risk. If we look at some of the major disasters in the industrial world we see this pattern emerging. Piper Alpha, Bopal, and Seven Mile Island are three such examples. Disasters that have happened in your own company are probably not as big as these, but still big enough to have a negative impact on your organisational performance or reputation.
How do these disasters happen though? In most organisations there are risk managers, SHE managers, five-minute risk assessments, method statements for work – surely we have thought about every situation? The problem instead is comfort. Let’s look at Tiger again when he had his first encounter. I can guarantee that he paid a lot more attention to his actions the first time than he did on later occasions. Comfort in our actions is sometimes referred to as complacency and with complacency we cut corners or don’t think things through completely.
In organisations we often see one of two scenarios. The first is where the organisation diligently lives and acts as a risk-astute organisation, from the managing director all the way down to the cleaner. They understand the risks involved in their role and the complexity of risk in combination. In the second scenario, the organisation has evaluated risk and put systems in place to identify it, but never has review sessions. What’s the difference between the two? The first understands that with a changing environment, risks change. They understand the risk and they change their behaviour to mitigate that risk. In the second example the organisation thinks that going through the exercise once is enough for all situations and they disregard the changes in environment because they think they have it covered. In other words, they become complacent.
So how do we need to think? How do we need to act?
We need to consider our environment, attitude and tolerance to risk changes. Risk management is about constant understanding of and sensitivity to changing conditions. Risk in a company is usually evaluated at the business risk level i.e. What happens if our suppliers go out of business? Who are our competitors? What skills shortages will we encounter in the future? It is also nearly always evaluated at the asset level or job level.? We must also consider system risk which can be a series of accumulated risks, and portfolio risk, for example we have three operations all producing the same product – what happens if we have a drop in demand?
Risk management is all about how much residual risk one can afford to accept. Hopefully next time around Tiger will look at the residual risk and act in accordance with his risk tolerance. Elin, however will look at how she can now mitigate her ongoing risks and look after Tiger’s $100M for him!