In the first of our three-part series, risk specialist Warren Black tells us why risk management in the modern age is harder than at any other time in history.
In a modern working world which is growing increasingly more complex, dynamic, unpredictable and disruptive each year; organisational resilience is fast becoming the only truly valid form of Enterprise-wide Risk Management.
Enter the Fourth Industrial Revolution (aka the Age of Perpetual Disruption)
Over the past decade or so, our working world has experienced a noticeable complexity shift as we have transitioned out of the process-driven Industrial Age into the data-driven Information Age. The rapid rise of personalised technology, big data, artificial intelligence, social networking and real-time information sharing has ensured that for the first time in human history we now live in a fully integrated, immediately informed and highly responsive global community. Not only is there now a personal computer in every home and workplace, but also in every pocket and purse; thereby ensuring that every human, business and government on our planet is interconnected through a colossal, global spider web of daily transactions, trade, travel & technology.
Resilience is the ability of an entity to respond positively to environmental changes.
This sudden increase in global inter-connectivity is now being referred to by the World Economic Forum as the “Fourth Industrial Revolution”, whereby we stand on the brink of a mass technological shift that will forever alter the way we live, work and socialise.
Consider how in a matter of only a few years our existence has converted into a singular Complex Adaptive System made up of at least seven billion touch points all interacting, interpreting and responding as a collective. The impact of such sudden and absolute global connectivity is undeniable - our global community can now collectively enable a business idea to go from a cocktail napkin to a multi-billion dollar listing in a few short years (Uber, AirBnB, Instagram, Twitter, Google, Facebook), whilst simultaneously dissolving other comparable businesses in favour of the next wave (MySpace, Yahoo, Blackberry, BlockBuster).
What makes the Fourth Industrial Revolution particularly unique is the speed, manner and reach in which disruptive change can now be enabled on a global scale. A single change in one established relationship can easily ripple and compound throughout all other global relationships to create massive, uncontrollable disruptions on an absolute and system-wide scale. Consider how in the current political environment; international trade agreements spanning back decades can now be dissolved by a single poorly worded Presidential speech; an inter-continental war can now be started by a single impetuous leadership Tweet; a hashtag type viral movement can alter global perceptions in a matter of days and fake news can influence the outcome of major political election.
Such is the reality of the new working world - it is highly informed, highly momentous and highly sensitised to change.
The Modern Risk Management Challenge
In this dynamic new age, the potential for disruption is everywhere. Continually evolving technologies, product trends, consumer behaviours, data sets and relationships means that disruption can manifest at any time from multiple contributing sources. The global risk management community is now faced with a particularly ominous challenge; how to effectively control high impact, organisational risks, borne from a highly inter-connected world, experiencing ever increasing frequencies of change.
Modern risk methods have helped organisations become highly Robust to anticipated threats, but also highly Vulnerable to unanticipated threats. Many organisations now exist in a state best described as “Robust Yet Fragile” - John Doyle, California Institute of Technology
Most organisations will almost certainly look towards their existing enterprise-wide risk management frameworks for assurance on this topic, but unfortunately many of these frameworks are scientifically invalid. Conventional enterprise-wide risk management solutions are most often designed to control those foreseeable risks which are borne from rational-ordered, cause & effect style relationships. Think about it, that is exactly what risk registers, heat maps, bow-ties and internal audit plans do, they attempt to mitigate against those individual risk scenarios which are identifiable, measurable and treatable in a logical, step-by-step, rational-ordered manner.
Basic complexity theory, however, teaches us that as systemic complexity increases, environmental rationality and predictability decreases - so much so, that at the highest levels of complexity there is wild environmental disorder (chaos). It is thus questionable whether rational-ordered risk solutions can control Disruption, which in itself is a form of system driven chaos. In turn, many modern organisations now potentially exist in a state which at face value appears highly robust, but in character is systemically vulnerable to the ever-probing and emergent changes offered by the new working world.
Moving beyond a “Robust Yet Fragile” state
For most organisations, their increased operating complexity can be felt on a daily basis; the shear volumes of data, systems, technology and relationships which they need to be on top of in order to succeed is fast becoming insurmountable. It is becoming near impossible for organisations to proactively foresee, evaluate and establish controls for all the possible risk outcomes, across all the possible landscapes, all of the time and within sufficient time. The modern working world simply comprises of too many highly energised, shifting relationships.
Enterprise-wide risk management during the Fourth Industrial Revolution can thus no longer just be about controlling foreseeable risk scenarios, it also has to be about future proofing the entire organisation from “whatever this way may come”. More to the point, modern organisations now need to embed a demonstrable sense of Resilience which will allow them to respond intelligently to emergent industry circumstances.
Case in Point; The World Economic Forum’s Global Risk Report of February 2018 put particular emphasis on encouraging organisations to start establishing resilience as the primary goal of their risk management efforts. The WEF’s particular concern was that organisation’s need to become better equipped to withstand those highly disruptive/emergent industry up-swells, shocks and stresses which have become synonymous with an increasingly complex working world.