The changing nature of risk and risk management: the challenge of borders, uncertainty and resilience
Publication Year: 2009
Journal: Risk Management
The dynamic nature of emergent hazards requires new techniques and analytical frameworks for dealing with low probability – high consequence events (‘black swans’) (Taleb, 2007) that are contextualized within a highly connected system.
Three challenges concerning risk management
1). Borderless nature of risk Risk is a borderless phenomenon and there has been insufficient academic attention focused on the issues that surround the management of those risks across the various “borders” that exist. In part this is because of the silo mentality that often exists within organizations and which is exacerbated by strict disciplinary boundaries within academia.
This presents several challenges to conventional approaches to risk management: (1) borderless risks often lack the a priori evidence that would render them predictable to any degree; (2) they are sufficiently large, in terms of the damage that they cause, to trigger further hazards or crises further down the timeline and (3) their origin, evolution and final scale and form are frequently unknown, such that they represent an emerging, ill-understood and ill-defined set of risks that need to be dealt with.
Three emergent forms of risk - Failure of sub prime markets in 2008 à The failure of established and reputed financial institutions and business and the need for others to be rescued by their respective governments provided a clear indication of the vulnerability of connected organizations to shock events within the globalized business environment. - Pandemic outbreaks à The risks associated with the potential for a pandemic outbreak of flu remain an issue of concern to health professionals and one that is constantly monitored by health surveillance systems globally. Even more so, the extent of media coverage, and the potential for the media amplification of risk potential, remains an issue for organizations to deal with as part of their wider crisis management strategies. - Terrorist attacks à The constantly evolving but largely unpredictable nature of terrorist threat continually seeks to expose the vulnerabilities that exist within organizations and government agencies.
These all illustrate the trans-boundary nature of risk as well as the potential to by-pass organizational controls thereby leading to an escalation of their consequences.
2). Risk and resilience Two definitions of resilience - Engineering perspective: Resilience is seen as stability near an equilibrium steady state where resistance to disturbance and speed of return to the equilibrium are used to measure it (efficiency, control, constancy and predictability). - Evolutionary perspective: Resilience is the ability to deal with high levels of uncertainty around the issues of persistence, adaptiveness, variability and unpredictability For low probability high consequence events reliance on the engineering approach no longer provides a firm basis for assessing emergent threats. We therefore need to reconsider our approaches to risk management.
3). Spaces of vulnerability and spaces of destruction The landscapes in which organizations operate are invariably fractured and pitted. There are spaces of vulnerability that exist both within and between organizations and these have the potential to expose weaknesses in organizational controls and thus impact upon the limitations of strategies to develop resilience.
The interplay between resilience and the search for equilibrium by organizations will create fractures within the defenses, which organizations establish to ensure stability in the first place. Managers may then ultimately become the authors of their own misfortune as they seek to create rigid systems of control that maintain a particular point of equilibrium in situations where the dynamics of the system mitigate against such rigid attempts at control.
This article is related to the adaptive cycle in a way that it describes three challenges concerning risk management and also takes into consideration which role resilience takes in these challenges. It poses two definitions of resilience as pointed out above. These definitions show an engineering perspective and an evolutionary perspective. Within these perspectives a lot of determinants are posed like efficiency, control, constancy etc. In relation to the adaptive cycle these determinants also play an important role as to becoming a resilient organization that can deal with high levels of uncertainty. This article states that the conventional approaches to risk management need to be reconsidered. As posed in the literature about the adaptive cycle that we are studying we see that “On the one hand organizations need to be able to manage the present in order to maximize profits and satisfy the short-term interests of shareholders. One the other hand, they need to be flexible, innovative and able to adapt quickly to unforeseen circumstances” (Adaptive Cycle, 2014). This backs the fact that resilience is an important state that every company has to create as this is a great way of risk management. This article of Fischbacher-Smith and Fischbacher-Smith (2009) does show though that creating resilience is hampered by spaces of vulnerability that exist both within and between organizations. As pointed out in the examples of the failure of established and reputed financial institutions, pandemic outbreaks and terrorist attacks. This shows that a lot of new factors and events have their influence on risk management as well as on the adaptive cycle (take the challenge of borders into account). A new way of developing resilience and strategies to manage risk have to take in account three emergent forms of risks which are not considered in the available literature just yet.