ICYMI; Risk Management Requires Quite Some Wider Perspective

Yeah, I’ve blogged about risk management quite a lot, lately. The most of content was about RM1 versus RM2; the former being the day-to-day control over negative events through controls, so as to get to the Objectives set by … well, that follows below, and the latter, being about tornado charts on fishboning all-than-needs-to-go-well-to-make-this-a-success factors, qua risk distributions.

Also, about the ubiquitous (total) proof that heat maps and similar semi-quantitative RM1 is tort, pure fraud. No need to sugarcoat it, right? The text “All models are wrong, but some are useful” was a joke but dunces took it as an alibi to still use their crappy models. Which is plain stupid, whatever ‘arguments’ one might bring against that qualification… Plus, one’s not dealing with simple things [or must be relegated to child’s play work and pay..!] but with complexity. As here. But then, as said I’ve blogged about that sufficiently too, as here. Model risk stands at 100% #fail.

Now, suddenly I found this piece. It re-iterates the above RM1 ↔ RM2 distinction, and adds quite some interesting angles [what follows is my take from it, with some personal sauce extension…]:

• Every objective is (part of) a representation of some ultimate goal(s). Without clear goals, no suitable objectives, raising the risk (sic) that when objectives might be achieved, the goals still aren’t;
• Or rather, the goal (post)s may have moved. Is there anyone out there monitoring this?
• Which includes: Does anyone track the continued alignment of the objectives to moving targets?
• Which include-leadsto: Does anyone track the continued alignment of all organisation incl RM activities to the changed objectives?
• Do all truly recognise, in every their daily activities that actually they contribute towards some defined objective(s) ..? Don’t lie;
• Do all that deal with ‘controls’ recognise, in all their work [i.e., including that their very presence is a control of a slightly higher level only] that they deal with Whats that are a translation of Hows of a higher level, and their Whats will be translated into lower-level (higher!-detail) Hows, and that it is their duty and obligation [failure of delivery upon which they are to be sacked with full salary clawback, obviously] to take into account where the ‘downward’ translation leads to, all the way to shop floor level, and see whether the controls there are still workable or else the translation needs to be re-done until this is solved? Don’t lie;
• Do all involved in RM, see that they’re dealing with preventing negative influences from an ever-changing context, in the hope that the positives or even merely the neutrals, aren’t prevented by the very ‘controls’ they so desperately want [in lieu of understanding that one mustn’t want control but positives]? I repeat;
• Returning to the above-mentioned piece: Do all involved in RM understand [which of course goes waaay beyond mere knowledge of the regurgitating kind that most risk managers I know are at max capable of] that each and every choice, in goals, objectives, and controls, means alternatives are [at least partially] stalled or foregone ..?
• [Oh and don’t forget that when setting goals, and subsequent objectives, that the goals aren’t really Capital’s anymore, since decades or ever; they’re more and more clearly, society’s wishes as license to operate for you.]

I.e., we need real options back in the game, with a portfolio (management) approach – weighing rewards, and risks, in a balanced [and capped] non-perfect correlation manner that recognises that not only risk ceilings but also negative correlations play, here. Like, doing one thing foregoes 100% of the benefits of doing something else since you can’t do the latter out of budget constraints. Spend [‘invest’ with inclusion of your average success rate] on the one, cannot spend on the other. This also goes for spending on the one and not being able to afford sufficient buckets on risk control for the other [to manage that one back to acceptable residual risks].

There; you now see how interested I was in that other piece..? Tok about widening of your scope, being both peri-scope before launching your torpedoes, and scope being breadth, width of context and environment under study.

To ponder, I leave you with:

[ … del Sal certainly has seen its risks, all around and internally much less; Cataluña]