There is little I see about the practice of risk management today that is particularly helpful.
In many companies, the approach seems to be a combination of formalized risk tracking and cultural engineering. To control downside, managers make and track long lists of standardized business risks, as in the interminable listing of risk factors in the Management Discussion & Analysis (MD&A) required by regulation in the annual financial statements of public companies. To balance that and avoid squelching productive risk-taking, they often foster in tandem a culture that celebrates failure and encourages risk-taking behavior.
In my experience, neither contributes positively to managing risk. In fact, they seem to combine to increase it.
The only reason to celebrate failure is if we learn something useful from it. And the only way we can do that is by laying out the logic of the initiative in question rigorously in advance. That means specifying the expected outcomes and then systematically specifying what would have to be true for the initiative to succeed. What would have to be true about the industry, about the customers, about our capabilities, about the competitors?
That is the logical structure of risk — as opposed to the laundry list of standardized risks beloved of regulators. It’s also very different from the trial-and-error philosophy implicit in the “celebrate your failures” school of thought.
If we have that logical structure thought through and documented in advance, we will have a much better chance of understanding which of the things that we knew and believed would have to hold true didn’t turn out the way we counted on. We can learn things, for example, about how we were overconfident about how fast consumers would adopt our new product, but we were right about the industry, our capabilities, and competitor reaction. Or maybe everything was right except our assumption about a key competitor’s ability to replicate what we did.
Suppose, for instance, the success of a new product launch requires that consumers switch relatively quickly from competitors. If that condition and its link to the initiative’s outcome have been made explicit, the product launch team will know to test and track how consumer behavior evolves. They will be more alert to changes in that behavior and can act to mitigate or exploit those changes.
But if consumer behavior is one of a long list of largely undifferentiated risks, it will very likely be tracked passively and its impact will become apparent too late for the company to do very much about it. In that case, the success or failure of the product launch will be largely outside the company’s control. In which case, why should the team be rewarded for anything?
Bottom line, risk management predicated on a mix of standardized risk tracking and cultural norms falls short. The only way for risky behavior to create value is if it is logically and precisely directed. If you learn how to do that successfully, you’ll soon find that you’ll actually be able to take on bigger risks than you might have thought possible.
Article by Roger Martin: