Risk Management is all about unidentified risks that can pose a major threat to your organization or result in significant opportunities being missed. Frequently just after a failure, loss, blunder or catastrophe we discover in hindsight that the facts have been staring us all along in the face, but they have been either ignored or overlooked. Why is that?
A great article, Long history of intelligence failures responds to this question based on the military intelligence blunders from the wooden horse in Troy to the Yom Kipur war, Pearl Harbor, 9/11 and the Iraq War. I have adapted the article’s categorization of these risk failures in a way that I think we can all easily apply to our own business challenges:
1) Overestimation – a determination to overemphasize information, leading to a false conclusion.
2) Underestimation – business analysts or leadership completely misreads a competitor’s intentions or market event.
3) Over-confidence – bad assumptions based on our own certainty on how we would handle the situation.
4) Complacency – something is going to happen, though not sure what or when, and yet no action is taken.
5) Ignorance – When there is virtually no intelligence, we are at the mercy of events.
6) Failure to join the dots – failure to make connections between bits of intelligence to make a coherent whole.
Enterprise Risk Management is a proven framework to systematically address these six categories of weakness. My next Blog entry outlines the parallels in the enterprise business world and articulates how Enterprise Risk Management can be effectively used to protect us from these risk process pitfalls.