The book “Blink” by Malcolm Gladwell is a must read for risk managers. Chapter one opens with the description of the approach used by the J. Paul Getty Museum to perform due diligence on a famous statue’s authenticity prior to acquisition for their collection. This is a classic low frequency and high impact event with a price tag of $10 million for the statue. They hired a team of consultants and lawyers that did deep analysis. For example, a geologist determined the marble used for the statue was consistent with the statue’s origin and a legal team did a paper trail that validated the chain of ownership. After 14 months of investigation, the Getty Museum staff with the help of professional consultants concluded the statue was authentic, and the Getty Museum made their purchase.
However, when the statue was shown to art experts their conclusions were immediate that it was a fraud. These art historians sensed that although the statue had all the obvious telltale signs that it was genuine, their instinct told them it was a fake.
As a result, the investigations were revisited and the holes began to appear in what was previously determined a rock solid conclusion. Eventually, the statue was revealed to be a forgery dating back to Rome in the early 1980’s. How could 14 months of rigorous due diligence by highly trained and paid professional consultants be wrong? So wrong in fact, that art historians who relied on their instincts could come to the correct determination in a matter of moments?
The author, Gladwell, argues in his book, a powerful process in all of us is working subconsciously to sort through huge amounts of information gathered over a lifetime, make associations between data, and extract key indicators to arrive at rapid highly accurate conclusions.
This is also the process of Enterprise Risk Management (ERM). A few ERM best practices are illustrated in this story:
- Let your line management lead the risk management process for their areas.
- Capture this expert opinion with a framework of risk indicators and a root cause discipline to ensure the quality of capturing the expert opinion.
- Document their self-assessments of their operating processes to identify “What could go wrong?” based on their powerful expertise gathered from intimate knowledge of the subject matter.
- Evaluate the expert opinion to determine if action needs to be taken.
- Formalize the mitigation process to follow-up on these instincts to craft a plan of action that takes into account historical data and traditional analysis.
- Monitor the plan of action to make sure it actually achieves the goal rather than just appearance.