This article was originally published on LinkedIn in January of 2015, just a few months after Risk Cooperative was founded. Its premise at the time was that risk was dynamic and the traditional risk management frameworks needed to adapt if organizations wanted to effectively manage risk. Since its original publish date, this hypothesis has come true. The emergence of more and more man-made risks has rendered some insurance plans, and risk management practices ineffective. Enterprise Risk Management has gained new momentum, and firms are now seeking to achieve Risk Agility – a concept that promotes resiliency rather than risk avoidance. These ideas – particularly the principal of harnessing risk as a catalyst for growth – have been a guiding principle for Risk Cooperative, allowing us to assist organizations in tackling the most complex of risk issues. The tagline “Risk. Readiness. Resilience.” summarizes this perspective.
Risk is dynamic, yet most tools in the risk manager’s arsenal are not only static they are backward looking, creating a fundamental mismatch between the object of control and the methods used. Take for example the average insurance policy whose conditions are held constant for 12 months, with limited or no interaction, save for the occasional amendment or claim. The placebo effect that everything is covered during the 12 month operating cycle often leaves blind spots and coverage gaps – Murphy’s law would have it that this is precisely the area where losses will arise.
There is also the pernicious effect of taking and enhancing risks that would have otherwise not been incurred under the guise that they are covered or hedged. Similarly, there is ‘inertia risk’ or the risk of doing nothing. Often entire market opportunities and blue oceans are missed when firms stay on the sidelines. As an example, Sony once possessed all of the ingredients to beat Apple at the mobile content and platform game, where Apple is now ravenously redefining a number of adjacent markets including banking with Apple Pay. Not only did Sony control mobile music with its once ubiquitous Walkman, it had in-house content creation, movie and record studios, solid state drives and all other elements of what is now Apple’s principal revenue driver and a category defining segment. One can only imagine the cultural and organizational force of gravity that held Sony back from piecing together these elements. Professor Clayton Christensen famously surmised this organizational blindness as the innovator’s dilemma, where for fear of displacing their own revenues and making parts of their business obsolete, firms overlook innovations.
Indeed when looking at organizational mortality, the leading causes of failure are market related and often times insidious and preventable. SkyMall and its parent company Xhibit Corp. is another recent example of a firm that quite literally had a captive audience but failed to adapt to a changing market environment that included passengers rapt by their mobile devices. Surely the market for gewgaws and curios did not suddenly vanish, demand merely shifted to alternate channels where SkyMall may not have been present in a competitive way. What the SkyMall example illustrates is that business continuity is not only threatened by risks of the smoking crater variety, but also by gradual degradation of market positions hastened by a managerial inability to adapt. In risk management, there is no ‘glory’ in fending off slow decay and it is likely most strategists view their loss averse risk counterparts as part of the so-called business prevention department rather than as a source of value creation.
Firms that build enduring business models and thus enduring value, harness risk and are therefore bestowed with enviable staying power. These firms also have an innate ability to reinvent themselves, define new markets, build ecosystems and exploit adjacencies. Perhaps most importantly these risk-ready firms seem to promote bounded risk taking at all organizational levels. Bounded by a thin ‘line of control’ between profit and loss set against the typical forces that shape the market, risk-ready firms create a balancing act between risk factors and mitigating factors.
As illustrated in the diagram below, risk factors do not live in isolation from one another, rather they thrive in often discernible domains, such as economic, political and technological risks among others. While idiosyncratic risks may emerge confined to a single domain, their amorphous and contagious quality often enables risk to cut across boundaries shattering misapplied mitigating factors. Take for example Sony’s now famous cyber-attack. What initially began as a technological risk, also caused millions of dollars of hardware losses in the physical domain and millions in litigation exposures in the legal and juridical domains. Although the financial exposures pale in comparison to the initial technological loss, like battling a wild fire firms need to hold the line on many fronts to achieve dynamic risk control.