There are many well used, almost clichéd phrases in the English language that contain powerful messages for the risk manager. Some that come to mind include:
Every cloud has a silver lining: If we suffer a risk incident, we can usually find value, especially if we manage the incident really well and learn from our past mistakes.
What doesn’t kill you makes you stronger: Failure is good, as long as we fail within our risk appetite, fail fast, fail with minimal damage and most importantly, learn from our failures. This will only make us stronger in the long term.
And my favourite…
Prevention is better than cure: It is better to practice proactive, preventive risk management rather than reactive firefighting risk management.
I am currently working in Istanbul and on arriving in mid-July, there are many Turkish flags flying around the city to mark the one year anniversary of the attempted coup that was successfully quashed. 15 July 2016 saw a short but violent and disruptive civil unrest which caused disruption to the workings of the city and the people and organisations that operate here. One year later and it is evident that there is a renewed focus on business continuity and disaster recovery planning in the wake of those experiences. This reflects the first two clichés and should end up making businesses in Turkey more resilient. However, it does bring "prevention is better than cure" into focus in that if we were practicing good preventive risk management, we should already be ready for incidents that arise.Often in risk management, we need a major event to wake us up and to get our house in order. This arises from a common human trait of not adequately assessing or managing risk until it happened to us. A favourite Australian saying “she’ll be right” is often used when we want to do something and someone mentions a risk and we downplay it and go ahead with the activity anyway.
These incidents we suffer can have value as implied by the first two phrases “Every cloud has a silver lining" and “What doesn’t kill us makes us stronger”. However, I think if we practice excellent risk management the last phrase is the most powerful “Prevention is better than cure”.
If we can understand the risk BEFORE we suffer an incident and we manage that risk early on to prevent it from happening in the first place, this must be better than waiting for an incident before we act and learn.
If we practice this early understanding of, and intervention in, our key risks, could we get to a stage that incidents do not happen anymore? Maybe we will not eliminate all incidents but I believe we can substantially reduce the number and size of incidents that many businesses are experiencing by being much more proactive than we currently are.
If we can achieve this, we do not need to experience “clouds” and “things that nearly kill us” in order to harness learnings and value. We can be smarter and prevent the things before we need to cure them.
David Tattam is the Chief Research and Content Officer and co-founder of the Protecht Group. David’s vision is the redefine the way the world thinks about risk and to develop risk management to its rightful place as being a key driver of value creation in each of Protecht’s clients. David is the driving force in driving Protecht’s risk thinking to the frontiers of what is possible in risk management and to support the uplift of people risk capability through training and content.