Skip to content

Prevention is better than cure - and other risk management cliches

There are many well used, almost clichéd phrases in the English language that contain powerful messages for the risk manager. Some that come to mind include:

Every cloud has a silver lining:  If we suffer a risk incident, we can usually find value, especially if we manage the incident really well and learn from our past mistakes.

What doesn’t kill you makes you stronger: Failure is good, as long as we fail within our risk appetite, fail fast, fail with minimal damage and most importantly, learn from our failures. This will only make us stronger in the long term.

And my favourite…

Prevention is better than cure: It is better to practice proactive, preventive risk management rather than reactive firefighting risk management. 

I am currently working in Istanbul and on arriving in mid-July, there are many Turkish flags flying around the city to mark the one year anniversary of the attempted coup that was successfully quashed. 15 July 2016 saw a short but violent and disruptive civil unrest which caused disruption to the workings of the city and the people and organisations that operate here. One year later and it is evident that there is a renewed focus on business continuity and disaster recovery planning in the wake of those experiences. This reflects the first two clichés and should end up making businesses in Turkey more resilient. However, it does bring "prevention is better than cure" into focus in that if we were practicing good preventive risk management, we should already be ready for incidents that arise.  

Often in  r isk management , we need a major event to wake us up and to get our house in order. This arises from a common human trait of not adequately assessing or managing risk until it happened to us. A favourite Australian saying “she’ll be right” is often used when we want to do something and someone mentions a risk and we do wnplay it and go ahead with the activity anyway.


These incidents we suffer can have value as implied by the first two phrases “Every cloud has a silver lining" and “What doesn’t kill us makes us stronger”. However, I think if we practice excellent risk management the last phrase is the most powerful “Prevention is better than cure”.

If we can understand the risk BEFORE we suffer an incident and we manage that risk early on to prevent it from happening in the first place, this must be better than waiting for an incident before we act and learn.

If we are to move our risk management practices to be proactive, we need to:

  1. Understand the lifecycle of our risks very well, especially their root causes and early drivers. The use of Bow Tie analysis can be very useful here.

  2. We need to understand the different types of control that can be used to manage the risk: Preventive, Detective and Reactive and understand that Preventive is better than Detective which is better than Reactive. We can then assess whether we have an optimal set of controls for each risk. Read: Integrated Controls Assurance – Maximum Assurance, Minimum Effort

  3. We need a risk management framework that focusses on early management of risk. This will include Risk and Control Self-Assessment, Stress Testing and most importantly leading Key Risk Indicators.

If we practice this early understanding of, and intervention in, our key risks, could we get to a stage that incidents do not happen anymore? Maybe we will not eliminate all incidents but I believe we can substantially reduce the number and size of incidents that many businesses are experiencing by being much more proactive than we currently are. 

If we can achieve this, we do not need to experience “clouds” and “things that nearly kill us” in order to harness learnings and value. We can be smarter and prevent the things before we need to cure them.

Protecht Demo Recording Banner.png

 

About the author

David Tattam is the Chief Research and Content Officer and co-founder of the Protecht Group. David’s vision is the redefine the way the world thinks about risk and to develop risk management to its rightful place as being a key driver of value creation in each of Protecht’s clients. David is the driving force in driving Protecht’s risk thinking to the frontiers of what is possible in risk management and to support the uplift of people risk capability through training and content.