Look out! Be careful! That’s dangerous! Should you really be doing that?!
Risk has become quite the four-letter-word. It is, in certain circles, the new fetish to obsess about. In corporate corridors, over boardroom tables and in workshops and meetings (especially in workshops and meetings) risk management is a topic of seemingly endless discussion.
Don’t get me wrong. Risk management is important. In a project management context, for example, risk management has repeatedly been shown to be one of the most important practices in successful project delivery, at least for simple and straightforward projects. Thinking about what could go wrong, anticipating how to address that problem and putting appropriate plans in place to do so make for good project delivery. Which is just awesome.
The problem is when risk becomes the focus to the exclusion of all else. And, in some circles, this is exactly what is happening. I have seen entire organizations functionally disabled by the implementation of ‘enterprise risk management’ practices. Not only has the bureaucracy of ERM practices completed bogged down their functioning, but just about everything hitting the ERM radar (and that’s a surprising number of things) is viewed as a problem.
The big challenge with risk management is a realistic and meaningful assessment of how likely something is to occur, and how meaningful it is. Sadly, human beings are pretty inadequate at evaluating probability and impact accurately. As Daniel Kahneman and Amos Tversky discovered in their ground breaking work, our ability to estimate probability pretty much falls to pieces at the margins (a different application of the 80/20 rule). We also fear loss far more than we hope for gains, and that leads to a bit of an unbalanced focussed.
The reality is that focussing obsessively on risk has a significant downside. Those who adore and embrace the idea of enterprise risk management are, not surprisingly, relatively risk averse. They are more cautious and conservative, and have a greater appreciation for the status quo (in fact, they are heavily invested in maintaining the status quo). As research has shown, however, these are the same people that, in the face of actual losses, become our most risk-taking. In essence, the fear of the status quo being upset leads them, in times of chaos, to take some of the riskiest behaviours.
Fear is never a particularly awesome place to work from, in the first place. The impacts of stress are well documented, and proven strategies exist to manage stress. Obsessing on risks and potential negatives is not how to get the best out of your people, or your organization. In fact, obsessing on gains and accomplishments has shown a far greater link to not just performance but also overall well-being.
Failure also has a place, but it works not from the perspective of fear but of motivation. Put more simply, when we fail we learn. If we are playing it safe, we aren’t putting ourselves out there and experimenting. We’re not stretching. And the results when we do stretch, and we create an environment where failure is not only possible but actually expected, is pretty interesting. Just as negative feedback can lead to more honest and meaningful conversation, encouragement of failure can lead to more successful and creative outcomes.
This has some interesting insights for risk management. Our obsession with what might go wrong runs the risk of keeping us in place. Accepting that things might go wrong, but we won’t find out if we don’t try, starts to promote taking action. Encouraging ourselves to do things that likely will go wrong actually guarantees that problems will occur, but also—well guided—has the opportunity to create far greater success. The key is what is emphasized: risk management avoids problems, while managing failure promotes learning. If we learn, we won’t fail next time (or we will, but in a new and interesting way that provides an opportunity for even more growth).
Managing risk has a place. Taking a risk is also important. After all, risk is where the profits are.