|Lyndon Bird FBCI|
Some business continuity practitioners have argued that Risk Management techniques provide a tried and tested approach to dealing with conventional threats, but have limited effectiveness in identifying or evaluating rare but potentially catastrophic issues.
There has even been a host of terms that have entered our common lexicon simply to try and define these types of high impact situations. The former US Defence Secretary Donald Rumsfeld was much satirised when he talked about “known, unknowns” and “unknown, unknowns” etc. but it is proving to be a useful way of distinguishing types of threat.
The idea of “Black Swans” to define things that are outside of personal experience, and therefore missed when trying to register potential risks has also been much debated. Many have treated “Black Swans” as if they are the same as “unknown, unknowns”, but in most circumstances they are more akin to “unknown, knowns” - perhaps unknown to key decision makers but certainly not unknown to everyone.
For example the volcano ash cloud which closed European airspace is often called a “Black Swan” event – but every aspect of that drama was well-known by some people - the volcano might erupt (meteorologists); there is a level of ash that airplanes were not allowed to fly through (aviation authorities); and there is a relatively high tolerance to ash levels in more recently designed jet engines (aerospace engineers). So the problem was less to do with lack of knowledge but the failure to share and assimilate the significance of that knowledge.
This is at the heart of the debates we have about apparent failures of risk management; the Libor rate scandal; the sub-prime mortgage crisis that bankrupted many banks; the collapse of the once impregnable Arthur Anderson global business empire. All came as a great shock at the time, not only to outsiders, but apparently also to the Board and C-Suite executives of the organizations concerned.
Lack of available knowledge was not the problem; lack of knowledge by those who had the power to stop dangerous things happening was. Claiming such things as “Black Swans” helps deflect blame on the premise that “how can we have done anything about it if it was an inconceivable incident?” This excuse might work if a meteorite hits the earth, but not if we simply have failed to look at signs, talk to people who know what is happening and adjusted our behaviour accordingly.
I wonder if there is now a risk that we are headed towards another problem which is not being properly confronted at the right level. The Business Continuity Institute and the Chartered Institute of Purchasing and Supply conduct an annual survey into how well Business Continuity is being handled within the Supply Chain. As a basic question, we collect data about the main causes of operational disruptions across the world. One item has been steadily rising up the list until today this year it finished 3rd – after the perennial top-two of Adverse Weather and IT/Telecoms failure. That factor is “failure or serious disruption to services provided by an outsourcer”. In the world of globalization, low cost manufacturing and just-in-time delivery, we have treated outsourcing (and its close cousin off-shoring) as self-evidently good things. It allows management to concentrate on core business; it manages external costs better through competitive bidding processes and it buys in a higher level of specialist expertise than might be affordable in-house.
The problem is that some of this accepted wisdom is being questioned by supply chain and BCM professionals in organizations, but this message is not being heard by those who could change it.
As the global economy continues to stagnate, more and more pressure is placed on cost-saving and often this leads to excessive price pressure on those organizations bidding to gain or even retain their accounts. It also leads to more single source suppliers in return for lower prices and service provision from more geographically, politically and culturally unstable regions. This seems to be a trade-off between cost and reliability, and some feel the balance has gone too far with significantly more disruptions ensuing - which are then causing higher levels of dissatisfied customers and eventual loss of business.
There is always a need to make a judgment and a sensible balance between “no risk at any costs” and “any risk at lowest cost” has to be taken – but for those who favour the higher risk end of that scale do they really know what consequences they might be facing. Is this perhaps another “unknown, known” that top management might try to pass of as a “black swan” if all goes wrong?