Alto42

Elasticity

[Last amended: 16 Jun 16]

 

Elasticity, Not Risk Management

 

Elasticity is not just another way of managing risk. Rather than try to stop stuff happening, it is a way to recognise the problem solving capacity that already exists within an organisation and the efforts that take place on a day to day basis. Elasticity looks to foster these problem solving systems and help them work more effectively.

 

Below we have a standard risk management matrix  that balances the probability and the impact of an event rated on a five point scale. The scale ranges from very low to very high. Events are rated for their probability and impact and plotted onto the matrix. Events will then fall into, in this case, one of four rankings. These are shown by the red, pink, amber and green coloured areas.

Alto42 main banner
Risk Governance Management Specialists
  • The red area denotes those issues that have been deemed to be an extreme risk. Those are deemed to be the most critical and therefore would be addressed as the highest priority. The team would act immediately and would look to eliminate these risks completely.

 

  • The pink area denotes high risk issues that call for quick and definitive action. These issues rank as a secondary priority. Here, in addition to thinking about eliminating the risk, substitution strategies may also be employed.

 

  • The amber area denotes medium risk issues where it is thought best to take some reasonable steps and develop strategies within a set timescale. Such risks do not necessarily require significant resources as it is thought that they can be handled with smart thinking and logical planning.

 

  • The green area denotes issues that are thought to be low risk and can be ignored as they are thought to be unlikely to pose a significant problem.

 

These areas call for action or inaction. Generally the range of actions is seen to include taking the risk, transferring it to a third party, treating it or terminating the activity.

 

An examination of organisational disasters reveals one key finding. It is that these assessments often prove to be fatally flawed .The flaw is revealed in one of two ways. The first is that events that have a high impact but a very low probability (denoted by Circle A) still have a horrid habit of happening. The second is that, in a complex world, events that on the surface many seem to be of no consequence turn out by some unimaginable mechanism to produce catastrophic effects. Experience shows that it can be disastrous to dismiss a possibility just because it is very unlikely or because, on the face of things, it is thought to be of little consequence.

 

In the case of seemingly very rare events that are seen to have potentially catastrophic consequences, experience warns that it might be a fatal mistake to ignore them. This has made me think of the need to define those issues that cannot be allowed to happen as they are unacceptable,  rather than just being undesirable, to the organisation (here denoted by triangle B). When couched in these terms I have often found that there is a mismatch between the red area and the area covered by triangle B. Under the idea of elasticity, rather than just dismissing such events there should be consideration of how the organisation might recover from such an event. If no path can be identified then there is a stronger argument to do something to make preparations before the event occurs.

 

The second issue (that of the unforeseen arising out of complexity) is central to my current research. The issue is that current risk management practice does not take into account the normal recovery practices undertaken by management. I have represented this on the diagram in triangle C. What I mean by this is (as I have said elsewhere) that much of management is about dealing with events that have not gone as planned. Plans and processes frequently go wrong  and the workforce spends much of its time "problem solving".  What this is saying is that systems already have  capacity to adapt to changes forced upon them. These capacities need to be recognised and fostered. Seemingly minor events are often only minor events because someone is already managing them and thus prevents them from becoming major issues. These people are therefore best placed to identify small problems that may get out of hand if not handled properly. Systems need to foster, capitalise on and use these weak signals of impending failure.

 

It is possible to see that this inherent problem solving effort is not recognised by current risk management systems. This can be seen in risk registers than contain many issues that are the normal day to day activity of management. This in turn leads to the risk register becoming the depository of all possible problems that might be faced by the organisation rather isolating the ones that it really needs to address. To me, it is the area denoted by triangle B that should be the focus of risk management activity. The rest becomes an issue of planned robustness, resilience and even agility (all of which come under my umbrella term "elasticity").

 

There are however forces working against this inherent capacity. These come in the shape of those who hold efficiency as being the highest ideal, excess capacity equals waste and those who think it possible to achieve verbatim compliance with rules and regulations.  The thinking seen in the amber area is one based on the perfect world paradigm; that is to say, if we think smarter and plan better, failure can be avoided. This thinking fails to understand the true complexity of the world in which we live and operate, and it also fails to see the law of diminishing returns when it comes to the planning process. In reality, based on the law of large numbers, eventually everything will fail or go wrong. All plans will need to adapt to the changing environment. All the forces that work against an inherent problem solving capacity produce forms of tight coupling that inevitably will put a system at higher risk of failure.

 

Under the umbrella of elasticity, the discussion should therefore revolve around "when this goes wrong, how will we cope?" Rather than spending huge resource trying to prevent every eventuality, we are taking the thinking that covers the green area and expanding it to more realistic levels of our organisations. To do this however we need to be able to judge the true elasticity of our organisations. It is the aim of my research to develop such a method.

Web-RiskMatrix