Risk mitigation today is…a component to a broader risk management plan comprised of not a single strategy, rather a series of interwoven – integrated, often enterprise wide strategies designed to (a.) prepare a business for the materialization of risk(s), and (b.) lessen the (expected, probable, known) adverse effects and/or impact when certain risk(s) actually materialization.
Through my engagements, I find…the most effective (fortuitous) business risk mitigation planning – strategy occurs when business leadership recognize and incorporate the probability that multiple – cascading risks may occur simultaneously or in close time proximity succession.
Any assumptions – prognostications to the contrary…i.e., risk materialization is akin to meteorological theories espousing 100 – 500 hundred-year floods or, to use a NCAA (college) basketball metaphor, ‘one and done’, is unrealistic and short-sighted at best. Such perspectives convey little understanding of the asymmetric nature and sophistication which are often preludes to risk materialization.
In my judgement today, the materialization of…business risk(s) is not obligated to a schedule other than artificial – subjective prognostications which, not infrequently, translate as inevitabilities. That said, business risk mitigation planning – strategy effectiveness, in my view, is substantially more likely, when (if) conceived in the context of ‘organizational resilience’.
That is, many businesses – sectors should assume…some – particular-risks will almost always be present in some form – at some level and can materialize-manifest asymmetrically at keystroke speeds by a truly global cadre of independent operators, competitors, and/or state-sponsored entities. Consequently, the notion of ‘slam dunks’ wherein companies can wholly avoid – mitigate the complexities and realities of risk is, unfortunately, more folly than reality.
Risk mitigation today is…a component to a broader risk management plan comprised of not a single strategy, rather a series of interwoven – integrated, often enterprise wide strategies. https://kpstrat.com/wp-admin/post.php?post=368
For example, business risks today can…through my lens be real in which there is a physical harm or tangible loss occurs, or risk can be manufactured to undermine and/or bring into question a company’s reputation, brand, goodwill, etc., to adversely affect extraordinarily valuable intangible assets.
Professionally, I much prefer to describe…potential – probable adverse acts – events which, if they materialize, can adversely affect a business as risks, not threats. The word threat, in my judgment, especially in the U.S.’s post 911 environment, came to be rather hastily, rashly, and broadly applied to describe a myriad of (potential, possible) adverse acts, behaviors, or events which may-could occur.
In the late 1980’s, I was among a relatively small cadre of…academics nationwide who began developing, integrating, and teaching ‘security studies’ curricula in universities. By choice, in those courses, I seldom used the word ‘threat’. That’s because, not unlike the above, I believed the word ‘threat’ conveyed-sparked human connotations – sense of ominousness, inevitability, and an inability to deter – avoid the acts of a determined (fanatic) adversary.
Also, the word threat, as it was widely being used-applied, was less amenable to objective assessment relative to…
- probability (likelihood) for occurrence in objective – quantitative terms-contexts.
- vulnerability (exposure) of a specific environment – target and its susceptibility – attractivity to the occurrence – execution of an adverse act or event.
- criticality to a business or institution, etc., should a particular-risk actually-materialize, i.e., how long would it take – what would be necessary to return a business – target where a risk materialized to a state of normal operability, should that be possible?
Risk mitigation involves...anticipation, timely intervention, and execution of specific procedures – practices to reduce the adverse effects of a growing array of (possible, potential) risks which, require little professional imagination to recognize they can materialize.
Organizational resilience (OR) is the…approach-strategic thinking I prefer to apply today. OR is not merely a matter of semantics, instead OR encompasses the materialization of risk in all their asymmetric contexts. That is, risks are increasingly complex, convoluted, and global and can materialize, or be manufactured with extraordinary accuracy and timing relative to what an independent, competitive advantage, and/or state-sponsored adversary wishes to accomplish. https:// https://kpstrat.com/wp-admin/post.php?post=392
It is for these reasons…greater numbers of businesses conventional risk mitigation – business continuity and contingency planning now incorporates essential (relevant, strong) components for organization resilience.
Adding to the complexities associated with risk materialization and mitigation is the…economic fact that today, 80+% of most company’s – business’s – institution’s value, competitiveness, sources of revenue, and sustainability lie in – directly emerge from intangible, not tangible or physical assets.
Intangible assets, of course…derive from variations – collaborations of intellectual, relationship, and structural capital which, in turn, produce an additional realm – echelon of risk.
Michael D. Moberly January 9, 2019 St. Louis [email protected] ‘Business Intangible Asset Blog’ since May 2006 600+ posts ‘where one’s attention span, intangible assets, and solutions converge’!
Readers are invited to review other blog posts, books, and briefing papers addressing a range of intangible asset issues at https://kpstrat.com/blog.