Business Insurance:: ISO 31000 should we believe the hype?



“…risk managers should use standards such as ISO 31000, “because standards, no matter what kind or which ones, support key tools and processes.”“Standards allow you to proactively address risks with some discipline,” he said. “Standards also relate well to the whole idea of focusing on outcomes.”

Surely the focus should be upon being proactive and ‘managing’ emergent risks, NOT outcomes!?

Where, I suspect, NASA have a distinct (informational) advantage is that the multi-scalar interactions among components, processes, networks of sub-systems and systems are each rigorously tested at every point in assembly and operation…

In order that signals of probable (risks) and possible (foreseeable) events are detected – ‘anticipated’, in terms of current reflexive analysis of data and vain attempts to predict the unpredictable (as in common usage) – NASA deal in information for a rapid, informed, decision-making process and action. Everything is reliant upon the measured tolerances of the underlying systems.

Without insight into the complexity and information-flow (per NASA) FS is failing to rate ‘financial exposures’ on the resilience of the firms upon who their own survival is dependent.

Conventional management wisdom, current RM thinking, practices and tools lack the complexity of the systems they are attempting to control: refer Ashby’s Law.

Resilience risk complexity uncertainty graphicIf you only rate and manage according to projections of the future based upon the frequency and outcomes of past events, RM is unable to identify and address known sources of risk. Events aren’t just probable but plausible (unforeseeable) or possible: foreseeable but unseen…because assumption and prediction have become the accepted (but erroneous) substitutes for more detailed analysis: refer Principle of Incompatibility.

If being proactive in the management of business exposures is the goal for RM then there can be no place for “we used the ‘tools’, techniques and guidance of our particular sect…something that we’re comfortable with, so could only react”. A recipe for ambiguity when, the transparent version (that stakeholders increasingly demand) is: if I had lived up to my ‘Mission Statement’, your business system would have been better able to identify emerging sources of risk and proactively manage its own resilience!

Clients need reliable prevention or cure not “this is what our cult believes…even though its flaws are known”!

A ‘reputatonally damaged’ discipline and FS sector with yet more standards and regulations is NOT what is needed.

WE have made the systems, processes and financial products so excessively complex that our inability to establish causal relationships (the interdependencies that are its systemic strengths and weaknesses) means that our own ‘misguided interventions’, however well-intended, may increase risk, feed volatility and add to uncertainty. Unmanaged risk does not dissipate. It is amplified through interactions. Not just within that particular ‘business ecosystem’, which includes RM, but from communities, local and national economies and through FS global interconnections, markets, etc. WE, through our practices, are majors sources, or ‘superspreaders’ of systemic risk that we ourselves cannot manage without a paradigm shift in thinking. We skew the data we rely upon!

To be truly effective, RM needs to look at how it can facilitate accessible insight for ‘risk carriers’ and clients.

Only once a ‘stable state’ has been achieved can RM apply tools and techniques that have worked on ‘linear systems’ to maintain the resilience of the vital processes and networks that enable functionality of a dynamic (non-linear) system to be managed: refer Lyapunov theorem.

Complex systems that operate interdepently are the most resilient, are self-organising and self-regulating…surely a RM, risk carrier, regulator and stakeholder dream!?

Informational advantage = Competitive advantage

Strategy NOT Short-termism

Value and Service [pull] NOT Price and Sales [push]

Quality NOT quantity

Transparency NOT ambiguity

Prevention [proactive] NOT Protection [reactive]

Interdependence NOT (merely) interconnectedness

Causes NOT Effects

Endogenous systemic resilience NOT exogenous systemic risk 

Measured values [real time] NOT predicted probabilities [reflexive]

Simplicity NOT Excessive complexity

Survival and sustainability NOT unsustainable growth

It’s not rocket science!!!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s