Recently I had a discussion with a friend who is a colonel in the Army about the culture of risk among senior officers and, by extension, in management. The culture of risk is an important question for any organization.
To understand the culture of risk, we must first distinguish between two types of risks. Type One risk is where you do something that leads to an error or a bad result. It’s a reasonable assumption that the majority of our time in school and in higher education is designed to teach us how to reduce such risks.
Type Two risk is the opposite, it is the risk of not doing something that could be valuable. Of course, the two are linked: the more one reduces the risk of doing something, the more one increases the risk of not doing something valuable. The trick, unfortunately, is that we tend to focus more on the Type One than Type Two risks. On one level, this makes sense: after all, failure is very visible – a disaster, a lost war, a failed product launch, etc. In contrast, forfeited opportunity is invisible: we do not see what valuable things our caution has prevented us from doing, and no one is punished for not having invented something. Our education, liability laws and corporate governance structure push us towards a culture of Type One risk avoidance, i.e. to reduce the risk of failure (Sarbanes-Oxley anyone?). This obviously is a problem for innovation in the long term, but it doesn’t even reliably protect us. If it did nothing else, the financial crisis that began in 2008 has demonstrated that those institutions entrusted to manage risk failed to do so properly. In short, we focus on risk avoidance at the expense of opportunity creation, and we don’t avoid even risk very well!
Second, we must address the risk globally. In his book The Black Swan, Nassim Taleb showed that one of the fundamental errors of financiers was the assumption that their environment is governed by a so-called “normal distribution”, or bell curve. A real risk assessment, on the other hand, requires a complete understanding of an organization and its environment. One of the examples that Taleb offers is that of a Las Vegas casino. One would think that the very essence of running a casino is risk management, and that they would have a well-developed appreciation for risks of all types. Instead, Taleb relates a tale in which a tiger show, a hotel, a restaurant and of course the gaming tables all formed a magnificent business model. All went well for many years until one day the star tiger (raised by the trainer from an early age, who had given performances for ten years without any problems), attacked its trainer on stage and almost killed him. The casino naturally cancelled the show, its gaming revenues dropped dramatically, and the casino management thus realized that a key dimension of its business model lay outside its risk model. The casino saw itself as a gaming center offering a show, while the reverse was true: people came to see the show, took advantage of a cheap hotel room, and incidentally were lured into playing the tables. The enterprise risk was completely misjudged because the firm misunderstood the core of its identity.
Finally, it is important to distinguish between risk and uncertainty. This distinction was first made by Frank Knight, Nobel Prize winner in Economics, and author of the famous book Risk, Uncertainty and Profit. Knight distinguished between risk and uncertainty using concepts of probability. Risk characterizes a future with a known distribution or a distribution that can be estimated by the study of events over time. For instance, car insurers know how many 20-year old male drivers have accidents in Sweden each year. Uncertainty, on the other hand, characterizes a future whose distribution is not only unknown but objectively unknowable, even in theory. It particularly applies to entirely new, unexpected events, i.e. Taleb’s ‘black swans’. The probability of the collapse of the Euro, or of the invention of teleporation, can be imagined but cannot be computed in a meaningful way.
This means that for such entirely new phenomena, there is no historical data on which to extrapolate into the future. This novelty makes it difficult to rely on our knowledge, as such knowledge always relates to past experiences. Hence, “learning” cannot work. Like an Army officer, managers face normal, predictable risks in a lot of the their activities (routine tasks, repetition of events which, even if they differ, still belong to the same category of events, broadly known as the standard business environment). When uncertainty appears (combat against an hitherto unknown enemy, a disruption, “Black Swan”, etc.), an entirely different way of thinking must be adopted. Are we training our managers, civil or military, to manage risks? In my view, a little, but not very well – witness the failure of concepts such as Value At Risk, etc. Do we train them to manage uncertainty? Not at all, and this bodes ill for the future. It implies that they will do well in normal environments, but they will fail in uncertain ones or when faced with an intentionally novel adversary.
Develop a culture of uncertainty
More than a culture of risk, therefore, it is a true culture of uncertainty that we must help managers develop. In this area, we can learn much from entrepreneurs, because uncertainty is their daily lot. The first thing we must do (and that I do in my classes), is to show that uncertainty is not necessarily dangerous, it is also a source of opportunity. As noted by Peter Bernstein in his remarkable story of risk, uncertainty makes us free: it assures us that we are not prisoners of a future written in advance, or of a cyclical world where everything is only repetition. In the words of Gaston Berger, founder of the French futurology, “Tomorrow will not be like yesterday. It will be new and will depend on us. It is less to be discovered than invented.” This is the culture of uncertainty that we need to lay the foundations for. It is based on a creative design of actions and decision-making in the face of acknowledged uncertainty. The traditional paradigm of decision making is indeed that of choosing among a number of options. But in uncertainty, the role of the decision maker is not so much to choose among pre-existing options but to create these options. The paradigm of decisions under uncertainty becomes the creation of options and their implementation under uncertainty.
We educate managers mostly about how to choose among what is; in my vie, we should educate more to get them to design what could be.
More on the black swan here.