Driving a car is a perfect analogy for understanding the principles of risk and resilience management. When we drive, we have an objective: a destination to reach. Similarly, in business, risk management begins with understanding objectives. According to ISO 31000, risk is defined as “the effect of uncertainty on objectives.” Achieving our goals—whether personal, organizational, or societal—requires navigating uncertainties, just as a driver navigates roads, traffic, and potential hazards.

Objectives: Our Focus is on the Road Ahead

When driving, our primary focus is on the road ahead. We watch for obstacles, anticipate turns, and adapt to changing conditions. This forward-looking approach aligns with effective risk management, where the goal is to proactively identify and address potential challenges that could disrupt achieving objectives. Unfortunately, many risk management programs fail because they are overly focused on the past, akin to driving a car while continuously staring in the rearview mirror.

While hindsight provides valuable lessons, effective risk management demands foresight. Rearview mirrors are essential, but they are not the primary focus for driving safely. Similarly, organizations must strike a balance between learning from past risks and preparing for future uncertainties.

The IPDE Method: A Framework for Risk Management

In driver’s education, we are taught the IPDE method: Identify, Predict, Decide, Execute. This simple yet powerful process is the essence of risk management:

  1. Identify: Recognize risks that could impact objectives. This could be anything from geopolitical tensions to supply chain vulnerabilities.
  2. Predict: Analyze potential scenarios and outcomes. What happens if a risk materializes? How severe could the impact be?
  3. Decide: Determine the best course of action to mitigate or respond to risks. Should you avoid, accept, transfer, or reduce the risk?
  4. Execute: Implement your chosen risk strategy. This step translates planning into action to ensure objectives remain achievable.

Just as a driver uses the IPDE method to navigate safely, organizations can use this framework to manage risk effectively.

The Role of External Risk Intelligence

Driving isn’t just about controlling the car; it’s also about adapting to external conditions like weather, traffic, and road closures. Drivers rely on external intelligence from tools like GPS systems, traffic updates, and weather forecasts to make informed decisions. Similarly, effective risk management requires external risk intelligence. Organizations must gather and analyze data on geopolitical risks, economic trends, natural disasters, commodity availability, and other external factors that could impact their objectives.

Without this external perspective, risk management becomes myopic, and decisions are made in a vacuum. External intelligence provides the context needed to navigate an increasingly complex and interconnected world.

Resilience: The Operational Backbone

While risk management focuses on navigating uncertainties, resilience ensures the organization can withstand and recover from disruptions. Resilience is akin to maintaining the operational health of a car. Routine maintenance—oil changes, tire rotations, brake inspections—is essential for ensuring the car’s reliability. Neglecting these small but critical tasks can lead to significant breakdowns.

Some risk pundits decry risk lists and checklists. I believe they have a purpose, and it is in this operational down in the weeds context. But strategic risk management focused on objectives, the road in front of us, is the critical component that cannot be missed. Too many focused on the operational weeds of risk and neglect the strategic risk aligned with objectives.

In an organizational context, risk and resilience requires:

  • Routine checks: Regular audits, testing, and assessments to ensure systems, processes, and controls are functioning as intended.
  • Preparedness: Having contingency plans in place for when things go wrong.
  • Flexibility: The ability to adapt quickly to changing circumstances.

Just as a car’s dashboard provides critical information about fuel levels, engine health, and speed, organizations need metrics and dashboards to monitor their resilience and operational health.

Insurance: The Safety Net

No driver hits the road without insurance. Insurance provides a safety net for unforeseen accidents and ensures financial protection against significant losses. In risk management, insurance plays a similar role. It’s a form of risk transfer that mitigates the financial impact of events beyond an organization’s control.

However, insurance is not a substitute for proactive risk management. It’s a complementary tool, much like wearing a seatbelt: essential, but not a strategy for avoiding accidents.

Technology: The Vehicle for Risk Management

A car is a tool for achieving our objective—reaching our destination. The quality, reliability, and performance of the car directly impact our ability to achieve that goal. Similarly, organizations need robust risk management technology to support their objectives. Yet, many risk technologies fail because they lack an objective- or performance-centric view. They put the cart (risk) in front of the horse (objectives), many solutions do not even have the horse and it is just a cart of risks with no concept of objectives.

Effective risk management technology should:

  • Align with the organization’s objectives.
  • Provide real-time insights to support decision-making.
  • Be adaptable to changing risks and scenarios.
  • Integrate with external intelligence sources to provide a comprehensive view of the risk landscape.

Without these capabilities, risk management technology becomes a burden rather than an enabler.

The Road Ahead

Risk and resilience management, much like driving, is about balancing focus and flexibility. We must keep our eyes on the road ahead while occasionally checking the rearview mirror and dashboard. We must rely on external intelligence to anticipate conditions and ensure our vehicle—whether a car or an organization—is well-maintained and prepared for the journey.

By adopting a proactive, objective-driven approach to risk and resilience management, organizations can navigate uncertainties and achieve their goals with confidence. After all, the destination matters, but how we get there defines our success.

2 comments

  1. Excellent piece – risk management is all about opportunities. Probably it’s time to rephrase RM as Resillience Management to keep the mindset right!

Leave a Reply

Your email address will not be published. Required fields are marked *