Last week I looked at James Bond 007 and Risk Situational Awareness where we explored how organizations need to be like James Bond and have full situational awareness of risk and uncertainty to objectives. This week we keep on the fictional hero theme with a look at Dr. Strange who is the representative of the ultimate CRO – Chief Risk Officer – managing a multiverse of uncertainty . . .
Doctor Strange is one of the most intriguing characters in the Marvel pantheon of heroes. His powers are diverse. They include his superior intelligence (as well as great martial arts skills), and his ability to have some control over time and outcomes through time loops, and the ability to see into possible futures, giving him the visibility into the multiverse of possible futures and realities.
This makes Doctor Strange the ultimate prototype of the Chief Risk Officer. Risk, as defined in ISO 31000, is the effect of uncertainty on objectives. It is the job of the risk professional to manage and monitor uncertainty to objectives. So, the ultimate Chief Risk Officer is the one that can provide insight into the future and a variety of scenarios that can play out from the actions, activities, external events/developments, and transactions of the organization as it moves forward to achieve its objectives. Those objectives can be high-level entity strategic objectives, they can be division, department, process, project, or event asset level objectives.
The modern Chief Risk Officer sees into the multiverse of possible futures and realities of the organization and its objectives. Like Doctor Strange, the Chief Risk Officer understands possible futures to determine how they impact the achievement of objectives of the organization. The ability to understand what leads to those possible futures and what the best route forward is for the organization to optimize value and achieve objectives.
This requires that the modern Chief Risk Officer have these Doctor Strange super abilities:
- Superior intelligence. From my perspective this means that the risk professional needs to be able to enhance left-brain thinking (structured risk models) with right-brain thinking (being able to think creatively and intuitively about risk). Both together provide great risk insight into uncertainty and possible outcomes.
- Insight into possible futures. This involves strong scenario analysis to pattern and analyze future scenarios how objectives and risks play out in context of uncertainty to determine the best path forward for the organization.
Of course, both elements are enhanced through structured risk information and quantitative risk analysis and data that is also supported by good risk visualization and perspectives. That is why I am a particular fan of both monte carlo risk analysis and bow-tie risk analysis.
Unfortunately, the one ability that Doctor Strange has that the modern Chief Risk Officer does not have is the ability to use time loops to correct wrong decisions and errors in time. So, it is critical that the risk function has solid risk intelligence and scenario analysis.
I will be exploring the role of risk management in the performance and objectives of the organization in this month’s episode of The GRC Red Flag Series where we will discuss Aligning Risk and Performance/Objective Management.