When you think of international or universal “languages” what comes to mind? For some it’s love. For others it might be music or mathematics. Business-centric folks might further suggest the notion of profit and loss is fairly universal as well. I propose that risk itself not only qualifies as a universal language but in fact is actually better understood by more people than all of the others combined. To those that would doubt such an assertion as mere crazy talk I say challenge accepted.
Nobody I’ve ever met was born knowing math, they had to learn it. Few people can pick up an instrument for the first time and play it beautifully without any practice or instruction. And love confounds us all at one point or another. Risk on the other hand, both awareness of it and aversion to it is ingrained in us automatically without even thinking about it. In fact we can’t really think about it. It’s just there…hardwired into our ethos.
Remember learning about the fight or flight response in school? Consider that as nothing more than operational risk management baked into our psyche at a subliminal level. Author Seth Godin refers to that part of our brain as the “Lizard Brain”, the semi-conscious area that separates where things like conscious thoughts (love, music, math, problem solving) occur from the deepest part that controls involuntary things like heartbeats and other physiology. Part of the Lizard Brain’s purpose is to trigger protective reactions without the need for extensive preliminary deliberation. In other words, prompt an action without thinking about it first. Whereas the conscious brain might wonder how fast the bus is approaching the Lizard Brain could care less. Its job is to motivate you to jump out of the way before getting run over.
There’s no shortage of other examples to easily illustrate our deep, embedded understanding of risk. When you drive someplace do you wear your seatbelt? Why? Those of you with babies; do you put them in a car seat? Why? What about locking the doors or covering the ATM keypad or a thousand other examples in our daily lives? Why do we do these things if not because of some embedded programming? A combination of nature and nurture resulting in raw behavior centered on risk awareness and further refined by contextual knowledge that enables more intelligent decisions. Ultimately the decision is still binary; accept the risk or avoid it? However the context often makes all the difference.
Embracing this notion of universal risk awareness opens up a whole bunch of possibilities when it comes to enterprise risk management. While it won’t recast everybody as PhD-level analytical risk quants overnight, it certainly suggests the average person can grasp risk management concepts far better than we probably give them credit for. Since risk itself transcends the entire enterprise landscape either way, shouldn't we strive for an understanding that permeates as well?
When it comes to operational risk in an enterprise, rather than assuming everybody in the organization is now magically risk “aware” from the start (which suggests a level business knowledge they may not yet have), instead let’s call them “risk attenuated”. They have a general appreciation of what risk is and the impact it can have. Tapping into that raw understanding is the key to realizing two important benefits.
First we can drastically elevate true awareness by starting an enterprise-wide conversation that complements each individual’s inherent understanding of risk with relevant information about the organization’s specific risk posture and goals. Second, with contextual awareness established we can gather important timely feedback about the operational state of risk in much more useful terms. When it comes to the good, the bad (and the downright ugly) aspects of operations the people in the trenches always know the lay of the land the best. Fortify the first line of defense by appealing to their embedded sense of risk and cultivating them into a well-developed risk intelligence network feeding reliable information up in real time.
You’ll often hear us discuss the importance of risk-intelligent decision making as part of advancing down the path of GRC maturity toward the opportunity landscape. Organizations that embrace these principles are transforming their risk and compliance operations and realizing the competitive benefits of operating in that risk-advantaged state. Those that don’t will continue struggling to understand their broader risk and compliance landscapes and inevitably expend more and more resources chasing security and compliance in an increasingly hostile world of global competition, threats, and regulatory pressure. While operational risk may be concerned with people, processes, and technology together, your people will always be your most important resource. Why not use them?
Have something to say? We’d love to hear it and have a conversation anytime about the opportunities that exist in your world of risk and compliance. We also have more exciting content releases coming soon. Follow me on Twitter (@masonkarrer) to stay in the loop!