|
by Peter Power
Just for a moment, let's shift our focus away from actually dealing with disasters and instead try to understand why they occur in the first place. What global factors combine to make these disasters more likely? How good are we at identifying the risks and trying to mitigate them?
Across the globe, governments and businesses alike need to stop pressing the snooze button on their risk alarm clocks and wake up to tackle these bundles of highly interconnected problems now before global risks become simply too entangled to ever undo.
Anyone reading the recent World Economic Forum (WEF) Global Risks Report 2007 will be aware that over the next decade, there will be a, "fundamental disconnect between risk and mitigation." The report goes on to say, "in almost all risks on which the global risk network has been focused, [the] mechanisms in place to manage and mitigate risk at the level of businesses, governments and global governance are inadequate." Set against this, the global economy has been expanding faster than at any time in our history.
Apart from just a few positive notes here and there, the report focuses on some very real problem areas, including the ineffective mitigation of climate change which will become a factor in major interstate and civil wars within the next 50 years.
The authors of the Global Risks Report suggest two logical ideas to help. One is the creation of a 'Country Risk Officer.' In the same way the Chief Risk Officers in the corporate world are intended as a focal point for managing a portfolio of risk across disparate interests, a Country Risk Officer would work at prioritizing risk for an entire nation and allow governments to "engage in the forward action needed to begin managing global risks, rather than coping with them."
The second idea is to create an avant-garde of relevant governments and companies around different global risks. The report describes these as coalitions of the willing, allowing risk mitigation to be a process of gradually expanding alliances.
Global Risks: 23 Identified
Risk awareness and mitigation differ markedly between organizations, let alone between nations. Interdependency implies not just common vulnerability, but shared responsibility to act. What global risks does the report identify? There are 23, which fall under the category of five
sub-headings:
Economic
1. Oil price shock / energy supply interruptions
2. US current account deficit / fall in US$
3. Chinese economic hard landing after initial boom
4. Fiscal crisis caused by demographic shift
5. Blow up in asset prices/excessive indebtedness
Environmental
6. Climate change
7. Loss of freshwater services
8. Natural catastrophe: Tropical storms
9. Natural catastrophe: Earthquakes
10. Natural catastrophe: Inland flooding
Geopolitical
11. International terrorism
12. Proliferation of weapons of mass destruction (WMD)
13. Interstate and civil wars
14. Failed and failing states
15. Translational crime and corruption
16. Retrenchment from globalisation
17. Middle East instability
Societal
18. Pandemics
19. Infectious diseases in the developing world
20. Chronic disease in the developed world
21. Liability regimes
Technological
22. Breakdown in Critical Information Infrastructure (CII)
23. Emergence of risks associated with nanotechnology
Are we starting to manage any of these risks as they should be managed? The answer is probably no. All but six of the overall risks are increasing. Of the six not increasing (9, 15, 18, 19, 22 and 23), they are at best described as stable. And WEF expert opinion was divided in only two cases (20 and 21). In short, we have nothing to be pleased about and every reason to take international risk management much more seriously and to think far beyond just our regions, countries, businesses and governments.
It is useful to plot some of the above 23 risks against Likelihood of Severity by Economic Loss (Diagram 1), and Likelihood of Severity by number of deaths (Diagram 2) within a 10 year time frame. Although not all of the WEF identified risks are shown here, it is clear that a breakdown in global critical information infrastructure remains one of the highest global risks. Chronic disease in developed countries also remains comparatively very high in both diagrams.
Separate research reveals that only 0.5 percent of the world's water is drinkable. Another 1.5 percent is drinkable, but locked in polar ice/glaciers. The remaining 98 percent is seawater. Thus managing the risk of loss of freshwater services also remains constant in both diagrams, noting that it could lead to the loss of US$50-250 billion and cause anywhere from 40,000 to 200,000 deaths.
But not all risks manifest themselves in isolation. Their drivers, triggers and consequences are interconnected. As the report makes clear, "without the full engagement of both the USA and China, global risks will be extremely difficult to manage successfully." I believe there is little true evidence of this, but that does not mean we can or should do nothing.
Corporate Risks: Move From Silos to Synergy
Having set the global scene, let us now pull back slightly to our more immediate surroundings. At this level, we can exert more influence in the hope that by following a series of connected strategies, the bigger picture becomes easier to recognize and manage.
Diagram 1
Diagram 2
What are the threats and risks on your corporate radar screen right now? These are risks with the brightest flashing lights, and include the all-too frequent mistakes caused by tripping over problems that your organization should have dealt with previously. As the world anticipates the next terrorist attack, waves of H5N1 pandemic flu or other disaster, how much of these threats are already known to us?
By far the majority of crises are still caused by otherwise preventable risks such as fires, floods, sabotage by disgruntled employees, poor communication, ignoring the rules, thinking insurance can cover everything and, of course, just complacency.
More people are now starting to question their own levels of corporate resilience, security, business, risk and crisis management. But even that's not enough. Corporate social responsibility (CSR), duty of care and enterprise risk management are clearly part of executive chatter these days, and each connects with the other. However, just being board-savvy offers no protection in a crisis. All the dots need to be joined up now under the banner of corporate resilience or just plain effective risk management providing risk managers can advance beyond their own silos.
All too often, risk managers sit outside both business and crisis management, and although we are now seeing a growing number of Operational Risk Managers emerging, this particular disconnect creates real fractures at the level of business, governments and global governance. Too many organizations also over-indulge in planning to recover their systems at the expense of not knowing how to protect their reputation and recover their people following any tragedy.
Over the past years, this author has occasionally been at the front of life-threatening dramas where the dilemma has always been to make a series of urgent decisions very early on in the crisis, set against a severe lack of available and accurate data on which to form those decisions. Diagram 3 illustrates this by showing Point A, where decisions should be made and directions given, but in the absence of at least 50 percent of accurate data. A large dose of guesswork has to be applied. The risks of making a wrong judgement are high, but the delay in decision-making is minimal. On the other hand, Point B illustrates where decision-making and data merge, but by then it's too late to have any real impact on events. Sadly the temptation for all of us (world business and government leaders especially) is to drift towards B rather than A in the greatly mistaken belief that it is a safer route.
Diagram 3
We are becoming far more interdependent on others, so the effect of any disaster will be felt a long way from the center. For example, organizations are increasingly outsourcing key call centres and other back office support functions to India, where the threat of political instability and severe weather is constant. Are we therefore living in an age of greater uncertainty then ever before?
Probably yes, so it's time to move from existing models of Business Continuity (BC) towards Fourth Generation Business Continuity. This would be a new model building upon the old models, with First Generation being contingency planning, Second Generation being disaster recovery and Third Generation being the present style of BC. A Fourth Generation would be designed to considerably widen the aperture beyond impact assessment to include plotting likelihood and mitigation of all mutating and evolving risks.
This Fourth Generation BC also combines crisis and risk management, information and corporate security, not just through the prism of BC, risk or security, but in harmony with total risk management and environmentally ethical polices. The model is predicated on corporate uncertainty and the value of reputation management, rather than the maintenance of an ideal status quo.
No country can afford to either ignore the risks or to act in isolation when it considers them. Risks will continue to emerge and evolve. If we are to believe the WEF, there will be an increasing disconnect between risk and mitigation in just about every risk facing us now and, if left unchecked, in the future. The WEF report concludes with sombre words: "Global risks cannot for the most part be mitigated out of existence. But inaction in the face of global risks is not an option, either for businesses or government."
We must therefore recognize that risks and threats come as much from the faults in others and problems with natural hazards as they do from faults in ourselves. Perhaps the last words should be from Lord Peter Levene, Chairman of insurance giant Lloyds, who hit the nail on the head when he spoke at the World Affairs Council a few months ago:
"Today, risks don't fit into easy categories or emerge from pre-determined place. They assault from all sides. it may surprise you to know that at least half of all corporate crises are caused by senior management action rather than external forces I firmly believe that the most successful, least crisis-prone businesses will be those whose boards have shown firm resolve and taken decisive action. Effective, integrated strategies for dealing with tomorrow's risks require a change in culture at board level now."
Does anyone disagree?
About the Author
Peter Power is Managing Director of Visor Consultants Limited, London.
He lectures in various countries and helps organizations plan their response by spearheading leadership and motivation sessions.
He is a special advisor to a number of key organisations including the Canadian Centre for Emergency Preparedness and the
Business Continuity Council (BC) Institute London Forum.
He is also special advisor to the editorial board of Continuity Professional Magazine in the USA and is listed in the UK Register
of Expert Witnesses. You may reach him at info@visorconsultants.com or via
www.visorconsultants.com
|
