How to Take Risks in a Time of Anxiety
Published May 2003
PREV
EMAIL THIS ARTICLE
PRINTER FRIENDLY
COMMENT ON THIS ARTICLE"There are rules, like no one is allowed to offer suggestions outside the meeting that didn't get aired during the meeting," says Fee. "That way it's harder for them to push their own agendas. I know that my concerns are top priority, and I'm getting the very best thinking available."
Diversification as a risk-management strategy works for stock portfolios, revenue streams, and also, it appears, expert opinion. "For important decisions, I generally advise people to use three to five outside consultants and make sure they're intellectually diverse," says Frank Yates, a professor of psychology and business at the University of Michigan, where he is director of the Judgment and Decision Laboratory. "If advisers have different opinions, you can reduce uncertainty tremendously."
The value of an intellectual spectrum is twofold. First, it reduces the danger of groupthink, defined by Yale social psychologist Irving Janis as "a mode of thinking that people engage in when they are deeply involved in a cohesive in-group, when the members' striving for unanimity overrides their motivation to realistically appraise alternative courses of action." Groupthink was most famously vilified in 1986 when engineers at Morton Thiokol worried that freezing temperatures might endanger the Challenger but allowed themselves to be talked round by company executives and NASA personnel.
The other benefit comes when the decision maker synthesizes conflicting opinions or merely listens while experts argue among themselves. "This process," says Yates, "helps bring to the surface hidden agendas, reveals risks that aren't obvious, and gives you the opportunity to figure out which risks matter most."
4. Better managing: Uncovering hidden weak points
Chief Risk Officer, reports executive search firm Christian & Timbers, was "the hottest new executive job in 2002." Formal risk-management programs are now common in large companies; in small companies, where mistakes are less likely to be public but more likely to be terminal, such programs are mostly ad hoc or nonexistent. "That will change, though," says Charles Bosler Jr., president of Risk Services & Technology. "It's happening in large corporations, and it will flow down."
As companies grow, so grows their exposure to risk. Each new project, employee, customer, vendor, and technology introduces vulnerability along with the value. Bosler pauses several times for breath as he reels off potential weak links: "resources, contracts, politics, design, reliability, producibility, safety, security, human factors, management methods, lack of a quality attitude, external dependencies on other companies, software code... Managers really don't have a handle on what kinds of risks are being taken inside the company," says Bosler. "They need to."
Late last year, the Institute of Chartered Accountants in England and Wales published guidelines on risk management for small and medium-size companies that translate readily to U.S. business (the document is available at www.icaew.co.uk/risk). Those guidelines suggest that managers identify risks in their own sectors using self-assessment exercises or consultants. The company then ranks those risks based on likelihood of occurrence and severity of consequences, and determines how to deal with each when and if it occurs. Some risks are accepted, some transferred (generally through some form of insurance), some "reduced and managed," and some targeted for elimination (discontinue that line of ball bearings for toddlers; take the "Trespassers Will Be Prosecuted" message off your server and erect a real firewall). Once set, risk plans must be monitored and updated, with regular reports made to senior management.
Bosler advises all companies to map and weight their risks, and to update those plans often. "Assumptions change, risks change," says Bosler. A risk-management plan "is a living document you have to keep coming back to." He also recommends involving as many employees as possible in the assessment process. "I've never gone into a company where there hasn't been someone who could show us -- usually who could prove to us -- that a risk was going to happen," says Bosler.
For all the ways to control risk, though -- all the tools and strategies -- sometimes reducing risk amounts to nothing more than simple improvisation. Stanford's Savage repeats this (possibly apocryphal) story he heard at a professional conference:
Years ago, the EPA threatened to sue a county in Colorado if it didn't start work in 60 days on three waste-treatment plants to counter the rich effluvial effect of feedlots on a local river. The commissioners had a list of 43 potential sites but no idea which would provoke public firestorms. They hired a team of consultants to choose the least problematic sites and to do it quickly. The risks were legal and political, and they were significant. The consultants told the commissioners they'd have an answer the next day.
