I’m pleased to have been invited to be one of a dozen or so regular contributors to the blog ‘Risk Matters,’ because, well, risk matters. It’s a key part of the reason why anyone or any group would look to the future… which of course also conditions how we look, what we look for, and what we find or miss.
So this stimulates me to put down a few thoughts about risk assessment and its relationship with industry and strategic foresight as a whole. This is a big topic of course, but seeing as the categories are confused a lot, it’s worth tackling even if just in summary terms.
When I reach the topic of Risk Assessment in my ‘Industry Foresight and Business Future Strategy’ MBA elective, I use the ‘Adidas-Salomon: Incorporating Risk into Corporate Strategy’ mini-case [Ref: ICFAI 304-141-1; sourced via Cranfield’s Case Clearing house.]
The case is a useful baseline in risk assessment because it describes the various risks a multinational company typically faces: marketing risks (market change, brand image); operations risks (quality; reliability of processes and suppliers); social & environmental risks (workforce & natural resources compliance); legal (liability, regulation, patent); information technology (compromise or disruption); and financial risks (currency, interest rate, credit).
Business disruptors
In sum these are the things that could damage or disrupt the business. Isolating such factors, keeping vigilance over them, and having thought through or enacted counter-measures in advance, allows the organization to better control or reduce the impact should risk become reality.
All risks are future events, so a risk assessment is undoubtedly a future study, but assuming a company looks diligently across all these categories for potential and emerging hazards, how prepared is it for a changing world? What kind of industry foresight does this give managers? Is a risk assessment a futures assessment?
The obvious first answer is that a risk assessment is only half the equation. It’s oriented to the downside potential of changes not the upside; looking for threats not opportunities. Obviously that means that opportunities are less likely to be identified.
The second thing is that a standard risk assessment operates in the realm of known risks, in known categories, that may cause disruption and damage in a known way. It doesn’t have the mechanism to expand conceptions of what could go wrong, or how it could go wrong, or what the full knock-on effects will be. The types of mental-model-expanding techniques that fuller foresight offers are not built into a typical risk assessment.
Strategy questions
Third, risk assessments never really broach the question: is the business idea or business model good and will it keep on being good? That is, what products or services will be appropriate going forward, or how will models of supply or manufacture or marketing or fulfillment need to change, due to technology change or shifting consumer preferences.
In other words, risk assessment doesn’t ask strategic questions of managers. It is part of the day-to-day management vigilance necessary with reference to the future – the hygiene factors in running an organization. It is about keeping the business going as is, not about changing it for a changing word.
There’s nothing wrong with this. The point is, it’s just ‘first base’ in building a quality view of the future, and therein a robust point-of-view about what to do next. Although no doubt companies such as Google or Apple or Virgin, etc., assess and mitigate their risks, they didn’t become successful in their future by doing risk assessment and saying ‘That’s it, were done. We’re ready for the future.”
