Close Menu

by Tom Gordon, CFPIM, Missouri Enterprise Project Manager

Mitigation can cover many areas.  If our business involves access to the Internet, for example, we can mitigate the risk by firewalls, anti-virus etc. , and preventing our employees from accessing questionable websites  However, even the most stringent precautions cannot be 100% effective so the only real way to completely guard against hackers is not to go online.

The treatment of Risk [and its bedfellow Opportunity] can be classified in 3 areas:

  • What we can control through mitigation.
  • What we must accept because we can do nothing constructive about it.
  • What we can insure against.

Mitigation can cover many areas.  If our business involves access to the Internet, for example, we can mitigate the risk by firewalls, anti-virus etc. , and preventing our employees from accessing questionable websites  However, even the most stringent precautions cannot be 100% effective so the only real way to completely guard against hackers is not to go online.

Obviously, for most organizations today this is not an option, so a certain degree of risk remains. This is termed “Risk Appetite,” or what Top Management accepts in the way of doing business.
Insuring against risk is something that we all do to some extent.  Steady Eddie in his pickup crashing into us on the highway is unfortunate, but at least we can reduce the final burden.  Business can insure against a wide range of foreseeable problems, but this can be costly.  Insurance companies are not altruistic!

The category that can destructively impact an organization is termed a “Black Swan.”  “Black Swans” were thought not to exist but, although very rare, they do exist.  In risk analysis, a “Black Swan” event is a metaphor for a major effect, which comes as a complete surprise.  

With the benefit of hindsight, we can often “kick ourselves” because we did not see it coming.  

A major “Black Swan” in the 20th Century was World War I.  Two super-power blocks developed to prevent war but, in this year of the 100th anniversary of the Somme, we can see, with the benefit of hindsight, that this “theory” was simply wrong.  

Potential” Black Swans” abound in industry.  Toyota suffered because of a geographical concentration of their brake suppliers through a lack of foresight or rather the lack of a time machine, which could convert hindsight into foresight.  For most organizations,” Black Swans” abound in their supply chains or rather from the lack of supply chain orchestration.  A supply chain map can go significantly help in warding off the “Black Swans” because Jeeves, with an umbrella, cannot always be around!

([For convenience, I use the term “supply chain” when I really mean “a non-linear, multi-variant set of relationship.”)