Today it is my honor to be speaking at the WeDo Technologies Worldwide User Group and Summit in Lisbon, Portugal. WeDo asked me to prepare a few slides about the future of RAFM, so I wrote about why risk management is its future… even though telecoms risk management is currently not very good. I have shared the slides below. For those of you who will not be in the Lisbon audience, I would also like to share my thinking on why RAFM will likely lead to better risk management overall, but why the specific steps from one to the other are far from certain.
Part of the problem with predicting the future is guessing the correct timescales. I know science and technology are likely to improve, but not how rapidly, or when breakthroughs will occur. Futurists and tech companies always want to make the future sound fantastic, but most of their euphoria is dependent on turning predicted innovations into practical realities within the next few years. Nuclear fusion would be fantastic, and it has long been fantastic; all the excitement surrounding nuclear fusion has dissipated because it is taking so long to turn the optimistic theories of the mid 20th century into the viable production of energy. We can similarly speculate whether people will travel to Mars within the next 10 years. That would also be exciting, but maybe it will be another 50 years before such a journey is accomplished. Relevant progress will occur either way, but far fewer people chart that progress if the timescales extend further into the distance. These analogies are worth keeping in mind when we speculate on the future of RAFM. I am confident we will make great advances. I know we can improve, and deliver better results than we do currently. I know we can expand and find new ways to increase the efficiency of our companies. But I should avoid the mistake of insisting that significant advances must occur soon, just because I want them to.
RAFM professionals should be especially wary of hype. There are easy objective measures of the success of experiments in nuclear fusion or space exploration – either the reactor produced energy or it did not, either we reached Mars or not. The evaluation of success is more difficult in RAFM. Hence we must avoid the temptation to make great promises. Such promises may lead to corruption, as people manipulate results so it seems their promises were kept. Even scientists can be guilty of faking their experimental data in order to satisfy the expectations they have raised. We should not promise fabulous results for RAFM if we do not know how those promises will be kept.
Over the last few years I have increasingly felt that Enterprise Risk Management (ERM) suffers from a degree of corruption caused by excessive confidence about what it can deliver. The ambition for ERM is great. We want businesses to be more robust, and we especially want fewer scandals that destroy shareholder value. But I do not believe the promises made for ERM can sensibly be kept. The Volkswagen scandal is a good example of the reasons why, but there are others.
Much of the problem with ERM is due to a significant gap between the designs proposed for ERM and the tools and materials that risk managers possess. The authors of ERM standards are like designers of grand rocket ships that could travel to Mars. Sadly, none of us may possess the tools or materials to build such a vehicle. And even if the tools and materials exist somewhere in this world, that does not mean we have the budget to acquire them.
Because ERM is concerned with managing uncertainty in the most general and extensive sense of the word, we can conclude that the likeliest route to improved ERM is via increased knowledge, and hence a reduction in uncertainty. We are living through an era where the science and technology of information has improved greatly. We expect further great improvements. And we know that it takes time for people to work out how to utilize new tools, and to get the most from them. These are all reasons to be optimistic that we will get better at managing risk in future. But we do not know the rate at which we will improve. Some of us will develop new techniques. Some of us will gain access to improved tools and materials. But we cannot say for certain how quickly we will show positive results, and the extent of enthusiasm and support for our work.
I now think of RAFM as a silo (or silos) within risk management. Pioneering work has been done within this limited domain; we have developed new ways of using data and analysis to identify, prevent, and mitigate specific risks. We have also benefited from an increase in resources over time. Put simply our tools are computers and mathematics, whilst data is the material we work with. The tools and materials have got better, and will keep getting better. This allows us to do more, learn more, and get better at RAFM. Much of what we have learned can be reapplied to other domains. That is why the future of RAFM is risk management, in the same way that Einstein’s theories pointed to a future which includes nuclear fusion, but do not guarantee we will complete every step needed to make nuclear fusion a practical source of energy.
Whilst the tools and materials are getting better, they are still inadequate to satisfy the grand design of ERM. In fact, that design is both an inspiration and a mistake. The vision of traveling to Mars may spur progress, but not if it culminates in a faked landing on the Martian surface. ERM promises to do too much with inferior tools and materials. To be more specific, much of ERM is concerned with unsophisticated methods which involve conversation and extremely crude analysis of ‘data’ which is often thinly-disguised subjective opinion. The future of ERM will also be driven by computers, maths and data, but there may be resistance to necessary improvements if ERM practitioners get wedded to techniques that perform little better than superstition and voodoo.
Both RAFM practitioners and suppliers can help professional risk managers to adopt the more advanced techniques that have increasingly become the hallmark of business assurance and fraud management in telcos. Sometimes they will do this by literally swapping jobs, and becoming the new risk managers. On other occasions they will supply the tools – better technology and better data science. And other times they will supply superior materials, in the form of data that risk managers should use. But none of these enhancements will be easy or obvious. And RAFM managers still need to do a better job of increasing the quality of the evaluations they perform, reducing gaps in coverage and increasing the efficiency of their work. Overall we have reason to predict the future of RAFM will lead to greatly improved risk management, but we will not see the necessary progress if we all sit back and wait for progress to be delivered to us. We must also have a sense of the direction in which we want to travel, even if we are explorers who lack a precise map of the terrain we will go over.
The slides below contain some different examples of the gap between a grand design and the tools and materials needed to make them reality. The first is from Leonardo Da Vinci, who drew a picture of a flying machine in 1493 (also reproduced above). But his flying machine could never fly, because of the weight of the materials that would have been used to construct it, and the lack of an adequate power source. The second example is from Arthur C. Clarke, who correctly explained the basics of communications satellites in 1945, but underestimated the technology advances needed to put a working comms satellite into orbit. It took until 1962 before the first comms satellite was launched, and it worked quite differently from how Clarke imagined. Today we have many flying machines and comms satellites, so we should give credit to Da Vinci and Clarke for having the vision to imagine them. We should also maintain a vision of how we might use data analysis to implement genuine risk management across every aspect of the enterprise, whilst retaining a clear sense of how much work needs to be done to turn that vision into a practical reality.