Part I shared some of Roger Estall’s background and experience from working more than 40 years in diverse fields providing practical guidance to help organizations deal with uncertainty. Part II focuses on Roger’s work on an Australian and New Zealand guideline for risk financing, including the use of commercial insurance. Part III focuses on Roger’s new book on decision-making that he co-authored with Grant Purdy.
Grant and I met in 2003 as nominees of national organizations on a joint Australian and New Zealand committee charged with conducting a routine five-yearly review of what at the time, was the only standard in the world on risk management (widely known as AS/NZS 4360). Grant was nominated by the Minerals Council of Australia (having been the Chief Risk Officer for the global mining giant BHP). My nomination came from the New Zealand Society for Risk Management of which I was the founding chairman.
Standards writing committees are typically hot beds of debate and even more so when as in this case, the subject matter is more notional and abstract than real and concrete. Initially, there were times when Grant and I didn’t agree but progressively we found ourselves on the same side of most arguments because of our affection for logic and reason.
Subsequently, Grant became chairman of the committee (of about 25 members) and encouraged a culture of “best idea should win”, or, in other words, ‘”let’s all genuinely strive to make the best decisions we can, rather than just push our own ideas.” While some members were at times uncomfortable with the resulting robust debate, I thoroughly enjoyed it as it allowed me to both test and refine my ideas.
The revised standard – AS/NZS 4360:2004 – was soon being informally adopted by other countries (even translated, in some cases) with the result that the international organization for standardization (ISO) soon proposed the development of an international (ISO) standard on “risk management.” It established a project group with representatives from numerous countries, using AS/NZS 4360 as a first draft.
Grant and I were nominated to represent our respective countries and over the next few years, we flew thousands of miles to attend many lengthy five-day meetings. Outside those meetings, we spent hundreds of hours in drafting work and discussions with our own national “mirror” committees. The resulting standard – ISO 31000 Risk management – Principles and guidelines – was published in late 2009. A couple of years later, the ISO project group was given a more permanent status and charged with commencing a routine five-year review of ISO 31000.
Following publication, ISO 31000 was quickly adopted by many countries including our own and our joint Australian/New Zealand committee began work on companion standards and guidance handbooks which while completely consistent with the international standard, expanded on the guidance in relation to particular sectors (for example ‘Managing risk in sport and recreation organisations’), particular types of uncertainty (e.g. ‘Managing environment-related risk’) or particular techniques (e.g. ‘Risk financing guidelines’ - which I earlier discussed in Part II of our interview).
However, along this journey, both Grant and I (and a few members of the ISO committee from other nations) became increasingly aware that the rather elastic notion of “risk management” was deeply flawed, impractical and a hindrance to organizations seeking to make decisions to advance their purpose. The evidence for this came from both our own experiences in our day jobs working as advisers to many different types of organizations (Grant and I had very similar albeit entirely independent professional careers) and from independent surveys by global management consultancy firms which asked organizations about the extent to which they used and applied ISO 31000.
Despite the standard proclaiming itself to be relevant to all activities of every type of organization in the world and ISO boasting about its sales figures (ISO 31000 is one of their best sellers) the reality was different. Only a tiny fraction of the world’s organizations knew of its existence. Of those that did, almost none really understood it or followed its advice despite, in many cases, building organizational edifices in the name of doing so and feeding a rapidly expanding consulting sector providing supporting advice.
Although ISO 31000 had over 25 artificially defined terms, the “risk management” consultancy sector began inventing a bewildering array of new, albeit nonsense, “risk” – related jargon, enthusiastically promoting it as if it represented new validated knowledge. Small wonder that the global surveys of large companies consistently showed that of those saying they were involved in risk management or were using ISO 31000, few actually made decisions that way or thought that it helped them pursue their purpose.
For that reason, I advocated that the routine revision of ISO 31000 should proceed from first principles by first defining the problem that ostensibly it was trying to solve, with the drafting of a new standard responding to that defined problem. As I often would ask: “if risk management is the answer, what is the question?”
Unsurprisingly, this definitional approach, which initially was reluctantly agreed to, showed that the central challenge for every organization is simply to make sound decisions in the face of uncertainty. The resulting design specification for the revision therefore focused entirely on decision-making.
But the world of standards-making has many vested interests, too many of which could see their fanciful world of “risk” and “risk management” disappearing and so, despite the revision task group gaining strong international support for drafting to be based on its carefully prepared design specification, the ISO committee ultimately blocked this approach. I could do no more so I resigned, joining Grant in the ranks of “ISO-refugees” who had also become frustrated by inept ISO administration and processes along the way.
However, Grant and I felt that the thinking that had gone into developing the now abandoned design specification was too useful to waste. We decided to draw on our practical experience of having worked with many types of organizations and to write a jargon-free book to help individuals and organizations to make even better decisions. “Deciding” was the result.
Your book advocates that we dispense of words like opportunity and risk and focus instead on decision-making. How do we go about this? In other words, how do we help organizations adopt the ideas presented in your book?
We have no difficulty with the word “opportunity” as it has a clear, ordinary meaning. It refers to the existence or emergence of a set of circumstances which offers the possibility for an organization to advance its purpose. To do so, of course, the opportunity needs to be recognized and a decision made about whether and how to exploit it. This is what happened with the emergence of ride-share operators (e.g., Uber, Lyft) who saw and exploited the opportunity created by the rise of the gig economy, advances in GPS navigation, mobile phone and bank payment technologies, increasing frustrations of travelers concerning the reliability of regular taxi services and concerns about driver and rider safety.
So, our problem is not with the word opportunity but with a contemporary (consultant-driven) affection for pairing it with risk as in the wholly meaningless apparent dichotomy of risk and opportunity as if they were antonyms. Not only are these words entirely unrelated (in Deciding we liken them to pairing bulldozers and cabbages in that it can be done but has no sense) but one, the word “risk”, has the fatal flaw of having no accepted meaning – despite the prevalence of its use.
“Risk” is used as a label for a surprisingly wide range of mainly conflicting and often muddled notions. This cannot be remedied by giving “risk” a formal meaning because whether in standards, statutes, the common law or in contracts, there are dozens of such formal meanings – each entirely arbitrary and, axiomatically, contradictory. Add to that are the everyday casual – but conflicting - uses (the TV weather person says ‘tomorrow, there is a risk of rain’ but he or she usually just means there is a “chance” of rain).
The ISO 31000 standard tried to specify a meaning which was so obscure that five (internally conflicting) explanatory notes were added to the definition even though the standard insisted that such explanatory notes were not to be treated as part of the definition! Adding to the confusion, in amongst the 20,000 or so ISO standards, there are, apparently over 40 different ideas that are formally labelled with the word risk. And that’s from an organization established for the purposes of standardization!
It took Grant and I a while to realize that this multiplicity of contemporaneous, yet conflicting, meanings is not fixable. The genie is out of the bottle which is why we reject use of the word. Apart from it having no utility, its use has the unfortunate added effect of obstructing rational discussion. The same applies to all the confected expressions that incorporate the word risk whether as a noun (e.g., cyber risk) or adjective (e.g., risk management). No one can manage a will-o’-wisp.
So how does a person who is accustomed to using the word risk deal with the problem. Our solution is to simply not use it. Rather like resolving not to use swear words in the presence of say, elderly grandparents, it is just a matter of training the brain to recognize the onset of the urge to use the word risk, pausing to think what is really meant, and then substituting other ordinary words according to the context. Risk is such an adulterated word that it has no synonyms. A plus factor in discontinuing its use, is that the additional thinking to identify an alternative means of expression usually brings additional insight and clarity.
You also ask the question as to how individuals and organizations can give effect to the rest of the guidance in our book. In fact, it involves a very simple two-step process – first read the book, and then, together with others involved, use it on the very next decision to be made. As the character Sam-I-Am says in Dr Seuss’s 1960 book as he urges another character to reverse his dislike of green eggs and ham: “Try them! Try them! And you may”.
Feedback we have received since the book was published is that the value of its simple, jargon-free practical tips are quickly apparent to those that “try them.”
Your book makes the point that everything begins with purpose. Can you elaborate on this and how clarification of purpose improves decision making?
We contend that every organization exists for a purpose. Otherwise, it would not have been established. The Purpose can therefore be thought of as the highest expression of its reason for existence. For statutory organizations created by governments, the purpose will usually be found in the empowering legislation. For other organizations, it might be expressed formally in its foundational corporate documents or exist as an enduring shared understanding.
By the way, we are always a bit wary of the assumption that the now popular ‘Mission Statement’ that many organizations (and their PR advisers) like to publish and boast about in the annual report necessarily expresses Purpose. It might, but also might not. What is distinctive about purpose is that it is a deeply held belief and typically very succinct. The reality is that the mission of every organization, is its pursuit of purpose but if the purpose is not clear to all, the mission has no hope of success.
As to why awareness of purpose is fundamental to decision-making, we contend that there is only one way for an organization to advance its purpose and that is to make decisions that take advantage of opportunities as they arise. Opportunities, of course, only exist in relation to purpose. So, awareness of purpose is necessary for two reasons – to recognize opportunities, and to shape and test the decisions that are made to exploit the opportunities.
In our book, we quote the wise words of Seneca the Younger (in the year AD65) to illustrate the critical importance of awareness of purpose…”If one does not know to which port one is sailing, no wind is favourable.”
Projects can be a great example of decision-making that is not rooted in purpose. The mantra of the project management sector is that a great project is one that is delivered on time, in specification and within budget. And yet far too many projects which have ticked all three boxes are proved to be a disaster because the decisions that launched and shaped them were not solidly anchored to the purpose. Sadly, for taxpayers, far too many government projects fall into this category.
Your book also recommends that we dispense with artificial tools such as risk registers which are commonplace today. Drawing from your book, what should we be doing instead?
Starting with my earlier comments about the problems with the word risk, my first question about “risk registers” is to ask what exactly is being registered and my second question is for what reason? My answer to both is “I have no idea!” Given that that term “risk”’ has no consistent or valid meaning, then neither can the content of “risk registers” have any useful meaning.
Furthermore, the entries for whatever is thought to be being registered, are created at a moment in time (albeit often in relation to earlier decisions) and thus are (at best) a product of the prevailing context at the time of creation. Whether or not noticed, aspects of context can change in an instant and may or may not be those prevailing when the decision was made. Hence, the (intended) value of the content of the registers either ceases or diminishes from the moment the compiler hits “Enter” because life is dynamic. Conducting reviews of the entries in these registers at arbitrary intervals to give the impression of currency does not solve the problem of supersedence. Moreover, whatever is being “registered” (typically, derived from hypothetical scenarios) is, of course incomplete as the entries are at best a sampling. And yet that is not how those who champion these registers characterize them.
The ultimate illustration of the uselessness of risk registers is that having been created, the information in them is almost never used by decision-makers. In most cases, the information is not even accessible to most decision-makers.
As Grant and I have often been able to demonstrate, these registers are both a fiction and a burden. Not only does their generation absorb energy, time and money but doing so distracts from the real task of pursuing purpose by making sound decisions. Their existence gives rise to false confidence about the adequacy of decision-making.
Our simple advice is to just discontinue compilation of these registers and for reasons of security, delete all the (albeit aging) data contained in them.
As a distance runner, I know that getting better at anything takes time. What advice do you have for organizations that want to start implementing the decision-making process in lieu of traditional activities such as updating a risk register?
We contend that everyone uses the same decision-making process which we describe in ‘Deciding’ (using plain words and no jargon) Decisions have always been made this way because of the inherent logic of doing so. Nevertheless, not all decisions are successful.
The differentiators in terms of the success of the decisions are those that relate to (i) the awareness of the ‘Decider’ of how they are actually making their decision, and (ii) their proficiency in respect of the various elements of the process. So, the challenge for an organization wanting to make even better decisions, is not to decide whether to adopt a new process but just to decide to become more aware of the process they are actually using and then getting better at it ….. our motivation for writing the book.
For the reasons we have explained, whatever risk registers are, or are thought to be, they are not a method for decision-making nor do they assist decision-making. Dispensing with the word risk has the useful further benefit of dispensing with risk registers! So, I don’t think there is any issue of having to choose or trade. Simply put the creation of things called risk registers to one side and make no further reference to them. This does not even require a gradual or transformational process – just one push of the delete key will usually do it!
As you note, the more one does something and is conscious of doing so, the faster that improvement will occur – particularly where there are observable results capable of measurement or comparison. In this case, it is not a matter of doing something new, but just being more conscious of what is already being done and recognizing the opportunities for improvement.
We’ve said in our book that we have written it for thinkers by which we are not referring to thinking in general, but rather to people who will think about what we have said (often illustrating it with an anecdote that might not be directly relevant to the world of the reader but which, with a little reflection will be recognized as having more universal application).
The path for improvement is easy to navigate. Each of the chapters of our book relates to an element of the universal decision-making method and contains many practical examples and bullet-pointed practical steps.
For example, because ultimately, nothing is absolutely certain, every decision is based on assumptions and hence assumptions are the subject of one of the chapters in the book. The Decider might or might not be aware of either the nature or the significance of the assumptions however it is a simple matter to become more conscious of these matters by routinely asking questions such as:
- Why do we think that information is valid/current/correct/complete?
- Does the decision rely for its success on it being implemented in the way that we intend?
- Why do we believe it will be implemented as intended?
- Are we relying on things remaining unchanged over the life of the decision?
Creating the habit of asking these types of questions soon improves decision-making practice. So too, can aides memoir.
One reader of Deciding reported the value of making an enlarged copy of the figure in the book (Figure 3) that illustrates the method by which all decisions are made and pinning it on the wall in the room in which a decision is being made. Another organization did as we suggest in the book and, after their managers had read it, gave them each a plasticized wallet-sized copy of the simple decision-making aide memoire which is to be found in the last of the book’s appendices.
As your question and your own sporting experience suggests Mark, repetition and practice makes perfect. The journey begins with the first step - by starting.