Beware of Whispers in the Night: Why Risk Assessments Provide Limited Value
DOI:
https://doi.org/10.33423/jsis.v15i6.3594Keywords:
risk management, risk entanglement, consequences, risk mitigation, business continuity, contingency, recovery time objective, recovery point objective, maximum tolerable outage, risk appetite, risk tolerance, risk saturation, risk absorption, business impact assessment/analysis, risk mosaic, risk cross over, asymmetryAbstract
One of the most interesting and overlooked aspects of risk management is what I refer to as risk entanglement. If you identify (observe) a risk, someone – even one, many miles away – identifying the same risk; both take action to mitigate the risk. This instantly changes the risk’s properties for both, creating a need to constantly consider risk mitigation actions. This works both ways, depending on who acted first. And we do not even have to be in communication with each other. Risk is not static. Risk changes by each action taken to mitigate or leverage it. Now, multiply “risk entanglement” by all the identifiers of that risk and all the actions taken to mitigate this ever-changing risk (each action taken to buffer against risk realization changes the nature of the risk) and you get a potentially chaotic cascade effect. How is it that the world remains relatively stable when so much risk is constantly mutating due to mitigation? It’s relatively simple, our risk management activities are short lived and generally have been limited to certain types of risk management response. This needs to change in order to bring risk management to the forefront of executive management thought as they develop and execute strategy, goals and objectives.
