Do you realize how fast you need to respond to risk? What does this mean?

I have been following the writing of Keith Smith for a while (courtesy of my friend Richard Anderson). Keith is one of the imaginative thinkers about risk management that influences my thinking, and I want to share his views with you.

Business is getting faster – and the time to respond to potential events (i.e., risks) is getting shorter. Decisions are made at speed and without preparation and good information are not likely to be quality decisions.

Keith has some insight into this problem and talks about “Risk Clockspeed”. Here is a piece by him, written for us here.

Why Risk Clockspeed?

First, I would like to thank Norman for this opportunity to comment on his well respected and widely read blog. Secondly I would like to use this opportunity to set out my case for believing in Risk Clockspeed.

For those that have not heard of Risk Clockspeed, it is a lens through which we look at risks from the perspective of the information needed to manage the risk. If good quality risk mitigation information is available in good time allowing the use of rational cognitive thought to forward manage the risk, then it is a Slow Risk Clockspeed risk. If on the other hand the information necessary to manage the risk will emerge in, or close to real time leaving insufficient time for rational cognitive consideration, then it is a Fast Risk Clockspeed risk. In this way, the Risk Clockspeed classification of the risk is not based on an absolute measure of time, so much as bound to a timing for the realisation of key management information.

So why do I encourage people to look at risks in this way? First, if I start with the societal drivers, few would contest that we live in an increasingly complex world and that this complexity extends beyond technology. In addition, most agree that this also a ‘leaner world’ where resources, and in particular underutilised staff members, are in short supply if not extinct from our organisations. Moreover, while it is difficult to measure in absolute terms, most people naturally accept that the pace of life is already fast and becoming increasingly quicker as the years go by. A simple example may help consolidate all three of these drivers into a single life story. I am contributing to a blog, which is a mass information system, dependent on an international network of computers owned by different organisations, where you could be reading this seconds after it has been posted. I am penning this myself, just as I do for all my work, as my organisation has few administrative staff to help with such matters. And, I am typing this on a train, using a tablet computer that did not exist a few years ago. All of this is taking place as I head to a full day of meetings where I will present thoughts put to paper (e-paper that is) yesterday. Please feel free to substitute your own example; I am sure you have many to choose from.

The combined result of these three societal drivers is to force people into making more complex decisions, often with the support of complex data provided by complex systems, in a shorter timeframe and with fewer resources around them to share the complex analytical work. And this I suggest, is a modern risk management issue, as each of those decisions constantly changes the risk profile in which we exist. Maybe Norman would see this as a dynamic of his ‘managing risk at the speed of business’ theme?

In part, we can reach for a technological solution to help collate the mass of data we have access too, but even this is a double edged sword. Such systems provide complex data in simplified formats for sure. Computers allow us to engage in complex business we could not engage with before, but while essential tools too compete with others in our markets; this is complexity regenerated.

Consider now the reformed ‘hunter gatherer’ homo sapien who was called out of the field to perform in this pressurised world. The linkage between the risk management information availability and the classification of Risk Clockspeed has been made for very good reasons. People have multiple information processing methods, but at a high level they can be grouped into two modes of processing. When we have time to process information, to think about it in depth, maybe share with others for their thoughts too, we are using a rational cognitive thought. Our actions are rational and we could, if required, explain our decision in measured steps of thoughtfully considered positions. However faced with a real time event, where we do not have time to engage in rational thought, our processing is governed by the feeling reactive decision making mode. We commit strongly to our actions and struggle to give the rational explanation for our thought patterns afterwards as it all took place rather quickly.

Think of pedestrian who steps out carelessly into the road. Neither the pedestrian nor the driver of the approaching car engages in long drawn out rational consideration of the options. No, the driver brakes hard, the tyres screech and the pedestrian leaps towards the safety of the pavement. Fast, efficient and possibly lifesaving; not a great deal different to the business decision we frequently make?

Couple the societal pressures with the natural thinking modes of humans and Risk Clockspeed becomes an obvious additional tool for us to use in the management of risk.

Once understood, it is clear that the management styles for each Risk Clockspeed type needs to be very different. Consider for example how ridiculous it is to sit in your office and plan out in detail how you will manage the risk of avoiding all the other cars on the road as you drive home tonight.

If I boldly assume you sympathise with my argument, then the closing paragraph should be about changes that need to be made. Our standards need to recognise and reflect that the information we need to assess or manage a risk may emerge in real time. Our management methods must extend beyond the direct management of the risk towards managing the context in which the risk will be managed. And rather than try and ‘process out’ our feeling based decision mode, we need to learn how to embrace and manage it, as increasingly we will depend on it to stay in profit! I strongly believe that Risk Clockspeed thinking is an important source of competitive advantage.

Dr Keith Smith

March 2012