Day 6 – Regions, Resources & Populism

This is the last list of potential disruptive factors that could influence the Canadian Public Service over the next decade or so.  See the previous blogs for the previous set of disruptions and Seven Days of Disruption blog for the entire set.  These are in support of November 22, 2017 FMI Conference – Disruptive Writers.

  • Quebec and Regional Tensions (editor)
  • Resource and Commodity Supply, Demand and Price (adapted from 2015)
  • Rising storm of populism; Canada and Cultural War in the Age of Trump and the Progressives (adapted from 2016 and editor)

Quebec and Regional Tensions (editor)

A full generation has grown up without ever hearing about Quebec separation, referendums or regional tensions.  Can it last?  The first challenge is geography, Canada is big – very big.  Many Canadians will never visit all of the provinces and territories, how can you sustain a country in which geography conspires against a sense of affiliation.  The next challenge is economics.  Canada has been sustained in the past half century by a wealth transfer from the Western Provinces to the vote rich eastern regions.  Despite multi-billion dollar provincial deficits, Alberta is still a ‘have’ province and will contribute to the ‘have-not’ areas.  Finally there is tribalism or regional identity.  Quebec has been the center of this with two referendums and the 1999 Clarity Act being central activities in the twenty years from 1980 to 2000.  Northern Canada, with the creation of Nunavut, seeks its own path to prosperity.  Atlantic Canada continues to struggle economic although recent mineral discoveries have brightened these prospects. So, will Canada continue to exist and prosper as it moves toward its bicentennial or will it be tore asunder by its size, politics and economics?

Resource and Commodity Supply, Demand and Price

Adapted from A.T. Kearney 2015: The resource “super-cycle” of the early 2000s saw global prices for energy, minerals and agriculture prices hit 30-50 year highs.  A new global resource “slump cycle” began in 2014, characterized by a dramatic oil price drop.  These underlying dynamics mean that the resource slump cycle will continue into the foreseeable future. Past resource cycles have continued on average for 13 to 15 years, because it takes time for supply infrastructure to realign with demand dynamics. Therefore, the current mismatch in demand and supply is likely to persist until 2027–2029. Renewable energy is a wild card as it is expected to continue to attract steady investment despite lower prices—likely as a result of less costly technologies, government regulations, and consumer preferences for cleaner power.  As a major exporter of minerals and an energy super power, this slump will particularly hurt the Canadian economy and the ability to maintain government tax revenue.

Canada and Cultural War in the Age of Trump

Adapted from A.T. Kearney 2016: A populist, worldwide backlash to globalization and neoliberal economic policies continues to spread in the wake of the Global Financial Crisis due to a broad range of underlying structural issues, from digital information proliferation to wealth inequality. This backlash is creating policy instability and raises the risk of a potentially hostile environment for globalized business models.  A.T. Kearney defines populism as a mass political movement that harnesses “the power of the people” to reject the elite and the status quo. Populism is usually concentrated around a charismatic leader, and often includes advocating for more redistributive economic policies—or even illiberal tendencies to concentrate power in a single individual.  The impact for governments is navigating protectionist trade partners; volatility in civil, constitutional, policy and regulatory endeavours, and the risk of knee-jerk reactions resulting in the break down of civil society.  Compounding this challenge is the ‘dumbing-down’ effect of social media converting civil discussion and complex thought into 144 character sound bits and simple likes and memes.

Editors Note: There is a description that a cultural war is underway in the United States between ‘progressives’ or left and ‘populists’ or right.  Hillary Clinton, Bernie Sanders and the Democratic Party are progressives with Sarah Palin and being populists.  Generally the left accuse the right as being fascists (for more on how this may be topsy turvy, see: ‘The Big Lie: Exposing the Nazi Roots of the American Left‘) and the right accuses the left of destroying liberal democracy through masked thugs and censorship of institutions such as universities.  In Canada we have less of this possibly because our political system allows for a more nuanced reflection of opinions (e.g. we have left of center NDP, right of center Conservatives and the center-left Liberal Parties. Nevertheless, what is the impact of this cultural war coming to Canada and can our democratic institutions survive the battles?

Day 5 – Islandization, IT and Post-Consumerism

This is the second last list of potential disruptive factors that could influence the Canadian Public Service over the next decade or so.  See the previous blogs for previous disruptions and Seven Days of Disruption blog for the entire set.  These are in support of November 22, 2017 FMI Conference – Disruptive Writers.

  • “Islandization” of the global economy (2017), NAFTA Negotiations and the rise of protectionism (editor)
  • IT Revolution 2.0 and the Rise of the Machines (adapted from 2015)
  • Post Consumerism (adapted from 2016)

“Islandization” (2017), NAFTA Negotiations and the rise of protectionism (editor)

Adapted from A.T. Kearney 2017: After a quarter century of rapid globalization, restrictions on immigration, trade, and other cross-border flows are now increasing. A new phase—which we call “islandization”—has begun, marked by growing levels of nationalism, protectionism, and parochialism. While the United States is at the center of this trend, many of the countries leading the globalization charge are also quietly islandizing, creating a dramatically different operating environment for global businesses and governments.

Editors Note: Returning to the Great Depression, one of its acknowledged causes of its prolongation was the establishment of trade barriers between advanced economies exactly at the time when economic activity was needed the most.  At the same time, exporting jobs and manufacturing skills undermines an economy and a tax base.  In other words trade like most things is something to be managed with no exact ‘pre-set’ value.  Canada is a directly beneficiary of being a trading nation even if most of it goes south to our NAFTA partner.

IT Revolution 2.0 and the Rise of the Machines

Adapted from A.T. Kearney 2015: The Internet of Things (IoT) is a fast-growing constellation of connected “smart devices,” such as smartphones,  self-driving cars,  household appliances, industrial robots and smart electrical grids. With continued dramatic growth in connectivity, these machines increasingly transmit information to one another and take real-world actions without humans in the loop. Beyond gizmos and conveniences, IoT may lead to dramatic change for societies, economies and governments.  For example, if self-driving vehicles take off, what are the regulatory, economic and employment impacts of giving up this human activity?

Editors Note: Industrial robots are an important IoT growth and China is forecasted to become the world’s largest user of industrial robots by 2017.  This means greater competition for manufacturing jobs and industries in Canada.  Beyond productivity, the IoT also contains significant cyber-security and privacy concerns for consumers and citizens.  As a positive, the innovation and productivity gains are central to the miracle of human development we have seen over the past two hundred years.  The Industrial, Green, Fossil Fuel and Information Revolutions have all created greater material wealth for humans… notwithstanding the negative corresponding negative impacts to the planet and our fellow species.  In other words, two hopes: 1) we can manage the rise of the machines to generally improve the human condition and 2) our robot overlords treat us better than we have treated some of our fellow animals and humans.

Post Consumerism

Adapted from A.T. Kearney 2016: Consumer values and preferences in developed markets are shifting toward buying fewer physical goods and valuing experiences over possessions. While this is creating new business opportunities for service providers, it also raises important challenges for traditional consumer products groups and retailers.  Concurrent with this change is the emergence of the Amazon.com who are effectively competing for a shrinking pool of consumption.  The OECD reports that the rate at which member countries consume physical materials has begun to decline and that at present “OECD countries generate 50 percent more economic value per unit of material resources than in 1990.” While this change is generally good for the environment (and likely good for the soul – editor) it may also pose challenges to governments as retail outlets fail and small business retailers cannot compete with either Amazon or online digital experiences.

Editors Note: Remember Abraham Maslow and his hierarchy of needs?  If post-consumerism turns out to be a ‘thing’ it certainly would validate Maslow’s work?  There is some tough sledding though including unwinding a century of modern marketing and an economic structure based on consumption.  Nevertheless our landfills and planet would probably thank us.

Day 4 – Debt, Immigration and First Nations

This is the fourth list of potential disruptive factors that could influence the Canadian Public Service over the next decade or so.  See the previous blog for the first set of three and Seven Days of Disruption blog for the entire set.  These are in support of November 22, 2017 FMI Conference – Disruptive Writers.

  • Growing debt overhang (2017)
  • Immigration and Changes to the Canadian Values and Characters (editor)
  • Indigenous Power (editor)

Growing debt Overhang

Adapted from A.T. Kearney 2017: Driven by historically low-interest rates, debt levels around the world have risen dramatically and now stand at all-time highs. These debt obligations are on increasingly shaky ground as a result of both their sheer size and key policy shifts under way in the United States and China. An adjustment—orderly or more likely otherwise—will occur in the near to medium term.  Concerns are for debt in governments, corporations and households.  Canadian Government total debts is less than its G20 peer countries but still well above 85% of national GDP (source wikipedia).  Unfortunately Canada trails its G20 peers in corporate and in particular household debt.  Household debt is also worryingly high with Canada at the epicenter of this debt buildup. Canada is among the developed markets in which household debt rose 2 to 3 percentage points in 2016—in large part due to a rise in mortgage lending and housing markets that seem to be overheating. Household debt now stands at over 101 percent of GDP in Canada.

Editors Note: The Great Depression of the 1930’s is often attributed to the accumulation of debt both at a personal and national level.  Credit purchase of goods and mortgages were both relatively new financial tools which fueled a rapid expansion of the US economy in the 1920’s.  Beyond consumables, the stock market was also a beneficiary of leveraged purchases.

At a national level, Europe was still reeling from the effects of the First World War.  The massive allied debt owed to the United States and its unwillingness to forgive this debt made the allies less forgiving in turn for German war debts and reparations.  Add in protectionism and an entire house of cards folded with the correction of the stock market in October 1929.  Interestingly many of the same conditions have parallels in our own time.

Immigration and Changes to the Canadian Values and Characters (editor)

Canada has been a net beneficiary of immigration since humans first started to leave Africa tens of thousands of years ago.  However when most people think of immigration it is not of Bering Straight land bridges but instead of the initial waves of mostly European settlers from the 16th to the end of 20th century.  Since the 1970’s, government policies and changing demographics have seen immigration sources move from European sources to being from all parts of the globe.

A greying Canadian population will mean that immigration must continue even to maintain our current population let alone allow from natural growth.  Despite a Canadian government policy of multiculturalism, what is the impact of displacing a predominantly Euro-centric population and set of cultural values with a more global set of values?  As well, are there risks of a ‘Balkanization’ of Canada such that a Canadian citizen may grow up in an enclave without ever leaving the culture (or perhaps language) of their ancestral home.  Are there risks of a loss of Euro-centric values of liberalism and individual freedoms if in migration was attracted to these norms in the first place?

Indigenous Power (editor)

Human colonization of the North American continent started many thousand of years ago with either the current first nations or perhaps even an earlier wave of human migration.  Irrespective, the people who make up Canada’s first nations have a long standing claims and association with the land. In many parts of Canada this association was articulated in a series of treaties. The Truth and Reconciliation Commission and more recently the National Inquiry into Missing and Murdered Indigenous Women and Girls are two recent government efforts to make for a better arrangement between Canadian society as a whole and the First Nation segment.  For Canadian governments and the larger society, the questions of how to resolve land claims (including competing claims for the same territory), integrating this culture while still maintaining the liberal principles of equality for all.  As well, there is the question of what is the end game for all of the players?  What does resolution look like and exactly what will it cost to achieve this state?

Day 3 – Greying Population, AI and Extremism

This is the third list of potential disruptive factors that could influence the Canadian Public Service over the next decade or so.  See the previous blog for the first set of three and Seven Days of Disruption blog for the entire set.  These are in support of November 22, 2017 FMI Conference – Disruptive Writers.

  • Depopulation Waves (2015)
  • Evolving Artificial Intelligence (2015)
  • Geopolitical Realignment (2015) and Continued Global Violent Extremism (2015)

Depopulation Waves

Adapted from A.T. Kearney 2015: As global population growth slows, some countries’ populations are already shrinking. Global population growth is decelerating from 1.8 percent in the 1980-2000 to just 1.1 percent in the 2000–2025 period. The three main drivers of depopulation are aging, international migration, and high mortality and morbidity rates.  Depopulation presents a range of challenges including labor shortages, weaker consumer demand, lower tax revenue and higher health care costs as the greying population lives longer.

Editor Note: Additional impacts to the above are a massive transfer of wealth from the baby boomers to their children.  Of course this wealth is only of value if the economic and social structures continue to exist to support them.

Evolving Artificial Intelligence

Adapted from A.T. Kearney 2015: Artificial intelligence (AI) is already used in sectors as distinct as finance, journalism, and engineering, and it continues to find new applications. For instance, AI is used in security trading dark pools, writes breaking news articles, and dominates humans in many games (such as chess, backgammon, Scrabble, and even Jeopardy!). It is also being leveraged in an attempt to cure cancer (as part of the Big Mechanism project being run by the Pentagon’s Defense Advanced Research Projects Agency [DARPA]) and make lethal decisions on the battlefield through its integration into the weapons systems of several countries. Increasing investment in deep learning technologies will enable AI to expand to even more sectors.

Editor Note: This topic has been explored in detail both in the business press and in fiction (anyone remember HAL from the movie 2001: A Space Odyssey?).

Geopolitical Realignment and Continued Global Violent Extremism

Adapted from A.T. Kearney 2015: Global economic and political power is increasingly diffuse thus compli­cating leadership efforts within the international system. In the years since the Global Financial Crisis, the United States and other Western powers have receded from the global stage  while rising regional powers have increased their political influence.  These changing power dynamics are decreasing the effectiveness of global political institu­tions. These institutions have transformed little in the past 60+ years and are failing to accommodate shifting power dynamics.  Global arms spending, has grown in recent years after decades of decline following the conclusion of the Cold War.

Today’s most pressing issues, including security concerns, are global in nature but cooperation has proved increasingly difficult in the current international environment. The international security architecture has been slow to address global terrorism and transnational organized crime. Moreover, lack of trust in govern­ments and businesses complicates international efforts to prevent cyber threats.

Editor Note: Canada has been a direct participant and beneficiary in the international movements of the second half of the 20th century.  From being a founding member of the United Nations and NATO to conceiving the concept of peace keepers, Canada has been described as ‘punch above its weight’ in international affairs.

Day 2: Power, Cyber-Security and Renewables

This is the second list of potential disruptive factors that could influence the Canadian Public Service over the next decade or so.  See the previous blog for the first set of three and Seven Days of Disruption blog for the entire set.  These are in support of November 22, 2017 FMI Conference – Disruptive Writers.

  • Changing Nature of Power (2015)
  • Cyber Insecurity (2015)
  • Dawning of a new urban transportation age and the Canadian City (2017 and editor)

Changing Nature of Power (2015)

Adapted from A.T. Kearney 2015: In today’s world, power is increasingly fleeting and diffuse.  It is disseminated across individuals empowered by new technologies such as search engines and social media; to lower levels of government, including cities; and to start-ups and user-driven networked organizations. The rise of the global middle class is leading to greater individualism and expectations for service from their governments and from businesses, with consumers having never had a broader freedom of choice. Global trust in most institutions reached an all-time low in 2015, with governments continuing to be the least-trusted institution.

Editor note: So What?  The answer is that trust is foundation of a society and an economy.  It profoundly reduces the transaction cost in both.  Public institutions support this trust by enforcing social norms. In a strange twist, public institutions are sometimes powerless at the hands of a small but vocal group of individuals.

For example, an August 2017 discussion on free speech at Ryerson University was cancelled because the University was concerned about safety and security.  Described as domestic terrorism by one of the panelists, this is an example of public institution (Ryerson) self-censuring thought and discussion with a resulting degradation of its own power and trust.  While the individuals involved may congratulate themselves on forcing their view points onto an entire institution, they should also recognize that they are sharing a common heritage with the black, brown or red shirts who dominated politics a century ago.

Cyber Insecurity (2015)

Adapted from A.T. Kearney 2015:While the upside of the Internet is enormous, cyber threats continue to multiply. Estimates put global cyber crime losses at somewhere between $375 billion and $575 billion annually.  All connected devices and systems are vulnerable to attack. Computer systems, for example, are vulnerable to ransomware. The growing IoT also lacks strong security systems and is highly vulnerable to data theft.  To make matters more complex, the cyber arena is a growing domain of warfare between countries, in which businesses can be caught in the crossfire. The “Darknet”—parts of the “Deep Web” that are not discoverable by traditional search engines—remains a serious criminal threat, especially with the rise of crypto-currencies. It is cloaked with encryption software that provides anonymity to users. The Darknet is used as a source of cyber attacks, as well as a place to buy and sell ransomware and other cyber weapons. Another business risk of the Darknet is that it provides a marketplace for stolen data collected through cyber attacks, augmenting hackers’ motivation to continue conducting such attacks.

Editor note: Governments see online services as a way to provide better government for fewer resources.  The Singapore, Scandinavia and the United Kingdom are acknowledged leaders in this effort although the Canada Revenue Agency has also made great strides in allowing for a digital experience.  Nevertheless, governments have a number of challenges including the Facebook-effect, the Shiny-bauble problem and resource asymmetry.

Facebook Effect – You are the Product

The Facebook-effect is the problem of comparing government services to a for profit service such as Facebook.  If Facebook can provide service xyz or make its offerings free, why can’t a government?  There are of course a number of answers to this.  Firstly Facebook is not constrained by the same legal, moral and democratic frameworks.  Facebook has an entirely different revenue model.  For social media, the user is the product.  Thus your likes, shares and contributions builds up a profile of you as a person which can then be monetized.  For governments such monetization of a citizen would be outrageous.  Finally, Facebook can fail while governments are expected to be enduring.  If Facebook ceased to exist tomorrow it would be inconvenient but a new social media product would take its place (anyone still using MySpace?).

The Shiny-Bauble Problem

Governments like to implement new things.  Ribbon cutting and shovel turning is good press and leads to the primary objective of any government – staying in power.  As a result, governments get distracted by the Shiny-Bauble which have a short-term effect or solution that has little enduring value and may cause long-term harm to a society.  The worst thing about Shiny-Baubles is that they may become entrenched in a society by a small group who benefit from the government largess.  In other words, the only thing worst than a Shiny-Bauble is trying to turn one-off.

Resource Asymmetry

Governments often have fewer and less enabled resources to delivery digital services or fight cyber-threats than the legitimate and illegitimate competitors.  The above Facebook discussion is one aspect of this resource asymmetry and consuming valuable government resources pursuing a Shiny-Bauble is another.  A darker example of asymmetry is that the bad guys only need to look for and exploit a single weakness in a government’s cyber environment.  At the same time, a government must fight all threats while trying to provide services.

Dawning of a new urban transportation age and age of renewables (2017 and editor)

Adapted from A.T. Kearney 2015: The global urban population has risen steadily over the past two decades. According to the United Nations (UN), there were about 2.9 billion urbanites in 2000, but that number has increased to 4.1 billion and will hit 4.5 billion in 2022. The number of megacities, defined as cities with 10 million or more inhabitants, rose from just 17 in 2000 to 29 in 2015, and the total is projected to rise to 36 by 2025. Hyper-urbanization is heightening congestion levels in cities around the world. The age of the automobile may be ending as cities adopt innovative new technologies and use more traditional mass and individual transit methods to enable smarter and more sustainable urban transportation and growth.

(Editor) Public transit and electric vehicles are two ways that urbanization will change the face of a city but tele-commuting and promoting walk/bike-able cities are another.  This raises a challenge for Canadians as much of our housing stock has been built since the mid-20th century and the economics and logistics for all of these mitigating solutions will require significant government investment and coordination.  It will also require a change in cultural norms and expectations as owing a home has become central to financial and personal-security well-being.

Day 1: Climate, Biotech and Canadian Competitiveness

What are some of the larger potential disruptive factors that could influence the Canadian Public Service over the next decade or less.  The following three are the first in a list that will be used at the November 22, 2017 FMI Conference – Disruptive Writers.

  • Seven Days of Disruption (Initial Blog).
  • Accelerating Global Climate Change and the cost to mitigate (2015 and editor)
  • Biotechnology: Frankenstein, Super-bugs and Super-cures (adapted from 2016 and editor)
  • Canadian Competitiveness and Productivity (editor)

Accelerating Global Climate Change and the Cost to Mitigate

Adapted from A.T. Kearney 2015: Food production, rising sea levels, increased range of tropical diseases and impacts to fragile environments such as the arctic and northern forests are some of the negative impacts identified.  At the same time, Canada could be a net beneficiary as more of its land mass becomes suitable for agriculture and lower cost for exploration of mineral wealth in the arctic.  These are tenuous gains as compared to social and mass population upheavals however.

Editor note: in many ways the past 200+ years of using fossil fuels can be compared to a young person inheriting a vast fortune from an unknown dead relative.  The changes have been both negative and positive.

On the positive side, there are billions of people alive today or who have lived in the past two centuries that would not have lived without the exploitation of fossil fuels.  Fossil fuels have given us a standard of living in which even the poorest Canadian is living better than many past kings or queens.  Hydrocarbons deliver clean water, warm homes, take away sewage, pave our streets, move food to our stores, fix nitrogen out of the air to grow the food and give us miracle materials such as plastics.

However, like a young adult waking up from a massive party we are also noticing that the trust fund is running low.  As well, 200+ years of living with fossil fuels has directly or indirectly killed many of our fellow species, polluted our homes.  The hunt for the fuels have led to corruption and creating vast fortunes in societies that have exported extremism and intolerance of things like women’s rights.

The cost to leave the fossil fuel era is considerable and may not occur in our lifetime.  The reality is that the engineering and technologies to replace an energy dense and convenient storage medium such as gasoline is considerable.  Canada has committed to shutter its coal power plants.  In 2014 this represented approximately 10% of the nation’s total generation nearly all in Western Canada [1].  Assuming these plants are closed by the target date of 2030, 63.6 terrawatt hours of capacity will need to be replaced [2].  Globally, Canada’s coal generation represents 0.67% of the total world generation capacity [3].  Thus the cost of leaving fossil fuels in the ground are not only direct but indirect as we place ourselves at a competitive disadvantage despite being a global powerhouse in energy reserves.

Biotechnology

Adapted from A.T. Kearney 2016: Just four years after its invention, “copy-and-paste” biotechnology is bending the cost and timeline curves for major scientific breakthroughs. CRISPR-Cas9—which stands for “clustered, regularly interspaced short palindromic repeats” and “CRISPR-associated protein number nine”—was discovered in 2012. This biotechnology has the ability to delete, repair, or replace genes, making it a function for genetic manipulation that will allow researchers to do three things more cheaply and effectively than ever before: alter human genetic code, cure diseases, and even create new lifeforms.   Its applications will have far-reaching impacts on a multitude of industries, altering business models, regulatory environments, and consumer demands and preferences worldwide.

Editor’s Note: Bio-technology is one of the things that makes us human even if the technology part has advanced considerably.  10,000 years ago the methods would have included burning forests to plant crops or encourage grazing animals; selecting grains such as wheat, rye or rice; or domesticating the dog, horse or cow.

More recently state sponsored food research was central to of the green revolution of the late 20th century.  Genetically modified food has continued this revolution although with a sense of unease.  Bio-technology promises designer cures for diseases and an improved standard of living for humanity.  The shadow includes Frankenfoods, designer babies and other nightmares from science fiction.  Regulation and a stable civil society is one way to control this.  Another method is to ensure that the work is done in a culture of openness and transparency – something perhaps more difficult if the research leaves Western countries and is taken up in repressive regimes or nations lacking a history of civil discussion.

Canadian Competitiveness

Adapted from the Conference Board of Canada: Canada’s standing on the 2017 Global Competitive Index as issued by World Economic Forum improved one place to 14th.  Switzerland ranks first, followed by the United States, Singapore, the Netherlands, and Germany.  Taxation and government regulation impeded competitiveness while a good K-12 and post-secondary education systems provided an offset.  Canada benefits from efficient labour markets and a sound financial and securities systems.  Canada lacks consistent investment in research and development, has degrading public infrastructure, poor coordination between universities and business and an over-reliance on natural resources.

Editors Note: This subject was discussed at the September 21, 2016 FMI Edmonton Chapter event Fostering Innovation in the Public Service When Money is Tight.

[1] Adapted from Canada Coal Profile, Figure 6 and Table 1, accessed 2017-11-13; https://www.iea.org/ciab/papers/Canada.pdf.
[2] ibid Power generation (gross) in TWh in 2014.
[3] Key World Energy Statistics, Electricity Generation by source, accessed 2017-11-13;  http://www.iea.org/publications/freepublications/publication/KeyWorld2017.pdf

Seven Days of Disruption

On November 22, 2017, the Edmonton Chapter of the Financial Management Institute is running an event entitled ‘Disruptive Writers‘.  In addition to hearing 3 great speakers discuss their books on either future disruptions or managing change, we will be playing a game called ‘Pin the Tale on the Disruption‘.  Sort of a mini-Delphi of what participants at the conference think will be the biggest challenge to the Canadian Public Service between now and …. ohhhh, say…. 2025 (e.g. about 7 years hence).

The Source of Disruption

There is a variety of sources for the disruptions but they are primarily based on the excellent work of the A.T. Kearney who have produced 3 Global Trend documents (available as follows):

It’s tough to make predictions, especially about the future (Yogi Berra)

A word of caution about the difficulty of making predictions.  Inevitably something better or worse will have muscled all of the excellent possible futures out of the picture.  In addition, Black Swans and the unpredictable are a near certainty.  So, to my future self, I profusely apologize/acknowledge for being so absolutely wrong/right in naming the following future disruptions.

A Laundry List of Disruption (in alphabetical order)

  1. Accelerating Global Climate Change and the cost to mitigate (2015 and editor)
  2. Biotechnology: Frankenstein, Super-bugs and Super-cures (adapted from 2016 and editor)
  3. Canadian Competitiveness and Productivity (editor)
  4. Changing Nature of Power (2015)
  5. Cyber Insecurity (2015)
  6. Dawning of a new urban transportation age and the Canadian City (2017 and editor)
  7. Depopulation Waves (2015)
  8. Evolving Artificial Intelligence (2015)
  9. Geopolitical Realignment and Continued Global Violent Extremism (2015)
  10. Growing debt overhang (2017)
  11. Immigration and Changes to the Canadian Values and Characters (editor)
  12. Indigenous Power (editor)
  13. Islandization” of the global economy (2017), NAFTA Negotiations and the rise of protectionism (editor)
  14. IT Revolution 2.0 and the Rise of the Machines (adapted from 2015)
  15. Post Consumerism (adapted from 2016)
  16. Quebec and Regional Tensions (editor)
  17. Resource and Commodity Supply, Demand and Price (adapted from 2015)
  18. Rising storm of populism; Canada and Cultural War in the Age of Trump and the Progressives (adapted from 2016 and editor)

ARM 6 – Governance

The Anti-fragile Risk Management (ARM) Model has seven components; the sixth is Governance.

  1. Purpose: Why Does the Organization Exist, what are its objectives?
  2. People: Does the Organization have adeptness to achieve its objectives?
  3. Process & Plant: Do the People have the right Operational knowledge to operate the systems they are responsible for?
  4. Product: Does the organization have a product or service that the market/society wants?
  5. Planning: Does the organization know how to do Operational and Tactical Planning to sustain or enhance the above?
  6. Governance: Does the organization have the strategic and leadership capacity to Change the Above?
  7. Risk Tested: What identified risks can be used to test the above to ensure they are functioning?

Governance may be thought of as the first step in a process.  However, for Risk Management, it has the least immediate impact.  Nevertheless, Governance is a bridge between Long Term ARM Components and the Enduring Components such as Purpose.

Anti-Fragile Risk Management

Governance: Strategic and leadership capacity to Change the Above?

Governance has a wee bit of the People component because it includes leadership capacity.  Leadership is typically thought of as the C-Suite, the board or some other clutch of silver-back leaders.  Certainly these organizational elements are part of this ARM component but personal leadership, group self-direction, and good command and control elements are just as important.

ARM’s Length Definition

Does the organization have Governance and Leadership Capacity so as to develop, implement, monitor and validate initiatives which are in support of the over-arching organizational objectives?

Why Does this Matter

ARM stands for ‘Anti-fragile Risk Management’.  Anti-fragile was coined by Nicholas Taleb and if you have read any of his books you know that he takes a dim view of things like governance or strategy (for more on this see my 2016 article, Anti-fragile Strategic Planning).

Notwithstanding Taleb’s distaste and bias against suits, MBAs and strategy – these are the reality of any organization and Governance and Strategy will influence organizational risk and its mitigation.

Not-for-profit and government organizations share this risk and likely more so.  History is replete with examples of unsavory characters getting themselves elected (or grabbing power) and causing havoc for an organization or country.  At the same time, a good board and a good government can greatly reduce risks and capitalize on opportunities.

Returning the Taleb for one last time, in his first book ‘Fooled by Randomness‘ he discusses the role that chance (luck, probability) plays in our lives.  One of the reasons he has such a dim perspective of suits, MBAs, etc. is because it is easy to take credit for luck.  While this is true, his book also discusses the importance of ‘making your own luck’ (what I call Managed Serendipity) by establishing circumstances that are less prone to chance (the basic premise of Anti-fragile).  Having strong and capable leadership is one such element.

ISO 31000 Context

ISO 31000:2009 has a strategic focus and the importance of Governance is front and center through out the standard.  The following are a few references:

  • 2.11 internal context‘: internal environment in which the organization seeks to achieve its objectives.  NOTE Internal context can include:
    • governance, organizational structure, roles and accountabilities;
    • ⎯ policies, objectives, and the strategies that are in place to achieve them.
  • 3 Principles‘: a) Risk management creates and protects value.
    • Risk management contributes to the demonstrable achievement of … governance and reputation.
  • 4.3.1 Understanding of the organization and its context‘: Before starting the design and implementation of the framework for managing risk, it is important to evaluate and understand … the organization:
    • governance, organizational structure, roles and accountabilities;
    • capabilities, understood in terms of resources and knowledge.

ISO 31000 Risk Assessment Technique

Measuring the leadership capabilities of your organization can be a delicate matter. What happens if the CEO is a SOB, the CFO a crook or the Deputy Minister a political hack.  Documenting such limitations would be a career limiting move. Assessment techniques could include the following to provide some objective measurements:

  • Anonymous staff surveys.
  • 360 surveys of key leaders.
  • Decision cycle time.
  • Competency assessments for positions relative to the skills of the individuals in the role.

Examples of Risks

Risk Identification: The organization lacks the senior leadership capacity to operate and provide long-term direction for the organization.

Risk Identification: Turn over in the board has reduced capacity to establish organizational direction and planning.

ARM 5 – Planning

The Anti-fragile Risk Management (ARM) Model has seven components; the fifth is Planning.

  1. Purpose: Why Does the Organization Exist, what are its objectives?
  2. People: Does the Organization have adeptness to achieve its objectives?
  3. Process & Plant: Do the People have the right Operational knowledge to operate the systems they are responsible for?
  4. Product: Does the organization have a product or service that the market/society wants?
  5. Planning: Does the organization know how to do Operational and Tactical Planning to sustain or enhance the above?
  6. Governance: Does the organization have the strategic and leadership capacity to Change the Above?
  7. Risk Tested: What identified risks can be used to test the above to ensure they are functioning?

Planning may be a bit misplaced in the following diagram.  Certainly operational planning has an immediate (short-term impact) on risk.  Tactical planning has a longer time horizon.  Irrespective, good planning takes time to ramp up  and then implement the results.

Anti-Fragile Risk Management

Planning: Cliches, Babies and Bath Water

There are numerous maximums and clichés when it comes to planning:

  • Fail to plan, plan to fail.
  • An idea without a plan is a wish, a plan without execution is a good intention, a plan undebriefed is a future lesson to be re-learned.
  • Always plan ahead. It wasn’t raining when Noah built the ark.

Like any cliché, they all have an origin of truth behind them.  Planning is central to risk mitigation; after all someone has to implement changes to mitigate risks.

This ARM Component asks the question, is the organization any good at planning and is it getting better or worse?  The time horizon is purposely non-strategic meaning that the overall objectives or purpose of the organization are assumed to be relatively constant.  Wholesale baby and bath water planning is the next blog on Governance.

Planning to Define Planning Definitions

Sometimes people get in a bit of a muddle when it comes to terms like operations, tactical or strategic.  As a result I am using these definitions (adapted from ITIL) to define these terms (as well as providing a multi-colour visual aide!).

  • Task: takes less than a day or perhaps a few days to complete.
  • Operations: live, ongoing or extending into about a month’s time horizon.
  • Tactical: Medium term plans required to achieve specific objectives, typically over a period of weeks to months but generally a year or less.
  • Strategic: Strategic Activities include Objective setting and long-term Planning to achieve the overall Vision.  At least a year in length and longer.
  • Vision/Purpose: A description of what the Organisation intends to become in the future.

ITIL Based Planning Time Horizons

ARM’s Length Definition

After that little definition interlude – back to the main definition for this ARM component: What is the organization’s ability to identify, prioritize, initiate, monitor, close and learn from its planning activities through the operational and tactical time frames?

Why Does this Matter

The whole point of a risk management process is to ultimately mitigate risks to an organization.  Invariably the organization will need to make at least minor adjustments to its operations, implement new processes to sustain its products or react to an external event (e.g. change in legislation, market turmoil, social disorder, etc.)  The better, faster and more efficiently it can carry out these changes – and learn from its mistakes in the process – the sooner it can get back to normal (errr, assuming such a state exists).

ISO 31000 Context

ISO 31000:2009 Principles and Guidelines contains numerous references and entreaties to the organization not to separate the risk management and organizational planning functions.  The following one example:

  • 3 Principles
    • b) Risk management is an integral part of all organizational processes.
      Risk management is not a stand-alone activity that is separate from the main activities and processes of the organization. Risk management is part of the responsibilities of management and an integral part of all organizational processes, including strategic planning and all project and change management processes.
    • c) Risk management is part of decision making.Risk management helps decision makers make informed choices, prioritize actions and distinguish
      among alternative courses of action.

ISO 31000 Risk Assessment Technique

Assessing an organization’s planning capacity is difficult but it can be measured indirectly.  Unfortunately the methods discussed in ISO 31010 Risk Assessment Techniques are of limited use (although they augment the analysis from the methods discussed below).  As a results, methods to measure planning capacity could include:

  • Budget cycle: how long does it take for the annual budget process, bonus points for continuous budgeting.
  • Capital planning cycle: ditto to budget.
  • New Market Uptake: how quickly has your organization being able to extend, re-position or create a whole new market for its products.
  • Response to the last emergency: how well did the organization respond to the last unplanned thing (outage, break in, flood, fire, hack, etc.).  How much faster could the response have been.
  • Disaster Planning: ditto to the above but under a controlled scenario.
  • Initiative List: Does an organization know what is in the hopper for its operational and tactical activities, can it effectively prioritize them without forcing its people to engage in Guerrilla Management?
  • Approval Cycle Time: If the organization does have a list of innitiatives, how long is the cycle time to approve the activities?

Examples of Risk Tests and Mitigation

Risk Identification: A request for a sudden and one time increase in a product to meet the unexpected demand of a customer.

  • Evaluation/Analysis: W.E. Coyote Corp has requested a large order of widgets to meet an unexpected demand.  Can ACME corporation ramp up production to meet this one time need for widgets.
  • Stakeholders: ACME Corporation, W.E. Coyote, current customers, staff.
  • Measure: The ability to meet unexpected sales or alternatively lost sales due to lack of operational and planning capacity.

Risk Identification: A northern city in Widget-land is threatened by Wildfires.

  • Evaluation/Analysis: How quickly can the Government of Widget-land mount a response to a rapidly changing wildfire scenario (or other disaster) that threatens are large population.
  • Stakeholders: Government of Widget-land, affected residents, citizens.
  • Measure/Example: Time to respond, scope of the response, comparison of times and effort .

ARM 4 – Product

The Anti-fragile Risk Management (ARM) Model has seven components; the fourth is Product.

  1. Purpose: Why Does the Organization Exist, what are its objectives?
  2. People: Does the Organization have adeptness to achieve its objectives?
  3. Process & Plant: Do the People have the right Operational knowledge to operate the systems they are responsible for?
  4. Product: Does the organization have a product or service that the market/society wants?
  5. Planning: Does the organization know how to do Operational and Tactical Planning to sustain or enhance the above?
  6. Governance: Does the organization have the strategic and leadership capacity to Change the Above?
  7. Risk Tested: What identified risks can be used to test the above to ensure they are functioning?

Bringing a product or service to market can take seconds (if you are Amazon.com) to decades (if you are a drug company).

Anti-Fragile Risk Management Component Product impacts risks/opportunity in a medium term time frame.

Product: A product or service that the market/society wants?

On the one hand it may seem that this component is covered in prior ARM considerations such as Purpose, People or Process & Plant.  However, despite a good organization vision, fantastic staff and excellent processes – an organization’s product may still not sell.

The profit motive focuses the mind on which widget to sell or whether or not to exit a dying industry in a timely manner (with notable exceptions such Kodak).  Unfortunately for the volunteer and government sectors such signals may be less clear and as a result a decision to abandon a service, program or cause may be more difficult to make with vocal consumers of the service demanding its continuation at any price.  Governments in particular are at risk and may trudge on providing services rather than upset a  small but vocal minority.

ARM’s Length Definition

The ARM definition is simple to state but may be extremely complex and fickle to measure or plan for (ask your nearest Marketing professional how well they sleep the night before their next product launch): Does the organization have a product or service that the market/society wants and is this product the best way for the organization to use its resources to achieve its objectives?

Why Does this Matter

In a word, ‘cash-flow’.  Okay that is two words but it still is the biggest risk criteria.  If no one is buying your products – that risk trumps all.  If taxpayers are revolting because they do not see the value in the services being provided – that risk could be a change of government.  If donors have left in droves because you no longer speak to their social conscious – you got a big problem.

ISO 31000 Context

ISO 31000:2009 Principles and Guidelines references an organization’s products or services in with its overall risk management consideration.  In section ‘3 Principles‘, the principle that risk management exists to create and protect value is highlighted including contributing to organizational performance and product quality.  Section ‘2.10, external context‘ alludes to but does not overtly discuss the role of having viable products and services.

ISO 31000 Risk Assessment Technique

The methods discussed in ISO 31010 Risk Assessment Techniques can be used indirectly to estimate the viability of a product or service.  For the for-profit sector a good cost accounting system and an understanding of organizational brand or inter-relationship of one’s products in the market place is important.  For the volunteer or government sectors, detailed statistical analysis may give the reality or at least the illusion of evidence based decision making.  Ultimately, the final decision to provide, rescind or change a product is often political or socially driven – and thus the profound risk to these organizations.

Examples of Risk Tests and Mitigation

Risk Identification: The market for and profitability of widgets, ACME Corps primary product, is shrinking over the next five years.

  • Evaluation/Analysis: Relative unit profitability for each widget is declining and will continue to do so with foreign competitors entering the market and the ability to download for free widgets.
  • Stakeholders: Shareholders, ACME Corporation, current customers.
  • Measure: Direct and indirect unit cost as compared to price of the widgets, recent and anticipated sales volumes.
  • Example: A Delphi review was done in which future demand for widgets was estimated by leading industry experts.  This survey estimated a 50% decline in widget consumption over the next 5 years.

Risk Identification: The Widget subsidy program is now consuming 25% of all government revenues and is expected to climb to 300% in ten years.

  • Evaluation/Analysis: Due to an aging widget consuming population and generous allowance to purchase widgets, the Widget Subsidy Program is consuming an inordinate amount of current government revenues.  As the population ages, this proportion is expected to double each year over the next ten years.  Riots have already occurred in some cities of Widget-land in response to rumors of a reduction in Widget subsidies.
  • Stakeholders: Government of Widget-land, taxpayers, widget consuming seniors.
  • Measure/Example: Number of widgets consumed per capita, the widget subsidy as a proportion of all tax revenue.

ARM 3 – Process and Plant

The Anti-fragile Risk Management (ARM) Model has seven components; the third is Process & Plant.

  1. Purpose: Why Does the Organization Exist, what are its objectives?
  2. People: Does the Organization have adeptness to achieve its objectives?
  3. Process & Plant: Do the People have the right Operational knowledge to operate the systems they are responsible for?
  4. Product: Does the organization have a product or service that the market/society wants?
  5. Planning: Does the organization know how to do Operational and Tactical Planning to sustain or enhance the above?
  6. Governance: Does the organization have the strategic and leadership capacity to Change the Above?
  7. Risk Tested: What identified risks can be used to test the above to ensure they are functioning?

Changing process, buying machinery, installing software – these all take time which is why the ARM Component People & Plant has a medium term impact.  While your staff may be constantly on the look out for risk/opportunity it takes longer to give them systems, procedures or policies when things change.  This is demonstrated in the following diagram.

Changes to Process & Plant takes a little longer to take effective and support Anti-Fragile Risk Management.

Process: Knowledge to operate the systems?

The story so far is that an organization has discovered its Purpose, hired the right People and now needs to know what the heck these people are doing and are they doing it right!  The following are all examples of organizational plant and equipment. Each one requires knowledge of how to operate it through procedures, policy and of course organizational adeptness:

  • Machinery, buildings and land.
  • Computers, firewalls, networks.
  • Patents, rights, licenses and royalty agreements.

There are LOTS of books on not only risk relative to process but also on how to manage process.  Certainly one of the grand-daddies is the now classic ‘Balance Score Scorecard‘ by Kaplan and Nolan.  It introduces the concept of segregating (and measuring through key metrics) the business into four areas: finance, internal business, learning & growth and the customer.

No matter how your slice and dice your processes, this deductive process is the core of traditional risk management.  For Risk X, what process Y or asset Z is going to protect or mitigate the risk?

This ARM is Brought To You by Organizational Biology

Process & plant are all things you can drop on your foot or print off and drop on your foot.  Collectively all this foot dropping is called ‘Mass’ which brings us to our sponsor… ‘Organizational Biology‘ which describes how organizations work.  In a nutshell, organizations are composed of two parts, Mass and Adeptness:

Mass are the physical elements of an organization such as machinery, land, as well as intangibles such as patents and policies and procedures.  Adeptness is an ephemeral quality by which humans apply mass toward an organizational objective. For example, it can be the culture or gestalt that makes an organization attractive (or not) to work for and be associated with.

ARM’s Length Definition and Why Does this Matter?

The ARM definition for Process-Plant Component is: does the organizational have the tools to complete its objectives and do the people know how to properly use the tools?

This component strives to understand ‘How and What‘ processes an organization is engaged in and ‘Where‘ are the integration points between these processes.  A good first start is a listing of business functions that support an organization’s products and services (more on this in the next blog).  Quality processes will further define and articulate the business processes down to the point in which your staff are heartily sick and tired of being ISO-9001-compliant.

In other words, by spending time and effort on this ARM component, process and plant, the organization can better understand how its people are achieving the organizational purpose to deliver products and services.

ISO 31000 Context and Its Risk Assessment Techniques

ISO 31000:2009 Principles and Guidelines is full of managing process and plant including the following:

  • Section ‘2.11, internal context‘:
    • Policies, objectives, and the strategies that are in place to achieve them;
    • Information systems, information flows and decision-making processes (both formal and informal);
    • Standards, guidelines and models adopted by the organization; and
    • Form and extent of contractual relationships.
  • Section ‘3 Principles‘:
    • b) Risk management is an integral part of all organizational processes.
    • Risk management is not a stand-alone activity that is separate from the main activities and processes of the organization.
    • Risk management is part of the responsibilities of management and an integral part of all organizational processes, including strategic planning and all project and change management processes.
  • Section ‘4 Framework – 4.3.4 Integration into organizational processes’:
    • Risk management should be embedded in all the organization’s practices and processes in a way that it is relevant, effective and efficient.
    • The risk management process should become part of, and not separate from, those organizational processes.

Most of the ISO 31010 Risk Assessment Techniques can be used to estimate the impact of process and plan on risk.

Examples of Risk Tests and Mitigation

Risk Identification: Does the organization understand its internal business processes?

  • Evaluation/Analysis: It is not clear what functions staff are doing and how the contribute to the final product.  Staff claim to be very busy but the exact work tasks, the relative importance to organization objectives and authorization to complete them is unclear.
  • Stakeholders: Staff, contractors, management, the board.
  • Measure: Identify high level business functions, staff time reporting, production cycle time.
  • Example: Within the Ministry of Widgets, there is a constant request for more staff and contractors.  However the Deputy Minister is not quite sure what all his staff ‘do’.  Key services are identified and business functions are mapped to these services to determine which activities are of highest priority and which can be stopped, scaled back, outsourced or deferred.

ARM 2 – People

This blog dives into the second component of the Anti-fragile Risk Management (ARM) Model: People.  As a refresher, ARM has these risk mitigation components:

  1. Purpose: Why Does the Organization Exist, what are its objectives?
  2. People: Does the Organization have adeptness to achieve its objectives?
  3. Process & Plant: Do the People have the right Operational knowledge to operate the systems they are responsible for?
  4. Product: Does the organization have a product or service that the market/society wants?
  5. Planning: Does the organization know how to do Operational and Tactical Planning to sustain or enhance the above?
  6. Governance: Does the organization have the strategic and leadership capacity to Change the Above?
  7. Risk Tested: What identified risks can be used to test the above to ensure they are functioning?

Each of these components impact the organization on a continuous (short term) or periodic (medium to long term) basis.  The People component is considered short term. That is it is your staff, volunteers, contractors, etc. who are on the front line mitigating risks or capitalizing on opportunities.  Another reason to include the ARM risk component of People here is that things such as trust, loyalty or affiliation take years to grow and a very short period of time to destroy.

The ARM Component ‘People’ is on the front line of Anti-Fragile Risk Management and thus has a short term focus.

People:  Does the Organization have adeptness to achieve its objectives?

Until the robot overlords force us all into the Matrix, People will be the second greatest risk/opportunity/uncertainty for organizations.  An example is the following classic cartoon that gets right to the heart of matter of cyber-security.  No matter how good the investments in technology human ineptness, malevolence or ignorance rules!

Cyber Security versus Dave (copyright and restrictions may apply)

This ARM is Brought To You by Organizational Biology

The name of this site is ‘Organizational Biology‘ which is my mental model to describe how organizations work.  In a nutshell, Organizations are composed of two parts, Mass and adeptness:

Mass are the physical elements of an organization such as machinery, land, as well as intangibles such as patents and policies and procedures.  Adeptness is an ephemeral quality by which humans apply mass toward an organizational objective. For example, it can be the culture or gestalt that makes an organization attractive (or not) to work for and be associated with.

Mass will be discussed more in the next blog when Process and Plant is considered. ‘People’ considers many different facets of organizational adeptness ranging from the board room to the shop floor and from the heart to the brains of the employee/volunteer.

Measuring Adeptness (NOT!)

Unfortunately adeptness cannot be directly measured because as soon as you can quantify adeptness it becomes mass.  Here is an example:

A master craftsman uses decades of experience to precisely machine a part.  He is adept in this task .

The moment the craftsman’s knowledge and experience is transferred to a computer program those same actions become mass (the computer, software, machinery, etc.). Beyond experience, adeptness includes innovation, creativity, informal communication, trust, loyalty, elan, esprit de corps and countless other adjectives that affiliation and organization pride.  Of course adeptness also includes the negatives of all of these attributes (e.g. stifled creativity, poor communication, hostility, disengagement, etc.).  Adeptness is not without its dark-side either as it can also lead to group think and conformity (read more on this in a healthcare context in my blog, the Healthcare Ethos).

Good, bad, light or dark – adeptness cannot be directly measured but it can be indirectly estimated through:

  • Organizational success (e.g. profitability).
  • Low staff, volunteer or contractor turn-over.
  • Social standing in a community.
  • Trust quotient or Metric.
  • Leadership and followership capacity/effectiveness.
  • Training and capabilities of staff, etc.
  • Organizational loyalty or affiliation.

ARM’s Length Definition

The ARM definition for the People-Risk Component is: does the organizational have the adeptness (people) capacity to carry out the objectives of the organization? 

Why Does this Matter and ISO 31000 Context

Organizational Objectives are completed by People (robot overlords notwithstanding) and risk often boils down to human error.  ISO 31000 alludes to adeptness.  For example the following extracts is from ISO 31000:2009 Principles and Guidelines:

  • Section ‘2.11, internal context‘:
    • The capabilities, understood in terms of resources and knowledge (e.g. capital, time, people, processes, systems and technologies);
    • Information systems, information flows and decision-making processes (both formal and informal); [editors note, emphasis added]
    • Relationships with, and perceptions and values of, internal stakeholders;
    • The organization’s culture
  • Section ‘3.h) Principles‘:
    • Risk management takes human and cultural factors into account.
    • Risk management recognizes the capabilities, perceptions and intentions of external and internal people that can facilitate or hinder achievement of the organization’s objectives.

ISO 31000 Risk Assessment Technique

Most of the ISO 31010 Risk Assessment Techniques can be used to estimate the impact of people on risk although Human Reliability Analysis certainly is much more focused on this one particular ARM.

Examples of Risk Tests and Mitigation

Risk Identification: The organization is unable to attract and retain quality employees (or contractors/volunteers).

  • Evaluation/Analysis: Despite a supply orientated labour market, the organization has trouble recruiting suitable candidates.  Once recruited, turn over is high and the organization is constantly re-training staff.  As well, staff are poorly motivated and require constantly motivation, supervision and direction.
  • Stakeholders: Executives, board (minister), customers (clients), management, staff (volunteers), regulator, etc.
  • Measure: staff retention, turn over analysis, employee satisfaction surveys.
  • Example: the industry average staff turn over for the qualified widget assemblers is 5-10% pa.  The organization’s turn over for assemblers is 50-75% pa.

Risk Identification: The organization lacks the management and leadership experience to enter into new markets.

  • Evaluation/Analysis: The experience and capabilities of management has focused on widget-exploration and there is little to no experience in widget refining – a key strategic objective of the organization.
  • Stakeholders: Executives, board (minister), regulator, etc..
  • Measure: Years of related experience in a particular expertise area on the part of all Directors and above.  Trust quotient on the part of staff in management.
  • Example: A survey or interview with the following question: ‘Describe your direct operational or management experience in the following business areas:’
    • Widget exploration: 1 – none… 5-ten or more years.
    • Widget transportation: 1 – none… 5-ten or more years.
    • Widget refining: 1 – none… 5-ten or more years.
    • Widget retailing: 1 – none… 5-ten or more years.

ARM 1 – Purpose

This blog dives into the first of the component of the Seven ARMed Organization: of the Anti-fragile Risk Management (ARM) Model: Purpose.  As a refresher, ARM has risk mitigation components:

  1. Purpose: Why Does the Organization Exist, what are its objectives?
  2. People: Does the Organization have adeptness to achieve its objectives?
  3. Process & Plant: Do the People have the right Operational knowledge to operate the systems they are responsible for?
  4. Product: Does the organization have a product or service that the market/society wants?
  5. Planning: Does the organization know how to do Operational and Tactical Planning to sustain or enhance the above?
  6. Governance: Does the organization have the strategic and leadership capacity to Change the Above?
  7. Risk Tested: What identified risks can be used to test the above to ensure they are functioning?

Each of these components impact the organization on a continuous (short term) or periodic (medium to long term) basis.  Purpose holds an unusual spot in that it is both enduring (very long term) and something that directly influences the next ARM risk component, People.  This is demonstrated in the following diagram.

Anti-Fragile Risk Management

 

Purpose: Why Does the Organization Exist, what are its objectives?

Let’s face it, if an organization has not nailed this one – even a little – it has MUCH bigger problems.  This component is also directly linked to ISO 31000 in which risk is defined as:

  • effect of uncertainty on objectives‘.
  • Objectives can have different aspects (such as financial, health and safety, and environmental goals) and can apply at different levels (such as strategic, organization-wide, project, product and process)’. [1]

ARM’s Length Definition

At this point I am hearing a collective groan of having to sit through another Mission Statement and Visioning death march…. groannnnn.  Don’t worry, my ARM definition for this is simply this: is there a consistent and wide spread understanding of what the organization does?  Widespread is both top-down and inside-out.

Why Does this Matter

Numerous great thinkers have expressed this concept in different ways.  Stephen Covey discussed it as ‘begin with the end in mind (habit 2)’.  Jim C. Collins described it as getting people on the bus (next component) and figuring out where you want to go in his book Good to Great.  The key thing is that the objective builds affiliation and belonging.  It is easier to motivate, communicate, control, command and reward people if there is a clear end state.

Just as important, it is easier to change to a different purposes if you know what your current purpose is.  If not, you may discover that you never stop doing things and your purpose gets increasingly diluted in a grey-goo of good intentions.

A lack of purpose is the greatest threat (risk) to an organization and a clear and focused purpose is the greatest benefit (opportunity) to an organization.

ISO 31000 Risk Assessment Technique

ISO 31010 Risk Assessment Techniques lists methods from brain storming to sophisticated statistical analysis on how to evaluate and analyze risks.  Interestingly there is not a specific technique relating to answering the fundamental question, does the organization have the right objectives?  Certainly a number of the 31010 techniques can be pressed into service however, including good old brain storming.  Others noted below are Delphi, interviews and surveys.

Examples of Risk Tests and Mitigation

Risk Identification: The organization lacks a clear definition of its purpose in the [market place, government services, volunteer/social space].

  • Evaluation/Analysis: What do the following stakeholders think the organization’s purpose is and measure the relative deviation between them.
  • Stakeholders: Executives, board (minister), customers (clients), management, staff (volunteers), regulator, etc.
  • Measure: perhaps a sliding scale test on a number of measures.  Use statistical analysis (e.g. R Value) to measure relative differences between pairs or all-purpose statements.
  • Example: which of the following statements best exemplifies the role of the Minister of Widgets in the managing the affairs of Widgetland (1 = No Role and 5 = Central or core to the Ministry’s mandate):
    • Fund Widget Research and Development (1…5)
    • Regulate the use of Widgets in the home (1…5)
    • Provide education to children on safe widget use (1…5)

Risk Identification: The organization is engaged in activities or product lines it should shed.  For example it continues to run a data center despite the ability to purchase this service cheaply and reliably from the market place.  This risk builds on the above assessment but with a focus on what the organization should stop doing (as well, see my blog: Can We Stop and Define Stop).

  • Evaluation/Analysis: Using a Delphi’esque what business functions of the organization should it keep or divest.
  • Participants: Executives, board (minister), customers (clients), management, staff (volunteers), regulator, etc.
  • Measure: a listing of key business functions with a requirement rank them or identify whether the organization should Build, Hold, Evaluate, Divest.
  • Example: The Widget Corporation has identified 10 key product lines and support functions.  You have been asked to rank them according to the following measures: a) invest and expand; b) hold and monitor; c) carefully evaluate for potential hold/divestment; d) divest/buy in the market place; and e) I really do not know.  You must apply ‘a) – d)’ at twice to the following ten lines/functions and you can only apply ‘e)’ once.
    • Product Line A: Widget-exploration.
    • Product Line B: Widget-transportation
    • Product Line C: Widget-refinement and conversion to products
    • Product Line F: Widget Real Estate Holdings
    • Function: Information Technology to Support the Above
    • Function: Real Estate Management
    • Function: Human Resources
    • Function: Supply Chain Management

Seven ARM Components

This is an overview my thoughts on Risk Management.  Part I, “Guns, Telephone Books and Risk” discussed Risk Management as long lists of things that will never happen. Part II, “Anti-Fragile Risk Management” considered the concept of Anti-fragility in a risk management concept (ARM).  This included an overview of ISO 31000 – Risk Management.  The second blog also introduced the Seven ARMed Organization.  That is an organization that has mastered these risk mitigation components:

  1. Purpose: Why Does the Organization Exist, what are its objectives?
  2. People: Does the Organization have adeptness to achieve its objectives?
  3. Process & Plant: Do the People have the right Operational knowledge to operate the systems they are responsible for?
  4. Product: Does the organization have a product or service that the market/society wants?
  5. Planning: Does the organization know how to do Operational and Tactical Planning to sustain or enhance the above?
  6. Governance: Does the organization have the strategic and leadership capacity to Change the Above?
  7. Risk Tested: What identified risks can be used to test the above to ensure they are functioning?

No Ordinary Ordinality

The Seven Components of ARM can be managed and worked on in parallel but there is a method in the selection of the order they are presented.  If an organization does not have number 1 (objectives) at least started or well in hand component 2 (people) and onward becomes much more difficult.

Number 6 (governance) may surprise some people with its placement.  From a Risk Management perspective, Governance has little impact on day to day risks.  This is not to dismiss or discount it – but to put it into context that it has longer term or enduring impact as opposed to being a short term influence on risk management.  This concept is demonstrated in the following diagram.

Anti-Fragile Risk Management

No Business Gurus Were Harmed in the Making of this Blog

The first six components have been fodder for a whole flotsam of business books.  My focus will be to provide a high level explanation of why I included the component and answer the question why this component is important from a Risk Management perspective.

A Dive into the Pits of the Seven ARMs

The next series of blogs will consider each of the Seven ARMs in a bit more detail.  At a minimum I would like to consider:

  • The definition of each of the ARMs.
  • Its linkage (if at all) to ISO 31000.
  • Why is the ARM important?
  • Example of Risks and Mitigation particular to this ARM Component.

Anti-Fragile Risk Management (ARM)

This is part two of my thoughts on Risk Management.  Part I, “Guns, Telephone Books and Risk” focused on the problem of creating long lists of things that will (may) never happen.

ISO 31000 to the Rescue!

Risk management (RM) has become standard fare for most organizations.  To support these efforts, in 2009 the International Standards Organization (ISO) issued ISO 31000 Risk management – Principles and guidelines.  A pretty good standard for the following reasons:

  1. Recognition that uncertainty (aka risk) has both positive and negative consequences.
  2. The impact of uncertainty is the inability to execute on organizational objectives.
  3. Risk is organization-centric based on its particular legal, societal, cultural, technical, ‘etc.-al‘ circumstances.
  4. RM is integral to an organization rather than an isolated activity.

ISO 31000 – The Same Problem

In ISO 31000 the steps are: 1) identifying risks, 2) Analyze the Risks, 3) Evaluate the Risks (these are all part of Risk Assessment, ISO step 5.4) and then finally 4) Treat the Risk (the right hand column of the following graphic).

ISO 31000 Framework Courtesy of the Victoria (Australia) State Government; SWER 2010.

Unfortunately this is where ISO 31000 fails; would it not be better to start with Risk Mitigation and then use the compendium of risks to test the organization’s ability to weather the uncertainties when they occur?  This ‘turned on its head‘ methodology is what I call ‘Anti-Fragile Risk Management‘ or ARM.

Anti-Fragile Risk Management (ARM)

In his book, ‘Antifragile: Things that Gain from Disorder‘, Nicholas Taleb introduces the concept which can be summarized as follows:

Anti-fragility is a property of systems that increase in capability, resilience, or robustness as a result of stressors, shocks, volatility, noise, mistakes, faults, attacks, or failures. [Wikipedia]

Ecosystems and biological things (such as your bones or your heart) need continuous mild stress to stay healthy.  A sea wall is robust but ultimately each successive ocean wave incrementally destroys it; the wall is robust but ultimately fragile.  A tide pool colony needs each successive wave to bring in new nutrients, remove more feeble members and, yes, sometime even bring in destructive predators; it is anti-fragile.

In 2016 I introduced the idea of ‘Anti-fragile Strategic Planning‘ including suggesting that Taleb was a bit too absolute with his dismissal of art of planning.  ARM is effectively a continuation or an element of overall Anti-fragile Strategic Planning including having the following four attributes or maxims:

  1. Do No Harm: Makes the organization no worse off than as if no RM activities had occurred.
    1. This includes ensuring that the RM process has delivered value for money.
    2. Like insurance, this may be difficult to quantify other than convincing senior leadership of the value of piece of mind.
  2. Core Competencies: Ensures the organization is getting better at its core business(es).  Conversely, the organization is shedding businesses that they should no longer be involved in.
    1. This is well articulated initially in ISO 31000 but then quickly seems to get lost as the standard moves into designing a RM framework and process.
    2. Are we in the right business or do we continue to provide these services to our citizens given their costs are the ultimate RM questions.
  3. Creating a Sustainable Organization: Describes the known-known changes facing the organization and ensures it has the capacity to weather all but large-scale unpredictable and irregular (Black Swan) events.
    1. This places risk mitigation at the forefront.  The organization will need to manage risks it likely can not predicted.  Its robustness and resiliency allows it to absorb or exploit events.
    2. A risk list (telephone book’esque or otherwise) provides an excellent training/ testing tool to assist an organization to develop change-muscle-memory.
  4. Balanced Scorecard: Identifies long-term outcomes, implementation plans to achieve these outcomes and short-term milestones to monitor their execution – but only after the above maxims have been satisfied.
    1. One critical metric is the scorecard is the measured and perceived ‘robustness and resiliency’ of the organization.
    2. Scorecards and strategic plans inherently make the organization Anti-fragile. Nevertheless an organization needs some direction and operational/tactical planning.
    3. The previous 3 maxims will allow the organization to quickly shed and change scorecard entries as changes in fortune dictates.

ARM Overview

At this point you may be scratching your head wondering how you can treat a risk if you don’t know what it is?  The answer is that most risk an organization faces is already being treated without its explicit identification.  Your web presence is constantly being tested by hackers, your employees handling cash or cutting purchase orders always have an ever so slight temptation to line their pockets.  The launch of your next product line (or continuation of an existing service/product) is also fraught with unknowns.

Perhaps you hire white hats to test your web security, have good segregation of duties to manage fraud or you have completed a formal risk assessment before introducing a line of children lawn darts.  More than likely many of the risks are mitigated through trust worthy people, good training, systems, operational procedures, planning and good old fashion luck.  These and a myriad of other things are an organization’s response to risks and they make an organization more (or in their absence) less robust, resilient and risk proof.

ARM is that simple.  It is the listing of the implicit and explicit things an organization does to exploit/manage uncertainty (risk).  This robustness/resiliency is then periodically tested through a formal RM program.

An ARMed ISO 31000

ARM and ISO 31000 are entirely compatible even if ARM slightly adjusts the sequences of risk steps.  Section 4, Framework, in ISO 31000:2009 Principles and Guidelines includes component ‘4.3.4 Integration into organizational processes’ with the following attributes or advise for creating a risk management program in an organization:

  • Risk management should be embedded in all the organization’s practices and processes in a way that it is relevant, effective and efficient.
  • The risk management process should become part of, and not separate from,
    those organizational processes.
  • In particular, risk management should be embedded into the policy development, business and strategic planning and review, and change management processes.
  • There should be an organization-wide risk management plan to ensure that the risk management policy is implemented and that risk management is embedded in all of the organization’s practices and processes.
  • The risk management plan can be integrated into other organizational plans, such as a strategic plan.

Seven ARMed Organization and the Next Blog

The good news is that rather than running a RM program in isolation ARM is integral to the organization.  The bad news is that it takes work to integrate anti-fragile behaviour so as to be robust or resilient.  Integration involves the following seven steps:

  1. Purpose: Why Does the Organization Exist, what are its objectives?
  2. People: Does the Organization have adeptness to achieve its objectives?
  3. Process & Plant: Do the People have the right Operational knowledge to operate the systems they are responsible for?
  4. Product: Does the organization have a product or service that the market/society wants?
  5. Planning: Does the organization know how to do Operational and Tactical Planning to sustain or enhance the above?
  6. Governance: Does the organization have the strategic and leadership capacity to Change the Above?
  7. Risk Tested: What identified risks can be used to test the above to ensure they are functioning?

Each of the seven steps will be discussed in future blogs in greater detail.

Guns, Telephone Books and Risk?

At work I have been given the task of implementing a risk management strategy for an IT department.  The problem is that I am not convinced that Risk Management adds much value to organizations.  To be clear, I am all for pondering and evaluating risks when making decisions.  After all, if you are currently an adult, you are likely an expert on Risk Management having survived your childhood or possibly that first year of college (just saying).

Gun Shy of Risk Management

My point is that I am not a huge fan of is the Risk Management process.  I have worked for a few organizations in which Risk Management became a bit of a fad and organizational resources were poured into a very comprehensive list of risks.  The list was a fascinating read and many could have been the basis for either a cheap thriller or space-cowboy science fiction book.  Generally though, these lists were a compendium of obvious things covered by a few good operational plans or a comprehensive list of things that in all likelihood would never come to pass.

Once these telephone book’esque lists of risks were compiled, they were dumped on some poor unsuspecting line manager.  Called the risk owner, this poor sod now had to develop a treatise on how he or she would react to a cornucopia of risks.   The smart manager would generally set the telephone-book of risks to one side and get on with their day job… hoping the Risk Management fad had passed before they were asked for their response.

Audit Fodder

Of course auditors love risk management.  If auditors can’t find something juicy in the operations of an organization they know they can always get an observation or recommendation from criticizing the risk management process.  This is because no list of risks is ever complete; there can always be one more entry added.  The auditor can also examine the events affecting an organization over the past year.  In all likelihood an untoward event that occurred was not precisely described in the telephone book.  At this point the auditor shouts with glee: ‘AH-HA, your risk management process is flawed, pour more resources into it so I can make more observations next year! BRUHAHAH.. Cough, sputter…

Why is Risk Management so Hard?

Okay, I am being a bit harsh on auditors (some of my best friends are recovering auditors). So why is risk management so hard and why does it add so little value?  I have a few thoughts on why Risk Lists is an enumeration things that will never occur:

  • Identification is Mitigation:
    • Simply identifying a risk can help to mitigated the risk.
    • In economics this is known as the efficient information model meaning the organization has internalized and corrected for the risk – good Risk Management in action!
    • Example: cash controls are deemed a risk and internal controls are beefed up such that theft or fraud are no longer likely risks.
  • Easter Egg Effect
    • This effect states that if you tell a person that there are ‘X’ number of things, they will stop looking once they find that number.
    • In the same way, an organization may look at an ever growing list of risks and at some point say ‘that is good enough’.
    • As a result, an organization may have a beefy telephone book of lists which have low likelihood or occurance or of poor predictive power .
  • Post-Diction Focus:
    • Nicholas Taleb [see further reading section below] introduced the concept of ‘post-diction’ which is a play on the concept of prediction.
    • The ability to predict the occurrence of a past event improves after the event has occurred.  Post-diction is the certainty an individual or organization did in fact PREDICT something in retrospect.
    • This gives the organization an impression that it has better predictive powers than it really does have.
  • The Past as a Guide to the Future:
    • While one does not want to be doomed to repeat past mistakes by not reading history, the reality is that the past has only limited predictive power.
    • Certainly there are themes from the past that are enduring and can be used in the future.
    • Examples:
      • Given opportunity, even the most honest person may be tempted to steal if they believe the chances of being caught is nominal.
      • Eventually your organization will be hacked, cyber-ransomed or be a victim of a denial of service act if you have an online presence.
  • Social Blindness:
    • Risk identification can be politically or social driven/influenced.
    • Thus a risk may be ignored because of organizational desire to align with social norms.
    • In early September 2001, an organization renting real estate in the New York Trade Center would be disinclined to consider listing a catastrophic attack by Islamic extremists as a potential risk so as to not be accused of being Islamophobes.
  • Black Swan Events
    • Returning to Taleb, the risks that will have the greatest impact on your organization are by definition unpredictable.
    • Called Black Swans, they have are a positive or negative significant event that creates enormous upheaval in an eco-system.  Think of a comet striking the earth or the 2008 financial melt down.
      • Events that are extreme, unknown and very improbable (according to our current knowledge)”; adapted from p.xxvii, The Black Swan: The Impact of the Highly Improbable, Nassim Nicholas Taleb, 2007.

Can Risk Management Be Value Added?

In general, can Risk Management add value?  Absolutely, evaluating risk is an inherent human trait; we are constantly calculating and estimating risk to our advantage. The fact that we are here shows its evolutionary success.

However, for organizations, I am proposing a strategy called ‘Anti-Fragile Risk Management‘ or ARM.  This concept builds on the ideas in my 2016 article, Anti-fragile Strategic Planning and builds on ISO 31000 – Risk Management.

Further Reading:

  1. Anti-fragile Strategic Planning, FMI Journal January 2016; Frank Potter.
  2. Managing Risks: A New Framework, HBR June 2012; Robert S. Kaplan, Anette Mikes.