The risk of not understanding what risk means - everybody wants 100% risk-free, which is neither possible nor desirirable

Written By:
Content Copyright © 2016 Bloor. All Rights Reserved.
Also posted on: The Norfolk Punt

I was amused – and saddened – by this story. An American mother, in order to protect her family from a largely imaginary (even in America), but perceived as real and immediate, threat, arms herself (“my right to protect my child trumps your fear of my gun”). Her 4 year old son picks up a 45mm handgun in the family car and shoots his mother in the back. A graphic illustration of poor risk management – I believe that the stats (see here or here) indicate that the biggest risk to gun-owning families may come from gun ownership. But, as this mother might say, “my right to be paranoid trumps your common-sense”.

The inability to understand and manage risk is much more general than this. I think, for example, that CIOs should be examining the risks around Britain leaving the EU – to give just one example, what happens to compliance with EU data protection laws, for companies trading in the EU, if their UK data centre suddenly isn’t in the EU any more. I have no real idea – perhaps you should be expecting your analytics platforms to help you formulate some “actionable insights” in this area, for yourself – but I’d think it was worth thinking about, at least (it’s, fundamentally, a governance issue); and I suspect that any resolution won’t be immediate.

As Mark Carney found out, pointing out that risk management is necessary, will lead lots of people to now assume that I’m against leaving the EU and think that maintaining the status quo is risk-free. As it happens, the first is true but the second isn’t. There is always a risk associated with maintaining the status quo; risk management is about balancing this risk against the risk associated with other choices – and high risk is often an opportunity for high profit.

Nevertheless, whether you want Britain in or out of the EU, I find it very hard not to see the question of exiting the EU as a very large domestic risk factor – using a technical definition of “risk”. Pointing this out need NOT be saying that you shouldn’t do it. Every action has an associated risk; if leaving the EU is a good idea, exploiting that risk for innovation will be why. But pretending that there is no risk, associated with both staying in and getting out, would be stupid, in my opinion. Following the status quo is NOT risk-free; neither is replacing the status quo with something different.

I think that pointing this out is part of the job of the Director of the Bank of England – and I don’t recall him saying that we should or shouldn’t leave, just that the possibility of exit is a major domestic risk factor. Which it is, and one that CIOs (and CEOs) should be thinking about, because it may have impacts for their automated systems.