We should embrace risks, not avoid them
Risk management also means learning to deal with uncertainties. In antifragile organizations, for example, risks and unexpected events are ingredients that make the organization stronger, Arco van de Ven writes in this column.
That which does not kill me makes me stronger ("Was mich nicht umbringt, macht mich stärker.").This quote from Friedrich Nietzsche gives us a totally different perspective on the risk phenomenon. In our risk-ridden society, risk often equals something we should avoid. Risk is seen as something negative. A culprit is sought for everything that goes wrong. You can already hear the politicians say: this must never happen again. The so-called Risk Regulation Reflex leads to the introduction of new regulations, structures, and extra supervision to prevent financial and social damage in the future.
We, of course, all know that this is impossible. The future is unpredictable and the behavior of those involved in implementing those measures is always different from what had been expected. But if unanticipated events occur again, even after all the measures have been taken, then there will be a call for better risk management. It must never happen again and we must act vigorously with new regulations, structures, and supervision.
Looking for risks
But are risks always a negative phenomenon? Should we not encourage risk-seeking? Encourage, yes, you read that right. Should we not take more rather than fewer risks? After all, we already know that bigger risks can lead to higher yields. And the quote from Nietzsche suggests that setbacks can often have a positive effect. Of course, but only if we survive them.
Author and scientist Nassim Taleb developed this thought further. He introduced the antifragile concept. He argues that we need to create systems that are the opposite of fragile. Fragile things cannot take a beating and break easily. Risk management in the traditional meaning of such methods as COSO ERM, try to make systems and organizations robust. They help limit the chance of unexpected things happening to us and, if they do happen, they envisage procedures which limit the final damage. Antifragile organizations are not geared toward preventing risks but see risks and unexpected events as ingredients which make the organization stronger.
Culture of limiting damage
Instead of protecting employees from risks, we must learn to deal with uncertainties. Responding to opportunities and reacting to negative aspects make organizations resilient, according to Taleb. It makes us agile. In this view, it is not about limiting the probability of a threat, but about a culture in which employees limit the damage by responding quickly and adequately to negative developments and seize opportunities. "But does this not lead to problems?" you may ask yourselves. The prerequisite "that which does not kill me," must of course be met. The focus is then placed on determining what the higher risk appetite may be and what limits should be applied on it. The policy discussion should not only focus on what we want to achieve, that is, our goals, but also on what we want to avoid –the risk appetite. These limits must, therefore, be strictly enforced.
Is your organization already antifragile? If not, you may be able to transform parts of your robust organization by not hedging risks but rather by embracing them.
Prof. Dr. Arco van de Ven, CPA, Professor of Accounting Information Systems at TIAS School for Business and Society of the University of Tilburg. This column was originally published in the Dutch-language ControllersMagazine.
Van de Ven is a lecturer in the Risk & Behavior Master Class.
More information about this master class