We’re proud to be able to publish excerpts from SAMI Associate Garry Honey’s new book, “Navigating Uncertainty” over the next few weeks. Navigating Uncertainty is designed for leadership teams to understand, get comfortable with, and mitigate business risk – and is equally applicable, whichever type of organisation you lead.
The book is for directors and leadership teams, it is not designed for risk managers. It explores why risk and uncertainty are vital to achieve good judgement and sound stewardship of any organisation. It accepts that risk management varies according to environment: risk in a school or hospital is very different to risk in banking or asset management, and very different again to risk in mining or oil extraction. This book will not provide the tools for a better risk register, but it offers some ideas on a fresh approach to risk appetite and tolerance.
The discipline of risk management has emerged over the past 50 years and it has risen rapidly up the board agenda within the past 30 years due to a number of events which I outline in this section. A century ago the economist Frank Knight defined the difference between uncertainty and risk. In short uncertainty was any outcome that could not be measured whereas risk was any outcome that could. Consequently, many board decisions treat risk as an exercise in probability percentages regarding alternative outcomes – Knightian uncertainty.
It was left to Robert Skidelsky in 2008 to remind us that ‘A central danger stemming from the use of probability is that it provides those using it with a comforting, but spurious accuracy that facilitates the self-delusion that the uncertainty of the future is fully measurable and has been tamed.’ This reminds us that the future is unknown and unknowable so any attempt to predict it carries within in a degree of uncertainty. In this context probability provides the ‘spurious accuracy’ mentioned above.
The distinction between risk and uncertainty first mentioned by Frank Knight was revisited recently by Mervyn King and John Kay in their recent book ‘Radical Uncertainty’. They offer a useful way to distinguish between the two: risks are puzzles that can be solved and uncertainties are mysteries that cannot. Your risk register should only contain puzzles because mysteries have no business to be in it. This a very useful approach when reviewing whether a risk register is fit for purpose.
Over the past 30 years the discipline of risk management has evolved to fill an important role in corporate governance. Many organisations have a Risk Director or a Risk Committee tasked with identifying and mitigating foreseeable risks to continuity. The role of risk management has become one of risk avoidance with contingency planning to protect from disruption. Risk tends to be viewed as a peril or hazard, a future outcome that is undesirable and ideally avoidable.
The first corporate code came out in 1992 as the Cadbury code and was a response to a few high-profile corporate collapses like Polly Peck and BCCI. The London Stock Exchange had only recently been opened up for global business and was keen to be seen as a reliable and reputable place for any serious corporate listing. The code was the first attempt to set out standards to ensure that investors were protected by some basic rules of behaviour. At this time the Financial Reporting Council or FRC was set up to regulate corporate governance and financial reporting. Risk reporting was included as the duty of a responsible board.
The code has been updated regularly, especially in response to the Companies Act of 2006, but it was the global financial crash of 2008 that further stimulated interest and attention on risk reporting. In the years that followed it was felt that the crash might have been averted had risk reporting by banks and lenders been more robust. It was left to the late Queen Elizabeth to articulate the sentiment prevalent among the public at the time: ‘Why didn’t anyone see it coming?’ Many did but there was a collective sense of risk denial throughout the financial services sector.
Within the past seven years a third stimulus to risk in corporate governance has emerged slowly in the form of ESG considerations. Environment, Social & Governance issues which require boards to consider a diverse range of stakeholder issues beyond shareholder return. What began as a demand from investors to encourage businesses to address Sustainability and Responsibility, has ballooned into an ongoing debate about what counts as ESG and whether focus on long term distracts from short term performance. Suffice to say, ESG is now a risk topic itself as boards struggle to explain the purpose of their organisation to wider audiences.
After thirty years of risk rising up the boardroom agenda, many directors feel uncomfortable with it. This is partly because it is easy to defer to experts and partly because nothing is certain about the future. A board of directors has a duty to direct the business and have a clear vision of its desire future. In their book ‘Super-forecasting’ the authors Philip Tetlock and Dan Gardner explored ‘the art and science of prediction’ to find that even the cleverest people cannot deliver certainty. The key to understanding risk as part of our decision-making process is our approach to uncertainty, especially our innate desire to replace it with certainty.
Why we fear uncertainty as humans is a subject for psychologists and behavioural science, but in corporate leadership we feel obliged to deliver certainty in order to instil confidence in employees, investors, suppliers and customers. All these parties expect certainty so we tend to create it out of a mixture of hope, hubris and self-delusion. We forget that the term Risk Management is in itself an oxymoron for it is not possible to manage the future. We can calculate alternative outcomes but we can never be certain. As Voltaire said: ‘uncertainty is an uncomfortable position, but certainty is an absurd one’.
Written by Garry Honey, SAMI Associate and founder of Chiron Risk and first published Autumn 2023.
The views expressed are those of the author(s) and not necessarily of SAMI Consulting.
SAMI Consulting was founded in 1989 by Shell and St Andrews University. They have undertaken scenario planning projects for a wide range of UK and international organisations. Their core skill is providing the link between futures research and strategy.
If you enjoyed this blog from SAMI Consulting, the home of scenario planning, please sign up for our monthly newsletter at email@example.com and/or browse our website at http://www.samiconsulting.co.uk