Answering risk questions that cannot be answered with common practice approaches
Dec 28th, 2016
This interview ” Answering risk questions that cannot be answered with common practice approaches ” was recently published by Mind the Gap!
Dr. F. Oboni, Ph.D. President Riskope
We have added the red titlesto this version. The original questions are numbered Q1 to Q10.
How large is the gap between companies following common practices vs. Best practices?
Q1: After we first met, Franco, I realized how much proforma is the kind of Risk Management we do in our endeavors. How large is the gap between companies that do poor risk management and companies doing good RM?
There is a huge gap between companies doing Risk Management and companies not doing Risk Management. There’s another gap between companies adopting common practice, and those going to the point of doing something better, adopting best practices.
Answering risk questions that cannot be answered with common practice approaches
Those doing something better come to us with very specific questions that cannot be answered, for example with FMEA (Failure Mode and Effect Analysis) and Probability-Impact Graphs (PIGs), or risk matrix 5×5. For example: what is the rational sizing of my insurance? So, how many millions should I insure for my business interruptions?
You cannot solve that with risk matrix or FMEA as those methods fail to deliver quantitative risk values with enough finesse to support decision making!
Clients also come to us saying: “what’s the maximum consequence I could have in my system because of interdependent failure?”. That’s propagation of failures through the system as a domino effect. You cannot solve it with the PIG risk matrix! Others come to us saying “we would like to know if it’s better to apply solution A or B, and we would like to know the difference in the risks”. FMEAs or PIG risk matrix cannot solve that.
Thus there are plenty of cases where we have clients coming to us calling for help. Last year a company, a large mining company had a problem with water, contaminated water out of a process they had. They came to us and said “we want to improve the process, but we don’t know which additional elements, what mitigation to implement. Can you help us?”. With the ORE [Optimum Risk Estimates, ©Oboni Riskope Associates Inc.] methodology we use, you can say “if you double the measurements frequency, or if you do this or that, you can reduce the chances of failure by so much”. With the PIG risk matrix you cannot do that.
A common syndrome: dealing with confusing results
In another case, a company came to us because they had a huge problem budgeting the water treatment plant construction and said “You know, we did a Risk Assessment by using FMEA in-house, and now we’ve got 200 “yellows”, and we don’t know what to do with that!”. FMEA lacks the ability of discerning between High-Frequency/Low-cost and Low-Frequency/High-Cost scenarios. Answering risk questions that cannot be answered with common practice approaches requires a shift to best practices.
Q2: And what do you do in such a case?
Well, we define tolerability/tolerance levels [thresholds]. And then we verify how many risks and how much each risk is above the tolerance levels. That’s a key to healthy and rational prioritization.
What is required to go towards best practices?
Q3: How you do it, if you don’t do it the mainstream way?
We work with a proven methodology named ORE that’s tailored to each client in order to solve the specific problems the client has. The standard body of practices regarding Risk Management aren’t really solving the kind of problems real companies have.
Q4:Who should attend your working sessions for risk identification and assessment?
We are not using -like what seem to be a common practice- big workshops where people attend without previous preparation. We’ll start by studying the system, defining what the system and its boundaries are. We spend a nice part of the time in that before we actually start asking questions to the people that actually work in the system.
This has proven to be absolutely invaluable, instead of people entering the room with no actual commitment, compromise and knowledge enough as to provide relevant input. They will ask “what am I supposed to do here?” and that’s why we are against loose, crowded workshops. That’s not the way we operate.
We’ll start by reading existing documents on the system, documenting ourselves, understanding what the history of losses and near-misses is, and so forth. With that picture in our minds we start asking questions, not before, in a clueless manner.
Q5: You so start by working on hard data…
We begin with the hard data, yes… because whatever data are available are useful. For we are not bending the way we do the work. The client may be unwilling to provide it, in which case we’ll need to go away…
Q6: Do you include people from the community, politicians, …?
Community people will intervene after the first risk identification -according to the methodology-. We’ll integrate them to enlighten us with their perception of the potential consequences and propagation. Thus they will provide a valuable input for the social tolerable levels of risk.
In a case I mentioned to you, in some three months we’ll participate in public hearings with politicians, and the chiefs of the first nations involved by the project. Finally, everyone will be in the same page and able to talk and discuss the issues we present. Conservationist organizations have already expressed their points of view, for instance.
Who is buying this?
Q7: I wonder who buys this… Who’s your counterpart in the companies that approach you?
It depends. In some cases it’s the risk manager that requests consulting for answering risk questions that common practice approaches cannot answer. Sometimes it’s an engineer that wants to have a project evaluation. Or a contractor that’s about to sign a large construction contract, and finally wants to quantitatively assess the money he/she’s putting at risk.
Finally it can be a transportation master for a mining company who wants to know what’s the transportation risk in a complex transportation network including railroads, trucks, shipping and harbours…
Q8: Gosh, they seem to be quite knowledgeable people… And by the way not the ones with the bucks…
Oh, you mean I’m missing the boss? Ok. Let’s say a CEO and I both ride the elevator for 20 floors. the pitch would be something like “With us you’ll be able to gain a competitive advantage on anybody else…”. At this point it would be yet another sales pitch, but then I’d follow, “…because you’ll understand your full risk landscape around any of your initiatives. For you’ll know where the traps are, where the problems are and finally where your heavier risks are. Thus you’ll be able to seize on opportunities nobody else can rationally take…”
Q9:… and then I, the CEO, would say, OK, but what is your differentiating side?
Well, by doing things the FMEA way (the coloured matrix) you cannot get those results. Nobody can. But if you do what it really takes, you could.
We’d start with a pilot assessment, for instance working initially with one of your facilities, we both learn the environment and the way the risks appear, so we are able to further proceed with the whole company.
Q10: I am almost buying on you…
It is time for companies to realize that relying on obsolete and poorly applied methods ( http://www.intechopen.com/books/geohazards-caused-by-human-activity/the-long-shadow-of-human-generated-geohazards-risks-and-crises) is certainly not the key to the future and does not allow answering risk questions that cannot be answered with common practice approaches. In fact, there’s no way they’ll be able to sustain leadership, defend themselves and proactively go to a profitable future if there’s no change in their approach to risk.-
Tagged with: common practice approaches, Failure Mode and Effect Analysis, Probability Impact Graphs, Risk Management, risk questions
Category: Consequences, Crisis management, Optimum Risk Estimates, Probabilities, Probability Impact Graphs, Risk analysis, Risk management