De-risking the business model

The exponential development and effects of COVID-19 have thrust risk management into the limelight, leading many of us to question whether our current risk management models are up to par. Now is the optimal time to consider what other exponential risk exposures our organisations may face and how we can best equip our businesses to deal with cases of extreme uncertainty and risk.

The traditional approach to risk management usually means defining a list of risks, assessing the risks in a risk matrix and then agreeing on further actions to take to mitigate the risks. If this approach is used and implemented appropriately, we can make great strides in de-risking businesses – in particular related to well-defined “persistent” risks like IT security, operational breakdown, fraud, health and safety and compliance.

However, when we are exposed to dynamic and complex tactical and strategic risk – the true threats to and opportunities for businesses – the traditional approach actually falls short. These are risks such as pandemics, geopolitical shifts, technological disruptions, climate change and shifts in demand.

When addressing the more complex types of risks, we should focus more on building resilience into our business model and enabling the organisation to make agile changes when needed, i.e. due to risk exposure, rather than trying to mitigate the risk.

Travelling in Mediocristan vs Extremistan

Risk analyst and author of “The Black Swan” and “Antifragility” Nassim Nicholas Taleb discusses the distinction between travelling in Mediocristan vs Extremistan.

In Mediocristan, we meet the persistent risks that we can deal with by using well-known tools like cause and effect analyses and risk assessments.

In Extremistan, our normal map, GPS and currency does not work. We need to be more mindful in order to avoid our confirmation bias and look for what we do not expect to happen.

Looking for the five signs of Extremistan

Due to our extensive work with clients on risk management, we recommend looking for five signs of Extremistan: snowballs, long tails, egg baskets, lock-ins and Gordian knots.

Snowballs

Snowballs are events and developments that are self-enforcing or contagious. Examples include pandemics, customer loyalty and shitstorms.

Long tails

Long tails occur when a potential best- and worst-case outcome is extreme compared to the average outcome. Examples are technology developments, the weather, the climate and financial markets.

Egg baskets

Egg baskets occur when an organisation is impacted in multiple ways or in several areas by one event or development. Examples could be a situation instigated by leadership and organisational culture or knock on effects to supply chains, patents and products.

Lock-ins

Lock-ins refer to situations when strategies and business models are sticky and difficult to change. This could be high fixed costs, too much bureaucracy or a lack of change experience.

Gordian knots

A Gordian knot is a tricky problem: A project, market or relationship that is so complex that we cannot find the beginning or the end, and we do not know the effects of actions on results. Examples include political dependencies, M&A and transformation projects.

As you can see, we cannot equate these signs of Extremistan with risks that can be meaningfully listed and assessed in a risk matrix.

When looking at the signs of Extremistan, we should instead use scenario thinking, stress testing and strategic problem-solving to understand how we can prepare our business to survive and take advantage of uncertain environments.