SlideShare a Scribd company logo

THE UNITED STATES NAVAL WAR COLLEGE U.S. Navy.docx

Download as DOCX, PDF
A
arnoldmeredith47041

THE UNITED STATES NAVAL WAR COLLEGE U.S. Navy Senior Enlisted Academy RISK MITIGATION: DIVERSE CHALLENGES FOR THE RISK PRACTITIONER By Prof. Ronald E. Ratcliff (Jan 2006) Edited by Prof. Bud Baker (Nov 2017) RISK MITIGATION: DIVERSE CHALLENGES FOR THE RISK PRACTITIONER It's tough to make predictions, especially about the future. ─ Yogi Berra INTRODUCTION Risk and risk management are concepts that leaders and their staffs have come to appreciate in increasing levels of sophistication. Operational Risk Management (ORM) is a process taught at all levels in the Department of Defense. Yet, and somewhat ironically, senior civilian Defense Department leadership has often been quite critical of the military services for their limited understanding of, and general aversion to, risk. While one can build a defensible case for the military’s penchant to avoid risk, the purpose of this paper is to examine more fully the challenges that make astute risk management so difficult. As part of that discussion, we will briefly examine the difficulties inherent in determining risk for low-probability but catastrophic events. We will also examine briefly the processes used in risk management and the challenges leaders face in making risk management decisions. Finally, we will address the challenges all organizations face when communicating the rationale for their choices given the risks involved. RISK In a July 2004 study commissioned by the British government entitled Public Perception of Risk, J. Richard Eiser noted that: “Risk is a feature of all human activity that results in some probable benefit but also includes a potential cost or harm.”1 He further noted: [E]verything that is important about risk arises from actual or perceived uncertainty ... it is only because we need to act under conditions of uncertainty that the concept of risk is of interest. If we felt there was nothing we could ever do to affect what might happen to us, we would have no decisions to take and there would be no point in worrying about the likelihood or value of future events. ... It is because these consequences are uncertain, and may leave us better or worse off, that we talk about risk.2 Risk is typically defined as “the combination of the probability of an event occurring and its consequences.”3 Usually, organizations perceive those consequences in a negative context. Within the Department of Defense, the term risk clearly has a negative implication defined as “the probability and severity of a potential loss that may result from hazards...”4 Similarly, the Naval War College characterizes risk as “the likelihood of failure and the consequence of failure…”5 These definitions equate risk to the probability that an organization’s vulnerabilities or weaknesses will permit an unwanted and/or harmful event to occur that will limit its ability to achieve a.

Education
1 of 37
THE UNITED STATES NAVAL WAR COLLEGE U.S. Navy Senior Enlisted Academy RISK MITIGATION: DIVERSE CHALLENGES FOR THE RISK PRACTITIONER By Prof. Ronald E. Ratcliff (Jan 2006) Edited by Prof. Bud Baker (Nov 2017)
RISK MITIGATION: DIVERSE CHALLENGES FOR THE RISK PRACTITIONER It's tough to make predictions, especially about the future. ─ Yogi Berra INTRODUCTION Risk and risk management are concepts that leaders and their staffs have come to appreciate in increasing levels of sophistication. Operational Risk Management (ORM) is a process taught at all levels in the Department of Defense. Yet, and somewhat ironically, senior civilian Defense Department leadership has often been quite critical of the military services for their limited understanding of, and general aversion to, risk. While one can build a defensible case for the military’s penchant to avoid risk, the purpose of this paper is to examine more fully the challenges that make astute risk management so difficult. As part of that discussion, we will
briefly examine the difficulties inherent in determining risk for low-probability but catastrophic events. We will also examine briefly the processes used in risk management and the challenges leaders face in making risk management decisions. Finally, we will address the challenges all organizations face when communicating the rationale for their choices given the risks involved. RISK In a July 2004 study commissioned by the British government entitled Public Perception of Risk, J. Richard Eiser noted that: “Risk is a feature of all human activity that results in some probable benefit but also includes a potential cost or harm.”1 He further noted: [E]verything that is important about risk arises from actual or perceived uncertainty ... it is only because we need to act under conditions of uncertainty that the concept of risk is of interest. If we felt there was nothing we could ever do to affect what might
happen to us, we would have no decisions to take and there would be no point in worrying about the likelihood or value of future events. ... It is because these consequences are uncertain, and may leave us better or worse off, that we talk about risk.2 Risk is typically defined as “the combination of the probability of an event occurring and its consequences.”3 Usually, organizations perceive those consequences in a negative context. Within the Department of Defense, the term risk clearly has a negative implication defined as “the probability and severity of a potential loss that may result from hazards...”4 Similarly, the Naval War College characterizes risk as “the likelihood of failure and the consequence of failure…”5 These definitions equate risk to the probability that an organization’s vulnerabilities or weaknesses will permit an unwanted and/or harmful event to occur that will limit its ability to achieve a desired goal or objective. Thus risk is perceived to increase as either the probability of
the unwanted event increases or the severity of the consequences rise. Often overlooked in an organization’s treatment of risk are its positive aspects. Risk usually entails the possibility that a future event could have a positive effect or be advantageous to the organization. This aspect of risk, while acknowledged by most organizations, is just as often likely to be ignored, as their aversion to risk too greatly discounts the potential benefits of a risky 2 choice. Many organizations fail to appreciate that risk is more than a simple articulation of the bad things that could happen; it is also about the good things that will not happen. Organizational success or failure is not simply dependent on the ability to identify and avoid harmful risk, but is also reliant on the ability to recognize and “to capitalize on fleeting opportunities.”6 UNCERTAINTY
Risk occurs because the precise likelihood of a future event is unknowable. If we knew with certainty that an event was going to happen, there would be no discussion about risk. Unfortunately, the future is simply and unequivocally unknowable. We are frequently forced to make choices about the future without really knowing how things will turn out. As the consequences of those choices increase, so too does the perceived need to eliminate as much uncertainty as possible. Organizational uncertainty arises from three basic circumstances: 1) uncertainty about how the organization’s environment is changing; 2) uncertainty about how those changes will harm or benefit the organization; and 3) uncertainty about the best way to respond to those changes to either limit the harm or assure the benefits occur.7 Uncertainty is further complicated by the very nature of the doubt that creates the risky situation under consideration. Uncertainty results from two basic conditions: vagueness and ambiguity.
• Vague uncertainty occurs when there is a lack of clear or definitive information about the range of probable future outcomes. • Ambiguous uncertainty, which occurs when there is clear but conflicting information on (or general disagreement about) the range of future outcomes.8 While uncertainty due to vagueness can be reduced by gathering more information about the situation, uncertainty due to ambiguity usually cannot be resolved by additional or new information. Clearly, it behooves the risk practitioner to first seek to understand the basic nature of the uncertainty faced by the organization before deciding how to diminish it. How we identify relevant data, develop information and act on that knowledge is dictated by how we perceive and judge risk as either a danger to be avoided or an opportunity to be seized. Judgment about risk is influenced by two elements: risk perception and risk propensity. RISK PERCEPTION
Risk is not a physical entity into itself, but rather is a concept or a way of thinking about the impact of something that has yet to happen. As such, risk is a subjective judgment of the likely consequences of a future uncertain event. Yet risk is more than merely a function of uncertainty. It is also a judgment about how we value the different possible results (good and bad) that might occur. Those judgments color and bias our perceptions of risk.9 Value judgments play an especially large role in the way we estimate risk for low probability, but highly destructive events. Thus, risk perception is the product of one’s judgment about the likelihood an event will occur, the extent of harm or benefit that future event is likely to bring, and the level of confidence one has in those estimates.10 3 RISK PROPENSITY Risk propensity is often defined as “an individual’s current tendency to take or avoid risks…”11
It is usually viewed in one of two ways: • Risk averse characterizes those who view risk as a harmful consequence to be avoided at all costs regardless the potential benefits. As a result, those who are risk averse usually seek to avoid risk in the decisions they make. • Risk tolerant characterizes those who value the potentially beneficial consequences of an event more than they fear the associated potential harm. Hence, those who are risk tolerant are willing to accept risk commensurate with the potential gain in the decisions they make. Our perceptions of risk are relative to our basic tendencies towards risk. While perception of risk may drive one person’s risk tolerance, another’s propensity to assume risk probably drives their perception of the risk involved. Decision makers must be aware of both aspects in order to fully appreciate which element is most influencing their decision or the estimates of others. To be too risk averse forgoes opportunity, while being too risk tolerant may be foolhardy.
The Risk Dilemma. Adding to the complexity of organizational perception of risk is the influence of important key stakeholders. Returning to Eiser’s report on risk perception for the British government: Risk-mitigation decisions may be influenced by public perceptions of risk in ways that may distort priorities away from actual risk reductions. Policy makers may feel the need to be seen to be doing something about particular risks, even where the risks are relatively small and the actions undertaken are more visible than they are effective. The other side of the story is that the general public can sometimes appear frustratingly complacent about the seriousness of other kinds of risks, and so be resistant to policies and actions that could lead to risk reduction.12 How people perceive risk depends on: what they value, how the risk is framed, and their level of trust in the organization or institution responsible for identifying and characterizing the risk.
Studies have shown that there appears to be a clear inverse relationship between perceived risk and perceived benefit and an individual’s evaluation of a hazard. That is to say, where an activity or issue is perceived in a positive light, people tend to judge its benefits as high and its risks as low. But where the situation or endeavor is seen in a negative light, people are likely to dwell on the dangerous or harmful aspects of the issue and perceive the risks as high.13 As a consequence, the astute risk decision maker must always strive to understand which aspect of risk (potential harm or benefit) is being emphasized or minimized to ensure that how a problem has been framed does not prejudice the risk decision. The “Wicked” Problem14 – Low Probability-High Consequence (LP/HC) Threat. One of the most perplexing problems that confronts national security organizations like DoD and the Department of Homeland Security is how best to identify and characterize the risk associated 4
with low-probability events that have highly dangerous or catastrophic consequences should they occur. LP/HC threats include such things as the release of a Weapon of Mass Destruction (WMD) in a metropolitan area like New York City, or global pandemics like drug-resistant Tuberculosis, Smallpox or the Avian Flu. As the diagram at the right shows, when the severity of the consequences of an event is judged to be relatively low, the risk is usually judged to be “low” regardless of the likelihood that the event will occur. If the event is highly probable and its consequences are highly harmful, the risk is judged appropriately to be “high.” Problems arise, however, when we are forced to characterize events that have a very low probability of occurring, but if they do occur have disastrous consequences. Identifying
appropriate criteria to characterize such risk as either high or low is not only highly problematic, but equally difficult to explain. LP/HC threats are by their nature complex ─ complex in the sense that the cause-and-effect chain is usually dynamic, often not well understood, and generally is open to reasonable debate. When the complexity of a threat exceeds the layperson’s ability to understand the important technical issues, cultural values and the public’s trust of national institutions become an integral part of the risk calculus. As a result, expert opinions or scientific analysis often are insufficient in and of themselves to provide universal or wholly accepted characterizations of the risk.15 When the issues are complex, public perceptions of risk are influenced by two dimensions: the extent and clarity of the knowledge about the threat and the level of conformity among stakeholder values that shape perceptions about how much risk is involved. Such problems have been called “wicked problems” because:
1) The problem and solutions exist in the “eye of the beholder,” hence there is no single accepted formulation of the problem; 2) Outcomes are not scientifically predictable; 3) The decision maker cannot know when all feasible and desirable solutions have been explored; and 4) The decision-maker is not allowed to be wrong.16 DIFFERENT KINDS OF RISK When addressing risk, frequently there is a tendency to assume that others see and understand the context of risk the same way that we do. Such a presumption is ill-founded and lays at the heart of most misunderstandings about risk. As one author noted when researching the subject, an internet search engine recently took 0.18 seconds to identify 510 million written works on the single word “risk.” It is highly doubtful that all of those authors were using it in the same way or in the same context.17
P ro b a b il it y o f H a z a rd o u s E v e n t O c c u rr
in g (U n c e rt a in ty ) None Severity of the Consequence Catastrophic 0% 100% Low Risk Low Risk High Risk ? 5 There is no commonly accepted standard that establishes the categories or kinds of risk that
confront decision makers. For many, risk is basically comprised of the inherent or pure risk that naturally emanates from our environment as opposed to assumed risk that springs from individual or collective activity or behavior. For others, risk is simply comprised of individual risk or societal risk. Within those broad constructs, risk can also refer to the potential harm to a physical asset (building, information system, transportation system, etc.) or to intangible but real assets (victory, profit, market share, reputation, etc.). Some commonly used categories or descriptions of risk include the following: • Organizational risk (technical, personnel, systems/process, performance); • Business risk (credit, product/market, regulatory/legal, transactional, investment); • Project management risk (cost, schedule and performance); • Operational risk (mission, resources, processes, tactics); • Strategic risk (competitive environment, risks that arise in the pursuit of enterprise objectives); • Political risk (constituencies, alliances, coalitions); and
• Security risk (public safety and health, information systems, infrastructure). The Defense Department categorizes risk into four groups (personnel management, operational, future challenges and institutional). These lists are by no means exhaustive, but serve to show why, when speaking about risk, it is imperative to ensure all participants in a risk decision are proceeding with a common understanding of the risk that is under consideration. RISK MANAGEMENT In 2002, the National Infrastructure Protection Center defined risk management as the: Systematic and analytical process by which an organization identifies, reduces, and controls its potential risks and losses. This process allows organizations to determine the magnitude and effect of the potential loss, the likelihood of such a loss actually
happening, and counter-measures that could lower the probability or magnitude of loss ... countermeasures should be identified and evaluated to select those which offer an optimal trade-off between risk reduction and cost.18 The term risk management is often (and incorrectly) used interchangeably with risk assessment, but the terms are not synonymous. Risk management is the administrative process designed to manage an organization’s exposure to risk to an acceptable level. From a military perspective, it is often useful to consider two aspects of risk: risk to mission and risk to forces. Risk assessment is a component part of risk management that describes the process used to identify and prioritize the risks that confront an organization. Risk management is comprised of four basic phases: assessing risk, deciding how to control the risk, implementing risk control 6 measures, and measuring risk control effectiveness. According to Shortreed, et al., in
Benchmark Framework for Risk Management: The objective of risk management is to ensure that significant risks are identified and that appropriate action is taken to manage these risks to the extent that is reasonably achievable [emphasis added]. Appropriate actions are determined based on a balance between: risk treatment (or control) strategies; their effectiveness and cost; and the needs, issues and concerns of stakeholders.19 Implicit in the statement above is recognition of a critical point: in all risk management decisions, risk can only be minimized, but it can never be eliminated. The reason is quite simple, risk is comprised in part by uncertainty and while we can reduce uncertainty, we can never completely do away with it. Risk itself cannot be managed, only the operations and decisions that respond to the perceived risk can be managed.20 RISK FRAMEWORK – SEVEN WAYS TO DEAL WITH RISK
Once an organization has completed its risk assessment, it must decide how best to control the risk that comes with a choice to either proceed with an activity that holds the possibility of causing desired effects or to forego such activity. Often we have a choice to engage in risky behavior, but it’s also important to note that some risks are unavoidable (weather or other natural disasters like earthquakes). Responses to risk can be divided into four basic approaches:21 Avoid: Some risks may only be treated or contained to acceptable levels by terminating the intended operations or activity. A military operation whose potential benefits or gains do not outweigh the potential negative consequences of failing should be terminated or cancelled. Transfer: For some risks, the best response may be to transfer wholly or partly the activity to another organization that has the capacity to better handle the risk and uncertainty. An infrastructure reconstruction project might better be transferred to a
civilian contractor rather than assigned to a military construction battalion that has capability but marginal expertise. That said, one should proceed with caution when attempting to transfer any kind of risk because in most cases, responsibility and accountability for the results will likely remain with the original organization. Tolerate: At times an organization’s ability to do anything about some risks may be limited, or the cost to mitigate negative consequences may be disproportionate to the potential benefit gained. In this circumstance, the only course of action may be to endure the potential negative consequences of the decision. In large scale military operations, casualties are inevitable, sometimes even extensive, but often the operational or strategic goals are so important that casualties must be endured. Assume and Control: When the decision is made to pursue a course of action that is inherently risky, steps are usually taken to mitigate as much as possible any negative
consequences that may result from that action. Such steps are not taken necessarily to eliminate the risk, but to contain or limit the negative consequences to a tolerable level. Said another way, the purpose of this category of control is to contain the potentially 7 harmful effects of risk rather than to eliminate it. Controls can be classified in one of four ways:22 • Redundancies: These controls are designed to ensure that a particularly important outcome is achieved or an intolerable event is avoided. The opposite of this is putting all of one’s eggs in a single basket. Generally this consists of backup plans and redundant systems. However, it can also include elements of hedging and diversifying. Hedging is putting into place safeguards to protect against undesired outcomes. For example, one way to hedge against the possible negative
consequences with building a lighter, smaller conventional force is to maintain a nuclear strategic capability to assure a country’s national survival. Another redundancy approach to limit risk is by diversifying. Using the example of a nuclear strategic capability, the United States uses three different weapon delivery systems (land-based missiles, sea-based missiles and bombers) to complicate an adversary’s defense mechanisms. • Directive Controls: These controls are designed to limit the possibility of an undesirable outcome from occurring. Procedures designed to prevent mishaps in organizations belong in this category. Examples include prohibition against the entry of cargo or individuals coming from a particular country or port of origin that does not have sufficient controls in place to assure the security of follow-on ports of entry. • Detective Controls: These controls are designed to identify instances of undesirable outcomes occurring. Detective controls are, by definition, “after the fact” and only
appropriate when it is possible to bear the negative consequences incurred. Examples include monitoring devices in ports of entry to detect the presence of WMD or passport control systems to detect attempted entry by illegal immigrants or unwanted visitors. • Corrective Controls: These controls are designed to correct the undesirable outcomes which have occurred. They describe the planned response to any loss or damage that result from the organization’s actions. An example of these controls includes the response of local, state and federal officials to contain or limit the effects of a WMD device or the effects of a particularly virulent and widespread disease or pandemic. Since every control action has an associated cost, the benefits of control must be judged against those costs. Seldom, if ever, is it possible to afford all the controls that could limit or contain the risk involved in a situation. Hence, the risk practitioner must choose a balance between implementing controls (e.g., redundancies,
directive controls, detective controls, and corrective controls) and doing nothing (i.e., avoid, transfer, and tolerate). LIMITS TO PLANNING FOR AND MANAGING RISK While everyone generally recognizes that things rarely ever turn out exactly as expected, there is a natural tendency to expect that they will. While most leaders and managers assume they are proficient in handling risk and uncertainty, they probably are not as good at risk management as they think they are.23 There are several possible reasons for this: 8 • Overly narrow or misguided perceptions of what might happen in the future; • Insufficient relevant knowledge and/or poor situational awareness; • Pressure from stakeholders to ignore or assume away critical uncertainty; and
• Lack of a systemic and logical framework to collect and process all relevant information that influences perception of the inherent uncertainties and risks.24 Risk practitioners must take care to guard against cognitive errors that cloud or bias their judgments about risk and uncertainty. People are prone to error when estimating probabilities and/or thinking about future events for a number of reasons:25 • Wishful thinking. Estimates of particular outcomes may reflect personal preferences concerning those outcomes. Sometimes those responsible for planning and executing an operation are more optimistic than uninvolved individuals. • Selective perception. People may not include all the factors that matter when estimating subjective probability. • Experiential bias. When considering a risky situation, knowledge about similar previous events may lead people to prejudice their perception of risk in the current situation even though the circumstances may be completely different. • Framing effects. The way people define the issue or problem
usually influences their estimation of the probability of either a beneficial or harmful outcome occurring. • Overconfidence. People often overrate their ability to estimate the probability of future events. Research has shown that individuals are not as good at making predictions as they think they are. • Confirming evidential bias. People sometimes have a preferred outcome at a subconscious level, before they decide how they will justify their choice. In such cases, their biases affect the kinds of evidence they search for, and how they interpret the evidence they find.26 While the issues raised above seem pretty straightforward, “recognizing that we are prone to bias and errors of reasoning is one thing, but knowing what to do about it is quite another ... The problem is that we don’t typically know when we’re making a mistake until afterwards, and sometimes not even then. Even bad decisions can feel right.”27 As noted above, the reasons for
our mistakes are myriad, if for no other reason than we truly believe we are acting as rationally and objectively as possible. The danger, however, lies in the fact that, ... it is extremely difficult to unlearn habits of thought and action that have been built up over a longer time. ... Our previous experience ‘got us here;’ on the other hand, we generally have very little insight into how we got here or what we have missed out on in the process. ... We don’t know what we don’t know, and find it difficult to imagine how things could be otherwise than as they appear to us.28 9 MORAL AND ETHICAL ISSUES Individual or collective choices that involve risk pose potential harm to others. As a consequence, they are irrevocably influenced by the moral
values and ethical characteristics of the organization and the individuals who make such decisions. Moral and ethical considerations are rarely black or white, but encompass many shades of gray based on the perceptions of all involved in risk decisions. As such, there are no absolutes or hard guidelines or checklists to guide a leader faced with difficult choices. Hence, decision makers might do well to reflect on the following: • How will the consequences affect various individuals or groups; • How perceptions of the likelihood or the consequences of a threat will likely vary among those affected; • When the consequences will likely occur (in the near-term or distant future); • Where the consequences of a decision will be felt (outside as well as inside the organization); and • The likelihood that there will be a wide range of opinion about what is morally or ethically just.29
In the final analysis, the decision maker must be able to answer a basic question: “What factors define what should be done to assure the well-being of the organization and the individuals who are a part of that organization?” Further: “What are our obligations to those outside the organization who will be affected by our choices?” Such judgments are wholly enveloped by individually and collectively held values that influence our perceptions of a situation.30 COMMUNICATING RISK This article has concentrated on the issues that inform the risk management process and dealing with uncertainty and the complex nature of risk. Decision makers must be ready to explain their choices, given the risks involved, to key stakeholders including the public. Felix Kloman, noted author of several articles on risk management observed: “Few organizations take the time to reduce what they know ─ and what they do not know ─ about risk, its organizational implications, and its responses into terms understandable to stakeholders.”31 He further and
strongly asserts that organizational leaders have a basic responsibility to simplify our descriptions of risk in ways that most people can understand. To assure the public trust, he notes: “It is essential to communicate to stakeholders our understanding of risks, their interactions and our planned responses. When we obfuscate definitions with jargon and convoluted prose, we lose the audience we must reach.”32 CONCLUSION Uncertainty and risk are the constant companions of all leaders. As organizations and their competitive environments expand in scope and complexity, the uncertainty and the risk inherent in those surroundings will correspondingly increase. Leaders must provide their followers as 10 much clarity about the future as possible (within the constraints and limitations posed by the basic unknowable nature of the future) and offer guidance that
bounds where and how much risk will be tolerated, and gives guidance about how to manage or control the risk assumed. To do that well, requires the astute risk practitioner to have a good understanding of the complexity inherent in any decision about risk and uncertainty. ENDNOTES 1 J. Richard Eiser, “Public Perception of Risk,” report prepared for the British Government Foresight Office of Science and Technology, July 2004, 2, available online at <http://www.foresight.gov.uk/Intelligent %20Infrastructure%20Systems/Reports%20and%20Publications/ Public%20Perception%20of%20Risk/long_paper.p df> [accessed 4 December 2005]. 2 Ibid, 4. 3 Definition provided by he International Standards Organization (ISO). 4 FM 100-14 Risk Management, Headquarters, Department of the Army, (Washington D.C.: U.S. Government Printing Office, 1998), 1-1. 5 Richmond M. Lloyd, “Strategy and Force Planning Framework,” Strategy and Force Planning, 3rd ed., eds. Lloyd et.al., (Newport, RI.: Naval War College, 2000), 13. 6 Jan Emblemsvag and Lars Endre Kjolstad, “Strategic Risk Analysis – A Field Version,” Management Decision,
40/9 (2002), 843, available online at <http://www.dnv.com/binaries/StrategicRiskAnalyses_tcm4- 10751.pdf> [accessed 3 December 2005]. 7 Jean Hartley, “Leading and Managing Uncertainty of Strategic Change,” Chapter 8, Managing Strategy Implementation, 109-121, eds. Tony Dromgoole, Patrick Flood, Liam Gorman, and Stephen Carroll, (Oxford: Blackwell Publishing, 2000). 110-111. 8 For a greater understanding of vague or ambiguous uncertainty the reader is encouraged to refer to the work of Daniel C. Molder and E. Tory Higgins in “Categorization Under Uncertainty: Resolving Vagueness and Ambiguity With Eager Versus Vigilant Strategies,” Social Cognition, Vol. 22:2, 2004, 248-277 available online at <http://www.psych.northwestern.edu/~molden/documents/RFCat egorize_SC04.pdf> [accessed 5 December 2005]. 9 Eiser, 58. 10 Sim B. Sitkin and Luarie R. Weingart, “Determinants of Risky Decision-Making Behavior: A Test of the Mediating Role of Risk Perceptions and Propensity,” Academy of Management Journal, 38:6 (December 1995): 1573-1575. 11 Sitken and Wiengart. 12 Eiser, 5. 13 Walters, Lawrence C., Peter J. Balint, Anand Desai, and Ronald E. Stewart, “Risk and Uncertainty in
Management of the Sierra Nevada National Forests,” a Report submitted to Jack Blackwell, Regional Forester USDA Forest Service, Pacific Southwest Region, 6-7, Available online at: <http://classweb.gmu.edu/ pbalint/Final%20report.pdf> [accessed 7 December 2005]. 14 Adapted from Walters, et.al. 15 Ibid, 7-9.. 16 Ibid. 17 Eiser, 3. 18 National Infrastructure Protection Center, “Risk Management: An Essential Guide to Protecting Critical Assets,” November 2002. Available online at <http://www.psaudit.com/images/images_updated/ white_paper.pdf> [accessed 5 December 2005]. 19 J.H. Shortreed, L. Craig, and S. McColl, “Benchmark Framework for Risk Management,” Network for Environmental Risk Assessment and Management, available on line at <http://www.irr-neram.ca/pdf_files/ Benchmark2001.pdf,> [accessed 3 December 2005]. 20 McNamee, David, “The New Risk Management,” Mc2 Management Control Concepts. Available online at <http://www.mc2consulting.com/riskart5.htm> [accessed 4 December 2005]. 21 Department of Defense, Defense Acquisition University, Risk Management Guide For DOD Acquisition, February 2001, available online at
<http://www.dau.mil/pubs/gdbks/RMG%20June%2003.pdf> [accessed 13 June 2005]. 11 22 British Government, Management of Risk-A Strategic Overview, Her Majesty’s Treasury Department, January 2001, available online at: <http://www.hm- treasury.gov.uk/media/EC612/orange-book.pdf> [accessed 13 June 2005]. 23 Matthew Leitch, “Risk Management – The Basics,” 18 March 2003. Available online at <http://homepage.ntlworld.com/ m.leitch1/mluck/basics/> [accessed 31 December 2003]. 24 Ibid. 25 For a more detailed discussion of errors mentioned in the text, and related errors, see Max Bazerman, Judgment in Managerial Decision Making, 4th Edition. (New York: John Wiley & Sons, 1998). See also Hammond, Keeney and Raiffa, Smart Choices, (New York: Broadway Books, 1999), 189-216. 26 Hammond et al., 1999. 27 Eiser, 35.
28 Ibid. 29 Douglas R May, Timothy D. Hodges, Adrian Y.L.Chan, and Bruce Avolio, “Developing the Moral Component of Authentic Leadership,” Organizational Dynamics, 32:3, 2003, 251. 30 Ibid. 31 Kloman, Felix, “Four Cubed,” Risk Management, September 2001, 23-24. 32 Ibid.

Recommended

Uncertainty_and_Risk.pptx
Uncertainty_and_Risk.pptxUncertainty_and_Risk.pptx
Uncertainty_and_Risk.pptxArchishmaanUpadhyaya1
 
Module 1 - Introduction to Risk Management.pdf
Module 1 - Introduction to Risk Management.pdfModule 1 - Introduction to Risk Management.pdf
Module 1 - Introduction to Risk Management.pdfmarjondimafilis
 
How Can We See It Coming - Kylie Mills - 440565732
How Can We See It Coming - Kylie Mills - 440565732How Can We See It Coming - Kylie Mills - 440565732
How Can We See It Coming - Kylie Mills - 440565732Kylie Mills
 
Risk managment
Risk managmentRisk managment
Risk managmentsapna moodautia
 
Risk & Insurance PPT for 4th Year Students.pptx
Risk & Insurance PPT for 4th Year Students.pptxRisk & Insurance PPT for 4th Year Students.pptx
Risk & Insurance PPT for 4th Year Students.pptxbizuayehuadmasu1
 
If I want to write about risk management of building whether the bui.pdf
If I want to write about risk management of building whether the bui.pdfIf I want to write about risk management of building whether the bui.pdf
If I want to write about risk management of building whether the bui.pdfamitelectrocals30
 
Insurance and risk management
Insurance and risk managementInsurance and risk management
Insurance and risk managementMeenushreeGowda
 
Directions for chapter 10 lesson 1 project researching the e
Directions for chapter 10 lesson 1 project researching the eDirections for chapter 10 lesson 1 project researching the e
Directions for chapter 10 lesson 1 project researching the eANIL247048
 

Recommended

Uncertainty_and_Risk.pptx
Uncertainty_and_Risk.pptxUncertainty_and_Risk.pptx
Uncertainty_and_Risk.pptxArchishmaanUpadhyaya1
 
Module 1 - Introduction to Risk Management.pdf
Module 1 - Introduction to Risk Management.pdfModule 1 - Introduction to Risk Management.pdf
Module 1 - Introduction to Risk Management.pdfmarjondimafilis
 
How Can We See It Coming - Kylie Mills - 440565732
How Can We See It Coming - Kylie Mills - 440565732How Can We See It Coming - Kylie Mills - 440565732
How Can We See It Coming - Kylie Mills - 440565732Kylie Mills
 
Risk managment
Risk managmentRisk managment
Risk managmentsapna moodautia
 
Risk & Insurance PPT for 4th Year Students.pptx
Risk & Insurance PPT for 4th Year Students.pptxRisk & Insurance PPT for 4th Year Students.pptx
Risk & Insurance PPT for 4th Year Students.pptxbizuayehuadmasu1
 
If I want to write about risk management of building whether the bui.pdf
If I want to write about risk management of building whether the bui.pdfIf I want to write about risk management of building whether the bui.pdf
If I want to write about risk management of building whether the bui.pdfamitelectrocals30
 
Insurance and risk management
Insurance and risk managementInsurance and risk management
Insurance and risk managementMeenushreeGowda
 
Directions for chapter 10 lesson 1 project researching the e
Directions for chapter 10 lesson 1 project researching the eDirections for chapter 10 lesson 1 project researching the e
Directions for chapter 10 lesson 1 project researching the eANIL247048
 
Resource Guide on School Safety
Resource Guide on School SafetyResource Guide on School Safety
Resource Guide on School SafetyMolly Osborne
 
Fact Newsletter September 2011
Fact Newsletter September 2011Fact Newsletter September 2011
Fact Newsletter September 2011syosko
 
Reducing risk
Reducing riskReducing risk
Reducing riskSKS
 
Risk Management
Risk ManagementRisk Management
Risk ManagementMjNuarin
 
Risk-Analysis-Power-Point.pptx
Risk-Analysis-Power-Point.pptxRisk-Analysis-Power-Point.pptx
Risk-Analysis-Power-Point.pptxBhavnaGoyat2
 
Risk-Analysis-Power-Point.pptx
Risk-Analysis-Power-Point.pptxRisk-Analysis-Power-Point.pptx
Risk-Analysis-Power-Point.pptxRavichandran Narayanasamy
 
Security Assurance
Security AssuranceSecurity Assurance
Security AssuranceRoger Johnston
 
Risk-Analysis-Power-Point (2).pptx
Risk-Analysis-Power-Point (2).pptxRisk-Analysis-Power-Point (2).pptx
Risk-Analysis-Power-Point (2).pptxHilsonyusuf
 
There are 3 schools of thought regarding risk. First considers the p.pdf
There are 3 schools of thought regarding risk. First considers the p.pdfThere are 3 schools of thought regarding risk. First considers the p.pdf
There are 3 schools of thought regarding risk. First considers the p.pdfamit503
 
The incorporation of sustainability risks into the risk culture | Albert Vila...
The incorporation of sustainability risks into the risk culture | Albert Vila...The incorporation of sustainability risks into the risk culture | Albert Vila...
The incorporation of sustainability risks into the risk culture | Albert Vila...Albert Vilariño
 
CYBOK: Risk Management Governance KA Webinar slides.pdf
CYBOK: Risk Management Governance KA Webinar slides.pdfCYBOK: Risk Management Governance KA Webinar slides.pdf
CYBOK: Risk Management Governance KA Webinar slides.pdfHari319621
 
Risks & its types
Risks & its typesRisks & its types
Risks & its typesSRI KRISHNA ARTS AND SCIENCE COLLEGE
 
Risk management
Risk managementRisk management
Risk managementTanvirrm32
 
Risk Management Sir A. S. Chaubal
Risk Management Sir A. S. ChaubalRisk Management Sir A. S. Chaubal
Risk Management Sir A. S. Chaubalsameersanghani
 
Insurance And Risk Management
Insurance And Risk ManagementInsurance And Risk Management
Insurance And Risk ManagementTarseam Singh
 
Managing Reputation
Managing ReputationManaging Reputation
Managing ReputationAdrian Clements
 
ERM -01- Introduction 06-10-2022.pptx
ERM -01- Introduction 06-10-2022.pptxERM -01- Introduction 06-10-2022.pptx
ERM -01- Introduction 06-10-2022.pptxManiPSamRCBS
 
Risk Taking Behaviors
Risk Taking BehaviorsRisk Taking Behaviors
Risk Taking BehaviorsBuy Papers Online Cheap Greenville
 
Managing Decision Under Uncertainties
Managing Decision Under UncertaintiesManaging Decision Under Uncertainties
Managing Decision Under UncertaintiesElijah Ezendu
 
BM7037-15 Corporate Governance, Ethics & Risk ManagementRi
BM7037-15 Corporate Governance, Ethics & Risk ManagementRiBM7037-15 Corporate Governance, Ethics & Risk ManagementRi
BM7037-15 Corporate Governance, Ethics & Risk ManagementRiJeniceStuckeyoo
 
Write a scholarly paper in which you apply the concepts of epide.docx
Write a scholarly paper in which you apply the concepts of epide.docxWrite a scholarly paper in which you apply the concepts of epide.docx
Write a scholarly paper in which you apply the concepts of epide.docxarnoldmeredith47041
 
Write a S.M.A.R.T. goal to improve the Habit 5 Seek First to .docx
Write a S.M.A.R.T. goal to improve the Habit 5 Seek First to .docxWrite a S.M.A.R.T. goal to improve the Habit 5 Seek First to .docx
Write a S.M.A.R.T. goal to improve the Habit 5 Seek First to .docxarnoldmeredith47041
 

More Related Content

Similar to THE UNITED STATES NAVAL WAR COLLEGE U.S. Navy.docx

Resource Guide on School Safety
Resource Guide on School SafetyResource Guide on School Safety
Resource Guide on School SafetyMolly Osborne
 
Fact Newsletter September 2011
Fact Newsletter September 2011Fact Newsletter September 2011
Fact Newsletter September 2011syosko
 
Reducing risk
Reducing riskReducing risk
Reducing riskSKS
 
Risk Management
Risk ManagementRisk Management
Risk ManagementMjNuarin
 
Risk-Analysis-Power-Point.pptx
Risk-Analysis-Power-Point.pptxRisk-Analysis-Power-Point.pptx
Risk-Analysis-Power-Point.pptxBhavnaGoyat2
 
Risk-Analysis-Power-Point (2).pptx
Risk-Analysis-Power-Point (2).pptxRisk-Analysis-Power-Point (2).pptx
Risk-Analysis-Power-Point (2).pptxHilsonyusuf
 
There are 3 schools of thought regarding risk. First considers the p.pdf
There are 3 schools of thought regarding risk. First considers the p.pdfThere are 3 schools of thought regarding risk. First considers the p.pdf
There are 3 schools of thought regarding risk. First considers the p.pdfamit503
 
The incorporation of sustainability risks into the risk culture | Albert Vila...
The incorporation of sustainability risks into the risk culture | Albert Vila...The incorporation of sustainability risks into the risk culture | Albert Vila...
The incorporation of sustainability risks into the risk culture | Albert Vila...Albert Vilariño
 
CYBOK: Risk Management Governance KA Webinar slides.pdf
CYBOK: Risk Management Governance KA Webinar slides.pdfCYBOK: Risk Management Governance KA Webinar slides.pdf
CYBOK: Risk Management Governance KA Webinar slides.pdfHari319621
 
Risk management
Risk managementRisk management
Risk managementTanvirrm32
 
Risk Management Sir A. S. Chaubal
Risk Management Sir A. S. ChaubalRisk Management Sir A. S. Chaubal
Risk Management Sir A. S. Chaubalsameersanghani
 
Insurance And Risk Management
Insurance And Risk ManagementInsurance And Risk Management
Insurance And Risk ManagementTarseam Singh
 
ERM -01- Introduction 06-10-2022.pptx
ERM -01- Introduction 06-10-2022.pptxERM -01- Introduction 06-10-2022.pptx
ERM -01- Introduction 06-10-2022.pptxManiPSamRCBS
 
Managing Decision Under Uncertainties
Managing Decision Under UncertaintiesManaging Decision Under Uncertainties
Managing Decision Under UncertaintiesElijah Ezendu
 
BM7037-15 Corporate Governance, Ethics & Risk ManagementRi
BM7037-15 Corporate Governance, Ethics & Risk ManagementRiBM7037-15 Corporate Governance, Ethics & Risk ManagementRi
BM7037-15 Corporate Governance, Ethics & Risk ManagementRiJeniceStuckeyoo
 

Similar to THE UNITED STATES NAVAL WAR COLLEGE U.S. Navy.docx (20)

Resource Guide on School Safety
Resource Guide on School SafetyResource Guide on School Safety
Resource Guide on School Safety
 
Fact Newsletter September 2011
Fact Newsletter September 2011Fact Newsletter September 2011
Fact Newsletter September 2011
 
Reducing risk
Reducing riskReducing risk
Reducing risk
 
Risk Management
Risk ManagementRisk Management
Risk Management
 
Risk-Analysis-Power-Point.pptx
Risk-Analysis-Power-Point.pptxRisk-Analysis-Power-Point.pptx
Risk-Analysis-Power-Point.pptx
 
Risk-Analysis-Power-Point.pptx
Risk-Analysis-Power-Point.pptxRisk-Analysis-Power-Point.pptx
Risk-Analysis-Power-Point.pptx
 
Security Assurance
Security AssuranceSecurity Assurance
Security Assurance
 
Risk-Analysis-Power-Point (2).pptx
Risk-Analysis-Power-Point (2).pptxRisk-Analysis-Power-Point (2).pptx
Risk-Analysis-Power-Point (2).pptx
 
There are 3 schools of thought regarding risk. First considers the p.pdf
There are 3 schools of thought regarding risk. First considers the p.pdfThere are 3 schools of thought regarding risk. First considers the p.pdf
There are 3 schools of thought regarding risk. First considers the p.pdf
 
The incorporation of sustainability risks into the risk culture | Albert Vila...
The incorporation of sustainability risks into the risk culture | Albert Vila...The incorporation of sustainability risks into the risk culture | Albert Vila...
The incorporation of sustainability risks into the risk culture | Albert Vila...
 
CYBOK: Risk Management Governance KA Webinar slides.pdf
CYBOK: Risk Management Governance KA Webinar slides.pdfCYBOK: Risk Management Governance KA Webinar slides.pdf
CYBOK: Risk Management Governance KA Webinar slides.pdf
 
Risks & its types
Risks & its typesRisks & its types
Risks & its types
 
Risk management
Risk managementRisk management
Risk management
 
Risk Management Sir A. S. Chaubal
Risk Management Sir A. S. ChaubalRisk Management Sir A. S. Chaubal
Risk Management Sir A. S. Chaubal
 
Insurance And Risk Management
Insurance And Risk ManagementInsurance And Risk Management
Insurance And Risk Management
 
Managing Reputation
Managing ReputationManaging Reputation
Managing Reputation
 
ERM -01- Introduction 06-10-2022.pptx
ERM -01- Introduction 06-10-2022.pptxERM -01- Introduction 06-10-2022.pptx
ERM -01- Introduction 06-10-2022.pptx
 
Risk Taking Behaviors
Risk Taking BehaviorsRisk Taking Behaviors
Risk Taking Behaviors
 
Managing Decision Under Uncertainties
Managing Decision Under UncertaintiesManaging Decision Under Uncertainties
Managing Decision Under Uncertainties
 
BM7037-15 Corporate Governance, Ethics & Risk ManagementRi
BM7037-15 Corporate Governance, Ethics & Risk ManagementRiBM7037-15 Corporate Governance, Ethics & Risk ManagementRi
BM7037-15 Corporate Governance, Ethics & Risk ManagementRi
 

More from arnoldmeredith47041

Write a scholarly paper in which you apply the concepts of epide.docx
Write a scholarly paper in which you apply the concepts of epide.docxWrite a scholarly paper in which you apply the concepts of epide.docx
Write a scholarly paper in which you apply the concepts of epide.docxarnoldmeredith47041
 
Write a S.M.A.R.T. goal to improve the Habit 5 Seek First to .docx
Write a S.M.A.R.T. goal to improve the Habit 5 Seek First to .docxWrite a S.M.A.R.T. goal to improve the Habit 5 Seek First to .docx
Write a S.M.A.R.T. goal to improve the Habit 5 Seek First to .docxarnoldmeredith47041
 
Write a Risk Management Plan for a School FacilityInclude th.docx
Write a Risk Management Plan for a School FacilityInclude th.docxWrite a Risk Management Plan for a School FacilityInclude th.docx
Write a Risk Management Plan for a School FacilityInclude th.docxarnoldmeredith47041
 
Write a review that 750 - 1000 words in length about one chapter in .docx
Write a review that 750 - 1000 words in length about one chapter in .docxWrite a review that 750 - 1000 words in length about one chapter in .docx
Write a review that 750 - 1000 words in length about one chapter in .docxarnoldmeredith47041
 
write a resume using the example belowCONTACT INFOFirs.docx
write a resume using the example belowCONTACT INFOFirs.docxwrite a resume using the example belowCONTACT INFOFirs.docx
write a resume using the example belowCONTACT INFOFirs.docxarnoldmeredith47041
 
Write a resume and cover letter for the following positionOnline.docx
Write a resume and cover letter for the following positionOnline.docxWrite a resume and cover letter for the following positionOnline.docx
Write a resume and cover letter for the following positionOnline.docxarnoldmeredith47041
 
Write a response to the peers post based on the readings. Origi.docx
Write a response to the peers post based on the readings. Origi.docxWrite a response to the peers post based on the readings. Origi.docx
Write a response to the peers post based on the readings. Origi.docxarnoldmeredith47041
 
Write a response to the following prompt.Analyze the characteriz.docx
Write a response to the following prompt.Analyze the characteriz.docxWrite a response to the following prompt.Analyze the characteriz.docx
Write a response to the following prompt.Analyze the characteriz.docxarnoldmeredith47041
 
Write a response to a peers post that adds or extends to the discus.docx
Write a response to a peers post that adds or extends to the discus.docxWrite a response to a peers post that adds or extends to the discus.docx
Write a response to a peers post that adds or extends to the discus.docxarnoldmeredith47041
 
Write a response mini-essay of at least 150 to 300 words on  the dis.docx
Write a response mini-essay of at least 150 to 300 words on  the dis.docxWrite a response mini-essay of at least 150 to 300 words on  the dis.docx
Write a response mini-essay of at least 150 to 300 words on  the dis.docxarnoldmeredith47041
 
Write a response for each document.Instructions Your post sho.docx
Write a response for each document.Instructions Your post sho.docxWrite a response for each document.Instructions Your post sho.docx
Write a response for each document.Instructions Your post sho.docxarnoldmeredith47041
 
write a resonse paper mla styleHAIRHair deeply affects people,.docx
write a resonse paper mla styleHAIRHair deeply affects people,.docxwrite a resonse paper mla styleHAIRHair deeply affects people,.docx
write a resonse paper mla styleHAIRHair deeply affects people,.docxarnoldmeredith47041
 
Write a response about the topic in the reading (see attached) and m.docx
Write a response about the topic in the reading (see attached) and m.docxWrite a response about the topic in the reading (see attached) and m.docx
Write a response about the topic in the reading (see attached) and m.docxarnoldmeredith47041
 
Write a research report based on a hypothetical research study.  Con.docx
Write a research report based on a hypothetical research study.  Con.docxWrite a research report based on a hypothetical research study.  Con.docx
Write a research report based on a hypothetical research study.  Con.docxarnoldmeredith47041
 
Write a Research Paper with the topic Pregnancy in the adolesce.docx
Write a Research Paper with the topic Pregnancy in the adolesce.docxWrite a Research Paper with the topic Pregnancy in the adolesce.docx
Write a Research Paper with the topic Pregnancy in the adolesce.docxarnoldmeredith47041
 
Write a Research Paper with the topic Autism a major problem. T.docx
Write a Research Paper with the topic Autism a major problem. T.docxWrite a Research Paper with the topic Autism a major problem. T.docx
Write a Research Paper with the topic Autism a major problem. T.docxarnoldmeredith47041
 
Write a research paper that explains how Information Technology (IT).docx
Write a research paper that explains how Information Technology (IT).docxWrite a research paper that explains how Information Technology (IT).docx
Write a research paper that explains how Information Technology (IT).docxarnoldmeredith47041
 
Write a research paper outlining possible career paths in the field .docx
Write a research paper outlining possible career paths in the field .docxWrite a research paper outlining possible career paths in the field .docx
Write a research paper outlining possible career paths in the field .docxarnoldmeredith47041
 
Write a Research paper on the Legal issues associated with pentestin.docx
Write a Research paper on the Legal issues associated with pentestin.docxWrite a Research paper on the Legal issues associated with pentestin.docx
Write a Research paper on the Legal issues associated with pentestin.docxarnoldmeredith47041
 
Write a research paper on one of the following topics .docx
Write a research paper on one of the following topics .docxWrite a research paper on one of the following topics .docx
Write a research paper on one of the following topics .docxarnoldmeredith47041
 

More from arnoldmeredith47041 (20)

Write a scholarly paper in which you apply the concepts of epide.docx
Write a scholarly paper in which you apply the concepts of epide.docxWrite a scholarly paper in which you apply the concepts of epide.docx
Write a scholarly paper in which you apply the concepts of epide.docx
 
Write a S.M.A.R.T. goal to improve the Habit 5 Seek First to .docx
Write a S.M.A.R.T. goal to improve the Habit 5 Seek First to .docxWrite a S.M.A.R.T. goal to improve the Habit 5 Seek First to .docx
Write a S.M.A.R.T. goal to improve the Habit 5 Seek First to .docx
 
Write a Risk Management Plan for a School FacilityInclude th.docx
Write a Risk Management Plan for a School FacilityInclude th.docxWrite a Risk Management Plan for a School FacilityInclude th.docx
Write a Risk Management Plan for a School FacilityInclude th.docx
 
Write a review that 750 - 1000 words in length about one chapter in .docx
Write a review that 750 - 1000 words in length about one chapter in .docxWrite a review that 750 - 1000 words in length about one chapter in .docx
Write a review that 750 - 1000 words in length about one chapter in .docx
 
write a resume using the example belowCONTACT INFOFirs.docx
write a resume using the example belowCONTACT INFOFirs.docxwrite a resume using the example belowCONTACT INFOFirs.docx
write a resume using the example belowCONTACT INFOFirs.docx
 
Write a resume and cover letter for the following positionOnline.docx
Write a resume and cover letter for the following positionOnline.docxWrite a resume and cover letter for the following positionOnline.docx
Write a resume and cover letter for the following positionOnline.docx
 
Write a response to the peers post based on the readings. Origi.docx
Write a response to the peers post based on the readings. Origi.docxWrite a response to the peers post based on the readings. Origi.docx
Write a response to the peers post based on the readings. Origi.docx
 
Write a response to the following prompt.Analyze the characteriz.docx
Write a response to the following prompt.Analyze the characteriz.docxWrite a response to the following prompt.Analyze the characteriz.docx
Write a response to the following prompt.Analyze the characteriz.docx
 
Write a response to a peers post that adds or extends to the discus.docx
Write a response to a peers post that adds or extends to the discus.docxWrite a response to a peers post that adds or extends to the discus.docx
Write a response to a peers post that adds or extends to the discus.docx
 
Write a response mini-essay of at least 150 to 300 words on  the dis.docx
Write a response mini-essay of at least 150 to 300 words on  the dis.docxWrite a response mini-essay of at least 150 to 300 words on  the dis.docx
Write a response mini-essay of at least 150 to 300 words on  the dis.docx
 
Write a response for each document.Instructions Your post sho.docx
Write a response for each document.Instructions Your post sho.docxWrite a response for each document.Instructions Your post sho.docx
Write a response for each document.Instructions Your post sho.docx
 
write a resonse paper mla styleHAIRHair deeply affects people,.docx
write a resonse paper mla styleHAIRHair deeply affects people,.docxwrite a resonse paper mla styleHAIRHair deeply affects people,.docx
write a resonse paper mla styleHAIRHair deeply affects people,.docx
 
Write a response about the topic in the reading (see attached) and m.docx
Write a response about the topic in the reading (see attached) and m.docxWrite a response about the topic in the reading (see attached) and m.docx
Write a response about the topic in the reading (see attached) and m.docx
 
Write a research report based on a hypothetical research study.  Con.docx
Write a research report based on a hypothetical research study.  Con.docxWrite a research report based on a hypothetical research study.  Con.docx
Write a research report based on a hypothetical research study.  Con.docx
 
Write a Research Paper with the topic Pregnancy in the adolesce.docx
Write a Research Paper with the topic Pregnancy in the adolesce.docxWrite a Research Paper with the topic Pregnancy in the adolesce.docx
Write a Research Paper with the topic Pregnancy in the adolesce.docx
 
Write a Research Paper with the topic Autism a major problem. T.docx
Write a Research Paper with the topic Autism a major problem. T.docxWrite a Research Paper with the topic Autism a major problem. T.docx
Write a Research Paper with the topic Autism a major problem. T.docx
 
Write a research paper that explains how Information Technology (IT).docx
Write a research paper that explains how Information Technology (IT).docxWrite a research paper that explains how Information Technology (IT).docx
Write a research paper that explains how Information Technology (IT).docx
 
Write a research paper outlining possible career paths in the field .docx
Write a research paper outlining possible career paths in the field .docxWrite a research paper outlining possible career paths in the field .docx
Write a research paper outlining possible career paths in the field .docx
 
Write a Research paper on the Legal issues associated with pentestin.docx
Write a Research paper on the Legal issues associated with pentestin.docxWrite a Research paper on the Legal issues associated with pentestin.docx
Write a Research paper on the Legal issues associated with pentestin.docx
 
Write a research paper on one of the following topics .docx
Write a research paper on one of the following topics .docxWrite a research paper on one of the following topics .docx
Write a research paper on one of the following topics .docx
 

Recently uploaded

BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Celine George
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
Class 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfClass 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfakmcokerachita
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Sakshi Ghasle
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
 
Concept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfConcept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfUmakantAnnand
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17Celine George
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting DataJhengPantaleon
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesFatimaKhan178732
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsKarinaGenton
 

Recently uploaded (20)

BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
Class 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfClass 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdf
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application )
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
 
Concept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfConcept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.Compdf
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and Actinides
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its Characteristics
 

THE UNITED STATES NAVAL WAR COLLEGE U.S. Navy.docx

  • 1. THE UNITED STATES NAVAL WAR COLLEGE U.S. Navy Senior Enlisted Academy RISK MITIGATION: DIVERSE CHALLENGES FOR THE RISK PRACTITIONER By Prof. Ronald E. Ratcliff (Jan 2006) Edited by Prof. Bud Baker (Nov 2017)
  • 2. RISK MITIGATION: DIVERSE CHALLENGES FOR THE RISK PRACTITIONER It's tough to make predictions, especially about the future. ─ Yogi Berra INTRODUCTION Risk and risk management are concepts that leaders and their staffs have come to appreciate in increasing levels of sophistication. Operational Risk Management (ORM) is a process taught at all levels in the Department of Defense. Yet, and somewhat ironically, senior civilian Defense Department leadership has often been quite critical of the military services for their limited understanding of, and general aversion to, risk. While one can build a defensible case for the military’s penchant to avoid risk, the purpose of this paper is to examine more fully the challenges that make astute risk management so difficult. As part of that discussion, we will
  • 3. briefly examine the difficulties inherent in determining risk for low-probability but catastrophic events. We will also examine briefly the processes used in risk management and the challenges leaders face in making risk management decisions. Finally, we will address the challenges all organizations face when communicating the rationale for their choices given the risks involved. RISK In a July 2004 study commissioned by the British government entitled Public Perception of Risk, J. Richard Eiser noted that: “Risk is a feature of all human activity that results in some probable benefit but also includes a potential cost or harm.”1 He further noted: [E]verything that is important about risk arises from actual or perceived uncertainty ... it is only because we need to act under conditions of uncertainty that the concept of risk is of interest. If we felt there was nothing we could ever do to affect what might
  • 4. happen to us, we would have no decisions to take and there would be no point in worrying about the likelihood or value of future events. ... It is because these consequences are uncertain, and may leave us better or worse off, that we talk about risk.2 Risk is typically defined as “the combination of the probability of an event occurring and its consequences.”3 Usually, organizations perceive those consequences in a negative context. Within the Department of Defense, the term risk clearly has a negative implication defined as “the probability and severity of a potential loss that may result from hazards...”4 Similarly, the Naval War College characterizes risk as “the likelihood of failure and the consequence of failure…”5 These definitions equate risk to the probability that an organization’s vulnerabilities or weaknesses will permit an unwanted and/or harmful event to occur that will limit its ability to achieve a desired goal or objective. Thus risk is perceived to increase as either the probability of
  • 5. the unwanted event increases or the severity of the consequences rise. Often overlooked in an organization’s treatment of risk are its positive aspects. Risk usually entails the possibility that a future event could have a positive effect or be advantageous to the organization. This aspect of risk, while acknowledged by most organizations, is just as often likely to be ignored, as their aversion to risk too greatly discounts the potential benefits of a risky 2 choice. Many organizations fail to appreciate that risk is more than a simple articulation of the bad things that could happen; it is also about the good things that will not happen. Organizational success or failure is not simply dependent on the ability to identify and avoid harmful risk, but is also reliant on the ability to recognize and “to capitalize on fleeting opportunities.”6 UNCERTAINTY
  • 6. Risk occurs because the precise likelihood of a future event is unknowable. If we knew with certainty that an event was going to happen, there would be no discussion about risk. Unfortunately, the future is simply and unequivocally unknowable. We are frequently forced to make choices about the future without really knowing how things will turn out. As the consequences of those choices increase, so too does the perceived need to eliminate as much uncertainty as possible. Organizational uncertainty arises from three basic circumstances: 1) uncertainty about how the organization’s environment is changing; 2) uncertainty about how those changes will harm or benefit the organization; and 3) uncertainty about the best way to respond to those changes to either limit the harm or assure the benefits occur.7 Uncertainty is further complicated by the very nature of the doubt that creates the risky situation under consideration. Uncertainty results from two basic conditions: vagueness and ambiguity.
  • 7. • Vague uncertainty occurs when there is a lack of clear or definitive information about the range of probable future outcomes. • Ambiguous uncertainty, which occurs when there is clear but conflicting information on (or general disagreement about) the range of future outcomes.8 While uncertainty due to vagueness can be reduced by gathering more information about the situation, uncertainty due to ambiguity usually cannot be resolved by additional or new information. Clearly, it behooves the risk practitioner to first seek to understand the basic nature of the uncertainty faced by the organization before deciding how to diminish it. How we identify relevant data, develop information and act on that knowledge is dictated by how we perceive and judge risk as either a danger to be avoided or an opportunity to be seized. Judgment about risk is influenced by two elements: risk perception and risk propensity. RISK PERCEPTION
  • 8. Risk is not a physical entity into itself, but rather is a concept or a way of thinking about the impact of something that has yet to happen. As such, risk is a subjective judgment of the likely consequences of a future uncertain event. Yet risk is more than merely a function of uncertainty. It is also a judgment about how we value the different possible results (good and bad) that might occur. Those judgments color and bias our perceptions of risk.9 Value judgments play an especially large role in the way we estimate risk for low probability, but highly destructive events. Thus, risk perception is the product of one’s judgment about the likelihood an event will occur, the extent of harm or benefit that future event is likely to bring, and the level of confidence one has in those estimates.10 3 RISK PROPENSITY Risk propensity is often defined as “an individual’s current tendency to take or avoid risks…”11
  • 9. It is usually viewed in one of two ways: • Risk averse characterizes those who view risk as a harmful consequence to be avoided at all costs regardless the potential benefits. As a result, those who are risk averse usually seek to avoid risk in the decisions they make. • Risk tolerant characterizes those who value the potentially beneficial consequences of an event more than they fear the associated potential harm. Hence, those who are risk tolerant are willing to accept risk commensurate with the potential gain in the decisions they make. Our perceptions of risk are relative to our basic tendencies towards risk. While perception of risk may drive one person’s risk tolerance, another’s propensity to assume risk probably drives their perception of the risk involved. Decision makers must be aware of both aspects in order to fully appreciate which element is most influencing their decision or the estimates of others. To be too risk averse forgoes opportunity, while being too risk tolerant may be foolhardy.
  • 10. The Risk Dilemma. Adding to the complexity of organizational perception of risk is the influence of important key stakeholders. Returning to Eiser’s report on risk perception for the British government: Risk-mitigation decisions may be influenced by public perceptions of risk in ways that may distort priorities away from actual risk reductions. Policy makers may feel the need to be seen to be doing something about particular risks, even where the risks are relatively small and the actions undertaken are more visible than they are effective. The other side of the story is that the general public can sometimes appear frustratingly complacent about the seriousness of other kinds of risks, and so be resistant to policies and actions that could lead to risk reduction.12 How people perceive risk depends on: what they value, how the risk is framed, and their level of trust in the organization or institution responsible for identifying and characterizing the risk.
  • 11. Studies have shown that there appears to be a clear inverse relationship between perceived risk and perceived benefit and an individual’s evaluation of a hazard. That is to say, where an activity or issue is perceived in a positive light, people tend to judge its benefits as high and its risks as low. But where the situation or endeavor is seen in a negative light, people are likely to dwell on the dangerous or harmful aspects of the issue and perceive the risks as high.13 As a consequence, the astute risk decision maker must always strive to understand which aspect of risk (potential harm or benefit) is being emphasized or minimized to ensure that how a problem has been framed does not prejudice the risk decision. The “Wicked” Problem14 – Low Probability-High Consequence (LP/HC) Threat. One of the most perplexing problems that confronts national security organizations like DoD and the Department of Homeland Security is how best to identify and characterize the risk associated 4
  • 12. with low-probability events that have highly dangerous or catastrophic consequences should they occur. LP/HC threats include such things as the release of a Weapon of Mass Destruction (WMD) in a metropolitan area like New York City, or global pandemics like drug-resistant Tuberculosis, Smallpox or the Avian Flu. As the diagram at the right shows, when the severity of the consequences of an event is judged to be relatively low, the risk is usually judged to be “low” regardless of the likelihood that the event will occur. If the event is highly probable and its consequences are highly harmful, the risk is judged appropriately to be “high.” Problems arise, however, when we are forced to characterize events that have a very low probability of occurring, but if they do occur have disastrous consequences. Identifying
  • 13. appropriate criteria to characterize such risk as either high or low is not only highly problematic, but equally difficult to explain. LP/HC threats are by their nature complex ─ complex in the sense that the cause-and-effect chain is usually dynamic, often not well understood, and generally is open to reasonable debate. When the complexity of a threat exceeds the layperson’s ability to understand the important technical issues, cultural values and the public’s trust of national institutions become an integral part of the risk calculus. As a result, expert opinions or scientific analysis often are insufficient in and of themselves to provide universal or wholly accepted characterizations of the risk.15 When the issues are complex, public perceptions of risk are influenced by two dimensions: the extent and clarity of the knowledge about the threat and the level of conformity among stakeholder values that shape perceptions about how much risk is involved. Such problems have been called “wicked problems” because:
  • 14. 1) The problem and solutions exist in the “eye of the beholder,” hence there is no single accepted formulation of the problem; 2) Outcomes are not scientifically predictable; 3) The decision maker cannot know when all feasible and desirable solutions have been explored; and 4) The decision-maker is not allowed to be wrong.16 DIFFERENT KINDS OF RISK When addressing risk, frequently there is a tendency to assume that others see and understand the context of risk the same way that we do. Such a presumption is ill-founded and lays at the heart of most misunderstandings about risk. As one author noted when researching the subject, an internet search engine recently took 0.18 seconds to identify 510 million written works on the single word “risk.” It is highly doubtful that all of those authors were using it in the same way or in the same context.17
  • 16. in g (U n c e rt a in ty ) None Severity of the Consequence Catastrophic 0% 100% Low Risk Low Risk High Risk ? 5 There is no commonly accepted standard that establishes the categories or kinds of risk that
  • 17. confront decision makers. For many, risk is basically comprised of the inherent or pure risk that naturally emanates from our environment as opposed to assumed risk that springs from individual or collective activity or behavior. For others, risk is simply comprised of individual risk or societal risk. Within those broad constructs, risk can also refer to the potential harm to a physical asset (building, information system, transportation system, etc.) or to intangible but real assets (victory, profit, market share, reputation, etc.). Some commonly used categories or descriptions of risk include the following: • Organizational risk (technical, personnel, systems/process, performance); • Business risk (credit, product/market, regulatory/legal, transactional, investment); • Project management risk (cost, schedule and performance); • Operational risk (mission, resources, processes, tactics); • Strategic risk (competitive environment, risks that arise in the pursuit of enterprise objectives); • Political risk (constituencies, alliances, coalitions); and
  • 18. • Security risk (public safety and health, information systems, infrastructure). The Defense Department categorizes risk into four groups (personnel management, operational, future challenges and institutional). These lists are by no means exhaustive, but serve to show why, when speaking about risk, it is imperative to ensure all participants in a risk decision are proceeding with a common understanding of the risk that is under consideration. RISK MANAGEMENT In 2002, the National Infrastructure Protection Center defined risk management as the: Systematic and analytical process by which an organization identifies, reduces, and controls its potential risks and losses. This process allows organizations to determine the magnitude and effect of the potential loss, the likelihood of such a loss actually
  • 19. happening, and counter-measures that could lower the probability or magnitude of loss ... countermeasures should be identified and evaluated to select those which offer an optimal trade-off between risk reduction and cost.18 The term risk management is often (and incorrectly) used interchangeably with risk assessment, but the terms are not synonymous. Risk management is the administrative process designed to manage an organization’s exposure to risk to an acceptable level. From a military perspective, it is often useful to consider two aspects of risk: risk to mission and risk to forces. Risk assessment is a component part of risk management that describes the process used to identify and prioritize the risks that confront an organization. Risk management is comprised of four basic phases: assessing risk, deciding how to control the risk, implementing risk control 6 measures, and measuring risk control effectiveness. According to Shortreed, et al., in
  • 20. Benchmark Framework for Risk Management: The objective of risk management is to ensure that significant risks are identified and that appropriate action is taken to manage these risks to the extent that is reasonably achievable [emphasis added]. Appropriate actions are determined based on a balance between: risk treatment (or control) strategies; their effectiveness and cost; and the needs, issues and concerns of stakeholders.19 Implicit in the statement above is recognition of a critical point: in all risk management decisions, risk can only be minimized, but it can never be eliminated. The reason is quite simple, risk is comprised in part by uncertainty and while we can reduce uncertainty, we can never completely do away with it. Risk itself cannot be managed, only the operations and decisions that respond to the perceived risk can be managed.20 RISK FRAMEWORK – SEVEN WAYS TO DEAL WITH RISK
  • 21. Once an organization has completed its risk assessment, it must decide how best to control the risk that comes with a choice to either proceed with an activity that holds the possibility of causing desired effects or to forego such activity. Often we have a choice to engage in risky behavior, but it’s also important to note that some risks are unavoidable (weather or other natural disasters like earthquakes). Responses to risk can be divided into four basic approaches:21 Avoid: Some risks may only be treated or contained to acceptable levels by terminating the intended operations or activity. A military operation whose potential benefits or gains do not outweigh the potential negative consequences of failing should be terminated or cancelled. Transfer: For some risks, the best response may be to transfer wholly or partly the activity to another organization that has the capacity to better handle the risk and uncertainty. An infrastructure reconstruction project might better be transferred to a
  • 22. civilian contractor rather than assigned to a military construction battalion that has capability but marginal expertise. That said, one should proceed with caution when attempting to transfer any kind of risk because in most cases, responsibility and accountability for the results will likely remain with the original organization. Tolerate: At times an organization’s ability to do anything about some risks may be limited, or the cost to mitigate negative consequences may be disproportionate to the potential benefit gained. In this circumstance, the only course of action may be to endure the potential negative consequences of the decision. In large scale military operations, casualties are inevitable, sometimes even extensive, but often the operational or strategic goals are so important that casualties must be endured. Assume and Control: When the decision is made to pursue a course of action that is inherently risky, steps are usually taken to mitigate as much as possible any negative
  • 23. consequences that may result from that action. Such steps are not taken necessarily to eliminate the risk, but to contain or limit the negative consequences to a tolerable level. Said another way, the purpose of this category of control is to contain the potentially 7 harmful effects of risk rather than to eliminate it. Controls can be classified in one of four ways:22 • Redundancies: These controls are designed to ensure that a particularly important outcome is achieved or an intolerable event is avoided. The opposite of this is putting all of one’s eggs in a single basket. Generally this consists of backup plans and redundant systems. However, it can also include elements of hedging and diversifying. Hedging is putting into place safeguards to protect against undesired outcomes. For example, one way to hedge against the possible negative
  • 24. consequences with building a lighter, smaller conventional force is to maintain a nuclear strategic capability to assure a country’s national survival. Another redundancy approach to limit risk is by diversifying. Using the example of a nuclear strategic capability, the United States uses three different weapon delivery systems (land-based missiles, sea-based missiles and bombers) to complicate an adversary’s defense mechanisms. • Directive Controls: These controls are designed to limit the possibility of an undesirable outcome from occurring. Procedures designed to prevent mishaps in organizations belong in this category. Examples include prohibition against the entry of cargo or individuals coming from a particular country or port of origin that does not have sufficient controls in place to assure the security of follow-on ports of entry. • Detective Controls: These controls are designed to identify instances of undesirable outcomes occurring. Detective controls are, by definition, “after the fact” and only
  • 25. appropriate when it is possible to bear the negative consequences incurred. Examples include monitoring devices in ports of entry to detect the presence of WMD or passport control systems to detect attempted entry by illegal immigrants or unwanted visitors. • Corrective Controls: These controls are designed to correct the undesirable outcomes which have occurred. They describe the planned response to any loss or damage that result from the organization’s actions. An example of these controls includes the response of local, state and federal officials to contain or limit the effects of a WMD device or the effects of a particularly virulent and widespread disease or pandemic. Since every control action has an associated cost, the benefits of control must be judged against those costs. Seldom, if ever, is it possible to afford all the controls that could limit or contain the risk involved in a situation. Hence, the risk practitioner must choose a balance between implementing controls (e.g., redundancies,
  • 26. directive controls, detective controls, and corrective controls) and doing nothing (i.e., avoid, transfer, and tolerate). LIMITS TO PLANNING FOR AND MANAGING RISK While everyone generally recognizes that things rarely ever turn out exactly as expected, there is a natural tendency to expect that they will. While most leaders and managers assume they are proficient in handling risk and uncertainty, they probably are not as good at risk management as they think they are.23 There are several possible reasons for this: 8 • Overly narrow or misguided perceptions of what might happen in the future; • Insufficient relevant knowledge and/or poor situational awareness; • Pressure from stakeholders to ignore or assume away critical uncertainty; and
  • 27. • Lack of a systemic and logical framework to collect and process all relevant information that influences perception of the inherent uncertainties and risks.24 Risk practitioners must take care to guard against cognitive errors that cloud or bias their judgments about risk and uncertainty. People are prone to error when estimating probabilities and/or thinking about future events for a number of reasons:25 • Wishful thinking. Estimates of particular outcomes may reflect personal preferences concerning those outcomes. Sometimes those responsible for planning and executing an operation are more optimistic than uninvolved individuals. • Selective perception. People may not include all the factors that matter when estimating subjective probability. • Experiential bias. When considering a risky situation, knowledge about similar previous events may lead people to prejudice their perception of risk in the current situation even though the circumstances may be completely different. • Framing effects. The way people define the issue or problem
  • 28. usually influences their estimation of the probability of either a beneficial or harmful outcome occurring. • Overconfidence. People often overrate their ability to estimate the probability of future events. Research has shown that individuals are not as good at making predictions as they think they are. • Confirming evidential bias. People sometimes have a preferred outcome at a subconscious level, before they decide how they will justify their choice. In such cases, their biases affect the kinds of evidence they search for, and how they interpret the evidence they find.26 While the issues raised above seem pretty straightforward, “recognizing that we are prone to bias and errors of reasoning is one thing, but knowing what to do about it is quite another ... The problem is that we don’t typically know when we’re making a mistake until afterwards, and sometimes not even then. Even bad decisions can feel right.”27 As noted above, the reasons for
  • 29. our mistakes are myriad, if for no other reason than we truly believe we are acting as rationally and objectively as possible. The danger, however, lies in the fact that, ... it is extremely difficult to unlearn habits of thought and action that have been built up over a longer time. ... Our previous experience ‘got us here;’ on the other hand, we generally have very little insight into how we got here or what we have missed out on in the process. ... We don’t know what we don’t know, and find it difficult to imagine how things could be otherwise than as they appear to us.28 9 MORAL AND ETHICAL ISSUES Individual or collective choices that involve risk pose potential harm to others. As a consequence, they are irrevocably influenced by the moral
  • 30. values and ethical characteristics of the organization and the individuals who make such decisions. Moral and ethical considerations are rarely black or white, but encompass many shades of gray based on the perceptions of all involved in risk decisions. As such, there are no absolutes or hard guidelines or checklists to guide a leader faced with difficult choices. Hence, decision makers might do well to reflect on the following: • How will the consequences affect various individuals or groups; • How perceptions of the likelihood or the consequences of a threat will likely vary among those affected; • When the consequences will likely occur (in the near-term or distant future); • Where the consequences of a decision will be felt (outside as well as inside the organization); and • The likelihood that there will be a wide range of opinion about what is morally or ethically just.29
  • 31. In the final analysis, the decision maker must be able to answer a basic question: “What factors define what should be done to assure the well-being of the organization and the individuals who are a part of that organization?” Further: “What are our obligations to those outside the organization who will be affected by our choices?” Such judgments are wholly enveloped by individually and collectively held values that influence our perceptions of a situation.30 COMMUNICATING RISK This article has concentrated on the issues that inform the risk management process and dealing with uncertainty and the complex nature of risk. Decision makers must be ready to explain their choices, given the risks involved, to key stakeholders including the public. Felix Kloman, noted author of several articles on risk management observed: “Few organizations take the time to reduce what they know ─ and what they do not know ─ about risk, its organizational implications, and its responses into terms understandable to stakeholders.”31 He further and
  • 32. strongly asserts that organizational leaders have a basic responsibility to simplify our descriptions of risk in ways that most people can understand. To assure the public trust, he notes: “It is essential to communicate to stakeholders our understanding of risks, their interactions and our planned responses. When we obfuscate definitions with jargon and convoluted prose, we lose the audience we must reach.”32 CONCLUSION Uncertainty and risk are the constant companions of all leaders. As organizations and their competitive environments expand in scope and complexity, the uncertainty and the risk inherent in those surroundings will correspondingly increase. Leaders must provide their followers as 10 much clarity about the future as possible (within the constraints and limitations posed by the basic unknowable nature of the future) and offer guidance that
  • 33. bounds where and how much risk will be tolerated, and gives guidance about how to manage or control the risk assumed. To do that well, requires the astute risk practitioner to have a good understanding of the complexity inherent in any decision about risk and uncertainty. ENDNOTES 1 J. Richard Eiser, “Public Perception of Risk,” report prepared for the British Government Foresight Office of Science and Technology, July 2004, 2, available online at <http://www.foresight.gov.uk/Intelligent %20Infrastructure%20Systems/Reports%20and%20Publications/ Public%20Perception%20of%20Risk/long_paper.p df> [accessed 4 December 2005]. 2 Ibid, 4. 3 Definition provided by he International Standards Organization (ISO). 4 FM 100-14 Risk Management, Headquarters, Department of the Army, (Washington D.C.: U.S. Government Printing Office, 1998), 1-1. 5 Richmond M. Lloyd, “Strategy and Force Planning Framework,” Strategy and Force Planning, 3rd ed., eds. Lloyd et.al., (Newport, RI.: Naval War College, 2000), 13. 6 Jan Emblemsvag and Lars Endre Kjolstad, “Strategic Risk Analysis – A Field Version,” Management Decision,
  • 34. 40/9 (2002), 843, available online at <http://www.dnv.com/binaries/StrategicRiskAnalyses_tcm4- 10751.pdf> [accessed 3 December 2005]. 7 Jean Hartley, “Leading and Managing Uncertainty of Strategic Change,” Chapter 8, Managing Strategy Implementation, 109-121, eds. Tony Dromgoole, Patrick Flood, Liam Gorman, and Stephen Carroll, (Oxford: Blackwell Publishing, 2000). 110-111. 8 For a greater understanding of vague or ambiguous uncertainty the reader is encouraged to refer to the work of Daniel C. Molder and E. Tory Higgins in “Categorization Under Uncertainty: Resolving Vagueness and Ambiguity With Eager Versus Vigilant Strategies,” Social Cognition, Vol. 22:2, 2004, 248-277 available online at <http://www.psych.northwestern.edu/~molden/documents/RFCat egorize_SC04.pdf> [accessed 5 December 2005]. 9 Eiser, 58. 10 Sim B. Sitkin and Luarie R. Weingart, “Determinants of Risky Decision-Making Behavior: A Test of the Mediating Role of Risk Perceptions and Propensity,” Academy of Management Journal, 38:6 (December 1995): 1573-1575. 11 Sitken and Wiengart. 12 Eiser, 5. 13 Walters, Lawrence C., Peter J. Balint, Anand Desai, and Ronald E. Stewart, “Risk and Uncertainty in
  • 35. Management of the Sierra Nevada National Forests,” a Report submitted to Jack Blackwell, Regional Forester USDA Forest Service, Pacific Southwest Region, 6-7, Available online at: <http://classweb.gmu.edu/ pbalint/Final%20report.pdf> [accessed 7 December 2005]. 14 Adapted from Walters, et.al. 15 Ibid, 7-9.. 16 Ibid. 17 Eiser, 3. 18 National Infrastructure Protection Center, “Risk Management: An Essential Guide to Protecting Critical Assets,” November 2002. Available online at <http://www.psaudit.com/images/images_updated/ white_paper.pdf> [accessed 5 December 2005]. 19 J.H. Shortreed, L. Craig, and S. McColl, “Benchmark Framework for Risk Management,” Network for Environmental Risk Assessment and Management, available on line at <http://www.irr-neram.ca/pdf_files/ Benchmark2001.pdf,> [accessed 3 December 2005]. 20 McNamee, David, “The New Risk Management,” Mc2 Management Control Concepts. Available online at <http://www.mc2consulting.com/riskart5.htm> [accessed 4 December 2005]. 21 Department of Defense, Defense Acquisition University, Risk Management Guide For DOD Acquisition, February 2001, available online at
  • 36. <http://www.dau.mil/pubs/gdbks/RMG%20June%2003.pdf> [accessed 13 June 2005]. 11 22 British Government, Management of Risk-A Strategic Overview, Her Majesty’s Treasury Department, January 2001, available online at: <http://www.hm- treasury.gov.uk/media/EC612/orange-book.pdf> [accessed 13 June 2005]. 23 Matthew Leitch, “Risk Management – The Basics,” 18 March 2003. Available online at <http://homepage.ntlworld.com/ m.leitch1/mluck/basics/> [accessed 31 December 2003]. 24 Ibid. 25 For a more detailed discussion of errors mentioned in the text, and related errors, see Max Bazerman, Judgment in Managerial Decision Making, 4th Edition. (New York: John Wiley & Sons, 1998). See also Hammond, Keeney and Raiffa, Smart Choices, (New York: Broadway Books, 1999), 189-216. 26 Hammond et al., 1999. 27 Eiser, 35.
  • 37. 28 Ibid. 29 Douglas R May, Timothy D. Hodges, Adrian Y.L.Chan, and Bruce Avolio, “Developing the Moral Component of Authentic Leadership,” Organizational Dynamics, 32:3, 2003, 251. 30 Ibid. 31 Kloman, Felix, “Four Cubed,” Risk Management, September 2001, 23-24. 32 Ibid.