a comment on Risk and Tomatoes

Risk Handbook of Knowledge – The RHOK

published online in 2016 with rights reserved by the author.

(Part One and Part Three only. Part two includes resources from Wikipedia)

In the truest sense to challenge and innovate, I present to you my very own Risk Handbook of Knowledge. It is the culmination of a series of loose thoughts and some more developed ideas. Where the idea is developed, that is noted, where the idea remains a springboard, that also is noted in this book.

But first, the most recent springboard, the ‘ah ha’ moment of self realisation that said I can write this. If my memory serves me right it was Chairman Kaga who, in a steamy Kitchen Stadium, announced the arrival of the Tomatoes!!!

Part One: Risk and Tomatoes

I was in my garden and tending to the fruits on the vines and was contemplating what to do with the glut of tomatoes; how to store and how to offload some. Of course, the best ones I would use today. This almost immediately unlocked a module in my brain that held the lexicon of Risk and Risk terminology. I soon deduced that the work Risk and Tomato were completely interchangeable, Humorous at first but this unlocked a real change in my ability to communicate Risk management to people who were not familiar with the associated concepts.

So here are a dozen ‘rules’ of ‘Risk’

  1. Tomatoes need to be ripe before picking.
  2. Tomatoes should not be left on your Managers desk.
  3. Tomatoes have a use by date.
  4. Tomatoes can be shared
  5. Tomatoes can be combined.
  6. Tomatoes leave a mess when destroyed.
  7. Tomatoes are not all equal, but should be treated with equity.
  8. Tomatoes can not be ignored in the desk drawer.
  9. Tomatoes have a value.
  10. Tomatoes are not the only fruit in the fridge.
  11. Tomatoes need to be understood in your planning.
  12. If you find a tomato, don’t hide it.

These are, in general terms self explanatory to someone who can find their way around a domestic kitchen but to expand and frame your mind set I will now discuss them briefly; I will flick between the words ‘Risk and tomatoes’ with the hope you will respect the attempt at humour to illuminate Risk management from a different perspective.

  1. Tomatoes need to be ripe before picking.

Like Risk, the unripe fruit is of little use; it is too bitter for consumption and also has not grown to its full potential. In terms of pure Risk, this is perhaps showing that we either are Risk averse and cutting off Risk management well before we need to, or perhaps we are cutting short our analysis of Risk prematurely and again displaying a aversion to effective management.

  1. Tomatoes should not be left on your Managers desk.

It is not an appropriate gift in most circumstances and further more is of very limited use during the working day. It is also a very hard gift to label, without damage and may confuse a good manager as to how it arrived. In relation to a Risk, it can certainly be handed to the manager, but with some context around it’s origin and a plan for what it could be used for in the future.

  1. Tomatoes have a use by date.

Even with the most careful growing techniques, the tomato will begin to deteriorate in quality from the moment it is picked. This is the same for Risk, from the moment of the Risk is documented it begins to loose relevance. This deterioration can be slowed and kept contemporary, but it required a series of treatments and storage solutions. Without complicating the analogy, this is a long series of Risk treatments that are related to this rule.

  1. Tomatoes can be shared

It is quite simple to see that with or without very simple tools, that a tomato can be divided across a number of parties. In culinary terms we can slice and dice; noting that the smaller pieces will spread further, but look less and less like the original fruit. This is the same for the Risk; we can share it perhaps amongst 2-4 interested groups, but as we divide it further, it is less and less clear as to who now holds a piece of the original fruit.

  1. Tomatoes can be combined.

As a converse to the sharing of the fruit, we can combine multiple fruits. It then becomes a little awkward, without good control, as to tracking where each fruit originated from and where it now sits amongst others in the salad bowl. Risk can also be aggregated as long as we keep good control of the constituent Risks now grouped together.

  1. Tomatoes leave a mess when destroyed.

If a tomato is subject to extreme temperatures or physical pressure it will most certainly deform. This may be an ideal way to use the fruit, but if it is uncontrolled it will certainly leave a residue. In Risk terminology, once you have the identifies Risk, it can not simply be eradicated with some residue.

  1. Tomatoes are not all equal, but should be treated with equity.

There are many types, colours, size, styles and flavours of tomato. Like snow flakes, there are individual and rarely are two ever completely identical. Risks also should never be treated just like another unless we can be sure that they are the same within out confidence limits. Equity allows us to acknowledge the slight differences in this background and treat the fruit as needed for our process.

  1. Tomatoes can not be ignored in the desk drawer.

For a few days, the cool temperature and lack of light will most certainly preserve the fruit, but soon the deterioration will begin. This is will leave a horrid residue in the drawer space and potentially impact on other items in the drawer. Like Risk, they must be stored or catalogued and then treated in a timely and open manner.

  1. Tomatoes have a value.

At peak ripeness, the fruit has a value. They can be bought, sold and traded for other goods and services. They can be traded in bulk or by single item. They can be sold to any competent buyer and generally anyone can grow and sell the fruits. It is however common now for buyers to make a more detailed assessment of the growing conditions and the Bona Fides of the farmer. This can give very different values to otherwise similar looking fruits. Risk is a tradable commodity (see chapter later)

  1. Tomatoes are not the only fruit in the fridge.

After the proceeding section, perhaps we have all heard the word Tomato enough times; so this extends to the use of Risk in Business and Management. Please don’t spend the whole day talking about Risks as we would never host a morning tea and only serve tomatoes.

  1. Tomatoes need to be understood in your planning.

So in a short extension then from having some diversity in our selection of food, we must also not exclude the tomato from the foodscape. This now opens a great area of discussion on our appetite: how many tomatoes do we want? What flavour? What style do we like and how do we want them prepared?

  1. If you find a tomato, don’t hide it.

And the last of our rules and perhaps the most important for the junior staff in any organisation is that if you find a Tomato, tell someone.

Some reader may want to compare the rules with the 4 accepted Risk Treatment strategies. They are Risk Avoidance, Mitigation, Transfer/share and Risk Acceptance.

  1. Tomatoes need to be ripe before picking. = Acceptance
  2. Tomatoes should not be left on your Managers desk = Avoidance
  3. Tomatoes have a use by date = Avoidance
  4. Tomatoes can be shared = Transfer/share
  5. Tomatoes can be combined = Mitigation and Acceptance
  6. Tomatoes leave a mess when destroyed = Mitigation and Acceptance
  7. Tomatoes are not all equal, but should be treated with equity = Acceptance
  8. Tomatoes can not be ignored in the desk drawer = Avoidance
  9. Tomatoes have a value = Transfer/share
  10. Tomatoes are not the only fruit in the fridge = Acceptance
  11. Tomatoes need to be understood in your planning = Acceptance
  12. If you find a tomato, don’t hide it = Acceptance

Part Two:  Risk Appetite

This is a continuation of my work in Risk Assessment and particularly of the way we develop our appetite for Risk. Other groups are looking at the way we perceive Risk and live with it for disaster situation and in our social media/online personality. What I have researched so far…

Risk appetite and tolerance

Risk appetite and tolerance must be high on the board agenda. IRM’s guidance, while providing practical direction to facilitate debate in the boardroom, it is far from the final word on the subject. It is however, a useful tool and source of information.

Risk appetite is a core consideration in an enterprise Risk management approach. Risk appetite can be defined as ‘the amount and type of Risk that an organisation is willing to take in order to meet their strategic objectives. Organisations will have different Risk appetites depending on their sector, culture and objectives. A range of appetites exist for different Risks and these may change over time.

While Risk appetite means different things to different people, there is widespread consensus that a properly communicated, appropriate Risk appetite statement can help organisations achieve their goals and sustain their operations.

“The Risk appetite statement is generally considered the hardest part of any enterprise Risk management implementation.  However, without clearly defined, measurable tolerances the whole Risk cycle and any Risk framework is arguably at a halt”. Jill Douglas, Head of Risk, Charterhouse Risk Management

Risk appetite and performance

While Risk appetite is about the pursuit of Risk, Risk tolerance is about what an organisation can deal with. All organisations have to take some Risks and they have to avoid others. The big question that organisations have to ask themselves is: just what does successful performance look like? This question may be easier to answer for a commercial organisation than for a government department, but can usefully be asked by boards in all sectors.

Definition

The level of Risk that an organization is prepared to accept in pursuit of its objectives, and before action is deemed necessary to reduce the Risk. It represents a balance between the potential benefits of innovation and the threats that change inevitably brings.

Levels of risk appetite

The appropriate level will depend on the nature of the work undertaken and the objectives pursued. For example, where public safety is critical (e.g. operating a nuclear power station) appetite will tend to be low, while for an innovative project (e.g. early development on an innovative computer program) it may be very high, with the acceptance of short term failure that could pave the way to longer term success. Below are examples of broad approaches to setting Risk appetite that a business may adopt to ensure a response to Risk that is proportionate given their business objectives.

Averse Avoidance of Risk and uncertainty is a key organization objective.

Minimal Preference for ultra-safe options that are low Risk and only have a potential for limited reward.

Cautious Preference for safe options that have a low degree of Risk and may only have limited potential for reward.

Open Willing to consider all potential options and choose the one most likely to result in successful delivery, while also providing an acceptable level of reward and value for money.

Hungry Eager to be innovative and to choose options offering potentially higher business rewards, despite greater inherent Risk.

The appropriate approach may vary across an organization, with different parts of the business adopting an appetite that reflects their specific role, with an overarching Risk appetite framework to ensure consistency.

Measuring Risk appetite

Precise measurement is not always possible and Risk appetite will sometimes be defined by a broad statement of approach. An organization may have an appetite for some types of Risk and be averse to others, depending on the context and the potential losses or gains.

However, often measures can be developed for different categories of Risk. For example, it may aid a project to know what level of delay or financial loss it is permitted to bear. Where an organization has standard measures to define the impact and likelihood of Risks, this can be used to define the maximum level of Risk tolerable before action should be taken to lower it.

There is often a confusion between ‘Risk management’ and ‘Risk appetite’, with the rigor of the former now recovering some of its lost ground from the vagueness of the latter. Derived correctly the Risk appetite is a consequence of a rigorous Risk management analysis not a precursor. Simple Risk management techniques deal with the expectation values of the consequences of hazardous events, but this ignores the possibility of collateral effects of a bad outcome, such as for example becoming technically bankrupt. The quantity that can be put at Risk depends on the cover available should there be a loss, and a proper analysis takes this into account. The ‘appetite’ follows logically from this analysis. For example an organization should be ‘hungry for Risk’ if it has more than ample cover compared with its competitors and should therefore be able to gain greater returns in the market from high Risk ventures.

Part Three:  Risk Trading

Some years ago I completed a paper in Cumulative Risk but it lacked a view of what to do if we needed to absolve our team from an unavoidable Risk. These concepts would be extended and incorporate the work from the finance sector in developing consumer Risk Appetite Indices. I would explore how our Corporate Engineering Risk Appetite changes with the financial, operational and psychosocial climate of the group or enterprise.

Recently, during some Masters level study I started to think more about the thing being Risk. It has I feel for too long been referred to more as a verb or a thing we do, but I think it should be a noun, a thing we own.

Perhaps John Mayer impacted on my thoughts here in his recent song that discussed the difference between verbs and nouns in human relationships.

Risk is created once we analyse a situation. Engineering authorities will give it some deep analysis and treatment before handing it to an executive authority. Much like a baker or artist uses skills to create a product for the customer.

Just a quick side note here on the concept of creation: There is a law of the conservation of energy, stating that is cannot be created or destroyed. There is a great, but misleading TV ad for an energy company (energy provider) that they make energy daily. This is false, energy cannot be made, and it can only be moved from one form to another. There may be some robust discussion here about the theory of relativity and some breaking research in the fields of quantum physics, but they are on the side for now.

So in my view, we can supply this product called Risk, much like we do with creating energy at a power station. It is then a product for use. Much like electricity it has to be used and managed there and then or it becomes a little obsolete. It has to be stored, classified and a plan made for its future.

So given that Risk is now a thing, I wondered if I could trade it, like I do with Comics, cash or cars. I chose those comparisons carefully as they all have varying values. Cash devalues in its own economy at a steady rat. Comics have a set face value on release, but can drift down or soar well above this from supply and demand with other collectors. Finally Cars have a very high retail value that plummets in the first year, before a steady decay. Value can improve if it is an exotic or fall further from poor upkeep of the item.

So what can I compare Risk to from the suite above? I feel it is perhaps like the comic. It has a very fixed value for a short period, but after this there is a wide range of values it can take. It could drop in value if no one wants to own it. There could be rise in value if it is a boutique Risk with a low chance of occurrence. There may also be ability for this Risk to fit into a set of other Risks so its value may be impacted by the others in the set.

I may be losing readers here, because many may be thinking who would want to own lots of Risks, just get rid of them. Well it is not that simple, by commanding a fleet unit we have Risk and we produce them daily. My point here is that we should not continue to amass them. We need to understand them, value them and then trade them somewhere else. In general terms we need to trade our operational Risks to operating authorities, the currency being earned by this trade is resources of time and people. The technical Risk should be traded to the maintenance authorities, this transaction frees up organic resources, so may also require the handing over of some of those resources to settle the deal.

In many ways, it appears that the actual payment for the transaction accompanies the Risk; that is people are paid more to take on a Risk rather than recompensed for losing the item.

But this is not always the case. In the insurance game, the ownership of Risk is the backbone of the industry. Insurance companies will take on the Risk for the insured entity. This is accompanied by a premium that’s serves as the income for the company.

Does this then imply that all our Risks at sea should be owned by a big brother company in return for them pocketing our premium payments? Sure of course it does. This group is made up of a suite of shareholders being technical repair authorities, Capability providers and Operational authorities.

So in closing, we must as Engineers and operators continue to assess hazards and consequences and produce valuable Risk assessments. These then need to be carefully analysed for who is going to own them. If they are in our Risk appetite, we should hold them and manage them. If they are outside our domain they must be traded away.

I thank you sincerely for the opportunity to put forward my view on Risk and hope you enjoyed the story. I can be contacted easily for interview or to provide further information to support my application.

22 February 2016