While musing on the impact of the Iceland volcano last week, I reconnected with my old friend Bob Charette, a sometime contributor to Information Management who I've come to know as one of the best risk management experts in the field. He also deeply acquainted with technology and was a founder of lean software development.
I'd called to discuss the consequences of a natural disaster, but Bob shared some broader thinking that might be more profound in what it holds for society at large and for business in particular. It's about manmade threats and how we've moved to a time where the manipulation of risk we saw in financial markets with Goldman Sachs and Lehman is reflective of how we might be conducting business, even legitimately, in the future.
Charette has coined his own neologism for this effect: he calls it riskfare (think warfare) and it pertains to events large and small that affect both business and governments. "It looks like the future is not going to be about fighting major wars; instead we'll be facing lots of little terrorist wars," Charette says. "Terrorist wars are about coercion, which is about managing risk perceptions."
And as we look across the spectrum of society, those that become wealthier also become more risk averse. Charette figure that certain societies, like certain businesses, simply have way too much to lose. And the U.S. government, by virtue of the financial bailout, has deliberately changed what risk is.
"China can manipulate the U.S. by changing risks because all they have to do is not buy our treasury bonds," Charette told me. "Cyber warfare, because we're integrated by technology, can allow tremendous threats through relatively small things."
The thesis is that the manipulation of risk is going to be much more powerful in the future and that it's going to be deliberate. A brand of this thinking has already led our military to try to fight through vested interests and reconsider spending programs that don't address our most prevalent threats.
This is not how I hear most businesses talking about risk management in the current context of managing compliance. But change is difficult, and so is risk management in our globally intertwined world.
"This is exactly why risk management is so bloody hard," says Charette. "Before the financial meltdown, a lot of people were raising flags that synthetic CDOs were a crock and incredibly dangerous. I have article after article from respected economists who said they didn't understand this stuff and nobody paid attention until it happened."
It's the same with volcanos, he told me and I can appreciate the point. I recalled the old economic aphorism, "America sneezes and the world catches cold." In the case of Iceland, a volcano blew its nose and the wealthiest stayed home. I don't think it's alarmist to say future costly outliers are likely to arise from both natural and manmade events.
Charette is busy person in his role as president of ITABHI Corporation and a fellow at the Cutter Consortium. He's a frequent contributor to IEEE Spectrum, sits on advisory boards and is finishing his latest books on what he calls "the age of riskfare" and another on chief risk management officers. I look forward to both and a couple other projects he has in the works. He's also increasingly found on the speaker circuit.
If you see his name, look him up. Meanwhile, let us all know what you think about the future of risk management.