Don't stop at the lights
Security
Dealing with risk is not always the simple topic that we would like it to be. On the face of it, most methodologies follow and are based on the principle that risk = likelihood x impact.
Based on this we build control systems that minimize or in "risk speak" mitigate these risks. At a crossroads for example there is a risk of a vehicle collision, so one way to control this risk is to implement a traffic signal system.
So, in one direction we see the lamp is red, please stop and wait otherwise the likelihood if you continue is that you will crash, and the impact could be deadly.
So far so good. On the other hand, when the light is green, we are saying that is safe to proceed and that the likelihood of a collision is very low. If the lights are red and amber, it means to prepare to go.
But as we all know auto accidents still occur even with fully functioning traffic lights. So, it begs the question when dealing with risk what is our goal?
If we continue this analogy, I will say that our goal is to have traffic safety and try to eliminate deadly accidents. It is also important to note that our perception of risk must be based on purposeful data, as the human perception of risk is often flawed. You may be surprised to hear that mosquitoes kill more people in one day than sharks have killed in the last 100 years – source: WHO Global Shark Attack File.
So here we see the risk specialist has a critical role, and my call to action for all risk specialists is: “Don't stop at the lights!”
I know that someone reading this right now is rubbing their hands and saying great that is one way to get rid of them. But this is not what I am trying to achieve. Risk management is only as effective as the actions that accompany the evaluations. So, a risk specialist has the task to enroll people so that the context that is always present can be clearly identified and understood. Risk assessments are sometimes just like traffic lights, red, amber, and green giving some indication of a desired or undesired state.
Good risk culture is built on the readiness of an organization to respond to the dangers.
And by the response, I mean looking for a holistic solution that finally reaches the "green" state.
Easy to say but not always easy to do, but if we are honest, we know that risk management is a hard job and sometimes the specialists are resigned to their fate "I warned them, but nobody cares!"
But in exactly this moment of discomfort is where the driven (no pun intended, ok just a bit) specialist excels (I know there is a pun in there, but we leave that one alone).
This is where he uses his skill to go from grainy old analog pictures to 4K ultra-HD.
So, going back to our traffic safety problem, a deeper insight into the situation shows that this particular risk was in fact caused by the shiny new building that blinds the drivers at certain times of the day. The controls that are in place are not enough, not only do we need working traffic lights we need to add shades to a building. To ensure effectiveness we need data that facilitates root cause analysis. That is why I say don't stop at lights, keep going and see what else is impacting the system.
Now calling all risk specialists to be brave and make this quote your mantra: “Survival can be summed up in three words―never give up. That’s the heart of it really. Just keep trying.” ―Bear Grylls
