The Disaster You Could Have Stopped: Preparing for Extraordinary Risks

Ignoring high-consequence, low-likelihood risks can be damaging to an organization, but preparing for everything is impossibly costly. Here is how leaders can make the right investments.

Chris Bradley

We have to reengineer how we evaluate people, particularly in risky contexts. Rather than “you are your numbers,” take a holistic performance view. How do we make sure noble failures get rewarded and dumb luck does not?

Chris Bradley

Dan Lovallo is a professor who works in applying psychology on biases to management topics. A simple test he did at an investment bank showed that if you applied the CEO’s risk tolerance to all the investment decisions made at lower levels rather than the more junior decision makers’ risk tolerance, the decisions would have had a 32 percent better outcome. So, there is this … [ Read more ]

First Round Review

What most crisis communication systems neglect is closing the loop with colleagues in the same careful manner as they do with their customers.

Krista Berlincourt

If luck is what happens when opportunity meets preparation, a crisis is difficulty meeting unreadiness. You can’t avoid every iceberg, but you can add a few more safety boats.

Warren Buffett

A Russian roulette equation — usually win, occasionally die — may make financial sense for someone who gets a piece of a company’s upside but does not share in its downside. But that strategy would be madness for Berkshire. Rational people don’t risk what they have and need for what they don’t have and don’t need.

A 6-Part Tool for Ranking and Assessing Risks

CARVER is a system for assessing and ranking threats and opportunities. Developed during World War II, CARVER (then one letter shorter and known as CARVE) can be both offensive and defensive, meaning it can be used for identifying your competitors’ weaknesses and for internal auditing. In addition, many security experts consider it the definitive assessment tool for protecting critical assets.

Since it draws on both qualitative … [ Read more ]

How to Use Thought Experiments to De-Risk Your Startup

In the early days of building a company, it’s hard to step back and think about the bigger picture when there are always so many fires to fight or opportunities to chase down. That’s a shame, because looking at your business from a 50,000-foot view often reveals areas of misplaced focus or resource misallocation.
 
One technique that can break through the bubble of always being in … [ Read more ]

Julie Goran, Laura LaBerge, Ramesh Srinivasan

The critical question for executives concerned with their organization’s risk appetite is whether they are trusting their employees, at all levels, to make big enough bets without subjecting them to red tape.

Lower Your Startup Risk with this Template

After watching other founders – including myself – flail about, pivoting their way through the darkness, I’ve become obsessed with being more systematic and disciplined about entrepreneurship. So I decided to take Leo Polovets’ lead and standardize risk management into a single spreadsheet, which you can copy, download, or remix.

Sanjay Kalavar, Mihir Mysore

In our experience, it helps to think of a crisis in terms of “primary threats” (the interrelated legal, technical, operational, and financial challenges that form the core of the crisis) and “secondary threats” (reactions by key stakeholders to primary threats). Ultimately, the organization will not begin its recovery until the primary threats are addressed, but addressing the secondary threats early on will help the organization … [ Read more ]

Joseba Eceiza, Piotr Kaminski, Thomas Poppensieker

Nonfinancial risk has typically been addressed by one-off showcase initiatives based on a specific regulation or requirement, and left to experts in each field. What principles exist typically focus on adhering to formal standards and providing evidence that appropriate controls are in place. They are usually not embedded into the business but are instead delegated to risk and compliance departments, which have a limited understanding … [ Read more ]

A Comprehensive Approach to Managing Social Media Risk and Compliance

Traditional risk management policies and procedures were not designed for, quite literally, minute-by-minute monitoring of social media chatter to identify brand, strategy, compliance, legal and market risks.

Those risks are considerable. Financial institutions have had to shut down social media forums due to unanticipated negative feedback; the stock markets have been buffeted by fraudulent social network postings; businesses have had to change or rescind strategies … [ Read more ]

Are You Prepared for a Corporate Crisis?

No one can predict when disaster will strike—but knowing what to expect if it does will buy precious time.

Nonfinancial Risk Today: Getting Risk and the Business Aligned

Risk managers may argue that the basic principles of Risk and Control Management (R&CM) are well established, and indeed enshrined, in industry standards. The concepts may indeed be broadly known, but they are applied in such a scattered fashion that they are not fit for purpose.

The resourcing and costs of the R&CM approach should be aligned with the company’s structure, business model, and risk profile. … [ Read more ]

Chipotle Eats Itself

Fast Company’s most extensive article in eight years, informed by hundreds of hours of interviews from inside and around the company, thousands of pages of documents that were leaked to us, on-site reporting from farms to industrial kitchens, and revealing discussions with Steve Ells, his co-CEO Monty Moran, and other top Chipotle leaders. It is an eye-opening, entertaining, and unvarnished look at a company and … [ Read more ]

Nestlé’s Half-Billion-Dollar Noodle Debacle in India

Nestlé spent three decades building a beloved noodle brand in India. Then the world’s biggest food and beverage company stumbled into a public relations debacle that cost it half a billion dollars. A cautionary tale of mangled crisis management on an epic scale.

Preventing Social Media Armageddon

The accessibility and fluidity of social media leaves organisations open to significant risks. But there are countermeasures organisations can take to prevent reputation disaster.

Tucker Bailey, James M. Kaplan, Chris Rezek

When companies think about cybersecurity […] most ask, “How can we protect ourselves and comply with standards or regulations?” instead of “How do we make confident, intelligent investments given the risks we face?” Many also treat cybersecurity primarily as a technology function rather than integrating it into business operations. As a result, they get the wrong answer about how to construct a cybersecurity program.

What Have the Past 30 Years Taught Us About Managing Risk?

The problem with many catastrophic risks isn’t just that their impacts, when they hit, are so massive. It’s also that their odds of occurring in any given short time frame are very small, so that planning for them has to be handled as a long-term priority while the proverbial sun is shining. And neither companies nor individuals are particularly apt at taking serious, long-term action … [ Read more ]