1.4 Why is important to manage risks Comprehensively and Scientifically?

The management of risks is more important today, than ever before – in a very broad array of circumstances – including cyber risks, terrorist risks, health risks, environmental risks, occupational risks, and so on.  But why should you want to manage risks in a comprehensive and scientifically valid way?  Because it is the only way to optimally manage the allocation of resources to best achieve your objectives or the strategic and tactical objectives of your organization.  Guessing which controls to implement to reduce risks based on the widespread use of simplistic 1 to 5 measurement scales is not only unscientific, but non-competitive and a good way to eventually go out of business.  In a public environment, it is not only a waste of resources but at risk to being exposed as lack of good management. 

Managing risks comprehensively and scientifically is a way to determine how much resource (money, people, …) to apply today to reduce risks for events that may never occur.  Unlike issues, which are certain to occur, risk events are uncertain and may never occur.  So, there is a natural tendency for managers to put off expenditures today in order to prevent losses from events that may not occur in the next year, five years, or 10 years.  The mayor of Houston decided not to invest 30 million dollars or so to fix the levies that needed fixing.  The losses from Hurricane Harvey amounted to a thousand times that amount.  We will show how to determine when an ounce of prevention is worth more than a pound of cure.  We will show how to convince those holding the money strings to invest today for things that may never occur.  We will show how this can be done with comprehensive and scientifically valid risk analysis that will prevent issues from becoming risks and then becoming crises.[1]

[1] Thanks to Tom Brandt, CRO at IRS for this observation.