Why do we need that again?
This time last year, I finished writing “20 Risk & Sustainability Tactics That Halve Risks, Improve Impact, & Deliver Value.” What on earth prompted me to write another detail-packed paper? I have no idea.
Actually, that’s a lie. In numerous projects, I saw risk overlap cause a mess (at best) and sometimes chaos (at worst). If we look from the other lens, most investigations seldom stop at one risk issue. For instance, that fraud scheme involving employees and contractors might also have transgressed data protection, cyber controls, physical security, employment practices (hiring to non-retaliation), fiduciary financial duties, etc. These issues are (frequently) managed separately (HR, Finance, Legal, etc.).
In the context of sustainability, the potential ‘blowback’ of failure extends further. No part of a business (from sales to production to support functions) doesn’t have exposure and the ability to cause sustainability risks. In this setting, I wrote about the unintended consequences of (in)action (also called “second-order effects”). These consequences may stem from internal decisions or external events. One example of the latter mentioned in the paper was “trade disputes,” which are now more timely than they were for a while.
This morning, an investment professional at an emerging markets-focused fund queried why a crisis management framework (plan) might be a helpful thing to ask for when investing in mid-cap businesses. I get the contention; it’s not a standard document to request as part of a pre-investment risk assessment (due diligence). Additionally, many mid-caps won’t have such a framework formalised (which is fine; I’m always more interested in how situations would really be managed than what’s written in a file lost in a drive somewhere). I explained that it’s very hard to consider the impact of risk (let alone second-order effects) if we haven’t discussed how to manage things going wrong.
As we enter a fractious geopolitical and economic period, now would be a good time to step back and consider intersectional risks (the PESTLE topics, for starters. Do you think you might be able to squeeze a 45-minute crisis simulation into the organisational agenda to help understand:
💡 Which risks are (likely) connected
💡 The impact of decision-making on, err, impacts
💡 Knowledge gaps (known unknowns)
💡 What’s within your control (as external storms gather)
💡 Risk management efficiencies (overlap, duplication, contradiction)
If you’re stuck structuring such an exercise, you know where I am. If you’d rather read the paper first, point 19 discusses, in detail, how we might approach the interconnectivity of risk resilience using sustainability (precisely because its scope is so broad). If you’d like to receive a copy, reply “Guide” (or hunt it down on the website).