Risk management is codified by the International Organization for Standardization (ISO). It is aimed at any organisation concerned with risk, be it public or private (Sandrine Tranchard, “The new ISO 31000 keeps risk management simple“, ISO News, 15 Feb 2018). Its forebear is actuarial science, i.e. methodologies to assess risk in insurance and finance (e.g. ENSAE Definition). Its study, as a discipline mainly of use to the private sector, progressively developed after World War II (Georges Dionne, “Risk Management: History, Definition, and Critique“, Risk Management and Insurance Review, Volume16, Issue2 ,Fall 2013, pp. 147-166).
Another “non-academic” discipline deals with risks, uncertainties, threats and opportunities or more exactly surprise. Its name is Strategic Foresight and Warning (SF&W). It results from the meeting of the older military Indications and Warning and from Strategic Foresight. Intelligence and military officers mainly developed SF&W for their needs regarding international and national security issues. Strategic Warning, for its part, for example, remains an essential mission, for example, of the U.S. Defense Intelligence Agency (DIA) as reasserted in its September 2018 Strategic Approach. Meanwhile, classical reference books on Strategic Warning are now part of the DIA 2018 Director’s Reading List. Strategic Warning and SF&W are more specifically the origin and outlook of our experience and practice here, at the Red (Team) Analysis Society.
Both disciplines and practices, risk management and SF&W, thus have different history, actors and aims. Yet, since the ISO revised risk management in 2009, we now have an almost perfect correspondence between SF&W and risk management. The ISO 2018 update confirms the similarity. This article will detail further the two processes, their similarities and complementarities.
The new risk management process thus lays the foundation for easily incorporating into the risks usually managed by businesses, all national and international security issues as usually related to states’ national interests, from geopolitics to politics, from criminality to war through cyber security. In other words, the process used to manage both the external and internal risks the corporate world faces is now similar to the way states handle their mission of international and domestic security, according to their national interests.
Meanwhile, these very similarities between risk management and SF&W should facilitate discussions and exchanges between the corporate world and the public sector, including in terms of data, information, analysis and process, according to the specificities and strength of each. When differences between SF&W and risk management subsist, we may turn them around to take the best of both world.
Indeed, what matters is to anticipate properly what lies ahead and to take adequate policies. It is not to abide by one label or another.
In this article, we detail the risk management process. We explain the new definition of risk. Then we underline the similarities with SF&W. We stress, where risk management is most different from SF&W, how the former could also help the latter. Notably, risk management provides a framework to address a sensitive area: developing and offering policy or response alternatives to decision-makers.
Featured Image: President Barack Obama attends a meeting on Afghanistan in the Situation Room in the White House. On his left, National Security Adviser James L. Jones, Secretary of State Hillary Clinton, U.S. Ambassador to the United Nations Susan Rice, National Intelligence Director Dennis C. Blair and CIA Director Leon Panetta. To his right, Vice President Joe Biden, Secretary of Defense Robert Gates (hidden), Chairman of the Joint Chiefs of Staff Admiral Michael Mullen, White House Chief of Staff Rahm Emanuel. – 9 octobre 2009, The Official White House Photostream, White House (Pete Souza) – Public Domain.
Copyrights for all references to ISO norms remain with the International Organization for Standardization (ISO).
This article is a fully updated and revised version of a text that was published first as an element of the U.S. Government commissioned report, Lavoix, “Actionable Foresight”, Global Futures Forum, November 2010 (pp. 12 & 20-24/98).