Skip to content

Creative risk management…

30 Dec 2010

. . . sounds like a bit of an oxymoron. But it’s not – far from it.

Walk a tightropeUnfortunately, risk management seems to have become synonymous with boring reviews of interminable risk registers done at the end of meetings when everyone just wants to get finished.

But I believe that creativity has a fundamental role to play in both the identification of risks and in approaches to mitigate them. For this post, I am just going to explore the first – identification of risks.

By definition, risks are uncertain – an event that might happen and which, if it did happen, would have a negative impact on a programme, project or initiative. That means that risks are about the future – things that haven’t yet occurred. The difficulty is having a wide enough perspective to explore future possibilities. To paraphrase one of Donald Rumsfeld’s most famous sayings – to understand better the known unknowns and to minimise as far as possible the number of unknown unknowns.

That to me not only suggests creativity – it demands it. But that doesn’t mean wild flights of fancy. Here’s a real life example from my time as strategy director at HM Revenue and Customs, a large UK central government department.

In 2005, shortly after the department was formed by the merger of Inland Revenue and HM Customs and Excise, we created some future planning scenarios. These were four possible views of what the operating environment for HMRC might look like in 2020. Scenarios are a great tool for strategic thinking and we used them in a variety of ways, not least to develop HMRC’s first corporate strategy.

But we also used them for identifying strategic risks to the department. I wanted to provide a creative session – but also a ‘safe’ environment, which allowed Board members to think about future threats without feeling personally threatened. So we used a technique called ‘back-casting’. Using the four scenarios we had created, I got the Board to role play a board of enquiry being undertaken in 2020 and set up to investigate why HMRC had failed. I chaired the ‘enquiry’ taking ‘evidence’ from ‘experts’ (role-played by members of my team), who explained how HMRC had not responded to the changing operating environment and the challenges thrown up by each of the four scenarios and as a result, had failed as an organisation. Because it was exploring things that hadn’t yet happened, we were able to put in some hard-hitting ideas, including issues of shortcomings in management and leadership. Yet the session allowed Board members to have a ‘safe’ discussion about possible failure – these were future ‘events’ that could be addressed. It was also creative in that it explored different possible operating environments and trends – none of which were predictions of the future, but all of which were evidenced by indicators or drivers in the present.

The result was a rich set of strategic threats to the department. Some of these were relatively short term and were linked into the department’s top level risk register. Others were more distant or even more uncertain; that is – it was not possible to assign even a vague probability to them. Those threats were monitored by my strategy unit as part of our ‘horizon-scanning’ – looking for lead indicators that suggested the threat was becoming more likely. If the latter happened, the Board were notified and the risk managed through the existing strategic risk register.

So – the discipline of risk management and the processes required does not mean that there is no room for creativity. If you want to hear more about how we approach risk management or use scenarios, why not contact us at

One Comment leave one →
  1. Donald permalink
    24 Feb 2012 9:55 am

    I searched “role of creativity in risk management” and landed here. More and more events, at least in finance, require creativity. The old tools used to measure risk are currently under scrutiny but the real risks are by definition outliers rather than, say, an aggregate Value at Risk figure. The role of the risk officer should be to identify risks. That includes power failures, loss of key personnel (hint: they are not the “C” people), unauthorized access, etc, etc. Nick Leeson is a prime example. Sure his financial exposures were incredible but it was the banks lack of spheres of system access that made it possible. KFW’s exposure to counterparty, Lehman was fairly large but it was lack of ability to stop a payment from within their own system that made their transfer of 5b a reality. Such events are described as unforeseen but only by those lacking imagination. Unfortunately, fulfilling regulatory requirements is a full-time commitment leaving little time for exploration of the things that could really hurt you.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: