I was recently asked to explain some of the concepts I use in my research to a journalist interested in new developments in scenario planning. Her audience was global corporate risk managers, so I thought I’d write a quick introduction to some of the key terms that risk managers should be aware of, but might not yet be exposed to.
Here are some of the key tools and concepts that every 21st-Century risk manager should be familiar with:
1. Scenario planning: The classic, group-based process for exploring the impact of critical trends and uncertainties on the business or policy environment. The method was widely popularized (although not developed) by Royal Dutch Shell in the 1960′s and 1970′s. The legacy of Pierre Wack and his protege’s is still widely felt through-out the strategic planning world, focusing on external variables of change, critical uncertainties, and the mental models of managers and decision-makers. Two of the best books on scenario planning are Kees Van Der Heijden’s “Scenarios: the Art of Strategic Conversation” and Peter Schwartz’s “The Art of the Long View“. A very good (although slightly dated) academic history of scenario planning can also be found here.
2. Horizon scanning: If scenarios help managers think about long-term change, horizon scanning is a process of scanning the environment for short term disruptions and other emerging issues. Key aspects of horizon scanning include environmental and social monitoring , distributed sensing capability, and knowing what to look for. Horizon scanning is a natural extension of scenario planning, which often help sensitive decision-makers to areas of potential change so that they can “make sense” of emerging trends and data. The Government of Singapore has the best horizon scanning system in the world, although several private consultancies offer horizon scanning services to corporations and organizations as well. The Swiss Government also offers a detailed description of horizon scanning which is quite good.
3. Sensemaking: A critical element to horizon scanning is the concept of “sensemaking”. The term describes a social process of explicit “making sense” of conflicting or ambiguous data and was originated by academics such as Weick, Sutcliffe and Dervin. It was later popularized by philosopher / practitioners like Dave Snowden and Gary Klein, who have very successfully applied this to the corporate risk management world. Sensemaking process through collective interpretation of confusing events, often events which have already happened. The September 11th Review is a large-scale example, although without using explicit sensemaking techniques. The point is to overcome the social and cognitive biases that cause us ignore critical bits of information that “don’t fit” with our stories about the world (such as airplanes crashing into towers). In this way, sensemaking is linked to the process of horizon scanning, which captures and presents trends and changes to mangers in a way that helps them understand their own expectations and limitations. One of the best introductions to sensemaking for risk management is Gary Klein’s excellent book “Sources of Power: How People Make Decisions.” Dave Snowden also has dozens of excellent podcasts on sensemaking and risk management on his blog over at Cogntive Edge.
4. Phase transition: Most risk management (and risk management models) are based on assumptions of smooth change and linear continuity of events. Phase transition is a concept from complex adaptive systems which argues that change actually occurs in short, periodic bursts in most complex, interdependent environments such as economies, ecosystems and technological systems. This concept is best illustrated by Gunderson and Holling’s work on the adaptive cycle (summarized well here), but is given a long treatment in an academic lecture I recently gave at the London School of Economics. The point for risk managers is that change, when it occurs, is often more severe and rapid than simply statistical models predict. This principle underlines the importance of all other concepts in this introduction.
5. Crowd sourcing: Given the reality of rapid change and the need to “make sense” of conflicting, emerging trends, crowd sourcing is an excellent way to keep track of emerging risks that can produce rapid, surprising results. The MIT Center for Collective Intelligence does some of the best thinking on crowd sourcing. Their point is that widely distributed problem-solving offers radical potentials for complex data processing. Crowd sourcing, when linked to horizon scanning, sensemaking and scenario planning systems, offer a truly revolutionary approach to risk management. I wrote a short introduction to crowdsourcing and collective intelligence here, which risk managers may find interesting.
6. Experiential learning: The value of many of these exercises is based on the fact that humans learn best when doing. The concept of experiential learning, therefore, is a way to create lived experiences tht explore critical issues through creative simulation or experiential means. Such approaches have been shown to produce demonstrable increases in learning and absorption of mission-critical ideas when compared to traditional forms of classroom learning and training. Tactical decision games, a form of experiential learning, are widely used in crisis preparation and risk management communities to help first-responders walk through how they might respond to surprising or stressful situations. Learning journeys (pdf) are another approach that takes senior management on physical field trips to unique environments to help them experience emerging threats or opportunities in their field.
7. Red teaming: Red teaming is a form of experiential learning coming from the military. In live-action military training exercises, the “good guys” often called the “blue team” and the “bad guys” are often known as the “red team”. Over time, the term “red teaming” has come to stand for the process of using outsiders to intentionally break, foil or surprise your strategic planning and risk mitigation process. It may sound counter-intuitive, but by actively inviting a determined (but ultimately friendly) enemy to stress-test your systems, you can increase the likelihood of uncovering hidden weaknesses and failure points. A good introduction to red teaming can be found here. A more detailed discussion on the use of red teaming and “ethical hacking” in IT security can be found here. Finally, for those interested in security and defence, the Red Team Journal is an excellent blog and resource on this practice.
8. Serious gaming: Finally, a link between experiential learning, red teaming and traditional risk management can be found in the concept of serious gaming; ”games designed for the purpose of solving a problem.” For risk managers, the most pressing problems might be to identify, understand and communicate core risks to your organization. Serious gaming and game mechanics offer compelling, effective and enjoyable ways of engaging people within your organization towards these ends. Jane McGonigal is a leading thinker on how to use games to address serious issues (her TED talk on gaming should be a must-view for every risk manager). The Serious Games Institute offers a rich repository of “serious research on serious games”. Finally, the Serious Games Market is an excellent blog on recent developments and ideas in serious gaming.
I hope this glossary is helpful to you. I believe that the combination of these ideas and techniques represent the leading edge of scenario planning, risk management and strategy creation. The convergence of them is where the substantive of innovation in 21st-Century risk management will occur. Watch this space for rapid and important change and please don’t hesitate to get in touch for further discussion.