In the 1970s, the US Air Force recognized that one of the biggest risks to its advanced, complex programs was cluelessness. In these sorts of programs, much of the collective knowledge was “tacit.” In other words, individual managers know most if not all of the direct risks to achieving their objectives but don’t usually talk about them. As a result, they are individually aware but collectively clueless about very important risks facing the program. The Air Force decided to do something about this because the consequences of all of this critical knowledge not being shared was causing cost overruns and ongoing embarrassments.
A decade or so earlier, “Enterprise Risk Management” (ERM) began as corporations looked for a way to lower their insurance costs. It quickly evolved into a broader approach, one that recognizes, and measures all of the risks that are integral to any organization’s efforts. (See our blogs “Time for Increased Automation of Enterprise Risk Management” and “Manage Risk across Enterprise Effectively”).
The purely mathematical aspects of ERM are straightforward: the basic modeling techniques are well established . The more problematic aspect of managing risk in organizations is the human element – getting people to identify the risks they face, assessing their probability and impact, and determining the scale used in measuring the impact of the risk. To do the last two, you first must have a way to get people to share their assessment of risk in ways that reliably surface the most important risks in a way that encourages participation and does not penalize honesty. Technology and the rising acceptance and use of social media have made this easier.
Today, companies are starting to use new techniques such as prediction markets and crowdsourcing to help address enterprise risk.
Like the Air Force, any midsize or larger company is often at risk because those in charge do not have a way of comprehensively monitoring and managing the risks a company faces. The impact is multiplied because individual managers have no idea which of the risks of others could have a significant impact on their own part of the operation. Even if some of the risks are discussed from time to time in review meetings, it doesn’t mean that the organization has anything more than a vague sense of which are the most important. They don’t have a clear sense of the likelihood of them materializing, or the degree and nature of impact(s) they might have. As a result, executives and managers are unaware of what they should be looking for and cannot set priorities for managing risks. Worse, the consequences of some of the risks might ripple out with unforeseen (but foreseeable) consequences. What might appear to be moderately probable but seemingly low-cost impact (the failure of a low-cost component to pass thermal tests) could result in the delay of a critical subassembly and the need to spend a considerable amount of money dealing with this contingency. Unless the risks are networked, managers will not understand cross functional and interconnected risks.
“Prediction market” is a relatively new word used for a speculative market created for the purpose of making predictions about elections or economic events (company earnings, for instance). Prediction markets were inspired by British bookmakers handicapping election results and their apparent ability to accurately predict results more often than not (and more accurately than opinion polls). This led to the adoption of a similar (albeit low-stakes) approach used by the Iowa Electronic Market and others.
Crowdsourcing is a neologism applied to a collaborative approach to addressing business problems. Initially the term applied to using external input to harness the ‘wisdom of crowds’ in order to address internal issues, such as choosing and marketing strategy or improving computer code. In this sense, it is a way of getting external perspectives about the risks a corporation might be facing or how it might address risks. However, the definition has broadened to apply to any use of collaborative technologies to facilitate problem solving, or identifying and addressing risks. Since organizations may have inbred prejudices that prevent it from considering certain risks or solutions or may not have the collective experience to imagine a broader set of risks and how to address them, crowdsourcing can be useful risk identification and mitigation method (although very likely as one-off, high value efforts rather than ongoing assessments).
As applied to risk, prediction markets can be used to collect a more accurate perspective on issues that will affect an organization. It can be especially useful in performing ongoing corporate polling in areas where management will benefit from front-line input. For example, “What day will the new product ship?” is one way to assess whether – and to what extent – people in an organization believe this project objective will be met. When combined with a structured risk assessment process, internal prediction markets can provide senior managers with a more accurate way of measuring and monitoring key risk factors.
Strategic consultants like McKinsey have been discussing the use of prediction markets as a management tool. Some companies are already using them successfully. Like many management techniques, prediction markets require the appropriate tools, but like every such technique, how they are implemented and managed will be critical to whether they are effective for enterprise risk management. I recently came across a new technology vendor called CrowdCast that is focused on prediction markets that try to improve an organization's ability to communicate about- and mitigate risk.
Let me know your thoughts or come and collaborate with me on Facebook, LinkedIn and Twitter.
Robert D. Kugel - SVP Research