Saturday, August 20, 2016

Strategic Foresight: Risk Leadership into the Future...

When you really start to think long and deep on the discipline of the agile startup community,  you keep coming back to a single word.  Improvise.  The more you analyze what it takes to get an idea from "Zero to One" to a Minimum Viable Product (MVP), the more you need Operational Risk Management (ORM).  At the same time, this thought might question the notion of previous planning or preparedness:
im·pro·vise [im-pruh-vahyz] Show IPA verb, im·pro·vised, im·pro·vis·ing.
verb (used with object) 
1.  to compose and perform or deliver without previous preparation; extemporize: to improvise an acceptance speech.
2.  to compose, play, recite, or sing (verse, music, etc.) on the spur of the moment.
3.  to make, provide, or arrange from whatever materials are readily available.
Yet what the true startup and ORM professional understands is the origin of the word:
Origin:

1820–30; French improviser, or its source, Italian improvisare (later improvvisare ), verbal derivative of improviso improvised; Latini mprōvīsus, equivalent to im- im-2 + prōvīsus past participle of prōvidēre to see before hand, prepare, provide for (a future circumstance). See proviso
And so this brings us to the importance today of utilizing the power of "Strategic Foresight."
Strategic foresight is a fairly recent attempt to differentiate "futurology" from "futures studies". It arises from the premise that:
  • The future is not predictable;
  • The future is not predetermined; and
Future outcomes can be influenced by our choices in the present. [1]  Strategic foresight may be used as part of the corporate foresight in large companies.[2] It is also used within various levels of Government and Not for Profit organizations. Many concepts and tools are also suited to 'personal futures' thinking.
The "Asymmetric Attributes" of enterprise risk and "Big Picture Security" today is making predictability a major task going forward.  So what do improvising and strategic foresight have to do with startups and Operational Risk Management?  Everything.  Let's go back in the "Time Machine" for a minute:
The 2010 eruption of Eyjafjallajökull were volcanic events at Eyjafjallajökull in Iceland which, although relatively small for volcanic eruptions, caused enormous disruption to air travel across western and northern Europe over an initial period of six days in April 2010. Additional localised disruption continued into May 2010. The eruption was declared officially over in October 2010, when snow on the glacier did not melt. From 14–20 April, ash covered large areas of northern Europe when the volcano erupted. About 20 countries closed their airspace (a condition known as ATC Zero) and it affected more than 100,000 travellers.
"As the crisis ran its course it went on to paralyze or seriously limit air traffic in 23 countries around the EU and its periphery bringing 300 airports to a standstill and cancelling 100,000 flights, representing three-quarters of all European traffic. Ten million individuals were affected and had to cancel their trips or find alternative travel arrangements at serious economic cost for the passengers, carriers, and insurers involved."
So what?  So the future state of a High Risk X Low Frequency event is unlikely to get the attention it requires.  The 1-in-100 year probability of an event occurrence, has been so integrated with insurance industry underwriting group think, it often falls on deaf ears.  Resources and attention are increasingly directed towards potential crisis events, that are considered High Risk X High Frequency.

Could the EU have imagined the impact of volcanic ash from an erupting volcano in Iceland?  Most certainly.  Did the EU have the strategic foresight to know what to do when and if this happened?  The point is that sometimes improvising and the success of improvisation is a result of having devoted resources and time towards the planning and behavioral prediction of future outcomes.  Influenced by our choices in the present.  The impact to the organization, enterprise, nation state or individual is going to be a factor of how much is devoted to strategic foresight initiatives.

It is also imperative that we discern the risk of natural incidents caused by mother nature, to human threat actors. We must continue to evaluate the characteristics of other threat vectors related to our daily Operational Risk spectrum.  Using only the imagination of low-tech, less sophisticated and tried-and-true methods, our human adversary has a "Modus Operandi" with a continued low-risk of failure.  That low tech lower risk of failure, is still one of our greatest vulnerabilities:
The Joint Improvised Explosive Device Defeat Organization (JIEDDO, pronounced like "ji-dough") is a jointly operated organization of the U.S. Department of Defense established to reduce or eliminate the effects of all forms of improvised explosive devices used against U.S. and coalition forces.[4]
  • Formed February 14, 2006
  • Headquarters The Pentagon
  • Employees 435 government civilians and military personnel; ~1,900 contract personnel
  • Annual budget $1.6 billion for fiscal year 2013 [1]
JIEDDO is making a difference and the metrics prove that our Operational Risk Management professionals here, need to continue the course.  Not just for what has happened overseas on foreign soil, but for the surging wave on our own U.S. Homeland:  Boston, MA is one recent and relevant example.

Be Vigilant America!  Use Strategic Foresight to imagine such interdependent, unpredictable scenarios.  These growing interdependencies, are becoming ever more so prevalent:

• Rapid global economic growth
• Industrial development of non-OECD nations
• Interlinked global supply chains
• Increased worldwide awareness
• Increased media reach and individual power

These five interdependencies will be the catalyst of our future High Risk X Low Frequency incidents.
The future success ratio of agile startups and the ability for new innovation to pivot effectively, will be determined by an Operational Risk Management maturity factor.