I recently had to put together a presentation on uncertainty for a potential client, which made me think about the subject again.
Over the years I’ve put together many risk management processes and toolkits for different organisations and purposes, ranging from managing strategic risks for an emergency service through to most recently for a change programme for a large engineering company. Although these have followed standard practice, I’ve always felt they have missed something; indeed they’ve often missed big problems that seem to have appeared out of nowhere, how can this be?
This made me think again about my whole approach, also triggered by reading “The fish rots from the head” by Bob Garratt – a book on corporate governance. He quotes the immortal lines by Donald Rumsfeld, and adds an additional section by Slavoj Žižek, the Slovenian philosopher. Between them I think they sum up the problem up very well.
“There are known knowns. There are things we know we know.
We also know there are known unknowns. That is to say, we know there are some things we do not know.
But there are also unknown unknowns, the ones we don’t know we don’t know.”
To this Žižek adds: “the unknown known, that which we intentionally refuse to acknowledge that we know” – even more linguistically tortuous than Rumsfeld!
Let’s have a look at what these four statements and what they mean for risk management.
The known knowns:
As it says, these are things we know, so they’re not risks, however they could be issues – which we need to manage.
For me this calls into question the common practice of listing risks and issues together. Looked at this way, they are more than just risks with 100% certainty so we should probably handle them separately.
The known unknowns:
The things we know we don’t know. These are our conventional risks, they will appear on our risk registers and we can manage these with the normal Tolerate, Treat, Transfer, and Terminate processes, provided of course we can make sensible evaluations of the probability, impact and proximity. Some project approaches would try to tackle the biggest risks first – which seems sensible.
The unknown unknowns:
These are dangerous: as we don’t know about them, we can’t identify them and manage them. The problem they have a have a habit of suddenly appearing and disrupting our projects and organisations, we have to ask: Did we really not know and how do we mitigate these?
The answer to the first lies in the next section about unknown knowns, so we have to look at mitigation.
These unknown unknowns are uncertainties – we have two practical approaches:
- Trying to surface them early in our projects with feasibility studies, prototypes and pilots – after which they become known unknowns.
- Building resilience into our projects and organisations so that we have the capability to minimise and withstand the disruption caused.
The unknown knowns:
“There is but one coward on earth, and that is the coward that dare not know” –W E B DuBois.
These are the most dangerous of all, because we are in denial, to make it worse we will probably stay in denial even as events unfold round us. It’s odd how often the things we least want to happen are the most likely to occur
I find it hard to believe for example that no one thought the recent exam grades fiasco was a likely outcome.
Surfacing unknown knowns requires self-discipline, honesty and often, considerable courage to admit that we, and our colleagues, need to face up to uncomfortable truths. Managers need the self-confidence to encourage an open no blame culture to admit a course of action is fatally flawed and head off potential catastrophe early.
The thing that most struck me when writing the presentation that sparked off this chain of thought is that only one of the four sections is covered by our conventional risk management – maybe why we’re just too often surprised by unexpected outcomes.
Although this is only a short discussion of risks and uncertainty, I’d be interested in any comments you have.