The essence of the Internet is that it’s very open, decentralized and populist; a place where knowledge is democratized and mass collaboration is the source of power. It challenges organizations, institutions and systems that are just the opposite; human structures that are confidential or closed, centralized, designed for creating proprietary intellectual products, organized on authority principles, and where power is maintained by controlling knowledge.

So we’re witnessing a revolution spawned by the Internet that’s growing and morphing. There’s no stopping it and there can be no debate that the previous way of being organized and working that ruled last century was better (or worse.) It doesn’t really matter. The genie is out of the bottle and we need to understand how we’re going to adapt to the unanticipated events (risks) that will be driven by the new order of the Internet.

Right now, I believe that the stage is being set in the politics of Canada for a new set of entirely unanticipated events driven by this new way of doing things, made possible by Internet technologies. How this will affect regulators, more on that later, but consider the scenario that’s unfolding.

(more…)

I spoke at a conference in Ottawa today that was focused on the topic of stakeholder consultation. An observation from one of the participants in one of the sessions raised the question about how to authenticate and validate comments from participants received via an online forum, wiki, or blog. If the comments are to be used to inform policy, the need to know the author of a comment is clearly important. If one individual or group were able to represent themselves as many individuals or groups, the consultation process is clearly suspect.
This brings up the question of the purpose of the consultation. In risk management, we need to consult to understand matters that would otherwise be invisible, to see and understand more clearly what and how certain unexpected events could happen that will advance or retard goals. The authenticity of the individual who helps you understand or see more clearly may not be important. However, the truth of what they tell you is. So we need to validate the information. It’s less likely that we need to validate the reporter. Indeed, knowing less about the reporter means that it is less likely that we will be influenced by the things that shouldn’t influence us, but easily can. For more on this point about risk and perception read this blog about Joshua Bell.

For public sector risk managers here’s a poignant example of the difficulty of assessing risk, either threats or opportunities, on their own merit, stripped of the context. Context, while important, can make us blind.

The example below challenges our idea of what’s great versus what’s just … ho-hum. How do we know that something is great.

The story is based on a “stunt” that the Washington Post and Joshua Bell played on DC Metro commuters. Bell performed for commuters as might any street musician; not withstanding his reputation as a renowned virtuoso violinist, nor the fact that he was playing the world’s greatest music that few people can perform convincingly, nor that his instrument was a handcrafted Strad, made in 1713 by Antonio Stradivari.

A onetime child prodigy, at 39 Joshua Bell has arrived as an internationally acclaimed virtuoso. Three days before he appeared at the Metro station, Bell had filled the house at Boston’s stately Symphony Hall, where merely pretty good seats went for $100. Two weeks later, at the Music Center at Strathmore, in North Bethesda, he would play to a standing-room-only audience so respectful of his artistry that they stifled their coughs until the silence between movements. But on that Friday in January, Joshua Bell was just another mendicant, competing for the attention of busy people on their way to work.

The above passage is from the Washington Post article. It’s a great read. What happened? There was lots of great music making. You can listen to it! However, very few people that passed him on their commute recognized that they were hearing truly great music. Indeed, far fewer than the Post or Bell expected.

How does this apply to risk management?

• Context adds or subtracts significantly to our appreciation of an event or situation; we may need to strip the context away to reveal the heart of the matter
• The elements of the risk framework need to be in place: training, perceptiveness, interest or motivation and a supportive structure are needed to identify opportunties and threats, or to really hear the music

Curious to hear your thoughts.

Regulations capture knowledge at a point in time

Intensive research and analysis contribute to the substantial body of knowledge that’s developed when creating or updating regulation. It involves ideas, trade offs, drafting and revising documents - for months or, more likely, years. The resulting legislation, regulations, policies, standards and programs capture all of this distilled knowledge at a point in time. But this is just the beginning …

Risks evolve faster than rules

Issues shift and risks change. Moving forward, there are endless uncertainties about the future. It doesn’t help that rules are static. (more…)