Agility:How to Navigate the Unknown and Seize Opportunity in a World of Disruption

Posted October 16, 2019 by riskviews
Categories: Enterprise Risk Management

As far as I can tell, risk management as a business practice is pretty well embedded now, more than a decade after the Great Recession. But it appears to be more of a cost of doing business that is required by boards, regulators and rating agencies rather than as a boon to management of businesses.  It is usually focused almost entirely on negative outcomes and insists on using its own language that is not even slightly close to the language used by top management in discussions of strategy for the firm.

When we overestimate our overall capacity, tangible and intangible, in relation to risk, we endanger our performance and even survival.

At the same time, there are continual examples of strategic failures, failures that you could imagine could be avoided with some risk management thinking.  (Stories like Kodak’s failure to develop a realistic vision of the coming impact of digital photography to its film business or Blockbuster’s failure to understand the threat from Netflix’s internet based business model.)

A new book, Agility, by Leo Tillman and General Charles Jacoby (ret.) suggests that we can enjoy the benefits of linking risk management to strategy by becoming . . . Agile.  The book provides stories, both from businessman Tillman and military man Jacoby to illustrate the pitfalls of operating without Agility and the benefits of operating with. 

Vital to an effective process for achieving agility is that it is not defined or operationalized in a rigid, one-size-fits-all way.

I think of their ideas as eminating from the realization that because we usually operate in a competitive environment, even the simplest of plans can be wrecked by unexpected reactions of those competitors. 

My sense of Agility, after reading this book, is that it is a sort of continual restlessness, of never being satisfied that everything is running as well as it could and of not feeling completely safe from harm either. Always ready to change course to gain more advantage or to steer away from danger that was recently not even in sight.  Tillman and Jacoby give the example of the football running back who might change course at any time to find daylight or to avoid a tackler. 

Few plans survive contact with reality because our assumptions turn out to be incorrect, our adversaries act in unforeseen ways, or because our actions set in motion a multitude of forces that change the operating landscape itself.

They say that Agility has three components: risk intelligence, bias towards action and flexibility.  Risk intelligence involves a forward-looking unbiased assessment of risks and opportunities associated with the risks.  Tillman has written previously about risk intelligence. Bias towards action seems to be clearest in the military context. It is easy to imagine that a military unit that experienced analysis paralysis would not be long for the world. Flexibility is the ability not just to change plans but to execute the new plans well. That last item is probably the most difficult item here. It is one thing to assemble a team who can do a good job executing a pre-planned task, but another much more difficult task to create a group who are willing and able to change their goals and objectives significantly and who will proceed to deliver on those plans.  But while difficult, Tillman and Jacoby point out that it is almost essential ability for an organization that expects to persist in the long run.

Adopting the agility mindset fundamentally transforms this perspective, turning a nice-to-have “luxury” into a mission-critical priority.

The agility mindset does not view risk as either inherently positive or negative. Instead, as alluded to earlier, it considers risks indispensable arrows in the quivers of decision makers. If we detect and assess environmental changes adroitly, these arrows enable us to both dynamically manage our portfolios of risks and alter our adversaries’ risk equations.

We fly blind when we do not fully understand our portfolio of risks, its role in our business model or its connection to our operating landscape.

While the premise of this book is well founded and well explained, the thing that really makes the book stand out is the inclusion of the military examples to show how each of the points that they make are supportable not only by Tillman’s business examples but also in the military sphere.  Examples include Napoleon at the Battle of Borodino with the concept of risk intelligence, the invasion of Afghanistan and Iraq illustrating execution and the Normandy invasion to illustrate the entire concept of a combination of strategic and operational agility.

Risk Intelligence III

Posted March 21, 2019 by riskviews
Categories: Enterprise Risk Management

Risk Intelligence Definition: A general mental capability that, among other things, involves the ability to reason, plan, solve problems, think abstractly, comprehend complex ideas, learn quickly and learn from experience in matters involving risk and uncertainty. It is not merely book learning, nor is it primarily about a gut feel for risk. Rather, it reflects a broader and deeper capability for comprehending risk and uncertainty in our surroundings—”catching on,” “making sense” of things, or “figuring out” what to do in the face of both presenting and emerging risks.*

In an earlier post, RISKVIEWS told of the capabilities of the Risk Intelligent.  To acquire capabilities, one must start with beliefs that (a) there is a need for such capabilities and (b) that such capabilities can be effective in satisfying the need. Common Beliefs of the Risk Intelligent that led them to acquire their capabilities:

  • The world is dangerous enough that we are motivated to control risks, and also predictable enough that systematic management and exploitation of risk can be worthwhile.
  • The characteristics of risks will drift over time (and occasionally jump unexpectedly) requiring constant vigilance to adapt risk exploitation and management processes.
  • Preferences for risk and reward are asymmetrical: the aversion to a large potential loss is always higher than the preference for the same sized potential gain
  • Opportunities for profit via risk-taking exist because firms can find opportunities to exploit risks that the market has miss-priced, and/or opportunities to exploit diversification effects
  • It is bad for organizations to fail, so risk management objectives should be a part of all company strategies and should involve the company’s CEO and board of directors
  • Risks can and should be measured; this measurement is a technical exercise that requires expertise
  • Management of risk requires diligent attention to any choices to accept risks and actions to mitigate or transfer risk; more significant risk decisions should be approved at more senior levels of the company hierarchy
These beliefs differ from standard economics beliefs.
As RISKVIEWS said in another post, the capabilities are gained via Education, Experience and Analysis.  The next several posts on this topic will explore each of those paths separately.  After that, RISKVIEWS will come back to the beliefs and discuss how they come about.

*It turns out that there are almost as many definitions of intelligence as there are psychologists.  But on one day in 1994, almost 50 agreed with this definition, put forward by Linda Gottfredson:

Intelligence: A very general mental capability that, among other things, involves the ability to reason, plan, solve problems, think abstractly, comprehend complex ideas, learn quickly and learn from experience. It is not merely book learning, a narrow academic skill, or test-taking smarts. Rather, it reflects a broader and deeper capability for comprehending our surroundings—”catching on,” “making sense” of things, or “figuring out” what to do.

As you can see, RISKVIEWS based our definition of Risk Intelligence on this wording.

Risk Intelligence IV

Posted March 20, 2019 by riskviews
Categories: Decision Makng, Enterprise Risk Management, Execution Risk, Risk Culture, Risk Learning

Tags: , , ,

Overcoming Biases

In a recent post, RISKVIEWS proposed that Risk Intelligence would overcome biases.  Here are some specifics…


  • Anchoring – too much reliance on first experience
  • Availability – overestimate likelihood of events that readily come to mind
  • Confirmation Bias – look for information that confirms bias
  • Endowment effect – overvalue what you already have
  • Framing effect – conclusion depends on how the question is phrased
  • Gambler’s Fallacy – Belief that future probabilities are impacted by past experience – reversion to mean
  • Hindsight bias – things seem to be predictable after they happen
  • Illusion of control – overestimate degree of control over events
  • Overconfidence – believe own answers are more correct
  • Status Quo bias – Expect things to stay the same
  • Survivorship bias – only look at the people who finished a process, not all who started
  • Ostrich Effect – Ignore negative information

Each of Education, Experience and Analysis should reduce all of these.

Experience should provide the feedback that most of these ideas are simply wrong.  The original work that started to identify these biases followed the standard psychology approach of excluding anyone with experience and would also prohibit anyone from trying any of the questions a second time.  So learning to identify and avoid these biases through experience has had limited testing.

Education for a risk manager should simply mention all of these biases directly and their adverse consequences.  Many risk managers receiving that education will ever after seek to avoid making those mistakes.

But some will be blinded by the perceptual biases and therefore resist abandoning their gut feel that actually follows the biases.

Analysis may provide the information to convince  some of these remaining holdouts.  Analysis, if done correctly, will follow the logic of economic rationality which is the metric that we used to identify the wrong decisions that were eventually aggregated as biases.

So there may still be some people who even in the face of:

  • Experience of less than optimal outcomes
  • Education that provides discussion and examples of the adverse impact of decision-making based upon the biases.
  • Analysis that provides numerical back-up for unbiased decision making

Will still want to trust their own gut to make decisions regarding risk.

You can probably weed out those folks in hiring.

2019 Most Dangerous Risks

Posted March 1, 2019 by riskviews
Categories: Enterprise Risk Management, Risk

Tags: , ,


For 2019, a new poll on 180 insurance executives ranks four out of five of last year’s top risks again in the top 5.

See more details at 


Risk Intelligence II

Posted February 28, 2019 by riskviews
Categories: Enterprise Risk Management

Tags: , , , , , , ,

Somehow it worked.

Several psychologists stated that economists were rational and those who didn’t know what economists knew were irrational.

They collected data on how irrational folks are and analyzed that data and grouped it and gave cute names to various groups.

But I think that you could do the same thing with long division. Certainly with calculus. Compare answers of rubes on the sidewalk to math PhD s on a bunch of math questions and how well do you think the rubes would do?

Some of the questions that the psychologists asked were about risk. They proved that folks who rely solely on their gut to make decisions about risk were not very good at it.

I am sure that no-one with any Risk Intelligence would have bet against that finding.

Because Risk Intelligence consists of more than just trusting your gut. It also requires education regarding the best practices for risk management and risk assessment along with stories of how well (and sometimes ill) intentioned business managers went wrong with risk. It also requires careful analysis. Often statistical analysis. Analysis that is usually not particularly intuitive even with experience.

But Risk Intelligence still needs a well developed gut. Because history doesn’t repeat, analysis always requires simplification and assumptions to fill out a model where data is insufficient.

Only with all of Education, Experience and Analysis is Risk Intelligence achievable and even then it is not guaranteed.

And in addition, Education, Experience and Analysis are the cure for the irrational biases found by the psychologists. I would bet that the psychologists systematically excluded any responses from a person with Risk Intelligence. That would have invalidated their investigation.

Their conclusion could have been that many of us need basic financial and risk education, better understanding of how to accumulate helpful experiences and some basic analytical skills. Not as much fun as a long list of cutely names biases, but much more helpful.

Risk Intelligence I

Posted February 24, 2019 by riskviews
Categories: Enterprise Risk Management

Risk Intelligence is what you need to make astute decisions about risks that confront you.

With Risk Intelligence you will be able to:

  • know when something is risky
  • know how to systematically determine parameters of risk
  • Assess Danger from a Risk – and not be unduly swayed by Fear of that Risk
  • understand that those parameters do not fully define a risk. They identify a point on a gain and loss continuum
  • identify the handful of risks that make up 90% of the risk profile (key risks)
  • understand the mechanisms that the company uses to maintain a consistent rate of risk for each key risk and Help to make sure that those mechanisms are maintained and only expect that there will be deliberately agreed changes to the rate of risk for any key risk.
  • understand risk/reward analysis and cost/benefit analysis where the trade-offs are often a certain reduction in earnings vs. an uncertain reduction in future losses
  • discern when to trade short term certain gains for longer term uncertain but larger gains under conditions that could be repeated indefinitely for a tangible long term gain.
  • be aware of which risks the company is exploiting because they have the expertise and opportunity to make a good profit for the amount of risk take and are able to notice when the opportunity to exploit has passed.
  • be aware of which risks the company is accepting and carefully managing to achieve a reasonable profit while avoiding unacceptable losses.
  • be aware of the risks that are unavoidable but the create little or no profits and that should be minimized at an acceptable cost.
  • Understand that people are generally optimistic and need to test plans against alternate future scenarios

Most Dangerous Risks

Posted July 31, 2018 by riskviews
Categories: Enterprise Risk Management, Risk Identification

The short story “The Most Dangerous Game” has always fascinated. Wikipedia lists dozens of adaptations for Radio, Movies and TV.  The story is about the most dangerous quarry for a hunter.

Insurers are not hunters, they do not exactly seek out risk.  Well, maybe they do seek risks. But insurers should be aware that some risks are more dangerous than others.

In late 2017, RISKVIEWS polled 200 insurance executives and they provided their opinion of how to rank a long list of risks that threaten insurers.  The polling software, found at, asks participants to rank pairs of items and uses a complex algorithm to create a ranking of the entire list.  These 200 executives, on the average, chose to rank about 80 pairs making a total of over 16,000 rankings performed.

The results were published on the web here.  The Top 10 risks were:

1 Cybersecurity & Cybercrime
2 IT/Systems & Tech Gap
3 Strategic Direction & Opportunities Missed
4 Pricing & Product Line Profit
5 Runaway frequency or severity of claims
6 Disruptive Technology
7 Customer needs not served by traditional approaches
8 Emerging Risks
9 Competition
10 Underwriting

And in mid 2018, RISKVIEWS looked around to find out what news there had been regarding each of the top risks and published the findings here.

%d bloggers like this: