In order to avoid surprises and be better prepared to face risk-related events, CEOs should ask themselves the four following questions inspired by the reaction of Sir Winston Churchill after the fall of Singapore in the Second World War, as described by R.E. Allinson in Global Disasters: Inquiries into Management Ethics. These questions should be used to ensure that the proper internal capacities are in place to maximize preparedness:
- How Will I Know?
When threats, anomalies, or suspicious activities are detected, how will this information be transmitted to the appropriate decision-maker and by whom? For emerging threats, sustained monitoring and weekly / monthly intelligence reports can be a good way to help CEOs have an overview of their environment and be proactive in identifying potentially alarming elements. However, for impending perils and risk-related events, it is crucial to have efficient alerting systems and means to ensure that the information is communicated to the right individuals in a timely manner.
- How Will I Ensure That I Am Informed?
In bigger organizations, potentially vital information and data can far too often slip through the cracks. In order to avoid this, it is crucial to have precise, thorough processes and chains of communication in place for the transmission of information. In addition, different safeguards should be implemented to ensure that important information is not inadvertently discarded. Lastly, proper staff training is also inevitably a key aspect of ensuring that the communication processes are well understood and implemented inside an organization.
- What Should I Ask?
In order to be proactive in identifying potential threats and vulnerabilities, business leaders need to be familiar with the latest developments in the risk environment pertaining to their field. They should also have a good knowledge of every aspect of their organization’s operations. Too many times, damaging and costly risk-related events take a company by surprise because of its lack of awareness of current threats or its own vulnerabilities. This is why decision makers should be aware of the areas where there are gaps in their knowledge, and take the appropriate means to bridge those gaps.
- When Should Communication Be Triggered?
In an era of big data and countless sources of information, it can be hard to differentiate actual critical information from the noise. This is why it is important to establish clear red flags that should always trigger an immediate reaction / communication. That being said, some signals that should trigger the chain of communication can always escape the scope of the predetermined red flags. This is why regular reporting to different levels of management and working in a collaborative environment should be strongly encouraged. That way, potentially alarming elements that did not arouse the suspicion of a specific individual might get picked up by another person and trigger the communication to a higher level decision maker.
Have you been asking yourself these questions?