An Example of Risk/Crisis Management by God

What God did about the issue with Adam, bringing in Christ Jesus as a countermeasure and a ‘turning the tables’ that eliminated the key effect of Eve’s (Adam’s wife) missing the mark first. Adam had joined her — being cleaved to her. He was faithful to his wife even after a significant risk crystallized, and they lived through it together.

Between the ‘sin’ and Jesus, a palliative measure called the law was introduced to guide the thinking of the people back towards the ideal situation, as was in the garden of Eden. And to therefore ease their historical and generational mind towards recognising and accepting the Messiah (Jesus) when he arrived. It was like doing trial runs to highlight issues in order to make the solution obvious and welcome upon arrival: a necessity for effective implementation and elimination of the crisis.

Social Organization Design: The CIA Framework

This is an acronym for three essential things to maintain in a human system. It also serves as a guide to defining responsibilities and the kinds of actions and interactions that should describe a ‘good’ working system.

CIA, here, isn’t for the Central Intelligence Agency, rather it’s an acronym for Confidentiality, Integrity, and Availability. Three words that characterise and/or are fundamental in human relations, risk management, and organisation design. CIA represents a framework for principle centered design and decision making, particularly as it relates to human social systems.

All business organization is social because business is a social activity. Even the one man business has to relate with customers. In fact many businesses factor in the customer in their organisation design by defining rules, explicitly or otherwise, for the customers to follow. The understanding and correct treatment of the customer as an essential part of the social organisation of a business makes the business appear more responsive (in general) to their customers.

Think about the rules you might have been taught (or learned ) to follow by (or because of) the people and businesses you relate with.

In the ‘business’ of the marriage relationship, the husband and wife would have to maintain each other’s confidentiality since many things between them are for their ears/lives only. Each one keeps a personal integrity and helps the other with keeping theirs to ensure they both maintain their marital and family integrity. Also, they’d both ensure their availability, physical and otherwise, to each other. Hence, considerations of CIA affects when, how, and why they relate in different situations relevant to the context of marriage.

Picture the stereotypical three-girl group of (TV) friends in their friendship; that close-knit all female clique with passionate-cum-fearsome loyalty to one another, to their gang, and to certain ideals. CIA is implicit in their actions and interactions.

With reference to Information Technology (IT), system and data confidentiality, integrity, and availability (CIA) drive some business policies and practices. We can see how redundant systems, and the frequency, types, and location of backups support system integrity and availability. Also, it’s obvious how encryption, certificate authorities, user/login authentication etc promote confidentiality and integrity. Control processes and monitoring systems are there to ensure adequate confidentiality, integrity and availability are maintained.

So, with CIA, and adequate background knowledge or experience, one could write an IT policy document in about an hour, or, say, for operations at a tranport terminal …. And since IT policy is essentially risk management, the CIA criteria that drive it could also be used to drive risk management in other areas.

The use of CIA in the context of risk management necessarily runs on the assumption that the person, interaction (man-man, man-machine, machine-machine), or machine can be compromised or may act undesirably. Its output would thus try to achieve the implementation of systems/structures to guarantee—if at all possible—the acceptable behaviour. It would seek to minimize weaknesses and threats and/or maximize strengths and opportunities. In all this, the underlying assumptions matter greatly. And this is perhaps where experience or domain expertise matters most.

Because human systems are everywhere and exist in various contexts; because man, and man-made systems may fail; and because potentially influential interacting systems exist or may be encountered, we innately or explicitly perform risk management. To be truly conscious of this is to be conscious of our assumptions.

The wisdom of the separation of powers in government and governance is first in the need to preserve the integrity of the constitution. That a judiciary, legislature, and executive, are independent, and are not concentrated in one person, is deemed generally sufficient (as assumed) to mitigate the risk of elected leaders letting loose an inner tyrant or thief or fool over the nation. It hasn’t always worked, but it is good design. It doesn’t seem to work well every time, but the design works.

Designed organizations, whether consciously so or not, are everywhere. Recognizing this, we may see a place for us to act so that the system functions ‘better’. Looking around, we may come to see CIA as the basis of the decision making or operation structure of the Mafias, intelligence agencies, secret societies, sororities, fraternities, the Roman Catholic Church institution, G8 meetings, Bin Ladin and company, Harvard admissions etc—basically every company, institution or group. The good use of it is implicit in all-human sub-systems that survive the long walk.

Insurance may not be far from Mr Ponzi’s famous scheme.

Insurance requires regular deposits of amounts based on the assessment of a risk crystallizing. If the risk is realized under certain agreed conditions, a compensating payment is made. The insurance company indemnifies their clients. It is paid protection, and it is hedging your bets—forcefully (by law) or otherwise by choice.

If project ‘x’ fails, the insurance claim payment (project ‘y’) could help reduce or eliminate the impact of the loss in project x.

The practice of insurance is risk management. It needs to balance contributions by the many (the pool) and the potential need to ‘help’ the few (claimants), in the hope that the few who need help will remain few enough, asking for not too much. A game of chance and opportunity.

What is it with the unending quest for deposits and premiums? They’ve got bills to pay in addition to claims. The less they have to give, the more they can keep for themselves and/or invest to reduce or eliminate dependence on premiums to pay their bills. We need profit for long life.

It would be trouble if they come to need premiums continuously (over an extended period) to pay claims because they have insufficient cash in the pool et al—Ponzi-craft now.

In gambling, playing the lottery …, people pool monies together to benefit the few. The balance is kept by the organisers. Bets are like deposits and premiums, and winnings like claims. The well implemented system is such as is near guaranteed to not evolve into a Ponzi scheme. Also, we hear that the ‘house’ always wins, so it is much less likely to need a bail out. Insurance isn’t gambling, but they both follow the principle of shared risk. Most customers lose.

Actuaries do the maths for insurance companies to minimize the possible event of an insurance scheme turning quasi-ponzi. There are jobs for actuaries in casinos and bet houses too.

They gave sureties and guaranteed more than they could give: AIG insurance, years ago, bit more than it would chew so it came suddenly to a halt when it had to pay all at once. Who knows tomorrow, so we may want insurance then. They got a bail out (feels like a claim) from Uncle Sam for reasons best known to him. It may not be so now if it happens again.

Insurers go full-throttle lottery mode: limit the number of winners by design. Or lobby to make people pay, or ….

Whatever is not paid as claim, reserved, invested, or spent as an expense in the year is good game for profit. Fair for the risks they bear? If they make a loss, thats okay where its manageable. And it had better be infrequent.

Risk Management—An Optimization Problem.

Risk management is information gathering about, and analyses of actual or potential risk scenarios, that leads to facts and assumptions (or intelligence); on the basis of which, systems and structures or a programme of action, are designed, implemented and maintained in order to ensure that the crystalisation of the risk scenario (or its possibility) is averted, eliminated, or minimised.

It involves creating and maintaining risk prevention, aversion, and minimisation structures to maximise the likelihood of an identified success or positive objective: the minimisation of any negative effects of risk crystallisation, and/or prevention or elimination of risk situations.

A necessary implication in practice is that this attempt to maximise a status, tends towards minimising the crystallization of potential or actual threats (risks). Here lies the basis for the definition of the desired ‘success’ or positive objective.

The objective narrative, to minimise risk, puts one in ‘aversion’ mode. But, the practice of risk management is better viewed from the perspective of preservation rather than of aversion, its dual. In the sense of the above paragraph, to maximise rather than minimise. Reason being that there might be a myopia in the formation of the corresponding constraints for a minimisation of risk that may lead to potential restrictions or non-consideration of legitimate or acceptable means of business. Maximization thinking gives consideration to actual business objectives and facilitates more possibilities (open thinking) with respect to the constraints while trying to adequately manage risks.

When a risk has crystallized you slip into the crisis management aspect of risk management, which may be an optimization problem — to get the best out of an unwanted situation. Some might argue that this is not an aspect of formal risk management practice. Considerations and implementations differ. What is important is that, because risk is what it is, there should be a system to deal with crystallized risks (when your fears come to pass). Trying to alleviate the effects, finding and using some gain in them, managing (live with/through) them or countering them are possible approaches. Regardless of the situation, the optimisation objective remains the maximisation of a utility.