Signals
If you spend any time on social media, viewing online news stories or read blog posts from pundits and self-described experts and consultants [present company included] you will notice that the ratio of “jargon” to information is rising rapidly. This is especially true in enterprise risk management, machine learning, artificial intelligence, data analysis and other fields where opinions are diverse because real expertise is in short supply.
This is a real problem on many fronts because jargon obscures the transfer of actionable information and makes it harder to make decisions that really matter. So I looked up the definition of “jargon”.
“Jargon: special words or expressions that are used by a particular profession or group and are difficult for others to understand.”
Well intended people use jargon to portray a sense of expertise in a particular subject-matter to those of us seeking to learn more and understand how to make sense of the information we are reading. The problem is that neither the speaker nor the listener is really exchanging meaningful information. In an era where vast amounts of misinformation is a mouse click away we must begin to speak clearly.
Critical thinking is the product of objective analysis and the evaluation of an issue to make an informed decision. However, because we are human what we believe can be based on biased information from peer groups, background, experience, political leanings, family experience and other factors both conscious and sub-conscious.
In an era where “truth” is malleable critical thinkers are more important than ever. This is especially relevant to risk professionals. The jargon in risk management is destroying the practice and profession of risk management.
Yes, these are strong words but we must be honest about what is not working. We, the collective “we”, use words like Risk Appetite, Risk Register, Risk Value, Risk Insights, or my favorite, “the ability to look around corners”; as if everyone understands what they mean and how to use these words to define some process that leads to awareness. The practice of risk management does not endow the practitioner with the ability to see the future. Done well, risk management, is the process of reducing uncertainty BUT only in certain situations!
Let’s stop expecting super human feats of wisdom in risk management that no one has ever demonstrated consistently over time.
We call risk frameworks a risk program when it is only an aspirational guide for what goes in a risk program not what you do to understand and address risks. The truth is the reason that there is so much jargon in risk management is because we know very little about how to do it well. Fortunately, the truth is much more simple than the jargon from uninformed pundits who would have you believe otherwise. Risk management is much more simple and less omniscient than the hype surrounding it. This may be disappointing to hear and many may argue against this narrative but let’s examine the truth.
Think of risk management as an Oak tree with one trunk but many branches. Economics is the trunk of the Oak tree of risk management with many branches of decision science that include the science of advanced analytics and human behavior among many others.
Economists and a Psychologist are the only ones who have ever won a Nobel Prize in the science of risk management.
Risk management was NOT invented by COSO ERM, consultants like McKinsey & Co. or applied mathematicians however many disciplines have played an active role in advancing the practice of risk management which is still in its infancy of development. Risk management is challenging because unlike the laws of physics which can be understood and modeled according to scientific methods the laws of human nature consistently defy logic. One look at today’s headlines is all you need to understand the complexity of risk management in any organization.
As the Oak tree of risk management grows new branches are needed such as data science, data management, cognitive system design, ergonomics, intelligent technology and many other disciplines. I created the Cognitive Risk Framework for Enterprise Risk Management and Cybersecurity to make room for the inevitable growth and diversity of disciplines that will evolve through the practice of risk management. It too is an aspiration of what a risk program can become. Risks are not some static “thing” that can be tamed into obedience by one approach, a simple focus on internal controls or the next hot trend in technology. Risk management must continue to evolve and so must those of us who are passionate about learning to get better at managing risks.
Let me leave you with one new word of jargon that is growing rapidly. Signal. The word Signal is being used in Big Data conversations to distinguish how to separate out the noise of Big Data from real insights to understand what customers want, identify trends and insights in data, and understand risks. How is that for a multi-jargonistic sentence?
Not surprisingly, McKinsey has jumped on this band wagon to tell the listener they too must separate the signal from the noise. Like all jargon, few tell you how only that you must do these things. What only a few will tell you is that the challenge of identifying the signal, insight, value or substitute whatever jargon you like is to develop a multi-disciplinary approach.
The cognitive risk framework for enterprise risk and cyber security was developed to start a conversation about how to begin the “how” of the evolution of risk management into what it will become not some imaginary end state of risk management.
James Bone is a lecturer in discipline in enterprise risk management, author of Cognitive Hack: The New Battleground in Cybersecurity….the Human Mind, creator of the first Cognitive Risk Framework for enterprise risk management and cybersecurity and risk consultant on GRC technology and the intersection of humans and technology.
