The Immune System is Risk


immune_systemThe immune system is risk.

Over the course of the last 3 years we have been exploring the innovation of risk from the perspective of moving risk management away from a traditional focus of frameworks and tools, and towards an embedded practice within businesses across the globe.

With organisations continually striving for that 1% more and driving themselves to different methods of execution and implementation, we were drawn to a book that discusses one of the most modern approaches to developing your business.  Eric Ries delivers a book that focuses the reader on how to adapt to today’s environment regardless of your organisation size or complexity.  In particular he indirectly discusses risk management within this book (he does not explicitly call it risk management) through his method of using batches to help deliver a more effective and efficient product to the end customer.

We called this our product’s immune system because those automatic protections went beyond checking that the product behaved as expected.  We also continuously monitored the health of our business itself so that mistakes were found and removed automatically”, from “The Lean Startup: How Constant Innovation Creates Radically Successful Businesses” by Eric Ries.

Let us consider this quote for a moment using the analogy of the human body.  Wikipedia defines the immune system as, “a system of biological structures and processes within an organism that protects against disease. To function properly, an immune system must detect a wide variety of agents, from viruses to parasitic worms, and distinguish them from the organism’s own healthy tissue.”

Now let’s consider the definition of risk management in Wikipedia which details, “Risk management is the identification, assessment, and prioritization of risks  followed by coordinated and economical application of resources to minimize, monitor, and control the probability and/or impact of unfortunate events or to maximize the realization of opportunities.

Reading these two definitions at face value does not seem to indicate any analogous position.

However, we should step back for a moment on what this definition, or any definition, is meaning by risk management.  Effectively, risk management is the system to identify and protect an organisation from failure of people, process and systems.  To have an effective risk management system we consider a wide variety of potential problems and distinguish these from the opportunities so as to ensure the organisation achieves the best possible return.

An effective risk management system is the immune system of the organisation.  It is built to identify and mitigate against the “bad” viruses (problems) and to ensure the promotion and proliferation of the benefits.  It also provides processes to continuously monitor the effective performance of the organisation in mitigating the “bad” viruses.

In “The Lean Startup“, Eric Ries highlights how his organisation dealt with risk by, “When our immune system detects a problem, a number of things happen immediately, being the defective change is removed immediately and automatically, everyone is notified, and changes are blocked until the root cause of the problem is found and fixed.”  Eric has just described a real-time, interactive and continuous risk management system.  A system that as Risk Managers we discuss in detail and depth and attempt every day to communicate to management.

The role of the Risk Manager must therefore be to assist the organisations immune system to fight the “bad” and promote the “good”.  Over the past 20 years Risk Managers have focused on the framework and the tools, and have been seen as a road-block to change.  As an analogy in the theme of the immune system, the Risk Manager is seen as almost being the emergency room of the hospital.  People go there when they know they are in trouble and need a diagnosis and solution.  The Risk Manager makes them follow the process and then a solution is provided.  Most of the time, the emergency is averted, but every now and then, you end up having some form of major emergency surgery.

Perhaps the lesson for risk managers is we are promoting the “emergency” approach through the focus on historical language in how we communicate and engage.

What we should be doing is providing an approach and language that encourages individuals and businesses to perform preventative measures, like exercise for your body or better eating habits to promote better health!

Eric Ries approach to the Lean Startup is a reminder to risk management that we need to be just as revolutionary and innovate in our thinking in how we approach risk management.  We need to be the promoters of good health, of boosting the immune system and generating embedded practices in managing the potential viruses (errors) that occur in any part of the business.  And just like any good medical coverage, we need to to be holistic in our thinking.  We need to consider new age thinking and we need to move away from the traditional reactive approach.

The immune system of the organisation is risk and managing risk will make the immune system fight the problems and embrace the opportunities.


Inspiration for the article was from:

The Lean Startup: How Constant Innovation Creates Radically Successful Businesses” by Eric Ries.