Open up just about any article, post, or other piece of thought leadership on the importance risk management or any of its adjacent spaces, and almost inevitably, it starts off with something along the lines of “we are living in times of unprecedented uncertainty and complexity” along with (as a bonus for those of us playing risk management BS bingo), a reference to VUCA (volatility, complexity, uncertainty and ambiguity).
It then continues with some repackaging of concepts that will be familiar to Strategic Risk readers. These might include ‘integrating risk with strategy’, resilience, scenarios, risk culture, ESG, GRC, or the much more cringeworthy (and broken) risk appetite statements, risk dashboards, and even (God forbid) the risk register.
If you are a risk management professional and have tried to communicate its importance to senior leaders or stakeholders, you – like I – have probably spewed these terms on multiple occasions.
However, the articulation of risk management’s benefits and the way it is widely implemented and understood, is based on a fallacy. That fallacy is a cognitive bias called “the illusion of control” which is that we believe we have greater…
