27

Help Manage Risk

When you sense that things could go wrong, you can lock the door and pray or you can do something to prevent the bad omen from coming true. Better yet, you can engage in risk management.

It isn’t difficult, and it’s especially smart. It’s a process by which you identify, assess, and prioritize the uncertainties that lie before you so that you can control the probability of occurrence of unfortunate events. Risk management is the proactive approach to eliminating or minimizing risks. You may not have the power to avoid or control risk, but you can manage and cope with the likelihood of it occurring.

Risks abound in the business world. They range from financial setbacks, accidents, project failure, and product malfunction to cyberthreats, computer viruses, social media attacks, and legal liability. The impact of any of these things can be devastating to an organization.

Risk management has incredible value. It should be an integral part of doing business. It should be part of staff meeting discussions and the strategic thinking that the boss needs so that he or she can make decisions that avoid problems for the organization.

Any unwanted event can endanger the ability to satisfy an objective or achieve success within an organization. Not every organization can afford to hire or have a risk officer, but any organization can have senior representatives who are thinking aggressively about what lies ahead that could be problematic and can help the boss with built-in risk control and containment measures. If this is done well, an organization can avoid risks altogether.

On a beautiful September morning in 2001, I learned the hard way that risk is everywhere. As the chief of staff of the State Department, I was returning from the morning staff meeting when a junior staffer alerted me that a plane had just flown into the World Trade Center in New York City. I rushed to my office, turned on the television, and watched another plane fly into the second tower. Not long afterward, I glanced out of my seventh-floor office window and saw the building I had worked in for 10 years, the Pentagon, on fire. By that time it was clear that this was a devastating event of enormous proportions.

I went with the deputy secretary of state, Richard Armitage, to the State Department Command Center. In a secure room we were connected by a video teleconference with representatives of the White House, the CIA, the FBI, the National Security Council, and other key agencies. Collectively, we concluded that the nation was under attack.

A decision was made to send federal employees home. The word was quickly spread that our employees should evacuate the Main State Building. Along with other senior State Department officials, I moved with them to an alternate command site.

Recognizing that there was absolute gridlock in Washington that day, we told the employees not to attempt to retrieve their cars from the basement parking garage. Some simply never would have made it. They were told to find other ways to get home. We were able to manage risk on the run.

It wasn’t until days later with the return of some sense of normality that I began to assess what we did right and wrong in response to this moment of uncertainty and how we could have done it better.

One of the many lessons I learned was that in the haste of evacuating the building, we hadn’t thought of everything. There had not been an emergency evacuation plan. That was not helpful to the need to care for and help employees with disabilities or handicaps. With the elevator in lockdown, people in wheelchairs or on crutches needed help getting down steps and out of the building. There was no accountability, and some were temporarily left behind at their own risk until the final building sweep was conducted and they were gotten out.

Some things are so simple that they are forgotten. An emergency evacuation plan had slipped the leash of concerns or considerations. Not to have one was unforgivable. The risks that day were everywhere in every way. Our lack of preparedness contributed to the problem.

It didn’t take long to fix the problem. I tasked every office to create and display an evacuation diagram and to have a plan that accommodated all the people in the office as they exited the building. We rehearsed the plan quarterly, and the members of each office went to a designated muster point where a head count took place. One less risk to worry about.

Any organization can have and should have a risk management plan. It should be tailored for potential risks in areas of concern to the things that could go wrong when one least expects it. The plan should determine how potential problems should be managed, how they could be mitigated, and how they should be handled if they occur. Risk management is a proactive technique to minimize the effect of threat realization to an organization. It is common practice in business today to do a SWOT analysis, a means of evaluating your strengths, weaknesses, opportunities, and threats.

Any such analysis needs to be open and honest. An American journalist and founder of the New Yorker magazine, Harold Wallace Ross, put risk management in context. He once wrote, “Think as you work, for in the final analysis, your worth to your company comes not only in solving problems, but also anticipating them.”