Steve Priest: A few weeks ago I asked a hundred or so E&C professionals from utilities and energy firms what their biggest risk was. None of the first three people answering gave what I thought was the obvious answer: safety. This was before the New York City gas pipeline explosion that killed several people, but after many other accidents. It set me to wondering... how could E&C pros be so wrong about risk?
: Since E&C officers tend not to have responsibility for safety, maybe they were responding based on their own duties – meaning second person singular instead of second person plural. But I agree they should be thinking safety – even if it isn’t in their individual mandate - if for no other reason that the safety risk could be relevant to other risks for which they do have responsibility.
Steve: It seems to me that one of the reasons we are fallible with risk is the recency affect. Bribery is in the headlines, so it must be our biggest risk. With the energy and utility E&C professionals, cyber security was the emphasis because it was in the headlines.
Well, there is some logic to focusing on what’s in the present or recent past. But there are also plenty of examples of people being misled by current and recent events. In the realm of history generally (and not E&C in particular) the best example comes from WWII, when the French Army’s battle plans - and particularly their building of the Maginot Line – were informed by the then-recent history of trench warfare in WWI.
Steve: Another flaw in risk assessments is that like the good gendarme in Casablanca (and not to pick on the French), we round up the usual suspects. As I reflected on the work I have done in the past twenty years, I came to the conclusion that I was guilty of this. I have never put the true number one risk for every company at the top of the risk assessment charts.
Steve: The biggest E&C risk—although I think it transcends E&C and is quite probably one of the biggest business risks—is that people are not honest. The business world you and I work in and observe is filled with outright dishonesty: false reports of all kinds, exaggerations to customers, “optimistic” projections on costs or deliveries or synergies or . . . . And then there are the sins of omission—all those who know or suspect that something is wrong, and say nothing. If you look at almost every big real world E&C scandal, underlying the bribery or antitrust or fraud or insider trading there is dishonesty—often by many people.
A couple of responses. First, to get methodological for a second, I think it is helpful to distinguish between the types of violations that might occur (bribery, bid rigging, conflicts of interest) and the causes of those risks, one of which is individual dishonesty. Granted you can call the latter risks too, but in terms of developing mitigation strategies I’ve found it helpful to separate the two, because each risk/type of violation will have a different blend of risk causes, and thus require a different mix of mitigation measures.
Second, I agree that individual dishonesty – at least on some level - is pervasive, and part of the cause mix for every type of risk. But I think that one needs to be careful how one uses that knowledge in an E&C program. The delicacy of the task is part of the reason I am drawn to behavioral ethics (which we’ve discussed in prior exchanges), as it allows one to introduce – in training or other communications - the concept of ethical frailty in humans without suggest deep moral fault.
Steve: I agree that understanding the difference between dishonesty and its outcomes is important. If we look at categories of legal violations, what we most want to do is develop policies or compliance training or auditing to communicate or ferret out wrong doing in these areas. If we look to the underlying causes, our remediation is far different. The path to increasing honesty is perhaps harder—but we do have many signposts to help illuminate it, from the ancients to our modern day behavioral ethicists and psychologists.
Sounds good, and I hope it is okay if I use this exchange to plug my e-book on risk assessment, which can be downloaded for free here: http://www.corporatecomplianceinsights.com/free-ebook-download-jeffrey-kaplans-compliance-ethics-risk-assessment/#Riskmanagement #ProgramandRiskAssessment