Ask someone what caused the Titanic to sink, and chances are he or she will simply say “an iceberg.” But as Gordon Graham stressed during the ISEA Executive Summit in Orange County, Calif., the real cause was much more complex. “Rarely does a single event cause a tragedy. It’s a cascade of events ... there were problems lying in wait,” he said. “That ship was doomed long before it was built, designed or hit the iceberg."
Graham, a risk manager with more than 3 decades of experience in California law enforcement, spoke to ISEA members on April 29 about identifying, addressing and preventing those problems that lie in wait.
“In any occupation, if you can identify what really caused [the incident], you can build control measures and prevent future tragedies from happening,” he said. “But in order to build control measures, you need to identify the cause of the tragedy.”
“Every identifiable risk is a controllable risk,” he added. “We’ve got to get in bed with risk management.”
10 Families of Risk
Graham outlined what he called the 10 families of risk:
1. External risks. From the weather to pandemics to terrorism, external risks are some of the most difficult risks businesses face, Graham said. Leaders must recognize the potential risk, whether it’s train tracks running behind the facility or the close proximity of a chemical plant, and then plan for the worse-case scenario.
2. Legal and regulatory risk. Employers must clearly understand and manage their legal and regulatory risks.
3. Strategic risk. Managers who take a long view of the challenges likely to crop up in the future will be best prepared to face strategic risk. “Where’s the world going to be in 35 years?” Graham asked. “Look into the future.”
4. Organizational risk. Graham asked attendees to seriously consider how one person within your organization could cause serious harm. He recommended conducting background checks on all new employees and performing regular performance evaluations.
5. Operational risk. “When you’re getting ready to fire someone, do you notify security?” Graham asked. “Do you notify the local police and ask for a threat assessment? The biggest triggering event for workplace violence is employee termination.”
6. Information risk. Company leaders must be able to confirm that the information they’re basing their business on is accurate and non-biased, Graham said.
7. HR risk. “This is the most expensive risk you’ll address,” Graham said. “You need competent counsel and [HR] personnel.”
8. Technology risk. “The fastest-growing family of risks are technology risks,” Graham said. “We’ve got to get up to speed on technology risks,” including cybersecurity.
9. Financial risk.
10. Political risk.
“The errors we’re going to make can be predicted from the errors we already made,” Graham said, paraphrasing the words of Archand Zeller. “Predictable is preventable.”