Prof. Aleksandar Jovanović recently gave an interview for the leading German economic newspaper Wirtschaftswoche, recognizing the importance of standardization work in the area of risks. EU-VRi, Steinbeis, and Prof. Jovanović are long-time active leaders in the area of standardization related to emerging risks, currently working on a new ISO standard, ISO 31050 Guidance for Managing Emerging Risks to Enhance Resilience.
The original article is available in German here: http://www.inpactmedia.com/wirtschaft/risikomanagement/wir-brauchen-standards-fuer-globale-risiken#2287. A translated version in English is provided below:
»We need standards for global risks«
Globalization is driving forward world networking. But with complexity also comes risks. How can you correctly assess a threat situation? Are we even worried about the "right" things?
Klaus Lüber, Editorial Staff
And how can you handle risks that have global implications? An interview with Prof. Aleksandar Jovanović, Head of the European Virtual Institute for Integrated Risk Management (EU-VRi).
KL: Mr. Jovanović: natural disasters, infrastructure damage, political imponderables, supply chain disruption, piracy, sabotage, cybercrime - the number of risks in international business seems to be growing. Is that really the case, or is it just because we know more and more about risks?
AJ: That's not so easy to answer. What does "growing" mean? What we do know is that the present has become more complex and often entails new risks. As a system becomes more complex, in general, the risks become more complex, and the number of potential and new risks increases. The problem is that in order to really assess a threat situation, we need reliable reference points. At the “regulars” table you can talk about the real dangers of climate change at length, but as long as you do not have a reliable framework to define priorities, criteria and decision-making processes (when it comes to risk assessment) all remain just a roundtable discussion.
KL: You could consult experts.
AJ: Yes, of course you could, and of course you do, but that does not really make you “pass.” For example, if every expert has a different opinion, we get a collection of responses in silos. This is a very unfavorable situation, especially when dealing with complex risks, because here [with complex risks] it is particularly important to act interdisciplinary and to see the "big picture."
KL: Do you mean [to imply] action guidelines for companies and institutions?
AJ: Right, and here comes the next challenge: the classification of responsibilities - "mandates" - has also become more complex. As a result, it is often the very institutions that are supposed to exercise these mandates globally, such as the UN or the EU, which become increasingly powerless or unfree in doing so. At the national level, it is often not much better. Although consensus on dealing with complex and systemic risks is certainly very important, as well as [achieving] the acceptance of as many people as possible, the reluctance of an institution [to act], such as a competent ministry which actually has power to act on an issue such as “coal exit,” is out of place.
KL: What is the general policy in the area of risk management?
AJ: In my opinion, there is definitely room for improvement. Many authorities and institutions have long lost much of their expertise and have many specialist personnel issues. Take the cybercrime field: since it is often impossible for authorities to engage the right IT professionals to provide the TVL-like conditions, many “cybersecurity centers” lack the right professionals or expertise.
KL: What about the situation with companies? Do they usually have more financial leeway?
AJ: That's right, but they have the problem of having to decide whether to invest long-term or short-term. For example, insurers who have been dealing with risk management issues for years often have to balance the investments they have in short or long-term risks because they cannot always afford the required research on the long-term, more complex risks. As in politics, they are simply less and less interested in long-term planning. It's worth less or even nothing at all.
KL: Let’s speak [more] concretely about the risks that we are dealing with in business and society. The sociologist and risk researcher Ortwin Renn, with whom you have worked for many years, sees the greatest danger in so-called systemic risks.
AJ: Yes, Mr. Renn means risks that can have global implications, are closely networked with many functional areas of the economy and society, and have cause-and-effect chains where we cannot get by with a classic, statistic-based approach. Here we need a fundamental change of perspective.
KL: What do you mean?
AJ: One should say goodbye to the idea that one could simply avoid or combat systemic risks like an external disturbance. The truth is that it is no longer about avoiding risks but understanding them as best as possible and preparing for them in the best possible way [in order] to ensure the resilience of the systems. That's one thing. The other is that solving complex and global problems usually has to be complex and global. Global also in the sense of "integrative" and "integrated".
KL: You have to explain that, please.
AJ: The decisive factor is the integration of various solutions into integrated risk management. That is exactly what we are doing at the EU-VRi, [the Virtual] European Institute for Integrated Risk Management. In doing so, one must try to consider all the different sources, including those, for example, that can cause or promote the misperception of risks in social networks. Nowadays, you have to be able to analyze the large amounts of data available – “Big Data” -, to be able to analyze new methods and have new analysis software. This is the only way to detect new trends in risks in good time: by observing them in real time and to derive recommendations for action from them. It is very useful to compare these results, which you can get without experts, with expert opinions.
KL: So risk analysis tools alone are not enough [to avoid risks]?
AJ: No, because even with these tools you will hardly be able to avoid them; new solutions also generate new risks. A classic example is the risk of Alzheimer's disease. That [risk] is one in a hundred at the age of 65 but one in six at the age of 85. One could say: by avoiding the risks that lead to an early death, at the same tome you increase the risk of developing [other] diseases that increase [in risk] with age. That this pattern is repeated in other fields, such as the exit from coal, autonomous driving, or Industry 4.0, is to be expected.
KL: These are topics in each of which the aspect of social acceptance plays a role. Now many of your colleagues say that we often cannot assess risks properly. Isn’t it first of all a matter of distinguishing "real" from "fake" risks?
AJ: Of course you can do that, but you should be careful not to take so-called "false" risks less seriously. For a long time, insurers have had their own term: phantom risks. Although they have no material, statistical basis, they should still play an important role in a risk analysis. To perform a full risk analysis, one must consider factors such as risk perception and social acceptance. If technology is accepted in one corner of the world and not in another, it is important to understand why.
KL: Like, for example, the Transrapid?
Exactly. A cutting-edge technology that has not found social acceptance. Not least of all because the risks associated with the Transrapid in Germany and the classic train have been considered and categorized. Then it would be, as in every train, an emergency brake would be required on the Transrapid, while nobody would think of installing one in an airplane.
KL: What recommendations do you give to politics and business?
AJ: It's all about recognizing the importance of frameworks for efficient risk management. Just as we have agreed in many countries to drive to the right or measure speed in km/h, we also need more commonly accepted risk and resilience management standards in risk research - such as the new ISO 31050. That's because we need maximum clarity and the above framework in the implementation. Only then will we have a chance to prepare efficiently for the challenges of old and new risks.