Risk Decay

Every few decades, we see a massive, often global, setback that severely damages, among other things, the business environment. Afterwards we read of parallels to other times and similar problems.

Look at the current pandemic. We see references and comparisons to a global pandemic in 1918 called the Spanish Flu. If this happened once, why weren't we prepared? How can businesses be ready next time?

The problem lies in something I call Risk Decay, the idea that our perspective of our vulnerability to a risk declines as that risk falls further and further into history.

When something major happens, we can not only remember the facts of the situation, but feel the emotions and hardships of that issue. To prevent this from happening we create safeguards, save funds, provide buffers, buy insurance, create new organizations and procedures, and create a system that should prevent the event from being as destructive should it ever happen again.

However, as time progresses, the emotions fade, the worry subsides, and we are left with a continuously diminishing remembrance of the pain caused. We re-evaluate the extra costs associated with preventing the pain against a more current and distant remembrance of the pain. The emotions are gone, and we are left with funds not getting a return. We start to drop these safeguards and set ourselves up to once again experience the same destruction.

If we are building companies to be around for 100+ years, we need to plan on multiple occurrences of devastating events. Even more, we must plan on being around and surviving those events. So how do we fight risk decay?

One of the ways that this can be done is with a Disaster Post-Mortem, a document to bring back up the emotions associated with the original disaster and re-enforce the preventative measures put in place.

A DPM does not need to be lengthy, and is actually better as a short document, 2-3 pages. It should be more story than facts, and easily read in a few minutes. The key is to re-convince future leaders of the preventative measures taken, procedures instituted, and costs taken on in order to prevent a potentially catastrophic risk.

Here are some things to include:

Understanding the context for the problem, the events that led up to it, and the signs that could have foretold it are key. These should be written in a way that builds tension as well as the case of the problem. This section in the post-mortem keeps the account "fresh" in the mind of the reader.

Next, a breakdown of the problem, and more importantly, the consequences (both personal and professional) that occurred. Here we remind future readers of the devastation. It is important here to include not only what happened to you, or your business, but also the businesses around you. This should act as a reminder of what might happen if the preventative measures are not help up.

Finally, share the solutions, and how they were created. It is important to not only see the solutions and preventative measures that were enforced to prevent future catastrophe, but also how they are connected to the problem. By outlining the process by which the problem was analyzed, the solutions were brainstormed, and the preventive measures were decided on, you can walk future readers through the process so they can feel energized to keep and protect the measures that are in turn, preventing them.

The only remaining thing to do is to ensure that there are future readers. Perhaps having management review the post mortem every 5 years or so (this is dependent on the anticipated frequency of the outsized risk event). In this way, leadership is reminded on preventive measures, their reason, and their importance. It should, if done correctly, help future leaders feel as if they walked through and arrived at the same decisions.