Abandoning Risk–Based Management
Every business model of the 20th century is built around managing risk. But no one ever decides to do business because they decide there is no risk– they make a buying decision, or select a business partner, because they affirmatively decide to trust someone. Trust is the essential driver of all purchase decisions. However, it is very rare that you hear a business build its management model around driving and expanding trust. Instead, investment in new technology and new business processes are justified based on the need to reduce or control risk. The time has come to abandon this model – in a global competitive market, where the Internet enables any customer to “route around failure" and select an alternative product or service provider, management must commit to a different model – a model that drives trust as the essential end-product for every decision.
Trust has many dimensions that I will explore through this blog. But, in a wired world, where every customer has access to significant amounts of information about the marketplace, the providers, and their products, trust begins with the most essential atomic element – information itself.
By focusing on the smallest object around which trust is developed, we can illustrate why risk-based management is no longer a functional model. Take, for example, you are browsing of the advertisements for various products on different sites. As a practical, human process, we do not begin to evaluate and compare the information by conducting a risk – based assessment. Our questions are first about understanding the identity of the webpage, the reputation of the operator, the reviews of the products that are available. We are gathering information that allows us to make a decision to affirmatively trust the further details about a product or service which will eventually inform our decision on purchasing the option we prefer.
In evaluating the information we gather, there is another process that occurs, often intuitively. Once the information is gathered, we challenge the information to demonstrate that it meets our criteria for being trusted. Is the information spelled correctly? Are there grammatical errors in the material? Is the presentation consistent with what I expect to see? These are the kinds of questions which are driven by our desire to make an affirmative trust decision, not to evaluate risk.
So, for some time, I have been troubled by the disconnect between risk–based management models and the simple fact that every buying decision is driven by trust evaluations. Does it not make sense that we should evaluate new investments in information technology or improvements in business processes by asking, "How will this new investment improve the trust that is placed by the buyer in our products and our services? How will we measure the results of the investment in improving the trustworthiness of the digital information on which we, and our customers, rely?"
Building digital trust begins by building trust in the smallest atomic element – each word, each phrase and each data object that make up the totality of information on which any business decision, or customer decision, will depend. But the first step is to recognize that continuing to emphasize risks and make investment decisions based on reducing risk, rather than accelerating trust, is a broken model.
I invite your thoughts and/or questions on this subject. Please comment below.
