What's Hot

Nassim Nicholas Taleb's blog, an inspiring read | Incerto

Saturday, April 4, 2015

The importance of ISO 31000 in Germanwings

The article "The Germanwings crash and, the folly of risk analysis" shows to me at least, why the global risk standard of ISO 31000 is so vital to the people of this planet.

I will elaborate for a moment ...

Pascal-Emmanuel Gobry
If you have been following the news of late, the cause of the Germanwing's disaster evidences to us one single thing about airplane safety. Concisely, if authorities over control a cockpit of an aircraft to save it from an invasion by making it impenetrable, it does closeout the risk of hijacking. However, it also opens up a new risk of asset misappropriation.  We have in effect traded one risk for another with respect to airplane safety and the airline industry should go about analyzing and mitigating threats using a structured approach when facing uncertainty, rather than simple solutions of negation through control and over control.

In the Germanwing's case, they have fallen into the iatrogenic trap of a 'Reverse Chesterton's Fence' where the industry as a whole has modified its environment without investigating the implications of that change.

This brings me onto Pascal-Emmanuel's wonderful posting [LINKand while I may not entirely agree with what he has written, I do see the line of investigation he is following as being deeply important for furnishing us insight into why Risk Management fails.

In the context of Germanwings, it failed. We have to be very real about this.  We can't go around saying that Germanwing's management couldn't have prevented the accident so the airline isn't responsible for the outcome. This issue becomes contentious from a negligence or accountability perspective if we continue on down that road of thinking.

That being said, crashes do happen. In most cases, there wasn't systemic negligence, meaning that the cause of the crash could have been anticipated and stopped.
Pascal-Emmanuel Gobry | March 26, 2015 LINK
"In most cases the cause of the crash couldn't have been anticipated" ~ I am not sure I entirely agree with that remark ~ It is akin to saying we can't manage risk so why bother with it at all, why waste time and money attempting to control something we don't understand.

We all know this not to be true of course, we learn from what our environment feeds back to us and we modify our behavior accordingly to maximize outcomes.  Some actions have positive responses in line with randomness (not all desired actions workout all the time), some actions are negative and; when we pursue a few positive objectives we see on the horizon, we may also have a paradoxically negative dose response.

In my opinion, the reason why risk management fails us institutionally comes out cleanly with Pascal-Emmanuel's next comment.
The concept of risk is a very recent one, associated with the modern era, and it implies quantification. People have probably known about uncertainty since the dawn of recorded time, but the concept of risk arose when men got the idea that they could measure, and therefore predict and manage, uncertainty.
Pascal-Emmanuel Gobry | March 26, 2015 LINK
People have known about uncertainty since the dawn of time, biology and history demonstrates this fact to us all and every hydrocarbon life-form tends to respond to adversity in a unique way to maximize its survival.

We don't label risk as uncertainty or uncertainty as risk or do we?

ISO 31000 does label risk as uncertainty or specifically; "Risk is the effect of uncertainty on objectives" and for the very reason Germanwings demonstrates to us with its idiosyncratic catastrophe.

Yes this is a specific event for Germanwings today and probably a compliance requirement looking for an industry-wide solution tomorrow. In the end, we can be nearly sure that all smart airline managers will respond to what has happened at Germanwings and, redesign their cockpits to be secure but also secure while circumventing iatrogenic undesirable effects.
But, as the economist Frank Knight argued, there is risk, and then there is uncertainty. Risk can be quantified, but not every uncertainty can. And the problems arise when we try to treat uncertainty as risk.
Pascal-Emmanuel Gobry | March 26, 2015 LINK
There is risk, whatever that means when singularly stated ... But there is known randomness, you can see it when tree leaves blow around in the wind or waves rush up a beach. There is standard deviation, type I and type II errors as well, calibration significance, unknown randomness (tail events), formal fallacies and the informal ones. There are epistemic gaps, latent hazards with unknown unknowns apparently. There is just pure uncertainty of course, that we do know exists. There is volatility, variance, convexity, dose response, race conditions, model errors, systemic faults, flawed aversion and appetites, iatrogenic outcomes, audit and, there is compliance.

The concept of Enterprise Risk Management should be taken on board as being an umbrella that encompasses all of these things, not just what it can observe and, until corporations truly embrace risk management as having this charter, it will continue to let us down.

Germanwings to me was a latent hazard waiting to happen and I have pondered on this specific event many times while sitting on airlines over the years gone past ... You know, 'what happens if those guys up front go rogue ~ we're screwed aren't we' ... as it turns out, we currently are.

No comments:

Post a Comment