“In the economy an act, a habit, an institution, a law, gives birth not only to an effect, but to a series of effects. Of these effects, the first one only is immediate; it manifests itself simultaneously with its cause-it is seen. The others unfold in succession- they are not seen; it is well for us if they are forseen.”
— Frédéric Bastiat
Bastiat was rumbling through my mind as I watched the SAP webinar GRC Partner Knowledge Session, “Process Control and Risk Management Enablement Session for Partners”. When it was over I had to look up the quote from his essay That Which is Seen and That Which is Unseen . As the presenter showed the risk management process: Risk Planning –> Risk Identification –> Risk Analysis –> Risk Response –>Risk Monitoring and how the software allows you to execute this process, what is seen are all the risk management controls available in the software, the compliance to regulatory risk, supply interruptions, all the obvious routine problems that happen with some regularity. We can even model that risk with Monte Carlo simulation using four very limited distributions, discrete, continuous, lognormal and normal. What is unseen is the cascade of events under way based on decisions made years ago. The limits of our knowledge stare us in the face but knowing this is to be prepared. We live most at risk when we feel comfort by engaging in the process, with misapplied statistical measures of uncertainty, Monte Carlo simulation using distributions more suited for modeling Roulette than real life business. What is your exposure to rare events whose variance is not known? We can imagine innumerable disasters but how much money will be spent to survive the rare unexpected event when the quarterly earnings report is just around the corner? SAP BuinsessObjects Risk Management 3.0 is fine software but not in the hands of the dilettante and the intellectually lazy.