Downside Up – Managing Risks, Part 1“A ship is safe in harbor, but that’s not what ships are for” [1]

For a business unit to be Sustainable, that is, to thrive in perpetuity [2] it is clearly necessary to manage the downside of business as well as the upside. In today’s globalized economy, where social impacts and environmental impacts must be managed along with increasingly complex economic issues, managing the downside goes far past insurance coverage. Managing risk does not mean eliminating risk, because opportunity is often the flip side of risk — like the ship experiences at sea.

Last year, Greg Hutchins [3]  made a presentation entitled Risk Management – The Future of Quality. He kindly provided a copy of the slides from his presentation, along with permission to quote. I take the pillars of his presentation to be:

>> Businesses operate in an increasingly “VUCA” world, where Variation, Uncertainty, Complexity and Ambiguity too often prevail, and

>> To cope with a “VUCA” world, risk management should follow the same course quality management has taken over the last quarter century. Four slides from Greg’s presentation illustrate the changes he recommends:

Capture - Q+ E - VUCA

In essence, Greg borrows the structured, process focused, statistical approach that defines contemporary quality management and applies that approach to risk management. His presentation does a good job of introducing the concepts behind effective risk management. You might contact Greg through his website ( and request a copy of his slides.

 The International Organization for Standardization (ISO) takes a similar approach in the ISO 31000 International Standard for Risk Management – Principles and Guidelines. Those familiar with the ISO 9001 standard for quality management systems will readily grasp its relationship to the new ISO 31000 standard. However, unlike ISO 9001, ISO 31000 provides guidelines, not requirements. So, there is no need to be certified to ISO 31000. Also unlike ISO 9001, ISO 31000 does not require another documented management system. Rather, ISO 31000 recommends that risk management be fully integrated with existing management processes and systems.

 The guts of ISO 31000 are the Risk Management Framework and the Risk Management Process. The Framework “provides the foundations and arrangements that embed (risk management) throughout the organization and at all levels”. The Framework deploys the Risk Management Process. The Risk Management Process consists of a series of steps: Establishing the Context, Risk Identification, Risk Analysis, Risk Evaluation and Risk Treatment. The Process serves to determine the actions to be taken to address risks as they are encountered.

 Establishing a policy for addressing risks is central to all of this. The policy expresses the organization’s level of risk tolerance in such a way that authorized decision makers at all levels have a common basis for making decisions on risk. Keep in mind that risk management decisions are exercises in assessing probabilities, conducted in a “VUCA” atmosphere. Beware of assessing probabilities intuitively. Daniel Kahneman [4] won a Nobel Prize for his work on decision making. He found that the intuitive part of human thought just doesn’t handle statistical matters very well. Do the numbers.

 Part 2 of this post will make some specific risk management suggestions for smaller manufacturers. Part 2 will be available on 13 September.

 Chuck - Juneau4Thoughtful comments and experience reports are always appreciated.

…  Chuck Harrington

P.S. — When it is time for your firm to seriously pursue Sustainability, contact me — C.H.

Note: This blog and associated website ( are intended as a resource for smaller manufacturers in the pursuit of Sustainability. While editorial focus is on smaller manufacturers, all interested readers are welcome. New blog posts are published weekly.

Images: Ship photo from dreamstime, Set of four slides by Greg Hutchens, used with permission.

[1] This quote is most often attributed to William G.T. Shedd (1820 – 1894). There is some controversy however. Others attribute the quote to John A. Shedd, from a 1928 book or to Admiral Grace Hopper.

[2] Werbach, Adam, Strategy for Sustainability, Harvard Business Press, Boston (2009), page 9

[3] Greg Hutchins, P.E., Quality Plus Engineering. Quality Plus Engineering is an Oregon – based firm focused on critical infrastructure protection. Learn more at:

[4] See Kahneman’s remarkably readable new book, Thinking, Fast and Slow, Farrar, Straus and Giroux, New York (2011), especially Chapter 31 on Risk Policy