As mentioned previously, I’m continuing my work on Risk Existentiale, although the path continues to elongate with each further effort to comprehend a specific space. Increasingly, I’m seeing this “small space project” expand into an undertaking that will require considerable time and effort to carry out. For that purpose, I’m aware that some of the ideas need to get further circulation in the public commons, allowing them some play and exposing the light of discourse upon them.
For those not familiar with it, Risk Existentiale is my project toward a greater understanding of why existential risk happens in the corporate landscape (while it may lend itself to other institutions, the nonprofit and governmental agency are clearly not in the scope of the work). Most of our advancement in the risk management profession has been superficial and limited in descriptive and prescriptive quality. The fundamental question I pursue in this work asks:
Why it is that, in spite of all of the regulations, compliance frameworks, standards, policies, checklists, auditors, assessors and analysts, we continue to be surprised by risks? This problem affects all realms of corporate risk management — financial, operations, information, technology — and in spite of even greater application of risk rules, practices and methodologies, we seem further away than ever from control.
Earlier explorations on the subject, such as my Self-Evidence in Existential Risk or my Paulo Freire essay explore thoughts on the origins of this problem at a definition-of-truth level (e.g. “which truth are you seeking?” as some, including Heidegger, allege we may be unaware that we are using the wrong one). However, this increasingly leaves us with a one-dimensional description with little utility. There is much, much more going on that merits our attention.
Indeed, a path that has guided my approach to date can be well represented by the analog of the recommended discourse in Saul’s book, “Voltaire’s Bastards,” where it is suggested that we’ve grown too complacent in embracing policy and rejecting philosophy. Borrowing from Saul and appropriating Michel Serres (in particular, his Genesis), I would suggest that policy is nothing more than a local philosophical island of instantiation. Or as Deleuze and Guattari would describe for more persistent instantiations, a policy is a plateau in which a particular dominant thought from philosophy became the general way of thinking for the duration of the plateau’s existence. It is through this appropriation of islands and plateaus that one may regard our current approach to risk as one that is limited in its instantiation, subject to recurrences of failure until we sail away to a new instantiation with a topology more appropriate at comprehending the dynamic of risk. Furthermore, the application of Foucault’s analysis of discourse as a conceptually-limiting function that defines the capacity and perceptual limit of the system and the participants within it correlates to the island or plateau and has significant relevance in this investigation.
A Topology, Finally
Muddled in the deep plumbing of Derrida, Serres, Saussure and Lacan (of which a lot of the information theory and semiotic aspects affecting risk reside), I came up for air and grabbed Slavoj Zizek’s recent work, Violence: Big Ideas/Small Books. In it, the Slovenian genius of applied philosophical thought and cultural theory introduces a framework for violence which lends itself remarkably well to the topology of risk I’ve sought.
Borrowing from Zizek’s triumvirate model, risk consists of a single foreground domain of Subjective Risk, and two background Objective Risks: Symbolic and Systemic Risks. Through this application, great descriptive potential is immediately apparent and eventually, prescriptive value may eventually be derived. I’ll briefly describe these three elements, of which great work lies ahead in their examination, verification and application.
1. The Subjective Foreground
Subjective Risk: This is the domain of risks that affect a subject, such as a person, a portfolio, a computer server, a web application, a company’s reputation. Displayed on the canvas, these are the entities we discretely identify. This is the realm of known risk, that which our auditors, examiners and assessors evaluate, and to which our policies, regulations, standards and such attempt to manage. Indeed, this constitutes the overwhelming majority of our experience in the risk management profession: a world in which we attempt to prevent, detect and control risk. Yet in spite of our best efforts, we continue to be surprised by risks that appear “out of nowhere.” Our checklists didn’t anticipate their potential through the questions we asked, and our models excluded their existence. We’ve felt that there is more risk out there, but relegated them with Otherizing language by calling them Outliers and Black Swans. Those risks which we do not understand are unnamed, external and other, we declared as we embraced our hopelessly inept model.
2. The Objective Background
Behind the foreground of subjects that have commanded our attention in our assessments and audits lies a background — a canvas of what appears to be noise when our lens is adjusted for the near-field. That it appears as little more than entropy to us is not surprising: Cross-apply Zizek’s observation on violence to our world of risk: Subjective and Objective risk cannot be perceived from the same standpoint. Subjective risk is seen as the “perturbation of the ‘normal,’ peaceful state of things.” However, objective risk is inherent in the normal state of the subjective, invisible from its view as it is constructed in its essence and being (Zizek 2008). Zizek likens this to dark matter lurking about. Within this realm of the objective, we have two domains of risk:
a. Symbolic Risk: The domain of the symbolic is that of the very mind, thought and discourse of the corporate being or egregore. It is the domain where of our corporate reality is constructed and semiotics defined; a realm influenced by the thought of Saussure, Levi-Strauss, Lacan and Derrida among others. To explain the fundamental significance of semiotics in the definition of the corporate egregore in this essay is well beyond its scope; indeed, I’ll be fortunate to appropriately represent it in the several hundred pages I anticipate Risk Existentiale will occupy. That said, others have already laid some ground in the evaluation of semiotics in corporate thought. Fiol’s 1989 work on the impact of semiotics in corporate language on corporate boundaries and joint ventures, and Barley’s 1983 study on semiotics and organizational cultures, encourage a journey in this realm. For all the discussion among risk managers on “risk appetite,” “risk-averse/accepting/inclined cultures,” and so on, we should recognize these as indicators of the Symbolic domain. A serious exploration of this domain from the perspective of risk is overdue and will constitute a significant portion of Risk Existentiale.
b. Systemic Risk: From the symbolic domain that defines the thought and discourse, the Systemic is the body-without-organs of the corporate egregore. This is the domain of information flows, processes, transmissions and transformations. This is the realm of Deleuze and Guattari, and from a technological risk perspective, engages the thought of Alexander Galloway and McKenzie Wark.
Function of the Topology
In the proposed topology of risk, I would argue that a corporate entity which has experienced its evolution to the state of egregore (where a corporate mind distinct from that of its individuals has evolved) has seen that egregore accept a language, style of thought and perception in the domain of Symbolic Risk. As the egregorical entity engages in its information flows, it extends this quality of risk into the domain of Systemic Risk. In proper Deleuzian form, one would further expect smoothing of space to occur as the egregore’s body-without-organs extends through corporate departments, client relationships, vendor partnerships and other flows. Indeed, one would even expect the capacity for smoothing to occur in the flows between corporate egregore and regulator (to the potential dismay of those that anticipate autonomous supervision). This flattened space becomes our Risk Topography, which becomes our environment that gives rise to “explosions” (Zizek) of risk into the Subjective Risk domain.
From background to foreground, the Symbolic Risk of Long-Term Capital Management in the formation of their semiotic language which defined certain risks as “impossible” gave rise through its expression in its Systemic Flows and explosion into Subjective space of an existential, market-jeopardizing financial catastrophe. Or the NASA egregore that established a language of “launch at all costs” and gave rise to the Space Shuttle Challenger disaster. Indeed, we hear of explanations after the fact, blaming corporate cultures, group-think (a fashionable, lightweight term for the information theory egregore phenomenon) and other Objective Risk causes, yet our methodologies ignore this difficult analysis and proclaim “if only we added more regulations and auditors, we might have prevented that!”
Given the re-appropriation of Zizek’s wonderful topology, I’m encouraged that a descriptive effort will certainly be possible. Indeed, much progress has been made in the Systemic environment, through the examination of Galloway, Wark and others. I’m increasingly certain that a Deleuzian model will emerge here; Galloway’s efforts in this space are too compelling, though their examination has been from a predominantly technology-centric perspective. Backing the view out to one which embraces the general realm of corporate risk will take further effort. The Symbolic Risk domain remains a realm of great potential, yet also lurks as what we call in policy debate a “time-suck.” And of course, none of this roadmap anticipates what lies ahead in the integration of the topology, its linking to the Subjective Risk domain, and the analysis of any prescriptive potential.
With that said, it’s a path I find compelling and necessary. I believe we’re past due in recalling our current methodologies, given their absolute inadequacy in anticipating all but the known risk. Give my disinclination to write without seeking perfection, this blog will continue to be a source where many of the raw ideas will be hammered out, integrated or discarded. As always, comments and perspective that give illumination to the Risk Existential entity are welcome and encouraged.
A further challenge to the undertaking exists in its approach. I would hope and expect the project to have utility in the applied space of corporate risk management, yet increasingly recognize that we must leave our current plateau which requires a journey through deep and difficult terrain. One concept for the completed project is a true executive summary at the forefront, which provides ground sufficient for one eager to apply the thought, absent the deeper exploration. An example of this would be a Routledge Critical Reader-like introduction for an executive and professional audience, followed by the domains within the topology in full analytic detail.