Risk Insider: Paula Vene Smith
Adding Redundancy to Parry Risk
Effective risk managers deploy redundancy as a powerful tool.
In a world that clamors for streamlining, cost-cutting, and every possible way to minimize waste, we might think twice before praising redundancy. But it all comes down to uncertainty about the future, and the need to be prepared for eventualities we can’t see coming.
As Nassim N. Taleb points out in his book The Black Swan, “Mother Nature likes redundancies . . . Look at the human body. We have two eyes, two lungs, two kidneys . . . and each has more capacity than needed in ordinary circumstances.”
Taleb refers to this extra capacity as nature’s “insurance”—basically the provision of spare parts—a lesson to be learned from evolution. He also discusses other, more subtle forms of redundancy. If adaptive redundancy consists of keeping identical spare parts available, functional redundancy involves multiplying the potential uses of a single element.
Because “you don’t know today what may be needed tomorrow,” he urges readers to consider and cultivate systems with built-in secondary as well as primary uses—extra functions that may contribute little or nothing now, but that increase one’s options later, as circumstances change and new problems call to be addressed.
As Nassim N. Taleb points out in his book The Black Swan, “Mother Nature likes redundancies . . . Look at the human body. We have two eyes, two lungs, two kidneys . . . and each has more capacity than needed in ordinary circumstances.”
In addition to the two types mentioned by Taleb, a third use of redundancy to combat risk might be called systemic redundancy. This approach involves building redundancy into a process—as when the completion of a transaction depends on actions by two different people, adding an apparently gratuitous step to narrow the space for error and fraud.
Here are some common uses of redundancy in risk management:
· Segregation of duties (also called separation of duties)
· Contracts with multiple suppliers for key components (as long as they don’t all rely on the same manufacturer)
· Electronic signboard or message systems with secondary unused functions
· Cross-training of employees
· Two-factor authentication for access to secure systems
· Storage of excess inventory
· Anonymous “tip” reporting system initially used for one specific purpose
· Back-up systems
· Alternative ways to exit a facility
Of course, not all redundancy is productive. Unless they serve a present or future purpose, duplicate components, steps, or functions are legitimate targets in the quest to reduce waste and streamline complex systems.
As risk managers know, there’s rarely a single risk to manage. The challenge often is to weigh the risk against its shadow. Two risks, or two values, angle for priority: Which matters more, to protect secure entry or to increase accessibility?
To assure confidentiality of records, or to demonstrate transparency? To protect workers’ safety on the job, or to spare them from cumbersome new protocols?
To manage risk is to balance risks. The skilled use of redundancy has much to offer. But like any other approach, it works only when benefits outweigh the costs.
Read all of Paula Vene Smith’s posts.