The title of this comes from a phrase in an excellent book, The Character of Harms by Malcom Sparrow, which I read rather slowly some time back. (The slowness was due to a) my having to read it between many other books and b) it not being the lightest of reading – not the quality of the writing .) However, I was recently reading his chapter on “Catastrophic Harms” and he makes the point that decisions as to preventive action need to be consciously made. I think his terminology is far more erudite and elegant than my equivalent phrase, “default decision”, but we are addressing the same issue.
The problem arises in situations where a decision or action is needed but, for whatever reason, it is never consciously made. Thus, in effect, a decision is made to maintain the status quo. This, of course, doesn’t relieve the decision-makers of the responsibility for that decision but, perhaps, does allow them to pretend that they have, in some magical way, denied the seriousness of the issue.
I suppose the reason this struck such a chord with me was that I have watched such a situation unfold. I was in a position to observe a significant business continuity vulnerability develop. However, those able to address the vulnerability at a strategic level, and thereby potentially solve it, chose to focus their attention elsewhere. When that avoidance strategy failed and the relevant decision makers were unambiguously confronted by the vulnerability, it would seem to have come as a shock to them. The issue was finally addressed but I suspect the total human, reputational and financial costs of the repair were significantly higher that the mitigation costs would have been. I drew some business continuity lessons from the whole affair. They are, perhaps, obvious but I think they are worth repeating:
- There is a season to things.
From my perspective, this was a predicted issue requiring serious attention years before it became an operational problem. However, there was a) no appetite to hear the predictions and b) active censorship until the predictions became reality – anybody remember Cassandra? - You can run but you can’t hide indefinitely.
The decision-makers eventually had to address the vulnerability or be clearly failing in their fiduciary duty. A cost-benefit analysis of the subsequent necessary repair activity would have been very interesting. - You have to be patient and philosophical to be a business continuity manager.
This was, perhaps, the hardest lesson for me as I’m not the most patient of people. Intellectually, I accept that significant threats to operational continuity can be tolerated in an organisation. However, it doesn’t make me happy and I desperately want that tolerance to be the result of an act of cognitive commission, not omission.
Reference:
Sparrow, M.K. (2008). The character of harms: Operational challenges in control. Cambridge University Press: Cambridge.