Mitigating Risk In Challenging Environments

Putting people in harm’s way is typically thought of in terms of war zones, but the workplace itself can now meet this definition. A battle-tested veteran offers a playbook for reducing and mitigating risk.
Colonel Lee Van Arsdale (then Major, first row, right) led the Delta assault troop that captured Manual Noriega, Panama’s ‘de facto’ dictator, as part of Operation Just Cause in 1989. The troop poses in front of Noreiga’s home after his capture.”

Risk comes in so many different flavors that it makes Baskin Robbins’ ice cream flavors envious. There’s risk from competitors, insider threats, hostile foreign governments, natural disasters, supply chain vulnerabilities, reputational risk, and now a nasty virus. To me, the most significant risk is that which involves human life. For any leader of an organization that puts its people in harm’s way, there can be no greater factor in decision making. In the midst of a pandemic, most leaders now find themselves in this situation to some extent. Go back to work? Stay at home? Keep the people safe and lose the business? Risk people’s health in an attempt to salvage the business? Try and find a sweet spot; if one exists at all?

Putting people in harm’s way is usually thought of in terms of war zones, but now the workplace itself can meet this definition. With this in mind, I offer the following thoughts on how to reduce and mitigate risk, based on my time as a Soldier commanding troops in combat and as the CEO of a private security company that protected U.S. government people and property in active combat areas.

Plan. A good strategic plan is the starting point for virtually everything a company does, including risk mitigation. Most people are familiar with Field Marshal von Moltke’s observation that “No plan of operations extends with certainty beyond the first encounter with the enemy’s main strength,” often paraphrased to variations of “no plan survives the first shot.” Mike Tyson weighed in with “everybody has a plan until they get hit in the mouth.” Many people point to these philosophical luminaries as a reason for not planning. I would maintain that when the first contact is made, a sound plan keeps everyone focused on the main objectives and provides the framework for achieving these objectives in the midst of a crisis.

A strategic plan should be relevant to every member of the organization. For that reason, I don’t favor outsourcing it to a third party but rather involve every key element of the company in its creation and maintenance. Very often the plan itself can prove to be less useful than is the actual process of planning. A strategic plan should be viewed as a common foundation for the organizational goals, with the understanding that life will intervene. The plan should be updated at least quarterly, again involving key players. Many strategic plans, if they exist at all, live on a shelf gathering dust (or the digital equivalent thereof). Keeping the planning process active means that the plan won’t atrophy, and when a black swan appears, the organization that has been routinely planning will be far better equipped to deal with it.

A useful technique for making and updating a plan is a “what-if” drill. A regularly scheduled “what-if” drill will make sure that the most dangerous risks are addressed and planned for accordingly. The CEO should personally conduct this drill with the top leadership team, but it can be done at every level of an organization. What if a critical component of our supply chain is interrupted, who does what? What if we have a natural disaster, who does what? Or the worst case, what if someone dies, who does what? All these types of considerations should be addressed beforehand, and then if one of them does occur, everyone knows what to do. An added benefit is this is a great way to on-board new people in key positions.

A final word on planning: Do not fall in love with the plan. Unknowns will most certainly intervene and a good plan will account for that. The organization with well exercised planning muscles will fare much better than one trying to react on a de-facto basis.

Recruit. A good plan is only as good as the people executing it. Recruiting is one of the most critical, and most difficult, aspects of running an organization. Some outsource and some have an organic recruiting capability. More often than not, however, as soon as a vacancy occurs, it’s critical and has to be filled RIGHT AWAY! This urgency can lead to a truncated search that ends in a less than ideal result. I’ve seen this happen too often for it to not be considered the norm in several organizations. The time, money, effort, and angst spent in hiring the wrong person, and then ultimately replacing that person, could be so much better spent in conducting a more thorough assessment and vetting process in the first place. Yes, it often takes longer in the short term, but the long-term benefits far outweigh any inconveniences.

This all ties back to the planning process. A hiring plan embedded in the strategic plan will identify upcoming personnel needs before they become urgent. This also allows competing departments, all of whom want to make new hires simultaneously, to know beforehand what the hiring triggers and revenue requirements are.

Train. Once the right person has been hired, it is imperative for the organization to determine whether or not any training is required on hiring. The security company I worked for sent all our people through a rigorous training program before they could deploy overseas to work. Most of these recruits had impressive military backgrounds, but you can never assume that someone who had certain abilities yesterday will have them today. In some cases, the security contract mandated training, in others it didn’t, but we absorbed the costs required to train ALL of our deployed personnel. We owed them, and everyone with whom they worked, that much.

In terms of risk, providing initial or refreshment training is obvious. What may not be as obvious, and this ties in directly with recruiting, is what sort of risk do the employees pose themselves? Someone with a great record in the military or law enforcement compiled that record with a different infrastructure and chain of command versus the corporate world. A proper training program, incorporating stressors unique to the organization and position, will help to identify a problem before it occurs.

Another aspect of training is an ongoing professional development program, one that identifies future leaders and grooms them accordingly. Putting a high potential person in a position of responsibility too early or without proper oversight can create a risk to the organization that is often overlooked.

Equip. Providing the proper equipment to the workforce is an obvious necessity but one that usually isn’t associated with risk, except for the employee whose job description puts them in danger. With the Covid pandemic, every job description now puts everyone at risk, even those who work at home. As such, it becomes the organization’s responsibility to articulate and enforce prudent countermeasures. The primary decision maker is in an unenviable position, attempting to balance worker health with fiscal health. Those who are working off a good plan, with properly vetted and well-trained people, will find this daunting task easier than their colleagues who have neither.

For those who work at home now, we have found that a host of other issues have surfaced, all of which provide a form of risk to the company. Incidents of substance abuse, domestic violence, and related problems have risen since the widespread stay at home orders. Organizational leaders must do more than an occasional Zoom call to ensure the overall health of their team. Avoiding a virus is important but so is maintaining health in all other aspects. So, while a leader can no longer lead in the presence of the entire team, their responsibilities become even more critical.

Lead. This brings us to the final, and I would argue most important, aspect of risk mitigation, that of leadership. I won’t attempt to replicate the thousands of excellent books on the subject in a couple of paragraphs. What I will do is emphasize as strongly as possible the absolute imperative of positive leadership in identifying, planning for, and addressing every form of risk that poses a threat to the organization. The centerpiece of positive leadership is integrity. Subordinates must have the certain knowledge that they can trust their leader to always do what is right by them and the organizational needs. A great leader leads from the decisive point, in person when required, but primarily by establishing an organizational climate that is legal, moral, and ethical. A great leader is also infused with a sense of selfless service and ensures their subordinates are kept well informed. My own leadership style is to treat everyone the way that I want to be treated, to remain calm in stressful times, and to maintain a sense of humor. These traits aren’t universally shared by leaders, but the healthy organizational climate is.

An organization with strong leaders at every level doesn’t simply happen, and once achieved it has to be continuously nurtured. This is the organization that can most effectively deal with a black swan like a worldwide pandemic.


  • Get the StrategicCFO360 Briefing

    Sign up today to get weekly access to the latest issues affecting CFOs in every industry
  • MORE INSIGHTS