Control is at the heart of professional risk management.
Risk management refers to “coordinated activities to direct and control an organization with regard to risk, ” according to the standard-setting international guidelines, ISO 31000:2018 (https://www.iso.org/obp/ui/#iso:std:iso:31000:ed-2:v1:en ). These do concede, however, that “Controls may not always exert the intended or assumed modifying effect,” without feeling obligated to underscore that such aftereffects increase risks too often.
The danger in stopping short by organizing around presumptively independent probabilities and consequences of failure (the defining topoi of “risk”) is that, stranded at your cognitive limits, you don’t realize what you have before you are little more than contingencies interdependently associated with aftermaths. At these limits, your official risk management framework misleads you in thinking otherwise.
This means starting with and taking seriously our cognitive limits and biases.
For example, the Fundamental Attribution Error has been defined as: The failure to recognize and explain human behavior by reference to situation in which the person finds himself or herself. Do appeals then to the absolute priority of universal human rights over the irreducible particularities of being commit this error? Or is there also a human right to commit that error?
Either way, control doesn’t come out looking good.
WHEN COMPLEX IS AS SIMPLE AS IT GETS 