The latest enterprise risk management news from around the world

Geary Sikich explains why he believes that Brexit is a Black Swan event and describes various issues that enterprise risk managers should consider when assessing and managing Brexit risks.

In his book, ‘The Black Swan: The Impact of the Highly Improbable’, Nassim Taleb defines a Black Swan in the Prologue on pages xvii – xviii, xix, xx – xxi, xxv, xxvii.  I quote a few (what I consider) key points:

xvii: “What we call here a Black Swan (and capitalize it) is an event with the following three attributes:

First is an outlier, as it lies outside the realm of regular expectations, because nothing in the past can convincingly point to its possibility.

Second, it carries extreme impact.

Third, in spite of its outlier status, human nature makes us concoct explanations for its occurrence after the fact, making it explainable and predictable.

xxv: “The Platonic fold is the explosive boundary where the Platonic mindset enters in contact with messy reality, where the gap between what you know and what you think you know becomes dangerously wide.  It is here where the Black Swan is produced.”

xxvii: “To summarize: in this (personal) essay, I stick my neck out and make a claim, against many of our habits of thought, that our world is dominated by the extreme, the unknown, and the very improbable (improbable according to our current knowledge)…”

To summarize:

A Black Swan is a highly improbable event with three principal characteristics: it is unpredictable; it carries a massive impact; and, after the fact, we concoct an explanation that makes it appear less random, and more predictable, than it was.

Taleb continues by recognizing what he terms the problem: “Lack of knowledge when it comes to rare events with serious consequences.”

Why is Brexit a Black Swan and what does it mean?

Brexit meets the definitional criteria of Nassim Taleb:

First, Brexit is an outlier, as it lies outside the realm of regular expectations, because nothing in the past can convincingly point to its possibility.  No other nation has left the European Union (EU) to date.

Second, Brexit carries extreme impact. Brexit’s impact is already being felt in many areas: geopolitical, information systems (think GDPR, privacy, etc.), trade (cross border issues), finance, infrastructure (i.e., Eurotunnel), risk management, business continuity, contingency planning, strategic planning, supply chain operations, etc., etc.

Third, Brexit in spite of its outlier status, has already afforded a plethora of literature concocting explanations for its occurrence (before, not) after the fact, actually adding to the confusion rather than making it explainable and predictable.

Charlie Maclean-Bristol FBCI FEPS, in an article, entitled, ‘10 Brexit contingency actions you can do now’ (February 23, 2019) shares 10 actions you can carry out NOW to prepare for a no-deal Brexit.  A summary follows:

Think about your exposure to a no-deal Brexit, and what the possible impact on your organization might be. I like this list of possible consequence areas in an EY report I read:

  • Tariffs and non-tariff barriers
  • Sourcing and supply resilience
  • Legal and regulatory compliance
  • Workforce
  • EU funding and finance
  • Foreign Direct Investment (FDI).

Think about whether you are going to operate a Brexit Operating Regime over the Brexit period. When Brexit does occur, will you change your business practices, or at least have a plan in place to call together an incident team if it starts to impact your organization?

If you are no-deal planning, you need to decide what scenarios you are planning against (reasonable worst-case). 

Speak to your customers, share planning ideas.

Speak to your suppliers.

Understand your deadlines and when the ‘last safe moment’ is before you need to make important decisions.

Understand what your exposure to EU citizens within your workforce is. Set up a communication program to inform and educate.

Think about whether Brexit will increase or decrease the requirements for your services and if so, are you ready to increase or decrease your workforce, production or activities?

Consider whether something else could go wrong at the same time as Brexit.

Keep up-to-date with events.

Brexit a failure to communicate, getting caught in ‘Activity Traps’?

Risk is complex. When risk is being explained, we often have difficulty listening and comprehending the words used in the explanation. Why? The rather simple explanation is that compelling stories are most often told with dramatic graphics! Is this pure drama or are these events that we should be concerned about? Or are they so unusual and rare that we fail to comprehend the message about the risks that we face?

Communication and how we communicate is a key factor. Words by themselves are about 7 percent effective as a communication tool. Words, when coupled with voice tonality raise effectiveness to about 38 percent.  However, the most effective way to communicate is via physiology, which gets us to about 55 percent effective. Ideas get distorted in the transmission process. We typically remember 10 percent of what we hear, and 65 percent of what we see and hear. Yet, we typically spend 30 percent of our time speaking, 9 percent writing, 16 percent reading and 45 percent listening.

We live in an era of information explosion and near instantaneous availability to this information. Driven by a media bias for the dramatic we are constantly being informed about some great calamity that has befallen mankind somewhere in the world. Society is not awash with disasters! There is always another flood, riot, car bomb, murder, financial failure just around the corner. And, there is a compelling reason for this! The societies we live in have a lot of people! Some quick examples – China and India each have over 1 billion people.  The US has 300+ million people.  The European Union has 450+ million people.  Japan has 127+ million people.

Taleb tells us that the effect of a single observation, event or element plays a disproportionate role in decision-making creating estimation errors when projecting the severity of the consequences of the event.  The depth of consequence and the breadth of consequence are underestimated resulting in surprise at the impact of the event. 

An ‘Activity Trap’ is defined/explained thus:

“Processes and procedures are developed to achieve an objective (usually in support of a strategic objective). Over time goals and objectives change to reflect changes in the market and new opportunities. However, the processes and procedures continue on. Eventually, procedures become a goal in themselves – doing an activity for the sake of the activity rather than what it accomplishes.” [Odiorne, G., Management and the Activity Trap]

To overcome the effect of ‘False Positives’ and ‘Activity Traps’ the following section offers some thoughts for consideration.

Michael J. Kami author of the book, ‘Trigger Points: how to make decisions three times faster,’ wrote that an increased rate of knowledge creates increased unpredictability. Stanley Davis and Christopher Meyer, authors of the book ‘Blur: The Speed of Change in the Connected Economy,’ cite ‘speed – connectivity – intangibles’ as key driving forces. In the context of Brexit these 12 steps may temper some of the uncertainty and effects.:

Step 1: Where Are We? Develop an External Environment Profile
Key focal point: What are the key factors in our external environment and how much can we control them?

Step 2: Where Are We? Develop an Internal Environment Profile
Key focal point: Build detailed snapshots of your business activities as they are at present.

Step 3: Where Are We Going? Develop Assumptions about the Future External Environment
Key focal point: Catalog / catalogue future influences systematically; know your key challenges and threats.

Step 4: Where Can We Go? Develop a Capabilities Profile
Key focal point: What are our strengths and needs? How are we doing in our key results and activities areas?

Step 5: Where Might We Go? Develop Future Internal Environment Assumptions
Key focal point: Build assumptions, potentials, etc. Do not build predictions or forecasts! Assess what the future business situation might look like.

Step 6: Where Do We Want to Go? Develop Objectives
Key focal point: Create a pyramid of objectives; redefine your business; set functional objectives.

Step 7: What Do We Have to Do? Develop a Gap Analysis Profile
Key focal point: What will be the effect of new external forces? What assumptions can we make about future changes to our environment?

Step 8: What Could We Do? Opportunities and Problems
Key focal point: Act to fill the gaps. Conduct an opportunity-problem feasibility analysis; risk analysis assessment; resource-requirements assessment. Build action program proposals.

Step 9: What Should We Do? Select Strategy and Program Objectives
Key focal point: Classify strategy and program objectives; make explicit commitments; adjust objectives.

Step 10: How Can We Do It? Implementation
Key focal point: Evaluate the impact of new programs.

Step 11: How Are We Doing? Control
Key focal point: Monitor external environment. Analyze fiscal and physical variances. Conduct an overall assessment.

Step 12: Change What’s not Working -  Revise, Control, Remain Flexible
Key focal point: Revise strategy and program objectives as needed; revise explicit commitments as needed; adjust objectives as needed.

I would add the following comments to Kami’s 12 points and the Davis, Meyer point on speed, connectivity, and intangibles. Understanding the complexity of Brexit can facilitate the ability of the organization to adapt if it can broaden its strategic approach. Within the context of complexity, touchpoints that are not recognized create potential chaos for an enterprise and for complex systems. Positive and negative feedback systems need to be observed/acted on promptly. The biggest single threat to an enterprise will be staying with a previously successful business model too long and not being able to adapt to the fluidity of situations (i.e., Black Swans). The failure to recognize weak cause-and-effect linkages, small and isolated changes can have huge impacts. Complexity (ever growing) will make the strategic challenge more urgent for strategists, planners and CEOs.

Summary points

I will offer the following summary points:

  • Clearly defined rules for the world do not exist, therefore computing future risks can only be accomplished if one knows future uncertainty,
  • Enterprise risk management needs to expand to effectively identify and monitor potential threats, hazards, risks, vulnerabilities, contingencies and their consequences,
  • The biggest single threat to business is staying with a previously successful business model too long and not being able to adapt to the fluidity of the situation.
  • Current risk management techniques are asking the wrong questions precisely; and we are getting the wrong answers precisely; the result is the creation of false positives,
  • Risk must be viewed as an interactive combination of elements that are linked, not solely to probability or vulnerability, but to factors that may be seemingly unrelated.
  • This requires that you create a risk mosaic that can be viewed and evaluated by disciplines within the organization in order to create a product that is meaningful to the entire organization, not just to specific disciplines with limited or narrow value.
  • The resulting convergence assessment allows the organization to categorize risk with greater clarity allowing decision makers to consider multiple risk factors with potential for convergence in the overall decision-making process.
  • Mitigating (addressing) risk does not necessarily mean that the risk is gone; it means that risk is assessed, quantified, valued, transformed (what does it mean to the organization) and constantly monitored.

Recognize too, that Brexit unpredictability can be positive or negative.  For example; our increasing rate of knowledge creates increased unpredictability due to the speed at which knowledge can create change.

Risk is never absolute. Risk is set by the receiver of the consequences.  Corporate leaders increasingly recognize that today’s most critical threats require advanced preparation for ‘when’ not ‘if’ these risks materialize. This shift to strategies that anticipate risks will require rethinking our current approaches and redefining how risk is managed. A critical component is having an integrated front between boards, officers, legal, and compliance, among others.

About the author

Geary Sikich is a Principal with Logical Management Systems, Corp., a consulting and executive education firm with a focus on enterprise risk management and issues analysis.

Geary is also engaged in the development and financing of private placement offerings in the alternative energy sector (biofuels, etc.), multi-media entertainment and advertising technology and food products. 

Geary is a frequent speaker on high profile continuity issues, having developed and validated over 4,000 plans and conducted over 450 seminars and workshops worldwide for over 100 clients. Geary consults on a regular basis with companies worldwide on risk management, business continuity and crisis management issues.


Apgar, David, Risk Intelligence – Learning to Manage What We Don’t Know, Harvard Business School Press, 2006.

Brooks, David, “Our risk mismanagement,” New York Times Published on Sunday, May 30, 2010

Davis, Stanley M., Christopher Meyer, Blur: The Speed of Change in the Connected Economy, (1998).

Gardner, Dan, “Risk: Why we fear the things we shouldn’t – and put ourselves in greater danger,” 2008, McClelland & Stewart Ltd.  ISBN: 978-0-7710-3259-2

Kami, Michael J., “Trigger Points: how to make decisions three times faster,” 1988, McGraw-Hill, ISBN 0-07-033219-3

Klein, Gary, “Sources of Power: How People Make Decisions,” 1998, MIT Press, ISBN 13 978-0-262-11227-7

Levene, Lord, "Changing Risk Environment for Global Business,” Union League Club of Chicago, April 8, 2003.

Maclean-Bristol, Charlie, FBCI FEPS 10 Brexit contingency actions you can do now Published on February 23, 2019

Odiorne, George, “Management and the Activity Trap,” Harper & Row Publishers; 1974, ISBN 0-06-013234-5

Orlov, Dimitry, “Reinventing Collapse” New Society Publishers; First Printing edition (June 1, 2008), ISBN-10: 0865716064, ISBN-13: 978-0865716063

Rosenbaum, Eric, “BP, Big Oil: Meet Sarbanes-Oxley Section 302,” 22 June 2010

Sikich, Geary W., Managing Crisis at the Speed of Light, Disaster Recovery Journal Conference, 1999

Sikich, Geary W., Business Continuity & Crisis Management in the Internet/E-Business Era, Teltech, 2000

Sikich, Geary W., What is there to know about a crisis, John Liner Review, Volume 14, No. 4, 2001

Sikich, Geary W., The World We Live in: Are You Prepared for Disaster, Crisis Communication Series, Placeware and ConferZone web-based conference series Part I, January 24, 2002

Sikich, Geary W., September 11 Aftermath: Ten Things Your Organization Can Do Now, John Liner Review, Winter 2002, Volume 15, Number 4

Sikich, Geary W., Graceful Degradation and Agile Restoration Synopsis, Disaster Resource Guide, 2002

Sikich, Geary W., Are We Creating False Positives?, Continuity e-Guide, March 2004

Sikich, Geary W., “Aftermath September 11th, Can Your Organization Afford to Wait”, New York State Bar Association, Federal and Commercial Litigation, Spring Conference, May 2002

Sikich, Geary W., "Integrated Business Continuity: Maintaining Resilience in Times of Uncertainty," PennWell Publishing, 2003

Sikich, Geary W., “It Can’t Happen Here: All Hazards Crisis Management Planning”, PennWell Publishing 1993.

Sikich Geary W., "The Emergency Management Planning Handbook", McGraw Hill, 1995.

Sikich Geary W., Stagl, John M., "The Economic Consequences of a Pandemic", Discover Financial Services Business Continuity Summit, 2005.

Sikich, Geary W., "Black Swans or just Wishful Thinking and Misinterpretation?" e-Continuity Guide, July 2010

Sikich, Geary W., “When is a Black Swan not a Black Swan?”, June 2010.

Sikich, Geary W, “Will BP’s catastrophe in the gulf be the defining moment for oil industry executives?” pending publication August 2010.

Sikich, Geary W., “BP Vortex 6” Created, June 2010.

Surmacz, Jon, "Disaster Preparedness," CSO Magazine, August 14, 2003

Tainter, Joseph, “The Collapse of Complex Societies,” Cambridge University Press (March 30, 1990), ISBN-10: 052138673X, ISBN-13: 978-0521386739

Taleb, Nicholas Nasim, The Black Swan: The Impact of the Highly Improbable, 2007, Random House – ISBN 978-1-4000-6351-2

Taleb, Nicholas Nasim, The Black Swan: The Impact of the Highly Improbable, Second Edition 2010, Random House – ISBN 978-0-8129-7381-5

Taleb, Nicholas Nasim, Fooled by Randomness: The Hidden Role of Chance in Life and in the Markets, 2005, Updated edition (October 14, 2008) Random House – ISBN-13: 978-1400067930

Taleb, N.N., Common Errors in Interpreting the Ideas of the Black Swan and Associated Papers; NYU Poly Institute October 18, 2009

Vail, Jeff, The Logic of Collapse,, 2006

Van Vactor, Sam, Dr, “US Energy and the Dodd-Frank Act,” 10 August 2010

Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.