From the Desk of Gordon Phillips, Chief Risk Officer (CRO)
In our last post, I discussed the idea of mitigating risk.
I mentioned how we can address those risks that we’re aware of, but how do we protect against risks that we cannot know in advance?
But, then again, is this even true?
Perhaps we really can anticipate all possible classes of risks.
At least we can try.
Let’s do that now and categorize some risks.
Below is my list; perhaps you can contribute some additional ones of your own.
People Risk
Think of this as operator error (“fat finger” comes to mind).
An engineer manually inputs the wrong parameter into a user field.
A centrifuge spins out of control and shatters, or a generator races into the red zone, causing circuits to blow.
Anticipating these types of scenarios would mean not allowing for erroneous inputs to be entered in the first place: problem solved.
Software Error
Ideally, all software bugs would long since have been identified and corrected.
But what of the possibility of a hidden bug, still lurking in the background?
Checks and balances would be written into the software to shut everything down the instant performance drifted outside of normative parameters: again, problem solved.
Infrastructure Failure
Perhaps the Internet goes down, electrical service is interrupted, or a hard drive fails.
Secondary pathways including multiple redundancies would already be in place, and would “kick in” instantly to shut down operations until normalcy was restored: once again, problem solved.
Geophysical Risks
Imagine that your operation is located in Vancouver, British Columbia.
The Cascadia subduction plate fractures without warning, slides under the continental North American Plate, and launches a devastating tsunami of unprecedented magnitude over Vancouver Island, flooding the entire city.
Or the Yellowstone caldera blows and covers the North American continent in several inches of ash.
Or an undetected meteorite enters Earth’s atmosphere and crashes into your center of operations.
As Chief Risk Officer for Pisano, am I going a little overboard in anticipating such extreme and unlikely risks as these?
Probably.
After all, I don’t want to risk exaggerating these risks.
Besides, secondary and tertiary mirrored facilities would instantly switch in, take over, and manage operations flawlessly and seamlessly.
With front line protections in place and backup mitigation systems secured, you can relax and get a good night’s sleep.
If anything goes wrong, alerts sent to my phone will let me know.
But what if the system that sends the alerts goes down?
I’d better get up and check.