Homeland Security Watch

News and analysis of critical issues in homeland security

May 27, 2010

Risk Makers and Risk Takers

Filed under: General Homeland Security — by Mark Chubb on May 27, 2010

Yesterday, Phil Palin made the case in this blog for the importance of public private partnerships in promoting homeland security, and, in particular, pursuing successful efforts to resolve the Deepwater Horizon crisis in the Gulf of Mexico. He offered a fairly conventional view of the role of the private sector as innovator and creative risk-taker. He also offered an altogether too common view of the public sector, which he described as risk averse.

Those of you who follow this blog closely will no doubt have observed that Phil and I agree far more often than we disagree despite having very different backgrounds and political leanings. Today, then will be an exception to that trend. While I arrive at the same conclusion as Phil–resolving crises requires concentrated effort and cooperation, often among people with different objectives, I think a compelling case can and should be made that the roles played by the public and private sectors before, during, and after a disaster operate much differently than Phil described them.

Let’s start with the notion that risk-taking is a particular strength of the private sector. This view is typically associated with the classic case for entrepreneurship, which holds that the people who create companies and build enterprises do so at great personal risk. Historically, these risks involved the possibility of losing the entrepreneur’s own capital and reputation. This view holds that failure is not an option for a real entrepreneur because it equals financial and reputational ruin.

As Malcolm Gladwell pointed out in the January 18, 2010 issue of The New Yorker, real entrepreneurs rarely see themselves as risk-takers. Indeed, they prefer the sure thing. Risk is for chumps. Confidence comes from seeing an opportunity with clarity, and knowing how to leverage one’s competence to meet the need before or better than anyone else can. Skilled entrepreneurs loath risk, and go to great lengths to minimize and control it.

In their book Switch: How to Change When Change Is Hard, Chip and Dan Heath, outline successful strategies for managing individual and organizational change. In essence, their approach is about minimizing or controlling the sense of dread that accompanies risk aversion, which represents the biggest impediment to successful change.

One of the case studies they use to illustrate their approach involves BP. Like most major oil companies, BP invests heavily in exploration. Finding new fields is a classic risky proposition. Most companies drill many test wells before they find one good producer.

As the Heaths tell the story, when BP took stock of its operations it saw the costs and consequences of drilling dry holes rising faster than theirs and their shareholders’ tolerance for the risks associated with their conventional (and above average) strategies for striking oil. After reviewing the processes they used to decide where and when to drill test wells, they identified a way to improve the success rate dramatically. To discourage their exploration managers from making bad bets, they adopted a simple stratagem to sum up their approach: “Drill no dry holes.” When failure is not an option, success is not assured. But the strategy BP adopted paid off, and BP made their already good record of exploration success even more exceptional.

Minimizing risks is not just a question of mindset though. Companies pursue many strategies to hedge their bets. A skilled entrepreneur prefers to play games where skill matters more than chance. When chance plays a role, a good entrepreneur always covers her bets. But is it realistic to apply assumptions about the risk taking behavior of entrepreneurs to large, multinational corporations and their executives? Is the chairman or CEO’s risk the same as that of an entrepreneur embarking on a new venture? Clearly, the answer is no. If we have learned anything from global financial crisis, it is that those at the top of the socioeconomic pyramid rarely face a genuine risk of ruin. As a consequence, to the extent that they really are risk takers, they may operate more like gambling addicts than careful bettors.

This raises another question then. If a large corporation does not operate in the same way an entrepreneur does by selecting the game to play, deciding when and where to play it, and knowing when to hold or fold his hand, how then does a big enterprise avoid making bad bets? One way is to hire the right people. Another is to write the rules of the game. Sometimes these strategies are hard to distinguish from one another, especially when it comes to hiring talented people who have an intimate knowledge of the rules by which the game is played and special access to those who interpret and enforce them. Questions about whether or not BP engaged in such conduct have been raised.

If BP can find people in government willing to exchange public service for the prestige associated with offering their specialized knowledge and access in return for higher salaries, then we should scrutinize them and the public sector as well. Assuming the ex-public servant was skilled at what she did, jumping at the opportunity to make a better salary in the the private sector is a classic case of pursuing self-interest over the public interest. That does not make our former public servant a bad person, but neither does it make the company she joined a good corporate citizen.

When public servants pursue the public interest, they really have just two options for promoting the public good. They and their agencies can participate or they can regulate. By participate, I mean engaging in the production or delivery of goods or services used by others. When we look at the sorts of activities that fall under this ambit, we see monopoly enterprises that may be protected from competition but little else. The risk of failure and loss is everywhere. In fact, the risks are so big and so endemic that we need special rules to indemnify the government and its agents against inadvertent harm done to individuals for the benefit of the protecting the people as a whole.

In those instances where we expect the government to regulate on our behalf to preserve or protect a public good, the risk of failure is no less real than it is in instances where the government participates as a market actor. Indeed, much of the backlash over regulation arises from the perceived risks of involving those unfamiliar with or at a distance from transactions in decisions about them, particularly when they themselves have very little on the line in comparison to the market participants. As I have already noted, companies consequently expend no small effort to understand or influence how government and its agents perform the regulatory role. In many instances, this amplifies the risk by presenting opportunities for agency capture even when individuals do not pass through the revolving door.

As far as sweeping generalization go, I think it is unwise to suggest that companies are better positioned as partners because of the risks they take. Likewise, it seems foolish to assume that government and those elected and appointed to serve the public interest will always put their own interests above those of the public they serve. Indeed, the nature of the risks faced by individuals, companies, industries, and communities that go to the heart of public interest are so big that neither the public nor private sector can manage them alone. As such, neither is necessarily better positioned than the other to remedy the situation when things go wrong.

So far this analysis has focused on behavior that influences public and private actors before a crisis becomes apparent. When people recognize the risk of something bad happening has been realized, they clearly have different expectations of how public and private actors should respond. These expectations shape the roles each party plays and influence the allocation of responsibility when all is said and done.

In the case of the Deepwater Horizon crisis, clearly there is plenty enough blame to go around. But worrying about that right now just gets in the way of capping the well and remedying the damage. Getting the job done requires both the public and private sectors to recognize that a crisis is defined not by the realization of risk alone, but also by the loss of confidence in the capacity of those responsible for problems to fix them. By now it has become all too clear that we are in this mess together, and we have no choice but to work together to get out of the trouble we are in.

Share and Enjoy:
  • Digg
  • Reddit
  • Facebook
  • Yahoo! Buzz
  • Google Bookmarks
  • email
  • Print
  • LinkedIn


Comment by Philip Palin

May 27, 2010 @ 3:46 am


I appreciate the considered challenge and hope our readers will take on the issue. I will hold my substantive rebuttal until reading the concerns and arguments of others.

I will, though, offer one — perhaps niggling — clarification. I did not intend to imply that the private sector is consistently risk-taking or the public sector is consistently risk-averse. You have given great examples of private sector risk-managing. I would offer going to war as the public sector’s most dramatic embrace of risk-taking.

But I do believe there is an innate tendency for the two sectors to engage risk from two very different angles, and understanding this difference in perspective and approach can help all of us craft more effective collaboration between the sectors. More later.


Comment by William R. Cumming

May 27, 2010 @ 7:03 am

Well this is another wonderful exchange between two intelligent and thoughtful people.

But my outlook is more short term and here I argue for a quite different paradigm for both HS and EM. The “who is in charge” question lurks beneath the surface of the discourse above like the BP oil spill. Having been the spear point to defend FEMA in its days of independence before there was a DHS several times I always tried to change the discussion to the following paradigm now updated post 9/11/2001:

The question in domestic civil crisis management of response and recovery or whatever is not “who is in charge”? Hey at the start of WWII there was certainly someone in charge of the Polish Cavalry as they charged the Panzers. {And I claim Polish descent from my MOM]!
The better question is “who can do it or perhaps it is who can do what”? In helping create the old FEMA and working in it for two decades I tried to build and support technical knowledge and response capability. This was definitely not the paradigm for an agency that largely was an administrative grant making agency and had the vision of “Fire and Forget” with respect to federal funds handed out. Only very occasionally did discourse on the “federal fisc” being protected arise. But I was able to use this dialectic to demonstrate along with a few others that federal monies could be spent more wisely and might even be spent in a way as to produce future outlays.
There is a truth to the notion than even the most sophisticated regulators for the federal government often lack the needed technical expertise to understand what has happened in their regulated industries. This is caused by lobbying by business against development of such technical capability, marginal federal salaries for the most skilled that are employable in the private sector, and of course the nature of technical change inherent in a dynamic capitalism itself.

But underlying the “who can do what” paradigm is that someone somewhere actually knows what is going on whether in the federal establishment or the private sector.

Increasingly, it looks like the BP Oil Spill will be documented as the blind leading the blind. Hey the ship driveres in the Coast Guard, including the new commandant have long been the dominant culture, not HAZMATS response. And clearly the bean counter culture in BP had little real knowledge of risks although now coming out that the most frequently cited regulatory violator and accident source in the offshore oil industry and elsewhere was–guess who–BP! So far the BP expenditues on this event–about to pass the $880 million mark are having a miniscule impact on BP revenues.

What also is of interest to me is tha mythology has kept both the private sector from investing in security that may cost others rather than themselves. This offloading is atrocious. For example, Mircosoft really cared little for years about cyber security.
Congress is also at fault because it fails to document when it is making health and safety tradeoffs in legislation. And then the Excutive Branch gets pummeled when those needed health and saftey protections are kept from their purview.
It would be very difficult to describe the current US arrangements between the Public and Private sector as free market capitalism. We as a country seem willing to socialize risks and costs but not profits but perhaps that is just me. My point is not though private versus public capability. The hardnosed analysis by anyone of where actual capability and expertise exists means that essentially we become less resilient and less capable every day that passes. So here are my suggestions!

Just as their is a Congressional Budget Office why not create a Congressional office that decides what Constutional authority any new statutory scheme exists under–is it the Commerce Clause or the Tax and Spend Clause or some other clause? Then if the legislation involves health and saftey issues that conclusion becomes part of the legislation and legislative process. An example of this deficiecy is that the Atomic Energy Act of 1954 despite TMI and accidents in the world elsewhere still does not specifically label off-site saftey and plans and preparedness a health and safty issue even though assigned still to an underfunded and understaffed FEMA that must conclude by NRC regulations whether or not there is a reasonale assurance that the public can be protected by sheltering or evacuation or whatever, KI e.g.

EPA and the Coasties are significantly underfunded and understaffed for the world’s largest environmental contamination event in its history. Hey where is that supplemental as we again match funding for wars with domestic disaster relief funding in the current supplemental. After all a dollar spent now may well prevent the need to expend $10 in the near future or even $100!

And what is this dialectic between the Secretary of the Interior and Admiral Thad Allen. Does the public care who is at fault at this point? Yes in a way but also they [the public] I think would line up behind the President’s emphasis on “Shut the spill down NOW.”

I guess everyone knows my best guestimate is that the current shut off effort will fail and we (the US)and other Gulf of Mexico states and countries need to face the prospect of NO slowdown this year. But hey I have been known to be a “Henny-Penny” occasionally but strangely given time often proved correct.

Comment by Dan O'Connor

May 27, 2010 @ 7:43 am

Thanks for sharing Mark.

I often think risk is ill or self defined. We all define it differently and its definition is shaped by a myriad of cultural and formal education, norms, background, etc. In terms of any undertaking; both private and public endeavors don’t arbitrarily gamble and take uncalculated risks. In the risk/reward ratio both lead from their point of view and self interests.

I do not believe any of our observed crises were uninformed choices or wild gambles, per se. Even those entrepreneurs who might appear to take huge risks in fact do not. Maybe it’s an induced myopia.

Look at all the recent debacles and see that prior to the tipping point, huge profits were being made. But what of randomness?

Nassim Nicholas Taleb, author of Fooled by Randomness and The Black Swan postulates that human beings are often unaware or ignorant of the existence of randomness. He further states we overestimate causality and tend to view the world as more explainable than it really is. So they look for explanations even when there are none.

While in hindsigtht we can “back map” what went wrong, in reality and execution, we tend to overestimate our abilites and underestimate randomness. Coupled with our individual, group, organizational, and political definition of risk, randomness adds nuance usually beyond our field of observation.

Also, expertise, bias’, expectations, and to a degree, human nature all shape our definition of risk. Additionally, cultural conditioning and I am sorry to say, bravado also shape the risks we take.

However, the aversion of risk also has pitfalls and consequences. Comfort Zones and marginal return on investment, both in terms of time and assets can cripple an effective response and return. Are we than seeing a “perfect storm” of initial risk taking and now risk aversion? Coupled together, the high risk/high reward drilling with a small margin of error and the “timid” response displays gaping contrast.

And, in our lack of imagination in our risk mitigation strategies and planning, we now are in essence, flying by the seat of our pants trying to figure out how to stop the already unfolded catastrophe.

We must take more risk to create a solution for the initial risk taken. Never a good formula.

Employers take risks on employees and vice versa. Energy companies take risks to maintain market share and the market demands it. There is no tolerance for status quo. Rules, laws, ethics, etc all should shape planning and expectation, but if company “A” believes all their competitors are skirting the rules do they than feel an obligation to their owner, the share holder to skirt as well?

Isn’t that the performance enhancement Drug argument in sports? Isn’t that the Wall Street gunslinger traders’ motivation?

Unfortunately, I respectfully disagree with you on this one point; “. . . it seems foolish to assume that government and those elected and appointed to serve the public interest will always put their own interests above those of the public they serve. . .”.

I believe they universally do and must put their own self interests first. If they don’t they will not raise the money necessary to “compete” nor position themselves for re-election. Is it fair to say the vast majority of appointees are ideologues and/or payback positions? There is always positioning and posturing to ensure favorable observation. What is the motive for that, other than to meet self interests?

However, I completely agree with your point of view that we are wasting time worrying about who’s responsible and who to blame is getting in the way of capping the well and remedying the damage

Whether by definition of degree or opinion, our system rewards return on investment. Whether by random chance, zealous calculation, or near tipping point risk taking, if you win, you win; if you lose, well, it must be someone else’s fault.

It’s a very interesting point of view and thanks for sharing it.

Comment by William R. Cumming

May 27, 2010 @ 9:40 am

Dan’s comment is excellent and yes the WEST seems to be wrapping itself continually in “Cause and Effect” to the point of insanity.

Comment by Philip J. Palin

May 27, 2010 @ 9:48 am

Mark, you wrote, ” I think it is unwise to suggest that companies are better positioned as partners because of the risks they take.” It was not my intent to suggest that private risk-taking (or risk-making) makes better partners. In fact, I think it complicates relations with the public sector.

I begin with the assumption that the public and private sectors are and will be partners in the aftermath of disasters. What complicates the partnership? What could be done to improve the partnership?

The evidence you cite of private initiative to manage risk is helpful. I do not think it un-does wide-spread evidence of private risk-taking. Gladwell’s essay confirms what I have regularly observed in the most successful entrepreneurs: they undertake the risk once they have convinced themselves that the risk is minimal or non-existent.

If the risk is rewarded, then many — with the benefit of hindsight — will see how it was a sure thing all along. But the reality of the present disallows both foresight and hindsight. In the moment, the risk seemed real enough to most.

Further, talk to Ted Turner or other entrepreneurs listed by Gladwell and we usually find that, no matter how carefully they structure the risk, they see themselves as, in Gladwell’s words, “Captain Courageous, the man with nerves of steel who went on to win the America’s Cup, take on the networks, marry a movie star, and become a billionaire. He dressed like a cowboy. He gave the impression of signing contracts without looking at them. He was a drinker, a yeller, a man of unstoppable urges and impulses, the embodiment of the entrepreneur as risk-taker.”

Objectively true or not, the private sector believes in risk. It is their reality. Risk is their Endiku, Achilles, and dragon. They are Gilgamesh, Priam, or St. George, loving their adversary even as they seek to overcome it.

When did you last speak with a civil servant who celebrated risk? The civil servant admires Arthur not Lancelot, Solomon more than David, and George E. Marshall much more than George S. Patton. These are true heroes and cautionary antagonists.

(I am not concerned with public sector or private sector bureaucrats. There are plenty of each but — let us pray — such self-serving and careful fearful souls cannot claim the imagination and hopes of the majority in either realm.)

It is these alternative attitudes toward risk — Arthur v. Lancelot, if you will — that I am trying to suggest complicates the public-private partnership. My argument is that a wise Arthur will recognize the passion of Lancelot and seek to direct it; and Lancelot will honor the transcendent hopes and vision of Arthur with courageous service.

I have fallen back on literary analogies for lack of time. A few minutes ago my calendar for today was upended. But I hope this may help you read my original post in a different way. Given my purpose and this explanation, do you still argue that the public and private sectors can collaborate effectively without engaging their cross-cultural differences over risk?


Comment by Mark Chubb

May 27, 2010 @ 4:25 pm

Phil, Bill and Dan, thanks for taking the bait and engaging is such a thoughtful discussion of this issue. I must note from the outset that any disagreement I have with Phil’s original post is limited to the analysis of the risk appetites of public and private actors and by extension their respective sectors.

My objective was not so much to dispute Phil’s premise as it was to point out a problem with stereotyping risk perception and risk management behavior, especially as it relates to managing crises arising from the decisions and actions of one or both of them about risks. I agree with Dan in this regard. Risk is often in the eye of the beholder. One person’s risk is another’s sure thing.

For me, this problem in itself highlights another paradox: Depending on the circumstances, institutional inertia can either amplify or attenuate individual initiative. I do not dispute the notion risk-takers inhabit large bureaucracies of both the public and private variety. As Phil’s comment suggests, the tendency of large bureaucracies toward risk aversion or attenuating behavior is widely-recognized.

In some instances, this tendency manifests itself as risk-making because it inhibits error detection and correction. In other cases, under the right kind of conditions, a single influential individual can infect others’ thinking with either a sort of blindness or madness that causes them not to see situations as dangerous or to abandon inhibitions and take risks they might otherwise avoid.

To me, the important point here is that government officials may be risk averse, but their institutions are anything but that. We expect government to do things that no rational, self-interested market actor ever would. At the same time, self-interest drives private sector risk-takers to employ aggressive strategies to minimize or control their risks. Indeed, organizing as a company is itself a mechanism for doing just this.

I am reluctant, then, to give either public or private actors too much credit or too much blame for the ways they manage risks. We can learn a lot from both approaches. This observation only reinforces the point of agreement between Phil and me: We both see cross-sectoral cooperation, if not collaboration, as an essential element of successful crisis response and resolution.

Comment by Philip J. Palin

May 27, 2010 @ 4:46 pm

Mark, Bill and Dan:

I think it is worth noting that all three of you were being much more substantive than me. All of you were trying to get at something fundamental… something the Greeks would have recognized as theoria.

I was mucking about with praxis… changeable, fungible, impressionable elements of how we tend to define one another and divide ourselves into I and Thou, or worse, I and It.

I love our diversity, but the division, especially as it deepens, worries me. When pressed for time, I fell back on old myths and archetypes and stereotypes. But in doing so I was also trying to find a workable bridge to cross the divide.

I share in Mark’s appreciation.

Comment by William R. Cumming

May 28, 2010 @ 10:48 am

Brooks has interesting article on “risk assessment” as op-ed in yesterday’s NY Times. Argues that technology too complex and therefor have “faith” in those who understand it.

How many university disciplines teach courses in “risk assessment”?

RSS feed for comments on this post. TrackBack URI

Leave a comment

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>