Odysseus and his GRC system
The ancient Greeks had repeatedly failed to siege the city, which probably is located in modern-day northwestern Turkey. After ten long years, they slowly realized that a cunning trick was their last hope. So they built a gigantic wooden horse and placed it outside of the city walls.
The Trojan citizens, who were accustomed to success, were convinced that the Greeks had simply made an offering to the goddess Athena. Cassandra had warned the citizens of Troy in advance of the upcoming disaster. She was, so to speak, the perfect risk manager because she had been given the gift to foresee the future by Apollo himself. Still, no one believed her. Laokoon, a priest who had also warned the Trojans of the ominous present, experienced the same fate.
The result? The Trojans opened the city gates, pulled the horse into the city, and placed it before the temple to Athena. That night, the Greek soldiers hiding in the horse climbed out and opened the gates so their army could conquer the city. With this stratagem, the Greeks won the Trojan war.
What lessons can we learn today from mythology?
Modern-day risk managers can learn a great deal from these tragic experiences in Greek mythology. You could pose the question, for example, if an assessment of historical risks could have helped the citizens of Troy. Probably not, because they had never experienced a situation like that in the past and would not have listed it in their risk inventory either. And quite a few risk accountants would have multiplied the miniscule 0.02 % probability of occurrence (anticipated waiting period of 5,000 years under the assumption of an exponential process with constant intensity) with a catastrophic scope of damage of several billion – and disregarded the risk all together.
What could have helped citizens of Troy is an active risk culture and learning from the future, for example, through a structured scenario analysis. They could have also held a business war game based on the question: “What have the Greeks come up with now after having held out for so many years without avail?”
Weighing opportunity and risk was as relevant then as it is today
The ability to weigh opportunity and risk adequately is a key factor for (business) success. In this respect, risk management is one of the primary tasks of any top manager and a core component of good corporate governance. After all, each business action has a direct correlation to uncertainty and the resulting opportunities and risks. Each business decision ultimately weighs opportunities and risks – and the willingness of decision-makers to take risks plays an important role in this regard.
The risk maturity model shown in Figure 1 illustrates the important steps from an initial risk management system to a leading one.
There is a direct, compelling correlation between the maturity of risk management and the use of different tools and methods. Collection methods mostly dominate on the “initial” and “basic” levels. “Evolved” systems utilize collection methods and analytics while ensuring a good cooperation among the existing silos of risk management, compliance management and management accounting. “Advanced” risk management ties together planning and risk management in the form of wide-scale planning and integrates compliance and risk management to an integrated enterprise risk management system (ERM) or governance, risk and compliance (GRC) system. This also requires the use of a comprehensive set of solid tools ranging from quantitative methods to methodical risk aggregations. “Leading” tools have the highest maturity level and view risk and opportunity management as a strategic instrument of enterprise management. Compliance management, internal control systems and management accounting, of course, are integrated in a unified methodical setting and system. Risk and opportunity management is also fully integrated in the business processes. A risk culture thrives throughout the organization as one of the company’s core processes.
Figure 1: Maturity levels in risk management [Source: RiskNET GmbH]
Odysseus, the quintessential risk manager
Aside from examples for risk management gone awry, Greek mythology also provides vivid stories of a lively risk culture. Thanks to his deliberations and careful planning of risk and opportunities, Odysseus and his crew were able to proactively manage the dangers of the adventure ahead of them. Aside from questioning any imaginable oracles or gods, the risk managers of ancient times also had a keen sense for dangers and opportunities as well as preventive and proactive management.
Odysseus was no exception. Simply peering into the past would have blinded him from the actual risks (and opportunities) that he encountered on his odyssey. He probably would have never set off in the first place – opting to simply sit around and enjoy the campfire on some Ionian island. But since he was a descendent of Laërtes (and, therefore, Zeus) on his father’s side and Anticlea (and, therefore, Hermes, one of the ten divine children of Zeus) on his mother’s side, he embarked on adventurous trips full of danger and opportunities at a very early age.
When he planned his voyage by the charming yet dangerous sirens, he followed the advice of the sorcerer Circe. She was well versed in compliance and recommended a code of conduct for him and his men in order to safely pass by the dreaded creatures.
And the moral of the story?
To help their chances of staying alive, the men plugged their ears with wax in order not to hear the sirens’ enchanting voices. Odysseus let himself be tied to the ship’s mast so that he could not succumb to their temptations. Ultimately, Homer’s tale of the adventures of Odysseus is a nothing less than a lesson in hands-on, proactive and effective risk management.
That means in a nutshell: Odysseus’ adventure is a quintessential example of opportunity and risk management. Choose the best route. Weigh risks and opportunities in advance with the help of analytics (in his case through Circe who served as an analyst of sorts). Make the right conclusions. Think ahead before making the next move. Some companies could learn many lessons for the present day from this seemingly simple story about the captain and risk manager, Odysseus, and his GRC system.
Frank Romeike, Managing Partner, RiskNET GmbH