Back to Blog

Seeking the Unknown

Posted by Dorothy Gjerdrum on February 11, 2015 at 11:24 AM

A lot of our most worrisome, current-day risks were not on our radar screens a decade ago. It was unthinkable that we would have to respond to a pandemic threat like Ebola or avian flu and that those risks, which originate far away from our shores, could pose a threat to public entities all across America. Really?

Think about some of the other “unknown” risks from the last two decades: the 9-11 terrorist attacks, Hurricane Katrina, the BP oil spill, the world economic crisis and the volcano that shut down air traffic around the world. For all of these events, what made them huge was an unthinkable combination of hazards compounded by our lack of preparedness and (mostly) inadequate response.

Were these risks really unknown or unimaginable?

Not so much. We know now that there were national security experts, doctors and epidemiologists, economists and geologists who knew about these uncertainties and who understood the risks that the rest of us failed to see. And these are not just random global occurrences. All of these risks could directly affected public sector operations in the United States

So if the risks are known by someone, somewhere – how do risk managers deal with that?

I think risk managers must be challenged to think beyond the data of the past and figure out how to incorporate more voices and new ideas into the process of identifying and describing the risks facing our public entities. We need to seek the unknown (to us) because it is known by someone. It’s not that we’re facing an abyss of unknowable proportion. Someone has already seen the deep hole, and they might even have suggestions about how to avoid it. We just need to listen.

What do you think risk managers should address in their entity's "portfolio of risk?" Who should we be listening to and how could we effectively consider risks that are beyond our direct control? 


Don Noel

February 13, 2015 at 11:53 AM

I think public entity risk managers need to pay attention to what's going on in the news and in the corporate world. Government and business don't necessarily have different "portfolios of risk" anymore. Sure, government still has the public safety aspects (fire, police and EMS), but it also now has risks like supply chain, cybersecurity, reputation and all the other forms known to private entities. As an example of what's in the news, Artificial Intelligence and robotics are the futuristic "unknown" that government entities should be very concerned about, as it's one of those things that is a "known" to someone, and it scares the heck out of many scientists. HR departments have HIPAA related information stored on computers, and other departments have credit card payment information in their systems that can be hacked. Another risk not just applicable to private entities: every employee, it seems, has a Facebook, LinkedIn or other social media account with the related "reputation" risks associated with those outlets. Just a couple of examples, but again we need to be cognizant of the fact that business and government are blurring lines more with each passing year, and risk managers would be wise to pay attention and learn from their private entity counterparts. Great article and food for thought!