“Not all those who wander are lost” - Gandalf, LOTR
We cannot always know what a thing is without first knowing how it relates to our purpose and goals.
Let’s imagine we are walking on a path on the way home. We notice a huge boulder up ahead. How would you perceive this boulder?
Psychologists say we don’t see objects only as things. In fact, we see them also as something that is useful (an opportunity) or as or something that is not useful (an obstacle). We see things through the lens of our goals:
If we have no goal, the boulder is just a rock.
If we want to get home, the boulder is an obstacle preventing us from getting home.
If we are tired, the boulder is a chair; a place to sit down and rest so we can make it the rest of the way home.
If we are in need of safety, the boulder protects us from walking into a sink hole to ensure that we make it home.
What we perceive is based on what we are trying to achieve or what we need.
What this means for risk
This is why risk should not be evaluated in isolation. Risk must be considered in connection with objectives. Whether something is a threat or an opportunity depends very much on what we are trying to accomplish.
Sometimes a risk is just a thing. It isn't connected with any goals and therefore doesn't affect what we are doing. Too often these are the majority of what is contained in risk registers – they are unconnected things on a list.
Other times risk look like obstacles. They hinder or are in the way of meeting our business goals. These obstacles need to be avoided or handled to improve the probability of achieving our goals.
In the words of Gandalf from LOTR,
"Not all those who wander are lost."
In the same way, not all rocks are obstacles and not all risks are threats. Sometimes, they are opportunities to help us achieve our goals and need to be exploited. These are rocks that can be used as chairs to sit on, barriers to protect us from harm, or some other use that will improve our chances of success.
What this means for compliance
For compliance to improve its risk perception it needs to look through the lens of its goals connected with:
Obligations - this will help to see obstacles and opportunities associated with meeting obligations (Compliance Risk).
Objectives - this will help to see obstacles and opportunities associated with keeping commitments (i.e. promises) associated with obligations (Operational Risk).
Doing this will create better risk registers but more importantly provide better measures to improve the probability of achieving compliance and realizing its benefits. It also will avoid wasting time cataloguing rocks that don't matter, no offence to geologists.