During the Cold War things were relatively simple: Everyone knew who the likely opponents were and could develop strategies and forces on that basis. Today a multipolar world presents a range of risks and threats – states, insurgents, guerrillas, terrorists and well-armed criminal groups, and often with intermingled and varying agendas and objectives.
This complex situation is well described as “volatile, uncertain, complex and ambiguous”, or VUCA, a term developed by students of the US Army War College in the 1990s. That is an apt description of the strategic situation in Sub-Saharan Africa, which is likely to become more complex over time as various external actors – states and non-state groups – increase their involvement in the region.
The role of the South African National Defence Force (SANDF) must be considered in that context. It is mandated by the Constitution to “defend and protect the Republic, its territorial integrity and its people”. The recent Defence Review added safeguarding of South Africa’s vital interests, and national policy is to contribute to regional security by participating in peace support missions.
The challenge will be to meet that mandate in an increasingly uncertain global milieu, characterised by unexpected conflict events that require an agile SANDF able to reconfigure itself to deal with risks and threats as they arise. The task of ensuring that capability is rendered more difficult by declining defence funding, which will demand some difficult decisions regarding capabilities and particularly force design and strength.
One way to create and maintain an agile SANDF able to adjust promptly and quickly to the evolving strategic situation, is to implement an effective risk management process that leverages uncertainty as an input to informed decision making.
The international standard for risk management, ISO31000:2018 Risk Management Guidelines, creates a best-practice guideline within which risk management ought to be managed. It outlines the risk management principles, framework and process with careful consideration of the risk ecosystem (essentially the ‘context’) to inform and manage risks effectively.
Traditionally, context has been negated from the risk management process, typically resulting in risk identification that is uninformed by the context that influences it. Risks would then typically be identified per specific risk category (e.g. economic, operational, legal, safety, health etc.), evaluated, treated and a risk owner assigned, with a misconception of ‘zero risk’ being the end point.
Risk, however, is defined as ‘the effect of uncertainty on an objective’*. Surely, then, it is critical to link the ambition (within the risk ecosystem, that is, internal and external factors) to identified risks that may threaten successful outcomes, in order to assure targeted risk management?
“By turning uncertainty to certainty, organisations can understand how losses can arise and how they can be ultimately prevented. By clearly identifying the goal you want to achieve, you can identify functions that will enable or obstruct you from reaching this goal”, says Simon van Wyk, Principal of Risk Advisory at Aurecon.
By way of example, let’s apply this logic to an ambition of the SANDF, and follow this success driven risk management approach. A possible ambition could be ‘Optimised SANDF resourcing (people, processes, budget and systems) that assures and enables asset integrity and efficient operational performance to fulfil its constitutional mandate’.
Here we list some potential critical success factors that would enable the achievement of this aspiration
• Align SANDF delivery with stakeholder expectations.
• Establish and secure suitably prioritised spending.
• Optimise suitably skilled human capital (people) to enable successful delivery.
• Optimise operational protocols to align with the ambition and stakeholder expectations in an efficient manner (e.g. systems integration, processes and procedures) that enable successful delivery.
• Empower personnel (skills development) with knowledge transfer.
• Comply to relevant statutory and regulatory requirements.
Each critical success factor is then taken through the risk identification process, highlighting relevant risks that may impede the SANDFs ability to achieve the aspiration. This comprehensive view of the SANDF specific drivers and associated risks will allow targeted risk interventions, aiding in the generation of an optimised and tailored approach within a contextual risk ecosystem that is now understood. and enabling agile planning and execution.
Once one understands the context, leadership can target risks which enables risk optimisation across people, processes and systems, creating and protecting value; the No. 1 principle of effective risk management.
What are the benefits?
• Purpose-driven risk management approach, turning uncertainty into certainty.
• Holistic view of success drivers informed by inputs obtained from key individuals and the overall SANDF ambition.
• Deep contextual understanding of what will ultimately define success.
• The success driver approach provides the basis for comprehensive risk identification inextricably linked to the SANDF’s ambition, which drives success.
• Direct value adds in promoting a strong risk aware culture within the SANDF owing to communication transparency of information.
This process has been tried and tested across various industries, for both public and private entities across Africa.
Just imagine…an effective defence for a democratic South Africa, enabled by a risk management approach that leverages uncertainty to create a platform for informed decision making with certainty.
*ISO31000:2018. Risk Management Guideline.