In the ordinary daily grind, risk management can seem somewhere between abstract and irrelevant. In extreme environments – floods, nuclear power plants, epidemics and so on – the picture is clearer. Bad things happen often and if you don’t manage your risk, you will die.

By examining risk management in these extreme environments, we can distil seven key lessons for managing risk elsewhere.


Facing the consequences

First, death focuses the mind.

The best risk management systems work by ensuring that individuals face the consequences of their actions. Those who survive for long periods in extreme environments tend to be excellent risk managers.

If your own life is at stake, you don’t need restricted stock allocations or balanced scorecards to pay attention to risk and manage it. The lesson for managers is to align risk and reward so that the pain and the gain go together.

False security

Second, honesty matters. There are many situations where people convince themselves that since nothing has happened for a while, the risk must have gone away. For example, a city might want protection against a one in 100 year storm, but that level of flood control is extremely expensive. One-hundred years is a long time; few remain in a job more than a couple of years. Silence is tempting.

The city’s protection level glides silently down. Eventually, a storm of less than one in 100 year severity hits and causes catastrophic damage, and the slippage is revealed. What is frightening in these situations is that everyone knows what is happening, but nobody says anything.

Loud voice, thick skin

Third, and by extension, risk managers need a loud voice and a thick skin. Fundamentally, risk is about uncertainty, meaning not only is the risk rare but you are unsure of how rare.

Predictions about risk are thus doubly uncertain, and risk managers will often be wrong. If they communicate too frequently, people will simply tune out their warnings; communicate too infrequently and there will be little awareness or understanding of the risk.

Most risk managers err on the side of frequency, and they therefore need both a loud voice to make themselves heard, and a thick skin to cope with the sarcastic comebacks after a few unfulfilled predictions. The flipside of this law is that a risk manager who does not sound the alarm is not managing risk.

Models are not reality

Fourth, models cannot manage risk. The decreasing cost of computing power means that computer models are ever more powerful, integrating ever more data.

The line between reality and model blurs; it is tempting to substitute the model for reality. Succumbing to this temptation is a mistake. Models are only models, reality simplified so that our minds can grasp a slice of it.

Reality is always more complex. For example, if a lethal hospital-based epidemic such as SARS broke out, at what point would people decide that going to hospital was more dangerous than staying at home? Would they try to travel, or shut themselves up at home?

No one knows, and the most likely outcome is entirely new and adaptive behaviours. You cannot model what you have never imagined. You can, however, ensure that you draw a bright line between what’s based on data and what is based on assumptions.

Rigorous training

Fifth, standards drive success. Even when your own life is at stake, it is possible to freeze in the face of danger. Risk managers in extreme environments counter this tendency by imposing rigorous standards for personnel selection, training, and operating procedures.

They select people who are physically and mentally robust – who have “personal characteristics and qualities than can’t be taught, such as determination, robustness, and integrity”, in the words of a serving SAS lieutenant colonel.

Furthermore, they ensure that these individuals operate reflexively according to highly standardised procedures. This means that if (or when) communication breaks down during an emergency, everyone knows what they are supposed to be doing in what sequence, and gets on with it.

Unintended consequences

Sixth, beware unintended consequences. When the US Forest Service articulated the ‘ten by ten’ rule – all fires over ten acres under control by 10am the next day – it undoubtedly seemed a good idea. However, fires are a natural feature in dry environments. Successful tree species have evolved to cope, to the point where they depend on fire to incinerate competing saplings, and ash to replenish soil nutrients. Artificial fire suppression allows leaf debris and brush to build up and tree density to increase.

As a result, when lightning strikes and fires break out, they are ever bigger and more destructive. In practice, fire suppression transmutes frequent, small fires into periodic catastrophic firestorms.

Stuff happens

The seventh and final lesson is to remember that ‘stuff happens’. The best risk management in the world can’t eliminate risk. In extreme environments this is particularly clear.

In less extreme environments, it is less clear, as bad things happen rarely. For example, a passenger airliner had not been hijacked in the US for almost 30 years prior to 11 September, 2001.

It was possible to think that the risk had gone away, that risk management was unnecessary, or that effective risk management had stopped them from happening. As the events of that day demonstrated, in this case it hadn’t, it wasn’t, and it didn’t. n

Duncan Martin’s book, Life and Death: Managing Risk in Extreme Environments, was published by Kogan Page in early 2008.



  • Risk models should not be taken as fact. A particularly egregious form of this is when output from one model substitutes for facts as input into another model, and launders itself into fact in the process. This has happened in complex structured products such as collateralised debt obligations (CDOs).
  • If risk management procedures are well defined, well understood and well rehearsed, each individual can execute their part of the risk management plan independently. It is also important for every member of the team to be rigorously selected and trained.
  • The best example of using well-established risk management procedures is California’s standard emergency management system (SEMS), in large part because California is beset by natural disasters – earthquakes, floods, fires and so on -– from all sides, affording Californians plenty of opportunities to hone their emergency procedures.
  • Risk managers will often be wrong, and so must be persistent to get their voice heard. Some will speak out too often and have their warnings ignored, like Cassandra’s alarm about the Trojan horse; while others will not communicate enough and there will be a lack of understanding of the true risk in question. A risk manager who does not raise the alarm is not doing their job.
  • It is impossible to eliminate risk. It must be remembered that ‘stuff happens’ which cannot be controlled or predicted.
  • Managers must learn to balance risk and reward, as someone would in an extreme situation. If your life is at stake, you quickly learn to monitor risk and control it.
  • It is extremely important to be honest. If something has not happened for a long time, it does not mean the risk has gone away. The situation cannot be allowed to drift until something catastrophic happens.
  • Reality is very complex and cannot be fully imitated by models and assumptions. In certain situations, entirely new behaviour may be seen.
  • Certain actions can have completely unintended consequences. What appears at face value to be a useful contingency plan could in fact be storing up trouble for the future.
  • The September 11 attacks on New York are a clear example of how certain catastrophic events cannot be predicted or planned for.