3. Security and Risk Management
The third place where the leadership team succeeds or fails in their organizational foresight work is in Security, a department that seeks to protect the operational freedoms and assets of the firm. This includes such functions as intelligence, physical security, health and safety, legal, intellectual property, risk management and insurance. Perhaps the most obvious strategic foresight activity that belongs to security is intelligence work, which includes competitive intelligence, to anticipate competitor’s offerings and plans, and technical intelligence, to discover which new scientific research, technologies, and product and service development proposals are likely to pay off, and which are premature, hype, or poor bets. Competitive and technical intelligence work also occurs under R&D and market research, but wherever it occurs, Intelligence is a key security activity.
Scanning is a strategic foresight activity that is one task of intelligence. In the best scanning systems, as in the Singapore defense community’s Risk Assessment and Horizon Scanning (RAHS) program, the organization’s entire stakeholder network monitors and learns from environmental information, and can flag and forward items of potential significance to those leaders best able to assess them. RAHS is much more than just a scanning system however. It has become a foresight and futures survey platform for the entire country, as this excellent Foreign Affairs article, “The Social Laboratory” (2014) acknowledges. Top-down scanning systems, exclusive just to Top Management, M&P, or Security departments are always less effective than those that maximize employee input and cognitive diversity. Getting trained as an intelligence analyst can be great preparation for many other forms of foresight work.
One of the more forecasting-oriented types in the security department is the insurance actuary, a Risk Management professional who builds an evidence-based future model in a variety of areas, using conservative, quantitative strategies for dealing with risk and uncertainty. The corporate lawyer, who uses IP, precedent and case law to create legal security is another example. Risk management more generally involves the mitigation of risk and uncertainty via intelligence, insurance, safety, security, and other activities. Organizational psychologist Karl Weick’s Managing the Unexpected (2007) explores how “high reliability organizations” like emergency rooms, air traffic control, and military and firefighting units manage and organize for reliable performance under conditions of risk and uncertainty, offering lessons for any organization.
While Kirton’s Creatives (see Chapter 10) are not a typical hire in the security function, they can be very effective when the firm recognizes their value. The best firms employ a few innovators and rule-breakers in their security departments (think of white hat hackers), engaging them in continual efforts to try to break the organization’s security capabilities and expose their flaws. Nassim Taleb’s Antifragile (2012) gives examples of the great value of this approach to security foresight. Another powerful and underused security foresight method is wargaming, a way to test management’s operational security against innovative adversaries in a simulation built by employees or consultants. Herman and Frost’s Wargaming for Leaders (2008), describes Booz Allen Hamilton’s work building competitive wargames for corporate and military clients.
To recap, the Security department commonly has responsibility for three of our top twenty foresight functions: Intelligence, techniques to assess environmental information for threat and opportunity relative to the firm, including Scanning (a task of Intelligence); Risk Management, the identification, analysis and mitigation of risk and uncertainty; and perhaps most obviously, Law & Security, the various ways firms use legal, human, and physical security methods to protect their rights, freedoms, and assets in predictable, dependable ways.