Author: Rob De La Espriella, BD3, CEO and Founder, BlueDragon IPS
Regulated and un-regulated industries face unique challenges in identifying and addressing risks to their operations. Gray rhino events are highly probable, high-impact events that are often ignored or downplayed until it is too late to prevent or mitigate their consequences. Unlike black swan events, which are rare and unpredictable, gray rhinos are predictable and preventable if the necessary action is taken in time.
There’s nothing quite as formidable as a gray rhino charging head-on into an organization, disrupting everything in its path and even causing companies to go under. Here are six events that can be considered gray rhinos:
- Safety incidents: Safety incidents, such as workplace accidents or environmental spills, can have significant consequences. These incidents are often predictable and preventable, but they can still occur due to complacency, inadequate safety protocols, or a lack of proper training.
- Quality control failures: Quality control failures can lead to product defects or safety issues, which can have severe consequences. These failures can occur due to a lack of attention to detail, poor communication, or inadequate training.
- Cybersecurity breaches: Cybersecurity breaches can compromise sensitive information, disrupt operations, and damage a company’s reputation. In regulated industries, breaches can also lead to regulatory violations, fines, and legal action. These breaches can occur due to inadequate security protocols, human error, or sophisticated cyber attacks.
- Regulatory non-compliance: Companies operating in regulated industries must comply with a range of complex and ever-changing regulations. Failure to comply can result in fines, legal action, and reputational damage. Non-compliance can occur due to a lack of understanding of the regulations, inadequate monitoring and reporting, or deliberate misconduct.
- Supply chain disruptions: Supply chain disruptions, such as a shortage of critical materials or delays in shipping, can have significant consequences for companies. These disruptions can lead to production delays, increased costs, and a loss of revenue. They can occur due to unforeseen events, such as natural disasters or geopolitical tensions, or inadequate planning and risk management.
- Talent shortages: Talent shortages, particularly in highly specialized or regulated industries, can limit a company’s ability to innovate, compete, and comply with regulations. These shortages can occur due to demographic shifts, a lack of investment in workforce development, or inadequate recruitment and retention strategies.
These risks, if not properly managed, can lead to gray rhino events; highly probable and high-impact events that are often ignored or downplayed until it is too late to prevent or mitigate their consequences. To prevent such events, organizations must be proactive in evaluating potential risks and continuously analyzing and strengthening their defenses. This requires a comprehensive approach that includes risk assessments, effective controls, continuous monitoring of defenses, organizational alignment, and a culture of continuous improvement. It also requires implementing a strong problem-solving system that can identify the deepest-seated causes of negative trends, organizations can optimize their processes and systems to ensure that they operate efficiently, effectively, and in compliance with regulatory requirements.
With the following measures in place, regulated and unregulated industries will be much better prepared to prevent or mitigate the impact of gray rhino events.
- Conduct risk assessments: Conduct comprehensive risk assessments to identify potential gray rhino events that may impact the organization. This assessment should be an ongoing process that identifies and prioritizes risks and vulnerabilities. Establish a plan of action to address the risks and vulnerabilities identified in the risk assessment. This plan should be integrated into the organization’s strategic plan and should outline specific steps to prevent or mitigate gray rhino events.
- Implement effective controls: The organization must implement effective administrative controls (i.e., the programs, processes and procedures that ensure safe and efficient operations, as well as how to respond to adverse conditions), technology solutions such as firewalls and other cyber barriers, and physical controls such as guards, guns and gates, to prevent or mitigate the impact of gray rhino events. Together, these controls form an organization’s “line of defenses,” and they should factor-in the results of the risk assessments.
- Monitor defenses: The organization’s line of defenses must be regularly monitored and assessed to ensure their effectiveness. Establish “dashboards” to display data from various sources to monitor and analyze Key Performance Indicators (KPIs) in real-time. Dashboards are used in business and organizational settings to track progress towards goals, identify trends, and make informed decisions based on data-driven insights. Routinely conduct “Analysis of Defenses:” in-depth evaluations or self-assessments of the organization’s performance in adhering to established programs, policies and procedures. Equally important is that these analyses identify missing or weak defenses.
- Close performance gaps: Once potential gray rhino events have been identified and the line of defenses established, the organization should maintain a Corrective Action Program (CAP) that documents non-conformances, noncompliance with standards and expectations, and other performance gaps (i.e., when the organization does not meet the requirements set forth in the line of defenses, or the defenses were less than adequate). The most effective CAPs analyze and trend low-level noncompliance and nonconformance events, to identify negative trends such that they can be evaluated. Consider these low-level issues to be event-precursors (symptoms), as one of the key tenants of root cause analysis is that the deepest-seated causes of these symptoms will eventually cause much larger and more impactive events. It is important that the organization implement a strong problem-solving system that can identify the deepest-seated causes of negative trends. The most advanced methods entail a holistic approach that evaluates human behaviors, the human interactions with the physical and cyber barriers, and the human interactions within their complex, sociotechnical work environments.
- Establish organizational alignment: To establish alignment within the organization, employees must understand the potential threats to the organization (e.g., gray rhino events), the defenses in place to prevent such events, and the programs in place to identify, document and address nonconformances and noncompliance with those defenses. Every employee should be trained on the practical application of critical thinking and basic problem-solving tools and techniques, to maintain a high degree of awareness of any weaknesses in the organization’s line of defenses. This training should be ongoing and should include key personnel that routinely evaluate the performance of an organization in areas such as Industrial Safety, Environmental Health and Safety, Quality Assurance and Quality Control, Security and Safeguards, Radiation Protection, and others.
- Establish a continuous improvement attitude: Continuous improvement is the ongoing effort to identify and address areas for improvement within an organization’s processes, procedures, and systems. This involves a systematic approach to identifying and analyzing areas for improvement, developing and implementing solutions, and measuring the effectiveness of these solutions over time. The goal of continuous improvement is to optimize processes and systems to ensure that they operate efficiently, effectively, and in compliance with regulatory requirements. By continuously monitoring the line of defenses, documenting and addressing performance gaps, conducting in-depth investigations to identify the deepest-seated causes of those gaps, and taking corrective actions that strengthening the defenses, organizations will be much better prepared for a gray rhino event.
In summary, risk management should be viewed as an ongoing process. Gray rhino events, in sharp contrast with black swan events, can be identified and actions taken to prevent or mitigate the consequences of such events. By taking the steps outlined above, we can better anticipate, prevent or mitigate the impact of gray rhino events. And with a continuous improvement approach, we will continually reduce the probability that a gray rhino event will have a significant impact on our organization.
About the Author:
Rob De La Espriella, BD3, CEO and Founder, BlueDragon IPS
Deming Prize winning team member and pioneering Nuclear Quality Assurance expert Rob De La Espriella is a former US Navy nuclear submarine officer and the founder and CEO of DLE Technical Services, LLC. Rob is a leading expert in solving costly human errors and complex problems in regulated industries, and has re-defined how organizations solve tame, complex and even wicked problems. Rob’s distinguished career in the nuclear sector spans over four decades, where he has led and facilitated hundreds of audits, assessments, accident investigations, root cause analyses, and operational excellence initiatives. His clients include commercial nuclear power plants, the US Nuclear Regulatory Commission (NRC), Department of Defense (DOD) installations, Department of Energy (DOE) National Laboratories, and facilities across the US Nuclear Weapons Complex. In 2023, Rob was accepted into the Forbes Business Council, contributing articles and commentary to help businesses reach their full potential.
For more information on critical thinking and complex problem-solving, watch this video on our BlueDragon YouTube Training Channel: https://www.youtube.com/watch?v=ICWlE-xqFa8&t=71s