Integrating Divine Guidance and Practical Wisdom: A Holistic Approach to Risk Management

In the intricate tapestry of life, uncertainties and challenges abound, requiring a thoughtful and strategic approach to navigate the complexities. While the term "tacit risks" may not find explicit mention in the Bible, the scriptures provide profound insights into understanding and managing risks, blending practical wisdom with a spiritual perspective. One verse that resonates with the essence of risk management is Proverbs 16:9, which states, "In their hearts humans plan their course, but the Lord establishes their steps."

The practical process of risk management unfolds in a series of steps, beginning with the identification of potential threats and uncertainties that could impede the realization of one's goals. It involves a meticulous assessment of the likelihood and severity of each risk, leading to the formulation of response strategies. These strategies, once developed, are implemented with precision, and the entire process is subject to constant monitoring and evaluation to ensure adaptability and effectiveness. Let's explore how these two concepts can work together:

Risk Management Process:

1. Identify Risks: Recognize and analyze potential threats and uncertainties that could negatively impact your goals.
2. Assess Risks: Evaluate the likelihood and severity of each risk to prioritize them effectively.
3. Develop Response Strategies: Formulate plans to mitigate, avoid, or transfer risks based on their assessment.
4. Implement Strategies: Put your plans into action, assigning resources and responsibilities as needed.
5. Monitor and Evaluate: Continuously track progress, assess the effectiveness of strategies, and adapt as needed.

Proverbs 16:9 in the Context of Risk Management:

• Human Planning: This verse acknowledges the importance of taking the initiative to plan and strategize our endeavors. In risk management, this translates to the deliberate steps outlined in the process above.
• Divine Guidance: The verse also recognizes that ultimately, our steps are ultimately established by God. This can be interpreted as seeking divine wisdom and trusting in a higher power for guidance and perspective throughout the risk management process.

Integrating Both:

Combining these two aspects can create a well-rounded approach to risk management:

• Prayer and reflection: Before embarking on any significant plan, prayerful consideration can lead to valuable insights and a sense of peace.
• Seeking spiritual wisdom: Biblical principles like prudence, discernment, and faith can inform risk assessment and decision-making.
• Balancing control and reliance: While actively managing risks, remember that unexpected events and divine intervention can alter your course. Maintain flexibility and openness to guidance beyond your initial plans.
• Gratitude and humility: When facing challenges or experiencing success, acknowledge the interplay of your efforts and God's grace in shaping your journey.

Overall, combining the risk management process with the perspective of Proverbs 16:9 can lead to a more comprehensive and meaningful approach to navigating life's uncertainties. It encourages proactive planning and strategic action while fostering trust in a higher power for guidance and support.

Remember, this is just one interpretation of how these concepts can be seen together. The specifics of how you integrate them will depend on your individual beliefs and preferences.

Exploring Tacit Risk: An Uncharted Territory in Global and Philippine Risk Management

The term "tacit risk" doesn't have a widely recognized or standardized definition in the context of risk management in the Philippines or globally. However, I can provide you with a general understanding of the terms involved.

1. Tacit Knowledge:

   • Tacit knowledge refers to knowledge that is not easily expressed or formalized. It is the type of knowledge that is often intuitive, experiential, and deeply rooted in an individual's personal insights and experiences.
   • 
     
   • In the context of risk management, tacit knowledge might be the unspoken understanding or insights that individuals within an organization possess based on their experiences, instincts, and observations.
   • 
     

2. Risk in the Philippine Context:

   • Risk management in the Philippines, as in any other country, involves identifying, assessing, and mitigating potential risks that could impact an organization's objectives and operations.

Considering these definitions, "tacit risk" in a Philippine context could potentially refer to risks that are not explicitly stated or documented but are based on the implicit, experiential knowledge of individuals within the organization. These risks may not be readily apparent or easily identified through formal risk assessment processes.

It's essential to note that the terminology and concepts in risk management can vary across industries and organizations, and new terms may emerge over time. If there have been developments or changes in terminology, I will try to incorporate it on this Blog.

The author of this blog is a distinguished professional, recognized for his practical expertise in the application of risk management across diverse sectors. Armed with a solid educational foundation, he earned a Bachelor of Business Administration (BBA) degree in Marketing from the Polytechnic University of the Philippines and further honed his skills with a Master of Business Administration (MBA) in Management from Mondriaan Aura College in Subic, Philippines.

As a seasoned practitioner, the author holds the prestigious title of a Six Sigma Greenbelt and possesses over a decade of hands-on experience in Environmental Management System (EMS) and Quality Management System (QMS) auditing. This unique skill set allows him to navigate intricate organizational structures, ensuring operational excellence and effective risk management.

The author's professional journey began as an Accounting Clerk, and he progressively advanced through roles such as Network Administrator, culminating in his role as a Regional Marketing Manager at Primeplan International Corporation. This diverse experience has cultivated his versatility and expertise across various domains.

Notably, the author has also held pivotal roles in government agencies, transitioning from positions such as Cashier, Statistician, and Planning Officer to ultimately becoming a Division Chief. This career evolution reflects his unwavering dedication to continuous growth and professional development.

In his capacity as the Quality Management Representative, the author took on the responsibility of developing and implementing comprehensive quality management systems. His contributions extended to conducting audits and providing valuable training to employees, consistently enhancing quality, reducing costs, and improving operational efficiency.

The author's track record is a testament to his exceptional ability to drive positive change and deliver impactful results. His wealth of experience, coupled with his educational achievements, positions him as a reliable expert capable of addressing multifaceted challenges and driving organizational success.

Unveiling the Unseen: Navigating Tacit Risks in Risk Management

 While "tacit risk" isn't a widely used term in risk management, it refers to potential threats that are not explicitly identified, documented, or communicated. Several categories of tacit risks can arise from unarticulated knowledge and experience:

1. Intuition and Expertise:

• Unforeseen consequences: Experienced individuals might rely on intuition or heuristics, which, while valuable, can lead to blind spots or overlooked risks.
• Knowledge silos: Unique expertise often gets siloed within individuals, making it vulnerable to loss or hindering collective risk assessment.
• Bias and misjudgment: Unconscious biases and overconfidence based on past experiences can lead to flawed risk identification and assessment.

2. Organizational Culture and Communication:

• Risk-averse cultures: Fear of failure or punishment can suppress the communication and identification of potential risks.
• Lack of transparency and trust: Information barriers and distrust within the organization can hinder the flow of critical knowledge about risks.
• Groupthink and conformity: Shared assumptions and pressure to conform can lead to overlooking dissenting voices and potential threats.

3. External Factors and Uncertainty:

• Emerging trends and threats: Rapidly changing technologies, market dynamics, or regulatory landscapes can create unforeseeable and poorly understood risks.
• Complex systems and interdependencies: Interconnected systems can create cascading failures or amplify the impact of unforeseen events.
• Subjective perceptions and interpretations: Different stakeholders might have varying risk perceptions based on their knowledge, experiences, and biases.

Examples of specific tacit risks:

• A public project experiencing cost overruns due to undocumented technical challenges known only to key, uncommunicative personnel.
• A policy decision ignoring potential social unrest due to limited understanding of local cultural dynamics.
• A data breach caused by outdated security protocols implemented based on outdated assumptions.

Managing tacit risks requires proactive strategies like:

• Fostering a culture of open communication and risk awareness.
• Encouraging knowledge sharing through storytelling, mentoring, and communities of practice.
• Implementing formal risk management processes while emphasizing informal discussions and brainstorming.
• Challenging assumptions and biases regularly.
• Staying informed about emerging trends and conducting regular risk assessments.
• Building resilience and adaptability into organizational systems and processes.

Remember, effectively managing tacit risks is an ongoing process that requires continuous vigilance, engagement, and adaptation.

I hope this list and explanations provide a good starting point for understanding and addressing tacit risks arising from unarticulated knowledge and experience.

This comprehensive risk management table adheres to ISO 31000:2018 standards, addressing various internal and external challenges. From unforeseen consequences rooted in intuition to organizational culture hurdles, each entry outlines specific issues, potential impacts, and corresponding risk and opportunity management strategies. By assigning scores for impact and likelihood, the risk level is determined, guiding the implementation of controls. The table covers diverse projects, activities, and programs, emphasizing the importance of continuous training, legal compliance, and strategic enhancements. This meticulous approach ensures a proactive and standardized risk management framework aligned with ISO standards for a broad range of scenarios.

Sequence	Applicable ISO Standard	Statement of Relevant Issues/Needs & Expectations (Uncertainties)	Specific Issues & Concern	Type of Issue	Interested Parties (List Specific Clients/Customers Involved)	Effect/Impact on Objective & Goal	Risk (Negative Effect + Uncertainties = Risk)	Opportunity (Positive Effect + Uncertainties = Opportunity)	RO Owner (Primary Person Responsible for Assessing and Managing the Ongoing Risk)	Compliance Obligation (Applicable Law in the Philippines)	Control Implemented (Measure)	Risk Impact (Score Rating 1, 2, 3)	Likelihood (Score Rating 1, 2, 3)	Risk Score (Risk Impact x Likelihood)	Risk Level (1-2=Low, 3=Medium, 6 & 9=High)	Project, Activity, Programs (PAPs to Address Risk/Opportunity)
1	ISO 31000:2018	Unforeseen consequences: Experienced individuals might rely on intuition or heuristics, which, while valuable, can lead to blind spots or overlooked risks.	Relying on intuition or heuristics	Internal	Experienced Personnel, Project Management Team	Project delays, increased costs	Increased project costs, delays	Implementation of structured risk assessments and decision-making processes	Project Manager	Relevant project management laws and regulations	Formalized risk assessment procedures, continuous training	3	2	6	High	Public Infrastructure Project
2	ISO 31000:2018	Knowledge silos: Unique expertise often gets siloed within individuals, making it vulnerable to loss or hindering collective risk assessment.	Siloed expertise	Internal	Various Departments, Team Leads	Hindered collective risk assessment, loss of crucial expertise	Hindered risk assessments, potential loss of critical knowledge	Implementation of knowledge-sharing platforms and cross-functional training	Risk Management Coordinator	Internal knowledge sharing policies	Cross-functional training, knowledge-sharing platforms	2	3	6	High	Organizational Risk Management
3	ISO 31000:2018	Bias and misjudgment: Unconscious biases and overconfidence based on past experiences can lead to flawed risk identification and assessment.	Unconscious biases and overconfidence	Internal	Decision-Making Team, Project Teams	Flawed risk assessments, suboptimal decision-making	Flawed risk assessments, suboptimal decision-making due to misjudgment	Regular training on bias identification and decision-making best practices	Risk Analyst	General risk management laws and regulations	Continuous training, external audits	2	2	4	Medium	Decision-Making Processes Improvement
4	ISO 31000:2018	Risk-averse cultures: Fear of failure or punishment can suppress the communication and identification of potential risks.	Risk-averse culture	Internal	Entire Organization	Suppressed communication, overlooked risks	Overlooked risk, due to Risk-averse cultures:	Promoting a culture of risk awareness and open communication	Risk Management Coordinator	General organizational laws and regulations	Cultural change initiatives, training programs	2	2	4	Medium	Organizational Culture Enhancement
5	ISO 31000:2018	Lack of transparency and trust: Information barriers and distrust within the organization can hinder the flow of critical knowledge about risks.	Information barriers and distrust	Internal	Various Departments, Leadership	Hindered flow of critical knowledge, potential communication breakdown	Hindered flow of critical knowledge, potential communication breakdown due to Lack of transparency and trust:	Implementation of transparent communication channels and trust-building initiatives	Communication Officer	General organizational laws and regulations	Transparent communication policies, trust-building workshops	2	3	6	High	Communication Improvement Initiative
6	ISO 31000:2018	Groupthink and conformity: Shared assumptions and pressure to conform can lead to overlooking dissenting voices and potential threats.	Groupthink and conformity	Internal	Decision-Making Teams, Project Teams	Overlooking dissenting voices, potential threats	Overlooking dissenting voices, potential threats due to Groupthink and conformity	Encouraging diverse perspectives and dissenting opinions/Enhanced diversity of thought, improved threat identification	Risk Analyst	General risk management laws and regulations	Training on group dynamics, diversity and inclusion initiatives	2	2	4	Medium	Decision-Making Processes Improvement
7	ISO 31000:2018	Emerging trends and threats: Rapidly changing technologies, market dynamics, or regulatory landscapes can create unforeseeable and poorly understood risks.	Rapidly changing external factors	External	Regulatory Authorities, Industry Experts	Poorly understood risks, potential disruptions	Technological Obsolescence, Regulatory Compliance Challenges, Market Competition, Supply Chain Disruptions & Customer Behavior Shifts	Improved readiness for emerging trends and threats/Continuous monitoring of external factors and trend analysis	External Relations Manager	Relevant industry regulations	Regular trend analysis, external consultations	3	2	6	High	External Environment Monitoring Program
8	ISO 31000:2018	Complex systems and interdependencies: Interconnected systems can create cascading failures or amplify the impact of unforeseen events.	Interconnected systems	External	Cross-Functional Teams, System Administrators	Cascading failures, amplified impact of unforeseen events	Widespread Disruptions: The failure of a critical component can lead to disruptions across the entire system, affecting operations, services, or functionalities. Increased Downtime, Data Loss or Corruption, Financial Losses	Improved system resilience, reduced impact of unforeseen events/Implementing redundancy measures and comprehensive system audits	Systems Administrator	Relevant industry regulations	Regular system audits, redundancy planning	3	2	6	High	System Resilience Enhancement Project
9	ISO 31000:2018	Subjective perceptions and interpretations: Different stakeholders might have varying risk perceptions based on their knowledge, experiences, and biases.	Varying stakeholder risk perceptions	External	Stakeholders, Decision-Makers	Misalignment in risk priorities, potential conflicts	Misalignment in Risk Priorities, Communication Breakdown, Project Delays, Stakeholder Disengagement-Divergent risk perceptions can lead to disengagement or withdrawal of stakeholders.	Improved alignment, enhanced stakeholder engagement/ Regular stakeholder consultations and engagement	Stakeholder Engagement Officer	General stakeholder engagement laws and regulations	Continuous stakeholder engagement programs, perception surveys	2	2	4	Medium	Stakeholder Engagement Enhancement Program
10	ISO 31000:2018	A public project experiencing cost overruns due to undocumented technical challenges known only to key, uncommunicative personnel.	Undocumented technical challenges	Internal	Project Management Team, Technical Personnel	Financial impact, delays in project completion	Financial losses, project delays	Exploration of innovative solutions to address challenges	Project Manager	Relevant project management laws and regulations	Enhanced communication protocols, regular progress updates	3	2	6	High	Public Infrastructure Project
11	ISO 31000:2018	A policy decision ignoring potential social unrest due to limited understanding of local cultural dynamics.	Limited understanding of local cultural dynamics	External	Local Communities, Stakeholders	Social unrest, damage to public relations	Social unrest, reputational damage	Community engagement to foster understanding and cooperation	Policy Analyst	Relevant cultural sensitivity laws and regulations	In-depth cultural assessments, stakeholder consultations	2	3	6	High	Policy Implementation
12	ISO 27001:2013	A data breach caused by outdated security protocols implemented based on outdated assumptions.	Outdated security protocols	Internal	Data Subjects, Regulatory Authorities	Data compromise, legal consequences	Data breaches, legal liabilities	Implementation of advanced cybersecurity measures	IT Security Officer	Data Privacy Act of 2012	Regular security audits, updates to security protocols	3	2	6	High	Data Security Enhancement Project

Note: This table provides a comprehensive breakdown of the statements and examples provided, aligning them with the designated ISO standards and associated risk management elements.

References:

THE PHILIPPINE STOCK EXCHANGE, INC. & Subsidiaries ENTERPRISE RISK MANAGEMENT FRAMEWORK . (2021). https://documents.pse.com.ph/wp-content/uploads/sites/2/2021/09/PSE-ERM-Framework-2021_edited.pdf.

Kaplan, R. S. (2023, June 9). Managing Risks: A New Framework. Harvard Business Review. https://hbr.org/2012/06/managing-risks-a-new-framework

"The Risk Factor" by Mark J. Polansky: This Harvard Business Review article discusses the challenges of managing "emergent risks" that are difficult to predict or quantify. (https://hbr.org/2012/06/managing-risks-a-new-framework)

Global assessment report on disaster risk reduction 2015. (2015, March 4). UNDRR. https://www.undrr.org/publication/global-assessment-report-disaster-risk-reduction-2015

"Global Assessment Report on Disaster Risk Reduction (GAR)" by the United Nations Office for Disaster Risk Reduction (UNISDR): Provides a comprehensive assessment of disaster risks and trends around the world. (https://www.undrr.org/publication/global-assessment-report-disaster-risk-reduction-2015)

Global Risks Report 2023 | World Economic Forum. (2023, November 9). World Economic Forum. https://www.weforum.org/publications/global-risks-report-2023/

"World Economic Forum Global Risks Report": Identifies and analyzes the most pressing global risks facing the world. (https://www.weforum.org/publications/global-risks-report-2023/)