Black Swan Risk Management for Projects
By Jurie Steyn.
Decimus Junius Juvenalis, known in English as Juvenal, was a poet active in the period AD 110 to 130. He wrote sixteen satires on the vices, abuses, and follies of Imperial Rome and is regarded by many as one of the greatest satirists of the time. Juvenal was also the first person to describe an occurrence of extreme rarity as a ‘Black Swan’ when he referred to a good wife as a “rare bird, as strange to the earth as a black swan” (Juvenal, 1991).
Nowadays, Black Swan events generally refer to extremely low probability, but high impact occurrences that are disruptive in nature. They can evolve rapidly from a variety, or combination, of factors, including human error, negligence, malicious actions, or acts of nature (Bhatt, 2013). Black Swans can paralyse an organisation’s operations for a period, or even lead to its demise. The concept of a Black Swan event was promoted by Taleb (2007) in his seminal book The Black Swan – the impact of the highly improbable.
Taleb (2007) posits that a Black Swan event exhibits the following three attributes:
- Outlier event: It lies outside the realm of regular expectations because nothing in the past can convincingly point to its possibility. Aven (2013) argues that it would be more correct to say that “nothing in our knowledge can convincingly point to its possibility”. Black Swans are totally unpredictable, but possible. According to Boebinger (2013), they are such surprises that they surprise even experts.
- Extreme impact: The impact from a Black Swan event is extensive and can be positive or negative. Negative Black swans include the two World wars, the terrorist attacks of 11 September 2011, and possibly the Covid-19 pandemic. Positive Black Swans include the invention of the automobile, the personal computer, and the Internet.
- Retrospective predictability: People need to find explanations for why things happen and therefore we attempt to explain Black Swan events, after they occur. The explanation makes the Black Swan understandable and therefore predictable, albeit retrospectively.
In this article we first look at the real black swan to understand where the metaphor originated. We then consider Black Swans and their impact on projects, discuss ways to prevent Black Swans, and provide pointers on dealing with Black Swans. We conclude with a warning not to confuse Black Swans with Black Elephants…
The real black swan
Early Europeans believed that all swans were white because they had only ever seen white swans. Therefore, based on the empirical evidence, all swans were white and black swans couldn’t possibly exist. This perception was shattered in 1697 when the expedition of Dutch explorer Willem de Vlamingh to the west coast of Australia sighted many black swans on what they called the Swarte Swaane Drift or Black Swan River. Reports of the existence of black swans made it back to the Netherlands and England, but it took another century for its mythical status to dissipate completely (Haworth, 2021). The metaphor is built upon the idea that white swans are more commonly found in nature, but unexpectedly there’s a black swan.
The real black swan (Cygnus atratus), as shown in Figure 1, is a species of swan which breeds mainly in the southeast and southwest regions of Australia. This swan is nomadic within Australia and displays erratic migration patterns dependent upon climatic conditions. It is a large bird, up to 9 kg, with a red bill and mostly black plumage, although white feathers are visible during flight.
Figure 1: The black swan (Cygnus atratus)
The black swan’s preferred habitat extends across fresh, brackish, and saltwater lakes, swamps, and rivers with underwater and emergent vegetation for food and nesting materials. Black swans are omnivores, although they feed mostly on vegetation both in the water or in pastures. Common aquatic plants they feed on include algae, cattails, eel grass, and pondweed. Occasionally they will eat insects. It favours permanent wetlands, including man-made lakes, but can also be found in flooded pastures and tidal mudflats, and even in the ocean near the shore.
Populations of black swans were introduced as ornamental waterbirds to many countries over the past century, including New Zealand, most of western Europe, the United Kingdom, Japan, United States, and China, but these populations are not regarded as self-sustaining. The current global population is estimated to be around 500 000 individuals. No threat of extinction or significant decline in population has been identified.
Black Swans in projects
In the project world, there are many examples of failed projects, i.e., projects that appeared to be on track to deliver benefits within budget and schedule but suddenly something happens which causes the cost to run away, schedules to slip, and even projects to be terminated. These failed projects are often blamed on Black Swan events, although it is more likely that risk management was not practiced properly or that rare but predictable risks were missed during the risk identification step. Failed projects inevitably end with the usual recriminations or hunt for a scapegoat.
In this section, we take a brief look at the standard risk management process, identify some problem areas with the risk management process, look at project ‘fragility’ and how this relates to Black Swan events, and discuss Covid-19 as a possible Black Swan.
Project risk management process
A risk cannot be managed unless it is first identified. Project risk management covers all the activities and processes of planning for risk management, identification and analysis of project risks, response planning and implementation, and risk monitoring on a project (Steyn, 2018a, 2018b & 2018c). There are seven project risk management steps, as follows:
- Plan Risk Management: This involves finalising the methodology to be used for risk management on a project as described in a previous article (Steyn, 2018a). Details can differ from project to project.
- Identify risks and opportunities: The identification of individual project risks and opportunities in a manner which makes analysis possible.
- Perform qualitative risk analysis: Assess and prioritise individual project risks and opportunities for further analysis or action, based on their probability of occurrence and potential consequences.
- Perform quantitative risk analysis: The process of performing numerical analysis to determine the most likely outcome of identified high priority risks and opportunities.
- Plan risk responses: The development of risk reduction options, strategy selection, and agreement on preventive and contingency actions to reduce overall project risk exposure.
- Implement risk responses: The process of implementing agreed-upon risk response plans by the risk owner, according to the agreed upon timeline.
- Monitor risks: Monitor the progress with the implementation of agreed-upon risk response plans, identify and analyse new risks, and evaluate risk process effectiveness.
Unmanaged risks on projects may result in problems such as schedule and/or cost overruns, performance shortfall, or loss of reputation. Black Swan events can cause serious schedule and cost overruns, or lead to the cancellation of a project. Opportunities that are exploited can lead to benefits such as schedule and/or cost reductions, improved overall project performance, or reputation enhancement.
Problems with the traditional risk management process
Robinson (2015) states that projects often fail due to an exclusive reliance on the Risk Management Standard (ISO 31000) as the basis to manage risk, i.e., that which is presented in the previous section. He believes that the Standard fails the test for low-probability, high-impact events because it is risk-based and not criticality-based.
Risk-based means the management of identified risks is by the simultaneous appreciation of probability and consequence. Criticality-based means that the probability side of the risk equation should initially be ignored if the event is deemed credible and could potentially prove fatal, i.e., completely stop the project (Robinson, 2015). Hubbard (2009) also describes problems with the “standard” risk management approach in his book The Failure of Risk Management – why it’s broken and how to fix it. More on this topic later.
Our typical response to risk, especially low-probability risk, is often to deny it. We don’t think it can happen to us because most humans are optimists. We are overly optimistic about things when they are far enough in the future that we can’t see the details, or when the probability of occurrence is very low. This is known as optimism bias.
Tunnel vision in projects is a failure to see the bigger picture. It can cause project managers to focus on a particular outcome and to filter all information and evidence through the lens provided by that outcome. This may result in the project team concentrating on a single idea to the exclusion of all others. Any information that supports the adopted idea or outcome is elevated in significance, while evidence inconsistent with the idea is discounted or overlooked.
Figure 2: Tunnel vision and Black Swan risks (Adapted from Rolstadås et al, 2010)
Evidence has mounted since the turn of the century that the financial, social, and environmental performance of big capital investments, in the public and private sectors alike, is strikingly poor (Ansar, Flyvbjerg, Budzier & Lunn, 2017). They characterise the tendency of big capital investments to systematically deliver poor outcomes as “fragility” and consider large projects to be “fragile”.
Large programmes and complex projects create an attractive environment for Black Swans because of the sheer number of activities involved and the extended schedules. Ansar et al (2017) argue that big capital investments have a disproportionate exposure to uncertainties that deliver poor or negative returns above and beyond their economies of scale and scope.
Decisionmakers must not assume that bigger is always better when projects are concerned. Evidence suggests that on a risk-adjusted basis big ventures are unlikely to present good value (Ansar et al, 2017).
The Black Swan called Covid-19
In the Introduction I mentioned that the Covid-19 pandemic is ‘possibly’ a Black Swan event. There are probably as many people who believe it is a Black Swan as there are who think it isn’t, as a simple Google search will show. Strictly speaking, in terms of the definition of a Black Swan event, it isn’t one because it does not meet the first criterium of unpredictability. Not only was a pandemic predictable, but it was predicted by epidemiologists… In fact, there have been 16 major epidemics since 1850, where major epidemics are defined as having killed half a million people or more (Drake, 2021).
The Black Swan event is not the coronavirus itself. What makes it a Black Swan is the over-reaction of the political leaders and the media (LeBlanc, 2020; George, 2020). This could not have been foreseen and effectively caused all projects to come to a complete standstill. Certainly, as far as projects are concerned, Covid-19 and the responses it triggered was a definite Black Swan.
Drake (2021) maintains that we can expect a new pandemic disease about once a decade if the future is anything like the past. The next one may appear in less than a decade, or it may materialise in two decades. But it will come…
How to prevent Black Swans
The human preference for certainty, aversion to ambiguity, a tendency toward cognitive bias, and inclination to overestimate competence and underestimate risk represents the greatest danger in project risk management. Project teams who tend to be the best prepared for Black Swans and other low probability risks are almost always those who actively seek to address what blind spots they may have to strategically reconsider the risk landscape. This can be done by asking unorthodox questions, redefining problems, considering opposing perspectives, entertaining outlier opinions, and inviting critical feedback to challenge assumptions.
Black Swan events cannot be predicted (Taleb, 2007) and therefore it is impossible for a project team to attempt to prevent them. However, steps can be taken to minimise the impact thereof. The reality is that true Black Swans (unknown unknowns) within a project are quite rare. Far more regular are risks that could have been but were not identified by the project team. The risk management process simply did not pick it up.
You can’t prepare for every possible future scenario, but you can establish principles and protocols to be better prepared for the unexpected.
Risk management system
The reality is if you have a good risk management system in place for projects that starts with a workshop of diverse stakeholders then the likelihood of Black Swans is small. For a risk management system to be fully entrenched, it must have the support of the project management team, as well as the top management of the business.
It is essential to include as many stakeholders as is practicable in the risk identification workshop(s), to capture risks that might be known by others, but are potential Black Swans to the project management team. Remember Aven’s (2013) proposal that it would be more correct to say that “nothing in our knowledge can convincingly point to its possibility”. This implies that what may be a Black Swan for the project team, is totally predictable for specialists in their areas of expertise.
The purpose of risk identification is to identify risks to the project to the maximum extent that is practicable. Challenge participants at risk identification workshops to think outside the box to generate possible scenarios that could constitute Black Swan events. Think of combinations of events that might occur and cause your project to fail. Repeat risk identification sessions at regular frequencies during the project lifecycle to capture emergent risks.
There are many different types of risks that can affect the viability of a project. Steyn (2018a) proposes the use of nine risk categories when grouping risks and opportunities and uses the acronym STEEPCOIL as an aide memoire to remember them. STEEPCOIL is derived from social, technical, economic, environmental, political, commercial, organisational, information technology, and legal risks. The biggest benefit of having risk categories, is the fact that it triggers the risk management professionals when identifying risks and opportunities for a project (Steyn, 2018a). If the project team can only identify one very low probability risk per risk category, you have done well.
The Risk ResolutionTM Process
Improving project predictability requires us to find unknown and unforeseen risks, i.e., Black Swans, and then manage their impact. Dodson and Westney (2007) have developed the five-step Risk Resolution™ process as shown in Figure 3 to help project stakeholders to proactively manage Black Swan threats.
Figure 3: The Risk Resolution™ process (Adapted from Dodson & Westney, 2007)
The steps are:
- Risk Framing or “Hunting the Black Swan”: Risk Framing is performed during the Prefeasibility stage to provide an early indication of the nature and severity of project risks. Risk Framing requires checklists, research, interviews, and key knowledge holders to identify possible outlier risks and required mitigation processes.
- Risk Strategies or “Caging the Black Swan”: “Caging the Black Swan” refers to developing strategies that avoid the risk, mitigate impact, and provide the funding for risk coverage.
- Risk Assessment or “Understanding the Black Swan”: The objective of risk assessment is to provide a probabilistic analysis of capital cost and scheduling, reflecting both tactical and strategic (outlier) risks so that the Risk-Conditioned Investment ValueTM (RCIV) can be determined. The RCIV represents the predictive outcome of the project, considering the financial exposure from Black Swans.
- Risk Brokering or “Feeding the Caged Black Swan”: Independently allocating risks or risk cover, based on the risks now being known to all parties.
- Risk Validation or “Taming the Black Swan”: During the last phase, Black Swan risks need to be managed in accordance with the plan, as well as in monitoring conditions in updating Risk Scenarios and Risk Exposure.
Apart from the RCIV determination, this approach is very similar to the standard risk management process. Although they try to capture all risks, most project teams will still have difficulty in determining the relevant Black Swans for their projects during the “Hunting the Black Swan” step.
Prevent tunnel vision
We discussed tunnel vision in an earlier section. The worse aspect of tunnel vision is that it serves as a distraction from other tasks that may hold more priority. One way to avoid tunnel vision is to simply ensure that every member of the project team shares the same vision so that no one deviates from the overall objective.
Tunnel vision can ultimately lead to the total failure of a project because you may miss valuable information or indicators of emerging risks while focusing on a single task. Prevent tunnel vision by involving project stakeholders outside the project team and subject matter experts in regular risk review sessions. Risk review does not mean that one should only review risks identified during the first risk identification session, but also that the opportunity is used to identify emergent risks.
Reduce project complexity
We have seen in an earlier section that large and complex projects and programmes are ‘fragile’ and disproportionately more susceptible to Black Swans. Project complexity or fragility also tends to mask existing risks and even create new risks.
So, to prevent Black Swans from causing your complex project or programme to fail, one option is to reduce complexity and make it less fragile. Steps that can be taken to reduce complexity and fragility, include:
- Phased approach: A phased approach to a complex project may extend the overall schedule but allows the project team to focus on a smaller part of the project at a time. For a new production facility, a phased approach can enable income to be generated while later phases are implemented.
- Modularisation: Modularisation means that standardised modules are pre-built and transported to the project site where they are linked together in a plug-and-play fashion. When combined with a phased approach to the project, modularisation can significantly reduce complexity, as well as the time required to implement later phases.
- Technology: Select the simplest technologies with due regard to safety and the environmental impact thereof. Try to identify alternative technology suppliers for your projects if a Black Swan event eliminates your preferred supplier.
- Equipment sourcing: Source equipment for your project from reliable suppliers in politically stable areas to reduce supply problems due to regime changes and political upheavals.
- Logistics: Endeavour to keep project logistic routes as short as is practicable. A phased approach and modularisation will make project logistics simpler.
- Eliminate clutter: Ensure that the project design only includes that which is essential to meet the strategic business objectives.
Evaluate low probability, high impact risks differently
Robinson (2015) argues that low-probability, high-impact events should be treated differently in the risk management process and suggests that a criticality-based approach is used instead of the usual risk-based approach. Criticality-based assessment means that the probability side of the risk equation should initially be ignored if the event described is deemed credible and sufficiently damaging to the project.
Companies and project management teams who practice risk management will have a risk matrix in place which reflects their risk propensity or willingness to accept risk. A risk-based approach is used and high and significant risks, or the red and orange boxes in Figure 4(a), are typically addressed. However, this means that low-probability, high-impact risks (or potential Black Swans) fall off the radar. Based on Robinson’s argument, we suggest that risks in the top left four boxes of the risk matrix, irrespective of the colour thereof, are assessed using the criticality-based approach, as shown in Figure 4(b). Ignore the probability of occurrence and focus only on the impact or potential consequences at the highest organisational level. In short, focus on impact at Board level and not on probability weighted impact.
Figure 4: Evaluate low probability, high impact risks differently
Low-probability risks in these boxes can form the basis of a scenario analysis against a list of potential events to determine their impact on the project and the business.
Dealing with Black Swans
Project risk management does not adequately cater for low-probability, high-impact events, because it uses past experience to predict future problems. Boebinger (2013) recommends brainstorming for worst-case scenarios and having contingency plans for each. Boultwood (2016) advises organisations and project teams to apply scenario analysis against a list of potential events to determine their impact on the business, projects, customers, stakeholders, and industry at large. Scenario analysis for projects is the process of estimating the expected cost, schedule, and benefits of a project under a range of potential scenarios. The intent is to get a better idea of the effect of risk on the outcome of the project.
Green (2011) believes that companies and project teams should prepare for the impact of a Black Swan event, even if the event itself cannot be predicted. She (Green, 2011) states that the key to addressing a Black Swan event is not just providing an effective response but it is mounting that response while simultaneously dealing with the psychological impact of being shocked by an event of astonishing proportions. Psychological impacts of Black Swan events include shock, fear, panic, disbelief, denial, anger, and grief. Companies and project teams impacted by Black Swan events often fail to acknowledge the event, stick their head in the sand and hope it goes away, spend time denying responsibility for it, look for someone else to blame for it or are paralysed by disbelief and indecision. When they do act, they are slow to find a solution, only try one solution at a time or maintain too narrow of a focus on solution development and miss obvious options that might have been more immediately available. According to Green (2011), the following strategies have shown to be important to successfully managing a Black Swan event:
- Survivor Psychology: Use ‘survivor psychology’ to counteract shock and take emotion out of the equation.
- Response Team: Assemble a multidisciplinary Black Swan response team to generate and implement solutions.
- R&D Perspective: Follow a research and development approach to facilitate consideration of possibilities that might have otherwise been overlooked.
- Increase risk agility: Company/Project management needs to be able to act or react quickly and they need accurate information to determine if the responses work or not.
- Optimise communication: Credible, clear information is critical to key decision makers and stakeholders in a Black Swan.
Green (2011) maintains that we should not attempt to predict Black Swans, but to build robustness against negative ones that occur and exploit positive ones. It is possible to prepare if we focus on preparing for the impact. She emphasizes the critical role of survivor psychology in shaping an environment where good decision-making can be maintained even during catastrophic chaos.
Personal Black Swans
Black Swans can occur in your personal life as well. Many people these days have experienced the sting of a sudden and unexpected layoff. This in turn may lead to depression, financial hardship, and failed relationships. Other personal Black Swan events include sudden illnesses or disability, as well as early death. But even if Black Swans are unpredictable, it does not mean you cannot prepare for them (Boebinger, 2013).
As for personal Black Swans, having the necessary insurance policies (life insurance, accident/disability insurance, health insurance, car, house, and household insurance, etc.) is a financial necessity. Saving money for retirement, as well as potential no-income periods is essential. Keeping up on your professional skills, networking, and staying relevant with the developments in your industry are also necessary (Boebinger, 2013).
Although the odds are against it, some people do win big on the lottery… That work of fiction you’ve written could suddenly become a best seller. That widget you’ve developed could become a necessity in every workshop. These are positive Black Swan events that will certainly change your life forever.
Confusing Black Swans with Black Elephants
Friedman (2014) describes a ‘Black Elephant’ as a cross between a Black Swan (an unlikely, unexpected event with enormous ramifications) and the ‘elephant in the room’, a problem that is visible to everyone, yet no one still wants to address it even though we know that one day it will have vast, black-swan-like consequences.
Environmentalist Adam Sweidan states that there are a herd of environmental Black Elephants gathering out there, including global warming, deforestation, ocean acidification, plastic accumulation in oceans, mass extinction, and massive freshwater pollution (Friedman, 2014). Sweidan believes that when they hit us closer to home, we’ll claim they were Black Swans no one could have predicted. However, they are Black Elephants, and very visible and predictable right now.
Most companies are not addressing Black Elephants at the scale necessary in their risk assessments and definitely not in their project risk assessments. Friedman (2014) warns that we should watch out if all Black Elephants should stampede at once. The warning is very clear: ignore Black Elephants at your peril.
We have seen that Black Swan events are game changers. This holds true not only for your project, but also for your organisation and you as an individual. Because Black Swans are unpredictable, traditional project risk management techniques, which rely on past experiences to predict future events, cannot be used.
Boultwood (2016) believes that most organisations and/or project teams today are in the early stages of evaluating potential Black Swan events as part of their emerging risk capture and classification processes. She proposes that the risk management function must have an active and continuous process in place to identify, monitor, and manage emerging risks. These emerging risks can then be included in project risk registers, where applicable.
We have focused on negative Black Swans in the article but there are as many positive Black Swans that could impact the world, your business, your project, or you as an individual. This is because “positive Black Swans take time to show their effect while negative ones happen very quickly — it is much easier and much faster to destroy than to build” (Taleb, 2007). This is not always the case, as winning the lottery can be a very sudden positive Black Swan.
Please download the PDF for a complete list of references.
Jurie holds a BEng(Chem)Hons and an MBA. He has more than 37 years of engineering, operations management and functional management experience. He started, developed and managed the Environmental & Risk Engineering group in Sasol Technology for more than 14 years. More...
You might also enjoy:
Any organisation should strive for continual improvement in the way they execute projects. A good way to do this is to ensure that mistakes of the past are not repeated.
Once again, I am grappling with the future and considering moving back to the past… Things worked then, didn’t they? Printers, photocopiers, and fax machines were the order of the day. Nothing could go forward on a project unless there was a signature on the...
Effective stakeholder management is fundamental to the success of projects. Communication is one of the main mechanisms used in stakeholder management. According to the Project Management Institute (PMI, 2013), amongst those organisations considered to be highly...