Retooling: Applying Problem Definition Process to Risk & Opportunity Management

In the manufacturing world, retooling machinery for a different purpose is a common practice. Once a machine becomes worn out, obsolete, or the product is no longer in demand, engineers can modify the equipment for another purpose and thus save the company tens of thousands, even millions of dollars.

The best example of this on a mass-scale is the COVID-19 pandemic, when thousands of manufacturers, breweries, and other companies around the world were retooling their equipment (…and processes) to produce necessities like hand sanitizer, PPE, and more.

The concept of “retooling” though is also relevant in other areas, including risk and opportunity management.

Now as risk managers, we don’t use huge drilling rigs, conveyors, grinders, or welders to produce outputs…most of our work occurs in conference rooms, Zoom meetings, and laptops using either spreadsheets or one of several ERM software systems out there.

However, the concept of retooling is quite relevant to ERM…

In my experience, organizations describe risk(s) in one of two ways:

  • If/then statements (e.g., If our X product causes harm to a consumer, the company could face litigation, regulatory scrutiny, reputational damage, and financial hardship.)
  • The risk that XYZ happens, potentially causing ABC (e.g., The risk that the company’s supply chain fails, preventing the company from receiving critical parts and materials necessary to producing the product for sale to our customers.)
Generic risk statements may be sufficient for regulators, but they are not helpful or specific enough for decision-making.

According to surveys (including the recently released State of the Risk Oversight Report from NC State), a large number of companies of differing sizes and industries struggle to realize a strategic advantage from their risk management processes.

As we discuss here following last year’s State of Risk Oversight Report, one likely culprit is the fact that risk management is just another layer of processes that end up being cumbersome for executives and managers to follow. What usually happens is that ERM ends up being seen as just another check-the-box exercise that’s not helpful for ensuring the company’s success.

One thing that I and other risk management professionals have realized is that only referring to risk management standards or concepts is not enough for changing this perception. Instead, we need to determine how we can apply concepts from other disciplines to risk management. Examples can include decision science, statistics, modeling, and even neuroscience, according to some thought leaders.

Complex problem solving is another discipline or tool risk managers can harness when trying to determine the appropriate course of action for both risks and opportunities. In fact, the “skill” of complex problem solving tops the list of must-have skills, according to The Future of Jobs report from the World Economic Forum.

Bulletproof Problem Solving by Charles Conn and Robert McLean provides a great primer on this increasingly vital skill.

In reading this book, it dawned on me how a part of the process the authors outline can be re-tooled for risk and opportunity management.

Bulletproof Problem Solving is an iterative process that traces its roots back to the 1980s when co-author Charles Conn was an intern at Canon in Japan where he was assigned the task of developing a model for how to site factories. Through several twists, turns, and setbacks, Charles was able to develop an iterative model that:

…became the core tool used by the department to make complex factory siting decisions! The secret was that it was a single-page way of seeing complicated trade-offs that had previously been buried in dense reports.

The first step in this process, problem definition, is where I want to focus. In spite of it being relatively straightforward, poor problem definition is the source of many failed initiatives (including figuring out the appropriate action to take for a risk or opportunity). As the authors explain…

Getting problem definition right, including boundaries, is essential to good problem solving and can be an essential competitive advantage.

Below are six core components of properly defining a problem, or answering the question – “what are we trying to solve?” (From Exhibit 2.1, p.34)

  1. Decision maker(s) – identifies the audience and who needs to decide/act.
  2. Key forces acting on decision makers – addresses concerns and issues around the decision and how conflicting agendas will be resolved.
  3. Boundaries/constraints – establishes what is and isn’t under consideration.
  4. Criteria/measures for success – identifies how the decision-maker will know if the effort is successful or not.
  5. Time frame for resolution – establishes the timeframe or how quickly a decision is needed.
  6. Accuracy necessary – establishes the level of accuracy needed.

This problem definition framework can be “re-tooled” into the risk context or strategic decision-making. Let’s take the risk context first.

The ultimate question of “what are we trying to solve?” can be changed to “what risk are we trying to address?” The six core components could then be modified like the following:

  1. Who will have ownership of the risk and who will be responsible for action(s) around the risk?
  1. What are any concerns both the risk owner and action owner need to address? Make sure both parties are working collaboratively.
  1. What is off limits or not under consideration? Instead of throwing everything at a risk, placing boundaries ensures efforts stay on track. A scattershot vs. a methodical approach is one of the key differences between traditional risk management and ERM.
  1. What will be our measure or criteria that we’ve adequately addressed the risk? This is where risk appetite can enter the picture.
  1. How quickly could the risk emerge or occur?
  1. What level of accuracy is needed? How accurate do any metrics (i.e. key risk indicators, etc.) need to be?

Likewise, this framework can be adapted or “re-tooled” to improve strategic decisions. Instead of answering the question of what problem do we need to solve, the question becomes “what situation would we like to change?”  An example could be “we would like to increase sales by 20%.” Therefore, the framework can be modified to the following:

  1. Who will need to make decisions around this change?
  1. What are the concerns of any decision-makers, implementers, and other interested parties?
  1. What are we willing to consider or risk and not willing to consider or risk in this effort?
  1. How will we know we have achieved our goal?
  1. How soon do we want to reach this target? Within six months? One year? Five years?
  1. How accurate do any metrics for determining success need to be?

It’s important to note – this doesn’t have to be an add-on process but can be done ad-hoc.

Making risk and opportunity management into a valuable tool for decision-makers requires some out-of-the-box thinking. Simply referring to well-established ERM standards and processes will be increasingly insufficient for addressing threats and opportunities in our fast-changing world.

What processes have you “re-tooled” from other disciplines and applied them to your company’s ERM efforts?

To share your thoughts on this important topic, feel free to leave a comment below or join the conversation on LinkedIn.

And if you feel like your organization’s risk management practices are stuck in neutral, please don’t hesitate to reach out to me today to discuss potential ways to get things unstuck!

Featured image courtesy of Kateryna Babaieva via

Sign Up For Our Newsletter

Sign Up For Our Newsletter


Meet Carol

Helping companies achieve their vision and strategy, and succeeding in today's turbulent world, is something I'm honored to be a part of. Whether you're an occasional blog visitor or a long-term client, thank you for letting us be a part of your journey.

Most Recent Posts

The 12 Days of ERM Christmas

Without a doubt, one of my family’s favorite holidays is Christmas. Part of the fun, especially for our son, is seeing what “Santa” brought, but most importantly, we treasure the spirit of peace and goodwill the season brings. And after what seemed to be a never-ending warm spell, the weather is expected to be good…

Read More

Don’t Let Goals and Initiatives Be Blindsided by External Events

As the end of the year draws near, I think we’d all agree that while it wasn’t without its challenges, this year also wasn’t quite as turbulent as the previous two. While a lot of people are juggling company parties, shopping for friends and family, and special activities for the kids, most companies are putting…

Read More

Going the Distance: Ensuring Successful Execution of Strategic and Annual Initiatives

Strategic planning is a challenge – of all people, I understand… After all the meetings, risk and data analysis, and brainstorming of the preceding months, it’s tempting to think this is the end of the road and you can relax. Contrary to this common perception though, this is exactly not the time to relax, but…

Read More

Avoid Rookie Mistakes and Protect your Internal Reputation

Be honest – have you ever done something that you soon realized was a real rookie mistake? Me raising my hand… Considering the nature of ERM’s role to ask questions and challenge assumptions (often during conversations with executives), it can be argued that, in at least some cases, the expectations bar for risk professionals is…

Read More

ERM at Thanksgiving – An Illustration of Risk Management in Action

On occasion, I like to take some of the concepts we risk professionals think about in our jobs and apply them to different personal situations…take some of the same concepts we use when working with executives to develop corporate strategy and manage risks or uncertainty around that strategy. It’s Thanksgiving week in the U.S. –…

Read More

Why Quantitative Risk Assessment is Not Just the Best But the Only Option – A Conversation

Periodically, I have the pleasure of speaking one-on-one with Hans Læssøe on a variety of topics around ERM, strategic risk, and other issues and trends. As you know from my previous conversations (here, here) and posts featuring his work, Hans was formerly a practitioner at the iconic LEGO Company, but even more notably, is a…

Read More

The Three Lines Model – 3 Reasons Why I Don’t Like It

Everyone likes a clear-cut template that offers an easy way to create or manage something…I mean what’s not to like about a step-by-step process for accomplishing what you want? Sometimes this can work without any issues, such as the case with the Project Management Book of Knowledge (PMBOK), ISO 9001 standard, or a new cooking…

Read More

5 Avenues for Expanding your ERM Knowledge

One thing I was taught to appreciate from a young age was the value of education and knowledge. It didn’t necessarily matter what the subject was, just that I always maintain a learning or growth mindset regardless of my current status in life. This mindset has served me well over the years, and it’s a…

Read More

Storytelling and Risk Management – Developing Skills that Technology Cannot Replace

It’s amazing how technology has developed and changed our working world over time. Imagine trying to run my risk and strategy consulting firm without tools like Zoom, Box, Slack, and other ERM-specific technology tools. There is no way we would be able to serve our clients the way that we do. Just consider how the…

Read More

3 Phases to Creating and Launching an ERM Program Focused on Organizational Success

If you’ve been handed the task of creating an ERM program for your organization, let me first offer my congratulations quickly followed by my empathy for the task ahead of you. I don’t say that to scare you but to provide a small dose of reality. Building, launching, and refining an ERM program that is…

Read More