|The Devil’s Advocate™|
A warning light does not solve a human error problem, it creates new ones. What is this light for? How do we respond to it? What do we need to do to make it go away? It lit up yesterday and meant nothing. Why listen to it today?
In which the JC has made up some risk-management jargon, inexpertly cribbing from actual terms used in actual calculus, about which the JC knows 0. So, apologies in advance, but don’t be upset if I’ve made a balls-up of this.
So if an event “ƒ” is an event happening out there in TV land — for example, a customer failing to pay — then in risk management terms the first-order derivative of ƒ is the effect ƒ would have, were it to actually happen in the practical world. E.g., someone in credit or market risk going, “Oh, my days! Oh, my lungs and liver! Oh, my hair’s on fire! Oh, Legal what should I do??!”
This much we all understand. This is part of the ordinary, irrational panic that boils over in any sizeable institution should any of its risk controllers be asked, without sufficient warning, to deal with a situation that appears to require controlling some risk.
The second-order derivative of that function ƒ is more subtle. This is a derivative of the first-order derivative of that function, and it sits with the management layer, manifesting itself only in wing-dings, Gantt-charts and traffic lights.
So, for example: the warning light on a control panel, the RAG status on a management PowerPoint, or a bubble chart showing the numerical quantity of an item (completed ISDA negotiations; reviewed legal netting opinions, executed NDAs) whose quality one doesn’t have the subject matter expertise to assess.
The second-order derivative is not the fact that the main reactor has scrammed due to a coolant system fault which exposed the uranium fuel rods, nor even that klaxons are blaring and warning lights flashing that indicate that this might have happened; it is the report that advises that there is a warning light on a dashboard that indicates a reactor melt down.
Why do we mention this? Because this is as close as management ever gets. It is only at this point that it might sit up and take notice. But management’s chief concern will be not ensuring that the coolant system is working, or that the rods are no longer melting down, but that the RAG status on the control panel warning light indicator report goes back to green.
Operations people deal with actual risks; legal eagles and fellow controller subject matter experts deal with first-order derivatives of those actual risks — what the consequences are if the risk comes about — and middle management and internal audit deal with second-order derivatives, being derivatives of those first-order derivatives of the underlying risk: what the RAG status on the opco dashboard should look like if a NAV trigger is hit; whether the template confidentiality agreement as been reviewed within the six-month time limit arbitrarily prescribed by some policy for the review of standard form legal agreements — that kind of thing.