I visited Gyeongbokgung Palace in Seoul the other day with a friend who is quite knowledgeable not only about the Joseon Dynasty in general but about the palace in particular. What he pointed out was that the palace is built to certain specifications with the palace layout and structures reflecting the importance of symbols, rituals and geomantic beliefs, etc. For instance, the gates of the palace reflect the 4 seasons- spring, summer, fall and winter. The king’s throne room faces west, as the king is the reflection of fall. When walking past the main courtyard to the throne room you will pass a small stream. Water is considered purifying as well as an element that protects against evil spirits. Therefore, in all palaces (besides many Buddhist Temples) you must cross a steam before you could see the king.
Of course the main courtyard before the throne room has 9 stone markers reflecting the 9 levels of bureaucracy as well as the military. Each level of bureaucrats as well as military leaders would line up by the appropriate stone marker early in the morning (when the king held court) before the king arrived. Each of the main structures contains a certain number of gargoyle like figures on the roof (usually an odd number) with the most figures (eleven) on the king’s structures (where he lived and worked) to signify the royal importance of the structures. The throne room itself is laid out to reflect the semi divinity of the King. If you look at the sculptures outside of the throne room you will notice that they reflect the animals of the Chinese calendar as well as certain other mythical creatures signifying the importance of the king. Of course there are many more designs, features and styles that must be met to properly build the palace. What does this have to do with risk management you might ask? Well, it’s all about processes.
Just as Korean (and of course Chinese) palaces have to be designed in accordance with strict processes and procedures , risk management programs must also be process oriented to be effective. For instance, if a company wishes that its legal risk management program minimize lawsuits or claims (an admirable objective) it will need to put adequate processes in place to reach the goal. The processes could look something like this:
When dealing with product planning and development risk management processes have to be in place to meet the objective of producing high quality products that do not violate product liability laws. The processes could look something like this:
As you can see above, companies need not only specific objectives to evaluate risks but also specific processes on how to achieve such objectives. Both are necessary when evaluating risk assessments, especially when dealing with legal risk management or LRM issues.