How This Work Is Informed
CompreSec’s risk governance work intersects with risk management, but focuses upstream—on how risks are perceived, prioritized, and governed before they become management problems.
Risk management is often framed as a technical function: models, controls, compliance, and contingency plans.
CompreSec begins earlier.
This work is grounded in interdisciplinary research and practice examining how institutions interpret warning, normalize risk, misjudge uncertainty, and make consequential decisions under pressure. It draws from governance studies, disaster research, political economy, systems thinking, negotiation theory, and security studies to understand how failures emerge—and how they can often be prevented.
The influences below reflect how CompreSec approaches risk governance as a capacity for discernment, responsibility, and ethical decision-making—not merely as a technical or compliance-driven discipline. They are offered as a transparent account of the intellectual terrain shaping this work.
Across these domains, a consistent pattern appears:
Catastrophic failure is rarely a surprise.
It is more often preceded by ignored warnings, distorted incentives, institutional rigidity, and failures of moral and epistemic judgment.
Risk Visibility, Warning, and Denial
A core challenge in risk governance is not lack of information, but failure to acknowledge and act on what is already visible. Institutions routinely discount warnings that are ambiguous, politically inconvenient, or costly to address.
Key insight
Risk is most dangerous when it is normalized, postponed, or explained away.
Further Reading
- Lee Clarke. Flirting with Disaster—How organizations gradually adapt to danger until it becomes invisible and risk is normalized.
- Lee Clarke and Caron Chess. Warnings—Why early warning signals are so often seen, debated, and still ignored.
- Michele Wucker. The Gray Rhino—Highly probable, high-impact risks that leaders prefer not to confront.
- Lee Clarke and Stefan Dercon. Dull Disasters?—How slow-moving crises evade institutional response.
(These works collectively anchor CompreSec’s emphasis on early recognition over late reaction.)
Probability, Tails, and Fragility
Modern risk management often overestimates precision and underestimates uncertainty. Quantification can obscure judgment when models substitute for understanding.
Key insight
What matters most in risk governance is not average outcomes, but tail exposure, compounding effects, and system fragility.
Further Reading
- Peter L. Bernstein. Against the Gods—A history of probability, uncertainty, and the illusion of control.
- Douglas W. Hubbard. The Failure of Risk Management—How false precision and bad incentives undermine decision-making.
- Nassim Nicholas Taleb. Antifragile—Why systems should be evaluated by how they respond to stress, not forecasts. Why some systems benefit from volatility while others collapse.
- Eric A. Posner. Catastrophe: Risk and Response—How governments reason about low-probability, high-consequence risks and justify preventive action under uncertainty.
- Charles Perrow. Normal Accidents—A complementary lens on the limits of technical control in complex systems.
(Taleb and Hubbard are treated here as critics of overconfidence, not prophets of inevitability.)
Governance, Knowledge, and Moral Sense-Making
Risk governance ultimately depends on how leaders interpret reality, tolerate dissent, and integrate facts that threaten identity, power, or legitimacy.
Key insight
Institutions fail when they lose the capacity to face unpleasant facts and think ethically under pressure.
Further Reading
- Harlan Cleveland. The Knowledge Executive—Leadership as judgment, synthesis, and responsibility under uncertainty.
- George Orwell. Facing Unpleasant Facts—Essays on moral clarity, truth-telling, and intellectual honesty as civic virtues.
- Brené Brown. Strong Ground—Practices for standing in one’s values under pressure, navigating accountability without collapse, and maintaining moral footing amid conflict and uncertainty.
- David McKay. The Bottom Line on Integrity—How ethical erosion undermines institutional trust, decision-making, and long-term resilience.
- Diane Vaughan. The Challenger Launch Decision—A companion text on how normalized deviance overtakes ethical judgment in organizations.
(Cleveland and Orwell are intentionally foregrounded here as moral rather than technical thinkers.)
Security, Strategy, and Existential Case Studies
Certain domains—national security, military institutions, nuclear risk—offer unusually clear case studies of how governance, secrecy, culture, and escalation interact under extreme stakes.
Key insight
High-consequence risk reveals institutional character under stress.
Further Reading
- John Arquilla. Worst Enemy—Strategic miscalculation and unintended consequences in security policy.
- Roger Thompson. Lessons Not Learned—Status quo culture and resistance to adaptation in the U.S. Navy.
- Daniel Ellsberg. The Doomsday Machine—Nuclear risk, secrecy, and the moral limits of deterrence.
- Andrea J. Petrigh (ed.). Security and Risk Management Vol. 1—Cross-sector perspectives on contemporary security risk.
(Ellsberg is used here explicitly as a governance and moral-injury case study, not as a tactical text.)
Dispute, Negotiation, and Escalation Control
Risk governance is inseparable from conflict management. Poorly handled disputes harden positions, escalate stakes, and convert manageable risks into crises.
Key insight
How disagreement is structured determines whether risk is resolved or amplified.
Further Reading
- Susan L. Carpenter and W.J.D. Kennedy. Managing Public Disputes—A practical guide to designing and facilitating constructive processes for complex, multi-party public conflicts.
- Roger Fisher and William Ury. Getting to Yes—Interest-based negotiation and legitimacy preservation.
- Chris Voss. Never Split the Difference—Tactical negotiation under pressure; used selectively, particularly in environments lacking good-faith negotiation.
- Lawrence E. Susskind, Jeffrey L. Cruikshank, Paul Levy. Breaking Robert’s Rules—Power, procedure, and governance dynamics in deliberative bodies.
- Lawrence Susskind, Sarah McKearnan, and Jennifer Thomas-Larmer. The Consensus Building Handbook—A foundational reference on designing inclusive, legitimate decision-making processes for complex, high-stakes public problems, representative of Susskind’s broader work on negotiated governance and institutional conflict.
Shareholder Capitalism and Structural Risk
A growing body of work argues that shareholder-first capitalism is itself a systemic risk amplifier, distorting incentives, time horizons, and governance accountability.
Key insight
When shareholder value is treated as the sole objective, long-term risk is systematically externalized.
Further Reading
- Mariana Mazzucato. The Value of Everything—How misdefining value distorts governance and risk.
- Lynn Stout. The Shareholder Value Myth—Legal and economic critique of shareholder primacy.
- Jacob S. Hacker and Paul Pierson. Winner‑Take‑All Politics—Political feedback loops that entrench extractive systems.
- Kate Raworth. Doughnut Economics—Alternative frameworks for aligning economic activity with resilience.
A Note on Application
These works are not treated as doctrine. They are translated into practical governance questions, including:
- What warnings are visible but discounted?
- Which incentives reward delay, denial, or silence?
- Where has moral judgment been replaced—and excused—by procedure?
- What risks are being externalized onto the future, the public, or the vulnerable?
Taken together, they support an understanding of risk management that emphasizes:
- Visibility over denial
- Judgment over false precision
- Legitimacy over coercion
- Resilience over short-term optimization
This grounding reflects CompreSec’s view of risk governance as an upstream discipline—one that strengthens institutions before crisis narrows choices or forces harm.
