Quote from sachinm on 4 October 2023, 7:31 pm

As an idea how to apply the Cynefin Framework, here we show how we can use it in Risk Management by identifying situational examples which fit into each of the 5 different domains...

Here, we look at how the Cynefin framework helps to understand the different decision contexts and then how should respond our Action Plans, and Mitigation Strategies, to reflect the different uncertainties in each context.

Using the table format below we identify a situational examples for each domain and then:

• Identify risks which relate for each situational examples for each decision-making context or "domains": clear, complicated, complex, and chaotic.
• We then consider how the strategy changes between contexts, and how response strategies change between them.

Worked Example 1: Identifying situation examples for the 5 different domains

In the example below, we (1) identify situational examples which fit into each of the 5 different domains; then we (2) identify the associated risks which relate to each of the situational examples. Thereafter we (3) record the decisions and the actions we would take to both manage the situational example, and associated risks.

Worked Example 2: Understanding how situations change in different domains of the Cynefin Framework

To better understand the application of the Cynefin framework, in the 2nd worked example we recycle a situational example we gave for the "Clear" domain (or "know-knowns") in Worked Example 1.

We then describe how the situational example would change in alternative domains in the Cynefin framework, where the relationship between cause and effect is evident. For example, in "Complicated" contexts, which unlike Simple/Clear ones, may contain multiple right answers, and though there is a clear relationship between cause and effect, not everyone can see it. This is the realm of “known unknowns.” Similarly, we use the same situational example and how it would change if it was to appear in the "Complex" domain, where the situation that is both unclear and unpredictable. In such a scenario, the relationship between the cause and effect might only be understood after acting.

Quote from sachinm on 6 October 2023, 10:22 am

Alternatively, you may ask what is the difference between "uncertainty" and "complexity"? 

You may challenge that there are other frameworks to understand complexity rather than just the Cynefin Framework...

For example, you may cite ask us to David Hillson who has defined four types of uncertainty, each of which could affect a project’s ability to achieve its objectives, but only one of which is about future uncertain events. In summary, these four types are as follows:

1. Event risk
2. Variability risk
3. Ambiguity risk
4. Emergent risk

• Event risk

The first category of risks is future possible events, which are sometimes called “stochastic uncertainty,” or “event risk.

• Variability risk

Secondly, some risks arise from variability (also called “aleatoric uncertainty”), where some aspect of a planned task or situation is uncertain.

• Ambiguity risk

The third type of non-event risks are those relating to ambiguity. These are also known as “epistemic uncertainty,” from the Greek word episteme meaning knowledge, since they describe uncertainties arising from lack of knowledge or understanding.

• Emergent risk

Lastly, we have risks that emerge from our blind-spots. The technical name for these risks is “ontological uncertainty,” but they are more commonly known as “Black Swans” (Taleb, 2007) or “emergent risks.” They arise from limitations in our conceptual frameworks or world-view. These are risks which we are unable to see because they are outside our experience or mind set, so we don’t know that we should be looking for them.

Citation: Hillson, D. (2014). How to manage the risks you didn't know you were taking. Paper presented at PMI® Global Congress 2014—North America, Phoenix, AZ. Newtown Square, PA: Project Management Institute.

The need for this broader understanding of uncertainty is covered clearly in risk standards, including the PMBOK^® Guide – Fifth Edition (risk is “an uncertain event or condition…”, Project Management Institute, 2013) and the APM Body of Knowledge (risk is “an uncertain event or set of circumstances…, Association for Project Management, 2012). The international risk standard ISO 31000:2009 also states in Principle 4 that “Risk management explicitly addresses all uncertainty.” 

 

What is meant by these references to non-event types of uncertainty? How does uncertainty management aid our understanding of complex systems?

Another popular term for emergent risks is “unknown unknowns,” which are things that we do not know but where we are unaware of our ignorance.

This is similar to "Complex" domain in the Cynefin framework, where the situation that is both unclear and unpredictable.

David Hillson has suggested that in fact “unknown unknowns” can be divided into two types, one of which is a true emergent risk (“Black Swan”) and the other is not.

1. The first group are “unknown-but-knowable unknowns.” There are some uncertainties that we currently do not know, but which we could find out about. This is where the risk process can help, through creative risk identification, exploration, and education. The aim is to expose those unknowns that could be known, so that we can deal with them effectively using a standard risk management approach. They are not true Black Swans because we could know about them if our predictive or discovery processes were better.
2. Secondly there are “unknown-and-unknowable unknowns.” These are much more difficult to deal with, since by definition we can never discover them unless and until they happen. They are genuine emergent risks, which we could not predict with even the best risk process.

According to David Hillson, traditional risk management cannot manage emergent risks, since it only targets uncertainties that can be seen in advance and which we can prepare for or address proactively. At the strategic level, business continuity addresses “unknowable unknowns” by identifying areas of vulnerability then building in sufficient organisational resilience to cope with the impact of the unexpected, wherever it comes from.

So, how can we cope with emergent risks?

One idea suggested from David Hilson, is similar to Business Continuity Planning, to look for early warning indicators or trigger events on projects and operations to tell us that something is different from normal to discover potential emergent risks before they strike.

• Event risk

The first category of risks is future possible events, which are sometimes called “stochastic uncertainty,” or “event risk.

• Variability risk

Secondly, some risks arise from variability (also called “aleatoric uncertainty”), where some aspect of a planned task or situation is uncertain.

• Ambiguity risk

The third type of non-event risks are those relating to ambiguity. These are also known as “epistemic uncertainty,” from the Greek word episteme meaning knowledge, since they describe uncertainties arising from lack of knowledge or understanding.

• Emergent risk

Citation: Hillson, D. (2014). How to manage the risks you didn't know you were taking. Paper presented at PMI® Global Congress 2014—North America, Phoenix, AZ. Newtown Square, PA: Project Management Institute.

The need for this broader understanding of uncertainty is covered clearly in risk standards, including the PMBOK^® Guide – Fifth Edition (risk is “an uncertain event or condition…”, Project Management Institute, 2013) and the APM Body of Knowledge (risk is “an uncertain event or set of circumstances…, Association for Project Management, 2012). The international risk standard ISO 31000:2009 also states in Principle 4 that “Risk management explicitly addresses all uncertainty.”