Boosting the Risk Immune System
A team’s biggest risk is itself. How can leaders build more robust defences?
A couple of years after leaving a 34-year career in the US military, I attended a dinner where I found myself seated next to the former Secretary of State, George Shultz, and a lady he introduced as “changing healthcare in America.” It was an effective attention-getter, and I found myself asking the twenty-something chief executive to tell me more.
It was fascinating. Her firm was called Theranos and they were developing revolutionary technology that would deliver a range of important tests from miniscule blood samples. If it delivered as described, it would be game-changing, and extraordinarily lucrative.
But little turned out as promised. After a Wall Street Journal exposé illuminated their shady business practices, the fall of both Theranos and its founder, Elizabeth Holmes, has become a cautionary tale. It was reported that their testing was often inaccurate and their technology unreliable; that they had misled investors; and in some cases, that their science endangered patients. (In 2018, the Securities and Exchange Commission charged Theranos and Holmes with what it called “an elaborate, years-long fraud,” charges that Holmes agreed to settle. Further fraud charges, which Holmes denies, are yet to be tried.)
One interpretation of the Theranos story describes the triumph of ambition over integrity, while another highlights the dangers of believing something that sounds too good to be true. But after closer examination, I’ve concluded that it is too easy to portray Theranos as simply the product of a charismatic yet dishonest leader. As is often the case, the company’s fall was a system-wide, team-level failure to deal with risk.
Risk, teams and blood samples
You would think that after a life associated with risk, I would have either mastered it or grown sick of it. Neither is the case. I have long been fascinated by the risks we take, or don’t; by why some people are more risk averse than others, and why our perspectives on risk largely stay consistent over time.
After leaving the military in 2010, I realized my learnings about risk and teams applied to the corporate world. I founded a consulting firm, McChrystal Group, that took lessons from Afghanistan and Iraq into boardrooms and businesses around the US. The issue that our teams faced against al-Qaeda in Iraq was not dissimilar to what companies struggle with today: competitors who are faster and more dispersed, requiring quicker decisions and more empowerment than ever before.
Teams needed new ways to organize, communicate and collaborate against increasingly networked threats. Our ‘team of teams’ methodology, which replaces formal command and control structures with a more dispersed way of leading teams, offers a new perspective on how we should learn and lead in this complex age.
This led me to wonder: in a world of networked threats, what’s the greatest risk? I spent 2020 trying to answer that question. The result is a new book that focuses on risk – Risk: A User’s Guide – in which my co-author and I argue that the greatest risk to us, is us. From years of study and my time observing military units and later business clients, I conclude, clearly and plainly, that teams have both unique strengths and their own inherent risks. When a large group gathers around a conference room table, there is power in numbers – but there is also a risk of conflicting narratives, dropped balls of communication, and biases that coagulate into groupthink.
I’ve come to believe that the greatest risk to a team is the team itself. The way a team communicates, how it’s structured, its diversity, its set of biases and so on all determine how successfully it responds to risk. Whether you are in a pair of rowers or one of 10,000 employees, your team’s ‘Risk Immune System’ determines how you interact with risk.
The Risk Immune System
What is the Risk Immune System? As we all know very well, our human immune systems are silent heroes – toiling day-in and day-out to combat the tens of thousands of threats we ingest daily. We become suddenly aware of them when they fail – when the defences crumble and a noxious cough or other malady rushes in. I argue that Risk Immune Systems are the same for organizations: they determine how teams detect threats, assess their vulnerabilities, respond appropriately and learn for the next time the risk comes their way.
I’ve concluded that the success of a team depends on the health of its Risk Immune System. In Risk: A User’s Guide, I offer this depiction of the Risk Immune System, composed of eight Risk Control Factors: narrative, structure, technology, diversity, bias, action, timing and adaptability. They are connected by a ninth factor, communication, and overseen by a tenth, leadership (see graphic, below). Teams can calibrate their response to risk by how they leverage these ten factors.
Just as we only notice our human immune systems when they break down, it’s helpful to see a Risk Immune System that has failed. At Theranos, there were failures across a range of factors. Firstly, the team’s structure prevented a proper response to risk. John Carreyrou, the journalist who broke the Theranos story, writes that Holmes was the only one “who had the full picture of the system’s development” (Bad Blood: Secrets and Lies in a Silicon Valley Start-up, 2019). Holmes positioned the company’s crucial chemistry and engineering departments far from one another – the departments couldn’t communicate directly, but had to go through her. It was impossible to work through cross-sectional issues and problems. Additionally, as Carreyrou found, Holmes created two rival engineering groups to promote internal competition and didn’t allow them to communicate with one another; she also reportedly kept the board, and its decisions, far away from the company’s day-to-day dealings.
Another factor, diversity, also played a key role in Theranos’ fall, as is clear from Chris Clearfield and András Tilcsik’s book Meltdown: What Plane Crashes, Oil Spills, and Dumb Business Decisions Can Teach Us About How to Succeed at Work. Holmes recruited board members such as George Shultz, James Mattis and Henry Kissinger, national security professionals who, Clearfield and Tilcsik argue, “would have been more at home at a public policy thinktank than at a cutting-edge medical technology firm.” Nobody on the Theranos board could draw on significant subject-specific knowledge to question its technology and risks around its functioning.
Beyond diversity, Holmes and Theranos were weak on the timing Risk Control Factor: they continually launched and advertised a prototype, rather than a product. Concerned that slow actions to build perfect products would harm customer appetite and demand, Theranos stalled: it never slapped the table with a finished design proven to work both in the laboratory and with patients. Theranos’s technology Risk Control Factor was also weak, in that they failed to productively apply machinery, equipment and know-how.
Yet I believe the greatest cause of Theranos’ fall was the leadership of its figurehead, Holmes, who orchestrated the entire Risk Immune System. As the books of Carreyrou and Clearfield and Tilcsik show, Holmes was quick to fire anyone who challenged her plans, thwarted communication between her teams at the company, and misled investors and board members about the firm’s faulty technology.
In a murder case, drops of blood can lead to the killer. In the case of Theranos, the drops from its faulty blood-testing technology lead to Holmes’ role as an unsuccessful leader who stalled the productive functioning of its Risk Immune System. In the end, the greatest risk to Theranos was the company itself: how it was structured, how its teams incorporated diverse opinions, and how and when it applied its technology to test its customers. The company crumbled from within.
Boston and Covid-19
Medical testing is also a key part of the story of the City of Boston – and how it responded to its own healthcare challenge in spring 2020. The threat of the approaching Covid-19 virus was clear to then-Mayor Marty Walsh, a veteran of crises like the snowstorms of 2015 and the Boston Marathon bombing. As businesses and schools began to close their doors and ambulances rushed citizens to hospital, Walsh knew he had to connect his team. He focused more than ever on communication.
Along with his chief of staff, Kathryn Burton, Mayor Walsh established daily Crisis Response Forums where teams across the city could respond to issues large and small on a shared video teleconferencing platform. With the core leadership team in City Hall, the rest of the team took the call safely from their kitchens and living rooms. They met at 8am every morning with a strict agenda: they would reflect on the past 24 hours of operations and look ahead to the next 24 hours, identifying interdependencies between teams and shared resources. This ensured that they acted on the same set of information.
Contrary to Elizabeth Holmes, who intentionally separated departments, Mayor Walsh purposefully connected teams. The Crisis Response Forum leveraged the structure and diversity Risk Control Factors, bringing together teams that wouldn’t typically have worked together to gather diverse perspectives. Two specific programmes relating to job training and education, which hadn’t previously collaborated, began to share meeting spaces and resources. They found idle school buses and drivers to deliver food to children in need. Mayor Walsh enabled the team to make new connections, so all would benefit from new information shared in the daily call.
Unlike Holmes, Mayor Walsh accelerated rather than stalled actions as his team combatted the threat of Covid-19. The City of Boston also had a successful timing Risk Control Factor, building a 1,000-bed field hospital in days and staging ambulances in a productive way to get care to patients more quickly. Actions to combat risk are ineffective if ill-timed – but the Crisis Response Forum kept the entire team working on a rigid cadence to deliver the right materials at the right time.
As mayor, Walsh kept the entire Risk Immune System functioning. He was a consistent presence at the Crisis Response Forums, crystal clear in his communications and motivating to his people. Notably, he was humble: he credits the successes of Boston’s response to Covid-19 to the team. It focused on, and strengthened, each of the ten Risk Control Factors. The best leaders build the strongest teams – ones that can reduce their vulnerabilities and weather whatever threats come their way.
Teams, risk and leadership
Though the greatest risk to a team is the team itself, teams provide the greatest assets for organizations to successfully interact with risk. Together, your teammates can share information that paints the clearest operating picture of the organization. Your comrades can be intentional about how they structure their units, be conscious of the narratives they create, the diversity of perspectives they seek, and the world beliefs and biases the team shares, in an effort to ward off groupthink.
Leaders are the wrench that keeps the dials working together seamlessly to create a robust and effective response to risk. Elizabeth Holmes and Boston’s Mayor Walsh, in their comparison, provide a helpful lesson: the ability to detect, assess and respond to risks starts with the leader and how they leverage the different Risk Control Factors. Prioritize your leadership and focus on making the factors work together to strengthen the Risk Immune System.
In the same way, think about where your teams are. As our world continues to become more and more complex, our threats and our vulnerabilities will change – but through our teams, we have the ability to orchestrate successful responses to risk. Focus first on your highest-impact teams and iterate throughout the organization to quickly achieve scale and mitigate your overall vulnerabilities. Though the greatest risk to us is us, our teams have the strength within to provide solutions. The question is: will we?
Stanley McChrystal is founder and partner of the McChrystal Group. His new book with Anna Butrico, Risk: A User’s Guide, will be published in October 2021.