Why Your Risk Signals Need a Commander, Not Just a Dashboard

Key takeaways: A risk signal without immediate decision authority is just noise. Applying principles from military decision-making, like the OODA loop, reveals that speed and empowered action are critical. Teams must pre-define who decides and acts the moment a signal fires, rather than relying on slow approval chains.

We’ve all been there: a sophisticated new model flags a critical risk. The data is clear, the projection grim. But then what? A ticket is opened. An email chain begins. A meeting is scheduled. By the time a “decision” is made, the risk has either materialized into a loss or escalated beyond easy mitigation. The insight was perfect, but the timing was catastrophic.

The short answer? Your risk signals need a commander, not just a committee. The value of a signal isn’t in its accuracy, but in the speed and authority of the response it enables.

Consider the OODA loop: Observe, Orient, Decide, Act. It’s a concept central to military strategy, developed by Colonel John Boyd. In a combat scenario, the side that can cycle through this loop faster than the adversary gains an advantage. They can observe the enemy, orient to the situation, decide on a course of action, and act on it, often before the enemy can even finish their ‘Orient’ phase.

In business operations, our data teams are often excellent at “Observe” (collecting data, detecting anomalies) and “Orient” (interpreting signals, identifying patterns). We build sophisticated models to do this. But then the loop breaks. The “Decide” and “Act” phases often become mired in organizational bureaucracy. A fraud model might flag a suspicious transaction in milliseconds, but if the approval to block it requires three layers of management sign-off and a Tuesday meeting, the money is gone. The threat doesn’t wait for your next sync.

The common mistake is to believe that building better models or more elaborate dashboards will solve the problem. We pour resources into improving “Observe” and “Orient” – accuracy, recall, precision – but neglect the velocity of “Decide” and “Act.” We treat risk mitigation as an analysis problem, not an operational imperative. We delegate action to passive reporting, rather than pre-wired controls.

Stronger operations teams understand that risk response is a decision-making challenge, not just a data display challenge. They embed the “Decide” and “Act” phases directly into their systems and processes. This means:

• Pre-authorization: For specific risk thresholds, certain actions are pre-approved and automated, or delegated to a single, empowered individual.
• Clear Playbooks: Established procedures for exactly what happens when a critical signal fires, specifying who does what, and when.
• Training and Empowerment: Operators are trained to understand the boundaries of their decision authority and are empowered to act within those bounds without constant escalation. Like a field commander, they have the mandate to respond to immediate threats.

For your next risk model or anomaly detection project, don’t just focus on the signal’s fidelity. Map out the full OODA loop. For every critical alert, ask these questions: “Who is the single person authorized to make a decision on this, right now?” and “What is the specific action they are empowered to take, immediately?” If you can’t name the person and the action without hesitation, your signal isn’t truly actionable. You’re building a dashboard, not a defense system.

If you want to understand how to build systems that act, not just report, consider joining my newsletter for more insights from the field.