Michel Foucault: Patron Philosopher of Risk Management

Foucault’s ideas about power, knowledge, and the limits of systems make him a risk management role model.

The views and opinions expressed on this account are my own and do not reflect the official policy or position of my employer.  Any content provided is for informational purposes only and should not be considered or relied upon as professional advice.

Who was Michel Foucault?

Michel Foucalt was a French philosopher who spent a lot of time thinking about the limitations of the narratives we use to understand the world.  He thought that every attempt to understand the universe had limitations that could create false knowledge, and the models created to describe the universe were at their most dangerous when applied to edge cases.

For Foucault, knowledge was never a simple neutral description. What an institution accepts as true is shaped by the categories, methods, and disciplines through which it chooses to observe the world. Power and knowledge are intertwined: systems of thought do not merely record reality, they organise it.

Foucault believed that history was the best tool to examine and dismantle these narratives, and that it was essential that this historical analysis included an explicit consideration of the relationship between accepted knowledge and the factors that produce and restrain it.  Foucault was looking to understand how the biases and blindspots of our understanding of society could lead to poor decisions or corrupted knowledge.

Foucault was uninterested in replacing flawed science with new, improved science.  As every model or narrative was inevitably flawed, what interested him was the the causes and consequences of these flaws, not in fixing them.

A Contrarian That Did Not Seek Power

People can be justifiably wary of contrarians because often the act of seeking to undermine the status quo is the first step of a revolutionary towards organisational or societal change. 

At its least disruptive, contrarianism combined with a quest for power seeks to gain acceptance of a contradiction between method and outcome, before making a case for an alternative method, or an alternative outcome.  An example would be the introduction of a new scientific theory that addresses predictive failings in the established theory.

At its most disruptive, contrarianism & a quest for power seeks to undermine faith in any method before seeking power without constraint (i.e. without a stated method or outcome).  An example would be the Brexit vote: having won a referendum on the rejection of the status quo, the Conservative party sought to claim sole authority for defining the future relationship between the UK and Europe.

Contrarianism without a desire for power provides a platform for improving knowledge, method and goals.  This is what Foucault dedicated his intellectual career to. 

Applying Foucault’s Ideas to Risk Management

Foucault sought to understand how ideas were developed and implemented as a first step to understanding where they could fall down.  Risk teams can apply a similar approach to organisational narratives, models, processes and frameworks:

1. Understand how and why an organisation developed them.

2. Understand the power dynamics that shaped them.

3. Understand their known and potential flaws, gaps and limitations.

4. Seek to identify ways in which they are applied that were not foreseen / allowed for when they were created.

5. Stress test alternative approaches, where these could improve organisational understanding.

This uses historical analysis as Foucault did: to challenge received wisdom, and the structure of power within the organisation.  Risk teams must unpick the logic and assumptions of the organisation for flaws, looking for alternative, forgotten narratives, identifying lost or deleted data, and finding new ways of understanding the organisation through alternative organisational models, new sources of data and alternative analytics.  These alternative narratives do not need to be internally consistent - we are not looking for new business models, because the risk team is never (or rarely) the expert - we are simply looking for instances where the dominant narrative loses its descriptive or predictive value.

Oxgang measurement example

The choice of what to measure often reflects organisational priorities and power.  For instance, early measures of land area were typically locally-administered and related to land use or productivity.  The old English measure of an Oxgang referred to land fertility and cultivation.  Similarly, the Irish used a measure that reflected the area needed to feed a certain number of cows. These were useful measures of land area based on use - if I wanted to use my land to support a herd of cows, the Oxgang measure would tell me exactly how much land I would need to purchase in order to support them. 

However, these measures required local knowledge and were hard to validate, with the area they represented varying by terrain and soil type.  This meant that they were not particularly useful measurements for a centrally-administered bureaucracy.  As the power balance in society shifted, and technological developments allowed centralised record keeping at scale, so did the accepted measurement and quantification methodology.

Turning Foucault’s Gaze on Risk Frameworks

A risk framework does not only catalogue uncertainties, it determines which uncertainties are visible, credible, measurable, and reportable. The framework, in other words, helps create the organisation’s reality of risk.

Consider the ordinary artefacts of the risk profession: risk taxonomies, heat maps, key risk indicators, model outputs, assurance ratings, and escalation thresholds. From Foucault’s perspective they are also political:

• They privilege some forms of evidence over others.

• They prioritise what can be quantified, standardised, or clearly mitigated with controls.

• They are anchored to the organisation’s existing power bases, oversight groups, leadership roles, and management functions.

• Once a measure becomes established, it acquires authority.

• Risk framework classifications are often built on assumptions, simplifications, and exclusions that are unarticulated and uninterrogated.

Foucault’s warning is not that frameworks are bad, but that every framework can fail.  Many of the most serious organisational risks begin life in forms that are hard to count: cultural drift, decision bias, misplaced incentives, fear of escalation, weak dissent, overconfidence in models, or a leadership narrative that no longer matches operational reality. If an organisation privileges only what can be measured neatly, then these qualitative risks are pushed to the margins. If Foucault was a  risk manager he would ask a more uncomfortable question: what have our methods made difficult to see? That is often the beginning of better risk management challenge.

Applied Examples

Narrative Lense

Foucault argued that organisational discourse shapes what can be said, by whom, and with what authority. In corporate life, every institution develops a set of accepted phrases, indicators, and narratives that define what responsible management looks like. Those narratives may be sensible, but they can also harden into uninterrogated orthodoxy.

Governmentality

Governmentality refers to the way that organisations guide conduct not only through rules, but by encouraging people to internalise norms and govern themselves.  Companies talk a lot about building a strong risk culture that does not rely solely on formal policies or second-line interventions, but instead on individuals absorbing an understanding of what counts as prudent, acceptable and appropriate.

That can be constructive, but it can also produce conformity. If people learn that ‘good risk management’ means preserving the appearance of control rather than exposing uncertainty, then the culture becomes performative. The organisation starts managing its image of risk instead of the thing itself.

People’s thinking is shaped by what those in power recognise or allow as legitimate knowledge. Because individuals are influenced by these accepted ways of thinking, they often pass them on to others, which helps reinforce existing power structures.

Quantification is usually treated as the most authoritative form of knowledge, but it depends on central rules, standards, and bureaucracies to make measurements consistent. As a result, the ways organisations measure and quantify things can themselves be seen as an extension of centralised power.

Genealogy of Power

Rather than taking present categories for granted, Foucault’s method of genealogy asks how they came to be established, whose purposes they served, and what alternatives were discarded along the way. For risk managers, this is a powerful habit of mind. Why do we classify incidents in this way? Why do we trust this model? Why is one dataset considered authoritative while another is ignored? Why does one committee own the narrative? A genealogical approach does not assume the current framework is wrong. It simply refuses to assume that it is inevitable. In practice, that often reveals the sediment of old regulatory choices, legacy reporting structures, inherited metrics, and compromises that no longer fit the risks now being run.

Conclusion

So why call Foucault the patron philosopher of risk management, if that is even a thing? Because his work reminds us that every system of order is partial, that every claim to objectivity has conditions behind it, and that institutional confidence should always be tested at the margins where language, measurement, and authority begin to break down. Good risk management is not only the maintenance of frameworks. It is the disciplined suspicion that frameworks may be blinding us as well as helping us. That instinct, to question categories, expose blind spots, and challenge accepted truths without assuming one has escaped them, is what Foucault was all about.

I hope this blog sparks ideas and discussion. If you found it interesting, please share or connect with me on LinkedIn to contribute or provide feedback! 

[i] Michael Foucault, Clare O'Farrell, 2005, 978-0-7619-6163-5