Compliance registers feel comprehensive — until they miss the events that matter.
As compliance pressure builds, reporting a near-miss can start to feel like a liability. What should be a small, useful signal becomes a paper trail with real career consequences, and this leads to underreporting. When a near-miss signal is missed, risk visibility is lost. Controls start to look more effective than they are, confidence grows, compliance tightens further, and the whole loop feeds itself — quietly compounding, until something the risk register never mentioned lands without warning.
The practices that break this cycle sit outside compliance: the tradecraft of intelligence analysts, the discipline of systems thinkers, the work of futures practitioners, and the immersive techniques that engineer experiences before they are encountered. Complexity Cartography assembles those four practices into a single, deployable methodology.
John Snow did not find cholera by auditing a register. He mapped the deaths, saw the pattern, and removed the handle from the Broad Street pump.
Four disciplines, one practice
Each layer of Complexity Cartography navigates a different dimension of risk:
- Examine with intelligence tradecraft — getting underneath the assumptions no one has thought to question, and surfacing the early indicators of threats that haven’t fully formed.
- Explore with systems thinking — mapping the feedback loops, hidden structures and unintended consequences that linear analysis will never catch.
- Expand with strategic foresight — pushing beyond probability into the territory of what is plausible and possible, where the most consequential risks tend to live.
- Experience with creativity and immersion — bringing those possible futures to life so people can feel the complexity of risk, not just read about it.
The best cartographers didn’t just draw what they could see. They drew what they needed to understand. That is what Complexity Cartography asks of us as risk practitioners: not just to record the terrain, but to understand it — to reveal what the existing map can’t see, and to draw it in a way that helps others navigate. This approach seeks to shift us from compliance-driven risk management towards risk intelligence as a strategic capability.
Frequently asked questions
How does this approach differ from traditional compliance reporting?
Traditional compliance focuses on recording known events and maintaining registers, which can unintentionally incentivise underreporting. This methodology looks beyond the register to identify the underlying patterns and cultural signals that compliance frameworks often miss, shifting the focus from ticking boxes to genuine risk intelligence.
What specific disciplines are integrated into the methodology?
The practice blends four fields: intelligence tradecraft for questioning assumptions, systems thinking for mapping complexity, strategic foresight for exploring future possibilities, and creative immersion for making those risks tangible for leadership teams.
Why is underreporting such a significant focus?
When reporting a near-miss is perceived as a personal liability, vital data is lost. This lack of visibility creates a false sense of security, making controls appear more effective than they truly are. We work to break this cycle by valuing small signals as essential intelligence rather than administrative burdens.
Can this methodology be integrated into existing risk frameworks?
Yes. Rather than replacing your current systems, this approach acts as an advanced layer of analysis, providing the cartography needed to understand the terrain that your existing maps cannot see.