Richard Anderson Some thoughts on risk management ...
The risk intelligent organisation Risk management   is about bringing a  perspective   to the management of   complicated ...
What does a RIO look like? <ul><li>The prerequisites </li></ul><ul><li>Top level buy-in </li></ul><ul><li>Links risk manag...
The risk agenda Big Ticket Agenda Internally Driven Agenda Externally Driven Agenda Disaster Risk Compliance Risk Strategi...
Risk descriptions – the model Context Event Consequences Objectives
Three types of risk Directly discernible <ul><li>Directly experienced in day to day activities </li></ul><ul><li>Cannot im...
Achieving objectives depends on... –  risk of taking on too much risk which becomes unmanageable <ul><li>Avoiding unnecess...
And doing the right amount of each Zone 3 Dead Zone Zone 1 Dead Zone Zone 2 Performance Zone Long Term Performance Low Hig...
Performance Culture Corporate Ethics Avoiding Pitfalls More Managed Risk Performance Zone Dead Zones Balanced risk
Performance Culture Corporate Ethics Avoiding Pitfalls More Managed Risk Performance Zone Dead Zones Enron? Or the Big Ban...
Performance Culture Corporate Ethics Avoiding Pitfalls More Managed Risk Performance Zone Dead Zones UK plc?
The objective Performance Culture Corporate Ethics Avoiding Pitfalls More Managed Risk Performance Zone Dead Zones
<ul><li>Interdependency </li></ul><ul><li>Guardianship </li></ul><ul><li>The extended enterprise </li></ul>Some other key ...
Objectives, Risks and Controls Objective Risk D Objective Risk A Risk B Risk C Control 1 Control 2 Control 3 Control 4 Ris...
Objectives, Risks and Controls Department A’s: Department B’s: Objective Risk D Objective Risk A Risk B Risk C Control 1 C...
Objectives, Risks and Controls Your Company Other Company Objective Risk D Objective Risk A Risk B Risk C Control 1 Contro...
Managing the linkages Objective Drivers Programmes Projects/Activities Risk Response Monitoring Internal External The  rel...
Managing the linkages Objective Drivers Programmes Projects/Activities Risk Response Monitoring <ul><li>Information rich <...
<ul><li>This gives rise to the “Railtrack” question: </li></ul><ul><li>Where Company A is responsible for the objective </...
<ul><li>Objective holders know: </li></ul><ul><ul><li>The impact of failing to achieve the objective </li></ul></ul><ul><l...
<ul><li>Implications of better managed dependency risks: </li></ul><ul><li>Risk events less likely to slip uncoordinated b...
<ul><li>The five “T’s” </li></ul><ul><li>A way of managing risk </li></ul><ul><li>Introduction to a structured approach </...
The Five-T’s <ul><li>HOW? </li></ul><ul><li>HOW? </li></ul><ul><li>Insurance </li></ul><ul><li>Contractual arrangements </...
Exercising control THE ELEMENTS OF CONTROL Likelihood Impact Individuals Organisation Information Planning Action Managers...
<ul><li>To align with strategic intent </li></ul><ul><li>To make the response “do-able” </li></ul><ul><li>To ensure that r...
And back again… Establish  Guardians An iterative process Start with the risk Identify type Establish  rationale Develop  ...
And back again… Establish  rationale Establish  Guardians Start with the risk Identify type Develop  response Monitor  res...
<ul><li>Does the response work for this risk? </li></ul><ul><li>Does the risk have any components that are different? And ...
Individuals: What we look at Risk Management Maturity Fast Clockspeed Risk Management Process Maturity Ethics and compliance
Corporately: What we look at Training, tone from the top etc Heuristics, Churn, Complexity, Automaticity Tools at fingerti...
Disaster-prone companies Top Indicators of a Disaster-Prone Organisation Blame Culture Complexity Bad Comms Tight Coupling...
Obsessions and omissions  Excessive focus on one area of risk, one process, one department or one type of risk leads to im...
Contact details [email_address] www.randerson-assocs.co.uk +44 (0)7703 503196 Richard Anderson
Upcoming SlideShare
Loading in …5
×

Key Slides

469 views

Published on

Some high level approaches to risk management by Richard Anderson &amp; Associates

Published in: Business, Economy & Finance
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
469
On SlideShare
0
From Embeds
0
Number of Embeds
36
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • June 8, 2009 Strictly Private &amp; Confidential Don&apos;t Forget the People!
  • Key Slides

    1. 1. Richard Anderson Some thoughts on risk management ...
    2. 2. The risk intelligent organisation Risk management is about bringing a perspective to the management of complicated issues in complex organisations . It is about the management (and not the avoidance ) of risk. It helps to prioritise your work and that of others in a fast moving context with an approach that is better than simple intuition and which facilitates communication between people . It is a style of thought , and is definitely not a paper chase .
    3. 3. What does a RIO look like? <ul><li>The prerequisites </li></ul><ul><li>Top level buy-in </li></ul><ul><li>Links risk management to strategic and operational management </li></ul><ul><li>Aims for simplicity and action, not bureaucracy </li></ul><ul><li>Constantly conscious of risk management performance </li></ul><ul><li>What it does </li></ul><ul><li>Deals with risk systemically </li></ul><ul><li>Throughout the organisation </li></ul><ul><li>With partners </li></ul><ul><li>Nimble with new issues </li></ul><ul><li>Can leverage risks </li></ul><ul><li>What happens </li></ul><ul><li>Takes more, better managed risks </li></ul><ul><li>Get hit by fewer surprises </li></ul><ul><li>Lives by established principles </li></ul><ul><li>Expects excellent performance </li></ul>
    4. 4. The risk agenda Big Ticket Agenda Internally Driven Agenda Externally Driven Agenda Disaster Risk Compliance Risk Strategic Risk Operational Risk Small Ticket Agenda
    5. 5. Risk descriptions – the model Context Event Consequences Objectives
    6. 6. Three types of risk Directly discernible <ul><li>Directly experienced in day to day activities </li></ul><ul><li>Cannot imagine life without balancing these risks </li></ul><ul><li>Manageable through science </li></ul><ul><li>For example treasury, foreign exchange, some IT risks </li></ul>Visible through Science <ul><li>Not a lot of prior institutional or individual experience </li></ul><ul><li>Lots of perspectives or possible outcomes </li></ul><ul><li>People liberated to argue from their own preconceptions </li></ul>Virtual
    7. 7. Achieving objectives depends on... – risk of taking on too much risk which becomes unmanageable <ul><li>Avoiding unnecessary problems </li></ul>– risk of avoiding everything, resulting in total inaction – risk of over-stretch resulting in burn-out <ul><li>Creating the right performance culture </li></ul><ul><li>Setting appropriate corporate “ethics” and behaviours </li></ul>– risk of sclerosis as every stakeholder of every decision is consulted <ul><li>Taking more managed risk </li></ul>
    8. 8. And doing the right amount of each Zone 3 Dead Zone Zone 1 Dead Zone Zone 2 Performance Zone Long Term Performance Low High Low High (i) Managed Risk Taking or (ii) Avoiding Pitfalls or (iii) Performance Culture or (iv) Corporate Ethics and Behaviours Attribute:
    9. 9. Performance Culture Corporate Ethics Avoiding Pitfalls More Managed Risk Performance Zone Dead Zones Balanced risk
    10. 10. Performance Culture Corporate Ethics Avoiding Pitfalls More Managed Risk Performance Zone Dead Zones Enron? Or the Big Banks?
    11. 11. Performance Culture Corporate Ethics Avoiding Pitfalls More Managed Risk Performance Zone Dead Zones UK plc?
    12. 12. The objective Performance Culture Corporate Ethics Avoiding Pitfalls More Managed Risk Performance Zone Dead Zones
    13. 13. <ul><li>Interdependency </li></ul><ul><li>Guardianship </li></ul><ul><li>The extended enterprise </li></ul>Some other key concepts
    14. 14. Objectives, Risks and Controls Objective Risk D Objective Risk A Risk B Risk C Control 1 Control 2 Control 3 Control 4 Risk to more than one objective Control to more than one risk
    15. 15. Objectives, Risks and Controls Department A’s: Department B’s: Objective Risk D Objective Risk A Risk B Risk C Control 1 Control 2 Control 3 Control 4 Risk to more than one objective Control to more than one risk Who owns Control 4? Who has a guardianship interest?
    16. 16. Objectives, Risks and Controls Your Company Other Company Objective Risk D Objective Risk A Risk B Risk C Control 1 Control 2 Control 3 Control 4 Risk to more than one objective Control to more than one risk Who owns Control 4? Who has a guardianship interest?
    17. 17. Managing the linkages Objective Drivers Programmes Projects/Activities Risk Response Monitoring Internal External The relationship between objective, risk and response can be linked internally, or externally, where a third party takes on the responsibility.
    18. 18. Managing the linkages Objective Drivers Programmes Projects/Activities Risk Response Monitoring <ul><li>Information rich </li></ul><ul><li>Same management control </li></ul><ul><li>Easy communication lines </li></ul><ul><li>Information poor </li></ul><ul><li>Different management span </li></ul><ul><li>Complicated communications </li></ul>The relationship between objective, risk and response can be linked internally, or externally, where a third party takes on the responsibility.
    19. 19. <ul><li>This gives rise to the “Railtrack” question: </li></ul><ul><li>Where Company A is responsible for the objective </li></ul><ul><li>But Company B manages the likelihood and timing </li></ul><ul><li>... who is managing what for whom and why? </li></ul><ul><li>Risk Intelligent Partnership </li></ul>Dependency risk
    20. 20. <ul><li>Objective holders know: </li></ul><ul><ul><li>The impact of failing to achieve the objective </li></ul></ul><ul><li>But might not know: </li></ul><ul><ul><li>The likelihood of failure; or </li></ul></ul><ul><ul><li>The timing of failure </li></ul></ul><ul><ul><li>because they are not exercising control </li></ul></ul>The knowledge deficit
    21. 21. <ul><li>Implications of better managed dependency risks: </li></ul><ul><li>Risk events less likely to slip uncoordinated between organisations </li></ul><ul><li>Reduction in the reputational impact of failure, which can be catastrophic </li></ul><ul><li>Enhances the likelihood of all industry players co-operating for mutual benefit </li></ul><ul><li>Enhances the perception of a well-regulated, efficiently functioning industry </li></ul>Dependency risk
    22. 22. <ul><li>The five “T’s” </li></ul><ul><li>A way of managing risk </li></ul><ul><li>Introduction to a structured approach </li></ul><ul><li>6-step model </li></ul>Designing risk responses
    23. 23. The Five-T’s <ul><li>HOW? </li></ul><ul><li>HOW? </li></ul><ul><li>Insurance </li></ul><ul><li>Contractual arrangements </li></ul><ul><li>Monitor </li></ul><ul><li>Get on with it </li></ul><ul><li>Stop the activity </li></ul>Tolerate Treat Transfer Terminate Take RISK
    24. 24. Exercising control THE ELEMENTS OF CONTROL Likelihood Impact Individuals Organisation Information Planning Action Managers Regulators Cultures Specific General Strategy People Tasks Drivers Detail THE FIVE DIMENSIONS OF CONTROL
    25. 25. <ul><li>To align with strategic intent </li></ul><ul><li>To make the response “do-able” </li></ul><ul><li>To ensure that relevant stakeholders are dealt with appropriately </li></ul>Objectives in designing a response
    26. 26. And back again… Establish Guardians An iterative process Start with the risk Identify type Establish rationale Develop response Common Specialist Unknown More managed risk Avoiding Pitfalls Performance Culture Corporate Ethics Strategy People Detail Tasks Drivers Monitor response Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Context Event Consequences Objectives Other interested stakeholders
    27. 27. And back again… Establish rationale Establish Guardians Start with the risk Identify type Develop response Monitor response Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 An iterative process
    28. 28. <ul><li>Does the response work for this risk? </li></ul><ul><li>Does the risk have any components that are different? And that require different responses? </li></ul><ul><li>Has the right level of granularity been achieved? </li></ul>An iterative process
    29. 29. Individuals: What we look at Risk Management Maturity Fast Clockspeed Risk Management Process Maturity Ethics and compliance
    30. 30. Corporately: What we look at Training, tone from the top etc Heuristics, Churn, Complexity, Automaticity Tools at fingertips Linkages to objectives and clarity of purpose
    31. 31. Disaster-prone companies Top Indicators of a Disaster-Prone Organisation Blame Culture Complexity Bad Comms Tight Coupling Poorly Defined Goals Over Confidence Internally focussed Involuntary Automaticity Poor Information Time
    32. 32. Obsessions and omissions Excessive focus on one area of risk, one process, one department or one type of risk leads to imbalance, the loss of perspective, lost opportunities and increased exposure to unwanted risks. Balanced attention to risk, across all domains, in a unified approach minimises misunderstanding, releases management time and effort and allows a better focused approach to achieving goals. <ul><li>We: </li></ul><ul><li>Diagnose obsessions and omissions </li></ul><ul><li>Get to grips with risk culture as well as processes </li></ul><ul><li>Focus on what matters, and what can be done </li></ul><ul><li>Makes sure it is all done in the context of your strategic goals </li></ul><ul><li>Make sure that it can live and breath after we have left </li></ul><ul><li>We do not: </li></ul><ul><li>Obsess solely about risk processes </li></ul><ul><li>Get hung up on worrisome technical detail (that all disappears to the background) </li></ul><ul><li>Aim to sell you IT systems no-one will use </li></ul><ul><li>Try to sell you insurance </li></ul><ul><li>Or get tripped up by conflicts of interest </li></ul>
    33. 33. Contact details [email_address] www.randerson-assocs.co.uk +44 (0)7703 503196 Richard Anderson

    ×