Key Slides

Richard Anderson Some thoughts on risk management ...

The risk intelligent organisation Risk management is about bringing a perspective to the management of complicated issues in complex organisations . It is about the management (and not the avoidance ) of risk. It helps to prioritise your work and that of others in a fast moving context with an approach that is better than simple intuition and which facilitates communication between people . It is a style of thought , and is definitely not a paper chase .

What does a RIO look like? The prerequisites Top level buy-in Links risk management to strategic and operational management Aims for simplicity and action, not bureaucracy Constantly conscious of risk management performance What it does Deals with risk systemically Throughout the organisation With partners Nimble with new issues Can leverage risks What happens Takes more, better managed risks Get hit by fewer surprises Lives by established principles Expects excellent performance

The risk agenda Big Ticket Agenda Internally Driven Agenda Externally Driven Agenda Disaster Risk Compliance Risk Strategic Risk Operational Risk Small Ticket Agenda

Risk descriptions – the model Context Event Consequences Objectives

Three types of risk Directly discernible Directly experienced in day to day activities Cannot imagine life without balancing these risks Manageable through science For example treasury, foreign exchange, some IT risks Visible through Science Not a lot of prior institutional or individual experience Lots of perspectives or possible outcomes People liberated to argue from their own preconceptions Virtual

Achieving objectives depends on... – risk of taking on too much risk which becomes unmanageable Avoiding unnecessary problems – risk of avoiding everything, resulting in total inaction – risk of over-stretch resulting in burn-out Creating the right performance culture Setting appropriate corporate “ethics” and behaviours – risk of sclerosis as every stakeholder of every decision is consulted Taking more managed risk

And doing the right amount of each Zone 3 Dead Zone Zone 1 Dead Zone Zone 2 Performance Zone Long Term Performance Low High Low High (i) Managed Risk Taking or (ii) Avoiding Pitfalls or (iii) Performance Culture or (iv) Corporate Ethics and Behaviours Attribute:

Performance Culture Corporate Ethics Avoiding Pitfalls More Managed Risk Performance Zone Dead Zones Balanced risk

Performance Culture Corporate Ethics Avoiding Pitfalls More Managed Risk Performance Zone Dead Zones Enron? Or the Big Banks?

Performance Culture Corporate Ethics Avoiding Pitfalls More Managed Risk Performance Zone Dead Zones UK plc?

The objective Performance Culture Corporate Ethics Avoiding Pitfalls More Managed Risk Performance Zone Dead Zones

Interdependency Guardianship The extended enterprise Some other key concepts

Objectives, Risks and Controls Objective Risk D Objective Risk A Risk B Risk C Control 1 Control 2 Control 3 Control 4 Risk to more than one objective Control to more than one risk

Objectives, Risks and Controls Department A’s: Department B’s: Objective Risk D Objective Risk A Risk B Risk C Control 1 Control 2 Control 3 Control 4 Risk to more than one objective Control to more than one risk Who owns Control 4? Who has a guardianship interest?

Objectives, Risks and Controls Your Company Other Company Objective Risk D Objective Risk A Risk B Risk C Control 1 Control 2 Control 3 Control 4 Risk to more than one objective Control to more than one risk Who owns Control 4? Who has a guardianship interest?

Managing the linkages Objective Drivers Programmes Projects/Activities Risk Response Monitoring Internal External The relationship between objective, risk and response can be linked internally, or externally, where a third party takes on the responsibility.

Managing the linkages Objective Drivers Programmes Projects/Activities Risk Response Monitoring Information rich Same management control Easy communication lines Information poor Different management span Complicated communications The relationship between objective, risk and response can be linked internally, or externally, where a third party takes on the responsibility.

This gives rise to the “Railtrack” question: Where Company A is responsible for the objective But Company B manages the likelihood and timing ... who is managing what for whom and why? Risk Intelligent Partnership Dependency risk

Objective holders know: The impact of failing to achieve the objective But might not know: The likelihood of failure; or The timing of failure because they are not exercising control The knowledge deficit

Implications of better managed dependency risks: Risk events less likely to slip uncoordinated between organisations Reduction in the reputational impact of failure, which can be catastrophic Enhances the likelihood of all industry players co-operating for mutual benefit Enhances the perception of a well-regulated, efficiently functioning industry Dependency risk

The five “T’s” A way of managing risk Introduction to a structured approach 6-step model Designing risk responses

The Five-T’s HOW? HOW? Insurance Contractual arrangements Monitor Get on with it Stop the activity Tolerate Treat Transfer Terminate Take RISK

Exercising control THE ELEMENTS OF CONTROL Likelihood Impact Individuals Organisation Information Planning Action Managers Regulators Cultures Specific General Strategy People Tasks Drivers Detail THE FIVE DIMENSIONS OF CONTROL

To align with strategic intent To make the response “do-able” To ensure that relevant stakeholders are dealt with appropriately Objectives in designing a response

And back again… Establish Guardians An iterative process Start with the risk Identify type Establish rationale Develop response Common Specialist Unknown More managed risk Avoiding Pitfalls Performance Culture Corporate Ethics Strategy People Detail Tasks Drivers Monitor response Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Context Event Consequences Objectives Other interested stakeholders

And back again… Establish rationale Establish Guardians Start with the risk Identify type Develop response Monitor response Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 An iterative process

Does the response work for this risk? Does the risk have any components that are different? And that require different responses? Has the right level of granularity been achieved? An iterative process

Individuals: What we look at Risk Management Maturity Fast Clockspeed Risk Management Process Maturity Ethics and compliance

Corporately: What we look at Training, tone from the top etc Heuristics, Churn, Complexity, Automaticity Tools at fingertips Linkages to objectives and clarity of purpose

Disaster-prone companies Top Indicators of a Disaster-Prone Organisation Blame Culture Complexity Bad Comms Tight Coupling Poorly Defined Goals Over Confidence Internally focussed Involuntary Automaticity Poor Information Time

Obsessions and omissions Excessive focus on one area of risk, one process, one department or one type of risk leads to imbalance, the loss of perspective, lost opportunities and increased exposure to unwanted risks. Balanced attention to risk, across all domains, in a unified approach minimises misunderstanding, releases management time and effort and allows a better focused approach to achieving goals. We: Diagnose obsessions and omissions Get to grips with risk culture as well as processes Focus on what matters, and what can be done Makes sure it is all done in the context of your strategic goals Make sure that it can live and breath after we have left We do not: Obsess solely about risk processes Get hung up on worrisome technical detail (that all disappears to the background) Aim to sell you IT systems no-one will use Try to sell you insurance Or get tripped up by conflicts of interest

Contact details [email_address] www.randerson-assocs.co.uk +44 (0)7703 503196 Richard Anderson

Key Slides

More Related Content

What's hot

Viewers also liked

Similar to Key Slides

Recently uploaded

Key Slides

Editor's Notes