The document discusses risks facing UK businesses and their attitudes towards risk management. Some key findings include:
- 61% of businesses surveyed say they have become more focused on risk in the last three years. However, smaller businesses are less likely to have formal business continuity plans.
- Risks are categorized into two tiers: tier one technology risks like IT and telecom failures, and tier two "talent" and environmental risks. Technology is seen as both a risk and a solution.
- Flexible working enabled by technology is seen as important for retaining employees, though talent risks are still not as high a priority as technology risks for most businesses.
- The closing comments encourage businesses to take a systematic
Expectations of Risk Management Outpacing Capabilities. It's Time For Actionmichaelszot
Developed world economies face more complex regulatory and compliance environments in the aftermath of the financial crisis, while capitalizing on opportunities in the emerging world requires companies to understand new markets and navigate attendant risks. Consequently, risk management remains at the top of the global corporate agenda.
Telecommunications Industry CEO's Discuss Capitalizing on ComplexityIBMTelecom
How will telecommunications organizations respond to rising complexity. Creative leadership is key. IBM interviews with more than 1,500 CEOs revealed that the most successful are creatively discovering ways to capitalize on complexity.
The Neuroscience of Wisdom - The Development and Application of Wisdom in a B...Merryck_Mentors
In this February 5, 2013 webcast we explore the leadership development link between age and wisdom. In an era when an increasing number of executives assume top leadership roles at a younger age, is this an area of business risk or business opportunity? And is "wisdom" itself even a term that has cachet in a C-suite or HiPo context, or is it the elephant in the room as seasoned leaders prepare for retirement?
In this discussion, Dr Ethan Kross from the University of Michigan and Merryck CEO David Reimer review the latest research on wisdom and its implications for talent professionals. Key discussion points included:
- What does "wisdom" mean in a business and complex problem-solving context?
- What does the latest research tell us about wisdom and the brain as it ages?
- Does wisdom produce meaningful differences in approaches to problem-solving?
- Can a person's wisdom be developed earlier (younger) in their career?
- What specific strategies have been lab-tested, and how are large companies deploying similar efforts?
This webcast is part of our ongoing 2013 exploration of effective experience and knowledge transfer at the tops of organizations as a result of generational turnover.
Here is a decision matrix that allows you more comfort that you have made the right decision under risk conditions. The second tool allows you to compare your "effort vs. Impact" to help you prioritize.
Leadership in a crisis responding to the coronavirus outbreakGraham Watson
What leaders need during a crisis is
not a predefined response plan but
behaviours and mindsets that will prevent
them from overreacting to yesterday’s
developments and help them look ahead.
The document discusses how to help clients effectively manage risks. It recommends that advisors (1) ensure clients understand the risks they face and have strong risk management processes, (2) provide timely advice and help on strategic, operational and management risks, and (3) protect clients from increased costs, fines and other negative impacts by promoting good quality, focused risk management.
This document is the September 2012 issue of Ethical Corporation magazine. It contains summaries of articles on topics related to corporate responsibility and sustainability such as responsible reporting, green building models, supplier engagement, and the GM food labeling debate. The magazine also advertises an upcoming conference on CR reporting and communications strategies and previews content in the issue on sustainability salaries, ethical banking, Kimberly-Clark's sustainability efforts, and an essay on leadership.
Expectations of Risk Management Outpacing Capabilities. It's Time For Actionmichaelszot
Developed world economies face more complex regulatory and compliance environments in the aftermath of the financial crisis, while capitalizing on opportunities in the emerging world requires companies to understand new markets and navigate attendant risks. Consequently, risk management remains at the top of the global corporate agenda.
Telecommunications Industry CEO's Discuss Capitalizing on ComplexityIBMTelecom
How will telecommunications organizations respond to rising complexity. Creative leadership is key. IBM interviews with more than 1,500 CEOs revealed that the most successful are creatively discovering ways to capitalize on complexity.
The Neuroscience of Wisdom - The Development and Application of Wisdom in a B...Merryck_Mentors
In this February 5, 2013 webcast we explore the leadership development link between age and wisdom. In an era when an increasing number of executives assume top leadership roles at a younger age, is this an area of business risk or business opportunity? And is "wisdom" itself even a term that has cachet in a C-suite or HiPo context, or is it the elephant in the room as seasoned leaders prepare for retirement?
In this discussion, Dr Ethan Kross from the University of Michigan and Merryck CEO David Reimer review the latest research on wisdom and its implications for talent professionals. Key discussion points included:
- What does "wisdom" mean in a business and complex problem-solving context?
- What does the latest research tell us about wisdom and the brain as it ages?
- Does wisdom produce meaningful differences in approaches to problem-solving?
- Can a person's wisdom be developed earlier (younger) in their career?
- What specific strategies have been lab-tested, and how are large companies deploying similar efforts?
This webcast is part of our ongoing 2013 exploration of effective experience and knowledge transfer at the tops of organizations as a result of generational turnover.
Here is a decision matrix that allows you more comfort that you have made the right decision under risk conditions. The second tool allows you to compare your "effort vs. Impact" to help you prioritize.
Leadership in a crisis responding to the coronavirus outbreakGraham Watson
What leaders need during a crisis is
not a predefined response plan but
behaviours and mindsets that will prevent
them from overreacting to yesterday’s
developments and help them look ahead.
The document discusses how to help clients effectively manage risks. It recommends that advisors (1) ensure clients understand the risks they face and have strong risk management processes, (2) provide timely advice and help on strategic, operational and management risks, and (3) protect clients from increased costs, fines and other negative impacts by promoting good quality, focused risk management.
This document is the September 2012 issue of Ethical Corporation magazine. It contains summaries of articles on topics related to corporate responsibility and sustainability such as responsible reporting, green building models, supplier engagement, and the GM food labeling debate. The magazine also advertises an upcoming conference on CR reporting and communications strategies and previews content in the issue on sustainability salaries, ethical banking, Kimberly-Clark's sustainability efforts, and an essay on leadership.
The 7-point business continuity guide from the Chartered Management Institute provides steps to develop an effective continuity plan for any business. The steps include: 1) Communicating the need for a plan to all staff, 2) Creating a complete picture of business operations, 3) Evaluating risks and prioritizing failures, 4) Evaluating current planning and costs to address gaps, 5) Developing a risk strategy and action plan, 6) Establishing procedures and rehearsing the plan, 7) Regularly reviewing and testing the plan with different scenarios. Following these steps can help businesses reduce disruption impacts and "shock-proof" operations.
Royal Resort Cap Malabata aims to be the leading resort on Morocco's Mediterranean coast. It will mix Mediterranean and Moroccan influences in an authentic yet innovative development located on Cape Malabata with stunning natural beauty and views. The master plan includes luxury villas, townhouses, apartments, boutique hotels, a convention center, marina, golf course, and more to attract families and conventions. It aims to create a lively community with a variety of housing, dining, and leisure activities while preserving the natural environment.
The document presents the vision and components for the Amman Diplomatic Quarter project. The vision is for it to be an exclusive mixed-use development offering places for living, working, and leisure. It will include areas for residences, including luxury villas and embassies; office and event spaces; and open spaces, shopping, and recreation. The residential area will be more private while the Forest Plaza and Park areas will be more public and include commercial and leisure facilities. Embassies will be available in different sizes and configurations to meet various countries' needs.
Hatamania (hatamania.ua) создает инструмент по продаже недвижимости, который помещается на ладони.
Используйте, когда Ваши клиенты действительно важны для Вас!
Превращает смартфон или планшет в эффективный инструмент работы!
Отчет с АСНУ 2013 - http://hatamania.ua/blog/view/admin/4-2013-05-19-yubk--more--chudesn--y-rassvet--yalta-inturist-i-konferentsiya-asnu-2013---/
Three-fifths of businesses now equip the majority of employees with the ability to work remotely. Flexible working is felt to boost employee satisfaction, create a more productive place to work, develop a more flexible workforce and lower costs due to reduced demand for office space. While overcoming fears of reduced productivity, impact on teamwork and blurring of home/work boundaries were initial challenges, in reality these fears are typically unfounded. Three quarters of flexible employees report improved job satisfaction and work-life balance.
The document provides information about an upcoming executive education short course on applied economics. It will be a 2-day workshop taught by Dr. Yeah Kim Leng, Dean of the School of Business at Malaysia University of Science and Technology. The workshop will provide senior executives and analysts with practical tools for economic analysis and help them better understand and monitor economic trends and issues. Participants will learn key economic concepts and indicators, practice data analysis, and build their own economics dashboard to enhance business planning. The interactive course uses presentations, case studies, and exercises to illustrate principles of economic analysis.
This document provides guidance on developing and implementing a risk appetite framework. It discusses how establishing risk appetite is important for meeting corporate governance requirements and addressing stakeholder expectations. It also notes that while the concept of risk appetite is straightforward, effectively defining and applying it in practice presents challenges. The document aims to help organizations better manage risk and meet governance duties by offering practical advice to boards and executives on assessing their risk tolerance. It received input from various professional associations and risk consulting firms who endorse the guidance and see risk appetite as a key topic for ongoing discussion.
A Bridge Too Far? Risk Appetite, Governance and Corporate Strategy (Whitepaper)NAFCU Services Corporation
“Many firms have made progress in developing their risk appetite frameworks and have
begun multiyear projects to improve the supporting IT infrastructure,” said David M.
Wallace, Global Financial Services Marketing Manager at SAS. “As a provider of risk
solutions, we have seen much more interest over the past three years in firms looking to
have additional technology to support a firmwide view of risk exposures. Learn more at: www.nafcu.org/sas
The document discusses risk management challenges in a VUCA (volatile, uncertain, complex, ambiguous) business environment. It describes key aspects of the VUCA landscape including disruptive technologies, risks from events like pandemics or natural disasters. To effectively manage risks, companies must embrace VUCA and have a risk-based decision making process across all levels. They also need to monitor early warning indicators, think beyond standard responses, and ensure everyone in the organization is risk-aware and accountable. Conducting independent reviews can help ensure a company's risk management system remains fit for the changing VUCA context.
These slides are from The Risk Doctor, David Hillson's, section of the presentation at the recent APM Wessex branch afternoon risk workshop. This event was held at the Ageas Bowl in Southampton on Tuesday 1st April 2014.
David Hillson is an honorary fellow of APM and is known globally as 'The Risk Doctor'. David is well-known as an excellent speaker, presenter and trainer. Countless individuals, teams and organisations have benefited from his blend of thought-leadership with practical application, presented in an accessible style that combines clarity with humour. David’s speaking is guided by the Risk Doctor motto: “Understand profoundly so you can explain simply”.
David sat on the panel of experts for this workshop-based event and shared his expertise with delegates who were looking for a learning experience in risk.
ITS 835Chapter 12Measuring Performance at mariuse18nolet
ITS 835
Chapter 12
Measuring Performance at Intuit
Enterprise Risk Management
Dr. James C. Hyatt
Miguel Buleje
Introduction
Intuit’s ERM Journey
ERM Maturity Model
Benefits of Measuring Performance in ERM Models
ERM Performance Measurement and Reporting
Conclusion
Intuit’s ERM Journey
INTRO to Intuit: Biz and Financial Software Corporation. Offerings include QuickBooks, Quicken, Turbo Tax
Began with ad hoc risk management
Very common entry point
Escalated to ERM when seminal event occurred
Desire was to stop firefighting and start prevention.
Proactive approach, as resources were pulled from Operations
Intuit ERM Core Principles
Enterprise-wide risk framework
Risk assessment is ongoing
Focus on most significant risks
Ownership and accountability
Measure and monitor performance
ERM Maturity Model
Risk Management Maturity Model
Stakeholders Value increases as Risk Management Capability Increase
Ad Hoc Risk Management - Starting Point
Targeted Risk Management – progress and next step. More proactive. Organized.
Integrated Risk Framework – Really taking this the next level with formal framework. Value starts to increase
Risk Intelligence - Feedback loop. Really taking advantage to predict, and use intelligence to take action.
Risk Leadership – Move from Reactive to Proactive. Optimize and Capitalize positive outcomes around risk.
4
Benefits of Measuring Performance in ERM Models
Key Performance Indicators (KPI)
Based on business objectives
Quantitative and qualitative KPI
Leading (looking into future/ predictive approach) and
Lagging (trending / historical performance) indicators
Input, process, and output indicators ( optimized for end to end processes).
KPIs must be
Tangible
Flexible
Standardized
Outcome or objective focused
ERM Performance Measurement and Reporting
First evolution - ERM process adoption
Second evolution – Risk Mitigation Process Management
Third Evolution – Multidimensional Risk Management Performance Measurement
Outcome: executive dashboard for reporting.
ERM Process Adoption
7
Risk Mitigation Process Management
Multidimensional Risk Management Performance Measurement
3er Evolution
Culmination of INTUIT enterprise risk management: Dashboards
KPI status by risk.
Clear where attention goes, by Risk .
They do not care about green. Focus on Reds and Yellow.
At a glance exes are able to determine what risk would cause issues.
9
Conclusion
At Intuit, risk management is everyone’s responsibility
ERM must be a core business competency
Coordination is a key to success
ERM Recognizes
Upside opportunity
Downside risk
ERM process is regularly audited
ERM is an integral part of Intuit’s operating model
Sheet1TitleYearLengthViolence timeInjuriesFatal injuriesGood/neutral injuriesGood/neutral fatalitiesBad injuriesBad fatalitiesSnow White and the Seven Dwarfs19375040474211011Fantasia19407200307111100Pinoc ...
This document provides an introduction to enterprise risk management (ERM). It discusses how ERM aims to protect and increase value for an organization by taking an integrated approach to managing risks across the entire enterprise. ERM calls for high-level oversight of all risks on a portfolio basis. The document provides background on the evolution of risk management and outlines some of the key risks organizations face today from globalization and other factors. It also notes that chief risk officers and risk committees are important for overseeing ERM.
This document discusses risk management strategies. It begins by defining risk and its importance in projects and organizations. It then discusses different risk management strategies used by healthcare companies to control costs and ensure sustainability. It also discusses using a risk matrix to help assess and estimate different risk levels and the appropriate handling strategies. Finally, it discusses identifying risks in the critical path of a project as the first step in the risk management process in order to determine what specific risks may affect the project and help mitigate delays.
FERMA European Risk Management Benchmarking Survey 2012 – BrochureFERMA
This document summarizes the key findings of the 6th edition of the FERMA Risk Management Benchmarking Survey from 2012. Some of the main findings include:
1. Business compliance and legal requirements remain the main external factors triggering risk management, but shareholder requirements are now the second most important.
2. The impacts of the EU 8th Company Law Directive are still poorly understood and integrated by many companies.
3. There is a correlation found between higher levels of risk management maturity and better company performance in terms of profitability and growth.
4. Market competition and business/regulatory risks remain the top risk priorities according to the survey.
Jonathon Simon, a senior manager at Ernst & Young, presented on risk management. He discussed (1) defining risk management and the risk management lifecycle, (2) examples of good and bad risk management practices, and (3) critical success factors for effective risk management including being proactive and conducting regular risk assessments and scenario planning. The presentation also included an EY case study about implementing robust risk management processes for a government health project.
This document is a term paper submitted by Anu Damodaran to her faculty guide, Mr. C.T. Sunil, in partial completion of her MBA program at Amity University in Dubai. The paper is titled "To study ERM - A competitive edge for the company and how it adds value to its shareholders". The introduction provides background on enterprise risk management (ERM) and its importance for businesses facing various strategic, market, operational and financial risks. The paper will review literature on ERM and explore how companies can implement ERM through risk mapping and maturity models. It will also discuss the advantages, suitability and limitations of ERM for businesses.
FERMA Survey Part 1 - The Maturity of Risk Management in EuropeFERMA
The document summarizes key findings from a European survey on enterprise risk management (ERM) maturity conducted in 2012. It finds that companies with more mature risk management practices tend to outperform their peers financially, with those having advanced practices generating stronger growth in both earnings before interest, taxes, depreciation, and amortization (EBITDA) and revenue compared to those with more emerging practices. The study assessed ERM maturity across four categories - risk governance, risk practices and tools, risk reporting and communication, and risk management function alignment - and found positive correlations between higher maturity levels and better financial performance metrics.
This document provides information about the "Elevating Risk Management From Business Process To Value Creator" conference to be held March 3-6, 2014 in Dubai, UAE. It includes details about early bird discounts for booking before December 12, 2013, as well as an agenda with sessions on quantifying risk, integrating risk management best practices, examining regional risk landscapes, and more. Featured speakers will provide case studies and insights on implementing effective risk management frameworks at organizations like ENOC, Ma'aden, and Network Rail. Attendees from risk management, internal audit, project management and other functions can gain strategies to help drive value through risk management.
1. Operational risk has historically been reactive rather than proactively managed, but regulatory changes like Basel II require banks to explicitly measure and hold capital for operational risk.
2. While measurement is important for management, models based solely on historical loss data have limitations given constant changes in technology and organizations. Overreliance on quantitative models can distract from effective operational risk management.
3. The goal of operational risk management is to reduce the frequency and impact of rare but major events, rather than focus only on more frequent minor losses. A balanced, qualitative and quantitative approach is needed.
The 7-point business continuity guide from the Chartered Management Institute provides steps to develop an effective continuity plan for any business. The steps include: 1) Communicating the need for a plan to all staff, 2) Creating a complete picture of business operations, 3) Evaluating risks and prioritizing failures, 4) Evaluating current planning and costs to address gaps, 5) Developing a risk strategy and action plan, 6) Establishing procedures and rehearsing the plan, 7) Regularly reviewing and testing the plan with different scenarios. Following these steps can help businesses reduce disruption impacts and "shock-proof" operations.
Royal Resort Cap Malabata aims to be the leading resort on Morocco's Mediterranean coast. It will mix Mediterranean and Moroccan influences in an authentic yet innovative development located on Cape Malabata with stunning natural beauty and views. The master plan includes luxury villas, townhouses, apartments, boutique hotels, a convention center, marina, golf course, and more to attract families and conventions. It aims to create a lively community with a variety of housing, dining, and leisure activities while preserving the natural environment.
The document presents the vision and components for the Amman Diplomatic Quarter project. The vision is for it to be an exclusive mixed-use development offering places for living, working, and leisure. It will include areas for residences, including luxury villas and embassies; office and event spaces; and open spaces, shopping, and recreation. The residential area will be more private while the Forest Plaza and Park areas will be more public and include commercial and leisure facilities. Embassies will be available in different sizes and configurations to meet various countries' needs.
Hatamania (hatamania.ua) создает инструмент по продаже недвижимости, который помещается на ладони.
Используйте, когда Ваши клиенты действительно важны для Вас!
Превращает смартфон или планшет в эффективный инструмент работы!
Отчет с АСНУ 2013 - http://hatamania.ua/blog/view/admin/4-2013-05-19-yubk--more--chudesn--y-rassvet--yalta-inturist-i-konferentsiya-asnu-2013---/
Three-fifths of businesses now equip the majority of employees with the ability to work remotely. Flexible working is felt to boost employee satisfaction, create a more productive place to work, develop a more flexible workforce and lower costs due to reduced demand for office space. While overcoming fears of reduced productivity, impact on teamwork and blurring of home/work boundaries were initial challenges, in reality these fears are typically unfounded. Three quarters of flexible employees report improved job satisfaction and work-life balance.
The document provides information about an upcoming executive education short course on applied economics. It will be a 2-day workshop taught by Dr. Yeah Kim Leng, Dean of the School of Business at Malaysia University of Science and Technology. The workshop will provide senior executives and analysts with practical tools for economic analysis and help them better understand and monitor economic trends and issues. Participants will learn key economic concepts and indicators, practice data analysis, and build their own economics dashboard to enhance business planning. The interactive course uses presentations, case studies, and exercises to illustrate principles of economic analysis.
This document provides guidance on developing and implementing a risk appetite framework. It discusses how establishing risk appetite is important for meeting corporate governance requirements and addressing stakeholder expectations. It also notes that while the concept of risk appetite is straightforward, effectively defining and applying it in practice presents challenges. The document aims to help organizations better manage risk and meet governance duties by offering practical advice to boards and executives on assessing their risk tolerance. It received input from various professional associations and risk consulting firms who endorse the guidance and see risk appetite as a key topic for ongoing discussion.
A Bridge Too Far? Risk Appetite, Governance and Corporate Strategy (Whitepaper)NAFCU Services Corporation
“Many firms have made progress in developing their risk appetite frameworks and have
begun multiyear projects to improve the supporting IT infrastructure,” said David M.
Wallace, Global Financial Services Marketing Manager at SAS. “As a provider of risk
solutions, we have seen much more interest over the past three years in firms looking to
have additional technology to support a firmwide view of risk exposures. Learn more at: www.nafcu.org/sas
The document discusses risk management challenges in a VUCA (volatile, uncertain, complex, ambiguous) business environment. It describes key aspects of the VUCA landscape including disruptive technologies, risks from events like pandemics or natural disasters. To effectively manage risks, companies must embrace VUCA and have a risk-based decision making process across all levels. They also need to monitor early warning indicators, think beyond standard responses, and ensure everyone in the organization is risk-aware and accountable. Conducting independent reviews can help ensure a company's risk management system remains fit for the changing VUCA context.
These slides are from The Risk Doctor, David Hillson's, section of the presentation at the recent APM Wessex branch afternoon risk workshop. This event was held at the Ageas Bowl in Southampton on Tuesday 1st April 2014.
David Hillson is an honorary fellow of APM and is known globally as 'The Risk Doctor'. David is well-known as an excellent speaker, presenter and trainer. Countless individuals, teams and organisations have benefited from his blend of thought-leadership with practical application, presented in an accessible style that combines clarity with humour. David’s speaking is guided by the Risk Doctor motto: “Understand profoundly so you can explain simply”.
David sat on the panel of experts for this workshop-based event and shared his expertise with delegates who were looking for a learning experience in risk.
ITS 835Chapter 12Measuring Performance at mariuse18nolet
ITS 835
Chapter 12
Measuring Performance at Intuit
Enterprise Risk Management
Dr. James C. Hyatt
Miguel Buleje
Introduction
Intuit’s ERM Journey
ERM Maturity Model
Benefits of Measuring Performance in ERM Models
ERM Performance Measurement and Reporting
Conclusion
Intuit’s ERM Journey
INTRO to Intuit: Biz and Financial Software Corporation. Offerings include QuickBooks, Quicken, Turbo Tax
Began with ad hoc risk management
Very common entry point
Escalated to ERM when seminal event occurred
Desire was to stop firefighting and start prevention.
Proactive approach, as resources were pulled from Operations
Intuit ERM Core Principles
Enterprise-wide risk framework
Risk assessment is ongoing
Focus on most significant risks
Ownership and accountability
Measure and monitor performance
ERM Maturity Model
Risk Management Maturity Model
Stakeholders Value increases as Risk Management Capability Increase
Ad Hoc Risk Management - Starting Point
Targeted Risk Management – progress and next step. More proactive. Organized.
Integrated Risk Framework – Really taking this the next level with formal framework. Value starts to increase
Risk Intelligence - Feedback loop. Really taking advantage to predict, and use intelligence to take action.
Risk Leadership – Move from Reactive to Proactive. Optimize and Capitalize positive outcomes around risk.
4
Benefits of Measuring Performance in ERM Models
Key Performance Indicators (KPI)
Based on business objectives
Quantitative and qualitative KPI
Leading (looking into future/ predictive approach) and
Lagging (trending / historical performance) indicators
Input, process, and output indicators ( optimized for end to end processes).
KPIs must be
Tangible
Flexible
Standardized
Outcome or objective focused
ERM Performance Measurement and Reporting
First evolution - ERM process adoption
Second evolution – Risk Mitigation Process Management
Third Evolution – Multidimensional Risk Management Performance Measurement
Outcome: executive dashboard for reporting.
ERM Process Adoption
7
Risk Mitigation Process Management
Multidimensional Risk Management Performance Measurement
3er Evolution
Culmination of INTUIT enterprise risk management: Dashboards
KPI status by risk.
Clear where attention goes, by Risk .
They do not care about green. Focus on Reds and Yellow.
At a glance exes are able to determine what risk would cause issues.
9
Conclusion
At Intuit, risk management is everyone’s responsibility
ERM must be a core business competency
Coordination is a key to success
ERM Recognizes
Upside opportunity
Downside risk
ERM process is regularly audited
ERM is an integral part of Intuit’s operating model
Sheet1TitleYearLengthViolence timeInjuriesFatal injuriesGood/neutral injuriesGood/neutral fatalitiesBad injuriesBad fatalitiesSnow White and the Seven Dwarfs19375040474211011Fantasia19407200307111100Pinoc ...
This document provides an introduction to enterprise risk management (ERM). It discusses how ERM aims to protect and increase value for an organization by taking an integrated approach to managing risks across the entire enterprise. ERM calls for high-level oversight of all risks on a portfolio basis. The document provides background on the evolution of risk management and outlines some of the key risks organizations face today from globalization and other factors. It also notes that chief risk officers and risk committees are important for overseeing ERM.
This document discusses risk management strategies. It begins by defining risk and its importance in projects and organizations. It then discusses different risk management strategies used by healthcare companies to control costs and ensure sustainability. It also discusses using a risk matrix to help assess and estimate different risk levels and the appropriate handling strategies. Finally, it discusses identifying risks in the critical path of a project as the first step in the risk management process in order to determine what specific risks may affect the project and help mitigate delays.
FERMA European Risk Management Benchmarking Survey 2012 – BrochureFERMA
This document summarizes the key findings of the 6th edition of the FERMA Risk Management Benchmarking Survey from 2012. Some of the main findings include:
1. Business compliance and legal requirements remain the main external factors triggering risk management, but shareholder requirements are now the second most important.
2. The impacts of the EU 8th Company Law Directive are still poorly understood and integrated by many companies.
3. There is a correlation found between higher levels of risk management maturity and better company performance in terms of profitability and growth.
4. Market competition and business/regulatory risks remain the top risk priorities according to the survey.
Jonathon Simon, a senior manager at Ernst & Young, presented on risk management. He discussed (1) defining risk management and the risk management lifecycle, (2) examples of good and bad risk management practices, and (3) critical success factors for effective risk management including being proactive and conducting regular risk assessments and scenario planning. The presentation also included an EY case study about implementing robust risk management processes for a government health project.
This document is a term paper submitted by Anu Damodaran to her faculty guide, Mr. C.T. Sunil, in partial completion of her MBA program at Amity University in Dubai. The paper is titled "To study ERM - A competitive edge for the company and how it adds value to its shareholders". The introduction provides background on enterprise risk management (ERM) and its importance for businesses facing various strategic, market, operational and financial risks. The paper will review literature on ERM and explore how companies can implement ERM through risk mapping and maturity models. It will also discuss the advantages, suitability and limitations of ERM for businesses.
FERMA Survey Part 1 - The Maturity of Risk Management in EuropeFERMA
The document summarizes key findings from a European survey on enterprise risk management (ERM) maturity conducted in 2012. It finds that companies with more mature risk management practices tend to outperform their peers financially, with those having advanced practices generating stronger growth in both earnings before interest, taxes, depreciation, and amortization (EBITDA) and revenue compared to those with more emerging practices. The study assessed ERM maturity across four categories - risk governance, risk practices and tools, risk reporting and communication, and risk management function alignment - and found positive correlations between higher maturity levels and better financial performance metrics.
This document provides information about the "Elevating Risk Management From Business Process To Value Creator" conference to be held March 3-6, 2014 in Dubai, UAE. It includes details about early bird discounts for booking before December 12, 2013, as well as an agenda with sessions on quantifying risk, integrating risk management best practices, examining regional risk landscapes, and more. Featured speakers will provide case studies and insights on implementing effective risk management frameworks at organizations like ENOC, Ma'aden, and Network Rail. Attendees from risk management, internal audit, project management and other functions can gain strategies to help drive value through risk management.
1. Operational risk has historically been reactive rather than proactively managed, but regulatory changes like Basel II require banks to explicitly measure and hold capital for operational risk.
2. While measurement is important for management, models based solely on historical loss data have limitations given constant changes in technology and organizations. Overreliance on quantitative models can distract from effective operational risk management.
3. The goal of operational risk management is to reduce the frequency and impact of rare but major events, rather than focus only on more frequent minor losses. A balanced, qualitative and quantitative approach is needed.
This document provides an introduction and overview of the book "Risk Taking: A Corporate Governance Perspective". It was created based on workshops conducted by the authors for over 1,000 corporate directors and managers in developing countries from 2010-2012. The workshops and book aim to enhance boards' capabilities for overseeing risk management. It discusses how risk taking is an essential but uncertain part of business that boards must effectively govern. It then previews the contents and target audience of directors for the various sections covering topics like defining risk, measuring risk-adjusted value, tools for risk decision making, and building a strategic risk-taking organization.
The current Covid-19 pandemic has posed a huge challenge for world leaders. Being one of the most unprecedented crises the world has seen in the 21st century, it has surely tested the competence of leaders. Decisions made by leaders are not simple binary answers but the result of opposing ideas.
Covid-19 has consumed too many lives since it started. While the situation is out of our hands, country leaders are put in the most controversial position every time a decision has to be made. Most of these decisions are based on quick logical thinking in the spur of the moment.
Building a sustainable enterprise collaboratively using a wiki 5 2 11vaxelrod
Using a wiki to enable learning leaders to use The Sustainable Enterprise Fieldbook as an interactive text.
For complete leaders guides, register at www.thesustainableenterprisefieldbook.net
Strategic Planning Society Webinar- Integrating Strategy and Risk ManagementAndrew Smart
• The credit crunch and its subsequent fall-out has rewritten the rules on strategy execution and risk management.
• The balanced scorecard and risk management approaches have evolved as silo processes over approximately 20 years – an approach that integrates both is a natural evolution.
• To effectively streamline management and regulatory reporting, organisations need to adopt an integrated framework, which covers strategy execution, risk management & compliance.
Similar to Unified Comms Exploring Attitudes Towards Risk (20)
2. LENGTH
17
Pages
22
2
READ TIME
1.5
Cups of tea
PEOPLE SURVEYED
615 Senior
managers
Contents
SECTIONS
1 Preface
page 4
2 Landscape of risk
page 5
3 Executive summary
page 6
4 Waking up to risk
page 8
5 Weighing up the risk
page 10
6 Taking the risk
page 14
7
A closing thought
page 17
3. The people behind it
Carolyn Williams, Head of Thought Leadership, The Institute of Risk Management
Carolyn Williams MA ACII MIRM is Head of Thought Leadership at the Institute of Risk Management, the leading international educational and
training body for the risk management profession. Thought leadership involves tracking what’s going on in the world of risk management and
bringing it back into the Institute’s publications and events, and also communicating the work of the Institute to the wider world.
Carolyn joined the IRM in 2006 from Lloyd’s of London, where she was responsible most recently for risk management training and
communication. She is also a member of the Chartered Insurance Institute’s Qualifications, Examinations and Assessments Committee and of
the Advisory Board for Nottingham University’s Centre for Risk and Insurance Studies.
Andrew Dalglish, Director, Circle Research
Andrew has specialised in B2B research for over a decade and co-founded Circle Research in 2006. He is a columnist for B2B Marketing
Magazine, a frequent speaker at leading events such as the Social Media World Forum and teaches the MRS B2B research course.
Andrew holds an Honours degree in Psychology from Aberdeen University, an MSc in Marketing from Strathclyde University and the MRS diploma.
Petra Wilton, Director of Policy & Research, The Chartered Management Institute
At the CMI, Petra Wilton takes a lead role in building partnerships in the public policy arena and promoting the needs of practising managers
through engaging with and accessing the views of the CMI’s 90,000 members. Through a bespoke research programme and policy initiatives,
these views are shared with those in Government, business, education and the media.
Petra manages the All Party Parliamentary Group on Management and represents the Institute on various external groups including the
Department for Business, Innovation and Skills’ Management and Leadership Network Group and Professions for Good.
Petra has an MA (Hons) in History from Cambridge University and is a Fellow of the RSA.
Lee Glendon, Head of Research & Advocacy, The Business Continuity Institute
Lee Glendon is Head of Research & Advocacy at the Business Continuity Institute, the leading institute for Business Continuity Management
practitioners with over 7,000 members in more than 100 countries. Lee holds the Certificate of the BCI (CBCI) with merit and is author of a
number of studies on the future of risk management, and supply chain resilience. Prior to the BCI, Lee worked in the telecoms sector for 10
years in the UK and Germany working across innovate start-up ventures and major blue chips.
Roger McLoughlin, Business Continuity Manager, Vodafone UK Ltd
Roger joined Vodafone UK in 2001. His responsibilities include managing the implementation and maintenance of Business Continuity and
Crisis Management across Vodafone. He is also a consultant on Business Continuity best practice to the Vodafone Global Business Continuity
and Risk community. As a result of his work, Vodafone UK was the first Mobile Telecommunications company in the world to achieve
certification of BS25999 for its network and subsequently also won Business Continuity strategy of the year at the prestigious CIR Business
Continuity Awards 2009. Roger is a well respected figure in Business Continuity and has had articles published in The Journal of Business
Continuity and Emergency Planning, The Forrester Report and Talking Business Continuity. Roger is a member of the Business Continuity
Institute where he is also a membership assessor.
4. preface landscape of risk Executive summary Waking up to risk weighing up the risk taking the risk A closing thought
Preface
We’re waking up to risk.
Business Continuity as a profession began as far back as the 1970s when engineers
looked at developing reliable methods to recover lost data if their mainframe
computer suffered a ‘disaster’. They coined the term “Disaster Recovery”.
Since then business continuity has been on a journey of evolution that still
continues today.
This sparked the realisation that this same disaster recovery planning could be
applied to other areas of the business. This holistic approach became known as
Business Continuity Management (BCM).
Recent developments in BCM have focused on integrating different aspects of
continuity and developing best practices. This has led to the recently launched
International Business Continuity Standard, ISO22301, which Vodafone is proud to
be piloting.
The pages which follow reflect this growing awareness of risk and response.
It’s encouraging to see that many have now adopted the principles of business
continuity planning. More encouraging still is that these plans are viewed as
valuable, practical tools rather than a ‘tick box’ exercise.
When reviewing our own business continuity plans here at Vodafone, we ask
questions that might act as a useful companion when you browse this report:
• what are the most critical things that we need to protect?
• as a business, what is it that we do and what could cause this to stop?
• what actions do we need to take should the worst happen?
4
5. preface landscape of risk Executive summary Waking up to risk weighing up the risk taking the risk A closing thought
Landscape of risk
Businesses of all types have always been vulnerable to risk. However, in recent years,
the type of risks faced have changed both in their nature and our attitude towards
them.
As small business owners and managers we’re much more conscious of the threats
faced and how they can hit us when least expected. The riots of 2011 brutally
reminded us of this.
But beyond this flashpoint, fundamental change in the risk landscape has been
brewing for a long time. Technology has liberated and enabled us, but at the same
time has created a new category of risk. The interconnected, globalised world in which
we now live has made risk more complex and the repercussions of an incident harder
to predict. At the same time there’s been no respite from ‘traditional’ risks like natural
disaster, civil unrest and pandemic.
This second report in Vodafone’s Perspective series explores how UK businesses view
and respond to risk. It answers questions such as:
• where does risk management sit on the business agenda?
• what risks do businesses fear most and how are they responding?
• what role does technology have in creating and responding to risk?
Our aim in producing this report is to help businesses find better ways of working and
to provide a tool which assists with running your business. As with other reports in the
Perspective series, the guiding principle is to strike a healthy balance between opinion
and fact, theory and practice, observation and advice.
“It’s important to consider all risk and
disruption actually have business At the core of the analysis is a primary research survey commissioned by Vodafone.
Conducted by Circle Research in October 2011, the survey canvassed the opinion of
consequences such as loss of revenue, 615 senior managers in small (1-99 employees), medium (100-499) and large (500+)
increased costs or even reputational UK businesses.
damage. But even if no disruption occurs,
The findings are further complemented with selected extracts from the Chartered
businesses can use Business Continuity Management Institute’s (CMI) 2012 Business Continuity Management survey and a
Management to demonstrate that they are closing chapter written by the Institute of Risk Management (IRM) which explores the
future of risk.
a well-managed business – this brings
other benefits such as a better credit rating We hope you find the report interesting reading and explore the resources available at
www.vodafone.co.uk/perspective
and lower insurance premiums”
Lee Glendon, HEAD OF RESEARCH, The Business
Continuity Institute
5
6. preface landscape of risk Executive summary Waking up to risk weighing up the risk taking the risk A closing thought
Executive summary
Key findings
This report reveals that:
• the focus on risk is intensifying
• business owners and managers perceive two tiers of risk, with technology
threats topping the list, followed by talent and environmental risk
• technology is also seen as a solution to rather than just a cause of risk
• business’ recognise that employees are critical to commercial success
• the probability of talent-related risks occurring, such as defection, is relatively high
• despite this, preparations to counter talent risk are relatively weak when
compared to other threats
Waking up to risk
Three fifths of UK businesses report that they have become more focused on risk in
the last three years.
Whilst more common than not, business continuity planning is far from universal. Just
two fifths of businesses with up to 10 staff have business continuity plans in place.
This rises to three fifths with 10-49 staff and four fifths in those with 50-249 staff.
Two reasons underlie this lower adoption rate amongst smaller businesses: a lack of
resources and a belief that the nature of risks faced doesn’t justify such a plan.
Those with business continuity plans keep them fresh with more than 75% of
businesses updating them in the last year. Plans are also kept effective with three
fifths having tested their plans in the last 12 months.
“Managers may feel they have all their
bases covered when it come to their own The two tiers of risk
Risks can be categorised into two groups: tier one and tier two – based on the level of
business continuity management, but in
concern they cause management. Of greatest concern is technology-related risk. 59%
a global economy few firms are insulated are concerned about IT systems failure, 46% worry about telecommunications system
from disruption. This means managers failure and 39% fear hacking attacks. Behind this come tier two risks:
need to work to ensure the complete Talent risk threats to a business’ talent pool, such as defection to competitors
value chain is not only resilient to or illness
disruption, but better placed than the Environmental risk threats posed by ‘acts of God’, such as natural disaster
competition to take advantage of others’ or adverse weather
failure to plan for the worst”
Lee Glendon, HEAD OF RESEARCH, The Business
Continuity Institute
6
7. preface landscape of risk Executive summary Waking up to risk weighing up the risk taking the risk A closing thought
Talent risk is slightly higher up the agenda than environmental risk but far behind
technology risk. For example, the most likely cause of permanent employee
loss – defection to other businesses – is of significant concern to just 29% of UK
management. This disconnects with the high probability of such events. The average
employee rates their job satisfaction at a lacklustre 6.6 out of 10. One in five are
actively considering moving job in the next 12 months.
Likewise, the CMI Business Continuity Management survey shows that disruption
caused by extreme weather is the most common risk event experienced by UK
businesses. However, just one quarter in our survey saw environmental risks such
as adverse weather or natural disasters as significant concerns.
Technology – a source of risk, but also a solution
Whilst technology is on the one hand, a source of risk, businesses acknowledge that
it serves to protect them against the more ‘traditional’ tier two risks.
Firstly, technology reduces the disruption from environmental events. One half of
businesses with continuity plans in place indicate that mobile technology forms a
prominent part of these. Two fifths report the same for remote access to IT systems.
Secondly, technology can mitigate talent risk. 50% of businesses believe that
access to flexible working have become more important in determining employee
satisfaction. Indeed, one fifth go so far as to name flexible working as one of the top
five determinants of employee satisfaction.
A closing thought - advice from the Institute of Risk Management
In their closing comment to this report, the Institute of Risk Management (IRM)
“Over the past 30 years we have seen the provides four pieces of advice to help you manage risk in your business:
way we organise our work and our lives
1. not all risks are obvious. Take a systematic look at events that might stop you
changing in response to new technology. achieving your objectives
This is going to continue. Each wave of 2. although some risks seem improbable, the event can happen. There are usually
steps that you can take to prepare for the worst
change brings both benefits and risks and 3. make solid business continuity plans for when things go wrong
we need to make sure we’re tackling the 4. make sure that you’re taking all steps possible to ensure things go right in the
first place
issues of today and tomorrow, rather than
yesterday. Even if we’re more comfortable Applying this philosophy requires skill in risk management but it also goes hand-in-hand
with general business excellence. Businesses that are good at managing their people,
with yesterday!” their systems and other aspects of what they do, tend to be good at managing their
risks too.
CAROLYN WILLIAMS, HEAD OF THOUGHT LEADERSHIP, THE
INSTITUTE OF RISK MANAGEMENT
7
8. preface landscape of risk Executive summary Waking up to risk weighing up the risk taking the risk A closing thought
Waking up to risk
AT A GLANCE
Recent years have seen a plethora of risks turn to reality.
1. The focus on risk is intensifying.
61% have become more focused The devastation that natural disaster can bring was painfully demonstrated in the
on risk in the past three years. 2004 Indian Ocean tsunami which claimed thousands of lives. The catastrophe which
ensues when natural and man-made disasters collide was seen in the Fukushima
2. This focus is coupled with nuclear meltdown triggered by a tsunami in 2011. And closer to home, the riots of
greater preparedness. 60% of
2011 damaged countless lives and businesses around the country.
mid-sized businesses (10-
49 employees) and 78% of
larger organisations (50-249 But risk is nothing new. Take financial risk as an example. Flick through history books
employees) have business and it’s a recurrent theme: the Dot Com Bubble (2000), the Great Depression (1929 –
continuity plans. late 1930s) and Tulip Mania (1637).
3. However, smaller businesses You’d think we would have learned our lessons long ago. However, it’s only in relatively
tend not to have such plans. recent times that businesses have begun to seriously address risk. The role of Chief
There are two reasons for this: Risk Officer (CRO) only became a formal position in 1993 with the appointment of
a lack of resources and a belief
James Lam as CRO at GE Capital1. And the first International Risk Management
that the nature of risks faced
don’t justify such planning. Standard – ISO 31000 – was published just three years ago in 2009.
We’ve slowly been waking up to risk and the focus is now intensifying. Our survey of
615 managers in UK businesses reveals that 61% have become more focused on risk
in the last three years. And not just focused, but prepared.
1 ‘Organizational Encounters with Risk’. Bridget Hutter and Michael Power. Cambridge University Press.
8
9. preface landscape of risk Executive summary Waking up to risk weighing up the risk taking the risk A closing thought
“Small businesses are much less likely to
have business continuity plans in place.
This might be understandable, especially
for small businesses, but it should also be
remembered that they account for nearly
60% of employment in the UK,
so a lot of livelihoods are at stake when
things go wrong.”
CAROLYN WILLIAMS, HEAD OF THOUGHT LEADERSHIP,
THE INSTITUTE OF RISK MANAGEMENT
ADOPTION OF BUSINESS CONTINUITY
PLANNING IN BUISNESS
Preparing for risk
Business continuity planning – the systematic identification of threats facing a
61% on risk
More focused
business and development of plans to recover should they occur – is now the norm
in last 3 years
in larger businesses. Nine in ten organisations with over 250 employees have business
continuity plans in place.
26% plans
Instigated
However, whilst more common than not, it is still far from universal. Just 43% of
businesses with less than 10 employees have such plans in place. This rises to 60%
in last 2 years
amongst those with 10-49 employees and 78% in those with 50-249 employees.
58%plans in last
Tested
Two reasons account for this lower rate of adoption.
12 months
One third of businesses (under 250 employees) without business continuity plans in
place feel they lack the resources to develop them. A similar proportion believes that
the nature of risks faced don’t justify a plan.
SIZE OF BUSINESSES THAT HAVE If current trends continue though, many will soon join the trend in larger companies.
CONTINUITY PLANS
26% of those with business continuity plans in place only instigated them in the last
two years. This echoes a study by the CMI which has tracked the adoption of such
78% plans over the last decade2. In 2010, 49% of UK businesses had continuity plans in
place. Just two years later, this figure has soared to 61%.
> 50-249
It’s also apparent that this planning is far from theoretical or a ‘tick box’ exercise.
employees
Plans are kept fresh. Of those in our survey with business continuity plans, three
quarters have updated them in the past 12 months. And they’re kept effective. Three
fifths have tested their business continuity plans in the last year. A further fifth have
43% done so within the last two years.
So risk has clearly shifted up the agenda in recent years and a new attitude seems
to be emerging: risk management is being taken increasingly seriously.
< 10 employees
But what exactly is it we’re so fearful of?
2 ‘Planning for the worst. The 2012 Business Continuity Management Survey’. Chartered Management Institute.
9
10. preface landscape of risk Executive summary Waking up to risk weighing up the risk taking the risk A closing thought
Weighing up the risk
AT A GLANCE
The risks facing businesses are varied. The IRM categorises them into four broad groups:
1. Risk falls into four categories:
financial, strategic, operational • financial risk, e.g. non-payment, cash flow issues
and hazard. Within this, • strategic risk, e.g. entry of a new competitor into the market
operational and hazard risks • operational risk, e.g. supply chain failure, loss of key employees
can be categorised as tier • hazard risk, e.g. natural events, health & safety incidents
one or tier two based on the
level of concern they cause
management. Not all of these risks are equal. They differ in the extent to which they can be mitigated
and their impact, should they occur. Importantly, they also differ in their probability.
2. Tier one risks are all According to the CMI, the five negative events most commonly experienced by UK
technology related. businesses in 2011 were operational or hazard-related:
3. Tier two risks are environmental • disruption from extreme weather (49%)
and talent related. • loss of IT systems (39%)
• loss of people (34%)
• loss of telecommunications (24%)
• industrial action (22%)
Of course, reality and perception don’t always concur, so in our survey of UK
management we wanted to explore which risks caused them greatest concern.
Their response suggests that, perceptually at least, risks fall into two categories:
tier one and tier two – based on the level of concern management attach to them.
Tier one: technology risk
UK businesses indicated that their biggest fears, their tier one risks, were
technology driven.
Of greatest concern is the failure of IT systems. Three fifths reported that this
was a significant concern. In a similar vein, telecommunications failure (46%),
the loss of confidential data (44%) and hacking attacks (39%) were also cited as
significant concerns.
This nervousness is understandable. Modern businesses are dependent on
technology. For example, in April 2011 Amazon hit the headlines as the cloud hosting
service it provides to other web businesses suffered a major, multi-day service failure3.
High profile customers including Foursquare and Hootsuite were left counting the
cost as they were unable to deliver their own services which rely upon Amazon’s cloud
infrastructure.
3 ‘Web chaos as Amazon cloud failure crashes major websites’. The Daily Mail, 22 April 2011.
10
11. preface landscape of risk Executive summary Waking up to risk weighing up the risk taking the risk A closing thought
top THREE OPERATIONAL RISKS BY
BUSINESSES However, not all technology risks are so highly prioritised. Only 19% of businesses see
smartphone theft as a significant concern. Smartphone viruses (12%) and tablet viruses
59% failure
IT systems
(13%) are also relatively minor concerns despite widespread use of these devices. The
majority (56%) now enable flexible working, often with a smartphone or tablet
component, for most employees. And with these devices holding or providing access to
commercially sensitive information, represents a real risk. It’s estimated that 100,000
46%
Telecommunications
mobile devices are lost on public transport every year4.
failure Tier two risks
Tier two risks are those which managers are less concerned about. Perhaps they’re seen
44of confidential
Loss
% as lower probability. Maybe their impact is believed to be less dramatic. Whatever the
reason, they’re on the periphery of the management risk radar.
data
Tier two risks come in two forms environmental risk and talent risk.
Environmental risk
In February 2009, it’s estimated that snow stranded up to 20% of the UK workforce
at home. The Federation of Small Business estimated the disruption cost the UK
economy up to £1.2 billion.
As 2009’s snowfall demonstrated, events in nature can have a significant impact on a
business. Pandemics, adverse weather and similar events can severely disrupt operations
and damage key facilities. Moreover, as the CMI’s study reveals, disruption caused by
extreme weather is the most common risk event experienced by UK businesses.
However, when taken alongside other risks, just one quarter of UK businesses in our
survey saw adverse weather as a significant concern. Perhaps because of the logistical
challenges a bigger workforce brings, larger organisations are more likely to express such
concerns than smaller businesses. Natural disasters cause a similar level of concern. One
third expressed significant concern about long-term damage to key facilities through
fire, flood or similar events. Slightly higher up the list is man-made destruction.
So environmental risk isn’t currently of widespread concern. As we’ll see shortly, this is
perhaps because businesses feel relatively well prepared to deal with such events.
4 Vodafone and The Ponemon Institute. June 2010.
11
12. preface landscape of risk Executive summary Waking up to risk weighing up the risk taking the risk A closing thought
THREE most commonly experienced
risk events
Talent risk
With the vast majority of our GDP being created by the service sector, the UK is without
49% weather
Extreme
doubt a people economy.
As the first report in the Perspective series ‘Exploring the Shift in Employee
Expectations’ highlighted, for the majority of businesses, getting the best employees
39of IT systems
Loss
% is central to their success. Indeed, eight in ten describe having the very best people as
not just desirable, but critical.
It is remarkable then that ‘talent risk’ isn’t at the top of the management agenda.
34of people
% Rather, it is of slightly greater focus than ‘environmental risk’ but far behind
Loss ‘technology risk’.
The most likely cause of permanent employee loss is defection to other businesses
which is of significant concern to just 29% of UK management. The most prevalent
temporary cause of employee loss is illness, be it regular or pandemic, sitting at 28%.
Another temporary disruptor, industrial action, is cited as a significant concern by only
17%. In the heavily unionised Public and Transport Sectors, this rises to 35% and 26%
respectively.
So despite talent being as critical, if not more critical to success as technology, it’s far
lower down the agenda. And although employee loss is far more probable than natural
disaster, in a risk context they’re of roughly equal concern.
Maybe the UK workforce is so motivated and loyal that employers have no reason to
be concerned?
Well, no. Our previous Perspective report on employee motivation shows that the
average employee rates their job satisfaction just 6.6 out of 10 and one quarter should
be actively considering moving job in the next 12 months.
12
13. The risk field Environmental risk
All may seem calm outside, but your organisation is under
constant threat. LEVEL OF CONCERN TO ORGANISATIONS
At any time a technological or environmental incident can strike. Damage to facilities
The rug can be pulled from underneath you by changes in the 36% through fire, flood
market like the emergence of a substitute product. Even your own
employees represent a risk either through acts of commission (e.g. Natural disasters
defection to competitors) or omission (e.g. negligence). 24%
Fear not though, with adequate defences such as regularly tested Adverse weather
business continuity plans, your threat can be significantly reduced.
23%
Talent risk
LEVEL OF CONCERN TO ORGANISATIONS
Technology risk Defection to other
29% organisations
LEVEL OF CONCERN TO ORGANISATIONS
28% Pandemic/illness
IT systems failure
59% Attack 17% Industrial action
Telecommunications
46% failure Attack Attack
Loss of confidential
44% data
Enemy within
Strategic risk Financial risk
involve insider
70% of data breaches
Of those with business negligence Of those with business
continuity plans: continuity plans:
involve
30% of incidents indicate mobile
% have updated them malicious acts
76 in the last year 52% technology forms
a prominent part
indicate remote access
have tested them IT systems forms
58% in the last year
44% toprominent part
a
The defences
SOURCE: CIRCLE RESEARCH 2011
13
14. preface landscape of risk Executive summary Waking up to risk weighing up the risk taking the risk A closing thought
Taking the risk
AT A GLANCE
So, where they do exist, do business continuity plans focus on the risks most feared?
1. Business continuity plans
generally reflect the relative The answer is mostly.
concern attached to risks.
Technology – a source of risk, but also a solution
2. An imbalance seems to exist in As one would expect, tier one technology risks have the most robust continuity plans
preparations for tier two risks.
in place to deal with them.
Talent risk is of higher probability
than environmental risk. Despite
this, businesses are better Nearly one half of those expressing concern about IT systems failure describe their
prepared for environmental plans to respond as “robust”. A similar proportion uses this phrase to describe
incidents than talent loss. preparations in relation to hacking and data loss or theft.
3. Technology also emerges as a Perhaps because of the expense of investing in contingency systems, smaller
solution too, as well as a source businesses, whilst relatively well prepared, are less confident than larger companies.
of risk. 52% indicate that mobile Just one third (33%) with fewer than 100 employees use the term “robust” to describe
technology form a prominent
their plans to deal with IT systems failure.
part of business continuity plans.
44% report the same for remote
access to IT systems. It’s also of note that whilst technology is on the one hand, a source of risk, businesses
acknowledge that it serves to protect them against the more ‘traditional’ tier two risks.
Firstly, technology reduces the level of disruption from environmental events like
adverse weather, civil unrest or pandemic.
Just over one half of businesses with business continuity plans in place indicate that
mobile technology forms a prominent part of these and two fifths report the same for
remote access to IT systems.
Secondly, technology can help mitigate talent risk.
One half of businesses believe that access to flexible working has become more
important in determining employee satisfaction. Indeed, one fifth go so far as to name
flexible working as one of the top five determinants of employee satisfaction.
14
15. preface landscape of risk Executive summary Waking up to risk weighing up the risk taking the risk A closing thought
Technology forms a prominent
part of business continuity plans Given this context it’s perhaps unsurprising that the majority (56%) now widely
enable flexible working.
52%technology
Mobile These employers also recognise the impact of flexible working on performance and
the bottom line. Flexible working is felt to create a more productive organisation
(57% cite as top five benefit), enable a more flexible workforce (50%) and generate
44% access to
Remote
cost savings by reducing the requirement for office space (54%). In other words,
flexible working is one risk that undoubtedly brings reward.
IT systems
Talent and environmental risk – an imbalanced response?
An interesting juxtaposition emerges when preparations for talent risk are contrasted
with those for environmental risk. The former has higher probability. Employees are
more likely to defect or become ill, than for freak weather to occur. Despite this,
businesses are better prepared for environmental incidents than talent loss.
Amongst those concerned about employee defection to competitors, only one in ten
have robust plans in place to respond to this. Three times that number describe their
preparations as weak. Likewise, a mere 12% feel prepared to respond to the loss of
several employees in one event; 40% admit plans are weak. Preparations to cope with
employee illness are somewhat better, but still lacking. 20% believe plans are robust,
whereas 24% weak.
Contrast this with preparations for environmental risk which seem far more solid:
• 37% describe plans for the loss of key facilities through fire, flood or similar
event as robust
• 33% feel well prepared to respond to natural disaster
• 24% claim the same for adverse weather
Perhaps it’s worth dusting off your own business continuity plans and asking whether
“The business continuity benefits of they reflect the most pressing risks to the future of your business?
allowing employees to work remotely don’t
usually feature highly in the decision to
implement flexible working. Its value as a
BCM strategy however becomes all too
obvious when people face difficulties
getting into work”
Roger McLoughlin, Business Continuity Manager,
Vodafone UK
15
16. preface landscape of risk Executive summary Waking up to risk weighing up the risk taking the risk A closing thought
Putting into practice: The Yearsley Group
Mitigating risk
The UK Federation of Small Businesses estimates that the heavy
snowfall at the beginning of February 2009 cost the country £1.2
billion, with one fifth of the workforce staying at home due to bad
weather. But for many it was business as usual thanks to a combination
of mobile phones, mobile broadband, email and plenty of ingenuity.
Even though most people were aware that snow was expected during the night of
Sunday 1 February, many were still astonished when they looked outside in the
morning to see the heaviest snowfall in 20 years.
Although disruptive, the wintry weather also revealed the UK to be a nation of
mobile workers, keen to get on with the job, without missing the opportunity for a
bit of fun and a snowball fight.
Ged Tod felt a shiver run up his spine as he stepped into his office that Monday
morning. As the IT Manager of The Yearsley Group, Ged is responsible for the
technology infrastructure that supports the logistics operations of his organisation,
which delivers frozen food to major retailers across the UK.
When he arrived for work, he discovered that three of his team were stranded at
home. “We rely on the technology in our delivery centres and lorries to track
deliveries and confirm delivery times. The bad weather could have had a
catastrophic impact on customer relations”.
Although many of the main roads in the country were open, even on the Monday
morning, there were inevitable delivery delays as drivers were held up getting to
work. Ged explains how technology helped put customers’ minds at ease. “All our
cabs are equipped with mobile phones and the lorries are fitted with GPS systems. It
meant that drivers and employees in our call centres could keep anxious retailers up
to date with the latest delivery times. Most of our customers were happy as long as
they had clear and accurate information about when the goods would arrive”.
Mobile technology also helped Ged manage his own team in Manchester. Two
developers and one member of the support staff were out of the office for most of
“Without this technology the week but used USB modem sticks to keep connected with colleagues. The
we could have lost close to absent member of the support team picked up helpdesk requests that could be
10 employee days that week”. dealt with remotely.
GED TOD, IT MANAGER, The Yearsley Group
16
17. preface landscape of risk Executive summary Waking up to risk weighing up the risk taking the risk A closing thought
A closing thought
from the
Institute of Risk Management
No business can exist without engaging with risk, for without risk there is no progress
and no reward. The future will inevitably bring more change and businesses need to
identify and address the risks that this will pose for them.
This report has put the spotlight on technology – the risks it brings and the solutions
that it provides – and also highlights the real, but sometimes underestimated, risks of
losing talented employees. It has also emphasised that businesses of all sizes will
need to become more resilient, with effective business continuity plans in place, to be
able to bounce back quickly from misfortune.
We believe that research like this is important because it draws attention to risk areas
that people may not have thought about fully before – they may believe that it can’t
happen to them (it can) or they may believe that there’s nothing they can usefully do
about it (but there usually is).
Once businesses start to think about what might happen, we recommend you take a
systematic and comprehensive look at risks across your business that might stop you
achieving your objectives. You should ensure that staff are suitably qualified and
experienced to help with this. As well as making business continuity plans for when
things go wrong, and using the most suitable technological tools and techniques
available to do this, there is also a lot that organisations can do to ensure things go
right in the first place. This requires skill in risk management but it also goes hand-in-
hand with general business excellence – businesses that are good at managing their
people, their systems and other aspects of what they do tend to be good at managing
their risks too.
17