The Changing Role of the Risk Manager

2013-07-26 / Uncategorized / No Comment

In the RIMS 2012 report “The Evolving Role of the Risk Professional”, recommendations included that risk managers view risk in a new way that “builds internal alliances, and enhances the strategic decision-making capability”; this in turn would require “specialized communication and technical skills”. According to a Deloitte study, however, risk professionals are still perceived as working in silos, addressing risk in a fragmented manner using limited skill sets. This post examines the multiple effects of Enterprise Risk Management upon the risk manager’s conceptual and technical competencies.

The Definition of Risk
The definitions of risk given in the standards (e.g., ISO, COSO, AS/NZ) give the basis of my argument. They connect risk directly with organizational goals and objectives. In a broad sense, these definitions have implied the expansion of risk management beyond the conventional scope of corporate finance/audit and commercial insurance. The latter are specialties within a wider process of planning and management. Consequent new aspects of the risk management function — 6 specific roles — are discussed next. Read the rest of this entry »

Read More

Hidden Strategic Risk

2013-07-24 / How to do Risk Assessment / No Comment

strategic riskHow is it that strategic risk assessment misses the obvious?  I have often encountered a paradox whereby the most fundamental risks, although right out in the open, were not recognized as such.

How to Identify Strategic Risk
First, the basic process: As discussed in previous posts, strategic risk assessment should be a structured review of goals, objectives and corporate values, as expressed in a plan. Risk assessment benefits from a multi-disciplinary round table. A mature planning practice produces a coherent schedule of intended action for review. The risk lens brings to light the things that may prevent the successful execution of the plan.

Tracing through all stages of the plan, ask the question: What could hinder or prevent the accomplishment of this particular objective?; or, What could compromise the safeguarding of this professional value? In the broadest analysis, it is a matter of identifying phenomena that call into question the strategic direction, approach to a project, or feasibility of a program. The mitigation of such risk involves action on the same scale: to shift the planned direction; to build up one aspect of the business; to attenuate another.

But there is always some unique twist in a risk assessment… Read the rest of this entry »

Tags:
Read More

Systemic Risk – Challenging Assumptions

2013-05-19 / How to do Risk Assessment, Management Innovation, Social, Economic and Financial Risk / No Comment

Risk managers, ideally, contribute to long range planning and analysis. They can cause planners and modellers to recast their assumptions. In a recent workshop, participants and I were discussing risk assessment of the firm’s strategic plan. Risk managers must consider wider systemic risk that could undermine the organization. They must also manage emerging risk on a longer time horizon.

On the issue of strategic risk, I first draw the reader’s attention to my 6-part series in which I discussed high quality risk assessment and future scenarios; strategic identity; stakeholders; and environmental scan. The essential point in that series is that risk assessment should be part of a complete research and planning process, incorporating methods to deal with “black swan” risks and high uncertainty.

In this post, I want to elaborate on the idea of risk managers questioning assumptions that typically go unchallenged. Risk managers can help broaden the range of discussion that informs corporate direction.

Read the rest of this entry »

Tags: , ,
Read More

Reprint – Risk Analysis for Tough Issues

2013-01-12 / Uncategorized / No Comment

Edward Robertson-article-risk-management-magazineThe Economist’s risk management study in 2010 found that there is a continuing perception of risk management as: “…support function staffed with narrowly focused specialists, such as business continuity planners, insurance buyers, or health and safety officers…” (Fall guys – risk management in the front line). Then Forbes/Deloitte reported in 2012 that a significant sector of corporate employees are “unaware of what they need to do concerning risk”. (Aftershock: adjusting to the new world of risk management).

Back December 2006 I published an article with Risk Management Magazine. It is relevant to the question of broadening the risk manager’s role to bring risk assessment to strategic planning and policy. I wouldn’t change a word of it today.

Read the rest of this entry »

Read More

Definitions: ERM and Risk Assessment – Part 2/2

2012-11-27 / Uncategorized / No Comment

definition enterprise risk management risk assessmentIn this second post, I give my proposed definition of both Enterprise Risk Management and Risk Assessment.  They are not a reflection of the actual usage of the terms; instead, they are recommendations for what the terms should denote:

Definition of Enterprise Risk Management

Enterprise Risk Management: A distributed process of risk assessment applied to strategy and operations, in all domains, in support of corporate goals and values.
Read the rest of this entry »

Read More

Definitions: ERM and Risk Assessment – Part 1/2

2012-11-25 / How to do Risk Assessment, How to Implement ERM / No Comment

definition enterprise risk management, risk assessment Enterprise Risk Management is a relatively young discipline. There is no universal agreement on what it really consists of. In some of the academic literature, the definition is assumed. Authors don’t bother with it, and yet actual practice of what people call ERM is varied.

I want to give a critique of some of the definitions of Enterprise Risk Management having currency in management discourse, and then propose my own definition of ERM. Standards such as ISO or AS/NZ 4360 do not define or even contain the term Enterprise Risk Management. But they do define risk itself consistently as being associated with the organization’s goals and objectives.

Read the rest of this entry »

Tags: , ,
Read More

ERM Case Study – Part 5/5

2012-11-20 / Uncategorized / No Comment

Entrepreneurial universityHere are links (some not appearing in previous posts) germane to the case study of Enterprise Risk Management implementation at Camosun College.
RESOURCES AND REFERENCES
CAMOSUN BACKGROUND
New Employee Manual
President’s Welcome Message

Read the rest of this entry »

Read More

ERM Case Sudy – Part 4/5

2012-11-13 / Uncategorized / No Comment

Entrepreneurial universitySo far in this series of posts, we have seen the genesis of the ERM program in the decision by the Board of Governors; the project team’s review of background materials; and the decision to begin with a trial risk assessment applied to the strategic plan. Now we consider how ERM was developed and rolled out to the rest of the organization.

DEVELOPMENT OF ERM PRACTICE
Conclusions Drawn from Initial Risk Review
The trial risk assessment of the strategic plan yielded a risk register addressing all the main strategic objectives. The plans for mitigation developed by the executive were, for example, to adjust program…

Read the rest of this entry »

Read More
« Older Entries