“Solving the Enterprise Risk Management Puzzle: Secrets to Successful Implementation” and companion volume “Enterprise Risk Management Tools and Templates” have been selected as course texts for Laval University’s ERM course ASR-4004 Gestion intégrée des risques en entreprise.
According to the text, controls are used to assess whether the organization’s actions are the ones expected; to check that the organization’s processes are functioning as intended. Originally connected with detecting errors and fraud, they are now related to organization’s goals, financial reporting and compliance.
Read the rest of this entry »
In my last post on Lean Manufacturing, I said that there was a broader agenda at stake — namely, the survival of firms in the era of the decline of western manufacturing. Consultant Bill Chambless expresses a similar thought in his book Quantum Profits. He posits that the mastering of short-run customized production is the key to economic recovery.
Should risk managers delve into Lean Manufacturing, or similar methods, at all? One of the key themes in this blog is the necessity for risk managers to expand their view and gain a seat at the planning table. It is only natural, after implementing risk assessment methods, to feel that one might add value by seeking better productivity.
There is a broader agenda here. The very survival of manufacturing and service industries is continually challenged, and the opportunities for gains are immense, both in administrative and industrial processes.
Planning and Innovation – Small-Medium Sized Enterprise
I am Planning and Innovation Lead for a small-medium sized enterprise in specialty metals manufacturing. Read the rest of this entry »
In the RIMS 2012 report “The Evolving Role of the Risk Professional”, recommendations included that risk managers view risk in a new way that “builds internal alliances, and enhances the strategic decision-making capability”; this in turn would require “specialized communication and technical skills”. According to a Deloitte study, however, risk professionals are still perceived as working in silos, using limited skill sets. This post examines the risk manager’s required competencies.
The Definition of Risk
The definitions of risk given in the standards (e.g., ISO, COSO, AS/NZ) give the basis of my argument. They connect risk with organizational goals and objectives. These definitions imply the expansion of risk management beyond the conventional scope of corporate finance/audit and commercial insurance. New aspects of the risk management function — 6 specific roles — are discussed next. Read the rest of this entry »
How to Identify Strategic Risk
First, the basic process: As discussed in previous posts, strategic risk assessment should be a review of goals, objectives and corporate values, as expressed in a plan. Risk assessment benefits from a multi-disciplinary round table reviewing the schedule of intended action. The risk lens brings to light the things that may prevent the successful execution of the plan.
Tracing through all stages of the plan, ask the question: What could hinder or prevent the accomplishment of this particular objective?; or, What could compromise the safeguarding of this professional value? In the broadest analysis, it is a matter of identifying phenomena that call into question the strategic direction, approach to a project, or feasibility of a program. The mitigation of such risk involves action on the same scale: to shift the planned direction; to build up one aspect of the business; to attenuate another.
But there is always some unique twist in a risk assessment… Read the rest of this entry »
Risk managers should contribute to long range planning and analysis. They can cause planners and modellers to recast their assumptions. In a recent workshop, participants and I were discussing risk assessment of the firm’s strategic plan, and considered wider systemic risk and emerging risk, that could undermine the organization.
On the issue of strategic risk, I first draw the reader’s attention to my 6-part series in which I discussed high quality risk assessment and future scenarios; strategic identity; stakeholders; and environmental scan. The essential point in that series is that risk assessment should be part of a complete research and planning process, including methods to deal with “black swan” risks and high uncertainty.
In this post, I want to elaborate on the idea of risk managers questioning assumptions that typically go unchallenged.
The Economist’s risk management study in 2010 found that there is a continuing perception of risk management as: “…support function staffed with narrowly focused specialists, such as business continuity planners, insurance buyers, or health and safety officers…” (Fall guys – risk management in the front line). Then Forbes/Deloitte reported in 2012 that a significant sector of corporate employees are “unaware of what they need to do concerning risk”. (Aftershock: adjusting to the new world of risk management).
Back December 2006 I published an article with Risk Management Magazine. It is relevant to the question of broadening the risk manager’s role to bring risk assessment to strategic planning and policy. I wouldn’t change a word of it today.