Report on ERM Sessions – On Site

Risk Management Workshop On Site

Since January I have conducted on site both a custom-designed session on ERM, as well as the RIMS workshop Enterprise Risk Management – Developing and Implementing. Some participants have followed up by taking the new CRM-E (enterprise) risk manager’s online exam, based on the text. These sessions took place in Winnipeg, Calgary, and Edmonton.

Registrants were responsible for rolling out an improved risk management function, either for their own organizations (both public and private) or for clients. As preparation, I had participants make notes on their own contexts. Foundation principles are necessary, but I was intent upon getting these people “up and running”, using their own current risk management challenges as study material.

Risk Identification in Real Time

This is a risky way to proceed, because some find it enough just to absorb the core materials. Others want guidance, but feel reluctant to share their stories. Yet, in these sessions, the mere exercise of writing and presenting to the group a short context paper – defining the scope of the risk ID exercise – drew people in. We proceeded to formulate risk statements, and record them in a multi-column risk register template, for each context in turn.

This is the part of the engagement in which I demonstrate the process and give tips. Attention to detail, such as making sure to formulate risks properly, helps guarantee the quality of the information. Every one of us, as meeting chairs or facilitators, will have to sort through the complexity of the business and frame the risk discussion. When working with client materials, I can show how to carefully trace through the context, and make sure planning goals are clear. I suggest how to identify risk comprehensively by using risk categories. Participants are then able to formulate risks cogently, in a consistent format, according to guidelines.

From Perceived Risk to Real Risk

Consider the example of financial services and investment functions. They will have policy and principles (P&P) in place. That fact alone might satisfy a superficial risk analysis. Upon closer investigation, the applicability of the P&P to all situations is challenged. The degree of compliance, and the problem of measuring it, is scrutinized. The very quality of compliance, people’s motives, and deeper risks masked by a mechanical check-box approach, are revealed.

Similarly, an asset acquisition or strategic investment will be fraught with challenges. To do a structured risk identification, instead of treating uncertainties in a random way, captures the issues. Care must be taken to challenge merely perceived risk and arrive at the  pressing issue needing management attention.

In one example, a complex field operation in a technical domain, we progressed from ‘stop work orders’ to ‘workplace injury’, and finally to ‘declining resources leading to audit fatigue’. In other words, we persisted beyond the first impression – the apparent risk – to go upstream in the chain of cause and effect. We identified the correct risk to manage all the downstream effects. A request for funding to improve field audit will be a likely mitigation measure.

On site workshop participants will always have a range of experience and a variety of objectives in attending sessions. I try to meet expectations by following this agenda:

1. present core materials;
2. deliver generic risk management tools and templates;
3. lead participants through real work examples; and
4. review the CRM-E exam material.

My next sessions are scheduled for Ottawa, Toronto, and Regina. Here again is the link to the RIMS workshop information and registration page.

In the next posts (May 15, 17, and 21) I will give a report on comments from online course participants, and reflect on creativity and critical thinking in risk management.

If you enjoyed this post, make sure you subscribe to my RSS feed!

Leave a Reply

Name required

Mail (will not be published) required