Special Case Studies in Risk Management: Online Course

case-studies-risk-managementThe new Risk and Insurance Management Society online course I promised earlier this year is now up and running. It is called Special Case Studies in Risk Management.  In this course, I give full length presentations on important aspects of running Enterprise Risk Management.

This online course offers fresh perspectives on the risk manager’s role in implementing and applying risk methods in organizational settings. Detailed investigation and case studies will allow participants to hone their skills.

There are two key objectives: One is to alleviate the frustration that comes with having theoretical knowledge while being unsure how to implement. The second is to add to one’s repertoire of risk methods to address different situations. This course continues our mission to provide professional development online courses to risk managers who must think outside of the conventions and take on an enterprise role, whether in the public or private sector.

Benefits: become the process leader to accomplish the following:

  • prepare for emerging risks;
  • test the organization’s long-term strategy and  resilience;
  • expand and enrich the planning discussion;
  • create a successful ERM implementation plan;
  • understand and apply change management and motivation principles;
  • apply attention to detail in the risk matrix/risk register;
  • maintain the quality and rigor of the risk ID/assessment process
  • craft innovative win-win contract terms in major projects;
  • use model solutions to select the best policy option, implement multiple risk assessments, and resolve contradictory stakeholder agendas.

Who Should take this Course?

  • chief risk officers and risk managers
  • analysts and program leads responsible for conducting risk assessment
  • strategic and program planners
  • those charged with establishing or improving the ERM program
  • public and private sectors (principles are transferable)

 

Program Outline
The program is presented in 5 modules; the course takes 10-15 hours to complete. Each module consists of:

  1. introductory video;
  2. narrated slide presentation in two parts;
  3. case study article illustrating the principles, with audio/pdf commentary;
  4. tool/template download to help you apply the concepts;
  5. online multiple choice test.

Includes a master references file. Materials are made available in pdf and mp3 formats.

Module 1: Future Scenarios Planning
Gives risk managers a method to help them identify emerging risks, and prepare for the advent of low-frequency/catastrophic impact events – Black Swan risks. Walks through a city agency’s planning example. Future scenarios planning is a highly imaginative, yet structured methodology to identify significant risk in the long view.

Scenarios project a range of possible outcomes and enable people to think about the future in different ways.
~P. le Roux, case study article

Module 2: How to Overcome ERM Resistance
Change initiatives crucial to organizational success fail 70% of the time (Miller, 2002, Journal of Change Management). Risk managers’ common difficulties include: where to start a risk assessment of the organization, and how to overcome ERM implementation challenges at operational level. Understand the bureaucratic side vs. the realistic side of your ERM program. Seize upon the factors that motivate people to ensure the take-up and sustainability of the ERM program. Detailed 40-minute narrated presentation.

Module 3: Review of Risk Registers and Risk Templates
Investigate details of solutions for risk matrix design and usage. Attention to detail to
maintain quality of risk methodology. Review the risk register, risk categories, risk ranking matrix and descriptors, and consequence frameworks. Includes 5 sample template pdf downloads. Case study article discusses pitfalls of compliance.

Module 4 Creative Contracts Case Study
This is a non-legalistic study of contract risk management. Walk through a detailed case study of a major project in the health care sector. Presenting a novel solution in the realm of public-private partnerships, the story tells of replicable methods to allocate risk appropriately, craft unique provisions in uncharted territory – and paper the deal. Supplementary articles present both sides of the P3 issue.

Module 5 Complex Contexts
Risk assessments never follow neat patterns. Gives participants practice in interpreting and mapping out the administrative mess, even to begin a risk ID. Uses models abstracted from real life situations in order to: repair defects in planning; select the best policy option; resolve contradictory agendas; harmonize multiple delivery channels, etc. Detailed presentation of 6+ complex contexts and their solutions.

Read More

Strategic Risk Assessment–1/6

2010-07-20 / How to do Risk Assessment / 2 Comments

This is a revised series on the risk manager’s role in planning and strategic risk assessment. Here I discuss risk methodology and establishing the organizational context, including a review of mission statement examples.

Risk Methodology: Techniques to Meet High Uncertainty

Rational planning and risk forecasting are no good — this is the message that Nassim Taleb has recently reiterated. He seems to want to be highly risk-averse in the face of black swan (low frequency, catastrophic consequence) events. But I don’t think rational planning needs to be so extremely discredited, and excessive risk aversion is not the answer.

Despite inaccuracies in forecasts and unpredictable events, we can’t give up planning altogether. Risk managers can use several complementary methods to approach strategic risk assessment. Notice how each of them does require planning, but reduces reliance on a precise forecast of events:

1. Business continuity and emergency planning, of course, strive for preparedness against disaster risk. An all-hazards approach efficiently protects mission-critical functions.

2. Innovation. I believe in the role of the risk manager as innovator to lead a culture of invention, adaptability and flexibility. This is the pro-active identification of opportunity, and supports strategic objectives.

3. High Quality Risk Assessment. We need to check the assumptions underlying conventional forecasting, modeling and probability estimates. High quality risk assessment means identifying risk comprehensively and rigorously within a properly defined context

4. Future scenario planning contemplates extreme yet plausible futures: we can develop options, and improve strategic resilience.

All of these methods start with an exercise in establishing the organizational context, in terms of what I call Strategic Identity.

Strategic Identity

This is a diagram to help define the essence of an organization, as a preliminary step to planning and risk assessment. Notice that objectives do not appear in the model, because they are means to pursue the vision and will vary to suit circumstances.

Mission and Vision

Mission is the reason for being of an enterprise, public or private, describing how the organization is answering a need.

Consider the first few in this list of Fortune 500 mission statements examples.

Many mission statements use hyperbole and vague language (“the best…” “the most progressive…”). The mission statement for Aflac near the top of that page, for example, is a little too vague; it could almost apply to any business. It also states “aggressive strategic marketing” – which is a method towards an end, not the end itself, and so has no place in the mission.

Compare it with the one for Advanced Auto Parts, at the very top of that same page. That mission statement includes mention of the client group, the service staff and the nature of the products and services (“inspire, educate and problem-solve”) in terms that are recognizable and verifiable – without being actual performance measures, and without limiting the methods and delivery channels the firm might use to achieve those things. In other words, a good mission statement will galvanize and focus action, but not limit it.

Distinct from Mission is Vision, which is an eventual outcome, a picture of a future state towards which the organization is striving. If I were to invent one for Advanced Auto Parts, I could say: “A satisfied, diverse, extensive and well-informed clientele enthusiastically engaged with the firm as loyal clients, interested students, business partners and participants in our programs.” I just made this up on the spot, but I tried to make each element of the vision something fairly concrete to strive towards in one or another aspect of the business; it also describes a desired end state.

In the next post I’ll talk about the other elements of Strategic Identity.

Read More

Risk Scenario Analysis

2010-06-17 / How to do Risk Assessment / 0 Comments

It is ironic that future scenario analysis, developed famously by Royal Dutch Shell, was not used when it should have been in that very same industry. AP reported on May 06 that:

“…a site-specific exploration plan filed by BP in February 2009 stated that it was “not required” to file “a scenario for a potential blowout” of the Deepwater well.”

Risk and international business managers could take a close look at risk scenario planning as a way to grapple with black swan risk, defined here in the Barnes and Noble synopsis of Nassim Nicholas Taleb’s book:

“an event, positive or negative, that is deemed improbable yet causes massive consequences.”

Doesn’t that definition, by the way, assume that you were able to at least identify the risk before deeming it improbable? Perhaps the true black swan risk is the one that broadsides you altogether. In any case, the value in future scenario planning is that it sidesteps the necessity to predict. It does not depend upon forecasting.

We all know business continuity scenarios are not like conventional risk management, not only because they deal specifically with disaster and emergency risk, but also because they focus on mission-critical functions, and often take an all-hazards approach. There will be significant areas of overlap in plans to address several different perils.

Similarly, risk scenario analysis is interested in resilience, and starts from a consideration of a core mission. You define the trends with the most significant influence upon that mission, and then create extreme – but plausible – scenarios. The advantage is that you are not relying on one narrow prediction or forecast. You have instead rich scenarios that present conditions that challenge your organization’s survival in different ways.

The team can then plan pre-event treatment, and adjust its plans to meet difficult conditions in something like an all hazards approach.

Risk practitioners point out another advantage to future scenario analysis. It permits a freer discussion than is normally held to identify essential business functions, assets at risk, types of threats, and the longevity and relevance of the organization’s very mission. For example, if the team determines that, in three out of four future scenarios, shifts in industry practice, business models and technology would likely render the core business obsolete, they might well re-evaluate their strategic direction.

I have put in a proposal to RIMS to develop another risk assessment online course [update: Creating Value: Risk Manager as Innovator — up and running], in which I would include a module on risk scenario analysis, using the future scenario planning model.

Read More