Extended Enterprise Risk
advertisement
Extended Enterprise Risk Managing Risk in Complex 21st Century Organisations Recording of this session via any media type is strictly prohibited. Page 1 • Richard Anderson Chairman, Institute of Risk Management • Carolyn Williams Technical Director, Institute of Risk Management Recording of this session via any media type is strictly prohibited. Page 2 What to Expect • An introduction to the Institute of Risk Management • The context of the Institute’s thought leadership work • An overview of the Institute’s current work on managing risk in complex organisations • Some ideas on how to understand and approach your own complex organisation Recording of this session via any media type is strictly prohibited. Page 3 “Are you a charlatan?” "someone who professes knowledge or expertise that they do not have" Recording of this session via any media type is strictly prohibited. Page 4 What does a good risk manager need? Technical knowledge • RM frameworks and processes, standards, techniques etc Sector knowledge • Context and best practice RM in your sector Professional knowledge • How other business functions operate and how RM interacts with them Organisational knowledge • How your own organisation works, culture Self knowledge • Communication skills, influencing, negotiating, questioning…. Recording of this session via any media type is strictly prohibited. Page 5 IRM Thought Leadership Focus Enterprise risk management o Professional competence, qualifications and training o Emerging and potentially widespread risk o Interface between risk management and other disciplines o Recording of this session via any media type is strictly prohibited. Page 6 IRM Thought Leadership 2011 2013 2012 2014 Recording of this session via any media type is strictly prohibited. 2012 2014 Page 7 IRM Thought Leadership 2014 Recording of this session via any media type is strictly prohibited. 2012 2014 Page 8 Recording of this session via any media type is strictly prohibited. Page 9 Joint endeavour Outcomes Multiple Economic and Social Environments Recording of this session via any media type is strictly prohibited. Page 10 Supplier 1 Regulator Sub contractor Supplier 2 Joint endeavour Labour Customer Supplier 3 Outcomes Principal contractor Regulator Agents Multiple Economic and Social Environments Cloud IT provider Sub contractor Customer Government Recording of this session via any media type is strictly prohibited. Page 11 Supplier 1 Regulator Sub contractor Supplier 2 Joint endeavour Labour Customer Supplier 3 Outcomes Principal contractor Regulator Agents Multiple Economic and Social Environments Cloud IT provider Sub contractor Customer Government Recording of this session via any media type is strictly prohibited. Page 12 Supplier 1 Regulator Sub contractor Supplier 2 Joint endeavour Labour Customer Supplier 3 Outcomes Principal contractor Regulator Agents Multiple Economic and Social Environments Cloud IT provider Sub contractor Customer Government Recording of this session via any media type is strictly prohibited. Page 13 Recording of this session via any media type is strictly prohibited. Page 14 Recording of this session via any media type is strictly prohibited. Page 15 Complex systems A complex system is one in which even knowing everything there is to know about the system is not sufficient to predict precisely what will happen. Complex systems cannot be controlled – only influenced. Simple systems behave more like complex systems when under stress. Recording of this session via any media type is strictly prohibited. Page 16 © 2012 Centre for Health Enterprise 16 A complex system….. Recording of this session via any media type is strictly prohibited. Page 17 External Environment Public Gov Depts Extended Enterprise Suppliers 18 Customers Finance Media Strategy HR IT Professional & industry bodies Enterprise Operations Commercial Marketing & Sales Procurement Recording of this session via any media type is strictly prohibited. Page 18 VUCA! Uncertainty Volatility Chaos & Paradox Complexity Ambiguity Paradox: not susceptible to logical analysis Recording of this session via any media type is strictly prohibited. Page 19 © 2012 Centre for Health Enterprise 19 Managing in a world of complex risks “Cunning plans” have no place in managing complex risks Look for knowledge: either elsewhere or develop it yourselves Ground esoteric research in the fine detail of what you need for your organisation Leverage the expertise of others Share the risks and rewards Recording of this session via any media type is strictly prohibited. Page 20 Single enterprise or joint endeavour? Recording of this session via any media type is strictly prohibited. Page 21 Recording of this session via any media type is strictly prohibited. Page 22 Creating order from disparate parts of the Risk Management world to be found in any organisation, let alone multiple organisations… Recording of this session via any media type is strictly prohibited. Page 23 The Social Dynamics of the extended enterprise Joint endeavour Relative Power Extent of Shared Values Outcomes Multiple Economic and Social Environments Recording of this session via any media type is strictly prohibited. Page 24 What can we manage? Recording of this session via any media type is strictly prohibited. Page 25 Recording of this session via any media type is strictly prohibited. Page 26 Recording of this session via any media type is strictly prohibited. Page 27 Recording of this session via any media type is strictly prohibited. Page 28 Recording of this session via any media type is strictly prohibited. Page 29 Assurance and the risk manager Scale of the problem: • Simple Them Complex Nature of the issue • Operational Strategic Approach • Tools for Risk Management Conversations in risk Recording of this session via any media type is strictly prohibited. Page 30 Two RM disciplines that need to be “extended” throughout the EE Risk Appetite and Tolerance Risk Culture Recording of this session via any media type is strictly prohibited. Page 31 Risk Appetite Level Propensity to take risk Propensity to exercise control Risk Taking Exercising Control Escalation Tactical Project/ Operational Stakeholder Value Delegation Strategic Measurement Risk Metrics Control Metrics Recording of this session via any media type is strictly prohibited. Page 32 So what does this mean in practice? B Time t1 D A B Time t0 Time t1 B Time t0 C t1 C Appetite Tolerance t0 t1 D A Performance Where you might get to if everything goes wrong Performance t0 Performance Performance Performance A Risk Universe Current direction of travel for performance Where you might get to if everything goes right t0 Time t1 Recording of this session via any media type is strictly prohibited. Page 33 Six components Risk Appetite Board Reporting External Risk Based Alignment Assurance Sources Measurement Governance model Risk and Control Key Data 5 Control 4 SH/H Val 6 Risk Taking Maturity Segments Geography Risks Strategy Business Context Risk Capability Capacity 1 3 Internal 2 Recording of this session via any media type is strictly prohibited. Page 34 Risk Data Recording of this session via any media type is strictly prohibited. Page 35 Risk Capability A function of 1. Capacity (how much you can carry?); and 2. Maturity (how much can your people cope?) Recording of this session via any media type is strictly prohibited. Page 36 IRM Risk Culture Framework Risk Culture Organisational Culture Behaviours Personal Ethics Personal Predisposition to Risk IRM’s risk culture framework looks at component parts making up an organisation’s risk culture • How will I react? • How will I respond in recognition of other competing needs? • What will I do? • What will we do? • Our overall risk culture Recording of this session via any media type is strictly prohibited. Page 37 Risk culture aspects model Risk Culture Risk Skills Competency Risk Resources Reward Decisions Informed Risk Decisions Transparency Governance Accountability Dealing with Bad News Risk Leadership Tone at the Top Recording of this session via any media type is strictly prohibited. With thanks to Alex Hindson Page 38 Leadership in complex systems Tasks & ideas Be Courageous Be Curious Be Clear Relationships & behaviours Embrace uncertainty Adopt open enquiring mindset Distribute leadership & decisions Draw on widely diverse perspectives Establish compelling vision Go out of your way to make connections Invest in promoting values Recording of this session via any media type is strictly prohibited. Page 39 © 2012 Centre for Health Enterprise 39 Conversations in risk management EE Partners CEO Back Office You Suppliers IP owner Clients Recording of this session via any media type is strictly prohibited. Page 40 Management campaign Take Stock Target Operating Model Gap Analysis Rules of engagement Action Shortfalls from Desired outcomes Governance Information sharing Risk Management TOM Route map to achievement Address information asymmetries Next steps Implement Check Implement Check Implement Check Assurance Confirmation Harvest benefits Share lessons Desired Outcomes Participants Common Purpose Relative Power Roles Values Rewards Culture Appetite Recording of this session via any media type is strictly prohibited. Page 41 Some questions for the board • • • • • • How complex is our business operating model? What additional risks does complexity pose? Do we understand the risk tolerance associated with the complexity? How do we manage these risks? How do we get helpful risk information? How do we get sufficient assurance on our risk management investment? Recording of this session via any media type is strictly prohibited. Page 42 I passionately believe that we can make uncertain futures much more manageable... This means that we must work with our organisations to reimagine how they manage themselves, to make sure that they know where they are on important matters and to be confident that they know how to address uncertain futures. We use our knowledge, skills and experience, combined with proven tools, techniques and approaches, which we leave behind for them to carry on using long after we have finished, to transform their business. As a consequence they will face the future with more familiarity, they will feel more confident about their current position and they will be organised to go forward into these uncertain futures. Recording of this session via any media type is strictly prohibited. Page 43 The bottom line Risk Management should be the disruptive intelligence that pierces perfect-place arrogance Recording of this session via any media type is strictly prohibited. Page 44 Next steps • • Consultation document available May 2014 Final version to be published September 2014 • • • Executive summary/overview/questions for the board Concepts, governance and assurance Practical tools, techniques and case studies Recording of this session via any media type is strictly prohibited. Page 45 Extended enterprise: Managing risk in complex 21st Century organisations o o o o o o o o o Complex systems analysis Shared value models Innovation Standards and assurance Changing models in the public sector Leadership v management Risk management competencies IT and the cloud Communication and governance Recording of this session via any media type is strictly prohibited. Page 46 For more information: www.theirm.org richard.anderson@theirm.org carolyn.williams@theirm.org Recording of this session via any media type is strictly prohibited. Page 47 Please complete the session survey on the RIMS14 mobile application. Recording of this session via any media type is strictly prohibited. Page 48
