Managing Risk for Opportunity

advertisement
Managing Risk for Opportunity
Managing Risk for Opportunity


In the absence of certainty, the only way to maintain potentiality is to
focus on excellent execution and demonstrable resilience at the same
time whilst taking as much acceptable risk as is reasonably possible
(Peter Bernstein, Against the Gods, The Remarkable Story of Risk)
Managing Risk for Opportunity

Enterprise risk management (ERM) deals with the management
of uncertainty, risk and opportunity towards the achievement of
company goals and objectives. ERM overarches risk
management specialisms.

Risk Management specialisms and associated systems deal with
technically specific methods of actually treating risks. For
example: credit risk, business continuity, IT etc

Policy without practice has no teeth.

Process drives practice.
Strategic Elephants

Enterprise Risk Management:





Objectives and Obstacles,
Views upside as well as downside risks,
Is where strategic and operational risks, as well as financial and
hazard risks are collectively viewed,
Sets policy with regard to:
 Risk Appetite,
 Risk management criteria,
 Resources to be applied to the treatment of risks,
Overarches all risk management specialisms,
Strategic Elephants
1.
Risk strategy is owned by the Board, not by management.
Management owns execution.
2.
Both directors and management require knowledge of
obstacles, understanding of variables, certainty of compliance
and clarity are mission critical to good management where
uncertainty prevails,
3.
Financial and hazard risks are now mastered. Danger remains
within however they are now part of the mainstream
professional management organisation. We need to apply the
same rigor to the management of strategic and operational
risks.
Strategic Elephants
4.
In the presence of growing uncertainty, strategic and operational
risks as well as residual financial and hazard risks require a
clearly defined, well understood, people engaging and rigorously
applied process management approach characterised by:





Standard language, terms and definitions,
Standard ERM framework, principals and risk management
process,
Standard methodology for estimating probabilities and impacts
which releases us from the limitations, and excesses, of
perception,
Standard convention for assessing return on risk management
effort,
Clarity.
Standard ERM Framework,
Principals and Risk Management Process
(Source ISO 31000 (Risk Management Draft also note ANZ 4360)
Clarity
Initial Risk Map
Initial Risk Map
10
9
10
9
7
5
3
8
6
2
4
8
Probability
7
6
5
4
3
2
1
1
2
3
4
5
Consequence / Impact
6
7
8
9
10
1
Clarity
Residual Risk Map
Residual
Initial Risk
RiskMap
Map
10
9
8
Probability
Likelihoo
7
6
5
3
2
1
7
4
5
3
2
4
10
9
1
2
8
6
1
3
4
5
Consequence / Impact
6
7
8
9
10
The Business Case for ERM

The question arises: ‘how credible is the
measurement of initial and residual risks and
also the associated projected improvement in
risk management performance’.

If the initial and residual risk maps are
believed then it is clear that the case for the
projected return on risk management effort
will have been made.
Measurement : General

Measurement requires a:



Start point,
Finish Point,
Units of measures in between.

Process driven ERM methodology

International Standard and common language

Project management approach:
Project Management Approach

Scoping risk treatments…improvements in planning, controls, infrastructure,
supply chain, communications, training, preparedness, resilience etc.

Identification of required actions and expected outcomes,

Project planning and costing,

Performance of people who are assigned measurable tasks,

Project performance monitoring (deliverables, milestones, gateways),

Project communications,

Measurement based return on effort …achievement of desired improvement
in risk performance as illustrated in the projected variances between the initial
and residual risk maps.
Measurement:
Estimating Probability and Impact
Probability requires:






Identified events, which occur
In large numbers are
Spread, are
Independent in their occurrences, and are
Directly comparable

Hazard risks are insurable,

Financial risks are treated through the use of financial instruments
which over time are becoming more sophisticated and reliable.

Strategic and operational risks, by and large, fit neither because:


Insufficient frequency data,
Events which have multiple variables and interconnections not treatable
using conventional instruments,
Magnificent 7
for ERM
Without measurement you are a candidate for CFIT (controlled flight into terrain).

Risk Committee: Board owns risk strategy, management owns execution,

Align with international best practice (ISO and ANZ 4360) and international professional
body guidance's: use one universal language, and process,

Remove the fudge and adopt project management methods for monitoring, reporting and
communicating key information to the risk committee.

Consider stakeholders, establish risk appetite and risk management criteria,

Synthesise obstacles to objectives ,

Decide on risk treatments and repeat the synthesis to get new probability and impact
estimates for residual risk,

Compare the two risk maps for return on effort to reducing obstacles to objectives
Managing Risk for Opportunity

The return on Risk is Profit!

Risk is OK….once we know about it, have
measured it and are treating it.

ERM successfully embedded gives comfort to
all Stakeholders

ERM is a journey…you can set out tomorrow
Managing Risk for Opportunity

A final line from Mark Twain

“ It ain’t what you don’t know that gets you
into trouble; its what you know for sure that
just ain’t so!”

Thank You.
Download