CERM® Risk Insights

Just think of all the changes occurring in your organization. New regulations. Changing customers with new product preferences. New competitive product offerings. New technologies. New branding. New business platforms. New business models. Compressed lifecycles. Change is no longer gradual. Change is rapid and abrupt.

Supply Chain Risk Management (SCRM) is being able to adapt to disruptive changes occurring in supply chains, management, and even all professions (quality, engineering, supply management, etc.). As well, we believe general management is evolving into risk management.

A few years ago, we believed competitiveness was the supply chain paradigm buster.  We even wrote in Supply Management Strategies: 

“Capitalism, competitiveness, dot.com profitability, and innovation are today’s paradigm busters. They are what drive today’s New Economy. Capitalism is triumphant in almost every activity in every corner of the world. National boundaries are disappearing as goods and services move freely. Competitiveness and innovation are continually destroying the current business paradigm. Just as a business feels it has found its niche and understands what is going on, supply management and sourcing rules change again.” [Read more…]

Guest Post by Joseph Paris (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

The date is September 15, 2008.  The crisis in subprime mortgages had been going on for a little over a year.  It was triggered in the last half of 2006 when house prices began to fall as the housing bubble in the United States burst.  This caused those who had taken NINJA (No Income, No Job, or Assets) loans to buy their home, with the expectation that prices were going to increase five per-cent year on year forever, to default.  This accelerated the decline in home prices which, in turn, accelerated the number of defaults – a financial and economic death spiral had formed.

[Read more…]

Guest Post by James Kline (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

In 2015 the Office of Management and Budget (OMB) issued Circular A-123.  It requires all federal agencies to implement Enterprise Risk Management (ERM). ERM is a methodology which allows an organization to, in a systematic manner, identify, prioritize and reduce the adverse impact of risks events, such as fraud, cyber-attacks, mismanagement, and natural disasters, that could prevent the organization from accomplishing its mission and objectives.

For the past several years federal agencies have been surveyed to determine the extent of the ERM implementation. This article reviews the results of the past four years. [Read more…]

Guest Post by Malcolm Peart (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

In our aging societies with a work force ranging from Baby Boomers through Generation Xers to Millennials the ‘D-Word’ may summon up images of stoical sergeant-major types shouting and barking and removing any freedom of thought or act.  Discipline is variously defined but it is generally understood to be ‘the ‘training that produces orderliness, obedience and self control to follow rules‘ and, operatively, if rules are broken ‘chastising or punishing‘.  . [Read more…]

Guest Post by Joseph Paris (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

Transformation… I am hearing more and more talk about how companies are seeking to transform themselves, or that they are launching a transformation initiative.  And as expected, there is the corresponding increase in transformation conferences, symposia, articles and books.

But what is “transformation”? [Read more…]

All organizations regardless if they are public or private, for profit or not for profit, large or small face uncertainty.  Uncertainty results in risks.  More organizations will face uncertainty in the design, implementation, and assurance of their Quality Management System (QMS), Environmental Management System (EMS), Information Security Management System (ISMS), and most ISO management systems.  The critical organizational challenge over the next decade is how organizations will address and treat the risks that result from the uncertainty.  ISO 31000:2018 was developed to address this growing uncertainty. [Read more…]

Guest Post by Malcolm Peart (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

Can we really manage risk, or do we delude ourselves by going through the prescribed activities of ‘risk management’ giving the illusion that it’s happening?  Is risk management merely a hypocritical ritual and applying some science to fate through statistical mumbo-jumbo, decision trees, and quantitative analyses? [Read more…]

Guest Post by James Kline (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

I am a Senior member of ASQ, a quality professional association. I have two ASQ certifications. One, the Manager of Quality and Organizational Excellence (MQ/OE), is the highest general certification ASQ offers.  The other is a Six Sigma Green Belt (SSGB).  Over the past year or so, I have become concerned about the viability of ASQ.  Some friends now liken ASQ to a Moose Lodges.  While some lodges are still around, they are pretty much relics of earlier generations. 

With the publication of the ISO 9001:2015 certification figures for 2017, the concern increased.  This article looks at this issue and what the ISO 9001:2015 figures say about the disruptive environment ASQ faces. [Read more…]

Guest Post by John Ayers (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

Risk Based Informed Decision Making (RIDM) has a risk assessment as input as well as social and other benefits residual risks. This data or information empowers the person to make an informed decision. This following is an example of RIDM. [Read more…]

Guest Post by John Ayers (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

Enterprise Risk Management (ERM) is a relatively new concept. It is a top down approach to business system management and execution. It is designed to identify potential events and risks that can impact the organization. There are 3 levels to ERM. These are: Enterprise Level; Program/Project Level; and Product level. This paper explains the differences between the program and project level. [Read more…]

Guest Post by Malcolm Peart (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

KISS, “Keep It Simple, Stupid” is a US Navy principle from the 1960’s advocating that systems function best if they are kept simple rather than made complicated and that unnecessary complexity should be avoided.

In our politically correct world ‘stupid’ is often taken as an insult and ‘keep it short and simple’ or ‘small and simple’ is often substituted.  ‘Stupid’ is not an insult, it’s a warning!  It takes a bright person to keep things simple, particularly when it’s easier to have a complex mess under the guise of sophistication.  Projects inevitably become complicated as they develop which increases the risk of potential failings.

Keeping things simple can improve the chances of success and simplicity is best achieved during the project planning before execution takes place; or after wild enthusiasm has waned. [Read more…]

Guest Post by John Ayers (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

This story is about risk at the enterprise program/project level.  Design is based on primarily requirements and assumptions.  Meeting requirements is usually achievable if they are complete and clear. Soft or poorly written requirements are the source of cost and schedule growth for many projects. Assumptions made during the analysis or design phase if wrong are also a source of poor project performance. This story is one example of a bad assumption. [Read more…]

Guest Post by James Kline (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

In other pieces the Lloyd’s of London City Risk and the Natural Hazard Mitigation Saves studies were discussed.  It was noted that both studies provide an assessment of the costs associated with the adverse impact of risk events.  The Natural Hazard study focused on natural Hazards, while the Lloyd’s study incorporates both man-made and natural hazard risk events. 

This piece will examine the policy recommendations made by the Organization for Economic Cooperation and Development (OECD) for managing Critical Risks and its relationship to ISO 31000:2018. [Read more…]

Guest Post by Geary Sikich (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

Imagine that your plan has been implemented as it was designed.  You and your organization carried out the plan following every detail that was contained in the planning documents.  Your plan has failed.  That is all you know.  Your plan failed.  Now your challenge and that of your planning team is to explain why they think that the plan failed.  You must determine how much contrary evidence (information) was explained away based on the theory that the plan you developed will succeed if you implement the steps required to respond to a disruption of your business operations. [Read more…]

Guest Post by Malcolm Peart (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

“Communication failure” is an often cited reason for project failure or cancellation.  All too often it is only recognised after the fact even though ‘poor communication’ will almost inevitably have been included on the risk register.

Communication is the transfer (and receipt) of the right data, information and knowledge to the right party(s), at the right time, in the right place, and in the right medium.  Information provides the power to make the decisions that are needed to make a project successful and resolve and overcome difficulties.

Effective and efficient communication allows the right decisions to be made and the correct action to be taken.  However, the conscious or unconscious spreading of misinformation is miscommunication and has the opposite effect. [Read more…]