CERM® Risk Insights

Guest Post by Geary Sikich (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

Is Your Organization’s Planning Brittle?

Good intentions do not make for the creation of a robust/resilient organization.  Business Continuity plans, Disaster Recovery plans, Emergency Response plans, etc., that are standalone documents generally reflect good intentions – whether to meet regulatory requirements or to address governance.  I would have to say that this should be a wake-up call for executives in all industries.  We live in a complex and interdependent world.  Complex systems are full of interdependencies that are hard to detect.  The result is nonlinearity in responses to events, especially random events/shocks. 

The odds of rare events are simply not computable.  Model error swells when it comes to small probabilities.  The rarer the event; the less tractable, and the less we know about how frequent its occurrence. [Read more…]

Guest Post by Jim Kline (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

Predictable Surprises: The Volkswagen Story

A predictable surprise is a risk event that in some form is known within the organization. It is of a nature that if left unresolved, it could be costly.  But fixing the problem appears to have larger short run costs, than long term benefits.  The Volkswagen diesel emissions fraud is one such example. It also a case where the penalties imposed outweighed the short term costs. Moreover, had a risk assessment occurred at several points along the way, there might not have been a scandal.  [Read more…]

Guest Post by Geary Sikich (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

What is Collateral Risk? And Why Should We Be Worried About It?

Introduction

The Law Dictionary defines Collateral Risk as:

The RISK of loss arising from errors in the nature, quantity, pricing, or characteristics of COLLATERAL securing a transaction with CREDIT RISK.  Institutions that actively accept and deliver collateral and are unable to manage the process accurately are susceptible to loss.  A subcategory of PROCESS RISK. [Read more…]

Guest Post by James Kline (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

How a Cultural Audit Can Assist Risk Management

Introduction

An organization’s culture is an important determinant of its success or failure. This is because an organization’s culture is the combined effect of the employees’ underlying assumptions, beliefs, attitudes and expectations. Each can affect performance and adaptability.  A cultural assessment can help determine areas that can inhibit mission accomplishment. This article lists the different techniques used in conducting a cultural audit and indicates how it can help guide corrective action. [Read more…]

Guest Post by Malcolm Peart (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

Project Management: A risk to Product Delivery

Most of us are aware of the old saw “the operation was successful, but the patient died!” which has been around since 1829 and used to describe medical, as well as military and business failures.  There are many reasons for failure but is ‘over-management’ one of them? Can too much ‘project management’ be applied to the point that the aim of the project, i.e. the product, is compromised? [Read more…]

Guest Post by Geary Sikich (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

Rethinking Risk and Uncertainty

What is risk?  Think about it before you leap to answer.  Do we really know and understand risk?  Some facts to consider:

• Risk is not static, it is fluid.
• Risk probes for weaknesses to exploit.
• Risk, therefore, can only be temporarily mitigated and never really eliminated.
• Over time risk mitigation degrades and loses effectiveness as risk mutates, creating new risk realities.

Risk management requires that you constantly monitor recognized risks and continue to scan for new risks.  This process cannot be accomplished with a ‘one and done’ mindset.  Risk needs to be looked at in three dimensions and perhaps even four dimensions to begin to understand the “touchpoints” and aggregation of risk, potential to cascade, conflate and/or come to a confluence. [Read more…]

Guest Post by John Ayers (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

Lack of An ERM Policy is Risky

Background

A defense company I worked for wanted to get into the Sonobuoy business. At the time, one company dominated the market and usually received the largest share of the Navy contract.  A couple of other suppliers got the balance of the production quantity to keep it a competitive business.

My company developed a win strategy based on a ¼ scale prototype and purposely under bidding the competition. It worked. They won the largest piece of the production contract. [Read more…]

Guest Post by James K. Kline (first posted on CERM ® RISK INSIGHTS – reposted here with permission)Reputational Risk and ERM

Introduction

It is estimated that an organization’s reputation accounts for over a quarter of its market value. As such managing reputational risk has become an important issue for C-Suite members.  This piece examines the issues surrounding reputational risk and how an Enterprise Risk Management (ERM) approach can help manage this risk.  [Read more…]

Guest Post by Greg Carroll (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

In my 2013 book Mastering 21st Century Enterprise Risk Management: Firing Dated Practices | The Best Practice of ERM | Implementation Secrets I quipped “just as the Wild West of the 1890’s had disappeared without trace by the Roaring 1920s, so too will the business world of the 1990s, be long forgotten by the 2020s”.  Just 5 years on and not only has the world changed emphatically but the rate of change is accelerating. [Read more…]

Guest Post by Geary Sikich (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

Introduction

In the risk-neutral world, all business and government continuity planning would be risk-balanced. However, in reality, risks, threats, hazards and their consequences change depending on an organizations exposure, sensitivities to impact and other factors.  For instance, a natural disaster, can occur without much warning and can have direct and indirect impact on an organization.  Complicating the Business Continuity Planners life is a simple fact, events have unforeseen consequences that can rarely be planned for.

[Read more…]

Guest Post by Rod Farrar (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

I have often been asked to provide insight into the management of shared risks, particularly by those working in Commonwealth Government Departments.

Element 7 of the Commonwealth Risk Management Policy states that: each entity must implement arrangements to understand and contribute to the management of shared risks.  It goes onto to define shared risks as: those risks extending beyond a single entity which require shared oversight and management. Accountability and responsibility for the management of shared risks must include any risks that extend across entities and may involve other sectors, community, industry or other jurisdictions.

That might sound simple enough – but is it? [Read more…]

Heightened Awareness or Reactive, Backwards Looking?

Guest Post by Geary Sikich (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

From financial crises to energy catastrophes to earthquakes and threats of terrorism, we hear a lot about events that challenge our ability to identify and manage risk.  Unfortunately, some of the things that emerge from many of these events are reactive regulatory rules and requirements. [Read more…]

Guest Post by James J. Kline (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

In the Baldrige Excellence Framework the term “Intelligent Risk” appears.  It is defined as: “Opportunities for which the potential gain outweighs the potential harm or loss to your organization’s future success.”  This definition expresses a concern that risk might inhibit innovation. With the addition of Enterprise Risk Management to the 2017-18 Framework has a condition been created where two best business criteria, innovation and risk management, might cancel each other out? More basically, does Enterprise Risk Management (ERM) inhibit innovation related risk taking?

[Read more…]

Guest Post by James J. Kline (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

Introduction

In 2015, innovation was added to the Baldrige Excellence Framework.  While there is no doubt that innovation is important for an organization’s survival, a fundamental question is: How much does a quality improvement process, which is encouraged by the Baldrige Excellence Framework, contribute to innovation?  While there is no simple answer to this question, some indication can be seen in an examination of the focus of the quality improvement process and what happens to a company, with a reputation for innovation, when a quality improvement process is implemented. 

Such a company is Minnesota Mining and Manufacturing (3 M).  And, a June 11, 2007 article in Business Week, entitled: “3M’s Innovation Crisis: How Six Sigma Almost Smothered Its Idea Culture”, argued that Six Sigma inhibited 3M’s ability to innovate.  This piece discusses the 3M experience and the relationship between Six Sigma and Innovation.

[Read more…]