Programmatic vs. Project Level of Risk

Guest Post by John Ayers (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

Enterprise Risk Management (ERM) is a relatively new concept. It is a top down approach to business system management and execution. It is designed to identify potential events and risks that can impact the organization. There are 3 levels to ERM. These are: Enterprise Level; Program/Project Level; and Product level. This paper explains the differences between the program and project level. [Read more…]

KISS: A Principle for Proper Project Planning

Guest Post by Malcolm Peart (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

KISS, “Keep It Simple, Stupid” is a US Navy principle from the 1960’s advocating that systems function best if they are kept simple rather than made complicated and that unnecessary complexity should be avoided.

In our politically correct world ‘stupid’ is often taken as an insult and ‘keep it short and simple’ or ‘small and simple’ is often substituted.  ‘Stupid’ is not an insult, it’s a warning!  It takes a bright person to keep things simple, particularly when it’s easier to have a complex mess under the guise of sophistication.  Projects inevitably become complicated as they develop which increases the risk of potential failings.

Keeping things simple can improve the chances of success and simplicity is best achieved during the project planning before execution takes place; or after wild enthusiasm has waned. [Read more…]

Design Assumption Risks

Guest Post by John Ayers (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

This story is about risk at the enterprise program/project level.  Design is based on primarily requirements and assumptions.  Meeting requirements is usually achievable if they are complete and clear. Soft or poorly written requirements are the source of cost and schedule growth for many projects. Assumptions made during the analysis or design phase if wrong are also a source of poor project performance. This story is one example of a bad assumption. [Read more…]

Critical Risks and Enterprise Risk Management

Guest Post by James Kline (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

In other pieces the Lloyd’s of London City Risk and the Natural Hazard Mitigation Saves studies were discussed.  It was noted that both studies provide an assessment of the costs associated with the adverse impact of risk events.  The Natural Hazard study focused on natural Hazards, while the Lloyd’s study incorporates both man-made and natural hazard risk events. 

This piece will examine the policy recommendations made by the Organization for Economic Cooperation and Development (OECD) for managing Critical Risks and its relationship to ISO 31000:2018. [Read more…]

Validating Business Continuity Plans Using Failure Point Exercise Methodology

Guest Post by Geary Sikich (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

Imagine that your plan has been implemented as it was designed.  You and your organization carried out the plan following every detail that was contained in the planning documents.  Your plan has failed.  That is all you know.  Your plan failed.  Now your challenge and that of your planning team is to explain why they think that the plan failed.  You must determine how much contrary evidence (information) was explained away based on the theory that the plan you developed will succeed if you implement the steps required to respond to a disruption of your business operations. [Read more…]

Communication Failure: What to do?

Guest Post by Malcolm Peart (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

“Communication failure” is an often cited reason for project failure or cancellation.  All too often it is only recognised after the fact even though ‘poor communication’ will almost inevitably have been included on the risk register.

Communication is the transfer (and receipt) of the right data, information and knowledge to the right party(s), at the right time, in the right place, and in the right medium.  Information provides the power to make the decisions that are needed to make a project successful and resolve and overcome difficulties.

Effective and efficient communication allows the right decisions to be made and the correct action to be taken.  However, the conscious or unconscious spreading of misinformation is miscommunication and has the opposite effect. [Read more…]

US Climate Change Assessment

Guest Post by James Kline (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

In November 2018, the U.S. Global Change Research Program issued Volume II of the Fourth National Climate Assessment Report.  Volume I was issued in 2017.  It deals with the science behind global change.  Volume II deals with the impact of global warming on natural environment, agriculture, energy production, human welfare, and societal impact.  This article discusses the assessments made in Volume II. [Read more…]

Was BP’s Catastrophe in the Gulf a Defining Moment for the Oil Industry?

Guest Post by Geary Sikich (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

1. Introduction

The BP Deepwater Horizon catastrophe cast a shadow on the oil industry and its senior executives.  Has the industry learned its lessons or will it be forced to repeat the same mistakes over and over again? Oil company executives and board members should have seen the Deepwater Horizon event is as a wake-up call for the industry. [Read more…]

Entering a New Market Gone Wrong

Guest Post by John Ayers (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

This risk story includes risk at the enterprise level, the program/project level, and the product level.  From the enterprise level risk, it was a little naïve on my company’s part to think they could go from zero not having manufactured any sonobuoys previously) to full up production the first time around without investing the time and finances to go up the learning curve prior to making the bid.  From the program/product level risk viewpoint, the baseline plan did not include sufficient component and subassembly trial builds and testing before finalizing the concept, preliminary design and final design. [Read more…]

Political Risk and Enterprise Risk Management

Guest Post by James Kline (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

Former Secretary of State Condoleezza Rice PhD.  and Amy B. Zegart PhD.  have written a book called Political Risk: How Businesses and Organizations Can Anticipate Global Insecurity.   It has received good reviews.  Having read the book, I would concur.  It is an important book for those concerned with the increasing volatility and associated risk of the global economy. This piece discusses the relationship between Political Risk and Enterprise Risk Management (ERM). [Read more…]

Ugly Communications

Guest Post by Malcolm Peart (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

Good communication; the effective and efficient issue and receipt of the right information, by the right parties, at the right time, and in the right medium allowing both timely responses and decisions.  It’s easy on paper and in theory but oftentimes the ‘noise’ in the communication channels are blamed for ‘bad’ communication. [Read more…]

Risk Modeling and Business Continuity

Guest Post by Geary Sikich (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

Risk modeling is a useful tool for business continuity managers, but over-reliance and flawed approaches can create difficulties.  

Introduction

Fundamental uncertainties derive from our fragmentary understanding of risk and complex system dynamics and interdependencies. Abundant stochastic variation in risk parameters further exacerbates the ability to clearly assess uncertainties. [Read more…]

Supply Chain Cyber Risk Management

Cyber security risk is among the most critical risks to the supply chain:

“Cyber and data privacy breaches are perceived to be the largest threat to the stability of transport and logistics, with the sector facing potential breaches of $2 trillion by 2019.”[i]

The reality of a cyber-crime is not if, but when, and how damaging it will  be.  The inevitability of a cyber-attack has forced end-product manufacturers to reassess every element of the end-product manufacturer from product design, outsourcing, and servicing the product. [Read more…]

Lessons Learned: Seldom Remembered: Soon Forgotten

Guest Post by Malcolm Peart (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

Something on the Project goes wrong and is fixed – “Let’s put this down for lessons learned” goes the management mantra.  But was this experience just a failing that should not have happened in the first place and relearning a previously taught, but now forgotten, ‘lesson’?

If we don’t learn then the same mistakes will be made and possible opportunities will be missed and, as Edmund Burke the 18th Century Irish Statesman said, “Those who don’t know history are destined to repeat it“.  But why do we forget our lessons?  Abe Lincoln said “Lessons not learned in blood are soon forgotten” reflecting that loss in some form such as money, property, or reputation, not necessarily blood, is needed to ensure that memory is ingrained and can be recalled.

Lessons that are remembered after the fact tend to add insult to injury; when you’re up to your neck in alligators you then remember that distant lesson about draining the swamp! [Read more…]

Guest Post by James Kline (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

City Risk Index and ERM

Recently, Lloyd’s of London in conjunction with the University of Cambridge Center for Risk Studies, published the results of their global risk analysis.  Lloyd’s document is entitled “Lloyd’s City Risk Index: Executive Summary”.  Cambridge has entitled theirs “Cambridge Global Risk Outlook 2017”.   This is their second risk assessment.  The first was published in 2004.

The index is a ten-year projection based on twenty-two threats to 300 hundred of the world’s leading cities.  The 300 cities account for half of the world’s Gross Domestic Product (GDP).  This piece discusses the results of the study and its implication for the application of Enterprise Risk Management (ERM). [Read more…]