Skip to content

Reflections On Risk Management

October 6, 2008

The theme of IACCM’s Europe, Middle East and Africa conference, held in London September 22nd – 24th, was risk. It was a timely issue, given the status of world markets and the melt-down of one of the (supposedly) most risk-governed and regulated industries.

At the behest of senior members of IACCM, our thrust was not traditional ‘risk management’, but rather the challenge of balancing risk and opportunity.

Many risk specialists become so absorbed with their field of expertise that they overlook the wider risks that can be created when we see things through a distorted lens. Every transaction that we undertake entails some risk. It is prudent to protect against this. But the challenge is to decide what level of prudence is required. At what point does prudence turn to unwarranted caution, causing us to lose healthy and profitable business?

The conference sought to explore some of the fundamental issues of probability, consequence and oucome that are fundamental to good risk management. Today’s speed of change and market volatility, together with the dramatic shift in areas such as reputational risk, have generated a sensitivity to risk that encourages increased review and approval, more governance and potential regulation.

Yet as the conference established, these instincts are in themselves extremely risky. The speed of change will not reduce. Reputation risk will not go away. The real point is that we must learn to adapt our attitudes and our systems to cope with the new world, not to confront or fight it.  So we need to adjust and develop innovative risk management techniques that equip us for the future, rather than the past.

The techniques that were revealed at the conference were many and varied. Certainly, better use of technology (to collect, share and analyze data) was one key element – after all, networked technology lies at the root of this new world, so it must also be part of the answer.  Specialist applications, such as contract management software, are part of the solution, but just as important is the need to focus on more holistic and integrated systems that support data flows across the business – for example, the link of risk management into CRM (customer relationship management ) or SRM (supplier relationship management) systems. These must be futher supplemented by powerful analytical tools, such as those coming from organizations such as Synaptic Decisions or Alliantist.

But automation alone will clearly not offer the quality of judgment that is inherent to good risk management. So designing a management system that causes focus on the right things and enables the right discussions is also key to any solution. The conference sessions that addressed this need ranged from those of simplification (BT’s review and approval systems, P&Gs dramatically reduced contracts), to better integration and analysis (Rolls-Royce on commercial innovation, State of Flux on relationship segmentation), to enabling collaboration (Cisco’s “gateway” initiatives, QinetiQ’s learning from PPP and PFI contracting techniques).

In the end, improved risk and opportunity management depend on a limited number of relatively simple steps – but as always, it is getting started and making the transition that is tough. A new risk regime demands collaboration across specialist groups, which means management must support (or demand) a new shared service delivery system. Specialists must adopt common language and common tools, to make the risk process seamless (as responsible risk managers they should themselves be powerful advocates for this improvement).

Once the structure is in place (and IACCM has developed a model for this), it needs clear goals and a shared sense of purpose, which must be based on corporate strategies and objectives (too often, risk assessment seems detached from the wider goals of the organization). And a key aspect of the measurement of success must be that the new organization enables high quality local decisions as close as possible to the market, wihout abandoning proper control and transparency.

To operate at acceptable levels of cost, the central service group will need to look not only at automation and empowerment, but also at the use of low-cost resources. Risk maagement has a strong reliance upon rules and these can be communicated (though many experts resist that communication for fear that others will no longer need them). Good risk management also depends on consolidation of data – the ability to observe frequencies and to monitor portfolios. This points to the value of centralized resources, suh as managed help desks, as a component of the answer. Outsourcing and offshoring can cut costs and increase quality through the ability to bring talented resources to areas such as bsusiness support, analytics and the performance of repetitive tasks such as document management, storage etc.

 So if things are so simple, why are they not already in place? A major challenge is of course the issue of power, influence and perceived job security. The natural tendency of most people in large organizations is to emphasize ways in which their particular area of responsibility is distinct and different and requiring unique skills or knowledge. This encourages fragmentation, not integration. As an example, just take the world of contracts and relationships. In most organizations, there will be specialist groups covering distribution channels, alliances, outsourcing, strategic partners, IT, OEM …. Rather than recognize that core skills are the same and that business benefit will be gained by consolidation, they allow unnecessary diversity and inconsistency. Learning and experience are lost. Flexibility is lost. The ability to undertake effective and proactive risk management is lost.

It is not that we do not need specialism. It is rather that we must have specialism integrated into mainstream activity to ensure a more seamless process. This must focus more on portfolio management and the management of change than on the current obsession with transactions. By creating the right framework for risk, we can contain the number of risky situations and also be faster and more consistent in handling individual opportunities.

 

So ironically, risk specialists are often the cause of major risks occuring. Unless management forces a more integrated view and places matching levels of accountability, we will see many more instances of companies and business sectors imploding through their inability to see the woord for the trees.

That, in essence, was the theme of the IACCM conference. And its participants left wih a clear message about the need and opportunity for real change.

Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: