In fact, they usually have the opposite effect, encouraging a checklist mentality that inhibits challenge and discussion. Managing strategy risks and external risks requires very different approaches. We start by examining how to identify and mitigate strategy risks. Which model is appropriate for a given firm depends largely on the context in which an organization operates.
Each approach requires quite different structures and roles for a risk-management function, but all three encourage employees to challenge existing assumptions and debate risk information. Some organizations—particularly those like JPL that push the envelope of technological innovation—face high intrinsic risk as they pursue long, complex, and expensive product-development projects.
But since much of the risk arises from coping with known laws of nature, the risk changes slowly over time. For these organizations, risk management can be handled at the project level. The experts ensure that evaluations of risk take place periodically throughout the product-development cycle. Because the risks are relatively unchanging, the review board needs to meet only once or twice a year, with the project leader and the head of the review board meeting quarterly. The meetings, both constructive and confrontational, are not intended to inhibit the project team from pursuing highly ambitious missions and designs.
But they force engineers to think in advance about how they will describe and defend their design decisions and whether they have sufficiently considered likely failures and defects. At JPL, the risk review board not only promotes vigorous debate about project risks but also has authority over budgets.
The board establishes cost and time reserves to be set aside for each project component according to its degree of innovativeness. The reserves ensure that when problems inevitably arise, the project team has access to the money and time needed to resolve them without jeopardizing the launch date. JPL takes the estimates seriously; projects have been deferred or canceled if funds were insufficient to cover recommended reserves. Many organizations, such as traditional energy and water utilities, operate in stable technological and market environments, with relatively predictable customer demand.
In these situations risks stem largely from seemingly unrelated operational choices across a complex organization that accumulate gradually and can remain hidden for a long time. Since no single staff group has the knowledge to perform operational-level risk management across diverse functions, firms may deploy a relatively small central risk-management group that collects information from operating managers.
We observed this model in action at Hydro One, the Canadian electricity company. Employees use an anonymous voting technology to rate each risk, on a scale of 1 to 5, in terms of its impact, the likelihood of occurrence, and the strength of existing controls. The rankings are discussed in the workshops, and employees are empowered to voice and debate their risk perceptions. Hydro One strengthens accountability by linking capital allocation and budgeting decisions to identified risks. The corporate-level capital-planning process allocates hundreds of millions of dollars, principally to projects that reduce risk effectively and efficiently.
At the annual capital allocation meeting, line managers have to defend their proposals in front of their peers and top executives. Managers want their projects to attract funding in the risk-based capital planning process, so they learn to overcome their bias to hide or minimize the risks in their areas of accountability. The financial services industry poses a unique challenge because of the volatile dynamics of asset markets and the potential impact of decisions made by decentralized traders and investment managers.
JP Morgan Private Bank adopted this model in , at the onset of the global financial crisis. Risk managers, embedded within the line organization, report to both line executives and a centralized, independent risk-management function. Risk managers assess how proposed trades affect the risk of the entire investment portfolio, not only under normal circumstances but also under times of extreme stress, when the correlations of returns across different asset classes escalate. Even if managers have a system that promotes rich discussions about risk, a second cognitive-behavioral trap awaits them.
Because many strategy risks and some external risks are quite predictable—even familiar—companies tend to label and compartmentalize them, especially along business function lines. The risks that companies face fall into three categories, each of which requires a different risk-management approach.
Preventable risks, arising from within an organization, are monitored and controlled through rules, values, and standard compliance tools. In contrast, strategy risks and external risks require distinct processes that encourage managers to openly discuss risks and find cost-effective ways to reduce the likelihood of risk events or mitigate their consequences.
Such organizational silos disperse both information and responsibility for effective risk management. They inhibit discussion of how different risks interact. Good risk discussions must be not only confrontational but also integrative. Businesses can be derailed by a combination of small events that reinforce one another in unanticipated ways. Managers can develop a companywide risk perspective by anchoring their discussions in strategic planning, the one integrative process that most well-run companies already have.
For example, Infosys, the Indian IT services company, generates risk discussions from the Balanced Scorecard, its management tool for strategy measurement and communication.
In looking at the goal and the performance metrics together, management realized that its strategy had introduced a new risk factor: client default. There is no doubt that will go down as a year to remember. While the Covid pandemic has had an enormous impact, the year has brought many challenges — from the forest fires in Australia at the beginning of the year to the Taal volcano eruption in the Philippines — followed by a long list of high- force hurricanes and widespread social unrest here in the US.
All of these have highlighted the reality of persistent, disruptive volatility. And there is no reason to think that volatility will decrease; in fact, it is only likely to increase. Extraordinary events are becoming the norm.
No individual or organization can predict specific risks. But organizations can and need to prepare for an uncertain and volatile future that includes climate change, technological disruption, geopolitical risk, threats to the global supply chain, and issues related to cyber-crime, data protection and privacy.
Your business has a valuable company resource; if an incident occurred in the organisation that impacted this resource, it may have a detrimental impact on the overall business processes and performance.
A business would apply the matrix to all risks identified in Step One. Identifying a course of action for each risk saves the company time, money, and physical resources. Workplace incidents can lead to major PR issues such as negative publicity and a distorted brand image. For example, AGL Energy faced a coal seam gas protest. In , people protested about the hydraulic fracking process AGL participated in. As a result, the company put on hold the development of 66 coal seam gas wells in Western Sydney.
When a business creates a risk management plan, it sends a positive message to stakeholders and the community. Employees feel confident they are working for a safe and responsible company and customers have assurance they are conducting business with a professional and proactive organisation.
Overall, risk management plans show that a company is reputable and holds itself to a high standard. Risk management plans are an effective, actionable process that will save you money, reduce the risk of a workplace injury, protect your business resources and enhance your brand image. Get in touch with BusinessBasics if your management team would like to discuss other ways to create a more productive and efficient workplace.
In many cases, they might be unable to accurately define risk management! This creates a problem. To illustrate the importance of risk, here are 10 reasons all employees should care about risk management.
We encourage you to share this with your team! Every organization faces risks. As most business people know well, sometimes risk is inevitable in order to achieve success. This is the opposite of the truth. The purpose of risk management is not to eliminate all risks.
It is to minimize the potential negative consequence of risks. By working with risk managers, employees can make smart risk decisions to improve the chance of reward. They actively seek out problem areas in the organization and look to address them. They use data analysis to identify loss and injury trends and implement strategies to prevent them from reoccurring..
This clearly benefits employees in physical work environments, such as construction, but can also help office employees and those in similar positions through methods such as ergonomics. A safer workplace is better for everyone and is dramatically impacted by risk management.
No matter the department, risk managers can help employees succeed with their projects. Just as they assess risks and develop strategies to maximize organizational success, they can do the same for individual projects.
0コメント