Risk Managers – Are you away from your desk enough?

This is the longer version of an article I had published by Strategic Risk Magazine recently which can be found here: Strategic risk article

A few years ago I was asked by Strategic Risk Magazine to record a short video on what I would like to see change and improve in the Risk Management Profession. Having reviewed the video in the last few days I wanted to see if it was still relevant (Hint: yes it is! now more than ever!) Since I recorded the video, we have all gone through a Pandemic that has lasted 2 years and had a major impact on businesses, countries and societies globally. The video can be watched here:

During these last couple of years, aside from the crisis meetings focused on survival, we have seen organisations focus on restructures, new strategies and business models changing. Amongst other things, digital technology adoption and transformation initiatives have been accelerated. These are all areas where risk managers and risk departments should thrive, providing added value support for decision-making.

Unfortunately, this has not always been the case. Whilst I have seen Risk Mangers being brought to the top table for their insights and support during the pandemic I have also (and far too often) seen Risk Management (and therefore the risk managers) being cast aside or forgotten about for these important decision making meetings and initiatives. I therefore believe, now more than ever, that the suggestions in my video are even more relevant than before. So what are the key suggestions? Of course this is not an exhaustive list, however here are the three areas I discuss, all of which requires the risk manager to wander away from the comforts of their office desk.

Getting a seat at the top table

Risk Management / the Risk Manager needs a seat at the top table. If Risk Management isn’t featuring in decision making at the top levels, then what is the worth of having a risk management program? The Question is how do risk managers get invited?

As a first step, risk managers should be knocking on the door and asking for an invite. It is surprising how often this works. Assuming this doesn’t work then its important to catch their attention by demonstrating value. 

During filming of “Risk Managers Getting Coffee” a question I often asked the guests was “What makes a great risk manager… what do you look for when recruiting for such a role?” The overwhelming answer was always around the soft skills. Communication, relationship building, adaptability, strategic mindset and a salesman-like ability to sell risk management. Whilst quantitative analysis skills, industry knowledge and company knowledge featured in the answers, they were always second to the important soft skills. These skills play a key role in being able to demonstrate the value of risk.

The risk manager needs to Identify influencers and allies who they may be able to approach to get an invitation in the first place. Failing an invitation, at the very least, it may give them a heads up as to when those important meetings are happening (This doesn’t need to be senior leadership meetings but it could be important innovation meetings, digital transformation meetings, project meetings etc). It also gives risk managers a starting point for relationship building in order to develop trust and an understanding of the value that risk management can bring them.

In order to demonstrate true value, the risk manager first needs to understand what is important to their senior executives and learn to speak their language. If the risk manager can understand what is close to their heart, such as a pet project or initiative, it’s a great starting point to offer help or support. And what does support look like?

There are numerous ways a risk manager can add value to senior executives. One way is simply meeting their team and discussing risks to the initiative/decision/project with the team and reporting this back to support decision making. Other approaches include optimising insurance programs, offering solutions to risks or running quantitative risk analysis. Quantitative risk analysis (QRA) can be tricky as it would require information and more time with their teams which may not be an option, however, where possible, then providing QRA data (in a digestible and visual format) will be something that decision makers will not be used to seeing and will usually leave a lasting impression, and with it, an invitation to the top table thereafter.

Its important to point out at this time that a senior exec is unlikely to be impressed if the risk manager only comes to them with roadblocks, negative risks or doom and gloom. Therefore it would be wise to consider opportunities and solutions to the risks or indeed what the deviations (both positive and negative) to the objectives may be when reporting back.

Gain Staff buy-in

Whilst proving value to top management and gaining their support is vital, equally as important is ensuring that the wider staff are on board. They are being asked to identify risk. They are asking to take time out of their jobs to support a risk management program that they often don’t understand, don’t see the value of, or don’t receive feedback from. It is therefore important to focus on communication. If people take their time to identify risk in their departments then the risk manager better make sure that they receive a proper thanks along with feedback on how their risks are supporting decision making or being escalated and used at the highest levels. This can be achieved by producing newsletters, creating (interesting and visual) annual risk reports, undertaking roadshows, creating videos, or getting away from the desk and meeting people on an individual basis daily.

Whether it be department managers or individual staff members, its important for the risk manager to understand what motivates them and again requires the risk manager to get out into the business and talk to people to understand their concerns about the risk management process as well as getting to know how busy they are (and at what times of the year they are most busy), the challenges in their job role, the challenges to their objectives, what motivates them (money, exposure to senior management, recognition etc). . This one-on-one time can be used sell risk management but also use another important risk manager skill, listening. These discussions alone already set the risk manager up with:

• identified risks (without the need for the staff members to go through a boring form or formal process and offering a great starting point for them)
• an understanding of the time-consuming or frustrating aspects of the ERM program that could be improved as well as how they like to receive information (detail vs visual for example)
• a good idea of how staff can be supported better to either avoid busy periods or receive additional support
• the opportunity to explain why risk management is important and how it might help them and their departments.
• a starting point for developing incentives and motivations for identifying risk and developing a positive risk culture

Risk Culture

Without the right risk culture in an organisation there is a good chance that even the best designed risk management program will fail. Risk Culture is the combination of values, attitudes and behaviours within an organisation in relation to risk management. This creates the foundations of an organisations approach to risk as it affects all risk decisions and ultimately the delivery of business objectives.

Building a positive risk culture takes time and effort. There is a large amount of work that needs to go into developing a positive risk culture which can take up several articles in itself however we will highlight a few of the key areas. We already discussed the importance of obtaining buy-in from the top as well as from all other staff in the organisation. In addition to this, developing a positive risk culture requires extensive training and hearts and minds sessions as well as constant communication to ensure an organisation-wide understanding of risk management and its benefits.

This requires the risk manager to be visible, approachable and an ally to the business. The following is a list of areas where the risk manager should be actively involved and will be the subject of a separate article that will go into further details.

Training

Risk Management Training forms a fundamental part of developing a positive risk culture. It is not only the technical aspects of the training but the hearts and minds.

Risk Workshops

The Risk Manager needs to act as a support to the organisation when it comes to identifying risks. Identifying risks consistently doesn’t happen overnight Facilitating risk workshops on behalf of departments can help them ease into the process.

Risk Champions

Risk champions can be a powerful tool in an organisation with few staff in a risk department. The risk champions, with the right training and understanding of the framework, along with the right personality and engagement, can act as culture builders in their own departments or functions.

This brings me back to the fact that the risk manager needs to be away from their desk more often than not and ask the right questions. They need to be seeing their risk champions, understanding what will motivate them.

Read more information about educating risk champions and building a successful champions network)

VIDEO CONTENT – Read about the Risk Culture Conversations and WATCH the videos here

Soft Skills of a Risk Manager and the Covid challenge

Essentially, what Risk Managers need to focus on, in order to take the risk profession forward, is their soft skills such as presentations skills, listening, speaking the language of staff, diplomacy and collaboration to name a few. Communication is ultimately key. Getting away from the desk and out into the business and communicating their aspirations and asking the right questions of staff to better develop a risk framework that fits in with their schedules and type of work and actually starts to add value to them. 

But, this is not as easy when the organisation and its staff are dispersed. As we have seen this past couple of years, COVID has altered the way we work. Overcoming this obstacle is where another key skill comes into play: creativity.

If there are concerns about social distancing and not being able to meet one-to-one, or in groups in the office, then think differently. There are a number of alternatives that might work, such as holding outdoor meetings, investigating and using new technologies, hosting highly interactive and visual virtual meetings and workshops and/or adding risk as a regular agenda item in weekly team meetings and ensure that you attend as many as you can.

As we continue to navigate through the crisis, let us lean on our soft skills to better leverage the technical skills we, or other team members may have, to improve risk management now and into the future.

The Battle of Bannockburn – A Risk Perspective

By Alexander Larsen

How Risk Management played a key part in Robert the Bruce’s Battle Strategy

The 1314 Battle of Bannockburn is one of the most important battles in Scottish history, where the Scots, led by Robert the Bruce, defeated the English under Edward II in the First War of Scottish Independence. The Scottish victory was highly unexpected as the Scots were not only significantly outnumbered by the English but were also out skilled and had less weaponry available. This case study will look at how the Battle of Bannockburn is relevant to factors in Risk Management and how the Scots managed to turn risks into rewards in order to claim victory.

The Battle

The English army, was, at the time, amongst the most professional and well trained armies in Europe with vast experience of battles, of which they never lost, and morale was high. Historians estimate their troop numbers at 20,000 whilst the Scottish army had 5,000. To give an idea of the difference in numbers, the English had 2,000 heavily armoured horsemen whilst the Scots had 500 who were only lightly armoured. The King pulled his English army from various places across Europe, including recruiting Irish and Welsh soldiers, in order to finally defeat the Scots and take over Scotland.

The battle took place on hilly ground which included marshland, hills, streams and bumps. The Scots positioned themselves between the castle (in the north) and the English (in the south), from where the English would launch their attack.

Whilst the English King held back behind his army, Robert the Bruce led from the front. An English Knight,  Sir Henry de Bohun, spotted the opportunity to finish the battle before it had even started (and gaining glory in the process) by killing Robert the Bruce in a one on one battle. 

Henry with his lance and heavily armoured horse raced towards Robert’s position. Robert saw this and rather than flee behind his front line, he decided to attack the knight. Whilst not as well armoured, Robert was less restricted and his movement managed to avoid the Lance whilst quickly attacking as the Knight rode by him, striking him in the helmet and killing him. 

Whilst this shook the English (and empowered the Scots) they decided to stick to what they knew best; with what had always worked well for them in the past  and was most likely to maximise their chances of a swift and easy victory over an under-powered Scottish army. They unleashed their heavy cavalry from the south side although they didn’t get very far. Used to fighting on flat ground the English quickly found themselves in unfamiliar terrain which challenged their horses and horsemanship

Eventually reaching the forest where the Scots were waiting, again not the ideal terrain for their heavy cavalry, the English forces were soon chased back out.  Rather than follow them, the Scots army remained in the forest and re-manned their defences. 

The English then launched an additional attack from the north (the Castle side) in order to panic the Scots. These units also struggled with the terrain as well as the Scots’ formations (Hedghog, which were highly defensive and with the ability to move more effectively in the conditions) however and soon the English decided to regroup and find a spot to set up camp.

Not expecting the Scots to attack a vastly more skilful army, they not only let their guard down but also picked a spot for their camp which lay to the marshy east which had few exits. Timing their raid to suit the conditions and taking advantage of the English decision to camp in a location which left them with few options and without a suitable response strategy, the Scots attacked that night, leveraging their knowledge of the terrain and conditions to great effect.

The English archers who were positioned elsewhere were unable to fire on the Scots for fear of hitting their own and when the opportunity to fire did eventually present itself, additional Scots who had been held back as a contingency chased the the unprotected archers back.  

The English King fled soon after, and despite being concerned at their King’s retreat, his army fought on, still believing they were undefeatable. When the Scots who had been held back joined the battle however, the English wrongly believed that the Scots had additional support from other Clans that the English were not aware of and made the decision to pull back in retreat.

One of the key reasons the Scots won this battle was due to the fact they understood their environment, evaluated scenarios and uncertainty, embraced opportunity and risk equally, and planned their strategy accordingly.

Risk-Based Strategy

Some of the key elements that helped the Scots win this battle was having a well thought out strategy that had clear objectives, considered risk (and taking the view that risk equated to opportunity rather than seeing it as only potential defeat), and which considered their Risk Appetite (which was large). 

Robert the Bruce understood very well (as did his men) that due to the lack of experience and numbers, the battle as a whole was a huge risk to the Scots, however they opted to embrace this as an opportunity which could ultimately achieve Scottish Independence. Whilst looking at risks to their specific battle plans, Instead of looking at them from a purely negative, fear driven and defensive point of view, which would have led to their strategy being largely driven by what their adversaries (the English) did, they took a positive and aggressive view, which ultimately allowed them to develop and execute a clearer and well planned risk-based strategy from the outset. 

An interesting aspect of Robert’s approach to planning for the battle was Scenario Planning. 

Scenario Planning

Robert considered how the English would approach the battle, looking at different scenarios that might unfold, and preparing for them all. Would they attack directly? Would they try to cut them off from the castle or would they approach from the west? Would they attack with their cavalry or would they use some other unit?  He considered the likelihood of these scenarios and eventually opted for one which turned out to be very similar to the actual approach employed by the English. This allowed him to develop a strategy to defeat this approach. A risk-based strategy derived from scenarios.

Something that should be highlighted is that whilst Robert decided to develop his strategy based on this particular scenario, he also realised that they would need to adjust the strategy depending on the scenario that might eventually play out. Robert therefore ensured that he planned for the other scenarios too and ensured he had enough men left behind as a contingency in order to adapt to these scenarios (respond to the risk) if needed.

Objectives

Robert the Bruce proceeded to plan his strategy for the battle in great detail setting clear objectives and tactics for each section of his army. Perhaps more importantly, Robert the Bruce also made sure that these objectives were clearly communicated to his men and they were trained in each aspect. He had a few months to prepare and train his men before the English arrived and by the end of those few months the battle strategy, objectives and tactics were all fully understood by everyone. The English were not so lucky. Travelling from various parts of Europe to go and fight in Scotland, they had little time for planning or training. 

Risk Appetite

The Scots, seeing this as an opportunity despite needing to defy the odds, clearly had a higher risk appetite – and, arguably, more to gain – than the English from the outset, as they were willing to sacrifice their lives (despite knowing it was unlikely they would survive) for the battle, knowing it was for such an important cause. 

The Scots understood how many they could afford to lose (their risk appetite and tolerance levels were evaluated) before needing to change strategy or bring other men into battle. They knew how many English would need to be lost before overwhelming them with additional men they had held back for just such an opportunity. 

The English on the other hand expected this battle to be an easy victory since they outnumbered and out skilled the Scottish army and based on underlying assumptions which didn’t sit the context of the battle. It can be argued that whilst each individual of the English army may have been aware of their own appetite for risk there was probably not an awareness of the collective appetite for risk, the consequences of breaching the thresholds, or how to react once these thresholds were breached.

Battle Tactics

Part of the scenario that Robert had prepared for was the expectation that the English would send their horses and heavily armoured men from the South and potentially try to send some units to the North of the Scots. Robert knew the terrain was difficult for anyone trying to cross it and embraced the advantages of their home terrain by positioning their troops around the forest, using it as a protective barrier and avoiding tiring themselves out trying to cross or fight in the marshy ground. 

Knowing the English would press forward to the Scots position, he also managed to mitigate the full onslaught of the English horsemen by setting pit traps in the ground, making it even more difficult to manoeuvre and sending many of the English falling onto spears. Knowing that any fighting would most likely be done at close quarters rather than with horses or archers, as was usual for the English, Robert also attached knives to their shields. This gave them additional fighting techniques without adding weight and would ensure the Scots would be at a huge advantage in terms of speed and endurance. 

The importance of Contingency

As previously mentioned, Robert the Bruce had already decided to keep men behind as a contingency to adapt to various scenarios or to be used in the event of too many losses on either side (strike fear into the English or come to the aid of a failing Scots army). Whilst this accounted for a number of scenarios it also allowed a response to any uncertain aspects of the battle. These men eventually won the battle for the Scots when they came rushing in and chasing off the archers and joining the battle once the English King had retreated near the end, pushing the English back against rivers leading to drownings and their eventual retreat.

Organisational Culture and Risk Culture

Risk culture describes the values, beliefs and understanding of risk shared by a group of people. We can look at the organisational and risk culture of the Scottish and English armies by comparing their values, beliefs and behaviours in relation to the battle.

Scottish Army

• The Scots followed leadership from Robert the Bruce who set a clear tone from the top of the ranks with his passion for Scotland and anger at the English. His passion was not only motivated by his country but also because the English had captured his wife and children and killed some of his brothers.
• He provided an effective risk based strategy to the battle and the tactics and operational tactics were clear for his troops to follow. Communication and training were key.
• The Scots were all aligned to the same culture, with their shared beliefs for Scottish independence which they were willing to sacrifice their life for in the battle.
• Robert the Bruce led from the front even putting himself in danger in a one on one battle with an experienced and highly skilled Knight.

English Army

• The English did not share the same sense of purpose. They lacked an alignment to the same culture as the troops were made up from Welsh and Irish soldiers. They did not have the same desire or passion to win and were not willing to sacrifice their lives.
• As they expected an easy victory the English were not as focused, meaning their strategies and tactics weren’t established or well understood amongst the soldiers.
• The English underestimated the Scots and didn’t expect them to take the risk of advancing on their camp and therefore didn’t have controls in place to mitigate their advance effectively. This affected their morale and led to them fleeing when they saw the battle being lost.
• King Edward II stayed back at all times and was rarely visible to his men. Rather than stay when things got difficult, he retreated which would have been disheartening to his men.

Crucially, the Scots were completely aligned with the strategy and objectives. This is a key component to success of any kind and highlights the importance of having people with the right values in your team. There was also reports that the English army, who had little time to train or plan, didn’t work well as a team or understand their roles causing disagreement and confusion within the troops.

How Scots turned Key Risks into Rewards

Factor	Risk	Opportunity
Terrain	The Scots were outnumbered and the English would have advanced and defeated them if the battle ended up in an open field which it would eventually. The Scots decided to position themselves in the forest in order to mitigate the risk of an open field battle.	Rather than just focus on mitigation and stay in the forest to fight, which also would have led to defeat eventually, the Scots looked for opportunity and Lay traps along the difficult terrain that they knew the English were not used to, and only attacked in the open when the Scots had a clear advantage. This reduced English troop numbers, tired them out, hit their morale and allowed Scots to slowly make gains.
English ability to change Strategy due to numbers	Whilst the Scots had predicted the strategy that the English would employ, there was a risk that the English would do something unexpected or change strategies during the battle. The number of soldiers the English had would allow them to do this. The Scots decided to ensure enough units were left behind battle lines as a contingency that could be used for multiple purposes. This resource allowed the Scots mitigate the risk of a changing English strategy by being able to adapt quickly to new strategies by using the additional units.	The Scots decided to not only use the additional units as a contingency for adapting to changing strategies, but they also used them to surprise the English at critical points of the battle and to attack the archers who were a threat to the Scots allowing the Scots to continue their ambush.
Regrouping of a sizeable and more skilled English Army	In their camp, the English would have a chance to regroup and develop more effective and successful plans for the battle. With more understanding of the terrain and Scottish strategy, the English would probably be able to develop a strategy that would have led to a Scottish defeat.	Rather than regrouping themselves and taking time to second guess what the English would do next and plan accordingly, The Scots decided to take risk instead and to take the English by surprise.   The English didn’t think the Scots would risk an attack on their camp. Located on a small hill, the English couldn’t get down and they were surrounded by rivers and lagoons on either side, trapping them within their camp. The Scots could use the restricted access to their benefit by attacking straight on and pushing the English back and trapping them in.
Highly experienced and well equipped Knight challenging Robert the Bruce to a one on one battle.	Robert the Bruce could have been injured or killed before the battle had started, striking a huge blow to the Scots and ultimately leaving them without a leader. Robert the Bruce could have mitigated this by returning to the forest where he had men and numbers.	Robert the Bruce understood that in order to win the Battle of Bannockburn, an extraordinary effort would be needed. His strategy, tactics and preparation were important but more would be needed. He saw the Knight approaching as an opportunity to show his men that anything was possible and that experience and armour was no match for passion, hard work and bravery.  This would surely spur his men on and further increase morale and togetherness throughout the battle.

What other risks did the Scots turn to opportunity/reward? 

Outcome

Although the Scots still suffered a huge number of casualties, they managed to achieve their objectives of defeating the English army despite the odds being against them. The Scots also achieved their ultimate objective of winning Independence for Scotland and Robert was named King. In addition, Robert’s family were released and Scotland became a united country. 

Closing Message – Risk Perspective in Business world

The messages from this case study can be applied to business world from the key areas of risk management discussed. A large, well equipped organisation can still be at risk of losses and collapse if the operating environment, risk appetite and objectives are not aligned effectively with communication, strategy, tactics and operations. A positive risk culture is vital, with a clear tone and leadership from the top and with an effective HR recruitment strategy which focuses on a values and beliefs driven focus throughout the organisation in order to ensure alignment with organisational culture and vision. A small company can also succeed against the odds, if it embraces opportunity when available and ultimately turn risk into rewards.

Pictures are taken from a number of sources including screenshots from the film “Braveheart”, pictures from the battle site, pictures of paintings and the following websites:

http://www.britishbattles.com

http://www.visitscotland.com

http://www.weaponsandwarfare.com

nts.org.uk

TRANSFORMING TO OPERATIONAL EXCELLENCE & IMPROVED PERFORMANCE

dr mark vine

PREFACE

Dr Mark Vine has over thirty years experience as an HSE Manager and Management Consultant with extensive experience in oil and gas, chemicals, government, transport, insurance, NGO’s and development banks. His experience covers the full lifecycle from mega and major projects through to operations.

Mark is a recognised subject matter expert in HSE MS and Operations Management Systems (OMS) development, implementation and assurance with a focus on sustainability, Environmental and Social Governance (ESG), process safety, behavioural based safety, asset integrity management and Operational Excellence (OE).

LR Consultants is a unique boutique consultancy that provides high value management consulting services to the global energy, chemical process, mining, banking and financial service industries. 

LR Consultants is headquartered in Dubai, United Arab Emirates and is supported by an extensive global network of highly experienced independent consultants with executive and senior management industry experience in capital projects delivery and operational excellence. 

1       OVERVIEW

As a business leader or senior manager it is natural that you should be continually asking questions that challenge to improve the performance of your business management system. 

LR Consultants experience suggests that the following questions reflect the foremost concerns of business leaders:

• Are you increasingly frustrated that your projects or business strategy is failing to deliver expected and timely results to your key performance indicators? 
• Is your projects or business management system overly complex, costly to operate and/or experiencing low recognition and involvement amongst your workforce? 
• In a rapidly changing business world is your projects or business management system not proving to be resilient and is it unable able to respond effectively to market changes and emerging risks? 
• Is your project or business management system unsuitable to deliver compliance to the Environmental Social and Governance (ESG) expectations of donor financing institutes who follow IFC Equator Principles and World Bank requirements?

If the answer to any of these questions is affirmative then the solution should be to invest in Operational Excellence.

This LR Article provides the basics to Operational Excellence (OE) and how to achieve the benefits through the transformation to an enterprise wide Operating Management System (OMS).

2       WHAT IS OPERATIONAL EXCELLENCE?

There is no unique internationally accepted definition of OE. Some of the more well known definitions are provided in Table 1.

Table 1 Definitions for Operational Excellence

“Operational Excellence achieves and sustains outstanding levels of performance that meet or exceed the expectations of all their stakeholders”

OE is not the same as Continuous Improvement (CI) which has been promulgated by the ISO suite of management system standards. A comparison of the LR Consultants OE cycle against the ISO CI cycle is provided in Figure 1.

Figure 1 LR Operational Excellence and ISO Continuous Improvement Cycles Compared

A CI business is one that follows a process of improve, sustain, measure and monitor. The business then repeats the cycle over and over again to create a culture of CI. A significant downside is that CI often has no goal or destination to meet and it can be a slow and unreliable journey to deliver results.

OE delivers integrated performance across revenue, cost, and risk. Conversely to CI, it focuses on meeting operating and stakeholder driven results through the CI of the operational processes and culture of the organisation. 

The goal of OE is to develop one single, integrated enterprise wide management system with a strategic results and stakeholder based direction, driving visualised risk optimised business processes and workflows. The second component of OE, a culture of Operating Discipline, is commonly described as “doing the right thing, the right way, every time”. According to BTOES this Operating Culture is built upon the guiding principles of leadership, integrity, questioning attitude, always problem solving, daily CI mind set, level of knowledge, teamwork and influencing workforce behaviours.

An OE organisation is more agile and able to identify and manage emerging threats and to rapidly transform itself than its CI counterpart. OE organisations are inherently more resilient and adaptable to changes to stakeholder concerns and market conditions.

These relationships can be visualised using the LR Model for OE shown in Figure 2. The LR Model (under development) is designed for high risk or safety critical industries (oil and gas, power, chemicals, pharmaceuticals, transport, mining and nuclear) and to meet the requirements of sustainability. It is fully compliant with IFC Equator Principles and ESG requirements. 

The LR OE Model delivers ISO compliance as a minimum requirement and has Plan-Do-Check-Act (PDCA) as an integral part of its DNA. It delivers sustainable business results and can be applied across the cradle to grave to rebirth business lifecycle.

Figure 2 LR Risk Optimised Model for Operational Excellence

Figure 2 depicts “Risks” as a separate element associated with business process controls. In reality “Risks” are distributed and embedded in all elements of the LR model. Risk management is critical to ensuring that business strategy and processes are optimised and prioritised towards meeting key performance indicators. Emerging risks require timely management and worker adaptation of existing business or operating processes in order to ensure that the business remains resilient to changing market conditions and aligned with any adjustment to business strategy.

OE has been formally defined by the European Foundation for Quality Management (EFQM) through their EFQM Model for OE shown in Figure 3.

Figure 3 EFQM Model for Operational Excellence (EFQM, 2018)

The EFQM Model is a globally recognised management framework which allows organisations to achieve success by measuring where they are on the path towards transformation, helping them understand the gaps and possible solutions available, and empowering them to progress and significantly improve their organisation’s performance.

Both the LR Consultants and EFQM Models for OE can both be used in enterprise wide management system design, implementation, benchmarking and transformation for immature and mature businesses alike. 

A key difference between the LR and EFQM approaches is that the LR OE Model has been designed for safety critical industries and is able to distribute risk criticality through all elements and processes of the model. Risk optimised business processes are shaped and prioritised by the critical findings of the enabling risk assessment. This is a key reason why ISO management systems create the risk silos and traditionally fail to manage systemic process safety and asset integrity risks.

3       FUNDAMENTAL CONCEPTS AND THEMES FOR OPERATIONAL EXCELLENCE

The fundamental concepts of OE (shown in Figure 2) outline the essential foundation for achieving sustainable excellence for any organisation. The concepts can be used as the basis to describe the attributes of an excellent organisational culture. They can also serve as a common language for senior management.

OE covers a number of risk themes (with a focus on risk reduction results) that should be assessed and managed for all projects, facilities, activities, products and services for which your business is partially or wholly responsible or accountable. An illustration of the OE risk themes typically used in capital intensive safety critical industries is provided in Figure 5.

Figure 5 Operational Excellence Risk Themes

4       OPERATIONAL EXCELLENCE AND OPERATING MANAGEMENT SYSTEMS (OMS)

OE Models can be used to design, develop, benchmark and transform the enterprise wide management system. 

Many organisations are commercially driven to satisfy the disparate needs of the many ISO management system standards often creating overly complex, inefficient and costly to operate management systems. ISO driven management systems, particularly in the case of safety critical industries fall far short in managing process safety and asset integrity risks. 

The solution to efficient and effective OE delivery is to develop an Operating Management System (OMS), also referred to as an Integrated Management System (IMS). The term OMS is preferred in this Article.

An OMS is a complete framework that combines all aspects of an organisation’s systems, processes, and any standards that the business follows.

An OMS is used for controlling risk, delivering high performance and achieving Operational Excellence.

“Operating” applies to every type of company activity, including concept design, engineering, construction, commissioning, operations, inspection, maintenance and decommissioning, throughout the entire value chain and lifecycle of the business and its products.

The development of an OMS that incorporates Equator Principles and ESG requirements fully satisfies the project financing requirements of donor Banks and External Credit Agencies. 

An illustration of an OMS framework created from the integration of individual ISO and non-ISO management systems is provided in Figure 6. An important part of integration is to upgrade the minimum requirements of ISO based management systems to incorporate industry best practice. 

Figure 6 Integration of Individual Management Systems into an OMS

5       WHAT ARE THE BENEFITS OF OMS AND OE?

The benefits of OMS and OE investment to your business are summarised in Table 2.

Table 2 Summary of OMS and Operational Excellence Benefits

The Future of Risk Management: Gamer boys and girls as Chief Risk Officers

By Horst Simon, The Risk Culture Builder

The world of risk management can no longer be ruled by the quants, they had their time of complicating something very simple and easy. The Future of Risk Management lies with the gamers.

When we look at formal risk management as we know it today, it is moving out of the teenage years and the make-up of the future Chief Risk Officers will be very different to the past of “quantified” risk reports, based on historic data and produced (normally too late) by one department in the organisation.

Future CRO’s

Future CROs must be visionaries, capable of adding value and churning out a positive ROI (Return on Investment) through building an effective risk culture across the entire organisation…. and their supply chain, and their outsourced service providers.

This require skills we did not pay too much attention to up to now. Risk Management is hard work, so we will not be able to fix it with soft skills. The CRO of the future is a tough guy, sitting at the main table, reporting directly to the Board of Directors.

Gamers are used to large, complex, social systems that are constantly evolving. Games can capture and hold the attention of their players because they are always new. This is pretty much like the levels of change we are currently experiencing in all corporate organisations. The pace of change and the intensity of change in all organisations are ever increasing and with that, the exposure to risk shoots up…. the gamers are quite used to this.

They live in a world of MMORPG (massively multiplayer online role-playing games) like WoW and Guildwars2 and RTS (real time strategy) games like StarCraft – a war type game consisting of different units and play styles ranging from fast aggressive small attacks to grand scale full army assaults.

Winning relies on constant monitoring of your opponent and evaluating their current situation and predicting their possible paths in future; then determining the best way to overcome their attacks, this is both in fine control of specific units on the front line, balanced with continued resource collection to produce units. How does this compare to what we want the CROs of multinational organisations to do?

The character traits needed for success in the Future of Risk Management are all in the gamers and these traits will help them to thrive as Chief Risk Officers. Research done by John Seely Brown and Douglas Thomas highlights these five key character traits in gamers:

1. Focus on The Bottom Line: In the games that these online players are playing, each player is constantly being measured and assessed. Each player is ranked and compared to other players using systems of rankings, points, and titles.
2. Diversity Is Good: Gamers realize that they cannot do it all themselves. To be successful in a game, players need to build a strong team. The teams that are the most successful are the ones that consist of a strong mix of both abilities and talents.
3. Change Is Good: Gamers thrive on change. The worlds in which they play are constantly changing – nothing is constant. Their actions transform the world in which they are playing. Gamers have come to expect this type of massive change.
4. Learning Is Seen as Fun: The games that players are participating in consist of complex challenges that must be overcome. These challenges make the game fun. Discovering the tools that are needed and creating the knowledge that is need to overcome challenges is what turns problem solving into a fun activity.
5. Innovation Is a Lifestyle: Gamers are willing to explore new ideas and ways of solving problems. Even when the solution to a problem is known, gamers are willing to search for new solutions that will solve the problem quicker or by using fewer resources.

So how can these be the future risk management leaders?

A survey done by IBM found that there were six key lessons that leaders could learn from the online game environment:

1. Apply virtual communication tools and facilitation techniques to more effectively connect people from around the world.
2. Use collaborative spaces to gather knowledge, express ideas and concerns and share passions.
3. Spend more time on setting organizational context and communicating where the organization needs to go.
4. Improve the visibility of both formal and informal skills.
5. Use dashboards linked to collaborative tools to capture key real-time information about people, activities and outcomes.
6. Provide guidance that is more frequent and link performance to recognition.

All gamers already live in this world of leadership and apply these skills daily.

The average gamer is usually a college aged male whose life is centred totally on video gaming. Mostly addicted to online games and often totally owned by at least one game. They also usually look pathetic and seldom change clothes because they never go to bed and they spend all their money in a cycle of forever-newergames. They own serious computers that have names like “My Baby” or “The Beast” and their video cards cost more than the family’s monthly car payment.

“In a future world, computer skills required to do your job are beyond the skills adults currently have – except for some of us. Kids who are gamers acquire skills that will give them an advantage over the rest of us. Hence, if you’re not young enough to be a gamer and not old enough to retire soon, you may find yourself in an awkward position ten years from now”

(Christine– years ago – on a Harward Business Review blog- http://blogs.hbr.org/2008/02/the-gamer-disposition/#disqus_thread )

We might still have to wait a couple of years for these geniuses to enter the world of Risk Management and we will have to teach them a few soft-skills.

They are coming and we will see the TRANSFORMATION of Risk Management, but they will not be cheap, the babies and beasts they will buy for their kids will be supercomputers!

Get ready to see some brilliant CROs with no grey hair and no “long service” awards, just a passion to succeed!

Why Risk Culture? Change starts at the top!

By Horst Simon, The Risk Culture Builder, taken from the IRM Energy publication

Regulations, Cyber attacks, Security situations and Global Climate Change—paranoia in a world that is still just a spinning ball with an increasing population; a place where businesses seem to boom today and are gone or “acquired” by tomorrow evening. This is the world of disruption in which risk managers must advise and support business managers to survive and build competitive advantage over peers and over future competitors that do not even exist in the marketplace today.

To top all of this, we have seen the toxic culture of corporate greed and deceit spread from banking into auto-making and lately to pharmaceuticals. Rigging is no longer a term associated with physical hard work and scheming (an adjective that describes someone who is always doing sneaky things to make things happen) is now evident in corporate boardrooms. It is almost a world in which bribery and corruption are perceived to not be criminal activities, but gladly still a perception that changes very quickly when you are caught. “White collar crime” is too often resolved by the payment of large fines without admission or denial of any wrongdoing.

Chief Risk Officers and Risk Managers are often wrongly seen as super humans who can single-handedly identify, own and be responsible for the identification, reporting and mitigation of all risks inside and outside the business. How did we get all of this so wrong and how will we fix it?

“Risk Culture is the balance of people, controls & chaos at the edge of business performance” was a quote from the weekly Risk Culture Builder quotes and reaction to this went as far as a comment saying:  “Risk is not part of culture”, so with all the perceptions and opinions out there, let us look at getting some clarity from this chaos.

Clarity from Chaos

Change starts at the top. Executives live in a space of information overload and risk reporting sadly fell into the same trap. Board Risk reports in many organisations produce more information than what can be digested and certainly much more than what is needed to make better decisions. The first step is to filter this to what is really required and useful, so many risk reports are just presentations of historic “data” that is not converted into “information” and thus not of much use to those whom it is presented to. The risk visualisation example found on the Risk Guide website HERE  is one way to move away from this information overload.

Filtering brings us to three key elements to watch, Money, Risk and Change.

Money is why we take risk as the essence of any business is to take risk for reward, so we have to watch the money, bad cash flow kills companies, and as we see more and more now, so does greed. Find that balance between risk and reward and always remember that you can only take more risk, as you get better at risk management, thus more money is a result of better risk management, nothing else. Those who still see risk management as preventing things from going wrong will differ with me here; those who understand that risk management is about management of risk and opportunity will understand and agree.

Secondly, you must watch the Risk, both the levels of risk internally and externally, as well as emerging risks, including those that do not presently exist. Two big pitfalls here; trying to identify all the risks and focusing more effort on the internal ones rather that what is outside of the business. You can never identify all the risks you are exposed to, so the ability to assess risk and take the best decision in response to that situation of risk is more important than risk identification. The basic risk management process should start with managing the ones you know about and consider to be above the current acceptable levels within your risk appetite.  So many executive teams struggle through pages and pages of risk reporting on what is internal to the business and focus all the risk management efforts on controlling everything internal to the business, this is similar to building a bomb shelter, but not putting sandbags on the outside, a pretty useless exercise. Generally, what is inside is well known and if you are still in business, reasonably well managed; the ones from outside are the ones that are most likely to put you out of business. Too often, I hear and see executive teams trying to drive the profits up and the risk profile down, getting all the risks “green” will never bring sustainable growth and certainly not bigger profits.

The third key element after filtering the information overload is Change. The world is changing at an unprecedented pace, the levels of change are much bigger than before and change is happening much faster than before. During any phase of change the level of risk increases and new risks are introduced during the process, or sometimes because of the process.  No business can exist without human intervention and there is a limit to the level of change and the pace at which any human can accept such disruption. So often, we see examples from the oil industry where they launch new a multitude of new projects, restructure, enter new markets, change operating systems or involve themselves in mergers and acquisitions; all at the same time.

The foundation for success must be built at the top and from that level down the strategy must be clear on the goals for Money, Risk and Change, in a balanced way.

How much do we need to make? How much risk will we take to do that and what if things go better or worse? How much change can we afford and cope with? “Make as much as we can” is not a goal, it is a recipe for disaster.

Challenges

Once the foundation is laid, we can move on to the future of risk management. The most difficult change is to move on from risk management being seen as and obstruction to business that is only relevant in industries where there are regulatory requirements to be complied with to the understanding that it is essential to drive value and sustainability. Risk management operations in any business must deliver a positive return on investment, risk management is not part of the cost of doing business, and it is the driver for business success.

However, there is always the risk of employees seeking to maximise their bonuses who may take excessive risks, particularly if their bonuses or other incentives are based on immediate results and ignores long-term profitability and prudent risk management. In the oil industry there are numerous examples of major accidents occurring due to cutting corners in order to meet schedules, or risk management being silenced in order to hide true completion dates in order to achieve quarterly bonuses.

The second challenge is changing risk reporting from this rear-view mirror picture based on historic, often inaccurate, data; to something that is forward-looking and can support better decision-making in the business.  Even with more than 16 years of experience in Operational Risk, I can still not understand the importance and focus placed on historic risk reporting and often ask the question: “Do you care about how much fuel was in your car last week?”

 

 

Better Decision Making Through Risk Visualisation

Alexander Larsen & Ghislain Giroux Dufort of Baldwin Global talk through how risk managers can use risk management as an effective decsion making tool. As originally published in Strategic Risk Magazine

 

Risk Management has for a long time been looked upon as a process that stops bad things from happening rather than an effective decision-making tool that helps organisation’s form and improve their strategy, meet objectives and provide competitive advantage.

Reporting

If risk management is a decision-making tool, and identifying risks is an exercise in preparing for the future, then why do so many reports insist on looking at last quarter instead of looking forward? Additionally, too many reports focus on the old Risk Matrix or Risk Register approach of looking at the top risks based soley on Likelihood and Impact.This often results in the same risks staying on the risk register for years, or senior management focussing too much on the top 5 risks and not getting time to discuss the rest.

It’s no wonder senior management see this as an assurance exercise rather than something that should be adding value to the business.

So how can we fix it?

There are three key areas that need to be addressed.

A) linkage to strategy and objectives.The two inform each other. Linking these two allows more productive discussions at senior management level and provides real value to future development of strategy and a chance to consider emerging risks.

B) Risk visualisationin order to truly engage top management, we need to look at how we can move towards a visually-inspiring presentation of risk.

C) Timely and effective information.We need to move away from looking back at the last quarter or 6 months and move towards having up-to-the-minute information as well as having leading indicators.

Know your audience

When presenting to executive committees and Boards, a dynamic and interactive approach to risk visualisation such as that which Nico Lategan at Transport for London developed, and which is shown in Figure 1, may add value by summarising the risk register. The ability to filter out specific objectives or risks or focusing on areas of vulnerabilities at the click of a button whilst in a meeting is highly effective when discussing scenarios or strategies and demonstrates the true power of risk management in decision-making. An example of linking risk to objectives can also be seen clearly in Figure 2.

 

Figure 1

Figure 2

Nico Lategan, in the recent Institute of Risk Management “Fuelling the debate” energy publication, suggests that Senior Management teams tend to be made up of “big picture” people who appreciate being able to visualise their organisation’s strategy along with all the risks and opportunities and all the interconnectivity involved, which often leads to stimulating discussions and prompting several key decisions.

Whilst the examples above are proving effective for boards, in some cases, discussion may require more detailed information and alternative visualisation should be considered. Using bowtie diagrams for example, where you can dig deep into root causes, look at controls and their effectiveness, and link causes to lower level risks within the organisation, have been highly effective in these circumstances. The common theme is interactivity and visualisation depending on the makeup of senior management.

 

Risk Prioritisation

Engaging senior management by using risk visualisation is only half the battle however. Ensuring that risks are prioritised based on risk appetite and up to date information is vital to ensuring that risk management is actually adding value. One approach that has proven popular with board members has been using KRI’s and Risk Appetite.

There is much debate around risk appetite statements that are often qualitative or aspirational, limited to acceptable variations around corporate targets which, whilst looking good on paper, don’t add much value. For example, let’s assume fictitious airline company AirSafeCo states that it aims for a customer satisfaction index of 80%, plus or minus 5%. This is a nice aspiration but says little of how much risk the company is really willing to take.

A Better approach might be if the company identifies the major risks that drive such variation around the target, as well as leading key risk indicators (KRIs) that alert of changes in these risks. By establishing risk appetite statements at the KRI level, AirSafeCo obtains an early warning system that allows to be alerted of risks to customer satisfaction objectives and to take action before it is too late.

Figure 3

Figure 3, a powerful visualization tool in itself, illustrates how to use this approach. Let’s say AirSafeCo wants to be in the top quartile of the industry in terms of passenger safety (strategic objective). It identifies three associated risk components: crash, turbulence, delays on the tarmac. Risk components have different sources and manifest themselves differently. For each major risk source, leading KRIs are sought and risk appetite statements set for these KRI. For example, the time to buckle up during turbulence announcements may be such a leading KRI.

Specific and quantified statements for leading KRIs are created that consider both the level of risk and the cost of managing the risk (due to the number and cost of treatments).

Once this system is in place, it can be used to make decisions and take action at the required frequency: in real time, daily, quarterly, etc. When a KRI drifts away from risk appetite (the green zone), different actions are taken depending on the magnitude of the variation (orange and red zones in Figure 3). It is important to remember that a sensible action may be to actually reduce spending on control and take more risk, thus freeing up more resources to manage other risks or take advantage of opportunities.

This approach to risk appetite and KRIs provides real-time snapshots of the status of risks to the business and a perspective on their trends (as demonstrated in Figure 4), as opposed to the traditional likelihood vs impact matrix which often misses the mark.

Figure 4

Figure 4 shows which risks are most pressing based on approved risk appetites for top risks. Such visualization tool also provides a perspective on how risks have improved or worsened over time, most likely due to management action, as demonstrated with Safety over 5 quarters. With leading KRIs and an adequate monitoring frequency, this table also allows for timely decision-making before risks materialize.

All companies and organisations, including not-for-profit ones, need to take risks in order to achieve their objectives and to thrive. This approach helps to make timely decisions on risk levels and cost of risk.

Risk Culture Conversations – Episode 7 – Risk Visualisation

Risk Culture Conversations episode 7 is now available and focuses on what Risk Visualisation is and how we should move away from current reporting that only looks backwards and is rarely mentally stimulating for top management.

Risk Reporting

Risk Management for the last few decades has focused on the famous and much debated Risk Matrix or Risk Register. Whilst I am not about to argue the benefits or negatives of such an approach, what is clear is that there needs to be a new approach to doing things as our maturity grows. Whilst I dont suggest replacing it (It is well embedded in most businesses, people are familiar with risk matrices from other disciplines, and it acts as a starting point for data gathering), and NASA even have a place for it in their approach to risk management, I do believe we can build on it or approach things differently (where culture and process allows it)

 

Additionally, reporting to the board or senior management team should be less about looking at what a risk looked like for the past 3 months, 6 months or in some cases 1 year, and more about looking forward and using risk in decision making. Risk Intelligence as some have branded it.

Horst Simon has said, “what happens when all risks are green?”. Indeed, if a company is operating in an all green environment, then it is time to close up shop. Organisation’s NEED risk. They need to take MORE risk in fact. It’s about understanding your risks and having the right information at the right time and focused on the right areas.

Another problem risk management suffers from is engaging top management in the first place. reports are often boring, lack information they seek or need, or like I mentioned earlier, are always looking backwards instead of forward. What is risk management (predictive) if not forward looking? This is where Risk Visualisation can help.

Risk Visualisation

I met with Nico Lategan whilst I was in London on a business trip and he showed me how he was presenting risk. The feedback he had received (and the interaction he witnessed) from the board and others who have adopted his approach was an indication that we certainly need to move on from risk registers and risk matrix reporting.

Some examples of his work can be seen here:

 

More examples of his work and an article on the subject can be found in the newly launched IRM Energy Publication which you can download for free here

Of course there are many other tools you can use such as bowtie XP or risk information software generated dashboards. In this Episode, the final in the series, we discuss this and more….. Check out below the video for content and timings within the video:

 

Video is found here:

 

What is Risk Visualisation? – 0.00 – 4.00 minutes in the video

We discuss how Risk Visualisation is an alternative to risk reporting or that it is at least a more advanced version of risk matricies. It needs to be about decision making instead of looking backwards.  It mentions that a risk register is not the most effective tool and we need to keep leadership interested.

Tools are mentioned that are already out there such as Bowtie XP and Nico Latigan’s risk visualisation tool which can be found here: Sharpcloud

How does colour and visual sense impact us? – 4.00 – 6.00 minutes in the video

How does colours affect us?  A fascinating story is told by Vibeke about how a music producer is influenced by visualisation waves when making music. It shows the power of visualisation and backs up the reason for finding good ways of reporting in a visual manner and how it can be very strong for leaders.

Future of risk management – Will Risk Matrix die? – 6.00 – 9.00 minutes in the video

The debate on Risk Matricies continues. We discuss the need to move on but how the risk matrix may not die and may even have a place! Many people are adapting the matrix to add more layers. The most fundamental points that are brought up is the move towards risk management education within degrees and Mba’s promising a positive future for the profession. Will the risk MANAGER role die? this could be the more likely scenario!

***NASA use a 3×3 – To be clear… They use a number of matrix. 5×5, 4×4 and 3×3. The point is that they use it with quantitative analysis and other scientific methods.There is room for both to be used in other words***

Conclusion – 9.00 – 10.30 minutes in the video

A conclusion of the video

Watch all our videos on Youtube channel : http://www.youtube.com/c/riskguide

 

***Links mentioned in this video***

sds

https://www.linkedin.com/pulse/we-witnessing-demise-risk-register-rise-visualisation-nico-lategan/

https://www.linkedin.com/pulse/visualising-brexit-nico-lategan/

http://www.sharpcloud.com

https://www.researchgate.net/publication/266666768_The_Risk_of_Using_Risk_Matrices

Risk Culture Conversations – Episode 6 – Risk Maturity

Risk Culture Conversations episode 6 is now available and focuses on what Risk Maturity Models are and how they can be used to great effect within an organisation.

Risk Maturity

Risk Maturity Models are being embraced more and more by the risk community and are a magnificent tool for gaining buy in, building a risk management plan/strategy and measuring progress of risk management year on year.

A couple of books have covered the subject of risk maturity including a chapter that I contributed in “Implementing Enterprise Risk Management – Case studies and best practices” published by Wiley’s and put together by Betty Simkins, John Fraser and Kristina Narvaez. The chapter specifically looks at how Risk Maturity was used to implement risk management within various organisations based out of the Middle East.

Another book that is dedicated completely to Risk Maturity Models and which draws on some of the models I used in the above mentioned book is Domenic Antonucci’s book “Risk Maturity Models.

This book goes into detail on all the various models available in the market place.

In this video, I present what a risk maturity model should look like, the many ways in which Risk Maturity can help organisations establish risk management and the importance of Risk Culture within a model. Below the video you can see the specific content.

What is a Risk Maturity Model? – 0.00 – 2.30 minutes in the video

I introduce the subject of risk maturity and explain what a risk maturity model is and how it has Multiple uses. Essentially there are 5 levels of maturity (not always the case) and not every organisation needs to get to level 5.

Details of a Risk Maturity Model – 2.30 – 4.00 minutes in the video

I discuss what Components might make up a risk maturity model such as:

Infrastructure and governance, Identification of risk, Assessment of risk (from basic qualitative to heavy quantitative, Reporting (from once a year to embedded within decision making), etc.

For each component there will be a 1-5 levels with various criteria that need to be met in order to move up the maturity scale.

Selling Risk Management with Risk Maturity Models – 4.00 – 6.00 minutes in the video

A highly useful side to risk maturity models is being able to show management/board a high level version of the organisations current position. It allows the risk department to state: “This is where we are now, where do you want us to be?” Knowing where the board want risk management to be on the maturity scale allows the risk team to see the gaps and build a roadmap, even suggesting how long it will take with current resources in order to justify the need for more resource. Importantly it allows the risk team to communicate the importance of  THEIR (the board or senior management team) involvement.

Other points – 6.00 – 9.00 minutes in the video

The final part of the video discusses the importance of including Risk Culture as a component in order to show management the importance of Risk Culture and criteria might be for example training undertaken, levels of training, certification of each risk professional etc.

It also discusses how you might use it internally to understand maturity within various departments or subsidiaries and the ability to benchmark against other companies (using third party companies to undertake a risk maturity assessment)

Watch all our videos on Youtube channel : http://www.youtube.com/c/riskguide

 

Risk Culture Conversations – Episode 5 – The Perfect Risk Workshop

Risk Culture Conversations episode 5 is now available and focuses on how to have a perfect Risk Workshop (pre, during and post)!

Risk Brainstorming Workshops

When a risk team considers how best to gather risk from across the organisation or a project manager looks to capture the top risks to the projects, one of the most effective approaches is to run a brainstorming workshop with a variety of people from the team.

A successful Workshop however is not as easy as it seems. There are a number of challenges that require a strong facilitator and great planning. A good Risk Manager needs to be able to master these factors.

In the latest episode of Risk Culture Conversations we discussed Five key aspects of training.

Pre Meeting – 0.00 – 6.30 minutes in the video

“A risk manager should rarely be at his desk. They should be walking around the organisation”

Prior to any meeting or workshop for risk, gathering data and Information/Risks is key for preparation. We look at the various methods of achieving this including the mention of a unique software called RiskID which is one method of capturing risks but instead of focusing on the perceived top risks, it allows the facilitator to focus on the risks that are least agreed upon. Is it due to not understanding the risk? or might it be that we have it well under control already?

Other aspects include looking at Risk appetite and thinking outside the box as well as how to invite the right participants.

How to cover all the right risks and Opportunities and avoiding being negative- 6.30 – 11.45 minutes in the video

A failure of risk management is often that we fail to look at Opportunities. Even when a risk manager preaches opportunities it is often easy to get lost in the “negative” risks. We look at ways of how to build a more optimistic view of risk management.

During Meeting – 11.45 – 18.10 minutes in the video

“It’s all about Culture!” . We discuss why Organisational Culture has a large part to play in workshops and meetings. During a meeting its vital to build an environment suitable for sharing and openness. The facilitator plays a key role in ensuring everyone has a voice. Examples of how to get people thinking outside the box are discussed during this video including  Role Reversal experiments.

What happens when you can’t gain Consensus? — 18.10 – 22.35 minutes in the video

An interesting part of our conversations that came up was how to overcome a lack of consensus. We discuss examples of successful approaches and other ideas.

Post Meeting  – 22.35 – 26.00

The Post meeting/workshop follow ups are just as important as the other aspects of a successful meeting. We discuss why and what needs to be done.

Watch all our videos on Youtube channel : http://www.youtube.com/c/riskguide

Crypto – The failed ICO’s – How future ICO’s/STO’s can not only survive but thrive by managing risk

Background

2017 was the year of the ICOs with a record 5.5 Billion USD raised compared to 90 million USD the year before and 2018 has been no different and has already surpassed this figure with 7 billion having been raised to date, according to ICOdata.io.

Whilst it sounds like the ICO machine is growing in strength, the trend tells a different story. A dramatic fall in funds raised month on month during 2018, as well as the number of ICO’s reducing suggests that all is not well with the market.

 

 

 

A number of high profile incidents regarding outright scams, alongside poor management, overvaluation of ICO’s and the crypto space have had an impact on the market with investors being more careful and more demanding of ICO’s.

Additionally, regulators getting stricter and introducing KYC and other requirements for investing in ICO’s means that ICO’s are now facing a tougher time getting off the ground and raising funds. This has created the rise of the STO. The security token offering which is more regulated and a hybrid of IPO’s and ICO’s.

It is here that Risk Management can help ICO’s and STO’s gain credibility and stand out from the crowd and gain competitive advantage, adding value by bringing a level of transparency rarely seen in the industry, and ultimately, leading to investor confidence in the token offering and it’s management team.

One example that springs to mind was a Nordic property development company who decided to not only introduce risk management within their organisation but also communicate it (along with their top risks to the various developments) to potential investors. The results were two fold with sales increasing as a result of increased confidence in the company compared to competitors, as well as better performing projects/developments.

This example highlights the fact that it is not just during the token offering stage that risk management will play a key part. The introduction of risk management to the company will lead to improved performance, resilience, strategy setting and optimisation of said strategy, as well as improved decision making. Consider that yet more competitive advantage!

Innovation

It has long been said by people who don’t understand risk management, that it is a hinderence to innovation. Quite the opposite is true however. Risk management can help foster a company’s innovation agenda by revealing blind spots and areas of underinvestment. Companies such as Google, who challenge staff to find faults and risks in their projects, are a perfect example of the marrying of risk and innovation.

Clearly the blockchain space is all about Innovation which makes risk management all the more important. So what do current organisation’s in the space do in terms of risk management?

 

What should ICO’s focus on?

Objectives and strategy setting

There are a number of articles and courses out there that cover how to set up risk management within an organisation and how to identify risks, however some key focus areas for this industry is that ICO’s and STO’s need to be very clear as to their objectives and focus their efforts on Identifying and assessing their risks to these objectives whilst looking at solutions to mitigate them.

These companies in particular are covering uncharted territory and at the very least, areas that most investors are not familiar with. This is why having clear objectives that investors can understand is a must. This then sets context when identifying risk.

Opportunities need to be considered in this context too, and embedding the risk process within strategy setting or objective setting can add real value to an organisation’s success as risk management can often influence the strategy significantly.

 

Innovation, Research and development

It’s not just the high level objectives that need to be considered with regards to risk management however. A process needs to be developed that allows risk to be embedded throughout the research and development process. It should be a natural part of idea generation and a tool to enhance all aspects of the project. Risks that are identified when an idea is born on the back of a napkin at a coffee shop, are cheaper and easier to rectify than  once infrastructure or software has been built!

Having met with a few companies in the space, it is clear that some have decided to focus their approach on getting the fundamentals right. One reason it has taken these specific companies longer for them to achieve their goals is that, they have been determined to get the bigger more complex problems resolved as a priorty before launching anything. This makes managing any unforeseen risks in the future much easier.

Many other companies who simply launch their product after ironing out only a few teething problems, then realise they face major difficulties going forward when the larger problems make themselves known and they are forced to resolve themn within the confines or parameters of the design they have already launched.

 

Risk Culture

Whilst having a process is important, more important for any organisations looking to implement risk management, is understanding that having a positive risk culture is cruicial. All employees, managers and directors are responsible for managing risk and making risk based decisions. Therefore, aside from having the necessary training, they also need to feel empowered to bring bad news to the table and share concerns. The risk framework needs to ensure that risks can be escalated and not blocked by managers or directors protecting their bonus.  Building a strong risk culture isn’t easy but the value it brings is unparalleled. Recently, I sat down with Vibeke of Kontrapro Risk Management to discuss the topic of Risk Culture, what it means and ideas on how to build a positive risk culture. This has been launched as a Video Miniseries that can be found at www.riskguide.wordpress.com and www.youtube.com/c/riskguide

Some aspects to consider in order to build a successful risk culture are:

• Ensuring there is incentive to identify and manage risk
• Involving everyone in the process and breaking down silo’s. Your people are your experts, use them!
• Engaging people and ensuring that they see the value of risk management
• Consider looking past regular reporting and instead focusing on real time risk sharing and communication
• Having a communication plan that includes internal and external risk communication (investors, partners and other stakeholders)

 

Risk Communication

Communicating risk is a critical part of risk management success. Both internally and externally. Internal risk communication ensures that everyone in the organisation is aware of the top risks and can work towards solving or reducing them. It also allows staff to see the results of their input into the process.

External risk communication on the other hand ensures that the company can work with partners to understand risks that they may not have been aware of. It also encourages partners to engage in risk management.

In the early 2000’s, Dell computers discussed upcoming risks with partners in Asia and one particular risk, the closure of the east coast ports due to strikes, was managed by chartering jumbo jets and ensuring that if the risk occurred, they would be in a position to continue building and delivering computers to customers. The risk did happen and Dell did continue to keep customers happy and it played a major part in propelling Dell to becoming one of the major computer manufacturers.

 

The importance of the Non-Executive Director or ICO Advisor

Often, improvement to the process or a better understanding of risk within companies & ICO’s, come from having non-executive directors (NEDS) or ICO advisors who have a wide variety of experience and who can add, for example, to the risk management process. Better still however, is having someone on board with a full understanding of risk management who will ultimately bring the most value as they work towards embedding risk management into the culture and decision making of the organisation. Especially in the case of ICO’s, which can make great use of a variety of advisors, it is an opportunity not to be missed. It is therefore important to choose your advisors and NEDS wisely.

Companies should look for experienced risk professionals who have worked with boards, had involvement in setting strategy, understand technology companies (and have a grasp of the underlying technology), have strong communication skills (communicating with board members, developers, programmers, marketing people etc.) and understand the need to be flexible and adaptable in their approach. Companies in the space already have an abundance of blockchain and tech expertise and therefore, although it is useful to have a deeper understanding of the technology, it remains low on the list of requirements from a risk expert. At the end of the day, everyone in the organisation is responsible for managing their risk.