Date post: | 15-Apr-2017 |
Category: |
Career |
Upload: | resolverinc |
View: | 693 times |
Download: | 0 times |
Risk Reimagined!
The importance of people and culture to effective risk management
Risk Reimagined!
Risk Management author and evangelist
Former Chairman of the Institute of Risk Management and risk manager
Webinar #1: December 1st, 2015
Webinar #2: December 8th, 2015
www.riskreimagined.com
Richard AndersonNorman Marks
Risk Reimagined!
About this webinar:
• CPE: 1 Credit • Program Level: Intermediate
to Advanced • Prerequisites and
Advance Preparation: N/A • Delivery Method: Group
Internet Based• Category: Specialized
Knowledge and Applications
To receive a CPE credit:
• Remain joined to webinar for entire duration of programming (full hour)
• Answer all 3 polling questions• Answer all evaluation questions
Join the conversation on Twitter with #RiskReimagined
Risk Reimagined!
Regulators are getting excited by culture
Regulator Year No of Pages Culture Risk CultureNAO 2011 18 4 Nil
Department of Justice 2011 43 6 Nil
FRC 2014 28 20 Nil
FSB 2014 14 100+ 73
Risk Reimagined!
It’s all about people
Any organization is an assembly of people: people who take risks as they manage and direct the enterprise; decide how much risk is acceptable or even desirable; and provide oversight into the management of risk across the extended enterprise.
Risk Reimagined!
It’s all about people
“Culture is how organizations ‘do things’” — Robbie Katanga
“Organizational culture is the sum of values and rituals which serve as ‘glue’ to integrate the members of the organization” — Richard Perrin
Risk Reimagined!
“Culture eats strategy for breakfast” – Peter Drucker
Risk Reimagined!
Polling Question 1
Has the risk culture in your organization been reviewed internally or by consultants? Yes, it is reviewed on a regular basis Yes, once We are thinking about it It would never fly It is not possible
Risk Reimagined!
Is there a single culture?
Risk Reimagined!
Is there such a thing as a single risk level?
Risk Reimagined!
Compliance area Level of riskBribery and corruption 50
Environmental regulations 20
Financial reporting 30
Export/import regulations 20
Product safety 30
TOTAL 150???
Is there such a thing as a single risk level?
Risk Reimagined!
Why do so many of us take different views of exactly the same risks? How does an organization decide which view is “right”?
Risk Reimagined!
Why do people matter?
Human nature is …Individualist … or … collectivist
What do you believe … ?
I or C? Which do you think?
Risk Reimagined!
Why do people matter?
Human nature is …Individualist … or … collectivist
What do you believe … ?
I or C? Which do you think?
The way we live …“superiors” tell “inferiors” … or … “equals” negotiate the “rules”
Prescribed/In-equal … versus … Prescribing/Equal
Tell or Negotiate? T or N? Which way does it work?
Risk Reimagined!
Polling Question 2
Are you: Individual/Negotiate Collectivist/Negotiate Individual/Tell Collectivist/Tell None of the above Don’t know Don’t Understand
Risk Reimagined!
And cultural theory...
Fatalist
Individualist
Egalitarian
Hierarchist
I C
Tell
Negotiate
Risk Reimagined!What is the difference between the “risk” culture and the “organizational” culture? How can it be analyzed?
Risk Reimagined!
IRM Risk Culture Framework
IRM’s risk culture framework looks at component parts making up an organisation’s risk culture• How will I react?• How will I respond in
recognition of other competing needs?
• What will I do?• What will we do?• Our overall risk culture
Risk Culture
Organisational Culture
Behaviours
Personal Ethics
Personal Predisposition to
Risk
Risk Reimagined!
Risk culture aspects model
Risk CultureTone at the
Top
Ris
k Le
ader
ship
Dea
ling
with
B
ad N
ews
Governance
Acc
ount
abili
ty
Tran
spar
ency
Decisions
Ris
k In
form
ed
Dec
isio
ns
Rew
ard
Competency
Ris
k R
esou
rces
Ris
k S
kills
Risk Reimagined!
Thinking about risk is managed…
1. Risk informed decision2. Deals with risk systemically3. Throughout the
organization4. With partners5. Nimble with new issues6. Can leverage risks7. Takes more, better-
managed risks8. Gets hit by few surprises
9. Lives by established principles10. Expects excellent
performance11. Top-level buy-in to risk
management12. Links risk management to
strategic and operational management
13. Aims for simplicity and action, not bureaucracy
14. Constantly conscious of risk management performance
Risk Reimagined!
Holding a mirror up...
Risk Reimagined!
Holding a mirror up...
Risk Reimagined!
Holding a mirror up...
Regular findings Non-execs normally refuse to take part. Exec directors are ALWAYS more optimistic about their risk
management maturity than the rest of the workforce. Risk managers, heads of internal audit etc. ALWAYS know when
they are using smoke and mirrors to report up the line. Few others even care...
Risk Reimagined!
Assessing the Risk Culture
Desk TopResearch Surveys Interviews
Risk Reimagined!
Assessing the Risk Culture
Desk TopResearch Surveys Interviews
Conversations in Risk
Risk Reimagined!
Conversations in risk management
Me
CEO EE Partners
Suppliers Clients
IP ownerBack Office
Risk Reimagined!
Production and Projects
Sustainability and HSE
Drilling Exploration & New Business
Finance Other0%
25%
50%
75%
Production and Projects
Risk Reimagined!
Production and Projects
Sustainability and HSE
Drilling Exploration & New Business
Finance Other0%
25%
50%
75%
Sustainability and HSE
Risk Reimagined!
What about when the actions of one impact the success of another?
Risk Reimagined!
Objective
Risk D
Objectives, Risks and Controls
Objective
Risk A Risk B Risk C
Control 1 Control 2
Control 3 Control 4
Risk to more than one objective
Control to more than one risk
Risk Reimagined!
Objectives, Risks and Controls
Objective
Risk D
Objective
Risk A Risk B Risk C
Control 1 Control 2
Control 3 Control 4
Department A Department BWho owns Control 4? Who has a guardianship interest?
Risk Reimagined!
Objective
Risk D
Objectives, Risks and Controls
Objective
Risk A Risk B Risk C
Control 1 Control 2
Control 3 Control 4
Company One Third party coWho owns Control 4? Who has a guardianship interest?
Risk Reimagined!
Risk vs. Organizational Culture
Culture:The culture of the organization is built from the behaviours, beliefs, attitudes, activities and ethical responses of the individuals in the organization and determines how those individuals will respond to issues in the “here-and-now”. It is influenced by the tone from the top, incentives and the social & regulatory environment.
Risk Culture:“The risk culture of the organization is about how individuals tackle the complexity of the multiple futures that face them in dealing with issues today. It is about “tomorrow” rather than the “here-and-now”. It is what gives an organization the resilience to tackle difficult decisions today while having an eye on the impact tomorrow.”
Risk Reimagined!
And where they clash…
Issues which any board should want to know about:• Values: Significant deviations from the board’s values.• Silos: Especially where an organization is facing complexity in its dealings
internally or externally. • Layering: Layered management reporting prevents new issues being spotted on a
timely basis.• Short-termism: Extrapolation from past behaviours is not necessarily good enough
for dealing with new futures.• Control vs. Risk: Control (or risk control) management instead of risk
management.• Obstruction: Individually obstructive nodes can be very dangerous.• Black holes: Sometimes it is difficult to discern any volume of conversations about
risks.
Risk Reimagined!
Balanced Risk revisited
PerformanceCulture
CorporateEthics
AvoidingPitfalls
More ManagedRisk
PerformanceZone
DeadZones
Risk Reimagined!
Balanced Risk revisited
PerformanceCulture
CorporateEthics
Here-and-Now Tomorrow
PerformanceZone
DeadZones
Risk Reimagined!
Leadership in complex systems
Relationships & behaviours
Draw on widely diverse
perspectives
Adopt open enquiring mind set
Go out of your way to
make connections
Tasks& ideas
Be Clear
Be Curious
Be Courageous
Invest in promoting
values
Establish compelling
vision
Embrace uncertainty
Distribute leadership &
decisions
Risk Reimagined!
Polling Question 3
Does your organization have a healthy risk culture? Without question, yes With exceptions, mostly yes Only to a degree Not really Unsure
Risk Reimagined!
The bottom line
Risk Management should be the disruptive intelligence that pierces
perfect-place arrogance
Risk Reimagined!
DISCUSSION
Risk Reimagined!Risk Reimagined!
RiskReimagined! Events:
Tampa, FL March 3rd, 2016London, UK April 7th,
2016Chicago, IL April 22nd, 2016
Details for booking: www.riskreimagined.com
Risk Reimagined!
www.riskreimagined.com
Richard AndersonDirector, [email protected]
Norman MarksRisk Management Author and [email protected]
Contact Us:
Resolver [email protected]
Hussain HasanPrincipal and Regional Leader for Risk Advisory Services, RSM US [email protected]