Risk Management Blog
Bryan Whitefield focuses on building risk leaders in organisations and on demystifying enterprise risk management, risk financing and business continuity planning for non-risk professionals.
As a Trusted Advisor in Risk do you focus on all the decisions the business is making or do you focus on the big issues?
I bet you thought to yourself, of course I focus on the big issues, they are the ones that count.
Now, what if I asked you, “as a Trusted Advisor in Risk, do you VALUE all of the decisions the business is making or do you only focus on the big issues?” Now you are saying to yourself, “of course I value all of the decisions and I value the bigger ones more than the smaller ones."
Now let’s think about the decision to expand capacity of a current manufacturing process. Let’s assume to do this will cost of the order of $100M and will take 12 to 15 months from decision to move ahead until the first product from the expanded facility is being shipped to market.
The first decision, to expand the plant or not is obviously the biggest one. However, once the decision is made, there will be many thousands of decisions being made by staff, contractors and suppliers before the plant is in full production. There will be decisions about technology and about which supplier to use. There will be decisions about timing of purchases and modes of transport. There will be decisions about hiring additional plant operators and how best to train them.
Are you getting the same feeling that I am getting? The size and the importance of decisions is reducing over time, however, their numbers are increasing. I have portrayed this as a Decision Value Curve (see diagram). My point is, that the 1,000 decisions at the end of a project can approach the value of the big decisions at the start of a project.
What does this mean for you? Yes it means you had better get the big decisions as right as possible. However, it also means you had better have all your people making good decisions given the sheer volume of them being made. One poor choice can set a project back a month or render a desired functional outcome as no longer possible. Therefore you want good risk-based decision making by all your staff throughout the organisation.
As a Trusted Advisor you and your team of advisors or Risk Champions should be helping to ensure you have staff across the organisation highly capable at decision-making under uncertainty – yes, that’s Risk Management!
Please write your thoughts in my Blog, here,
I was reading a recent article from Knowledge@Wharton called “It’s Worth What!? Pressure-testing Companies with Sky-high Valuations” based on a book by Derek Lidow about Startups and what leadership style is needed at which point. So if you are a stock market punter it is worth a full read.
I was attracted to the article because I remember oh so well the dot.com to dot.bomb era at the turn of the century (doesn’t that sound like a long time ago?) and I have been fascinated with valuations of companies like Facebook and Uber. I understand that the market is backing the intellectual capital within the heads of the founders and their employees, however, this article clarified for me some of the decisions they need to make so they “make it” in business.
One key decision is to create and to hone at the same time. The article refers to Google as having “…shown itself skilful at creating new products while simultaneously honing existing ones”.
The process of creating and honing is not just for Startups. It has a place in most product and service development. Everyone in business should be looking for add-ons to your offering, however, add-ons bring complexity and so you also need to know when to pare back complexity and hone-in on what you do best.
The way to pare back complexity is to reveal cause and effect. That is, which of our product or service offering add-ons are causing customer satisfaction, which have become neutral and which are now causing dissatisfaction. Just because you added it on for good reason a year ago, doesn’t mean it should stay today.
If you have attended a workshop or speech of mine in the last 10 years you may well have been exposed to my version of the risk management journey for organisations from Vulnerable to Resilient. I portray the journey using an S-Curve, as shown here:
The nature of an S-Curve is that it is relatively easy to run up the middle of the curve, however, it is difficult to move up the last 20% or so. So it is for organisations in their risk management journey and so it is for Risk Advisors in organisations.
My observation is that there are four phases along the S-Curve for a corporate risk advisor. They are:
• Framework Designer
• Perception Modifier
• Behaviour Change, and
• Trusted Advisor
If you focus too much on framework design you are likely to make it too complex. Once you move on to modifying staff’s perceptions you begin to make substantial change in your world; that is, people seem to be listening. The real test is if you have moved on to become a Behaviour Changer. Are staff behaving the way you hope they will, are they making better decisions by taking more account of the uncertainty around those decisions? And then the ultimate goal is to become the Trusted Advisor. Are you getting invited to the table where the big decisions are being made?
Where are you on your personal S-Curve?
The MIT Sloan Management Review and Deloitte University Press have collaborated to produce an excellent paper on the value of social media. It is titled Moving Beyond Marketing and it can be found here.
The article made me realise that if all an organisation is doing is using social media for communicating messages and monitoring the response, they are missing out on great opportunities. The paper is based on research into social media use by business and derives its key learnings from businesses they describe as at the mature end of the sector, the ones:
- Using social media to make a broad range of decisions
- That have their leadership focused on a vision of social media creating massive positive change, and
- That have a vision that includes social media being used for much, much more than marketing
Here are some thoughts from my read of the paper:
- Integrate social media into operations such as to drive product development or help facilitate after sales service. How often do you search for a solution to a problem with a product on the internet only to find the company only provides a manual that doesn’t really help? The next search result is for a forum where some other poor sod with the same problem who solved it, has the good sense to let other people know about it. More advanced companies have their own forums, monitor other forums and respond through those same channels.
- Monitoring social media is an obvious must, however, there also should be a periodic high level review of the data. Trends, repetition, absence of reference are all items that may tell a story that needs to be acted on.
- Senior management must get involved. It can’t just be outsourced to those in the organisation who use and like social media. It requires leadership to ensure the best results. That doesn’t mean you have to be on Twitter like Rupert Murdoch.
- Facilitate how social media drives talent development. Use social media to allow staff to express themselves, share knowledge and cultivate a strong, close-knit community.
There are lots of great examples in this paper of how companies have utilised social media to drive change. I encourage you not to sit back and watch, get in and be part of it as the way we work continues to evolve.
I have said more than once that the IT industry has much to be blamed for in terms of poor project delivery. I wrote a discussion paper on Project Risk Management where I lead off with “Why could we land a man on the moon in 1969 yet in 2013 we struggle to get a moderate sized IT project delivered successfully? – An acceptance of mediocrity?”
I recently read “Agile for Dummies” published by IBM and authored by Scott W. Ambler and Matthew Holitza, which is about mastering Agile, a project management methodology for IT projects (by the way, it’s free). It reminded me of a conversation I had with a mate about project management that made me realise we really do not learn enough from other industries. My mate was a very experienced project manager in the major construction industry. Later in his career he found himself managing a large non-construction project for an organisation and he told me that they thought he was an absolute genius because he introduced two week project planning within the longer-term 12 month project plan. Of course, this is how he had learnt the trade of project management, he never knew any other way.
The truth is that the Agile IT project management technique, whether by accident or because they went looking, is based on short, such as two week, development windows. Where it differs from a construction project is their focus on delivering working software every two weeks whereas that focus can’t apply to building a 30-storey building!
Now all the Agile community needs to get right is some good risk assessment methodologies and the IT industry really will have learnt to do things well. They may exist, however, I have not found an IT team that was doing risk assessment well before I arrived (sorry clients!), and IBM’s paper did not fill me full of confidence. It does recognise “project risk” throughout and they do provide tips on how to reduce it. In fact, they mention risk management as one of the “things” to be focussed on at the right time, but include nothing about how to do it.
Risk taking is not just essential it is unavoidable. The other evening I was waiting at a busy intersection with complicated turning options for vehicles. I saw a green light, took two steps, realised something was wrong and hightailed it back to the curb. Yes, it was the green light for the cars and my pre-programmed and distracted brain misinterpreted it as a signal for me to commence my crossing.
How could this “incident” be avoided? Automatic barriers preventing me from crossing that are linked to the lights? The same system at every busy intersection? That infrastructure would cost millions – could this money be better spent on health or education?
My point is, society has by default chosen a background level of risk to life and limb that is at least approaching tolerable although we continue to try and improve safety as our knowledge, technology and wealth increases.
Has anyone written down our society’s appetite for risk? Should we? Would we?
This is a truly vexing question and in an organisational context, managers often either choose not to document their implied risk appetite or write down what they believe is palatable rather than the truth. Does this impede risk-based decision-making in the organisation or do staff inherently know the accepted level?
In my experience the larger the organisation, the less likely staff have adopted the same risk appetite that senior management have for risk. Documenting and communicating risk appetite both ensures all senior managers are on the same page and definitely drives decision-making further down the organisation.
If you don’t have one, have a look at this sample Risk Appetite Statement and let me know if you would like some help.
Last month I provided some tips regarding improving engagement with your risk program through developing your personal skills and building a team of Risk Champions to support you. This month I want to dig a little deeper to expose a key driver to great engagement and that is experiential learning.
Because of many people’s poor perception of risk their willingness to engage is very low. The perceptions of risk as only compliance, as a handbrake on business, is a barrier to learning. Consequently you need strong learning techniques to break down the barrier.
- Describe the barrier – unveil it if you wish
- Paint a different picture of risk – paint a picture of success
- Take them through the process – show them it works
For the last tip, showing them it works, I highly recommend you follow these 5 experiential learning steps:
- Break your participants into groups
- Use live examples such as a current project
- Ask them to apply the risk tools and templates you have provided them
- Guide them through the process with your expert facilitation
- Help them to implement their learnings back in the workplace
Food for Thought: Is it Luck or Good Management?
They have a saying in the insurance industry: “A lucky underwriter beats a good underwriter any day of the week”. Well, we have it confirmed once again that Australia is the Lucky Country. This time the evidence is provided by APRA in their submission to the Financial System Enquiry on 31 March 2014.
In the Executive Summary on Page 6 it states:
“APRA eschewed light touch supervision in the wake of the collapse of HIH Insurance in 2001, and it has significantly strengthened its supervisory approaches and practices since then. In APRA’s view, its most enduring contribution to the resilience of institutions in the crisis came from its ‘close touch’ efforts to promote their financial health prior to the crisis, and to deal conclusively with struggling institutions.”
So the truth of the matter is that following the massive impact of the collapse of HIH, APRA changed and changed more than significantly. It grew very large teeth and it has not been afraid to use them. By 2007/2008 as the financial crisis unfolded the heavy hand of APRA had been felt by Australia’s financial institutions and their management had not played the same games as their counterparts around the world. Australia survived relatively intact. Now APRA, quite rightly, is seen as a guiding light for other regulators globally.
Still, there is a bigger question. Why can’t we learn from the past and not take our eye off the ball when things are going well again? Perhaps it is simply the optimistic nature of humankind.
If things are going pretty well for your organisation now, please investigate your corporate memory bank and have a look for where history may be repeating itself.
Food for Thought – Policy Administration
Last November in my Risk e-Views newsletter I wrote about a book entitled Administrative Behaviour by Herbert A. Simon. In a nutshell, Simon describes the basis of an organisation as:
• A well-defined purpose communicated to staff and other stakeholders.
• A series of decisions that affect actions.
• Policies, processes and systems to influence the decisions.
So, I recognise policies are inherently important for guiding the decision-making within your organisation, however, policies and their abundance have always been a vexed issue for me. In an ideal world all of your people know everything you could possibly write in a policy through osmosis. The reality is, there is a never-ending challenge to get the balance right between a policy void (low control) and policy mania (high control).
I found this paper entitled The Definitive Guide to Policy Management from Navex Global to be thought provoking and comprehensive. Remember when reading it, however, it is a US based company with the US its biggest market which means that with the level of laws, regulation and litigation in the US, large organisations in that market have a different level of challenge to most Australian companies.
I am not a policy administration specialist, I do however know about decision-making. So if decision-making in your organisation is in need of a cultural shift, please book a timeslot for a 15 or 30-minute one-on-one teleshare (a telecon with screen sharing) so we can explore your options. Book here or give me a call on (02) 9400 9702 to arrange a time.
Food for Thought: Performance & Health - A New Management Lexicon?
I have long agreed with those in the investment community that argue analysts drive short-term thinking by managers of many publicly listed companies, which in the end destroys value. While reading this article by McKinsey entitled “Building the healthy corporation” I realised that many organisations are now fighting back. McKinsey report that a number of firms have brought “Performance and health” into the corporate lexicon. They explain further with:
“Just as people may seem reasonably well today but may not have the physical condition for the rigors of a long and active life, so too companies that are profitable in the short term may not have what it takes to perform well year after year.”
A good point they make is that most investors do highly value health as well as performance and that it appears the noisy few investment analysts are the ones that are often heard and reacted to.
The McKinsey list for a healthy corporate body:
While you can argue a list like this until you are blue in the face, it is a sound list. In my experience, the one management has pushed the least in the modern organisation is “Metrics”. So many facets of an organisation are challenging to measure, however, if something is important it should be measured otherwise your subjective assessment of your performance will more likely be a long way off the mark.
Metrics using hard data and proxies for hard data can and should be developed. In my experience, once you get going with metrics, you will find the process somewhat intriguing and highly rewarding.
Call me on (02) 9400 9702 or email if you’d like to discuss methods for measuring the health of your organisation.
Food for Thought: The Challenge of Digital Transformation – We are ignoring the root cause!
An MIT Sloan Management & Capgemini research study prompted this edition of Food for Thought. The key theme – business leaders are lacking urgency when it comes to pursuing opportunities being afforded by technology. This quote from the article sums it up best:
“There are two wrong ways to approach (digital transformation),” MIT’s George Westerman told us. “One is to say, ‘just go off and do something. And we don’t need to worry about coordination.’ Another is to hire a bunch of people and say ‘make this happen. I don’t need to be involved.’”
Now cast your minds back to the 1990s. “Whoa, here comes a thing called the internet with this crazy email functionality!” “What a cool name, placing an “e” in front!”. What we have seen since are stories of boom and bust.
I found the article excellent in articulating the current problem and it provides many sound ways of addressing it, however, the article does not address the question of “why” the problem is there in the first place. I can give you one very good reason, most senior management do not have sufficient understanding of technology – full stop.
Now here is the clincher for me. Last week I had the pleasure of offering some mentoring advice to some undergraduate business students, the future accountants, bankers, marketers and yes, CEOs. I asked them if their degree included a course on technology. The answer: “No”!
I ask you why, if technology has had the impact it has had in the past twenty years and the likes of MIT Sloan Management Review are able to so clearly depict the opportunities of the future, why are we not teaching our youngest and brightest about managing technology? Yes they may be excellent users of technology (so was I twenty years ago), however, being an advanced user of Twitter or Google has nothing to do with the core skills required to lead organisations through the next twenty years of technological change. Skills that from my perspective are still sadly lacking across Australian business.
If you agree or disagree I would love to read your comments on my blog. If you want to hear more from me on the topic, email me with your question and I will do my best to answer it within a few days – firstname.lastname@example.org.
Food for Thought: Bridging Silos
Silos allow management and teams to focus, however, they also create barriers to collaboration and the flow of much needed information. In this interview by McKinsey with Paolo Cederle, CEO of Milan-based UniCredit Business Integrated Solutions, Paolo outlines the business model UniCredit designed to move away from siloed thinking and provides some key insights into how they overcame many of the challenges the new organisational structure presented. Some of those insights included:
1. Matrix organisation guided via a governance layer. The organisational structure is now defined by a matrix of business lines and banking and infrastructure service lines referred to as the “factory layer”. Overlaying the matrix is a governance layer aimed at driving the integration of silos.
2. Disruptive cultural change. They recognised the culture change required was particularly disruptive as the new organisation required business and support people to work much more closely. People with often very different skill sets and ways of doing things needed to meet and find a new common ground.
3. Communication through technology. As with any change, communication is key. UniCredit used the latest in technology to drive the cultural shift. This included manager blogs, webinars, PC-enabled video conferencing and the use of narrowcast videos.
4. Management support. They did not sit back and find out which managers rose to the top, they designed the governance layer to specifically support them to both understand their new role and to assist them to drive the transformation.
While I have long upheld that a good risk management framework breaks down silos, I fully recognise that breaking down these ingrained structures is a complex task and this interview highlights some key steps to take to manage the transition.
Food for Thought: How technology slows the pace of change
I was listening to the radio just recently. A caller was asked about something he had done that was a bit unusual and his answer was “Run a 14km fun run in a Gorilla suit with my best mate”. Asked how wearing gorilla suits impacted their race time, his answer caught me and the radio host a bit by surprise. They had been running in the gorilla suits every year for over ten years and their race time had become not just slower, it had become exponentially slower as each year had gone by. The reason – technology!
What had technology done? It had put a camera in the pockets of the masses. Just about every runner in the race was carrying a smartphone with an A-Grade camera and they were snap-happy. Being the polite gentlemen that they are, they could not refuse a request for a photo.
This got me thinking about how else technology slows us down. Here is my hit list:
We wait for it patiently. We wait for the next best thing and miss out on the short-term benefits from the “now” best thing.
We wait for it impatiently. We fail to implement technology well and we wait until we get it right and way too often we wait and wait and wait.
We don’t wait for it, we grab it and we play with it. This is the typical techo. They can’t help themselves. The technology is soooo cool, it has to be played with.
We don’t wait for it, we grab it, we play with it and we discard it way too soon. This is the typical non-techo. We grab the technology all starry-eyed with grand visions and we are soon disappointed because we didn’t meld the technology into our environment. We just shoved it in.
For me this reinforces just how hard it is for designers to communicate to us about their technology and for us to assess it. Irrespective can you all please keep designing and assessing, as without doubt, technology makes the world an incredibly interesting place!
Food for Thought: Milestones are not the be all and end all
This article that I wrote last year for my “Food for Thought” series of emails fits perfectly with the TED Video of Sarah Lewis “Embrace the Near Win” that I posted in my Risk e-Views last Monday. It reaffirms that we need to set achievable goals and celebrate when we tick them off as “DONE”.
I did a little research and found this whitepaper entitled “Recognize Achievements, Not Just Anniversaries”. The authors recommend focusing on these five components of recognition:
- “Change the frequency of your milestone acknowledgement” – Gen Y can’t imagine ten and twenty-year tenures so think about 6, 12 and 18 months instead!
- “Provide meaningful reward choice” – Not everyone wants a gold watch.
- “Leverage the power of accumulation” – People like goals and accumulating recognition towards a major reward can be fulfilling for many.
- “Incorporate points-based, manager-to-employee and peer-to-peer recognition” – Allow accumulation of points towards rewards from a multitude of activities.
- “Tap into more motivational drives” – Psychology has come a long way and we now know a lot about how different kinds of people are motivated. We should tap into this knowledge in our program design.
Thus the authors advocate using within organisations what is already occurring in most sports. A sports career is not judged on only a few milestones being achieved. It is judged on a myriad of statistics that allows many more great players to be appreciated for different elements of their game. It reminds us we have many strong people in organisations that make things happen behind the scenes who are not necessarily identified for the leaders that they are. I am sure many of them reside in the risk profession!
Food for Thought – BRW’s Fast 100
1. They can spot a niche opportunity
2. They are resilient against factors they can’t change
3. They are happy to change, even to reinvent themselves, and
4. They are quick to take advantage of change around them
It is interesting that when I talk about resilient companies I am often talking about companies like General Electric or Microsoft that have huge balance sheets and a major presence in their markets. When I talk about the resilient quality of small businesses, on the other hand, I highlight their ability to move quickly – it is what allows them to survive and thrive.
Another difference between larger corporations and smaller businesses is risk appetite. Although it hurts small business owners a lot when they fail, the truth is, they were a taking a gamble in the first place. Managers of large organisations are not expected to gamble the whole business on one major play! Essentially that is what each small business is doing on start-up and it is only when they become larger companies that they derive their resilience from strength in addition to agility.
For more on risk appetite check out my newsletter on the topic here and you can download a sample risk appetite statement here. If you do, I would be interested in your feedback on the approach I take. You can call me on (02) 9400 9702 or email me at email@example.com.
Food for Thought: The Napster, Amazon and Apple Missiles
This month's whitepaper is from the Harvard Business Review by Maxwell Wessel and Clayton M. Christensen and is titled "Surviving Disruption". (My thanks to a colleague for highlighting it for me - thanks David!) You can access the article by registering for free on the Harvard Business Review website here.
Wessel and Christensen use a modern variation on the runaway train: "Disruptive innovations are like missilies launched at your business". The paper highlights the missiles that were Napster, Amazon and the Apple Store aimed straight at record companies and the digital camera makers aimed squarely at Kodak. These are great examples of missiles that hit their targets relatively quickly, before missile defence systems could be raised or the missile dodged. Wessel and Christensen maintain that once a missile is fired, there is often time to raise our defences or dodge, duck and cover. Their examples include cinemas which have survived despite public access to movies in our lounge room soon after their release and ships traversing the globe despite the development of supersized aircraft.
Their tip for assessing how technologically advanced the missile is coming your way:
- "Identify the strengths of your disrupter's business model;
- Identify your own relative advantages;
- Evaluate the conditions that would help or hinder the disrupter from co-opting your current advantages in the future."
In their article they go on to describe different ways of thinking about these issues including a modern spin on the old "barriers to entry" to an industry. They refer to an "ecosystem barrier" to describe a steady-state business environment where consumers and suppliers are operating comfortably with no real need to change.
Wessel and Christensen finish with a case study on the grocery industry stating: "The theory of disruption tells us that these entrants will speed their delivery times, increase their product selection, and add features we can hardly imagine today in pursuit of new customers and higher profit margins."
For you non-risk professionals out there, I hope this concept of disruptive innovation has got you thinking. I hope the same for you risk professionals and I also hope you are thinking about how this might apply for your next strategic risk workshop. I know I am. My client's industry is being "disrupted" by government policy changes and assessing and adapting to the disruption will be the name of the game.
Call me on (02) 9400 9702 or email firstname.lastname@example.org now to talk about how I can help with your current challenges in risk.
Food for Thought: Mastering Inbox Fatigue
This whitepaper is a double edged sword for me. It covers a major cause of staff non-productivity - too many emails to get the real work done - which I am guilty of contributing to right now! The paper is by IDC and it is titled "The Future of Email is Social". In a nutshell it covers:
- The foundations of email which continue to be its strength today
- A comprehensive description of the growing email challenge which includes its impact on staff productivity and its inefficiency in knowledge sharing and transfer when compared to social media
- How vendors of email software are increasingly bringing the core benefits of social media software into their email program offerings
- The outstanding challenge for enterprise systems providers to include "context" into the functionality. That is auto filtering out or auto adding in information to a conversation by email, instant messaging or while collaborating online, through one's location, job role, project responsibilities, personal development needs, interests and of course expertise
For me the paper highlights the need for risk professionals to be cognisant of the impact of email
Risk Leadership: Driving Cultural Change through Engagement
So many people that I meet for the first time from outside the risk profession have a very poor perception of risk management as a discipline. They see it as a compliance activity at best and most see it as a handbrake on business. Recently my wife described me to a new acquaintance as one of the fathers of modern risk management and the person turned to me and said, “So you are to blame!”
You and I know the value of risk management. You also know that in your organisation there are still swathes of key influencers who see risk as a compliance activity.
Adding to this, you are in a situation that because risk is still seen as compliance and a cost to business, the resources you have available to you are more than just limited, they are pretty scarce.
If you are in agreement with me so far, then ask yourself this: “What do I need to do differently?”
I’ll give you three tips:
- Ask yourself (better still, ask others) “How engaging am I?” and rate yourself on a scale from 0 (that politician that was leader of the opposition for a while a few years back) to 10 (Richard Branson, Virgin). If you don’t score at least an 8 out of 10 the truth is you will struggle to get your message across as there are so many barriers. Check out my paper entitled “Risk Leaderhip: How to be Heard” for some tips on self-improvement.
- Target the senior executive – If they have not listened to you so far and you figure your self-improvement plan will take some time, ask yourself, who will they listen to now?
- Create a team of Risk Champions – see my previous writings on this challenge in Risk e-Views Volume 11, here.
- Risk Management Partners
- +61 2 9400 9702
- © Copyright RMP 2010
- Design by Pimento