The question today is; does the use of a risk framework such as the one proposed in the ISO 31000 risk standard reduce disputes between managers in a company?
A possible upside we may be seeking from a risk framework is the improvement in the sharing of risk knowledge, as well as the communication of business intel across a company. The ability for a risk framework to assign accountability to threats would surely be even more ideal.
One would hope that if managers can formally describe the types of risks they face in their daily work and communicate this insight to internal customers, staff would become more understanding and empathetic to problems or disruptions when they occur. Oversight and disclosure is often fantastic grease for the emotional machine of sympathy.
It could of course go the other way, the risk framework may drive arguments from differing opinions on risk treatment, bickering over risk budgets and divides on ownership and accountability of threats.
In the last twenty-four hours, what did the G31000 forum vote for in our poll?
The discussion that drove this blog posting can be accessed from this [LINK].
Risk Ownership
Brokering restitution meetings for risk management disputes between internal or external staff is a very important risk management activity to entertain. It isn't just about improving the working environment and benefits for resolving typical disputes are numerous but would probably include some of the following key areas below:
[1] Reduce finger pointing responses from staff when incidents are being investigated and improve accountability for the effective operation of controls.
[2] Increase the speed and efficiency of event resolutions by enabling authority lines and defining tactical action responses to threats.
[3] Reduce capital arbitrage in the business. This is a major issue for organisations that can interfere with many financial aspects of risk management such as; Risk budgeting, remuneration incentives and the honest conduct of staff.
[4] Improve or standardise risk event recovery times to cap loss amounts and increase the operating resilience of the business during times of stress.
[5] Create a transparent and uniform response plan for the management of hazards. If transparent reporting can be achieved, then a firm-wide performance benchmark can be identified.
[6] Reduce competitive conflicts of interest that often result in risk management being used as an inappropriate platform for facilitating employees personal interests or insecurities.
All this aside, many risk management frameworks deployed in commercial businesses today, probably don't focus enough effort on the communication aspects that should exist in risk management.
Risk isn't all about modelling exposure distributions or pushing numbers through calculators but the effective facilitation of a control regime that improves the operational efficiency of a business and reducing disputes should assist with that end.
A possible upside we may be seeking from a risk framework is the improvement in the sharing of risk knowledge, as well as the communication of business intel across a company. The ability for a risk framework to assign accountability to threats would surely be even more ideal.
One would hope that if managers can formally describe the types of risks they face in their daily work and communicate this insight to internal customers, staff would become more understanding and empathetic to problems or disruptions when they occur. Oversight and disclosure is often fantastic grease for the emotional machine of sympathy.
It could of course go the other way, the risk framework may drive arguments from differing opinions on risk treatment, bickering over risk budgets and divides on ownership and accountability of threats.
In the last twenty-four hours, what did the G31000 forum vote for in our poll?
Reduce or Increase Disputes?
I wasn't expecting this disarray of results but was hoping for a cluster at the top where I voted. Nonetheless, when one thinks about the question more broadly, it is possible to imagine a valid argument for selecting any of the four options listed in the poll below.
FIGURE 1 : Quick Poll Response
Risk Ownership
My vote was that risk frameworks "Reduce Disputes by Facilitating Debate" but I don't expect that to occur with every risk framework deployed of course, unless the risk manager designs communication channels directly into their risk program. In my opinion, this risk manager will also need to apply additional effort to facilitate "risk face-off" discussions or dispute restitution's when bickering begins over accountability assignment or resource sharing.
Perhaps the best way to kick off a harmonious, open and transparent risk discussion forum would begin with a mapping and risk registration exercise. I have discussed these mapping activities before on this blog and more information can be found on them here [LINK].
Perhaps the best way to kick off a harmonious, open and transparent risk discussion forum would begin with a mapping and risk registration exercise. I have discussed these mapping activities before on this blog and more information can be found on them here [LINK].
FIGURE 2 : Risk Ownership throughout the enterprise [Click image to enlarge]
Brokering restitution meetings for risk management disputes between internal or external staff is a very important risk management activity to entertain. It isn't just about improving the working environment and benefits for resolving typical disputes are numerous but would probably include some of the following key areas below:
[1] Reduce finger pointing responses from staff when incidents are being investigated and improve accountability for the effective operation of controls.
[2] Increase the speed and efficiency of event resolutions by enabling authority lines and defining tactical action responses to threats.
[3] Reduce capital arbitrage in the business. This is a major issue for organisations that can interfere with many financial aspects of risk management such as; Risk budgeting, remuneration incentives and the honest conduct of staff.
[4] Improve or standardise risk event recovery times to cap loss amounts and increase the operating resilience of the business during times of stress.
[5] Create a transparent and uniform response plan for the management of hazards. If transparent reporting can be achieved, then a firm-wide performance benchmark can be identified.
[6] Reduce competitive conflicts of interest that often result in risk management being used as an inappropriate platform for facilitating employees personal interests or insecurities.
All this aside, many risk management frameworks deployed in commercial businesses today, probably don't focus enough effort on the communication aspects that should exist in risk management.
Risk isn't all about modelling exposure distributions or pushing numbers through calculators but the effective facilitation of a control regime that improves the operational efficiency of a business and reducing disputes should assist with that end.
No comments:
Post a Comment