...

Beyond Boundaries Risk and Complexity in 21 Century Organisations Richard Anderson

by user

on
Category: Documents
10

views

Report

Comments

Transcript

Beyond Boundaries Risk and Complexity in 21 Century Organisations Richard Anderson
Beyond Boundaries
Risk and Complexity in 21st Century Organisations
Richard Anderson
Chairman, Institute of Risk Management
Dubai, 20 May 2014
Why do people matter?
What do you believe … ?
Human nature is …
Individualist … or … collectivist
I or C? Which do you think?
The way we live …
“superiors” tell “inferiors” … or … “equals” negotiate the “rules”
Prescribed/In-equal … versus … Prescribing/Equal
Tell or Negotiate? T or N? Which way does it work?
And cultural theory...
Tell
Hierarchist
Typical Government
Chief Scientist
Fatalist
What will be will be
C
I
Individualist
Richard Branson
Philip Green
Entrepreneur
Negotiate
Egalitarian
Greenpeace
Environmentalist
Prince Charles
How do we spot them?
It might happen…
It happened…
to me
It happened…
It happened…
to my
competitor
to me…
to
someone
else
The extended enterprise
Multiple Economies in
Multiple Societies
Outcomes
Joint Endeavour
The extended enterprise
Supplier 2
Supplier 1
Government
Customer
1
Multiple Societies
Prime
Joint Endeavour
Contractor
SubContractor
1
Agents
Outcomes
IT
Outsource
Provider
SubLabour
Contractor
Multiple
Economies in
2
Customer
2
Customer
3
Regulator
IP Owner
The extended enterprise economy
•
•
•
A complex system is one in
which even knowing
everything there is to know
about the system is not
sufficient to predict precisely
what will happen.
Complex systems cannot be
controlled – only influenced.
Simple systems behave more
like complex systems when
under stress.
VUCA!
Uncertainty
Volatility
Chaos &
Paradox
Complexity
Ambiguity
Paradox: not susceptible to logical analysis
Single enterprise or joint endeavour?
The Social Dynamics of the extended enterprise
Regulatory
Influence
Extent of
Shared
Values
Outcomes
Joint
Endeavour
Relative
Power
Allocation of
Incentives
Multiple
Civil Societies
What can we manage?
Assurance and the risk manager
Scale of the problem:
• Simple 
Them
Complex
Nature of the issue
• Operational 
Strategic
Approach
• Tools for Risk Management 
risk
Conversations in
Two management disciplines that must be
“extended”
Risk Appetite and
Tolerance
Risk Culture
Risk Appetite
Level
Propensity to
take risk
Propensity to
exercise
control
Risk Taking
Exercising
Control
Escalation
Tactical
Project/
Operational
Stakeholder
Value
Delegation
Strategic
Measurement
Risk Metrics
Control
Metrics
So what does this mean in practice?
B
t0
Time
t1
A
B
t0
Time
Time
t1
t1
C
Time
B
Time
t1
C
Performance
t0
D
A
t0
Appetite
Tolerance
Performance
Where you might get to if
everything goes wrong
t0
Performance
Performance
Performance
A
D
t1
Risk Universe
Current direction of
travel for performance
Where you might get to
if everything goes right
What do risks have in common?
Directly experienced in day to day
activities
Not a lot of prior institutional
or individual experience
Cannot imagine life without balancing
these risks
Directly
Discernible
Visible
through
Science
Manageable through
science
For example treasury,
foreign exchange, some
IT risks
Virtual
Lots of perspectives or
possible outcomes
People liberated to argue
from their own
preconceptions
Achieving objectives depends on...

Taking more managed risk
– risk of taking on too much risk which becomes unmanageable

Avoiding unnecessary problems
– risk of avoiding everything, resulting in total inaction

Creating the right performance culture
– risk of over-stretch resulting in burn-out

Setting appropriate corporate “ethics” and behaviours
– risk of sclerosis as every stakeholder of every decision is consulted
Zone 3
Dead Zone
Zone 2
Performance
Zone
Zone 1
Dead Zone
High
Low
Long Term Performance
And doing the right amount of each
Low
Attribute:
High
(i) Managed Risk Taking or (ii) Avoiding
Pitfalls or (iii) Performance Culture or (iv)
Corporate Ethics and Behaviours
Balanced Risk
Performance
Culture
Dead
Zones
Performance
Zone
More Managed
Risk
Avoiding
Pitfalls
Corporate
Ethics
Enron? Or the Big Banks?
Performance
Culture
Dead
Zones
Performance
Zone
More Managed
Risk
Avoiding
Pitfalls
Corporate
Ethics
UK plc?
Performance
Culture
Dead
Zones
Performance
Zone
More Managed
Risk
Avoiding
Pitfalls
Corporate
Ethics
The objective
Performance
Culture
Dead
Zones
Performance
Zone
More Managed
Risk
Avoiding
Pitfalls
Corporate
Ethics
And you…?
Performance
Culture
Dead
Zones
Performance
Zone
More Managed
Risk
Avoiding
Pitfalls
Corporate
Ethics
So what?
We need to avoid
these without
squashing your
whole purpose and
spirit
Performance
Culture
More Managed
Risk
Avoiding
Pitfalls
Your’ culture has to
be supportive of RM.
We cannot cut
across the corporate
culture or go against
the grain
Do you have a can
do/will do culture:
this needs to be
supported by
appropriate, but not
stifling, RM
Corporate
Ethics
We want to create
the mechanisms by
which these risks
can be taken to
your advantage
So what does this mean in practice?
B
t0
Time
t1
A
B
t0
Time
Time
t1
t1
C
Time
B
Time
t1
C
Performance
t0
D
A
t0
Appetite
Tolerance
Performance
Where you might get to if
everything goes wrong
t0
Performance
Performance
Performance
A
D
t1
Risk Universe
Current direction of
travel for performance
Where you might get to
if everything goes right
Get it right
=>
Shareholder value
growth
Start
here...
Get it wrong
=>
Shareholder value
destruction
Excellent competency in
risk management
The bottom line for risk management?
•Managing
more risk
taking
•Avoiding
pitfalls
•Excellent
performance
culture
•Great
corporate
ethics and
behaviours
4
Measurement
SH/H Val
External
5
Assurance
Internal
Risk Based
Alignment
Sources
Governance
model
Key Data
Control
Maturity
3
Risk and
Control
Risk Taking
1
Business Context
2
Risk
Capability
Capacity
Segments
Geography
Risks
Strategy
Six components
Risk Appetite
6
Board
Reporting
Risk Data
Board and Senior
Management
Vision
Risk Assurance
Risk Appetite
Strategy
Operating
Model
Controls
DATA
Process
Policy
Risk Capability
A function of
1. Capacity (how
much you can
carry?); and
2. Maturity (how
much can your
people cope?)
IRM Risk Culture Framework
Risk Culture
Organisational Culture
Behaviours
Personal Ethics
Personal
Predisposition to
Risk
IRM’s risk culture framework looks at
component parts making up an
organisation’s risk culture
• How will I react?
• How will I respond in recognition of
other competing needs?
• What will I do?
• What will we do?
• Our overall risk culture
Risk Skills
Decisions
Risk
Resources
Reward
Governance
Informed Risk
Decisions
Transparency
Tone at the
Top
Accountability
Dealing with
Bad News
Risk
Leadership
Risk culture aspects model
Risk Culture
Competency
Leadership in complex systems
Tasks
& ideas
Be Courageous
Be Curious
Be Clear
Relationships
& behaviours
Embrace
uncertainty
Adopt
open
enquiring
mindset
Distribute
leadership
& decisions
Draw on
widely
diverse
perspectives
Establish
compelling
vision
Go out of
your way to
make
connections
Invest in
promoting
values
Conversations in risk management
EE
Partners
CEO
Back
Office
You
Suppliers
IP owner
Clients
Management campaign
Take Stock
Target Operating Model
Gap Analysis
Rules of
engagement
Action
Shortfalls from
Desired
outcomes
Governance
Information
sharing
Risk
Management
TOM
Route map to
achievement
Address
information
asymmetries
Next steps
Implement
Check
Implement
Check
Implement
Check
Assurance
Confirmation
Harvest benefits
Share lessons
Desired Outcomes
Participants
Purpose
Roles
Values
Rewards
Culture
Appetite
An approach to starting
1. Articulate strategy in terms of value drivers
2. Identify relevance and urgency of objectives,
plans and projects
3. Identify both what needs to go right and what
might go wrong
4. Develop responses
5. Document, keep fresh and share with staff (ie
make it cultural)
Value drivers
Hard financial drivers
Profitable turnover growth
Soft drivers
Human capital
EBITDA
Intellectual property
Cash tax
Innovation
Interest
Partnerships
Capital expenditure
Joint ventures
Changes in working capital
Reputation
Competitive advantage period
Some questions for the board
•
How complex is our business operating model?
•
What additional risks does complexity pose?
•
Do we understand the risk tolerance associated with the
complexity?
•
How do we manage these risks?
•
How do we get helpful risk information?
•
How do we get sufficient assurance on our risk management
investment?
I passionately
believe that we
can make
uncertain futures
much more
manageable...
This means that we must
work with our organisations
to re-imagine how they
manage themselves, to
make sure that they know
where they are on important
matters and to be confident
that they know how to
address uncertain futures.
We use our knowledge, skills and
experience, combined with proven
tools, techniques and approaches,
which we leave behind for them to
carry on using long after we have
finished, to transform their
business. As a consequence they
will face the future with more
familiarity, they will feel more
confident about their current
position and they will be organised
to go forward into these uncertain
futures.
The bottom line
Risk Management should be the
disruptive intelligence that pierces
perfect-place arrogance
Next steps
•
Consultation document now available
•
Final version to be published September 2014
•
Three volumes of guidance:
1. Executive summary/overview/questions for the board
2. Concepts, governance and assurance
3. Practical tools, techniques and case studies
Questions
Email: [email protected]
Tel: +44(0)7807 780284
Institute of Risk Management
6 Lloyd’s Avenue
London
EC3N 3AX
United Kingdom
www.theirm.org
Fly UP