CERM® Risk Insights

Guest Post by Geary Sikich (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

Rethinking Risk and Uncertainty

What is risk?  Think about it before you leap to answer.  Do we really know and understand risk?  Some facts to consider:

• Risk is not static, it is fluid.
• Risk probes for weaknesses to exploit.
• Risk, therefore, can only be temporarily mitigated and never really eliminated.
• Over time risk mitigation degrades and loses effectiveness as risk mutates, creating new risk realities.

Risk management requires that you constantly monitor recognized risks and continue to scan for new risks.  This process cannot be accomplished with a ‘one and done’ mindset.  Risk needs to be looked at in three dimensions and perhaps even four dimensions to begin to understand the “touchpoints” and aggregation of risk, potential to cascade, conflate and/or come to a confluence. [Read more…]

Guest Post by John Ayers (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

Lack of An ERM Policy is Risky

Background

A defense company I worked for wanted to get into the Sonobuoy business. At the time, one company dominated the market and usually received the largest share of the Navy contract.  A couple of other suppliers got the balance of the production quantity to keep it a competitive business.

My company developed a win strategy based on a ¼ scale prototype and purposely under bidding the competition. It worked. They won the largest piece of the production contract. [Read more…]

Guest Post by James K. Kline (first posted on CERM ® RISK INSIGHTS – reposted here with permission)Reputational Risk and ERM

Introduction

It is estimated that an organization’s reputation accounts for over a quarter of its market value. As such managing reputational risk has become an important issue for C-Suite members.  This piece examines the issues surrounding reputational risk and how an Enterprise Risk Management (ERM) approach can help manage this risk.  [Read more…]

Guest Post by Greg Carroll (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

In my 2013 book Mastering 21st Century Enterprise Risk Management: Firing Dated Practices | The Best Practice of ERM | Implementation Secrets I quipped “just as the Wild West of the 1890’s had disappeared without trace by the Roaring 1920s, so too will the business world of the 1990s, be long forgotten by the 2020s”.  Just 5 years on and not only has the world changed emphatically but the rate of change is accelerating. [Read more…]

Guest Post by Geary Sikich (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

Introduction

In the risk-neutral world, all business and government continuity planning would be risk-balanced. However, in reality, risks, threats, hazards and their consequences change depending on an organizations exposure, sensitivities to impact and other factors.  For instance, a natural disaster, can occur without much warning and can have direct and indirect impact on an organization.  Complicating the Business Continuity Planners life is a simple fact, events have unforeseen consequences that can rarely be planned for.

[Read more…]

Guest Post by Rod Farrar (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

I have often been asked to provide insight into the management of shared risks, particularly by those working in Commonwealth Government Departments.

Element 7 of the Commonwealth Risk Management Policy states that: each entity must implement arrangements to understand and contribute to the management of shared risks.  It goes onto to define shared risks as: those risks extending beyond a single entity which require shared oversight and management. Accountability and responsibility for the management of shared risks must include any risks that extend across entities and may involve other sectors, community, industry or other jurisdictions.

That might sound simple enough – but is it? [Read more…]

Heightened Awareness or Reactive, Backwards Looking?

Guest Post by Geary Sikich (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

From financial crises to energy catastrophes to earthquakes and threats of terrorism, we hear a lot about events that challenge our ability to identify and manage risk.  Unfortunately, some of the things that emerge from many of these events are reactive regulatory rules and requirements. [Read more…]

Guest Post by James J. Kline (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

In the Baldrige Excellence Framework the term “Intelligent Risk” appears.  It is defined as: “Opportunities for which the potential gain outweighs the potential harm or loss to your organization’s future success.”  This definition expresses a concern that risk might inhibit innovation. With the addition of Enterprise Risk Management to the 2017-18 Framework has a condition been created where two best business criteria, innovation and risk management, might cancel each other out? More basically, does Enterprise Risk Management (ERM) inhibit innovation related risk taking?

[Read more…]

Guest Post by James J. Kline (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

Introduction

In 2015, innovation was added to the Baldrige Excellence Framework.  While there is no doubt that innovation is important for an organization’s survival, a fundamental question is: How much does a quality improvement process, which is encouraged by the Baldrige Excellence Framework, contribute to innovation?  While there is no simple answer to this question, some indication can be seen in an examination of the focus of the quality improvement process and what happens to a company, with a reputation for innovation, when a quality improvement process is implemented. 

Such a company is Minnesota Mining and Manufacturing (3 M).  And, a June 11, 2007 article in Business Week, entitled: “3M’s Innovation Crisis: How Six Sigma Almost Smothered Its Idea Culture”, argued that Six Sigma inhibited 3M’s ability to innovate.  This piece discusses the 3M experience and the relationship between Six Sigma and Innovation.

[Read more…]

Guest Post by Geary Sikich (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

Introduction

It is mid-year 2014 as I write this article.  We have recognized the need to better manage supply chain risks for the better part of a decade now.  Yet, we still seem to be deluded into thinking that the modern supply chain is resilient to the point of invulnerability.  Most organizations have a supply chain that is a mix of competencies, from manufacturing to professional advisory services.  [Read more…]

Guest Post by Geary Sikich (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

Exposure to threats, hazards and risks leads to vulnerabilities that an organization must deal with.  Commonly these are addressed via a mitigation process.  Once mitigation is accomplished, often times the organization feels that the risk, threat, hazard does not need to be revisited.  However, as a result of the mitigation efforts on the part of the organization, the risks, threats, hazards reconfigure and re-emerge in a different form. 

In order for mitigation to be successful it has to be a constant and ongoing process that produces a resilience to the negative effects of risks, threats and hazards that are realized. [Read more…]

Guest Post by James Kline (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

The National Institute of Standards and Technology (NIST) just issued the 2017-2018 Baldrige Excellence Frame Work.  There were modifications to a number of categories such as Category 1 Leadership, Category 2, Strategy and Category 6 Operations.  Included in the modifications were substantive additions for Cyber Attacks and Enterprise Risk Management (ERM).

In the discussion of the changes from the 2015- 2016 framework it is noted: “The future competitive advantage that will flow from good ERM is based on the holistic addressing of risk and the actions taken – including the pursuit of intelligent risks – as part of an overall strategic approach to managing organization performance.” (Baldrige.2017.45)

This statement makes two things clear.  First, ERM is seen as contributing to the competitive advantage for any organization.  Second, ERM is a holistic approach.  The inclusion of ERM in the Baldrige Excellence Frame Work does two other things.  It reinforces the momentum created by the inclusion of Risk Based Thinking in ISO 9001:2015 and the issuance by OMB of Circular A-123.   Both actions expanded the reach and ultimately the interest in ERM.  In addition, it signals that ERM is considered part of best practice. This means its use increasingly will become a standard by which all organizations can be evaluated by regulators and stakeholders. [Read more…]