Your Reliability Engineering Professional Development Site
Guest Post by James K. Kline (first posted on CERM ® RISK INSIGHTS – reposted here with permission)Reputational Risk and ERM
It is estimated that an organization’s reputation accounts for over a quarter of its market value. As such managing reputational risk has become an important issue for C-Suite members. This piece examines the issues surrounding reputational risk and how an Enterprise Risk Management (ERM) approach can help manage this risk. [Read more…]
Guest Post by Greg Carroll (first posted on CERM ® RISK INSIGHTS – reposted here with permission)
In my 2013 book Mastering 21st Century Enterprise Risk Management: Firing Dated Practices | The Best Practice of ERM | Implementation Secrets
Guest Post by Geary Sikich (first posted on CERM ® RISK INSIGHTS – reposted here with permission)
In the risk-neutral world, all business and government continuity planning would be risk-balanced. However, in reality, risks, threats, hazards and their consequences change depending on an organizations exposure, sensitivities to impact and other factors. For instance, a natural disaster, can occur without much warning and can have direct and indirect impact on an organization. Complicating the Business Continuity Planners life is a simple fact, events have unforeseen consequences that can rarely be planned for.
Guest Post by Rod Farrar (first posted on CERM ® RISK INSIGHTS – reposted here with permission)
I have often been asked to provide insight into the management of shared risks, particularly by those working in Commonwealth Government Departments.
Element 7 of the Commonwealth Risk Management Policy states that: each entity must implement arrangements to understand and contribute to the management of shared risks. It goes onto to define shared risks as: those risks extending beyond a single entity which require shared oversight and management. Accountability and responsibility for the management of shared risks must include any risks that extend across entities and may involve other sectors, community, industry or other jurisdictions.
That might sound simple enough – but is it? [Read more…]
Guest Post by Geary Sikich (first posted on CERM ® RISK INSIGHTS – reposted here with permission)
We are enamored by risk models, mathematic algorithms, equations and formulae. As a matter of fact, we have become so enamored by complex mathematical algorithms, formulas, models and derivatives that we have abdicated much of the analysis of risk, to these complex formulas and quantitative analysis methodologies touted by firms far and wide. Where has this gotten us? Are we better able to predict and measure risk exposures? Are we managing risk more effectively? [Read more…]
Guest Post by Geary Sikich (first posted on CERM ® RISK INSIGHTS – reposted here with permission)
From financial crises to energy catastrophes to earthquakes and threats of terrorism, we hear a lot about events that challenge our ability to identify and manage risk. Unfortunately, some of the things that emerge from many of these events are reactive regulatory rules and requirements. [Read more…]
Guest Post by James J. Kline (first posted on CERM ® RISK INSIGHTS – reposted here with permission)
In the Baldrige Excellence Framework the term “Intelligent Risk” appears. It is defined as: “Opportunities for which the potential gain outweighs the potential harm or loss to your organization’s future success.” This definition expresses a concern that risk might inhibit innovation. With the addition of Enterprise Risk Management to the 2017-18 Framework has a condition been created where two best business criteria, innovation and risk management, might cancel each other out? More basically, does Enterprise Risk Management (ERM) inhibit innovation related risk taking?
Guest Post by James J. Kline (first posted on CERM ® RISK INSIGHTS – reposted here with permission)
In 2015, innovation was added to the Baldrige Excellence Framework. While there is no doubt that innovation is important for an organization’s survival, a fundamental question is: How much does a quality improvement process, which is encouraged by the Baldrige Excellence Framework, contribute to innovation? While there is no simple answer to this question, some indication can be seen in an examination of the focus of the quality improvement process and what happens to a company, with a reputation for innovation, when a quality improvement process is implemented.
Such a company is Minnesota Mining and Manufacturing (3 M). And, a June 11, 2007 article in Business Week, entitled: “3M’s Innovation Crisis: How Six Sigma Almost Smothered Its Idea Culture”, argued that Six Sigma inhibited 3M’s ability to innovate. This piece discusses the 3M experience and the relationship between Six Sigma and Innovation.
Guest Post by Geary Sikich (first posted on CERM ® RISK INSIGHTS – reposted here with permission)
It is mid-year 2014 as I write this article. We have recognized the need to better manage supply chain risks for the better part of a decade now. Yet, we still seem to be deluded into thinking that the modern supply chain is resilient to the point of invulnerability. Most organizations have a supply chain that is a mix of competencies, from manufacturing to professional advisory services. [Read more…]
Guest Post by Geary Sikich (first posted on CERM ® RISK INSIGHTS – reposted here with permission)
Exposure to threats, hazards and risks leads to vulnerabilities that an organization must deal with. Commonly these are addressed via a mitigation process. Once mitigation is accomplished, often times the organization feels that the risk, threat, hazard does not need to be revisited. However, as a result of the mitigation efforts on the part of the organization, the risks, threats, hazards reconfigure and re-emerge in a different form.
In order for mitigation to be successful it has to be a constant and ongoing process that produces a resilience to the negative effects of risks, threats and hazards that are realized. [Read more…]
Guest Post by James Kline (first posted on CERM ® RISK INSIGHTS – reposted here with permission)
The title may sound strange given the Baldrige’s origin as the U.S. National Quality Award. Yet, its migration to a Performance Excellence Criteria and the addition of Cyber Security, Innovation, and Enterprise Risk Management (ERM) does pose challenges to the quality profession. This is particularly true since the many of the Baldrige examiners are quality professionals. [Read more…]
We are seeing more global certification bodies create their own assurance and branded certification schemes.
Like ISO 31000 letter of conformance for airports.
Dubai Airports this week received a letter of conformance for ISO 31000 – 2009 Enterprise Risk Management from Lloyds’ Register Quality Assurance (LRQA). [Read more…]
Guest Post by James Kline (first posted on CERM ® RISK INSIGHTS – reposted here with permission)
The National Institute of Standards and Technology (NIST) just issued the 2017-2018 Baldrige Excellence Frame Work. There were modifications to a number of categories such as Category 1 Leadership, Category 2, Strategy and Category 6 Operations. Included in the modifications were substantive additions for Cyber Attacks and Enterprise Risk Management (ERM).
In the discussion of the changes from the 2015- 2016 framework it is noted: “The future competitive advantage that will flow from good ERM is based on the holistic addressing of risk and the actions taken – including the pursuit of intelligent risks – as part of an overall strategic approach to managing organization performance.” (Baldrige.2017.45)
This statement makes two things clear. First, ERM is seen as contributing to the competitive advantage for any organization. Second, ERM is a holistic approach. The inclusion of ERM in the Baldrige Excellence Frame Work does two other things. It reinforces the momentum created by the inclusion of Risk Based Thinking in ISO 9001:2015 and the issuance by OMB of Circular A-123. Both actions expanded the reach and ultimately the interest in ERM. In addition, it signals that ERM is considered part of best practice. This means its use increasingly will become a standard by which all organizations can be evaluated by regulators and stakeholders. [Read more…]
Guest Post by Geary Sikich (first posted on CERM ® RISK INSIGHTS – reposted here with permission)
We live in a world of consequences. Everything that we experience is a consequence of some action, decision, reaction and/or choice. For organizations, the consequences of a choice, action, decision and/or reaction can cascade throughout the organization and extend to its “Value Chain” rippling through all the known touchpoints and the as yet, unidentified touchpoints.
Organizations need to understand their strategic, operational and tactical capabilities and capacity to recognize, mitigate and/or capitalize on cascade effects. As a result of the diverse nature of global business operations, geopolitical circumstances, culture, etc., there currently is a standardization gap with regard to how organizations should react to cascade effects. This is partly due to opacity, nonlinearity and insufficient competitive/business intelligence that organizations can draw from. This is not to say that the information does not exist. Rather that it does not exist in a form that is readily recognizable to organizations in most cases. [Read more…]
Guest Post by Geary Sikich (first posted on CERM ® RISK INSIGHTS – reposted here with permission)
The focus of this article is on the application of guidance (ISO 31000, FFIEC, etc.) often resulting in the appearance of compliance resulting from a checkbox perspective rather than actually and actively identifying and managing risk(s) by organizations.
In Risk Management: History, Definition and Critique, by Georges Dionne (March 2013 – CIRRELT-2013-17); the opening statement from the Abstract is revealing: [Read more…]