The results of a recent survey by North Carolina State University and the American Institute of Certified Public Accountants reminded me of the slow progress being made by organizations in implementing risk management. Titled “The State of Risk Oversight”, here are just a few of the findings from the survey.
Why do most organizations see risks increasing, yet less than a quarter have mature programs, with even fewer considering them as providing value. I believe the problem is threefold.
First, the perception of risk management is often viewed in the outdated...
As management guru Peter Drucker said, “Results are obtained by exploiting opportunities, not by solving problems. All one can hope to get by solving a problem is to restore normality. All one can hope, at best, is to eliminate a restriction on the compacity of the business to obtain results. The results themselves must come from the exploitation of opportunities.”
This is one of the reasons why I don’t like the definition of the word risk, especially when used in the phrase “risk management.” Look it up in any English dictionary and you will see risk defined as the chance or probability of loss, harm, or injury – all of which are negative outcomes, and fit into the problem category.
If we are going to protect and create value, we must use a different definition of risk. The one I like is “the effect of uncertainty on objectives.” An effect can be positive or negative, and when it is...
Fundamentally, every organization is a system: a collection of processes that, together, reliably produces an intended result. Systems allow you to spend time focusing on actions that will ensure you can fulfill all the tasks required to achieve the organizations objectives.
Systems are comprised of processes. As W. Edwards Deming, considered by many to be the father of the quality management movement, said: “If you can’t describe what you are doing as a process, you don’t know what you’re doing.” That’s a pretty blunt statement, but quite true when you think about it.
Processes include written policies and procedures that have been established for the purpose of ensuring the desired outcome from a given business operation. This documentation forms the foundation of an effective process, which in turn supports the overall management system.
Properly designed, systems keep everyone on the same page, help avoid bottlenecks,...
It's been said that the biggest risk is not managing risk, however I am not sure that is true. We manage risk every day, either consciously or not, so the real issue is how effective we are at doing so. In this short video I share five potential flaws in the way we manage risk.
Effective risk management requires strong and sustained commitment by management of the organization. The “tone from the top” encourages risk awareness across the organization and staff to be accountable for their actions. Strong leadership utilizes the knowledge of all staff and team members in determining controls before risks occur.
Look up the word “risk” in every English dictionary and you will see it defined as a chance or probability of loss, injury, or harm. Games of chance date back to ancient times, with gambling being a part of society since the beginning of recorded history. Probability theory evolved in the seventeenth century based upon mathematical efforts to predict the outcome of a game of chance.
Chance and probability rely on odds and statistics. These are the mainstay of casinos and insurance companies. Imagine a casino not knowing the odds of bets placed on the spin of a roulette wheel, or an insurance company not having the statistics on automobile accidents. Either of these industries would be out of business if they did not have the right information.
Most businesses, however, operate in a world of uncertainty. As an example, while the insurance company has the statistics on automobile accidents, they mean nothing to us. We...