Tag Archives: risk assessment

2013-06-12 by: James Bone Categories: Risk Management Decision Risk

stock-photo-11012758-computer-network“Some changes are foreseen and some are not, the laws of some are tolerably accurately known, of others hardly at all; and the variation in foreknowledge makes it clearly indispensable to separate its effects from those of change as such if any real understanding of the elements of the situation is to be attained.”

Quote from, Professor J.B. Clark’s Dynamic Theory of distribution by Frank H. Knight,” Risk, Uncertainty, and Profit”

Human activity whether in business or life involves decision making in order to accomplish the personal or business outcomes we seek.  However, we may underestimate the process of decision making in how we think about risk management. 

Recently McKinsey & Co. published an article on Human Risk based on research they conducted by partners, Alexis Krivkovich and Cindy Levy.  The McKinsey study looked at how companies have responded to the financial crisis and the changes made to strengthen corporate culture.   The McKinsey data identified characteristics of a strong risk culture.

Key characteristics for a strong risk culture:

  • Responsive and pro-active risk management function
  • Acknowledge risk and plan accordingly
  • Encourage transparent communications about risk
  • Encourage a healthy respect for risk and internal controls
  • Be patient as the culture changes
  • Build consensus on culture
  • Create a sustainable process

It would be hard to argue with any of these findings and most would argue that the characteristics are self-evident by risk professionals.   The study while instructive leaves several questions unanswered.  What does this have to do with Human Risk?  How does the firm begin to make the desired change to adopt these characteristics?  The study also doesn’t tell us if the firms with these characteristics are the exception or what percentage of adoption each of the firms made in implementing each characteristic successfully? 

In the 19th century, when the early thinking of risk and uncertainty was being formalized risk-taking was separated from entrepreneurial endeavors.  Only capitalist were considered to take risks while business owners made profits.  Today’s definition of risk is broader and in many respects more complex and confused.  It is the nature of risk taking or how we become risk takers or risk averse that allows us to deal with Human Risk.  

Modern business leaders must make a variety of trade-offs regarding the risks they will assume or tolerate in achieving today’s fast paced and conflicting goals.  In today’s economic environment where resources are limited and failure is not tolerated human risk becomes very personal. 

As a result of ground breaking work done by behavioral psychologists and economists we understand that how we choose between risky ventures is a result of professional expertise as well as biases and heuristics that can lead us astray.  Decision making under uncertain conditions is the key human risk that must be better understood and incorporated into risk practice. 

New technology has begun to address the issue of uncertainty using data analytics the harder challenge for risk professionals is to consider how to include decision risk into their practice. 

As Professor Clark predicted at the turn of the 20th century, “Some changes are foreseen and some are not, the laws of some are tolerably accurately known, of others hardly at all; and the variation in foreknowledge makes it clearly indispensable to separate its effects from those of change as such if any real understanding of the elements of the situation is to be attained.”

TheGRCBlueBook mission is to become a global risk and compliance community site and resource portal for sharing best practice across all highly regulated industries.  A one stop source for all things risk and compliance related.

2013-04-15 by: James Bone Categories: Risk Management OCEG’s 2012 GRC Maturity Survey

free_252493OCEG is a nonprofit think tank dedicated to helping organizations reliably achieve their objectives, while uncertainty and acting with integrity. This is what OCEG calls Principled Performance, and it is a goal that every organization can achieve by integrating and aligning their approaches to the governance, assurance and management of performance, risk and compliance.

The survey was sponsored by SAP and sent to OCEG’s 38,000+ membership.  Approximately 500 respondents participated in the survey results.  At the start of this survey, GRC was described for participants as follows:

• GRC is an acronym describing an integrated approach to the governance, assurance and management of performance, risk and compliance.

• GRC enables an organization to achieve principled performance, which OCEG defines as the reliable achievement of objectives while addressing uncertainty and acting with integrity.

• In each of the questions that follow, we use the term “integration” to mean using the same or similar approaches across silos of interest, in a way that allows for a unified view of the information.

• Some people refer to this as a “harmonized” or “consistent” approach. Integrated does not necessarily mean managed under one director or by one unified team.

This description is applied in all questions using the term GRC.

Highlights from the survey:

  •  Respondents were fairly balanced across oversight functional responsibility: Risk, Audit, Compliance, Governance (fairly new role designation), Ethics, & all others 51.6%
  •  72% of responses stated some integration: [Are performance management activities in your organization integrated to provide a clear view of enterprise-wide performance?]
  • 73.1% reported integrated compliance: [Are compliance activities in your organization integrated to provide a consistent approach and clear view of compliance effectiveness and performance?]
  • 87.7% of responses reported integrated GRC: [What best describes the current level of integration between your processes for governing, assuring and managing performance, risk and compliance (commonly called GRC)?]
  • 78.3% of responses reported improved GRC in last 3 years: [Is there greater GRC integration in your organization today than there was three years ago?]
  • 85.6% of respondents see value in integrating GRC using technology: [Would your organization benefit from integrating and streamlining use of technology for GRC activities enterprise-wide?]
  • 70.8% of respondents have considered GRC tools for future use: [Does your organization have plans to better integrate existing technologies used to support GRC processes or acquire new technologies?]

The results of the survey imply that progress for integration have been achieved without a robust technology solution with respondents suggesting that additional benefit might occur with an integrated platform. 

2013-04-02 by: James Bone Categories: Risk Management Interview with Vilen Abramov, Vice President, Model Risk Control at KeyBank

You must be logged in to view this document. Click here to login

Vilen Abramov

2013-03-24 by: James Bone Categories: Risk Management Data Gravity – Changing the game in Big Data

free_221459  abstract pictureYou must be logged in to view this document. Click here to login

2013-03-21 by: James Bone Categories: Risk Practices Avoiding Integrity Land Mines by Ben W. Heineman, Jr.

You must be logged in to view this document. Click here to login

As the chief legal officer at GE for nearly 20 years, I was part of the senior management group that sought to fuse high performance with high integrity. No one was more demanding about hitting financial targets than Jack Welch or his successor, Jeff Immelt. But both knew that employees up and down the ranks face the temptation to make the numbers by fudging the accounts, cutting corners, or worse. Unconstrained, these internal pressures—made more intense by corruption in emerging markets, demanding customers, and unscrupulous competitors—can lead to corrupt capitalism.

The changes in laws, regulations, stakeholder expectations, and media scrutiny that have taken place over the past decade can now make a major lapse in integrity catastrophic. Fines, penalties, and settlements are counted in the hundreds of millions (or billions) of dollars, not the millions or tens of millions of a decade ago. And worse, in some cases (as Enron and Arthur Andersen demonstrated)—a company can actually implode.

 

2013-03-16 by: James Bone Categories: Risk Management Risk Managers or Scapegoats?

free_217194  blue ceiling lightsYou must be logged in to view this document. Click here to login

 

2013-03-07 by: James Bone Categories: Risk Management A new renaissance in risk management

You must be logged in to view this document. Click here to login

free_8085  Martian landscape

2013-03-02 by: James Bone Categories: Risk Management Navigating the GRC BlueBook Tools and Reviews

You must be logged in to view this document. Click here to login

James Bone head shot

2013-01-28 by: James Bone Categories: Risk Practices Advances in Terrorism Analysis by Michael R Greenberg & L Anthony Cox Jr.

You must be logged in to view this document. Click here to login

Defending a country against terrorist threats raises new challenges and opportunities for
risk analysis, different from those that are familiar from risk analysis of natural disasters
and complex technological systems. Terrorists can be informed, deceived, deterred, or
distracted – options that are not available for managing the risks from hurricanes or
unreliable systems and workers.

This special issue of Risk Analysis: An International Journal examines recent progress in understanding, modeling, and managing the threats from terrorism, emphasizing some of the most useful and important papers on this subject published in the journal over the past five years. We hope to prepare similar special issues on other timely and important subjects, so please tell us of your ideas about how to use this special “virtual” issue format to maximize reader benefits.

2013-01-12 by: James Bone Categories: Risk Management Auditing A Profession Ripe for Disruption

AUDITING A PROFESSION RIPE FOR DISRUPTION-2

 

 

 

You must be logged in to view this document. Click here to login