Updated: Enterprise Risk Management & Complexity analysis

Surely it makes sense to any “tuned in” business leader to embrace ERM!? I think this graphic (from RIMS) beautifully illustrates the various, generic, component parts. So, why then, have so many been so slow to adopt this approach?

Risk and Insurance Society Risk Maturity Model©, 2006, www.RIMS.org

imageIn truth I don’t know but this is my blog so I am entitled to take a crack at providing my take on the answer.


How much time will this take?

What amount of resource will I need to commit?

How much will it cost…can WE afford it?

How can I quantify the benefit to the business?

Where the hell do we start?

All pretty reasonable questions especially when you consider that most responsible business leaders will already be complying with the terms from their insurers and the minimum legal requirements to enable them to trade.

Management time is already at a premium…isn’t that part of the problem(?)..this hardly looks like a solution. Most senior managers would be entitled to visualise working by candlelight, lost weekends, absentee father status and more issues surrounding “work/life balance”. Oh oh!!!

Where is the incentive for risk and business managers to “step up to the plate” and become RISK LEADERS? After all, the prevailing business culture is dedicated to rewarding those who satisfy the lust for a quick return…and that is very rarely the case with a well constructed strategy aimed at mitigating risk.

It looks all-encompassing and very impressive but it does beg the further question

“do I fit the model to the business or the business to the model?”

The REAL PROBLEM is that we live in difficult and uncertain times. So there is no doubt that the need exists…anyone who would chose to argue that point probably dismisses environmentalists as cranks! But “in difficult times” lack of a clear ROI, time and cost are precious commodities. In some businesses, stepping up to the ERM plate, may necessitate sacrifices in other areas of the business. That normally means “human [resource] sacrifice”: BIG ASK for the kind of organisations who want to BE BETTER.

SO, here’s a thought…

Instead of starting with a generic template that, by it’s very nature, requires a time-consuming and therefore costly “top down” analysis to learn about the operation you have the ability to commence by gaining an understanding the operation from the inside out!

Certainly a better starting point but I can understand that there will be “seasoned pros” who will insist that this is what they already do…WRONG. Qualitative feedback or benchmarking against “similar” operations, without quantitative detail on the organisation and unable to fully assess external exposures, for example, arising from supply chain. Read on.

Unless you already have an analysis tool that facilitates a rapid and detailed [silo free] assessment of the organisation utilising existing financial data? If you have I – and, I suspect, the rest of the “world of risk” – would love to hear about it.

There now exists the means to conduct a, model-free, quantitative, analysis of the operational structure and interdependencies, that identifies and rates the hidden structure and entropy that exist within the business. The same analysis can be applied to the company’s, IT & communications infrastructure, supply chain, potential M&A’s, sector, marketplace, region, etc.

If you commence the ERM process by identifying the current strengths and vulnerabilities within [or directly related to] an operation, the timeframe for the initial phase reduces (as do related costs). The potential to determine the most appropriate starting point according to company’s own needs, whether that be: minimising risk; reducing costs; increasing effectiveness; improving processes, etc. is made apparent. Benefits:

  • Map and measure the effectiveness of “causal relationships” 
  • Assess and manage the structural robustness: RESILIENCE
  • Managing risk management costs
  • Extending the “risk horizon”
  • Saving management time
  • Accelerating assessment and application
  • Aiding ROI
  • Inviting employee engagement [buy-in]
  • Business Process Improvement (BPI) –
  • Ongoing means of measuring fundamental business change from the “inside out” [i2o]
  • Learning about the current and “critical complexity” levels within the business – and acting accordingly

The ultimate aim, whatever the process, is to ensure that the organisation is resilient and able to survive [if not thrive] in a climate of financial uncertainty and economic turbulence!?

Related articles

Complexity lessons

Peter L. Bernstein on risk

Socio-economic lessons from nature: Interdependence NOT overdependence

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s