Risk Management Insights

I want to join the BLOG

10/08/2016 / Risk Management Training, Risk Controls

Risk Controls! Going through the motions or providing real value?


Controls to assist us managing risk have been around for thousands of years. Why – because risk has been around since the beginning of time. Our human instinct for survival has by necessity meant that we have had to try and control our environment and the risk contained therein.

Then the industrial revolution took the need for control to a new level as we placed large groups of workers together and added in a good dose of dangerous machinery and processes. As a result, we have grown to accept controls as an everyday part of our business lives. See an example of controls being implemented in our article Risk Management Controls in Tough Mudder.

Read More

15/07/2016 / Compliance Management

What is the definition of Compliance?

Key Components of a Compliance Framework – The Obligations Register

Compliance is an outcome of conforming to a rule. That rule may arise from an external source such as a law or regulation, or an internal source such as a policy, code or control. Compliance with these two main sources gives rise to external and internal compliance.

The issue for an organisation is how to conform to these rules? This is the key objective of a compliance function. This blog provides an overview of one of the elements that need to be considered when building an optimal compliance function.

Understanding what the relevant rules are – plain English Obligation Registers

Before we can consider conforming to a rule, we need to comprehend what the rules are and what they mean. For external compliance, this necessitates having an understanding of relevant laws and regulations and how they apply to our organisation. This is typically achieved through an Obligations Register that contains information such as:

  • Act or regulation
  • Sections of relevant legislation
  • Penalties for non-compliance
  • Frequency that obligation occurs
  • Obligation owners and interested parties
  • Risk rating
  • Compliance status
Read More

24/06/2016 / Risk Management Training

Why is Risk Training important?



Their perception, attitude, risk culture, engagement, behaviour and actions, with respect to risk management, will make or break the success of your risk management framework. It is the number one ingredient for success.

Developing and maintaining the right culture requires knowledge, understanding and skills. This can be acquired in a number of ways including: life experience; work experience; informal learning and structured training. Given the maturity of risk management in most organisations is at the early stages, structured risk training is the most critical. 

Getting a consistent view through specific risk management training gets everyone on the same page.

Read More

03/06/2016 / Operational Risk, Key Risk Indicators, Risk Manager, KRIs

How do Key Risk Indicators work?


In February this year, I ran a blog highlighting the power of the human brain and its senses in acting as a personal key risk indicator (KRI) system for personal early warning risk awareness as we journey through this inherently risky world.

This blog looks at the potentially awesome power that a well-designed and well applied
KRI system can have in the business world.

KRIs have multiple purposes. The main one is to act as an early warning system to prompt initial investigation and response so as to deal with a risk early in its life. It helps a firefighting risk manager to become a proactive risk preventer. At a wider level, KRIs allow us to “measure” risk and incorporate risk into risk-based performance measurement, risk-based decision making and risk-based incentive schemes.

So how do KRIs work?

KRIs operate on the fact that as risk develops through its life, from root cause(s), through event(s) to final impact(s), red flags, symptoms and other evidence may be given off.  KRIs tap into this information and turn it into intelligence to then be investigated and acted upon to deal with the risk most appropriately.

Read More

20/05/2016 / Enterprise Risk Management, Risk Management, Risk Appetite

When to Invite 'Good' Risk

 BLOG_Interview_pic_NBC_2-534307-edited.jpg

During this month we have been talking about Risk Management and Risk Appetite. NSW Business Chamber also interviewed Our CEO Alf Esteban on the value of risk management to organisations - regardless of size. We wanted to share this article with you; we hope you find it useful:

Don't just tick the box of risk management - think outside it.
It's where real value lies.

As kids we’re taught to avoid risk but embracing it may be the best thing you can do for your business.

Risk management is a day-to-day part of running a business, but many organisations are failing to manage their risk effectively, resulting in reduced productivity and even profitability. 

Look through negative perceptions

“There is a perception that all risk is bad in business and that ‘managing’ it is just about compliance,” says Alf Esteban, Chief Executive Officer of risk management company Protecht. “Consequently many businesses look at it as something they have to do, a box they have to tick, without seeing the value of it.”

In fact, placing a higher value on risk management is one of the best things you can do to ensure your business flourishes. 
Read More

06/05/2016 / Risk Management Training, Risk Appetite

Risk Appetite – The starting point of great risk management

Risk_Appetite_Blog_Banner-1.jpg

The concept of risk appetite has been around for a number of years now and many organisations have developed a form of risk appetite as part of their overall risk management framework.

The process is not easy, from deciding on how the appetite should be articulated and the exact content of the statement to how the risk appetite can be cascaded through the organization to be practically used in decision making and risk evaluation. These are all difficult challenges.

Read More

Bow Tie Analysis

Bow_Tie_Analysis_Banner.jpg

Bow Ties usually conjure up a vision of a formal event, to be used infrequently for special occasions.  For risk bow ties, nothing could be further from the truth.  Risk bow ties are ideally used by the business as everyday wear. So what are risk bow ties and what is the value of making them part of your everyday?

The Bow Tie principal to analyse and document risk has been attributed back to Royal Dutch Shell in the 70’s / 80’s.  Since then, oil and gas, mining and pharmaceutical companies amongst others have used the Bow Tie principle to explore and communicate risk. More recently, financial institutions have warmed to the idea, seeing the benefit of this simple, yet comprehensive method to understand and communicate risk.

The Bow Tie technique is a logical way to explore and communicate risk.  Its principles are simple, but the execution and presentation need care.

Read More

14/04/2016 / Bow Tie Analysis, Risk Culture, Risk Appetite, Risk Manager

Are you a risk manager?

risk.png

I am often asked “what are the key requirements that make a good risk manager?”  My first response is “to be able to walk on water”. Such is the required varied skill set of a good risk manager.

The roles and responsibilities of the risk manager are many and varied depending on the organization they belong to. I will use the example of an organization that has an independent risk management function where risk, and the day to day management thereof, is owned by the business. Let’s look at the key characteristics of the CRO and the staff of the independent function.

The main function of the independent risk manager is to review and challenge what the front line business is doing to manage risk. In addition, they should be seen as subject matter experts and assisters in developing and maintaining the risk management frameworks. They should be seen as value-adding and adopted by, and engaged with, front line staff.

What are the key skills and characteristics needed to be a success in this role? Here is my list:

  1. Risk management is to a large degree an art form. This requires a strong right hand (artistic) brain, able to cope with qualitative and inexact concepts and able to “see” into the future.

Read More

01/04/2016 / Commercial Credit Risk Management

Useful Tips to Improve Commercial Credit Risk Management

Operational_Risk_Management_4.jpgMaintenance and improvement of credit risk management practices by banks and lenders have become a top priority. Let us share with you some tips to improve lender's insights into credit risk and take appropriate measures to maximise the risk/return profile.

How efficient is your collection and monitoring of covenants?

1. Review and monitor covenants

Covenants are conditions agreed to by the borrower as part of a loan term in commercial loans.  If they are effectively monitored, it can provide lenders with an early warning of loan deterioration. 

Read More

23/03/2016 / Compliance Management, Risk and Control Self Assessment, Operational Risk

Operational Risk Management 4 –Compliance Management and Compliance Risk Management

Operational_Risk_Management_4.jpg

This is the fourth article in the series of “Learning from yourself as an expert already”. The first blog addressed Key Risk Indicators (KRI) and the second two addressed the Risk and Control Self Assessment (RCSA) process. This blog addresses Compliance Management and Compliance Risk Management.

The extent of personal compliance management depends heavily on the country in which you reside.  Some countries have few rules and nature seems to take care of itself. Other countries have many laws and regulations over personal behavior from strictly enforced speed limits to drinking laws. As an Australian, I am more used to the latter, Australia, and New South Wales in particular, is often now referred to as the “Nanny State”!  Regulatory compliance requirements are everywhere!

The starting point for compliance in your personal life is, therefore, to understand the laws and regulations that are applicable to you. These are often written in a way that is not easily understood and we have to interpret into plain English as to what it really means to us. Ignorance of the law, as we know, is no defence.

Read More