In this video, Alf Esteban talks about one of the questions we get asked the most.
Effective risk management requires governance structures and processes commensurate with the organisation’s context. Regardless of the organisation’s size and complexity, implementation of the three lines of defence should be the first principle of an effective risk management framework.
At each line of defence there needs to be risk governance to support and provide oversight to the risk management framework
In a recent discussion with a colleague on preparing for 'black swan' events, we concluded that regardless of the size, type and structure of an organisation, it was having the right risk culture that was the key success factor in preparing for and surviving an improbable event.
Our view is that getting the right culture to support risk management across the business is the most important ingredient for success. But what actually is this thing called 'risk culture' and where can you get it? We believe that risk culture is the system of values and behaviours that are present in an organisation and guides all the decisions related to risk, made by management and employees.
As one of the leaders of Protecht, I am very fortunate for the opportunity to meet new people all the time. Those friendly conversations that happen at any major event or at any small meeting, are the interactions that shape my role and give me new perspectives on risk and compliance management.
One of those entities that encourage valuable interactions is the Governance Institute of Australia. Twice a year I am invited by the New South Wales Chapter to present their Dux Awards for Risk and Compliance, a recognition that Protecht has been sponsoring for the past 5 years, and has become a tradition for us to support. Coming to this event gives me the opportunity to talk to professionals from a wide number of industries and discuss the present and future of risk, compliance and governance.
The Protecht team is looking forward to this year's conference season. Our focus will be on industry specific conferences where we will showcase how Protecht's full suite of risk management training, advisory and software services map to the needs of each industry sector.
Risk events often have many contributing causes, a common one being ‘human error’. But what is human error can be adequately mitigated? Human error can be defined as being a ‘failure of a planned action to achieve a desired outcome’.
Actions can fail to achieve the desired outcome if the action itself is inadequate for the purpose for which it was designed; or the action can be adequate but the execution of the action can be deficient – either through unintentional or intentional behaviours of people. Related article Expected and Targeted Risks.
There are therefore six possible outcomes in the combination of plan and human action:
Is the case of the Piper Alpha disaster, where personnel who followed the muster procedures found that they could not access the lifeboats from the accommodation block, personnel who survived the disaster were those who (unintentionally or intentionally) chose to violate the muster rule and ‘step off’ the platform into the ocean. Therefore, an inadequate rule (plan) was violated and the ultimate objective (no fatalities) was individually achieved as these people avoided the risk event.
Behind every hard-working professional there is always a personal story to tell and one of the best ways of learning is listening, talking and sharing those stories and those personal points of view. A key philosophy at Protecht is to listen and learn from professionals across all lines of business.
I was recently invited to present the Governance Institute Dux Awards for Risk and Compliance, a recognition that Protecht has been sponsoring for a number of years. The award recipients generally don't have a background in risk and compliance management, with many coming from legal or accounting professions.
Have you ever tried having a conversation with a risk practitioner about risk management concepts without using the word ‘risk’? Similarly, as a risk practitioner, have you had a conversation with a quality management practitioner without them mentioning the word ‘quality’?
One of the biggest issues we face as risk practitioners is having conversations with non-risk practitioners, especially front line people, about what we do and what we need them to do to ensure that risks, (there is that word again), are adequately identified, mitigated and monitored. Wouldn’t it be a more useful conversation to talk in terms that the front line is used to and understands? Read article 'Are you a Risk Manager?'
Front line staff know what they need to do to achieve their objectives – be it sales targets, transaction processing targets, customer satisfaction targets, quality targets, or whatever it is that they do that collectively allows the organisation to achieve its objectives. They understand their business processes and where shortcuts can be taken to ‘get things done’. They know when other staff are not following procedures – with malicious intent or not.
As we approach the end of the calendar year, businesses grapple with the issue of giving and receiving gifts and entertainment to and from suppliers, customers and other stakeholders. This blog looks at the psychology of gift giving, the inherent risks in both giving and receiving gifts, and how the implementation of a ‘Gifts and Entertainment’ register can provide a defensible position if questioned about the probity of giving or receiving gifts.
The giving of gifts is ingrained across all cultures and societies. As an evolutionary trait, the act of giving a gift could be as old as humans. Individuals who generously gave would have more easily attracted a mate, and small gifts of food between members of a troop have been observed in our closest animal relatives, the chimpanzees.
Tough Mudder is an endurance event series in which participants attempt 16–19 km military-style obstacle courses that test mental as well as physical strength. The obstacles often play on common human fears, such as fire, water, electricity and heights.
The main principle of the Tough Mudder revolves around teamwork. The Tough Mudder organisation values camaraderie throughout the course, designing obstacles that encourage group participation. The first event was held in 2010 and to date, more that 2 million people worldwide have participated.