Risk Management Insights

I want to join the BLOG

23/07/2018 / ERM, Risk Manager, KRIs, Press/Media

Importance of 'Challenge' in Risk Management

In my earlier blog “What we can all learn from the APRA prudential inquiry report into the CBA” I noted that one of the strong themes of the report was the importance of “Challenge”. In fact, it is mentioned approximately 75 times including in the following recommendations:

  • Recommendation 7. The CEO ensure that the Executive Committee…. engages in constructive challenge and debate.

  • Recommendation 10. CBA ensure that business unit Chief Risk Officers have the necessary independence to provide effective challenge to the business. 

  • Recommendation 27. Senior leaders reinforce key behaviours of increasing self-reflection, giving and receiving constructive challenge and dealing with conflict effectively.

For those familiar with the three lines of defence model, the second line of defence "Risk Management" has as its key role, “Review and Challenge”. Read the article: Risk Governance and the Three Lines of Defence.

This blog takes a look at:

  • The meaning of challenge.
  • The importance of challenge in supporting strong risk management.
  • The reasons why challenge is so difficult in practice?
  • What a good challenge culture looks like and how can it be practically embedded within an organisation’s culture.

Read More

04/06/2018 / ERM, Risk Manager, KRIs, Press/Media

What we can all learn from the APRA prudential inquiry report into the CBA

Taking Risk Management to the next level 

The APRA report of the prudential inquiry in the Commonwealth Bank of Australia (CBA) was issued on 1 May 2018 https://www.apra.gov.au/media-centre/media-releases/apra-releases-cba-prudential-inquiry-final-report-accepts-eu. On the following day, I was flying from Sydney to Perth and downloaded the report to "skim" read the key points on the flight.

I began reading on take-off and on landing 4 hours later, had completed the full 111 pages. I could not put it down.

Rather than a negative feeling of what we are doing wrong, I saw instead a rich source of information that we can use to take risk management to the next level.

On page 5, the report states:

"The Report that follows may read as a long catalogue of shortcomings. That would be too narrow a read. The Panel acknowledges the undoubted financial strength and acumen of the CBA, its global standing, and the avowed commitment of staff to servicing customers. CBA needs to translate this financial strength and good intent into better meeting the community’s needs and the standards expected of a systemically important bank in Australia. The Report is a roadmap for this journey."

It is also clear that many other financial institutions accept that they could change the name "CBA" on this report to their own and it would be equally as valid. At Protecht, we see this as a must-read for anyone serious about taking their risk management to the next level. It is, as APRA states, "a valuable roadmap".

The following is a summary of the main lessons we can learn from the report, and also the main themes that run through the report. 

Read More

01/06/2018 / Enterprise Risk Management, ERM, Risk in Motion

Enterprise Risk Management - Connecting the Dots

Connecting the dots (in this case, the risks).

This is an updated version of the original article published on 06/12/2016.

It has been a bit of a journey over the last 15 years. At Protecht, we started with the vision of a SaaS enterprise risk management solution that allowed connection of risk to the core components of what was back then, considered an ERM framework. This meant that our central library of risks was not only used in the risk and control assessments but also linked to key risk indicators, attestations and incidents. This enabled our client base to get a more fluid picture of risk and was the genesis of the RiskInMotion™ concept.
 

What was missing back then was the business intelligence engine to bring it all together.

Roll forward to 2018 and there are even more dots to connect. Over the last 5 years we have seen our clients rapidly build and deploy the following additional web-based forms to capture, workflow and report on risk related information pertaining to:

  • Fraud
  • Supplier due diligence
  • Conflicts of interest
  • Internal audit findings
  • Complaints
  • Compliance breaches
  • Business continuity plans and tests
  • Conflicts of interest
  • New products evaluation
  • Ex gratia payments
  • Policy management
Read More

01/06/2018 / ERM, Risk and Reward, KRIs

Balancing the Voices of Reward and Risk

The financial services industry is under the microscope in Australia with the Royal Commission in full swing, and the recent APRA (Australian Prudential Regulatory Authority) report into the CBA (Commonwealth Bank of Australia).

Many sobering findings have been aired, but looking at this positively, the findings provide an excellent blueprint for the development of stronger risk management and business practices going forward. The APRA report is really a roadmap for any organisation wishing to raise its risk management to the next level.

Read More

02/03/2018 / Enterprise Risk Management, Risk Culture, ERM

How to promote Risk Culture in your team

In a recent discussion with a colleague on preparing for 'black swan' events, we concluded that regardless of the size, type and structure of an organisation, it was having the right risk culture that was the key success factor in preparing for and surviving an improbable event.

Our view is that getting the right culture to support risk management across the business is the most important ingredient for success. But what actually is this thing called 'risk culture' and where can you get it? We believe that risk culture is the system of values and behaviours that are present in an organisation and guides all the decisions related to risk, made by management and employees. 

Read More

23/02/2018 / Bow Tie Analysis, Risk Management, ERM, KRIs

Effective Risk Management Tool: Bow Tie Analysis

Protecht loves Bow Ties, both formal and informal!  Bow Tie analysis has been around for longer than you might think. 

While some industries including oil, gas and mining have been using the bow tie consistently for years, at a broader level it appears that other industries, such as financial services, are also now realising the value of this simple yet effective risk management technique.

What does the bow tie do? 

Bow tie analysis provides a tool to identify and map out the different components of risk including root cause, risk events, risk impacts and controls. 

Read More

12/09/2017 / Compliance Management, Risk Culture, ERM

Reputation Damage - Risk Event or Risk Impact?

Looking back over the last 12 months, corporate scandals continue with the finance industry seemingly always managing to make the headlines. Wells Fargo fake accounts in the US, CBA anti money laundering issues in Australia are two examples. The flow on effects from these scandals are often similar:

  1. Executives and CEO's involved are ushered out the door - key person risks arise.
  2. Fines were or will be imposed by regulatory agencies, which seem larger and more punitive in recent years.
  3. Class action lawsuits are attempted on behalf of disgruntled shareholders resulting in additional legal fees and potential settlement costs.
  4. Strategic growth objectives are derailed, as the companies involved need to batten down the hatches to recover from the scandal.
Read More

06/01/2017 / Enterprise Risk Management, Risk Culture, ERM, Operational Risk, Risk Manager

Changing the Risk Conversation

Three Key Questions

Have you ever tried having a conversation with a risk practitioner about risk management concepts without using the word ‘risk’? Similarly, as a risk practitioner, have you had a conversation with a quality management practitioner without them mentioning the word ‘quality’?

One of the biggest issues we face as risk practitioners is having conversations with non-risk practitioners, especially front line people, about what we do and what we need them to do to ensure that risks, (there is that word again), are adequately identified, mitigated and monitored. Wouldn’t it be a more useful conversation to talk in terms that the front line is used to and understands? Read article 'Are you a Risk Manager?'

Front line staff know what they need to do to achieve their objectives – be it sales targets, transaction processing targets, customer satisfaction targets, quality targets, or whatever it is that they do that collectively allows the organisation to achieve its objectives. They understand their business processes and where shortcuts can be taken to ‘get things done’. They know when other staff are not following procedures – with malicious intent or not.

Read More

31/10/2016 / Risk Culture, Risk Audit, ERM

The Risk of Gifts and Entertainment

As we approach the end of the calendar year, businesses grapple with the issue of giving and receiving gifts and entertainment to and from suppliers, customers and other stakeholders. This blog looks at the psychology of gift giving, the inherent risks in both giving and receiving gifts, and how the implementation of a ‘Gifts and Entertainment’ register can provide a defensible position if questioned about the probity of giving or receiving gifts.

The giving of gifts is ingrained across all cultures and societies. As an evolutionary trait, the act of giving a gift could be as old as humans. Individuals who generously gave would have more easily attracted a mate, and small gifts of food between members of a troop have been observed in our closest animal relatives, the chimpanzees.

Read More

09/06/2016 / Enterprise Risk Management, Risk Audit, ERM, Risk Maturity

ATO implements Protecht's Enterprise Risk Management System

NOT SUCH A TAXING TIME

Some months ago Protecht was delighted that Protecht.ERM was selected by the ATO as the ATO’s corporate-wide risk and governance system. After just a short time, under the guidance of Jodie Thomas, Executive Director, ATO Corporate and the ATO project implementation team, the ATO is already recognising some of the immense benefits that Protecht.ERM is capable of delivering.

Read More