Risk Management Insights

I want to join the BLOG

23/07/2018 / ERM, KRIs, Press/Media, Risk Manager

Importance of 'Challenge' in Risk Management

In my earlier blog “What we can all learn from the APRA prudential inquiry report into the CBA” I noted that one of the strong themes of the report was the importance of “Challenge”. In fact, it is mentioned approximately 75 times including in the following recommendations:

  • Recommendation 7. The CEO ensure that the Executive Committee…. engages in constructive challenge and debate.

  • Recommendation 10. CBA ensure that business unit Chief Risk Officers have the necessary independence to provide effective challenge to the business. 

  • Recommendation 27. Senior leaders reinforce key behaviours of increasing self-reflection, giving and receiving constructive challenge and dealing with conflict effectively.

For those familiar with the three lines of defence model, the second line of defence "Risk Management" has as its key role, “Review and Challenge”. Read the article: Risk Governance and the Three Lines of Defence.

This blog takes a look at:

  • The meaning of challenge.
  • The importance of challenge in supporting strong risk management.
  • The reasons why challenge is so difficult in practice?
  • What a good challenge culture looks like and how can it be practically embedded within an organisation’s culture.

Read More

04/06/2018 / ERM, KRIs, Press/Media, Risk Manager

What we can all learn from the APRA prudential inquiry report into the CBA

Taking Risk Management to the next level 

The APRA report of the prudential inquiry in the Commonwealth Bank of Australia (CBA) was issued on 1 May 2018 https://www.apra.gov.au/media-centre/media-releases/apra-releases-cba-prudential-inquiry-final-report-accepts-eu. On the following day, I was flying from Sydney to Perth and downloaded the report to "skim" read the key points on the flight.

I began reading on take-off and on landing 4 hours later, had completed the full 111 pages. I could not put it down.

Rather than a negative feeling of what we are doing wrong, I saw instead a rich source of information that we can use to take risk management to the next level.

On page 5, the report states:

"The Report that follows may read as a long catalogue of shortcomings. That would be too narrow a read. The Panel acknowledges the undoubted financial strength and acumen of the CBA, its global standing, and the avowed commitment of staff to servicing customers. CBA needs to translate this financial strength and good intent into better meeting the community’s needs and the standards expected of a systemically important bank in Australia. The Report is a roadmap for this journey."

It is also clear that many other financial institutions accept that they could change the name "CBA" on this report to their own and it would be equally as valid. At Protecht, we see this as a must-read for anyone serious about taking their risk management to the next level. It is, as APRA states, "a valuable roadmap".

The following is a summary of the main lessons we can learn from the report, and also the main themes that run through the report. 

Read More

01/06/2018 / Risk and Reward, ERM, KRIs

Balancing the Voices of Reward and Risk

The financial services industry is under the microscope in Australia with the Royal Commission in full swing, and the recent APRA (Australian Prudential Regulatory Authority) report into the CBA (Commonwealth Bank of Australia).

Many sobering findings have been aired, but looking at this positively, the findings provide an excellent blueprint for the development of stronger risk management and business practices going forward. The APRA report is really a roadmap for any organisation wishing to raise its risk management to the next level.

Read More

23/02/2018 / Risk Management, Bow Tie Analysis, ERM, KRIs

Effective Risk Management Tool: Bow Tie Analysis

Protecht loves Bow Ties, both formal and informal!  Bow Tie analysis has been around for longer than you might think. 

While some industries including oil, gas and mining have been using the bow tie consistently for years, at a broader level it appears that other industries, such as financial services, are also now realising the value of this simple yet effective risk management technique.

What does the bow tie do? 

Bow tie analysis provides a tool to identify and map out the different components of risk including root cause, risk events, risk impacts and controls. 

Read More

08/12/2017 / Operational Risk, Key Risk Indicators, Risk Manager, KRIs

How do Key Risk Indicators work?


In February this year, I ran a blog highlighting the power of the human brain and its senses in acting as a personal key risk indicator (KRI) system for personal early warning risk awareness as we journey through this inherently risky world. Read article: Operational Risk Management - Learning from yourself as an expert already.

This blog looks at the potentially awesome power that a well-designed and well applied
KRI system can have in the business world.

KRIs have multiple purposes. The main one is to act as an early warning system to prompt initial investigation and response so as to deal with a risk early in its life. It helps a firefighting risk manager to become a proactive risk preventer. At a wider level, KRIs allow us to “measure” risk and incorporate risk into risk-based performance measurement, risk-based decision making and risk-based incentive schemes.

So how do KRIs work?

KRIs operate on the fact that as risk develops through its life, from root cause(s), through event(s) to final impact(s), red flags, symptoms and other evidence may be given off.  KRIs tap into this information and turn it into intelligence to then be investigated and acted upon to deal with the risk most appropriately.

Read More