Risk Management Insights

I want to join the BLOG

Compliance Management, Risk Culture, ERM

Reputation Damage - Risk Event or Risk Impact?

Looking back over the last 12 months, corporate scandals continue with the finance industry seemingly always managing to make the headlines. Wells Fargo fake accounts in the US, CBA anti money laundering issues in Australia are two examples. The flow on effects from these scandals are often similar:

  1. Executives and CEO's involved are ushered out the door - key person risks arise.
  2. Fines were or will be imposed by regulatory agencies, which seem larger and more punitive in recent years.
  3. Class action lawsuits are attempted on behalf of disgruntled shareholders resulting in additional legal fees and potential settlement costs.
  4. Strategic growth objectives are derailed, as the companies involved need to batten down the hatches to recover from the scandal.
Read More

Enterprise Risk Management, Risk Culture, Risk Management, Risk Controls

Prevention is better than cure - and other risk management cliches

There are many well used, almost clichéd phrases in the English language that contain powerful messages for the risk manager. Some that come to mind include:

Every cloud has a silver lining:  If we suffer a risk incident, we can usually find value, especially if we manage the incident really well and learn from our past mistakes.

What doesn’t kill you makes you stronger: Failure is good, as long as we fail within our risk appetite, fail fast, fail with minimal damage and most importantly, learn from our failures. This will only make us stronger in the long term.

And my favourite…

Prevention is better than cure: It is better to practice proactive, preventive risk management rather than reactive firefighting risk management. 

Read More

Enterprise Risk Management, Risk Culture, Operational Risk, Risk Controls

How to Reduce Risks Caused By Human Error

What is Human Error?

Risk events often have many contributing causes, a common one being ‘human error’. But what is human error can be adequately mitigated? Human error can be defined as being a ‘failure of a planned action to achieve a desired outcome’.

Actions can fail to achieve the desired outcome if the action itself is inadequate for the purpose for which it was designed; or the action can be adequate but the execution of the action can be deficient – either through unintentional or intentional behaviours of people. Related article Expected and Targeted Risks.

Outcomes? 
There are therefore six possible outcomes in the combination of plan and human action:

  1. An adequate plan that is intentionally followed will likely result in the avoidance of the risk event
  2. An adequate plan that is unintentionally not followed will likely result in failure – a risk event caused by human error
  3. An adequate plan that is intentionally not followed will likely result in failure – a risk event caused by malice
  4. An inadequate plan that is intentionally followed will likely result in failure – a risk event caused by poor planning
  5. & 6. An inadequate plan that is unintentionally or intentionally not followed has a higher likelihood of failure or success of meeting the ultimate objective.

An example…
Is the case of the Piper Alpha disaster, where personnel who followed the muster procedures found that they could not access the lifeboats from the accommodation block, personnel who survived the disaster were those who (unintentionally or intentionally) chose to violate the muster rule and ‘step off’ the platform into the ocean. Therefore, an inadequate rule (plan) was violated and the ultimate objective (no fatalities) was individually achieved as these people avoided the risk event.

Read More

Protecht News & Events, Risk Culture, Risk Management, Risk Management Training

Risk and Compliance Management Journey

A personal story

Behind every hard-working professional there is always a personal story to tell and one of the best ways of learning is listening, talking and sharing those stories and those personal points of view. A key philosophy at Protecht is to listen and learn from professionals across all lines of business.

I was recently invited to present the Governance Institute Dux Awards for Risk and Compliance, a recognition that Protecht has been sponsoring for a number of years. The award recipients generally don't have a background in risk and compliance management, with many coming from legal or accounting professions.

Read More

Enterprise Risk Management, Risk Culture, Risk Management

How to Achieve your Risk Management Goals

10 KEYS to Risk Management Success 

Having worked with many clients over the years in implementing, maintaining and developing their risk management systems you learn what works and, on the other hand, what does not.

The following are my top 10 KEYS to success – get these right and you will have a risk management function that is seen as critical as any other management function in the value it adds.

1. Keep it Simple

With any developing discipline, there is a tendency to invent new words and use big words that sound smart but no one understands. Risk management is no exception with a myriad of fancy words and acronyms. 

Read More

Enterprise Risk Management, Risk Culture, Risk Manager

Our Top 5 Risk Management blogs in 2016

It is already February 2017. The year certainly feels like it is flying by. We are glad to see that our Risk Management Insights Blog continues to be read by thousands of professionals such as you, from all around the world. We all seem to receive a lot of information every day from many different sources. So to ensure that you didn't missed out on some of the articles that we have shared, we thought we would recap on some of our articles from 2016.

So we have made a selection of the '2016 Top five most read blogs'. We hope you enjoy the content and if you have not subscribed yet, just click here to receive the next articles directly in your Inbox. Enjoy.

1. What does it take to be a Risk Manager?

What are the key skills and characteristics needed to be successful in this role? Here is my list:

  • Risk management is to a large degree an art form. This requires a strong right hand (artistic) brain, able to cope with qualitative and inexact concepts and able to “see” into the future.
  • At the same time, the risk manager needs to be logical, analytical, problem-solving and exhibit a high degree of common sense.
  • The risk manager must be commercially astute and demonstrate a high degree of business acumen. Read more.

Operational Risk Management and the wider defined Enterprise Risk Management are often touted as a new concept. While the methodologies and processes employed may have been enhanced in the recent past, risk management is hardly new. Humans, arising from the instinct for survival, have been using and developing risk management techniques from the beginning of time. Continue reading here.

Read More

Risk Culture

The 6 key elements to creating and maintaining a good risk culture

You can take a horse to water but you cannot make it drink. You can take risk management to your business but you cannot make them do it. People, to be successful in anything they do, must have a desire to do it. This breeds passion which drives people to excel.

Getting the right culture to support risk management across your business is the most important ingredient for success. 

So what does the right “risk culture” mean and how do we create and maintain it? Culture is embedded within people’s thoughts which then influence their behaviours and actions. Risk culture, is their thinking, behaviours and actions around risk and risk management.

Read More

Enterprise Risk Management, Risk Culture, ERM, Operational Risk, Risk Manager

Changing the Risk Conversation

Three Key Questions

Have you ever tried having a conversation with a risk practitioner about risk management concepts without using the word ‘risk’? Similarly, as a risk practitioner, have you had a conversation with a quality management practitioner without them mentioning the word ‘quality’?

One of the biggest issues we face as risk practitioners is having conversations with non-risk practitioners, especially front line people, about what we do and what we need them to do to ensure that risks, (there is that word again), are adequately identified, mitigated and monitored. Wouldn’t it be a more useful conversation to talk in terms that the front line is used to and understands? Read article 'Are you a Risk Manager?'

Front line staff know what they need to do to achieve their objectives – be it sales targets, transaction processing targets, customer satisfaction targets, quality targets, or whatever it is that they do that collectively allows the organisation to achieve its objectives. They understand their business processes and where shortcuts can be taken to ‘get things done’. They know when other staff are not following procedures – with malicious intent or not.

Read More

Protecht News & Events, Risk Culture, Risk Management

2016 - The Year That Was

2016 Done and Dusted

Over the last three weeks we have had Christmas parties in Melbourne and Sydney for our clients, as well as our staff Christmas event. (Check out more photos at the end of the post.) Needless to say, we are all looking forward to some downtime leading into the New Year.

Read More

Protecht News & Events, Risk Culture

COBA 2016 – Lead. Change. Grow. How does this theme apply to Protecht?


Protecht was proud to provide its continuing support for the COBA conference. This year’s event was held in a somewhat wet and windy Adelaide – more about that in another article where I talk about real-life Business Continuity Planning (BCP) - but we didn’t let the weather dampen our enthusiasm. As usual, the conference provided a great environment for attendees to learn about a wide range of topics applicable to them.

Myself, Selina and Rajes met with numerous people enjoying a chat and letting them know what Protecht has been up to over the last 12 months and what the next year has in store for us… The theme of the conference “Lead. Change. Grow.” was particularly apt for us this year:

Lead: Protecht continues to be a leader in the provision of risk management services and was proud to be able to show attendees its new Bow Tie app for the iPad which is free to download and try. The app allows you to complete a Bow Tie risk analysis on your iPad or iPhone instead of a whiteboard. The Bow Tie can then be shared amongst other app users for easy editing and updating. If you didn’t get the opportunity to download the app then go to the Apple app store, search for Protecht and get started today.

Read More